Gibson Dunn

The European Parliament and the Council of the EU have reached a provisional agreement on December 10, 2025, which will significantly narrow EU sustainability obligations for companies with respect to both the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD). Here is what you need to know.

On December 10, 2025, the Council of the EU and the European Parliament reached a provisional political agreement regarding the EU Omnibus Simplification Package. It contains expected extensive amendments to both the CSRD and the CSDDD. The Council has already confirmed the compromise, noting that the agreement is still subject to approval by the European Parliament, expected on December 16, 2025, and subsequent adoption.

The key changes include the following:

I. Key Amendments for CSRD

Scope: Reporting will apply only to EU companies with more than 1,000 employees and more than EUR 450 million in net annual turnover.
Holding companies: Ultimate parent companies whose main activity is the holding of shares in operational subsidiaries and who do not engage in taking substantial management decisions may be exempted from carrying out reporting obligations. The exemption applies only if the ultimate parent company designates one of its EU-established subsidiaries to carry out the reporting obligations on its behalf, including those obligations relating to the activities of the parent’s other subsidiaries.
Wave 1 companies: Companies that are already required to report under the CSRD for financial years starting in 2024 (“wave 1” companies) but no longer meet the revised thresholds shall be out of scope for financial years 2025 and 2026, subject to national transposition.
Reporting on the value chain: The agreement introduced a limitation that prevents reporting companies from demanding excessive information from small or mid-sized business partners. Companies within the value chain that employ fewer than 1,000 people will be considered “protected undertakings” and will have a statutory right to decline information requests beyond the voluntary SME standard.
Protecting commercial, secret and classified information: Companies may withhold information where disclosure would seriously prejudice their commercial interests, reveal trade secrets (as defined in Directive (EU) 2016/943), involve classified information or compromise privacy or security, provided certain procedural safeguards are met.

II. Key Amendments for CSDDD

Scope: Due diligence requirements will only apply to very large companies with more than 5,000 employees and a net annual turnover above EUR 1.5 billion, including non-EU companies operating in the EU meeting this threshold for EU generated turnover.
Climate Transition Plans: All obligations are removed.
Enforcement: The CSDDD’s enforcement regime will be defined at national rather than on a harmonized EU level. Member States will be required to limit the maximum fine to 3 % of a company’s global turnover, replacing the previously more open-ended approach.
Transposition: The deadline for Member States is postponed by another year to July 2028, with compliance required for companies by July 2029.

This agreement is a long-awaited political compromise which paves the way for the announced simplifications. It finally provides companies with the clarity needed to adequately move forward with preparations for their upcoming sustainability reporting and due diligence obligations. Further, Member States with existing supply chain laws, such as Germany with its Supply Chain Due Diligence Act (LkSG), can align their legislations to ensure consistency.

However, the agreement includes a review clause allowing the European Commission to reassess the scope of both CSRD and CSDDD, which may nevertheless leave companies with some uncertainty in the future.

Gibson Dunn will continue to monitor and report on any new developments.

The following Gibson Dunn lawyers prepared this update: Ferdinand Fromholzer, Carla Baum, Vanessa Ludwig, Johannes Reul, and Babette Milz.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s ESG: Risk, Litigation, and Reporting practice group, or the authors: :

Ferdinand Fromholzer – Munich (+49 89 189 33-270, ffromholzer@gibsondunn.com)

Carla Baum – Munich (+49 89 189 33-263, cbaum@gibsondunn.com)

Vanessa Ludwig – Frankfurt (+49 69 247 411 531, vludwig@gibsondunn.com)

Johannes Reul – Munich (+49 89 189 33-272, jreul@gibsondunn.com)

Babette Milz – Munich (+49 89 189 33-283, bmilz@gibsondunn.com)

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

From the Derivatives Practice Group: This week, the CFTC was especially active, issuing several no-action letters, including to designated contract markets and derivatives clearing organizations regarding event contracts and in response to a request from ISDA regarding Part 43 and Part 45 requirements.

New Developments

Acting Chairman Pham Announces Implementation of U.S. Treasury Market Reforms. On December 12, CFTC Acting Chaiman Pham announced the CFTC had approved a proposed order to grant a limited exemption necessary for the Chicago Mercantile Exchange Inc. and the Fixed Income Clearing Corporation to make their existing cross-margining arrangement available to certain customers with appropriate safeguards. [NEW]

U.S. Senate Passes Procedural Vote for Mike Selig, Paving the Way for a Final Vote in the Senate. On December 11, the Senate voted 52-47 to approve a resolution that sets up the final vote for Mike Selig’s confirmation as CFTC Chairman. [NEW]

CFTC Staff Issues No-Action Letters Regarding Event Contracts. On December 11, the CFTC’s Division of Market Oversight and Division of Clearing and Risk announced they have taken a no-action position regarding swap data reporting and recordkeeping regulations in response to requests from multiple registered entities, including designated contract markets and derivatives clearing organizations. According to the announcement, the Divisions will not recommend the CFTC initiate an enforcement action against certain registered entities or their participants for failure to comply with certain swap-related recordkeeping requirements and for failure to report to swap data repositories data associated with binary option transactions executed on or subject to the rules of the registered entities, subject to the terms of the no-action letters. [NEW]

CFTC Staff Issues No-Action Position Relating to Designated Contract Market Procedures. On December 11, the CFTC’s Division of Market Oversight announced it has issued a no-action letter to Small Exchange Inc., a designated contract market, which addresses certain procedures related to dormancy. The no-action position is time-limited and subject to the terms and conditions in the Division’s no-action letter. [NEW]

Acting Chairman Pham Announces Withdrawal of “Outdated” Digital Assets Guidance. On December 11, CFTC Acting Chairman Pham announced that the CFTC will withdraw “outdated” guidance related to actual delivery of “virtual currencies,” given the substantial developments in crypto asset markets. The CFTC said that the withdrawal of the guidance will enable the CFTC to continue its ongoing work to implement the recommendations in the President’s Working Group on Digital Asset Markets report. [NEW]

CFTC Staff Issues No-Action Letter Regarding Part 43 and Part 45 Requirements. On December 11, the CFTC’s Division of Market Oversight took a no-action position in response to a request from the International Swaps and Derivatives Association regarding certain data requirements under Part 43 and Part 45 of the CFTC’s regulations to reduce unnecessary and excessive regulatory burden and associated costs. [NEW]

Acting Chairman Pham Announces CEO Innovation Council Participants. On December 10, CFTC Acting Chairman Pham announced the first round of CEO Innovation Council participants, representing exchanges. The CFTC said that the CEO Innovation Council will engage in public discussion of market structure developments in derivatives markets and that further information on the CEO Innovation Council will be released once details are finalized. [NEW]

Acting Chairman Pham Announces Regulatory Clarity for U.S. Access to Markets. On December 9, CFTC Acting Chairman Pham announced that the CFTC’s Market Participants Division, Division of Clearing and Risk, and Division of Market Oversight issued a no-action letter to harmonize three separate definitions of “U.S. person,” among other things, under the CFTC’s Dodd-Frank Act cross-border swap framework. According to the CFTC, the letter simplified and consolidated existing no-action positions that address almost 15 years of regulatory uncertainty and promotes harmonization with SEC regulations. [NEW]

CFTC to Accelerate Publication of Backlogged COT Data. On December 9, the CFTC announced that it is accelerating the publication of Commitments of Traders reports that were interrupted during the lapse in federal appropriation. According to the CFTC, the revised timeline will eliminate the report backlog by December 29, 2025. [NEW]

Acting Chairman Pham Announces Launch of Digital Assets Pilot Program for Tokenized Collateral in Derivatives Markets. On December 8, CFTC Chairman Pham announced the launch of a digital assets pilot program for certain digital assets, including BTC, ETH, and USDC, to be used as collateral in derivatives markets; guidance on tokenized collateral; and withdrawal of outdated requirements given the enactment of the GENIUS Act. The CFTC said that the announcement follows the tokenized collateral initiative Acting Chairman Pham launched in September as a part of the CFTC’s Crypto Sprint to implement recommendations in the President’s Working Group on Digital Asset Markets report. [NEW]

Acting Chairman Pham Announces First-Ever Listed Spot Crypto Trading on U.S. Regulated Exchanges. On December 4, Chairman Caroline D. Pham announced that listed spot cryptocurrency products will begin trading for the first time in U.S. federally regulated markets on CFTC registered futures exchanges. This announcement follows recommendations by the President’s Working Group on Digital Asset Markets and stakeholder insights from the CFTC’s Crypto Sprint and cooperative engagement with the Securities and Exchange Commission. The Crypto Sprint also launched public consultations on all other recommendations from the President’s Working Group report relevant to the CFTC.

Acting Chairman Pham Announces Reforms to Wells Process, and Amendments to the Rules of Practice and the Rules Relating to Investigations. On December 1, Chairman Caroline D. Pham announced the Commission is amending its Rules of Practice and its Rules Relating to Investigations. The amended Rules of Practice seek to enhance the transparency of the Commission’s enforcement actions, including changes to ensure an accurate and complete administrative record by improving internal memoranda to the Commission when the Division of Enforcement recommends an enforcement action.

New Developments Outside the U.S.

ESMA Appoints Marie-Anne Barbat-Layani and Christopher P. Buttigieg as the New Members of its Management Board and Renews Armi Taipale’s Mandate. On December 11, ESMA appointed Marie-Anne Barbat-Layani of Autorité Des Marchés Financiers (France) and Christopher P. Buttigieg of Financial Services Authority (Malta), as the new members of its Management Board. The Board of Supervisors has reappointed Armi Taipale of Finanssivalvonta (Finland), for a second mandate. [NEW]

ESMA Chair Verena Ross to Step Down at the End of Her Current Term. On December 10, ESMA announced that its Chair, Verena Ross, has decided to not renew her term as Chair for a second mandate. According to ESMA, she will continue her work as ESMA’s Chair until the end of her contract on October 31, 2026. ESMA said that it will now launch the process for selecting a new Chair. [NEW]

ESMA Announces Supervisory Expectations for the Management Body in the Form of 12 High Level Principles. On December 10, ESMA published its Final Report on the Supervisory Expectations for the Management Body, outlining ESMA’s expectations for the management bodies of the entities under its supervision. ESMA said that the 12 high-level principles are directed at entities supervised by ESMA and those looking to obtain an ESMA license, and are designed to set out ESMA’s core expectations in the form of outcomes. [NEW]

ESMA Welcomes Commission’s Ambitious Proposal on Market Integration. On December 4, ESMA announced that it welcomes the European Commission’s legislative proposal on market integration and supervision. According to ESMA, the package represents a major step towards deeper and more efficient EU capital markets and reflects many of the recommendations set out in ESMA’s 2024 Position Paper on building more effective and attractive capital markets in the EU.

ESMA to Launch Common Supervisory Action on MiFID II Conflicts of Interest Requirements. On December 2, ESMA announced that it will launch a Common Supervisory Action (CSA) with National Competent Authorities on conflicts of interest in the distribution of financial instruments. The CSA will assess how firms comply with their obligations under MiFID II to identify, prevent, and manage conflicts of interest when offering investment products to retail clients.

New Industry-Led Developments

Global Standard-Setting Bodies Publish Assessment of Margin Requirements for Non-Centrally Cleared Derivatives. On December 12, the Basel Committee on Banking Supervision (BCBS) and the International Organization of Securities Commissions (IOSCO) published a report that reviews the implementation of margin requirements for non-centrally cleared derivatives. IOSCO said the report concluded that the framework has been effectively implemented and finds no evidence of material issues. The BCBS-IOSCO Working Group on Margining Requirements recommended ongoing monitoring through supervisory information exchange and the sharing of experiences among member authorities. [NEW]

ISDA Responds to Bank of England on Gilt Market Resilience. On December 5, ISDA responded to the Bank of England’s discussion paper on gilt market resilience. In the response, ISDA encourages the Bank of England, before introducing any significant policy changes that would affect the functioning of the gilt repo market, to consider the prudential requirements on capital and liquidity in relation to repo transactions, in conjunction with monetary policy and financial stability, to avoid unintended and detrimental consequences for the UK gilt market and firms’ risk management practices.

ISDA Publishes Note on Determining Initial Reference Index for New Trades referencing CPI-U. On November 25, ISDA published a Market Practice Note to recommend a specific methodology that market participants could elect to use for the purposes of determining the Initial Reference Index for certain new inflation derivative transactions given that the Bureau of Labor Statistics has confirmed it will not publish the October 2025 level of the “USA – Non-revised index of Consumer Prices for All Urban Consumers (CPI-U)” as defined in the 2008 ISDA Inflation Derivatives Definitions.

The following Gibson Dunn attorneys assisted in preparing this update: Jeffrey Steiner, Adam Lapidus, Marc Aaron Takagaki, Hayden McGovern, Karin Thrasher, and Alice Wang*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Derivatives practice group, or the following practice leaders and authors:

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, jsteiner@gibsondunn.com)

Michael D. Bopp, Washington, D.C. (202.955.8256, mbopp@gibsondunn.com)

Michelle M. Kirschner, London (+44 (0)20 7071.4212, mkirschner@gibsondunn.com)

Darius Mehraban, New York (212.351.2428, dmehraban@gibsondunn.com)

Jason J. Cabral, New York (212.351.6267, jcabral@gibsondunn.com)

Adam Lapidus, New York (212.351.3869, alapidus@gibsondunn.com )

Stephanie L. Brooker, Washington, D.C. (202.887.3502, sbrooker@gibsondunn.com)

William R. Hallatt, Hong Kong (+852 2214 3836, whallatt@gibsondunn.com )

David P. Burns, Washington, D.C. (202.887.3786, dburns@gibsondunn.com)

Marc Aaron Takagaki, New York (212.351.4028, mtakagaki@gibsondunn.com )

Hayden K. McGovern, Dallas (214.698.3142, hmcgovern@gibsondunn.com)

Karin Thrasher, Washington, D.C. (202.887.3712, kthrasher@gibsondunn.com)

Alice Yiqian Wang, Washington, D.C. (202.777.9587, awang@gibsondunn.com)

*Alice Wang, a law clerk in the firm’s Washington, D.C. office, is not admitted to practice law.

Join Gibson Dunn’s White Collar Defense and Investigations team for a timely webcast exploring the U.S. Department of Justice’s M&A Safe Harbor policy. This recorded session unpacks the policy’s scope, practical application, and implications for deal diligence, post-close integration, and voluntary disclosures. Our panel shares insights from recent matters, discusses best practices for navigating enforcement risks in M&A transactions, and offers guidance on how to leverage the Safe Harbor to mitigate liability. Whether you’re advising on deals or managing compliance, this webcast provides actionable strategies to protect your clients and companies in today’s enforcement landscape.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hour, of which 1.0 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact CLE@gibsondunn.com to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour in the General category.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

PANELISTS:

Patrick F. Stokes is a partner in Gibson Dunn’s Washington, D.C. office and Co-Chair of the Anti-Corruption & FCPA Practice Group. He handles internal corporate investigations, government enforcement matters, and compliance reviews and routinely advises clients on anti-corruption compliance, monitorships, and risk assessments. Prior to joining Gibson Dunn, Patrick headed the FCPA Unit of the U.S. Department of Justice, where he managed the FCPA enforcement program and all criminal FCPA matters throughout the United States.

Matthew (Matt) S. Axelrod is a partner in Gibson Dunn’s Washington, D.C. and Co-Chair of the firm’s Sanctions & Export Enforcement practice. Matt is the only person to have previously served as both Principal Associate Deputy Attorney General at the U.S. Department of Justice and Assistant Secretary for Export Enforcement at the U.S. Department of Commerce’s BIS. His over 25 years of government enforcement, white-collar defense, and crisis management experience are why clients consistently rely on Matt to help them navigate their most sensitive and complex matters.

Michael M. Farhang is a partner in Gibson Dunn’s Los Angeles office and a member of the White Collar Defense & Investigations and Securities Litigation practice groups. A former federal prosecutor, Michael is an experienced litigator and trial attorney who specializes in private M&A litigation matters, including rep and warranty, earnout, and working capital disputes, as well as the defense of companies, directors, and executives in DOJ and SEC investigations and in shareholder class actions, derivative suits and other commercial litigation.

Alexander D. Fine is a partner in Gibson Dunn’s Washington, D.C. office and is a member of the firm’s Mergers and Acquisitions, Finance, and Private Equity Practice Groups. Alexander’s practice focuses on advising private equity sponsors and public companies on a wide range of transactional matters, including strategic mergers and acquisitions, leveraged buyouts, minority investments, and joint ventures. He also advises clients on corporate governance and securities law matters.

Click to read Law.com International’s article, “Gibson Dunn London Could Reach 500 Lawyers in 5 Years Amid Major Build Out” [PDF], which highlights the firm’s significant expansion plans and continued strategic growth in London.

Gibson Dunn advised Central Midstream Partners, LLC on its sale of a majority interest to Tailwater Capital LLC, an energy and infrastructure private equity firm.

Our corporate team was led by partner Michael Piazza and included of counsel Tyler Cox and associates Jonathan Sapp and Luke Smith. Partner Michael Cannon and associate Yara Mansour advised on tax aspects. Partner Krista Hanvey and associate John Curran advised on benefits.

Europe

11/19/2025

European Commission | Legislative Package | Digital Omnibus and European Business Wallet

The European Commission has proposed simpler digital rules and new business wallets to cut costs and boost innovation.

The European Commission unveiled a digital omnibus to simplify EU rules on AI, cybersecurity and data, alongside a Data Union Strategy and European Business Wallets that will offer companies a single digital identity to simplify paperwork and make it easier to do business across EU. The initiative aims to streamline compliance, reduce administrative costs by €5 billion, and unlock €150 billion in annual business savings by 2029.

For more information: The European Commission website

11/19/2025

European Commission | Draft Recommendation | Model and Standard Contractual Clauses Under the Data Act

The European Commission publishes draft model terms and clauses to simplify data sharing and cloud contracts.

The European Commission released draft non-binding Model Contractual Terms for data access and use and Standard Contractual Clauses for cloud computing contracts. These templates aim to help businesses, especially small and medium-sized enterprises, implement the Data Act, ensuring fairness, legal certainty, and easier cloud switching.

For more information: The European Commission website

11/17/2025

Council of the European Union | Regulation | Cross-border GDPR Enforcement Procedures

The Council adopts new EU law to speed up handling of cross border GDPR complaints.

The Council adopted a regulation harmonizing procedures for cross-border data protection cases. The law establishes uniform admissibility criteria, defines rights for complainants and investigated parties, introduces a simple cooperation procedure, and sets investigation deadlines of 15 months for standard cases and 12 months for simpler ones.

For more information: The Council of the European Union website

11/13/2025

Court of Justice of the European Union (“CJEU”) | Judgment | e-Privacy Directive

The CJEU clarifies that where the exception provided under Article 13(2) of the e-Privacy Directive applies, no separate legal basis under the GDPR is required.

The Court held that email addresses collected when users create a free account to access limited content and a free daily newsletter can be considered as obtained “in the context of the sale of a … service”, even if it is free. The sending of the newsletter was considered as a use of an email for the purposes of direct marketing for similar services within the meaning of Article 13(2) of the e-Privacy Directive. The Court also ruled that when Article 13(2) applies, the conditions for lawful processing under Article 6 of the GDPR are not applicable.

For more information : CJEU judgment

10/30/2025

European Parliament | Study | Interplay between the AI Act and the EU Digital Legislation

The European Parliament has released a study examining the interaction between the AI Act and the broader EU digital regulatory framework.

The study highlights overlapping obligations between the AI Act and other key EU digital laws, including the GDPR, the Data Act, the Cyber Resilience Act, the Digital Services Act, the Digital Markets Act, and the NIS2 Directive. To address resulting challenges, it sets out recommendations ranging from short-term measures (promoting joint guidance and coordinated enforcement) to long-term actions (review of the EU’s digital regulatory landscape aimed at consolidation, simplification, and greater coherence).

For more information: European Parliament Website

10/20/2025

European Data Protection Board | Opinion | UK Adequacy Decisions

The European Data Protection Board (“EDPB”) adopted two opinions on the European Commission’s draft decisions extending the UK adequacy decisions under the GDPR and Law Enforcement Directive until December 2031.

With respect to the GDPR adequacy decision, the EDPB welcomes continued alignment but recommends further analysis of several issues, including amendments introduced by the Retained EU Law (Revocation and Reform) Act 2023, the Secretary of State’s new powers to modify the UK data protection framework, and rules governing transfers from the UK to third countries.

For more information: EDPB Website

10/14/2025

European Data Protection Board | Coordinated Enforcement Framework | Transparency

For its fifth coordination enforcement action, the European Data Protection Board (EDPB) will focus on transparency and information obligations under the GDPR.

National supervisory authorities will participate on a voluntary basis, conducting investigations at the national level. The findings from these actions will be aggregated and analyzed by the EDPB to gain deeper insights.

For more information: EDPB Website

10/09/2025

European Data Protection Board & European Commission | Guidelines | DMA & GDPR

The European Data Protection Board (“EDPB”) and the European Commission have published joint guidelines on the interplay between the Digital Markets Act (“DMA”) and GDPR.

The guidelines address DMA requirements that overlap with GDPR obligations, aiming to provide clarity and promote consistent interpretation across both frameworks. A public consultation is open until 4 December 2025.

For more information: EDPB Website

10/01/2025

General Court | Judgment | Unlawful Personal Data Processing

The General Court of the European Union (GCEU) has ordered the European Commission to pay €50,000 in compensation for non-material damages caused by a European Anti‑Fraud Office (“OLAF”) press release.

The claimant sought damages after OLAF published a press release that disclosed her personal data and allowed readers to identify her. The GCEU held that the press release unlawfully processed personal data, breached the presumption of innocence, and lacked neutrality, resulting in reputational harm, damage to professional career and mental distress.

For more information: European Union Website

France

10/15/2025

French Supervisory Authority | Paper | Postmortem Data

The French Supervisory Authority (“CNIL”) has published its report “Our Data After Us,” examining the challenges of managing postmortem data in a digital world.

The paper explores issues related to account management, data transmission, and the emergence of chatbots based on the data of deceased individuals. It highlights legal and ethical issues surrounding digital death and recommends raising public awareness, clarifying rights, and regulating AI applications involving postmortem data.

For more information: CNIL Website [FR]

10/14/2025

French Supervisory Authority | Guidance | Right to Data Portability

The French Supervisory Authority (“CNIL”) has published guidance on the application of the right to data portability in the context of loyalty programs.

Responding to requests from stakeholders in the distribution sector, the CNIL clarifies which information must be transmitted, focusing particularly on product barcodes and promotions associated with customers.

For more information: CNIL Website [FR]

10/13/2025

French Supervisory Authority | Sanction | Simplified Procedure

The French Supervisory Authority (“CNIL”) has announced issuing sixteen new sanctions under its simplified procedure since May 2025, totaling €108,000.

The sanctions relate to non-compliance with video surveillance rules, marketing without consent, and failure to cooperate with the CNIL.

For more information: CNIL Website [FR]

Germany

10/30/2025

Ministry for Digital and Civil Modernization (BMDS) | Draft Legislation | Data Act Implementation Law

The German Federal Cabinet has approved the draft legislation for the national implementation of the EU Data Act, aiming to establish a legal framework for data access and use in Germany.

The proposed Data Act Implementation Law (Data-Act-Durchführungsgesetz) outlines the responsibilities of the Federal Network Agency (Bundesnetzagentur) as the competent authority for enforcing the Data Act in Germany. It includes provisions on dispute resolution, supervisory powers, and sanctions. The draft also addresses the interplay between the Data Act and existing national regulations, particularly in the telecommunications and energy sectors. The law is still subject to parliamentary debate.

For more information: BMDS [DE]

10/28/2025

Data Protection Authority North Rhine-Westfalia (LDI NRW) | Enforcement Action | Sharing of Customer Data via Messenger Service

The LDI NRW has taken a firm stance against the practice of companies sharing personal data of customers through messenger services, deeming it a serious and ongoing violation of data protection law.

The LDI NRW has stopped a medical transport company from sharing client information including names, addresses and prescriptions in messenger groups. This information was intended to simplify the organization of patient transport. However, this does not justify the data processing that took place as the data was not necessary for the performance of a transport contract and should not have been made available to all members of the group chat, especially since health information is particularly sensitive and deserves special protection.

For more information: LDI NRW [DE]

10/28/2025

Hamburg and Austrian DPAs | Decisions | Credit Scoring as Automated Decision-Making

Automated credit scoring systems are facing increased scrutiny across Europe due to concerns over transparency, fairness, and compliance with the GDPR.

The Hamburg data protection authority imposed a substantial fine on a credit scoring provider for failing to adequately inform individuals about automated rejections and the logic behind the scoring process. Both cases underscore the importance of transparency, legal basis, and human oversight in automated credit assessments.

Meanwhile the Austrian data protection authority prohibited a scoring practice used by KSV1870, finding it incompatible with GDPR requirements. The case centered on the lack of transparency and the determinative impact of the score on contractual decisions, aligning with the CJEU’s SCHUFA ruling that such scoring may constitute automated decision-making under Article 22 GDPR.

For more information: Datenschutz-notizen [DE]

10/17/2025

Data Protection Conference (DSK) | Guideline | Data Protection in Generative AI Systems with RAG-methods

The DSK has issued guidance on data protection aspects specific to generative AI systems using the Retrieval-Augmented Generation (RAG) method.

RAG is a method that combines a language model with an external knowledge source — typically a database or document collection — so that the model retrieves relevant information and uses it to generate more accurate, context-specific responses. The guideline provides legal and technical advice on how to utilize the potential of such AI systems while minimizing the risks for those affected. Emphasis is placed on the requirements for transparency and purpose limitation. It concludes that RAG can improve compliance with GDPR principles such as data accuracy, integrity, and confidentiality, as it allows for better control, updating, and deletion of personal data. However, issues of transparency, purpose limitation, and data subject rights remain only partially resolved and must be evaluated on a case-by-case basis.

For more information: DSK [DE]

Norway

10/21/2025

Borgarting Court of Appeal | Sanction | Data Sharing Without Consent

Borgating Court of Appeal upholds €5.5 million fine against a dating app provider.

The Borgarting Court of Appeal dismissed dating app provider’s appeal and upheld the NOK 65 million (approximately €5.5 million) fine for unlawfully sharing users’ personal and special-category data with third-party advertisers without a valid consent. The ruling maintained earlier decisions issued by the Norwegian Supervisory Authority and the Privacy Appeals Board on all points.

For more information: Datatilsynet Website

10/01/2025

Norwegian Supervisory Authority | Consultation Response | EU AI Act

Norwegian Supervisory Auhtority (“Datatilsynet”) recommends full adoption of the EU AI Act with calls for stronger oversight and privacy safeguards

In its response to the Norwegian AI law consultation, the Datatilsynet backs full incorporation of the EU AI Act into national law to ensure equal citizen protections, while urging adequate resourcing, independence, expert complaint mechanisms, and litigation powers for market surveillance authorities. It also proposes a national ban on remote biometric identification and seeks clearer rules on jurisdiction, cross-border penalties, designated fundamental-rights authorities, and information sharing among regulators.

For more information: Datatilsynet Website [NO]

Finland

11/03/2025

Helsinki Administrative Court | Court Decision | GDPR Fine Overturned

The Finnish court overturns the €2.4 million GDPR fine imposed on the national postal and logistics operator.

The court annulled a fine against the national operator for creating digital mailboxes without user consent, holding that the processing was lawful under the GDPR because it was necessary for the performance of a contract – namely, the provision of digital postal services.

For more information: The Daily Finland website

Poland

10/16/2025

Polish Supreme Administrative Court | Judgment | Cookies & IP addresses

Polish Supreme Administrative Court (“NSA”) confirms that cookies and IP addresses are not automatically personal data.

In a case involving a web user-tracking tool, the NSA relied on the EU Court of Justice’s Breyer case law to emphasize that identifiability requires being able to distinguish one individual from another, not merely one device from another. As a result, there is no basis to treat IP addresses or cookie identifiers as personal data in all circumstances since their classification depends on whether, in the specific context, the data can be used to identify an individual.

United Kingdom

10/29/2025

UK Supervisory Authority | Fine | Unsolicited Marketing Messages

The UK Supervisory Authority (“ICO”) issued a £200,000 fine to a sole trader for sending nearly one million spam texts without valid consent.

The ICO found that the individual used data sourced from third parties without ensuring that data subjects’ consent had been obtained and without collecting their consent himself for the direct marketing. He also failed to identify himself or his business, instead concealing his identity by using hundreds of unregistered pre-paid SIM cards. The messages promoted debt solutions and energy saving schemes. 19,138 complaints were received via the spam reporting service in respect of these messages.

For more information: ICO Website

10/15/2025

UK Supervisory Authority | Fine | Cyber Attack

The UK Supervisory Authority (“ICO”) issued a fine of £14 million to two companies for failing to ensure the security of personal data following a cyber-attack in 2023.

Both entities belong to a business process outsourcing and professional services group. The attack began when a malicious file was downloaded onto an employee’s device. Despite a high-priority alert, the device was not quarantined for 58 hours, enabling malware deployment, privilege escalation, and lateral movement across the network. Nearly one terabyte of data was exfiltrated before ransomware was deployed, locking staff out of systems. The ICO considered that the companies failed to prevent privilege escalation and unauthorized lateral movement, to respond appropriately to security alerts, and to conduct adequate penetration testing and risk assessment.

For more information: ICO Website

09/26/2025

UK Government | Policy Announcement | Digital ID

The Prime Minister has announced plans to introduce a digital ID system for Right to Work checks.

The initiative aims to combat illegal employment while streamlining checks that currently rely on paper records. It will also simplify access to services such as driving licenses, childcare, and welfare. The digital ID will be free for UK citizens and legal residents and is expected to be integrated into a digital wallet. Public consultation will be launched later this year.

For more information: UK Government Website

The following Gibson Dunn lawyers prepared this update: Ahmed Baladi, Vera Lukic, Kai Gesing, Joel Harrison, Thomas Baculard, Ioana Burtea, Billur Cinar, Hermine Hubert, Christoph Jacob, Yannick Oberacker, Clemence Pugnet, and Phoebe Rowson-Stevens.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Privacy, Cybersecurity & Data Innovation practice group:

Privacy, Cybersecurity, and Data Innovation:

United States:
Abbey A. Barrera – San Francisco (+1 415.393.8262, abarrera@gibsondunn.com)
Ashlie Beringer – Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)
Ryan T. Bergsieker – Denver (+1 303.298.5774, rbergsieker@gibsondunn.com)
Keith Enright – Palo Alto (+1 650.849.5386, kenright@gibsondunn.com)
Gustav W. Eyler – Washington, D.C. (+1 202.955.8610, geyler@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, cgaedt-sheckter@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202.955.8657, sgans@gibsondunn.com)
Lauren R. Goldman – New York (+1 212.351.2375, lgoldman@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, shandler@gibsondunn.com)
Natalie J. Hausknecht – Denver (+1 303.298.5783, nhausknecht@gibsondunn.com)
Jane C. Horvath – Washington, D.C. (+1 202.955.8505, jhorvath@gibsondunn.com)
Martie Kutscher Clark – Palo Alto (+1 650.849.5348, mkutscherclark@gibsondunn.com)
Kristin A. Linsley – San Francisco (+1 415.393.8395, klinsley@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)
Ashley Rogers – Dallas (+1 214.698.3316, arogers@gibsondunn.com)
Sophie C. Rohnke – Dallas (+1 214.698.3344, srohnke@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)
Frances A. Waldmann – Los Angeles (+1 213.229.7914,fwaldmann@gibsondunn.com)
Debra Wong Yang – Los Angeles (+1 213.229.7472, dwongyang@gibsondunn.com)

Europe:
Ahmed Baladi – Paris (+33 1 56 43 13 00, abaladi@gibsondunn.com)
Patrick Doris – London (+44 20 7071 4276, pdoris@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com)
Joel Harrison – London (+44 20 7071 4289, jharrison@gibsondunn.com)
Lore Leitner – London (+44 20 7071 4987, lleitner@gibsondunn.com)
Vera Lukic – Paris (+33 1 56 43 13 00, vlukic@gibsondunn.com)
Lars Petersen – Frankfurt/Riyadh (+49 69 247 411 525, lpetersen@gibsondunn.com)
Christian Riis-Madsen – Brussels (+32 2 554 72 05, criis@gibsondunn.com)
Robert Spano – London/Paris (+44 20 7071 4000, rspano@gibsondunn.com)

Asia:
Connell O’Neill – Hong Kong (+852 2214 3812, coneill@gibsondunn.com)

This recorded webcast explores criminal and civil enforcement actions against individuals in the Trump administration. Our panel of defense lawyers breaks down notable prosecutions and emerging patterns in securities and financial fraud and discusses how best to navigate these cases within the U.S. Department of Justice. This session provides critical insights into how to proactively protect your executives from legal exposure whether you are in-house counsel, a compliance officer, or part of a board of directors.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.5 credit hours, of which 1.5 credit hours may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact CLE@gibsondunn.com to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.5 hours in the General category.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

PANELISTS:

Nick Hanna is a partner in Gibson Dunn’s Los Angeles office and Co-Chair of the firm’s White Collar Defense and Investigations Practice Group. He represents Fortune 500 companies and executives in high-stakes civil litigation, white collar crime, and regulatory and securities enforcement – including internal investigations, False Claims Act cases, and compliance counseling. A former United States Attorney for the Central District of California, Nick draws on his extensive government and trial experience to advise boards and senior executives in matters involving the DOJ, SEC, and other enforcement agencies.

Jordan Estes is a partner in Gibson Dunn’s New York office and a member of the firm’s White Collar Defense and Investigations Practice Group. A former federal prosecutor with over a decade of white-collar experience, including more than eight years at the U.S. Attorney’s Office for the Southern District of New York, she has served as lead or co-lead counsel in numerous high-profile federal trials. She represents individuals and corporations in complex and sensitive criminal and regulatory investigations, trials, and proceedings before federal and state agencies.

Douglas Fuchs is a partner in Gibson Dunn’s Los Angeles office and Co-Chair of the firm’s Los Angeles Litigation Department. He represents clients in white-collar and regulatory enforcement matters—including securities fraud, public corruption, antitrust, and FCPA issues—conducts internal investigations, develops compliance programs, and handles complex civil litigation arising from related criminal or regulatory actions. Prior to joining the firm, Doug was an Assistant U.S. Attorney for the Central District of California for seven years, and served as Deputy Chief of the Major Frauds Section.

Dani R. James is a partner in Gibson Dunn’s New York office and a member of the firm’s White Collar Defense and Investigations Practice Group. A former federal prosecutor in the Southern District of New York, she represents companies and executives in complex criminal, regulatory, and civil matters involving allegations such as insider trading, corruption, and FCPA violations. She also has extensive experience conducting internal investigations and advising boards and committees on compliance and litigation strategy.

Mike Martinez is a partner in Gibson Dunn’s New York office and a member of the firm’s White Collar Defense and Investigations Practice Group. A former Assistant U.S. Attorney for the District of New Jersey, he is a leading white-collar defense attorney with extensive trial experience. He represents individuals and corporations in matters involving health care fraud, securities fraud, public corruption, and related internal investigations.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Partners Winston Chan and Nicola Hanna have been recognized by the Daily Journal as two of California’s most influential and effective white collar defense practitioners of the year.

Partner Allyson Ho spoke with Law360 after being named one of their 2025 Appellate MVPs. Allyson said that her biggest accomplishment this year was “not letting the urgent overtake the important” – a tough balance to strike.

“Our clients entrust us with their most important matters, so it’s imperative to stay laser-focused on the big picture and achieving the ultimate success for them while also quickly putting out the fires that arise,” Allyson said.

This was the case when she convinced the Fifth Circuit to overturn a contempt order against Texas officials in charge of the state’s foster care system that would have fined them $100,000 a day.

“It was imperative for us to move very quickly to get that order stayed in the court of appeals, so we had to … pull together a stay application very quickly, I think it was within 24 hours, because the order was set to go into immediate effect,” Allyson said. “While at the same time putting together our appeal of the order itself and also our request, which we made very seriously, for the judge to be removed from the case.”

Allyson discussed several other topics with Law360 including her proudest moment, her advice for junior lawyers, and why she chose appellate law.

Gibson Dunn advised Shore Rock Partners on its acquisition of a majority stake in AMAG Technology from Allied Universal.

Our corporate team was led by partner Lilit Voskanyan and included of counsel John Kim and associates Brian Smith and Michelle Lou. Partner Amar Madhani, of counsel Manjinder Tiwana, and associate Willem van Hootegem advised on U.K. corporate aspects. Partners Matt Donnelly and Benjamin Fryer and associates Duncan Hamilton and Aleksandar Genov advised on tax aspects. Partners Doug Horowitz and Dean Masuda advised on finance aspects. Partner Daniel Angel and associates Andrew Hartman and Nate Hancock advised on IP aspects. Partners Michael Collins and James Cox and associate Georgia Derbyshire advised on employment aspects. Of counsel Alana Tinkler advised on antitrust and competition aspects.

Gibson Dunn has extensive experience advising multinational companies operating online services on a wide variety of regulatory and law enforcement investigation, enforcement, strategic counseling, litigation, and appellate matters relating to youth online safety, including on privacy and AI-related issues.

During the investigation phase, State Attorneys General (State AGs) have broad authority to seek documents and information from both targets and witnesses, typically through the use of Civil Investigative Demands (CIDs). During this phase, a defendant is often hamstrung in the information it can obtain from the State, usually limited to what it can obtain through public records act requests. Once the matter proceeds to litigation, however, a defendant has for the first time the opportunity to formally seek information in discovery from the State. This opportunity for offensive discovery can be useful to level the playing field for defendants who may have been the subject of extensive information requests prior to the onset of litigation. And particularly useful may be discovery from state agencies involved in the matter other than the State AG. For instance, in a procurement fraud case, discovery from the agency involved in the purchasing decision may be useful.

Recently, there has been significant litigation surrounding the extent to which records from other state agencies are directly discoverable as party discovery from the State AG in matters brought by the AG–i.e., are within the possession and control of the State AG’s office. Courts have issued conflicting decisions. Some courts have found that when a State AG files a lawsuit it is responsible for producing discovery on behalf of the state’s agencies because the AG purports to act on behalf of the entire state.

Other courts have found, however, that defendants must serve third-party subpoenas to obtain documents from state agencies because the State AG does not have possession or control over the documents held outside of its office. Further, State AGs generally oppose requests for production of documents from other state agencies on the grounds of burden. In such cases, this process may be less effective in states that have legal frameworks to shield agencies from discovery demands, producing a protective effect similar to federal Touhy regulations, which restrict to some degree state employees’ ability to comply with subpoenas relating to the state agency’s work.[1]

Practitioners should be aware of how the relevant jurisdiction handles this issue prior to seeking state agency discovery.

I. Courts Holding The State AG Must Produce Documents From Other State Agencies

Recently the Eastern District of Washington addressed this issue in United States v. MultiCare Health Systems. On August 12, the district court ordered the Washington State AG to produce records from state agencies. See Order, Dkt. No. 102, U.S. v. MultiCare Health Sys. et al., 2:22-cv-00068-SAB (E.D. Wash. Aug. 12, 2025). In this matter, the State of Washington alleged that the defendant hospital system knowingly overbilled Medicaid for the costs of fake and medically unnecessary procedures as part of an alleged fraud scheme by a neurosurgeon. During discovery, the defendant served requests for production on the AG seeking documents from the Washington State Health Care Authority (HCA) related to its Medicaid reimbursement policies, and from the Washington State Department of Health (DOH) related to its investigation of the neurosurgeon. The State opposed the motion, arguing that because the agencies were not named in the complaint, the defendant must follow the procedure for serving nonparty subpoena requests under Federal Rule of Civil Procedure 45. The court disagreed, holding that, because the state “has the legal right to obtain documents upon demand from state agencies,” “discovery addressed to the State of Washington includes its agencies.” Id. at *3 (emphasis added) (citing Washington v. GEO Group, Inc., 2018 WL 9457998, *3 (W.D. Wash. 2018)). The court thus ordered the State’s compliance with the discovery requests as to both the documents related to the investigation by the DOH and the general Medicaid reimbursement policies from the HCA.

In June 2023, the Northern District of Illinois reached a similar conclusion in Illinois ex rel. Raoul v. Monsanto Co. In that case, the Illinois Attorney General brought an environmental action against Monsanto Company and its subsidiaries, alleging that Monsanto’s polychlorinated biphenyls (PCBs) and other hazardous materials contaminated the Illinois environment. See Illinois ex rel. Raoul v. Monsanto Co. et al., 2023 WL 4083934, at *1 (N.D. Ill. June 20, 2023). During discovery, Monsanto sought responsive documents in the possession of state agencies that were referenced in the State’s complaint. Id. Monsanto argued that the Illinois AG had the legal authority to obtain documents held by state agencies, and therefore, the State was “obligated to produce responsive documents in the possession, custody, or control of state agencies.” Id. The State objected on separation-of-powers grounds and asserted that the AG could not produce such documents because the AG “does not have an unfettered legal right to obtain documents from non-party state agencies.” Id. The court rejected the State’s constitutional arguments. Id. It instead found that “principles of fundamental fairness” permitted defendants’ discovery of responsive documents in the possession of those agencies referenced in the State’s complaint. Id. at *4. The court reasoned that those agencies “undoubtedly hold many relevant documents” and would benefit from the AG’s success. Id. Further, the court held that the Illinois AG had control over responsive documents possessed by state agencies referenced in the complaint. Id. at *6. It explained that this control was based on the AG’s “broad statutory and common law powers to control and manage legal affairs on behalf of state agencies.” Id. at *5. Finally, the court opined that third-party discovery tools were “not very efficient” and less likely than direct party discovery to achieve results consistent with Federal Rules of Civil Procedure 1 and 26. Id. at *7. Nevertheless, the court found that Monsanto must use third-party discovery tools to the extent it sought documents from state agencies not named in the complaint. Id.

II. Courts Holding The Defendant Must Use A Third-Party Subpoena To Seek Documents From Other State Agencies

A recent decision from the Ninth Circuit reached a different result. On August 22, 2025, the Ninth Circuit vacated an order requiring State AGs and third-party state agencies to respond to discovery requests seeking, among other things, communications between the states and other government entities, including federal, state, and local agencies. See In re People of the State of California, No. 25-584, 2025 WL 2427608 (9th Cir. Aug. 22, 2025). In an unpublished opinion, a three-judge panel exercised the court’s infrequently invoked mandamus authority to block a discovery order requiring third-party agencies to produce responsive documents. The Court held that under the California state appellate court decision in People ex rel. Lockyer v. Superior Court, 122 Cal. App. 4th 1060 (2004), even in cases where the state is a litigant, the California AG is not deemed to have possession, custody, or control over all documents of any state agency.

The Lockyer decision highlights a distinction between requests for documents related to the investigation versus those that may be relevant, but not directly related to, that investigation. In Lockyer, the court found that “to the extent that any state agencies had a role” in the investigation, “documents related to that investigation may be sought directly from the People.” 122 Cal. App. 4th at 1078 (emphasis removed). In contrast, when a state agency generates documents as part of its “ordinary course” duties, it operates as a third-party to the lawsuit and a “distinct and separate governmental entit[y]” that “can be compelled to produce documents only upon a subpoena.” Id. The court’s analysis, echoed by the State AGs in their arguments to the Ninth Circuit panel in In re People of the State of California, points to the California Constitution and statutes in support of the assertion that “[e]ach agency or department of the state is established as a separate entity.” Id. In Lockyer, the court also stated it “would be unduly burdensome if any time the People are a party to litigation they are required to search for documents from any and all state agencies that the propounding party demands.” Id. at 1080.

Although the Ninth Circuit in In re People of the State of California relied on Lockyer to grant mandamus, it did not grant mandamus as to requests to Pennsylvania state agencies, because Pennsylvania law “explicitly grants [the Attorney General’s] office control over the documents of nonparty state agencies.” In re People of the State of California, 2025 WL 2427608, at *3 (citing 71 Pa. Stat. and Cons. Stat. § 732-208 (West 2025)).

The Eastern District of New York reached a similar result in United States v. Am. Express Co., No. 10-CV-04496 (NGG) (RER), 2011 WL 13073683, at *2 (E.D.N.Y. July 29, 2011). In that case, the court found that “state agencies—even those that are part of the executive branch—are neither subject to common executive control nor interrelated with the State Attorneys General, and so should not be aggregated together for discovery purposes.” 2011 WL 13073683, at *2. The court based its finding on the independent and separately elected nature of the State Attorneys General Office pursuant to state constitutions and statutes. The court nonetheless acknowledged that “party discovery would be unquestionably more efficient” and less burdensome for the party seeking state agency discovery than using a Rule 45 subpoena. Id. at *4. The court also urged the State AG’s office to “take an active role in encouraging” the agencies’ cooperation with responding to the document requests. Id.

As the court in Am. Express Co. noted, defendants in AG litigation seeking discovery from state agencies often prefer to do so through party discovery served on the AG, as opposed to being required to follow subpoena processes. Party discovery is simpler, more efficient, and has fewer procedural hurdles. AG offices, however, will often challenge such discovery, claiming that the materials of other agencies are not within the AG’s “control” and that it is unduly burdensome for the AG to collect materials from other agencies. In seeking agency discovery, it is incumbent on counsel to understand the dynamic and relationship between the various state agencies at issue, as well as the principles of law governing the jurisdiction at hand. And while the decisions above may impact how a defendant seeks documents, they do not foreclose the option of seeking such documents as part of a party’s litigation strategy.

[1] See e.g. Cal. Evid. Code § 1040 (West) (public entities’ privilege to “refuse to disclose official information” and “prevent another from disclosing official information”); Tex. R. Civ. P. 176.6 (statutory limitation on the designation of an appropriate employee to testify on agency matters).

The following Gibson Dunn lawyers prepared this update: Natalie Hausknecht, Poonam Kumar, James Zelenay, Zoey Clark, Kate Googins, Zachary Montgomery, Theo Takougang, and Dylan Morrissey*.

Gibson Dunn’s State AG Task Force assists clients in responding to subpoenas and civil investigative demands, interfacing with state or local grand juries, representing clients in civil and criminal proceedings, and taking cases to trial.

Gibson Dunn lawyers are closely monitoring developments and are available to discuss these issues as applied to your particular business. If you have questions, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following members of Gibson Dunn’s State Attorneys General (AG) Task Force, who are here to assist with any AG matters:

State Attorneys General (AG) Task Force:

Artificial Intelligence:
Keith Enright – Palo Alto (+1 650.849.5386, kenright@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)

Antitrust & Competition:
Eric J. Stock – New York (+1 212.351.2301, estock@gibsondunn.com)

Climate Change & Environmental:
Rachel Levick – Washington, D.C. (+1 202.887.3574, rlevick@gibsondunn.com)

Consumer Litigation & Products Liability:
Christopher Chorba – Los Angeles (+1 213.229.7396, cchorba@gibsondunn.com)

Consumer Protection:
Gustav W. Eyler – Washington, D.C. (+1 202.955.8610, geyler@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202.955.8657, sgans@gibsondunn.com)
Natalie J. Hausknecht – Denver (+1 303.298.5783, nhausknecht@gibsondunn.com)
Ashley Rogers – Dallas (+1 214.698.3316, arogers@gibsondunn.com)

DEI & ESG:
Stuart F. Delery – Washington, D.C. (+1 202.955.8515,sdelery@gibsondunn.com)
Mylan L. Denerstein – New York (+1 212.351.3850, mdenerstein@gibsondunn.com)

False Claims Act & Government Fraud:
Winston Y. Chan – San Francisco (+1 415.393.8362, wchan@gibsondunn.com)
Jonathan M. Phillips – Washington, D.C. (+1 202.887.3546, jphillips@gibsondunn.com)
Jake M. Shields – Washington, D.C. (+1 202.955.8201, jmshields@gibsondunn.com)
James L. Zelenay Jr. – Los Angeles (+1 213.229.7449, jzelenay@gibsondunn.com)

Labor & Employment:
Jason C. Schwartz – Washington, D.C. (+1 202.955.8242, jschwartz@gibsondunn.com)
Katherine V.A. Smith – Los Angeles (+1 213.229.7107, ksmith@gibsondunn.com)

Privacy & Cybersecurity:
Ryan T. Bergsieker – Denver (+1 303.298.5774, rbergsieker@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, cgaedt-sheckter@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)

Securities Enforcement:
Osman Nawaz – New York (+1 212.351.3940, onawaz@gibsondunn.com)
Tina Samanta – New York (+1 212.351.2469, tsamanta@gibsondunn.com)
David Woodcock – Dallas (+1 214.698.3211, dwoodcock@gibsondunn.com)
Lauren Cook Jackson – Washington, D.C. (+1 202.955.8293, ljackson@gibsondunn.com)

Tech & Innovation:
Ashlie Beringer – Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)

White Collar & Litigation:
Collin Cox – Houston (+1 346.718.6604,ccox@gibsondunn.com)
Trey Cox – Dallas (+1 214.698.3256,tcox@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213.229.7269, nhanna@gibsondunn.com)
Allyson N. Ho – Dallas (+1 214.698.3233,aho@gibsondunn.com)
Poonam G. Kumar – Los Angeles (+1 213.229.7554, pkumar@gibsondunn.com)

*Dylan Morrissey is an associate working in the firm’s Los Angeles office who is not yet admitted to practice law.

Gibson Dunn was recognized at The Financial Times (FT) Innovative Lawyers Awards North America 2025 as one of the Most Innovative Law Firms, and was honored as the Most Innovative Firm in two categories: the Business of Law category for our comprehensive three-pronged AI strategy, and the Practice of Law – Disputes and Litigation category for our precedent-setting win in an OpenAI defamation suit.

The firm was also Highly Commended in the Practice of Law – Restructuring category for our Liability Management Exercises (LMEs), and partner Eugene Scalia (Washington, D.C.) was named one of the Top 10 Individual Practitioners for his administrative law and regulatory work.

In addition, Barbara Becker was recognized in the Law Firm Leaders category as one of the top five women chairs / managing partners.

The FT’s annual Innovative Lawyers Awards North America spotlight the firms and in-house teams that use innovative approaches to deliver exceptional value to businesses and society.

Gibson Dunn advised KKR on Saviynt’s $700 million Growth Equity Financing at a valuation of approximately $3 billion. Saviynt is a leading identity security company whose AI-powered platform manages, secures, and governs access for human, non-human, and AI agent identities across an organization’s applications, data, and infrastructure.

Our corporate team was led by partners Christopher Harding and Abtin Jalali and included of counsel Soren Kreider and associate Sam Shapiro.

Partners Christian Riis-Madsen, Kristen Limarzi, and Brad Smith and associate Jonas Jousma advised on antitrust aspects; partner Matt Donnelly and associate Yara Mansour on tax; partner Meghan Hungate and associate Andrew Hartman on IP; partner Cassandra Gaedt-Sheckter and associate Sarah Scharf on data privacy; and partners Mike Collins and James Cox on benefits.

Gibson Dunn is advising DivcoWest as co-investor and joint venture partner with Blackstone Real Estate in Alexander & Baldwin, Inc.’s $2.3 billion take-private transaction.

Our corporate team includes partners Jesse Shapiro and David Perechocky and associate Ryan Dosh. Partner Lorna Wilson is advising on tax matters.

Gibson Dunn is advising Noble Corporation plc on its sale of five jackup rigs to Borr Drilling Limited.

Our corporate team is led by partner Gerry Spedale and includes associates Mike Sellner, Anna Strong, and Luke Smith. Partner Shalla Prichard and of counsel Ryan Searfoorce are advising on financing. Partner Krista Hanvey and associate John Curran are advising on benefits.

Gibson Dunn supported Circle Internet Group, Inc. (NYSE: CRCL), one of the world’s leading internet financial platform companies, in its continued expansion in the United Arab Emirates. Circle has secured a Financial Services Permission from the Financial Services Regulatory Authority of the Abu Dhabi Global Market to operate as a Money Services Provider.

This regulatory milestone strengthens Circle’s presence in the region and reinforces the UAE’s leadership in building a trusted, innovation-forward digital asset ecosystem.

Our project team was led by partner Hagen Rooke, of counsel Sameera Kimatrai, and associate Aliya Padhani.

Gibson Dunn is advising Northern Oil and Gas, Inc. on its $1.2 billion joint acquisition with Infinity Natural Resources of the Ohio Utica assets of Antero Resources Corporation and Antero Midstream Corporation.

Our corporate team includes partners Rahul Vashi and Atma Kabad and associates Graham Valenta and Luke Smith.

Gibson Dunn advised Lone Star Funds on its agreement to sell SPX FLOW, Inc., a leading provider of highly engineered equipment and process technologies for attractive end markets including industrial, health, and nutrition, to ITT Inc. for $4.775 billion.

Our corporate team included partners Jonathan Whalen, Joe Orien, and Jeffrey Chapman and associates Cody Wilson, Uyen Tu, and Marie Baldwin. Partner Michael Cannon and associate Josiah Bethards advised on tax aspects. Partner Gina Hancock and associates Zoe Wachter and Kayoko Fong advised on benefits.

Gibson Dunn advised the underwriters led by Wells Fargo Securities, LLC, Deutsche Bank Securities Inc., Mizuho Securities USA LLC, and SMBC Nikko Securities America, Inc. on Western Midstream Operating, LP’s $1.2 billion public offering of senior notes.

Our corporate team included partners Hillary Holmes and Harrison Tucker and associates Malakeh Hijazi, Anna Strong, and Lachlan McLeod. Partner Pamela Lawrence Endreny and of counsel Kate Long advised on tax aspects. Senior counsel Janine Durand advised on regulatory aspects. Of counsel Deena Klaber advised on environmental aspects. Associate Stefan Koller advised on real estate aspects.

Gibson Dunn’s Workplace DEI Task Force aims to help our clients navigate the evolving legal and policy landscape following recent Executive Branch actions and the Supreme Court’s decision in SFFA v. Harvard. Prior issues of our DEI Task Force Update can be found in our DEI Resource Center.

Key Developments:

On November 19, the U.S. Equal Employment Opportunity Commission (“EEOC”) issued new guidance entitled “Discrimination Against American Workers Is Against the Law.” The guidance states that “[n]ational origin discrimination can include preferring foreign workers, including workers with a particular visa status, over American workers,” and that “anti-American national origin discrimination” can take the form of discriminatory job advertisements, disparate treatment of applicants or employees in the terms, conditions, or privileges of employment, harassment based on national origin, and retaliation because an individual has engaged in protected activity, such as opposing national origin discrimination at work. The guidance further states that employers are not entitled to hire foreign workers over equally qualified American workers on the basis of national origin, even if there is a “[c]ustomer or client preference,” a “[l]ower cost of labor,” or a “[b]elief[] that workers from one or more national origin groups” have a “better work ethic.” The guidance relates to the Department of Labor’s recently announced initiative Project Firewall, “an H-1B enforcement initiative that will safeguard the rights, wages, and job opportunities of highly skilled American workers by ensuring employers prioritize qualified Americans when hiring workers and holding employers accountable if they abuse the H-1B visa process.” In a recent press release applauding the EEOC for “taking action to help prevent discrimination against American workers,” U.S. Department of Labor Secretary Lori Chavez-DeRemer and Deputy Secretary Keith Sonderling noted that, through Project Firewall, the EEOC, Labor Department, and other government agencies intend to share information and coordinate efforts to “proactively combat unlawful discrimination against American workers and properly enforce the law by leveraging the full strength of the federal government.”

On November 18, President Trump nominated M. Carter Crow to serve as the next General Counsel of the EEOC. Crow is currently Global Head of Employment and Labor at the law firm Norton Rose Fulbright. In a recent interview, Crow stated that he is “strongly supportive of all of the priorities” the EEOC’s current leadership has espoused and is “very interested” in religious bias cases.

On November 18, the EEOC announced that it had filed an action in federal court to enforce a subpoena to the University of Pennsylvania. The EEOC issued the subpoena in relation to its investigation into the University following a December 2023 Commissioner’s charge alleging that the school subjected faculty and staff to antisemitic harassment, failed to effectively address complaints of harassment, failed to take prompt and effective measures to end harassment, and allowed harassment to escalate. The subpoena requests, among other things, the identification of and contact information for witnesses to and victims of the religious-based harassment. It also seeks the identification of and contact information for employees who have filed discrimination complaints relating to their Jewish faith, those who belong to Jewish clubs or campus groups, and anyone who works in the university’s Jewish studies program. EEOC Chair Andrea Lucas stated that the University “continues to refuse to identify members of its workforce who may have been subjected to this unlawful conduct,” effectively “undermin[ing] the EEOC’s ability to investigate harassment.” The case is EEOC v. Trustees of the University of Pennsylvania, Case No. 2:25-cv-06502).

On November 14, Judge Rita F. Lin of the U.S. District Court for the Northern District of California issued an order granting the American Association of University Professors a preliminary injunction. The injunction bars the Trump Administration from withholding federal funds from the University of California system without complying with all federal procedural and substantive requirements governing the termination of such funds. The plaintiffs, which include the American Association of University Professors and numerous other higher education unions, brought claims for violations of the Administrative Procedure Act, Title VI, Title IX, the First Amendment, the Tenth Amendment, the Spending Clause, and the Separation of Powers doctrine. The court found that while “[r]ooting out antisemitism is undisputedly a laudable and important goal,” the Trump administration “engaged in a concerted policy to use allegations of antisemitism to justify funding cancellations,” when the actual intent was to “coerce universities into purging disfavored ‘left’ and ‘woke’ viewpoints from their campuses and replace them with views that the Administration favors.” The court held that the “undisputed record” showed that the administration “engaged in coercive and retaliatory conduct in violation of the First Amendment and Tenth Amendment” and “flouted the requirements of Title VI and IX and cancelled funding in an arbitrary and capricious manner.” The case is American Association of University Professors et al. v. Trump et al., No. 25-07864 (N.D. Cal. 2025).

On November 6, the Sixth Circuit issued an en banc decision, striking down an Olentangy Local School District policy that prohibited students from using another student’s biological pronouns when they know those pronouns are “contrary to the other student’s identity.” The court, balancing the First Amendment rights of students against the District’s interest in protecting its students from bullying and harassment, found that the “District’s ban on the use of biological pronouns regulates speech on a public concern in a way that discriminates based on viewpoint.” Further, the court found that the District did not meet the “heavy evidentiary burden to justify the ban” and that it was required to identify “something more than a mere desire to avoid the discomfort and unpleasantness that always accompany an unpopular viewpoint.” The court discussed that under Supreme Court precedent, a school official may only “silence speech” if it will cause a “substantial disruption” to school activities or infringe on the “rights of others” in the school community, but held that using a student’s biological pronouns as opposed to their preferred pronouns was neither substantially disruptive, nor a violation of the rights of other students, as articulated under “the Constitution, a federal statute, or a state law.” The court ultimately found that an “appropriately tailored preliminary injunction” barring the District from “punishing students for the commonplace use of biological pronouns” provided the “best balance” of the competing interests at issue. Five judges in the majority issued separate concurring opinions. The 7-judge dissent to the en banc decision would have held that the District had met its burden under Supreme Court precedent to reasonably forecast that the speech at issue would “materially and substantially disrupt the work and discipline of the school” (Tinker v. Des Moines Indep. Cmty. Sch. Dist., 393 U.S. 503, 513 (1969)). The case is Defending Education v. Olentangy Local School District, No. 23-3630 (6th Cir. 2025).

On November 7, Cornell University announced that it had reached an agreement with the Trump administration to settle several federal agency investigations into alleged violations of antidiscrimination laws by the University, including whether it unlawfully considered race in admissions decisions and adequately protected Jewish students from harassment during pro-Palestinian protests. Under the terms of the settlement, Cornell agreed to pay $30 million to the government over the next three years and to invest an additional $30 million in agricultural research programs, as agriculture was a major catalyst for Cornell’s creation in 1865. Cornell agreed to provide the “Guidance for Recipients of Federal Funding Regarding Unlawful Discrimination” issued by the Attorney General on July 29, 2025, “as a training resource to faculty and staff so long as that Guidance remains operative,” and to provide the government with “anonymized undergraduate admissions data” for “statistical analyses.” The agreement states that nothing in its terms “shall be construed as giving the United States authority to dictate the content of academic speech or curricula.”

Michael I. Kotlikoff, President of the University, released a statement regarding the settlement. Kotlikoff notes that, under the agreement, Cornell did not admit any wrongdoing. Kotlikoff explained that the “months of stop-work orders, grant terminations, and funding freezes have stalled cutting-edge research, upended lives and careers, and threatened the future of academic programs at Cornell” but that the agreement allows Cornell to revive its partnership with the federal government “while affirming the university’s commitment to the principles of academic freedom, independence, and institutional autonomy.”

On November 6, President Trump named Andrea Lucas as Chair of the EEOC. She had been serving as the Acting Chair since January 2025. Lucas was first nominated as a Commissioner in 2020 during President Trump’s first term and was renominated in March of this year and confirmed by the Senate to a second term on July 31. Lucas stated that under the Trump administration, “the Commission has made significant progress advancing its core mission to uphold [the] nation’s civil rights laws and protect American workers through consistent, effective enforcement,” and that as Chair, she will “remain committed to enforcing the law evenhandedly, advancing equal opportunity, and upholding merit-based, colorblind equality in America’s workplaces.” The following day, she also announced that, because Brittany Panuccio’s swearing-in as a Commissioner established a quorum, the Commission is now enabled to pursue a “larger suite” of lawsuits. Lucas stated that the Commission, which filed nearly 100 lawsuits in the recent fiscal year, is “ready to hit the ground running” and “bring all types of litigation, including larger-scale litigation, like systemic cases and pattern or practice cases.”

On October 31, Judge Barbara Jacobs Rothstein of the U.S. District Court for the Western District of Washington issued an order granting a preliminary injunction to the City of Seattle, enjoining the Trump administration from enforcing Executive Order 14173 (“Ending Illegal Discrimination and Restoring Merit-Based Opportunity”) and Executive Order 14168 (“Defending Women From Gender Ideology Extremism and Restoring Biological Trust to the Federal Government”) (“the EO(s)”). The City alleges that the EOs violate principles of separation of powers, the Fifth and Tenth Amendments, and the Spending Clause of the U.S. Constitution and are arbitrary and capricious in violation of the Administrative Procedure Act. In granting the preliminary injunction, the court concluded that EO 14173 is aimed at advancing “the Trump Administration’s own interpretation of ‘discrimination’ through the threat of the loss of federal funding and/or [False Claims Act] investigations and penalties” and rejected the government’s argument that imposing the terms of EO 14168 in its grants is authorized by Congress because a “condition barring recipients from ‘promoting gender ideology,’ or any other politically charged policy matter, bears no resemblance to the administrative, procedural, and performance-based conditions enumerated by Congress.” Thus, the court held that the City demonstrated a likelihood of success on its claims that, by imposing the terms of the EOs on cities, the Trump administration had run afoul of the separation of powers doctrine and was acting in excess of statutory authority in violation of the Administrative Procedure Act. The court also held that Seattle had shown it would suffer irreparable harm, as the loss of federal funding would threaten a wide array of public safety, law enforcement, first responder, and anti-terrorism services, as well as critical transportation and infrastructure projects and supportive housing and care services. The case is City of Seattle v. Trump et al., No. 2:25-01435 (W.D. Wash. 2025).

On October 22, University of Virginia interim President Paul Mahoney announced that UVA reached an agreement with the Department of Justice (“DOJ”) regarding the government’s remaining federal investigations. Under the agreement, which does not require UVA to make any monetary payments, the University “affirms its commitment to complying” with federal civil rights law and agrees to apply such law consistent with DOJ’s July 29, 2025 “Guidance for Recipients of Federal Funding Regarding Unlawful Discrimination” “so long as that Guidance remains in force” and “consistent with relevant judicial decisions.” The University agreed to provide DOJ with quarterly reports on its efforts to comply with federal law through December 31, 2028. The government agreed to suspend its investigations and treat UVA as eligible for all grants, contracts, and awards. The agreement also states that nothing in its terms “shall be construed as giving the United States authority to dictate the content of academic speech or curricula.” Mahoney stated that the “agreement represents the best available path forward” and that the University intends to “redouble” its “commitment to the principles of academic freedom, ideological diversity, [and] free expression.&rdquo

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

Wall Street Journal, “Trump’s DEI Slayer Is Just Getting Started” (November 19): Lauren Weber of the Wall Street Journal reports that EEOC Chair Andrea Lucas has prioritized cracking down on faith-based discrimination and what the agency views as unlawful DEI programs. According to Weber, “Lucas has said she is attacking the identity politics she believes has permeated workplaces and the broader culture.” After the recent confirmation of Commissioner Brittany Panuccio, the EEOC now has a quorum, which, according to Weber, gives Lucas “the power to do more.” Weber reports that the EEOC under Lucas is carrying out an ambitious agenda, from rescinding guidance on protections for transgender and nonbinary workers and combating DEI programs that the administration considers unlawful, to probing law firms’ diversity practices, investigating universities’ responses to antisemitism, and recovering funds for workers subject to Covid vaccine mandates despite religious objections. Former colleagues of Lucas describe her as “outspoken,” “dedicated,” and “smart.” Jason Schwartz, co-chair of Gibson Dunn’s labor and employment group, where Lucas worked prior to joining the EEOC, said that “[s]he has a really strong legal mind and was among the brightest associates I worked with over the years.”
The Hill, “Minority Health Researchers Walk Tightrope Amid NIH Funding Cuts” (November 8): The Hill’s Surina Venkat reports on the funding difficulties faced this year by minority health researchers, who assert that they “are facing unclear research directives, increasingly competitive grant awards and politicized peer review processes as they battle to sustain their work improving health outcomes for minority populations.” Venkat states that such challenges began for the researchers earlier this year, after President Trump directed agencies to terminate DEI-related grants and programs, resulting in the cancellation of several hundred NIH grants. Venkat also reports that while the NIH will continue to fund and study minority health, NIH Director Jay Bhattacharya stated in an August directive that the agency will prioritize research focused on “solution-oriented approaches” to minority health, rather than research focused on identifying and diagnosing disparities in health care outcomes. The NIH also will institute a new funding policy, offering multiyear, upfront funding for research projects. And the article notes that recent changes to the peer-review process mean that political appointees will play an increased role in making funding decisions. Researchers interviewed for the article stated they expect the policy changes will result in fewer funds being awarded each year and will make planning projects more difficult. To overcome these challenges, researchers interviewed for the article reported they intend to apply for more grants moving forward to increase their chances of securing funding. Others will seek private donations in place of federal funding. Researchers remarked on the need to use clear and specific language in describing their work and expected implications, avoiding blanket terms that might sound in the vocabulary of DEI.
Law360, “ABA Changes DEI Scholarship Requirement Amid Lawsuit” (November 3): Emily Sawicki with Law360 reports that the American Bar Association (“ABA”) has revised the eligibility criteria for its Legal Opportunity Scholarship for first-year law students from being limited to “member[s] of an underrepresented racial and/or ethnic minority” to being open to applicants who “have demonstrated a strong commitment to advancing diversity, equity, and inclusion.” Sawicki reports that The American Alliance for Equal Rights is currently suing the ABA in the U.S. District Court for the Northern District of Illinois, claiming that offering a scholarship exclusive to members of racial and ethnic minority groups violates Section 1981 of the Civil Rights Act by discriminating against white law students. The ABA has moved to dismiss the suit, but the court has not yet ruled on the motion.
Law360, “Depleted Ranks At EEOC Won’t Impede Trump Policy Agenda” (October 31): Anne Cullen of Law360 reports that, according to experts, record-low staff levels at the EEOC should not impact EEOC Chair Andrea Lucas’s plans to realign EEOC policies with President Trump’s priorities. With the recent appointment of former assistant U.S. attorney Brittany Panuccio to the EEOC, the Commission now has a three-member quorum for pursuing major policy initiatives, despite being staffed by its lowest personnel count since 1980. Cullen reports that experts expect EEOC Chair Lucas to prioritize policy changes related to the EEOC’s current harassment in the workplace guidance and Pregnant Workers Fairness Act regulations, both of which Lucas opposed as an EEOC Commissioner.
Washington Post, “As Some DEI Critics Say Victory is Near, Companies Face New Pushback Over Rollbacks” (October 28): Taylor Telford of the Washington Post reports on the number of large employers that have reassessed their DEI programs since the Supreme Court’s 2023 SFFA v. Harvard decision and President Trump’s re-election last year. According to Telford, following President Trump’s anti-DEI executive orders earlier this year, many employers have opted to drop their workforce representation goals, diversity initiatives, and identity-focused programs or otherwise rebrand away from DEI. At the same time, employers who have rolled back their DEI programs are facing internal and public pushback, highlighting reputational and workforce risks. For example, Telford’s reporting describes the tension many companies are facing, including one company that faced a recent boycott led by civil rights leaders and consumers opposed to the company’s DEI changes and another company losing out on a government contract with the City of London for no longer meeting its diversity criteria.
Associated Press, “Black Enrollment is Waning at Many Elite Colleges After Affirmative Action Ban, AP Analysis Finds” (October 23): Collin Binkley with the Associated Press (“AP”) reports that, after analyzing recent enrollment data at 20 selective colleges, the AP has found a clear decline in the percentage of Black freshmen in the two admission cycles since the Supreme Court banned race-conscious admissions. According to Binkley, and based on the AP’s analysis, Hispanic enrollment also declined at many schools, while trends for white and Asian-American students were mixed. Binkley further reports that the Trump administration has ramped up its oversight of college admissions, including scrutinizing colleges’ use of applicant diversity statements as unlawful “racial proxies.” Binkley offers reactions from Richard Kahlenberg, a researcher at the Progressive Policy Institute, who believes colleges have lawful alternatives for promoting racial diversity, such as giving stronger preferences to low-income applicants and ending legacy admissions.

Case Updates:

Below is a list of updates in new and pending cases:

1. Contracting claims under Section 1981, the U.S. Constitution, and other statutes:

American Alliance for Equal Rights v. American Bar Association, No. 1:25-cv-03980 (N.D. Ill. 2025): On April 12, 2025, the American Alliance for Equal Rights (“AAER”) sued the ABA in relation to its Legal Opportunity Scholarship, which AAER asserts violates Section 1981. According to the complaint, the scholarship awards $15,000 to 20–25 first-year law students per year. To qualify, an applicant must be a “member of an underrepresented racial and/or ethnic minority.” The complaint alleges that “White students are not eligible to apply, be selected, or equally compete for the ABA’s scholarship.” AAER seeks a TRO and preliminary injunction barring the ABA from selecting winners for this year’s scholarship, as well as a permanent injunction barring the ABA from knowing or considering applicants’ race or ethnicity when administering the scholarship. On June 16, 2025, the ABA moved to dismiss the complaint for failure to state a claim. The ABA argued that AAER failed to allege that it has any members with standing to pursue the claim on their own behalf. The ABA further argued that AAER failed to state a Section 1981 claim because AAER did not allege a contractual relationship with the ABA. The ABA also argued that the relief sought would impede the ABA’s First Amendment rights to free speech and expression, and that the “ABA has a First Amendment right to distribute funds as it deems appropriate.” AAER filed an amended complaint on June 25, 2025 making new allegations about the ABA’s commitment to diversity and beliefs around refusing to contract with persons of certain races. On July 30, 2025, the ABA moved to dismiss the amended complaint on the same grounds it moved to dismiss the initial complaint, asserting that the new facts pled in the amended complaint failed to overcome the shortcomings of the initial complaint.
- Latest update: On August 29, 2025, AAER filed its opposition to the ABA’s motion to dismiss, arguing that the amended complaint plausibly alleges standing because white applicants were denied an equal opportunity to compete “regardless [of] whether a white student took the futile step of applying.” AAER further argued that the complaint plausibly alleges a Section 1981 claim because the ABA’s scholarship program implicates the defendants’ privacy policies and terms of service, which are contracts. Finally, AAER argues that the ABA’s First Amendment defense fails, including because Section 1981 regulates conduct, not speech. The ABA filed its reply on September 17, 2025. On October 31, 2025, AAER filed a notice advising the court that the ABA’s scholarship no longer requires applicants to “be a member of an underrepresented racial and/or ethnic minority” and instead now requires applicants to “have demonstrated a strong commitment to advancing diversity, equity, and inclusion (DEI).” AAER accused the ABA of failing to timely bring these changes to the court’s attention. On November 6, 2025, the court struck AAER’s notice from the record, stating that the reason for the notice was “a mystery since no relief was requested,” and that, given that the ABA had not raised any argument that the case was now moot in light of changes to its policy, the court was “unwilling to follow the parties down this rabbit hole” and would not grant further briefing on the issue.
City of Seattle v. Trump et al., No. 2:25-cv-01435 (W.D. Wash. 2025): On July 31, 2025, the City of Seattle sued the Trump administration, challenging Executive Orders 14173 and 14168. The City alleges that the EOs violate principles of the separation of powers, the Fifth and Tenth Amendments, and the Spending Clause of the U.S. Constitution and are arbitrary and capricious in violation of the Administrative Procedure Act. The City asserts that enforcement of the EOs will result in the loss of “committed federal grants and contracts if” it does not abide by “improperly imposed (and impossibly vague) funding conditions.”
- Latest update: On October 31, 2025, the court granted Seattle’s motion for a preliminary injunction, finding that Seattle was likely to succeed on the merits because EOs 14173 and 14168 likely violate the separation of powers doctrine, which provides that the U.S. Constitution grants power of the purse to Congress alone. Additionally, the court found that the harm to Seattle in the absence of a preliminary injunction would be irreparable and certain because Seattle would lose government grants that support a wide array of public safety, law enforcement, and other services.
National Association of Scholars v. United States Department of Energy et al., No.1:25-cv-00077-DII (W.D. Tex. 2025): On January 16, 2025, the National Association of Scholars—a group of professors, faculty, and researchers at colleges and universities across the United States—sued the United States Department of Energy, alleging that the Department’s Office of Science unlawfully requires research grant applicants to show how they would “promote diversity, equity, and inclusion in research projects” through its Promoting Inclusive and Equitable Research (“PIER”) plan. The Association alleges that requiring grant applicants to show how they would promote DEI in their projects violates applicants’ First Amendment rights by requiring them to express ideas with which they disagree, that the Department lacked statutory authority to adopt the plan, and that the plan violates the procedural requirements of the Administrative Procedure Act. The Association seeks declaratory and injunctive relief. On March 31, 2025, the defendants filed a motion to dismiss. The defendants argue that the Association’s claims are moot, as the Department of Energy has rescinded the PIER plan requirement after President Trump issued EO 14151. On April 14, 2025, the Association filed an opposition to the motion to dismiss, arguing that the recission of the PIER plan requirement does not sufficiently moot the controversy because the requirement was “suspended,” and not “rescinded,” making the change temporary. The Association also argues that EO 14151 is currently being challenged in multiple lawsuits, and it is likely that the PIER plan requirement, or something similar, could be reimposed.
- Latest update: On October 27, 2025, the court granted the defendants’ motion to dismiss without prejudice, reasoning that the case was moot in light of the recission of the PIER Plan requirement.

2. Employment discrimination and related claims:

Bobowicz v. Powell et al., No. 5:24-cv-00246 (W.D.N.C.): On November 18, 2024, a former employee of the Federal Reserve Board sued the Chair of the Federal Reserve, the Chief Operating Officer, and four Federal Reserve supervision officials, alleging discrimination on the basis of his religion, race, gender, and sexual orientation in violation of his rights under Title VII of the Civil Rights Act and under the Age Discrimination in Employment Act. The plaintiff also claims he was discriminated against due to his religious beliefs, which precluded him from receiving the COVID-19 vaccination. He further alleges he became “a target for termination” because he was “a heterosexual, white, male who was the oldest employee in both his local and national [teams].” In addition to damages, reinstatement, and front and back pay, the plaintiff seeks a declaration that the Federal Reserve’s diversity initiatives violate the Fourteenth Amendment’s equal protection clause. On January 6, 2025, the plaintiff filed an amended complaint, adding allegations that “the Federal Reserve Board’s DEI policies were part of a more comprehensive federal effort to incorporate” protected characteristics into hiring and employment practices. On June 6, 2025, the plaintiff filed a second amended complaint, adding the Federal Reserve Bank of New York and two of its employees as defendants. The second amended complaint alleges that the plaintiff was employed by the Federal Reserve and constructively employed by the Federal Reserve Bank of New York, and that both are liable for the alleged discrimination and retaliation.
- Latest update: On July 7, 2025, defendants Jerome Powell, Chair of the U.S. Federal Reserve, and the individual board members of the U.S. Federal Reserve filed a motion to dismiss, or transfer for improper venue, the second amended complaint. They argued, among other things, that venue is improper, the plaintiff’s Section 1981 claim fails because Section 1981 does not “provide a remedy against federal officials,” vaccination status is not a protected class, and the plaintiff’s request for a religious accommodation is not a protected activity. On November 3, 2025, the plaintiff filed an opposition challenging these points. Separately, on August 25, 2025, the other group of defendants—the Federal Reserve Bank of New York and two of its employees—filed a motion to dismiss the plaintiff’s second amended complaint, arguing, among other things, that the complaint’s allegations are “conclusory, vague, and speculative,” including because the complaint does not define “DEI,” and the plaintiff lacks standing to sue because the plaintiff’s alleged injuries are not “fairly traceable to the challenged conduct.” On October 31, 2025, the parties stipulated to dismiss all claims against certain U.S. Federal Reserve defendants, the Federal Reserve Bank of New York, and certain employees thereof—leaving only Powell and the Board of Governors of the Federal Reserve System as defendants in the case.
Vaughn v. CBS Broadcasting, Inc., et. al., No. 2:24-cv-05570 (C.D. Cal. 2024): On July 1, 2024, a suit was filed against CBS Broadcasting by former Los Angeles news anchor Jeff Vaughn, alleging that CBS-affiliated Los Angeles stations, KCBS-TV and KCAL-TV, terminated his employment because he is “an older, white, heterosexual male.” Vaughn claims that CBS replaced him with a “younger minority news anchor” in violation of Section 1981, Title VII, and the Age Discrimination in Employment Act. The complaint points to public statements by CBS expressing its commitment to diversity, including statements discussing various representation goals. Vaughn, who is represented by America First Legal, is seeking over $5,000,000 in damages. On September 9, 2024, defendants CBS Broadcasting, Paramount Global, and Wendy McMahon, then-President and CEO at Paramount, filed an answer asserting seven affirmative defenses, including that the plaintiff failed to plead facts sufficient to state a claim, that CBS acted in good faith and without discriminatory motive, and that the plaintiff’s claims were barred by the First Amendment. On March 10, 2025, the defendants filed an amended answer, adding an eighth affirmative defense that the plaintiff failed to mitigate damages.
- Latest update: On October 31, 2025, the defendants moved for summary judgment, arguing that the termination was based on legitimate, nondiscriminatory grounds, the plaintiff lacked evidence of pretext or but-for causation, and the plaintiff failed to establish individual liability against defendant McMahon under Section 1981. The defendants further contended that CBS’s conduct, even if found discriminatory, would still be protected by the First Amendment. According to the defendants, CBS, a private company engaged in expressive activity, has a First Amendment right to choose who channels that expression.

3. Challenges to statutes, agency rules, executive orders, and regulatory decisions:

American Alliance for Equal Rights v. Bennett et al., No. 1:25-cv-00669 (N.D. Ill. 202); Nos. 25-02461, 25-02487 (7th Cir.): On January 21, 2025, AAER sued the Attorney General of Illinois, the Director of the Illinois Department of Human Rights, and the Secretary of State of Illinois, alleging that an Illinois law, SB 2930—which requires “qualifying nonprofits to gather and publicize” certain demographic data online—compels organizations to engage in unlawful discrimination. They assert that “[b]y forcing charities to publicize the demographics of their senior leadership, the law pushes them to hire candidates based on race.” AAER also alleges the law violates the First Amendment by compelling organizations “to speak about a host of controversial demographic issues.” On March 4, 2025, the United States intervened as a plaintiff. AAER filed a motion for preliminary injunction on April 4, 2025. The defendants subsequently moved to dismiss both complaints—for lack of subject matter jurisdiction as to the United States and failure to state a claim as to AAER—and opposed the preliminary injunction motion. On August 20, 2025, the court issued its ruling on the motions for preliminary injunction and to dismiss. The court granted in part the defendants’ motion to dismiss. The court held that AAER lacked standing to sue on behalf of its anonymous members based on alleged public disclosure, which the court held was too speculative to constitute injury in fact. However, the court held that AAER has standing to sue in relation to the collection of its members’ sensitive information. The court granted the motion to dismiss the United States, holding that it failed to allege an injury in fact and thus lacked standing as intervenor. The court denied AAER’s motion for preliminary injunction, reasoning that AAER proved neither likelihood of success on the merits nor irreparable harm. AAER and the United States filed notices of appeal on August 21, 2025 and August 25, 2025, respectively. On August 27, 2025, the parties stipulated to a stay of the enforcement of SB 2930 against AAER’s members for the duration of the appeal. On August 28, 2025, the district court granted the stay of enforcement and stayed all district court proceedings pending appeal.
- Latest update: AAER and the United States filed their appellate briefs on October 20, 2025. In its brief, AAER argues that the district court erred in finding its allegations too speculative to confer standing, because it was predictable that at least one officer or director, when asked, would have reported at least some demographic information. In its brief, the United States argues that the district court erred in finding that it lacked standing as an intervenor because “the United States has standing wherever an action has been commenced [] seeking relief from the denial of equal protection of the laws under the fourteenth amendment.”
Chicago Women in Trades v. Trump, et al., No. 1:25-cv-02005 (N.D. Ill. 2025): On February 26, 2025, Chicago Women in Trades (“CWIT”), a non-profit organization, sued President Trump, challenging EO 14151and EO 14173 on constitutional grounds. On April 14, 2025, the court preliminarily enjoined enforcement of key provisions of the EOs, including a provision terminating one of CWIT’s federal grants. On May 14 and 21, 2025, the Department of Labor filed status reports indicating its continued compliance with the court’s preliminary injunction. On July 7, 2025, the defendants moved to dismiss. The defendants argued that CWIT lacked standing to challenge certain “intra-governmental provisions” in the orders. They also argued that the court “should dismiss the President, DOJ and the Attorney General, and OMB and its Director based on considerations particular to those parties” and urged the court to reject each of CWIT’s claims as a matter of law. On July 8, 2025, the defendants filed a motion for an indicative ruling and partial stay. In their motion, the defendants “request[ed] that the Court issue an indicative ruling that on remand from the court of appeals it would modify the scope of its preliminary injunction” in light of Trump v. CASA’s holding that “district courts do not have equitable powers to issue a ‘universal injunction[.]’” The defendants also requested that the Court “stay the universal scope of the injunction pending resolution on appeal.” On July 25, 2025, the plaintiffs opposed this motion, asserting that “the government’s motion fails to raise any ground for reconsideration allowable under Federal Rule of Procedure 60(b).” The plaintiffs also asserted that the “injunction [the] Court entered does not conflict with CASA,” and that the government has not shown that it “would be irreparably harmed without a stay.”
- Latest update: On October 30, 2025, the court denied the government’s motion for a partial stay or to modify the scope of the injunction. Though the court acknowledged that the Trump v. CASA ruling cautioned against issuing injunctions that cover nonparties, the court nevertheless held that enjoining all enforcement of the certification provision of EO 14173—which mandates that all recipients of any contract or grant award “certify” certain matters, including that the recipient does not operate programs promoting DEI that violate any applicable federal anti-discrimination laws—was necessary “to afford CWIT complete relief,” including by protecting CWIT’s ability to partner and collaborate with others. The court further noted that its broad injunction was supported by “jurisdictional and remedial principles.”
Withrow v. United States et al., No. 1:25-cv-04073 (D.D.C. 2025): On November 20, 2025, LeAnne Withrow, a transgender woman who was an Illinois Army National Guard staff sergeant and now works as a lead military and family readiness specialist and civilian employee for the Illinois National Guard, filed a putative class action against United States officials in the U.S. District Court for the District of Columbia, alleging that the Trump administration’s policy of prohibiting transgender employees from using restrooms that align with their gender identity violates the Administrative Procedure Act and Title VII of the Civil Rights Act of 1964, which prohibits discrimination on the basis of sex. The plaintiff alleges that she has tried to work around the policy by using single-user restrooms, but that such facilities are often inconvenient or nonexistent.

4. Actions against educational institutions:

Students Against Racial Discrimination v. Regents of the University of California et al., No. 8:25-cv-00192 (C.D. Cal 2025): On February 3, 2025, Students Against Racial Discrimination sued the Regents of the University of California, alleging that UC schools discriminate against Asian American and white applicants by using “racial preferences” in admissions in violation of Title VI and the Fourteenth Amendment of the U.S. Constitution. The plaintiff alleged it has student members who are ready and able to apply to UC schools but are “unable to compete on an equal basis” because of their race. On August 14, 2025, the defendants moved to dismiss the complaint. The defendants argued that the plaintiffs lacked standing and that the complaint makes, at most, indiscriminate “barebones allegations” as to “every undergraduate, law, and medical school across all UC campuses.” The defendants also argued that the chancellor of each UC campus is entitled to sovereign immunity under the Eleventh Amendment. On September 26, 2025, the plaintiffs filed their opposition to the defendants’ motion to dismiss. The plaintiffs asserted that they adequately alleged standing because their members are part of a genuine membership organization and are “able and ready to apply” for admission to the University of California, but “will encounter racial discrimination if they do so.” They further argued that the amended complaint “alleges all that is needed to state a claim” because it includes allegations that “each of the University of California’s undergraduate colleges, law schools, and medical schools discriminates in favor of blacks and Hispanics and against Asian-Americans and whites when admitting students.” The court held a conference on October 28, 2025, in which it took the motion to dismiss under submission and set a bench trial for October 2027.
- Latest update: On October 28, 2025, the plaintiff voluntarily withdrew all claims “related to defendants’ medical-school admissions policies” without prejudice. The plaintiff also voluntarily dismissed its claims against defendant Sam Hawgood, Chancellor of the University of California at San Francisco, on the grounds that the school “has neither a law school nor an undergraduate college.” The plaintiff continues to challenge the remaining defendants’ undergraduate and law school admissions practices.
Bridge, et al v. Oklahoma State Department of Education, No. 5:22-cv-00787, 24-6072 (10th Cir. 2025): Plaintiffs, three transgender students, filed a lawsuit on September 6, 2022 against a number of state and local agencies and Oklahoma government officials challenging Oklahoma SB 615, a school facilities law requiring all Pre-K through 12th grade public and public charter schools in the state to designate multiple occupancy restrooms at school for exclusive use of either male of female sex, as designated on the individual’s original birth certificate. The law also requires school district boards to adopt disciplinary policies for those that do not comply with the bathroom designations. It further exposes non-compliant schools to lawsuits by parents and requires the Oklahoma School Board to identify non-complaint schools and reduce their state funding. The district court dismissed Plaintiffs’ complaint. On April 19, 2024, Plaintiffs appealed to the 10th Circuit.
- Latest update: On November 20, 2025, a three-judge panel heard the parties’ arguments on appeal in the 10th Circuit. The arguments focused on whether recent U.S. Supreme Court cases, especially S. v. Skrmetti and Trump v. Orr, necessitated the conclusion that the challenged statute was lawful. In Skrmetti, the Supreme Court upheld a ban on gender-affirming care for minors in Tennessee, and in Orr, the Supreme Court granted an emergency application that permitted the U.S. Department of State to stop issuing passports that reflect a gender identity that differs from an individual’s sex at birth. The appellants argued that neither case is applicable, because Skrmetti addressed a law that turned on age, not sex or transgender status; and because Orr “was an emergency posture on an undeveloped record.”

5. Board of Director or Stockholder Actions:

State Board of Administration of Florida v. Target, No. 2:25-cv-00135 (M.D. Fla. 2025): On February 20, 2025 the State Board of Administration of Florida sued Target and certain Target officers on behalf of a class of Target stockholders, claiming the Target board of directors represented that it monitored social and political risk, when instead it allegedly focused only on risks associated with not achieving ESG and DEI goals. The plaintiff alleges that Target’s statements violated Sections 10(b),14(a), and 20(a) of the Securities Exchange Act of 1934 and that Target’s May 2023 Pride Month campaign triggered customer backlash and a boycott that depressed Target’s stock price. This suit relates to, and arises out of the same operative facts as, Craig v. Target Corp., No. 2:23-cv-00599-JLB-KCD (M.D. Fla. 2023). On July 24, 2025, the court consolidated the two cases.
- Latest update: On August 1, 2025 the defendants filed an omnibus motion to transfer the consolidated cases to the District of Minnesota. Among other points, the defendants argued that Minnesota is a more convenient forum for key non-party witnesses, the conduct at issue occurred in Minnesota, and Minnesota has a greater interest than Florida in deciding the cases. The plaintiffs filed a response, arguing that the defendants’ motion to transfer was wrong on the merits, untimely, and that the defendants’ motion should be denied because a motion to transfer had already been denied in Craig v. Target Corp. prior to consolidation. On September 9, 2025 the defendants reiterated their arguments in a reply and requested oral argument on the issue.

Legislative Updates:

California Senate Bill 253: On October 6, 2025, California Governor Gavin Newsom (D) signed Senate Bill 253 into law, amending the State Bar Act. Under existing law, the State Bar of California can offer discounts and benefits to active and inactive attorneys through insurance and noninsurance affinity programs. The State Bar Act regulates the distribution of revenue from these programs with a certain amount reserved for the California Lawyers Association or an affiliated 501(c)(3) organization to support their respective DEI, access to justice, and civic engagement efforts. Under Senate Bill 253, the California Lawyers Association or the affiliated 501(c)(3) organization must now submit an annual report to the California Legislature detailing its use of these funds and a statement of compliance with the State Bar Act’s prohibition on creating, operating, or soliciting members for affinity or royalty programs involving similar insurance or noninsurance products or services.

North Carolina House Bill 171 & Senate Bill 558: On July 3, 2025, North Carolina Governor Josh Stein (D) vetoed two bills aimed at eliminating and prohibiting DEI in state and local agencies and public higher education. House Bill 171 would eliminate DEI initiatives in state and local government and prohibit the use of any state or public funds to “promote, fund, implement, or maintain” DEI initiatives or programs. The bill would also subject any offending government officer or employee to civil penalties as well as potential removal from office or employment. Senate Bill 558 would prohibit public institutions of higher education from promoting or endorsing “divisive concepts” or requiring completion of courses related to “divisive concepts.” The bill employs a list of nonexclusive factors to define “divisive concepts,” including, but not limited to, the following concepts: “[a]n individual, solely by virtue of his or her race or sex, is inherently racist, sexist, or oppressive”; “[a]n individual, solely by virtue of his or her race or sex, bears responsibility for actions committed in the past by other members of the same race or sex”; “[t]he United States was created by members of a particular race or sex for the purpose of oppressing members of another race or sex”; and “[a] meritocracy is inherently racist or sexist.” On July 29, 2025, the North Carolina Senate overrode Governor Stein’s veto of Senate Bill 558. The North Carolina House of Representatives is scheduled to resume efforts to override both vetoes on December 15, 2025.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Zakiyyah Salim-Williams, Cynthia Chen McTernan, Anna McKenzie, Cate McCaffrey, Sameera Ripley, Anna Ziv, Emma Eisendrath, Benjamin Saul, Simon Moskovitz, Teddy Okechukwu, Beshoy Shokrolla, Angelle Henderson, Lauren Meyer, Kameron Mitchell, Taylor Bernstein, Jerry Blevins, Chelsea Clayton, Sonia Ghura, Samarah Jackson, Elvyz Morales, Allonna Nordhavn, and Felicia Reyes.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and authors:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, ksmith@gibsondunn.com)

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, mdenerstein@gibsondunn.com)

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, zswilliams@gibsondunn.com)

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, msenger@gibsondunn.com)