Gina Spinosa, Author at Gibson Dunn

A Gibson Dunn deal has been named Sustainability-Linked Loan of the Year – Other by Environmental Finance at its Sustainable Debt Awards 2025.

The award recognizes a $50 million sustainability-linked loan facility provided by the International Finance Corporation to support BTG Pactual Timberland Investment Group’s Latin American reforestation strategy, particularly in the Cerrado biome in Brazil, one of the most biodiverse, seasonally dry ecosystems in the world. Gibson Dunn advised BTG Pactual Timberland Investment Group on this innovative financing.

Our finance team was led by partner Darius Mehraban and included of counsel Christopher Milla and associate Axel Sarkissian. Partner Kira Idoko and associate Philip Stachnik advised on fund matters in connection with the financing and partner Matthew Donnelly and associate Kevin Chapman advised on tax aspects.

Gibson Dunn was named UAE Corporate/M&A Law Firm of the Year at the recent Chambers Middle East Awards 2025 in Dubai. Our team was acknowledged by Chambers as the “go-to adviser for prominent investment firms and sovereign wealth funds,” acting for “international and local heavyweights in the most sophisticated and high-value matters.”

Marwan Elaraby, Partner in Charge of our Dubai office, said, “The firm has significantly expanded in the region over the last two years, so to be recognized with such a prestigious award within this time is a significant achievement and indicative of our high-caliber team.”

“This award highlights the strong impact our corporate/M&A team has made in the regional legal market over the past year. We’ve been fortunate to play a key role in some of the UAE’s most high-profile transactions, and we’re proud to continue partnering with our clients on their most strategic and important projects,” added Renad Younes, Partner in Charge of the firm’s Abu Dhabi office.

Partner Stephen Glover (Washington, D.C.) spoke extensively with Financier Worldwide Magazine about the challenges and opportunities presented by joint venture governance, including the link to performance. “There is a very strong correlation between JV governance and JV performance,” Stephen told the magazine. “Governance systems should be designed to ensure that the partners have a voice in the decisions that they view as most important, that they are incentivised to resolve disputes, and that JV management has sufficient flexibility to respond to changing business conditions.”

Read the full interview.

Elizabeth Penava is the author of “AI Art Is in Legal Greyscale” [PDF] published by The Regulatory Review.

Reprinted with permission from The Regulatory Review. Originally published on January 24, 2023

In 2015, partners Theane Evangelis and Michele Maryott began their successful representation of Grubhub in a case where the plaintiff alleged that he was misclassified as an independent contractor instead of an employee, which would have entitled him to minimum wage and benefits. In 2018, a California federal court ruled in Grubhub’s favor, for which Theane and Michele were named Litigation Daily’s Litigators of the Week.

An article in The AmLaw Litigation Daily [PDF] marking the tenth anniversary of this bellwether case, examines how the “critical precedent” it set has forged a roadmap for litigating the status of app-based gig workers in the U.S. and launched a decade of gig economy litigation in California and beyond.

A Gibson Dunn team has earned runner-up honors from Litigation Daily’s Litigator of the Week for its significant victory for free speech and the free press on behalf of non-profit online newsroom Mississippi Today.

Our team secured the dismissal of a defamation lawsuit brought by former Mississippi Governor Phil Bryant, who alleged that Mississippi Today had defamed him through comments made by its personnel regarding the outlet’s Pulitzer Prize-winning reporting about Bryant’s alleged role in a welfare scandal. The Mississippi Circuit Court stated that Bryant had failed to plead any legally viable claims. (The case is Bryant, et al. v. Deep South Today d/b/a Mississippi Today, et al.)

Our winning team included partners Ted Boutrous, Lee Crain, and Katie Townsend and associates Chase Weidner, Justine Drohan, Iason Togias, and Peter Jacobs.

Gibson Dunn is pleased to announce the launch of Biotech Briefings, a new blog offering timely analysis and commentary on the legal, business, and regulatory issues shaping the life sciences industry. The blog is designed to provide insights for companies, investors, and other industry stakeholders navigating key developments in biopharma, medical devices, diagnostics, and beyond. It will feature expert commentary from leading Gibson Dunn attorneys, on topics including FDA guidance, IP developments, SEC updates, M&A and capital markets trends and activity, royalty finance, collaborations/licensing, litigation and international trade.

“Life sciences businesses operate in a rapidly evolving legal and regulatory landscape, and Biotech Briefings will provide them with actionable insights to help navigate critical issues,” said Ryan A. Murr, Co-Chair of Gibson Dunn’s Life Sciences Group. “From FDA and SEC developments to M&A and financing trends, our goal is to keep clients informed on the most pressing topics shaping the industry.”

In conjunction with the launch of Biotech Briefings, the firm has also introduced the Gibson Dunn Royalty Finance Tracker, a comprehensive database of publicly announced royalty finance transactions among the most active funds in the Life Sciences industry since January 1, 2020. The tracker will serve as a centralized resource, providing a reference point for both current and historical royalty financing trends.

Royalty finance has become an increasingly important tool for biotech companies, universities, and investors, and Gibson Dunn’s Royalty Finance Tracker will provide a one-stop resource for tracking key transactions in the life sciences sector.

About Gibson Dunn’s Life Sciences Group

Gibson Dunn’s Life Sciences Group advises innovative biotechnology, pharmaceutical, medical device and diagnostic companies on a wide range of legal, regulatory, and strategic issues. The firm’s lawyers, many with advanced scientific degrees and hands-on experience in the life sciences industry and regulatory agencies, provide tailored legal guidance throughout the entire life cycle of life sciences companies, from early-stage startups to mature enterprises.

Gibson Dunn partners Brian Ascher, Theodore Boutrous, Sarah Graham, Kevin Masuda, Benyamin Ross, Ilissa Samplin, Orin Snyder, and Steve Tsoneff have been recognized in Variety’s Legal Impact Report 2025 as being among Hollywood’s top entertainment lawyers — lawyers who, while “dealing with progressively more jarring cycles of disruption,” still “keep working on behalf of their clients.”

The Variety report describes some of the deals our entertainment lawyers are involved in, the clients they are representing, the disputes they’re helping to resolve, and the impact they’re having across the industry.

Gibson Dunn is ranked in 26 league tables in Mergermarket’s first quarter 2025 rankings of leading M&A legal advisors. Our ranking highlights include moving into 6th position for global legal advisor rankings by value and into 3rd position in Europe rankings by value.

Our firm also made impressive gains in rankings of private equity legal advisors, taking the number 10 position globally and the number 7 position among U.S. advisors.

World’s Broadest AI Law Pushes Legal Teams on Managing Risk
Bloomberg Law
By Isabel Gottlieb
April 8, 2025

The world’s most comprehensive AI regulation went into effect earlier this year in the European Union, affecting corporations in the US and around the world that are using or selling artificial intelligence systems in the EU.

The AI Act aims to protect consumers from the technology’s harms by focusing on risk to individuals. Higher-risk uses face more reporting obligations, and require companies to build more safety measures, than lower-risk applications.

For example, using AI to determine whether someone should get a job or a home loan falls into the “high-risk” category, while using AI to generate ideas or images may be considered lower-risk.

The law applies in stages: In February, the EU began banning AI deemed unacceptably risky, like emotion recognition in the workplace. A requirement that companies train their staffs for AI literacy also took effect. Next up in August are rules for general-purpose AI systems. The obligations surrounding high-risk uses will come in 2026.

Multinationals with mature data governance structures in place—across industries including financial services, not just big tech—are treating the law as a global standard that helps them manage AI risk, said Matthew Worsfold, a partner at Ashurst Risk Advisory.

At the other end of the spectrum, Worsfold said, some companies will plan closer to August 2026, when most of the obligations come into effect. Another group is, “very much getting stuck into a lot of the nuance and the practicalities,” as they try to figure out how the law applies to their specific uses, he said.

Companies should review what they’re doing with AI, who their business partners are and where the data in their AI comes from, then turn to the act itself, said Jean-Marc Leclerc, head of EU policy at IBM.

“First step, ignore the AI Act. Look at what you’re doing yourself,” Leclerc said.

“It’s all based on a certain level of risk,” he added. “You will not be able to assess that level of risk if you don’t know your AI yourself.”

Who’s in scope?

The act sets different obligations around high-risk AI uses for what the EU deems “providers”—including not just model developers but also companies that “substantially modify” AI products—and “deployers,” those using AI systems.

A provider might be the big tech company that built the AI, or the company that used underlying AI built by someone else to create an AI-based tool. The company that buys the tool may be the deployer, but can become the provider through actions like re-branding with its own name.

A company’s preparation for compliance will depend on where in the value chain it sits, said Ashley Casovan, managing director of the AI Governance Center at the International Association for Privacy Professionals.

Some companies are setting up their AI governance programs, “because they recognize that they’re operating or going to be introducing systems that could introduce risk to them,” and are looking to mitigate risk through their own governance programs or through their contracts with service or product providers, she said.

What’s required?

Starting Aug. 2, general-purpose AI providers must report details about their models’ training data, and confirm they’re putting appropriate safety guardrails in place.

Many of the law’s provisions come into effect a year later—including obligations surrounding high-risk uses.

High-risk use cases already covered under existing EU product liability legislation are addressed by rules coming into effect in 2027.

How will it be enforced?

The EU AI Act carries steep fines for noncompliance—as high as 7% of a company’s global annual revenue for violating the prohibitions, and 3% for violating certain rules around high-risk AI.

Questions around the law’s enforcement are creating uncertainty for companies, said Keith Enright, a partner at Gibson Dunn and former chief privacy officer at Google. The law lets each EU country decide who will enforce the law. Some have given the job to existing privacy authorities, others are creating enforcement bodies.

“It’s an untested law,” Enright said. “It proposes new regulators that companies don’t yet have a sense of their enforcement priorities, they don’t yet have relationships.”

EU officials also have recently talked about softening tech regulation to allow more innovation. And geopolitical tensions are rising, fueled by the Trump administration threatening retaliation on countries that fine US tech players.

Of the tension between innovation and regulation, Enright said, “There is so much political friction between those two forces right now, it’s difficult to predict exactly how it’s going to play out.”

How are companies preparing?

In-house legal departments generally know which of their use cases will trigger provisions of the law, said Marcus Evans, a Norton Rose Fulbright partner. Guidance is continually developing, so involving outside counsel at every step could get expensive, he added. Evans said his clients are often working through most compliance questions on their own, reaching out to outside counsel for the most complicated issues.

Mike Jackson, associate general counsel in Microsoft’s Office of Responsible AI, said he calls in outside counsel in three scenarios: When he’s looking at a nuanced legal question that will take more time to analyze than his team has; when there are concerns regarding attorney-client privilege under EU law; and for benchmarking—to find out how other companies are interpreting some of the law’s requirements.

What’s next?

As the effective date of the general-purpose AI rules approach, companies are navigating uncertainty around that provision. Those rules will capture not just the tech giants creating large language models, but companies that are retraining or fine-tuning those models on their own data to a degree. But it’s unclear exactly what amount of training crosses the line.

The EU has said it will issue more guidance.

Microsoft encourages customers to engage with EU regulators on how they could be affected, said Amanda Craig Deckard, who leads the public policy team at the company’s Office of Responsible AI.

Reproduced with permission. April 8, 2025, Bloomberg Industry Group 800-372-1033 https://www.bloombergindustry.com

Europe’s Landmark Privacy Law Gives Companies a Playbook for AI
Bloomberg Law
By Cassandre Coyer
April 7, 2025

As EU AI Act provisions come into force, many corporate legal teams have chosen to lean into compliance regimes already tested by another EU law: the General Data Protection Regulation.

The two measures share a common core—including risk assessments, a focus on fundamental rights, and data governance—that has allowed many companies to prepare for the world’s first comprehensive AI regulation without having to overhaul their existing processes or deploy significant additional resources.

“The competencies and capabilities that companies developed to demonstrate compliance with the GDPR gave them many of the tools that they needed to demonstrate compliance with new and incremental legal obligations,” said Keith Enright, co-chair of Gibson Dunn’s AI practice group and Google‘s former chief privacy officer.

“This will be true of the AI Act over time as well,” he added.

But while GDPR lessons can avoid duplicative work, they won’t get companies to the finish line. The AI law’s scope is much broader and requires companies to be more agile as technology evolves.

A sprawling supply-chain of developers, providers, and users, and questions about where responsibilities will fall, also presents new and complex challenges.

“Managing the third-party topic with GDPR was probably a challenge in itself,” said Francesco Marzoni, global chief data and analytics officer at Ikea Retail (Ingka Group). “Now it’s even bigger because, again, it’s not just a one-off effort—AI models evolve.”

By-Design Approach

The EU’s 2018 privacy regulation stressed a key principle that has since informed data protection laws and approaches in the US: privacy by design. That principle requires teams to implement data protections at the creation of a new product or technology, instead of after the fact.

The EU AI Act also requires principles of data minimization and protection to be implemented “by design and by default” when personal data is processed by an AI system. Even when a system doesn’t ingest or give out personal details, the act pushes for responsible AI practices from the onset of a product’s lifecycle.

“The AI Act says, yes, it’s product safety, but it’s also fundamental rights,” said Jean-Marc Leclerc, director of EU affairs at IBM.

“And it doesn’t matter if it’s personal data, non-personal data. The requirements of data governance apply to any data.”

The European Commission intended for the two laws to complement each other, he added.

Companies have tapped teams responsible for GDPR compliance to apply those earlier lessons to AI regulation.

“It makes sense, because there’s a lot of common ground,” said Jean-Rémi de Maistre, co-founder and CEO of AI-powered legal search platform Jus Mundi, noting that these teams include AI, privacy, and cybersecurity capabilities. This approach allowed his organization to get ready early on without feeling like it was costing them much more.

Jus Mundi, alongside Ikea and IBM, were among other early signatories to the EU AI Pact, a pledge by nearly 200 businesses to start applying the principles ahead of the AI law taking effect.

The cross-functionality approach to GDPR compliance will be key under the AI law to avoid duplicative efforts.

“I personally don’t believe in divide and conquer,” said Alesya Nasimova, global head of privacy and data protection officer at Brex. Nasimova said her insights don’t represent the views of her employers.

“Let’s say you have a data privacy impact assessment for GDPR, and then you need a conformity test for the EU AI Act. You figure out where those overlaps are and create something that’s conjoined, instead of having two different assessments,” she added.

The Right Benchmark?

Still, some companies that do fall under the AI law’s scope—such as startups with cutting-edge use cases or those that don’t handle personal data—haven’t yet had to comply with GDPR requirements. Determining their approach to AI governance may prove more challenging.

“You’d have to start from scratch for GDPR to even meet the requirements of the EU AI Act,” Nasimova said. “So it becomes kind of a double-whammy for a lot of organizations.”

Though GDPR serves as a helpful stepping stone, it might not be the perfect benchmark for some of the new challenges posed by the AI law, governance professionals warn. The technology-agnostic aspect of GDPR, for instance, is distinct from the AI law’s granular breakdown of AI systems and use cases.

“Use cases really matter in AI, and I’m not sure that appreciation existed with previous technologies and previous regulatory regimes,” said Jace Johnson, vice president of global public policy and ethical innovation at Adobe Inc.

Assessing an AI model’s robustness as the technology evolves will require spreading responsibilities across an organization instead of relying on one centralized team.

“You need an internal regime that can sit down and review quickly without impeding innovation,” Johnson said. “What are the risks at play here? Are they different? Are they similar?”

A lack of clarity about who among different AI stakeholders will be liable for harmful systems also requires legal teams to adapt their processes and tackle procurement contracts more creatively.

The lines distinguishing responsibilities for providers (who make AI systems or models) and deployers (who use already-built AI systems) can be blurry. Companies that buy AI systems but end up substantially modifying them, for example, could find themselves wearing different hats.

That’s when the comparison with GDPR isn’t always pertinent, IBM’s Leclerc said, since “there are so many more actors in the AI chain.”

As with GDPR, each of the EU’s 27 member states will be responsible for enforcement. The European Commission also created a new AI office to supervise the member states’ application of the law.

“There’s a before and after GDPR, not just in Europe, but globally. It had such an impact,” Leclerc said. “Companies that want to sell an AI, deploy an AI system in the EU, GDPR is a bit of a warning—it sets a precedent.”

Reproduced with permission. April 7, 2025, Bloomberg Industry Group 800-372-1033 https://www.bloombergindustry.com

Gibson Dunn advised Andros Capital Partners LLC on the closing of the third investment fund of Andros Energy Capital III LP (Fund III) at its $1 billion hard cap. Fund III is the latest Andros flagship fund focused on private equity investments, credit opportunities, and direct asset-level investments across the energy value chain.

Founded in 2020, Andros Capital Partners is a private investment firm based in Houston, Texas, with over $2 billion in cumulative equity commitments.

Our team was led by partners Michael Piazza and James Hays and included associates Chris Atmar, Ali Speiss, and Michael Holmes.

Gibson Dunn partners Benyamin Ross, Ilissa Samplin, and Orin Snyder are among The Hollywood Reporter’s Power Lawyers 2025: Hollywood’s top 100 attorneys. This is Orin’s eighth consecutive Power Lawyers recognition.

The publication’s “20th annual list of the entertainment industry’s most powerful” dealmakers and litigators features “100 standouts [who] negotiate the pacts and fight the battles that keep the cameras rolling.”

Gibson Dunn has secured the dismissal of a defamation lawsuit against our client, Mississippi Today, an online media outlet. The lawsuit, brought by former Mississippi Governor Phil Bryant, alleged that Mississippi Today defamed Bryant through comments made by its personnel regarding the outlet’s award-winning reporting about Bryant’s alleged role in a welfare scandal. The Court agreed with the motion to dismiss, stating that Bryant had failed to plead any legally viable claims.

“Mississippi Today’s Pulitzer Prize-winning reporting on the former Governor’s role in the State’s recent welfare scandal is exactly the type of reporting the First Amendment was intended to protect, and it exemplifies why the Mississippi Constitution calls the right to a free press ‘sacred.’ The Court’s decision honors those constitutional rights and ends Governor Bryant’s unconstitutional crusade against Mississippi’s free press,” said New York partner Lee Crain.

The Gibson Dunn team included partners Theodore J. Boutrous Jr. (Los Angeles), Lee R. Crain (New York), and Katie Townsend (Los Angeles) and New York associates Chase Weidner, Iason Togias, and Peter Jacobs.

Judge Mills’ order dismissing the case: https://www.documentcloud.org/documents/25879902-mills-judgment-4-4-25/#document/p1

Mississippi Today’s brief in support of motion to dismiss: https://www.documentcloud.org/documents/25879903-mississippi-today-brief-in-support-of-motion-to-dismiss/