Richard Manfredi, Author at Gibson Dunn

On November 21, 2022, Governor Hochul signed into law Bill A8092B, which amends the New York Labor Law (“NYLL”) to provide a new potential claim for employees who are retaliated against for taking lawful absences from work. The amendments also expressly prohibit employers from using “no-fault” attendance policies that penalize employees for taking protected absences. The new provisions of NYLL will be effective on February 20, 2023.

New Anti-Retaliation Provisions

When effective, the NYLL will prohibit employers from discharging, threatening, penalizing, discriminating or retaliating against an employee “because such employee has used any legally protected absence pursuant to federal, local, or state law.” Legally protected absences include absences taken pursuant to federal and state leave laws, such as the Family and Medical Leave Act (“FMLA”), the New York State and City Paid Sick Leave Laws, and the New York State Paid Family Leave Law.

The amendments will also restrict New York employers from maintaining “no-fault” attendance policies whereby an employer assigns “points” to employees for certain absences and imposes disciplinary action against employees who reach a certain number of points. The amended law expressly prohibits employers from imposing “any demerit, occurrence, any other point, or deductions from an allotted bank of time, which subjects or could subject an employee to disciplinary action, which may include but not be limited to failure to receive a promotion or loss of pay” when an employee takes a protected leave. This effectively prohibits no-fault attendance policies in New York to the extent that a policy penalizes employees for absences covered by an applicable leave law.

Legal Landscape

Employers are already prohibited from penalizing employees for taking protected leave under many statutes that are covered by these amendments to the NYLL. For example, the U.S. Department of Labor and some courts have interpreted the FMLA to prohibit employers from assessing points under no-fault attendance policies for FMLA-protected leave. See Woods v. START Treatment & Recovery Centers, Inc., 864 F.3d 158 (2d Cir. 2017). Moreover, the New York City Sick Leave Law specifically prohibits the “maintenance or application of an absence control policy that counts safe and sick leave as an absence that may lead to or result in an adverse action.”

New York legislators have nevertheless expressed concern that these existing protections are not sufficient to curb employers’ use of no-fault attendance policies in a manner that penalizes employees for taking protected leave. This law therefore aims to “make clear” that the practice of assessing points for any leave taken pursuant to applicable law is not permitted.

In addition to reinforcing existing law, these amendments allow employees to pursue claims against employers for retaliation for taking leave under any applicable leave law. For example, whereas the New York Paid Family Leave Law and the New York City Sick Leave Law only allow for administrative enforcement, the NYLL contains a private cause of action that allows employees to seek back pay, front pay, reinstatement, and/or liquidated damages when employees experience retaliation related to protected leaves.

The amendments will also permit the State to impose higher fines for violations of the anti-retaliation provisions of leave laws. For example, employers that violate the New York City Sick Leave Law may be fined up to $2,500 for each violation. Under the amended NYLL, the State Department of Labor is authorized to impose fines of up to $10,000 for initial violations (and up to $20,000 for subsequent violations) of the same anti-retaliation prohibitions.

Key Takeaways for Employers

In light of the impending amendments, New York employers should review their policies – and revise them if necessary – to ensure they do not penalize employees for taking protected leave. Companies that currently utilize no-fault policies might also wish to train managers and HR personnel to ensure compliance with this new law.

The following Gibson Dunn attorneys assisted in preparing this client update: Harris Mufson, Alex Downie, and Mimra Aslaoui.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following:

Zainab N. Ahmad – New York (+1 212-351-2609, zahmad@gibsondunn.com)

Mylan Denerstein – New York (+1 212-351-3850, mdenerstein@gibsondunn.com)

Gabrielle Levin – New York (+1 212-351-3901, glevin@gibsondunn.com)

Danielle J. Moss – New York (+1 212-351-6338, dmoss@gibsondunn.com)

Harris M. Mufson – New York (+1 212-351-3805, hmufson@gibsondunn.com)

Jason C. Schwartz – Co-Chair, Labor & Employment Group, Washington, D.C.
(+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Co-Chair, Labor & Employment Group, Los Angeles
(+1 213-229-7107, ksmith@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Senator Kyrsten Sinema (I-AZ) announced on December 9, 2022, that she would change her party registration from the Democratic Party to Independent. In an interview with CNN’s Jake Tapper, she explained: “I know some people might be a little bit surprised by this, but actually, I think it makes a lot of sense.” Elaborating in an op-ed in the Arizona Republic, Senator Sinema declared that she “never fit in perfectly with either national party,” and pledged to “to continue doing exactly what I promised—to be an independent voice for Arizona.”

As a result of the party switch, the question arises whether Senate Democrats will have 51 seats in the Senate (technically 48 Democrats and three Independents who caucus with the Democrats) as expected after the Georgia runoff. The answer is Senator Sinema’s switch does not necessarily change the Senate’s voting math. As detailed below, we explain what may have motivated Senator Sinema to identify as an Independent and how her switch impacts the Senate’s business going forward. In short, Senator Sinema’s switch likely won’t impact the Democrats’ narrow control of the Senate.

Background on Senator Sinema’s Party Switch

Senator Sinema’s party switch—timed to be announced after Senator Raphael Warnock’s (D-GA) runoff victory in Georgia—likely has to do with the changing politics in Arizona and Senator Sinema’s attempt to secure her own re-election in 2024. It may be an attempt to thread the needle of maintaining political support from Senate Democrats’ campaign resources while heading off a party primary challenge from the progressive left.

Democratic Primary:

Senator Sinema’s decision likely turned on concerns about a strong primary challenger from within the Democratic Party, bolstered by concerns that her recent votes have motivated the party’s campaign arm to throw its support behind a challenger. Recent polling suggests that Senator Sinema’s next primary race may be a close one, as her numbers have steadily declined with Democrats in her home state. No candidates have formally announced challenges to Senator Sinema, but Phoenix-area Representative Ruben Gallego (D-AZ) has been publicly forecasting a primary run for some time.

By leaving the Democratic Party, Senator Sinema avoids a primary challenge and possibly puts herself in a three-way general election in November 2024. The assumption may be that positioning herself as an “Independent,” rather than a Democrat, may allow her to fare better with Republican and Democratic voters in a general election and force Democrats to support her campaign. But it also runs the risk that a three-way race may lead to a Republican being elected senator from Arizona in 2024. Indeed, by abandoning the Democratic Party, a question arises whether Senator Sinema will further alienate the voters that used to be her base. And the National Democratic Party will have a decision to make on whether to support a “Democrat” in the 2024 Arizona Senate election or to back Senator Sinema. But backing Senator Sinema could upset the Democratic base who may or may not turn out to support an “Independent” and cost Democrats a U.S. Senate seat in Arizona.

Arizona:

Demographic changes and shifting ideological blocs have redrawn the map of Democratic focus—and no state perhaps better exemplifies that shift than Arizona. The state has become a critical focus for Democrats in recent years. Arizona is the most recent Sun Belt state to morph from a solidly red state to a critical purple pickup for Democrats—beginning with Senator Sinema’s own narrow defeat of then-sitting Senator Martha McSally in 2018. That victory marked Democrats’ first win of an open Arizona Senate seat since 1976, and signaled to national party leadership, per the New York Times, “a remarkable shift in Arizona’s political landscape,” after the state had been a “Republican bastion for decades.”[1]

Democrats’ strategic reorientation towards Arizona has already paid dividends. This midterm cycle, Democrats invested major talent and resources to successfully protect an endangered Senate seat, as Senator Mark Kelly (D-AZ) kept the seat he won in 2020’s special election, and even more remarkably for the once solidly-red state, picked up a governorship with the election of Secretary of State Katie Hobbs (D-AZ), with whom Senator Sinema has maintained a close relationship for years.

Senator Sinema no doubt understands these changes and the need to appeal to Independents and moderate Republicans in her state. Indeed, more than a third of Arizona’s voters identify as “other” and Republicans outnumber Democrats by more than 166,000.

Party Resources:

Senator Sinema’s move will have major consequences for continued party investments in Arizona, especially in her upcoming reelection bid. Party leadership could choose to 1) continue to back Senator Sinema, as they do with Maine’s Independent Senator Angus King, 2) sit back and watch or 3) actively support a Democratic challenger. Now that she’s formally renounced her party membership, at least nominally, the Democratic Senatorial Campaign Committee (DSCC), Senate Majority PAC, and other party campaign instruments may not support her in 2024, or choose to invest resources in a party challenger instead. However, the fact that Senate Democratic leadership is not seeking to punish Senator Sinema for her switch may suggest that—at least as of now—the DSCC is likely to back her again in 2024.

Independents have traditionally faced an uphill battle in national politics—from fundraising to organizing to marshalling the support of elected officials—that Senator Sinema herself is likely familiar with (the now-U.S. Senator ran for the Arizona House of Representatives as an Independent and lost). While Senator Sinema is known as a strong fundraiser, the DSCC standing back would mean “she would lack party resources—like a ground game—that are critical for voter turnout, particularly in a sprawling state like Arizona.”

As described above, by positioning herself as an Independent, Senator Sinema is betting that the Democratic Party will eventually support her, but if she loses that bet and the Party supports a “Democrat” and not her, she runs the risk of allowing a Republican to win the Senate race.

Personal Brand:

Senator Sinema actively practices bipartisanship, from friendships with Republican senators to playing a key role in advancing bipartisan legislation to President Biden’s desk this Congress. Her commitment to bipartisanship may also have motivated her party switch decision. In her op-ed explaining her decision, Senator Sinema wrote, “[i]n catering to the fringes, neither party has demonstrated much tolerance for diversity of thought. Bipartisan compromise is seen as a rarely acceptable last resort, rather than the best way to achieve lasting progress.”

These words are consistent with Senator Sinema’s past positions since she ran for the U.S. Senate. From her first election to the Senate, she has sworn to “be an independent voice for all Arizonans.” In her announcement interview with Tapper, she reiterated: “I’ve never fit neatly into any party box. Removing myself from the partisan structure—not only is it true to who I am and how I operate, I also think it’ll provide a place of belonging for many folks across the state and the country, who also are tired of the partisanship.”

Even before running for the Senate, Senator Sinema has done things her own way, from the beginnings of her career as a Green Party activist to more recent moves sending Democrats in the Senate back to the drawing board to gain her support for key legislation. Once a staffer on Ralph Nader’s 2000 presidential campaign, Senator Sinema has become progressively more moderate as she climbed from a 2004 win in the Arizona House of Representatives to a 2010 Arizona Senate seat, then a 2012 U.S. House of Representatives win. Senator Sinema won each of those races as a Democrat.

What This Means for the Senate

To understand the potential importance of Senator Sinema’s switch to being an Independent on the U.S. Senate, one must first understand how the change from a 50-50 Senate to a 51-49 Senate would change the overall dynamics of the institution. The Georgia U.S. Senate runoff led to a 51-49 U.S. Senate, which was supposed to change the chamber and firm up Democratic control in several ways:

Establish a real majority in committees. Democrats have chaired Senate committees the past two years, but there was equal representation on committees, which increased the chances of a tie vote that required time-consuming “discharge” votes on the Senate floor. It also meant that Democratic committee chairs could not issue subpoenas without Republican support. As a result, subpoenas were not used by Senate committees in the 117th Congress. With a 51-49 Senate, Democrats would have one more member than Republicans on all committees, ensuring legislation and nominees would advance if all Democratic caucus members stick together. Democrats would now also have a larger budget and bigger staffs.
Advancing judicial and executive nominations. For the last two years, with a 50-50 Senate, Republicans were able to slow down the nominations process since the committees had equal representation. If a tie vote occurred in committee, the full Senate must first vote to bring the nomination to the Senate floor and then vote on the nomination itself. Now, with a 51-49 Senate, a Democratic-controlled Senate may be able to more quickly advance nominations through the confirmation process and have more cushion to deal with absences at full Senate confirmation votes on nominees.
Manchin and Sinema influence. With Democrats having a 51 seat majority in the U.S. Senate, one theory is that Senators Joe Manchin (D-WV) and Sinema would have less influence over the legislative process. While 60 votes are usually required to advance most legislation in the Senate, certain items can pass on a simple majority vote using the budget reconciliation process or for nominations. But that forced Democrats to have no room for defections (or absences) and Senators Manchin and Sinema were at times difficult to win over. But with a 51 seat majority, it is more likely that Democrats can pass legislation or nominations without the support of either Manchin or Sinema if all other Democratic Senators are onboard.
Less reliance on the Vice President to break ties. A 50-50 Senate has been a weight on Vice President Kamala Harris, who has had to limit her travel in order to be available for tiebreaking votes in the Senate. In fact, Vice President Harris has broken 26 ties in the last two years, the most by a Vice President in nearly 200 years. But a 51-49 Senate, after the Georgia runoff, was supposed to lessen the burden on the Vice President who the Senate may rely on less to break legislative ties in the Senate.

The main question in Washington after Senator Sinema’s announced party switch was how would her decision impact Democratic control over the U.S. Senate. In other words, would the Senate in fact still be a 51-49 Senate or would it go back to effectively being a 50-50 Senate, effectively denying the benefits Democrats expected after the Georgia runoff victory? While Senator Sinema’s move generated significant news coverage, it is not expected to change the balance of power in the Senate. In an interview with Politico, Senator Sinema herself said, “I don’t anticipate that anything will change about the Senate structure. I intend to show up to work, do the same work that I always do. I just intend to show up to work as an independent.”

In the words of Punchbowl News, “Sinema declared that ‘nothing will change about [her] values or behavior’ in announcing her party switch, and top Democrats seem to have accepted that.” Indeed, both the White House and Majority Leader Chuck Schumer (D-NY) have released conciliatory statements regarding the switch.

Most importantly, while Senator Sinema has declined to publicly say whether she will caucus with Senate Democrats, she has stated explicitly she would not caucus with Republicans. Senator Sinema has also indicated, and Leader Chuck Schumer (D-NY) has confirmed, that she will keep her current committee assignments. As Punchbowl put it, by keeping her committee assignments, “Sinema is effectively caucusing with the Democrats,” even if she does not describe it that way.

The other two Senate Independents, Senators Angus King (I-ME) and Bernie Sanders (I-ME), both consistently vote, caucus with, and hold committee positions with Senate Democrats. At the same time, Senator Sinema has said—unlike Senators King and Sanders—she won’t attend weekly Democratic Caucus meetings (which she rarely did anyway), and isn’t sure whether her desk will remain on the Democratic side of the Senate floor.

Senator Sinema is known for bucking her party and frequently allies with Republicans on various legislative efforts. She is currently engaged in last-minute bipartisan talks with Senator Thom Tillis (R-N) on an immigration deal that she hopes could pass in the lame duck session.

Nevertheless, a review of her voting record on the Bipartisan Safer Communities Act, the CHIPS and Science Act, the Respect for Marriage Act, and other legislation shows she is farther to the left than the Republican Party on social issues, even if she is farther to the right of Democrats on economic issues. For instance, Senator Sinema has voted with the Democratic Party 93% of the time, and has publicly stated she doesn’t expect her voting record to change after her switch to become an Independent.

Moreover, Senator Sinema has supported every one of President Biden’s judicial nominees—an unlikely position for a Senate Republican—not to mention voting to impeach then-President Donald Trump twice. Underscoring this, a top aide to Minority Leader Mitch McConnell (R-KY) sent a note to lobbyists and supporters after the party switch highlighting Senator Sinema’s liberal voting record.

With Senator Sinema keeping her committee assignments, the day-to-day operation of the Senate is not expected to change. Following Senator Warnock’s reelection in the Georgia runoff, Democrats will hold a majority in the Senate beginning on January 3, 2023, and that will not change. Likewise, even with Senator Sinema’s switch, Democrats will be a majority on Senate committees—unlike in the current Congress, in which committees are tied. This means Senate Democrats will be able to move nominations more quickly, advance party legislative priorities out of committees with greater ease, and issue subpoenas without Republican support. Moreover, the Vice President will be needed less often to break tie votes.

_______________________________

[1] Senator Sinema’s 2018 victory was particularly noteworthy in a midterm Senate cycle that saw the end of much of the caucus’s moderate wing—Senators Joe Donnelly (D-IN), Heidi Heitkamp (D-ND), and Claire McCaskill (D-MO) each lost their seats after multiple terms in the Senate.

The following Gibson Dunn attorneys assisted in preparing this client update: Michael D. Bopp, Roscoe Jones, Jr., Daniel P. Smith, Amanda Neely, Wynne Leahy, and Alex Boudreau.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work or the following lawyers in the firm’s Congressional Investigations or Public Policy practice groups:

Michael D. Bopp – Chair, Congressional Investigations Group, Washington, D.C. (+1 202-955-8256, mbopp@gibsondunn.com)

Roscoe Jones, Jr. – Co-Chair, Public Policy Group, Washington, D.C. (+1 202-887-3530, rjones@gibsondunn.com)

Amanda H. Neely – Washington, D.C. (+1 202-777-9566, aneely@gibsondunn.com)

Daniel P. Smith* – Washington, D.C. (+1 202-777-9549, dpsmith@gibsondunn.com)

*Daniel P. Smith is admitted only in Illinois; practicing under the supervision of members of the District of Columbia Bar under D.C. App. R. 49.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Please join us for this 60-minute program. The panel covers key developments to be aware of headed into the 2022 Form 10-K reporting season, including recent SEC rulemaking and comment letters, disclosure trends and other developments.

PANELISTS:

Thomas J. Kim is a partner in the Washington D.C. office of Gibson, Dunn & Crutcher, LLP, where he is a member of the firm’s Securities Regulation and Corporate Governance Practice Group. Mr. Kim focuses his practice on a broad range of SEC disclosure and regulatory matters, including capital raising and tender offer transactions and shareholder activist situations, as well as corporate governance, environmental social governance and compliance issues. He also advises clients on SEC enforcement investigations – as well as boards of directors and independent board committees on internal investigations – involving disclosure, registration, corporate governance and auditor independence issues.

Mike Titera is a partner in the Orange County office of Gibson, Dunn & Crutcher and a member of the Firm’s Securities Regulation and Corporate Governance Practice Group. His practice focuses on advising public companies regarding securities disclosure and compliance matters, financial reporting, and corporate governance. Mr. Titera often advises clients on accounting and auditing matters and the use of non-GAAP financial measures. He also has represented clients in investigations conducted by the Securities and Exchange Commission and the Financial Industry Regulatory Authority. Mr. Titera’s clients range from large-cap companies with global operations to small-cap companies in the pre-revenue phase. His clients operate in a range of sectors, including the retail, technology, pharmaceutical, hospitality, and financial services sectors.

David Korvin is a corporate associate in the Washington, D.C. office of Gibson, Dunn & Crutcher, where he currently practices in the firm’s Securities Regulation and Corporate Governance Practice Group. Mr. Korvin advises public companies and their boards with respect to corporate governance, federal securities, financial reporting and accounting, insider trading, stock exchange, shareholder engagement, ESG and executive compensation matters. Prior to joining Gibson Dunn, Mr. Korvin was an attorney at the Securities and Exchange Commission in the Division of Corporation Finance, where he handled the legal review of Securities Act and Exchange Act filings and served as a member of the Shareholder Proposal Taskforce.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hour, of which 1.0 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact CLE@gibsondunn.com to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

On December 7, 2022, President Biden signed into law the “Speak Out Act” (S.B. 4524), which prohibits the enforcement of pre-dispute non-disclosure and non-disparagement clauses in disputes relating to claims of sexual assault or sexual harassment. Among other things, the Act is intended to combat sexual harassment and assault in the workplace by ensuring that “victims and survivors have the freedom to report and publicly disclose their abuse” so that perpetrators may be held accountable and workplaces may be “safer and more productive for everyone.” S.B. 4524 § 2. The Act applies only to non-disclosure and non-disparagement clauses signed before a dispute arises, meaning that it does not prohibit such provisions in settlement or severance agreements.

In light of Congress’s findings that non-disclosure and non-disparagement provisions “can perpetuate illegal conduct by silencing those who are survivors of illegal sexual harassment and assault or illegal retaliation” and “shielding perpetrators and enabling them to continue their abuse,” the Speak Out Act makes such clauses judicially unenforceable in sexual assault or sexual harassment disputes where the conduct is alleged to have violated federal, state, or tribal law. S.B. 4524 §§ 4(a), 1(6). The Act applies to disputes alleging nonconsensual sexual acts, nonconsensual sexual contact, or sexual harassment. Id. §§ 4(a), 1(3)–(4).

A non-disclosure clause is defined as “a provision in a contract or agreement that requires the parties to the contract or agreement not to disclose or discuss conduct, the existence of a settlement involving conduct, or information covered by the terms and conditions of the contract or agreement.” S.B. 4524 § 3(1). A non-disparagement clause is defined as “provision in a contract or agreement that requires 1 or more parties to the contract or agreement not to make a negative statement about another party that relates to the contract, agreement, claim, or case.” S.B. 4524 § 3(2).

The law does not impact an employer’s right to protect trade secrets or proprietary information. S.B. 4524 § 4(d). The Act also does not impact the applicability of state laws governing pre-dispute non-disclosure and non-disparagement clauses to the extent they provide the same or greater protections than the Speak Out Act. S.B. 4524 § 4(c).

The Speak Out Act follows legislation limiting the enforcement of arbitration clauses in employment agreements for sexual assault and discrimination cases. The Ending Forced Arbitration of Sexual Assault and Sexual Harassment Act of 2021, enacted in March of 2022, prohibits the enforcement of pre-dispute agreements requiring employees to arbitrate sexual assault or harassment claims.

Notes for Employers

Does Not Prohibit Non-Disclosure and Non-Disparagement Clauses. The Act does not prohibit employers from entering into non-disclosure and non-disparagement provisions with their employees, nor does it prevent employers from enforcing such clauses in most circumstances. The Act only prevents the enforcement of non-disclosure and non-disparagement provisions in connection with disputes relating to sexual harassment and sexual assault. (Other federal and state laws and regulations, such as the Defend Trade Secrets Act and SEC Rule 21F-17, may require or provide for carve-outs from such clauses for certain protected whistleblowing activities.)
No Effect On Settlement Agreements. The Act only applies to non-disclosure and non-disparagement agreements “agreed to before the dispute arises.” S.B. 4524 § 4(a). The Act therefore does not place any limitations on non-disclosure and non-disparagement agreements reached as part of a settlement of sexual harassment and sexual assault claims. Note, however, that many states have laws, such as California’s Silenced No More Act (Cal. S.B. 331) and Section 5-336 of the New York General Obligations Law (N.Y. Gen. Oblig. § 5-336), that place limitations on the use of non-disclosure and non-disparagement provisions in settlement agreements.
Not Retroactive. The Act only applies to claims filed after its enactment, and does not affect the enforceability of non-disclosure and non-disparagement clauses in connection with disputes filed before December 7, 2022. S.B. 4524 § 5.

The following Gibson Dunn attorneys assisted in preparing this client update: Gabrielle Levin and Kelley Pettus.

Gabrielle Levin – New York (+1 212-351-3901, glevin@gibsondunn.com)

Jason C. Schwartz – Co-Chair, Labor & Employment Group, Washington, D.C.
(+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Co-Chair, Labor & Employment Group, Los Angeles
(+1 213-229-7107, ksmith@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

On December 7, 2022, the Legislative Council (“LegCo’) of the Hong Kong Special Administrative Region (“HKSAR”) passed the Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Bill 2022 (“Amended AMLO”) into law. On the same day, the LegCo’s Bills Committee also published a report (“Report”), providing clarification on certain concepts under the Amended AMLO, and explained the postponed timeline for the commencement of the licensing regime for virtual asset service providers (“VASPs”).[1]

In our previous client alert[2], we explained the proposal by the Government of the HKSAR (“Government”) to introduce a licensing regime for VASPs by amending the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) (“AMLO”). In this client alert, we explain and provide our views on the additional clarification provided on the licensing regime for VASPs, the updated timeline for the commencement of the licensing regime, and next steps.

I. Recap on the Key Proposals Under the Amended AMLO

The Amended AMLO introduces a licensing regime for VASPs, and imposes statutory anti-money laundering and counter-terrorist financing (“AML/CTF”) obligations on VASPs in Hong Kong. Some of the key takeaways are as follows:

The operation of a virtual asset (“VA”) service will become a “regulated function”, such that VASPs will, in the future, be required to apply for a licence from the Securities and Futures Commission (“SFC”), before they can operate in Hong Kong.
The licensing regime for VASPs is primarily intended to capture the operation of a VA exchange. However, the Government could expand the scope of “VA service” to cover other forms of VA activities, when the Government considers it necessary to do so in the future.
The licensing requirements to be imposed on VASPs is likely to be modelled on existing requirements for the SFC’s licensing of regulated activities under the Securities and Futures Ordinance. This includes the fitness and properness requirements, and the requirement for a licensed VASP to have at least two responsible officers.
The SFC has discretion to impose a range of licensing conditions on a VASP licensee, including conditions relating to financial resources, risk management policies and procedures, management of client assets, virtual asset listing and trading policies, prevention of market manipulation and abusive activities, avoidance of conflicts of interest, among other requirements that can be imposed by the SFC as a licence condition.
Licensed VASPs will be required to comply with existing requirements under the AMLO on customer due diligence and record-keeping requirements, which will be comparable to traditional financial institutions.
A new enforcement regime applicable to VASPs will be introduced. Under the Amended AMLO it will be a criminal offence to carry on a business of providing VA service without a VASP licence and to issue advertisements relating to an unlicensed person’s provision of VA service. It will also become a criminal offence to make fraudulent or reckless misrepresentations with the intention to induce others to invest in VAs and an offence to employ deceptive or fraudulent device, scheme or act, directly or indirectly, in a transaction involving VAs (which is likely to capture market manipulation activities).
Relevantly, the offences of making fraudulent or reckless misrepresentations or employing deceptive or fraudulent devices, schemes or acts, are not limited to transactions on licensed VASPs and as such will capture all individuals and/or firms engaging in this type of conduct with a substantial nexus to Hong Kong.
The SFC will be granted a significant range of supervisory powers over licensed VASPs. This includes the power to enter the business premise of a licensed VASPs to conduct routine inspections of business records, request production of documents and other records, and to investigate non-compliance and impose disciplinary sanctions against licensed VASPs in contravention.

II. The Applicability of the VASP Regime to Non-Fungible Tokens

Under the Amended AMLO, “VA” generally captures a cryptographically secured digital representation value that:

is expressed as a unit of account or a store of economic value;
either:
- functions (or is intended to function) as a medium of exchange accepted by the public as payment for goods or services, or for the discharge of debt, or for investment purposes; or
- provides rights, eligibility or access to vote on the management, administration or governance of the affairs in connection with any cryptographically secured digital representation of value;
can be transferred, stored or traded electronically; and
satisfies other characteristics prescribed by the SFC.

In our previous alert, we noted that the proposed definition of “VA” did not capture non-fungible tokens (“NFTs”). This point was picked up during the LegCo meetings. The SFC has clarified that the assessment of whether an NFT is a VA needs to take into account its terms and features. In most cases, NFTs which merely represent a “genuine digital representation of a collectable” is unlikely to be captured by the definition of “VA” under the Amended AMLO; however where the NFT go beyond the scope of a collectable, for example where it contains fungible elements or allows holders to vote on its arrangement, then this may cause the NFT to be “a medium of exchange accepted by the public” or “a digital representation of value that providers holders with rights, eligibility or access to vote”, and therefore it will fall under the ambit of a VA.[3]

The Government further explains that if a specific NFT is seen to be a VA, persons trading that specific NFT will require a licence if those dealings amount to a “VA service”, i.e., if the specific NFT is traded through the operation of an exchange. In other words, if the trading occurs on a peer-to-peer basis, the persons would not be deemed as operating an exchange and their activities would not fall within the scope of a “VA service”, and therefore a VASP licence is not required.[4]

III. The Requirement of Providing VA Services to Professional Investors Only

In our previous client alert, we noted the proposal that, in order to promote investor protection, the licensing regime for VASPs will, at the initial stage, stipulate that VASPs can only provide services to professional investors (“PI Restriction”), and that this restriction will be imposed by the SFC as a licence condition. At that time, we observed that the use of the phrase “initial stage” and the proposal to impose the PI Restriction by way of a licensing condition, rather than in the legislation itself, suggested that the SFC may possibly allow expansion of VASP services to retail investors down the track when VA markets become more mature and regulated.

It appears that the Government recognises that VA markets have become more mature since the licensing regime for VASPs was first proposed. On October 31, 2022, the Government issued its policy statement on the development of VAs in Hong Kong[5] (“Policy Statement”), where the Government stated that it recognised the increasing acceptance of VA as a vehicle for investment allocation by global investors, be they institutional or individual. It was noted in the Policy Statement that the SFC would be conducting a public consultation on how retail investors may be given a suitable degree of access to VA under the new licensing regime for VASPs, while being careful and cautious about the risks to retail investors, including by enhancing investor education and ensuring that suitable regulatory arrangements are in place.

The Report provides further clarification on the Government’s position on the PI Restriction requirement, and notes that the PI Requirement will be imposed on licensed VASPs as a licensing condition at the initial stage. However it further states that the SFC will conduct a consultation on the detailed regulatory requirements on the new VASP regime; and during the consultation the SFC will consider whether to allow non-professional investors (i.e. retail investors) to partake in VA transactions with licensed VASPs, provided that additional investor protection measures are in place.[6]

The SFC’s thinking on the investor protection measures to allow retail investors to trade VAs with licensed VASPs will likely become clearer after the SFC publishes its consultation paper on the regulatory requirements under the new VASP regime.

IV. Postponement to the Commencement of the Amended AMLO and the Licensing Regime for VASPs

In the Report, the Government proposed to postpone the commencement of the Amended AMLO and the licensing regime for VASPs. Set out below is a summary of the original timeline and the new timeline for the commencement of the Amended AMLO and the licensing regime for VASPs, as well as the timing implications for the transitional period and the deadline to submit an application to the SFC under the licensing regime for VASPs.

Event	Original timeline	New timeline
Commencement date of the Amended AMLO. Note that the criminal offences for fraudulent or reckless misrepresentations, or employing deceptive or fraudulent devices, schemes or acts, in relation to VA transactions, commences from this date.	January 1, 2023	April 1, 2023
Commencement date of the licensing regime for VASPs (“VASP Regime Commencement Date”).	March 1, 2023	June 1, 2023
Start date for the 12 months transitional period (“Transitional Period Start Date”) for any corporation that has been carrying on the business of providing a VA service in Hong Kong immediately before the VASP Regime Commencement Date (“Existing VASPs”), during which time the Existing VASP can carry on VA service in Hong Kong without a VASP licence.	Starting from March 1, 2023	Starting from June 1, 2023
Deadline of the 9 months period for Existing VASPs to file an application to the SFC for a licence under the licensing regime for VASPs, in order to be deemed to be licensed from the day after the expiry of the 12 months’ transitional period (“Application Deadline”).	By no later than December 1, 2023	By no later than March 1, 2024

Existing VASPs that file an application to the SFC by the Application Deadline will be deemed to be a licensed VASP from the day after the expiry of 12 months from the Transitional Period Start Date (i.e. June 2, 2024) until the SFC has made a decision to either approve or reject their licence application, or the licence applicant withdraws their application.

The Report notes that the postponement is intended to provide the Government and the SFC more time to work out the implementation details of the new regulatory regime, including public consultation work by the SFC on the regulatory requirements for licensed VASPs. The postponement is also intended to allow more time for the VASPs sector to prepare for the introduction of the licensing regime.

We will continue to closely monitor developments in this area, and will provide a more detailed update when the SFC publishes its public consultations on the regulatory regimes for licensed VASPs.

___________________________

[1] “Report of the Bills Committee on Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Bill 2022”, LC Paper No. CB(1)855/2022 (December 7, 2022), published by the Legislative Council, available at https://www.legco.gov.hk/yr2022/english/bc/bc05/reports/bc0520221207cb1-855-e.pdf

[2] Hong Kong Introduces Licensing Regime for Virtual Asset Services Providers (June 30, 2022), published by Gibson, Dunn & Crutcher LLP, available at https://www.gibsondunn.com/hong-kong-introduces-licensing-regime-for-virtual-asset-services-providers/

[3] Paragraph 13 of the Report

[4] Paragraph 14 of the Report.

[5] “Policy Statement on Development of Virtual Assets in Hong Kong”, published by the Financial Services and the Treasury Bureau on October 31, 2022, available at https://gia.info.gov.hk/general/202210/31/P2022103000454_404805_1_1667173469522.pdf

[6] Paragraph 27 of the Report.

The following Gibson Dunn lawyers prepared this client alert: William Hallatt, Arnold Pun, and Jane Lu.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact any member of Gibson Dunn’s Digital Asset Taskforce or the Global Financial Regulatory team, including the following authors in Hong Kong:

William R. Hallatt (+852 2214 3836, whallatt@gibsondunn.com)
Grace Chong (+65 6507 3608, gchong@gibsondunn.com)
Emily Rumble (+852 2214 3839, erumble@gibsondunn.com)
Arnold Pun (+852 2214 3838, apun@gibsondunn.com)
Becky Chung (+852 2214 3837, bchung@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

I. Introduction

Over the last few months, several European Union (“EU”) Member States have announced that they intend to withdraw from the Energy Charter Treaty (the “ECT”). At the time of writing, Germany, Slovenia, Poland, the Netherlands, France, Spain and Luxembourg have made such announcements.

The timing of these announcements preceded the expected vote by the Contracting Parties to the ECT regarding amendments to the text of the 1994 ECT (the “Modernised ECT”). The vote was scheduled to take place on 22 November 2022. However, reportedly due to a failure by the European Commission to gain the consensus of EU Member States—a majority of which are Contracting Parties to the ECT—the vote was called off at the eleventh hour. It has now been postponed until April 2023. If adopted in April 2023, the Modernised ECT will enter into force 90 days after its ratification by three-fourths of the treaty’s Contracting Parties. The Modernised ECT, if adopted, contains notable changes to the scope of investment protection afforded by the treaty.

We provide a summary of these developments and their potential impact on international arbitration claims brought by investors in ECT Contracting Parties.

II. The ECT

The ECT is a multilateral investment treaty, that entered into force in 1998, which establishes a legal framework in order to promote long-term international cooperation in the energy sector.

The ECT obliges the states who are Contracting Parties to the treaty to encourage and create stable, equitable, favourable, and transparent conditions for investors of other Contracting Parties.[1] In order to qualify for the protection afforded by the ECT, investments must be associated with “Economic Activity in the Energy Sector”. In practice, this includes activities such as inter alia (i) oil and gas exploration, (ii) construction and operation of power generation facilities, including those powered by renewable energy sources such as wind, solar, and hydro, and (iii) decommissioning of energy related facilities, including oil rigs, oil refineries and power generating plants.[2]

Each Contracting Party gives its unconditional consent to the submission of disputes between a Contracting Party and an investor of another Contracting Party relating to an investment to international arbitration.[3]

III. Amendments to the ECT

Since 2017, discussions have been underway regarding efforts to negotiate and agree a modernised text of the ECT. On 24 June 2022, it was announced that the Contracting Parties reached an agreement in principle on the modernised text. The Modernised ECT contains certain notable changes.

As explained by the Energy Charter Secretariat, the proposed changes include:

Alignment between the ECT and the Paris Agreement, which is a legally binding international treaty on climate change.[4] For example, the EU and the UK have opted to carve-out fossil fuel related investments from investment protection under the ECT, including for existing investments after 10 years (instead of 20 years under the current ECT).[5]
A provision stating that an investor from a Contracting Party that is part of a regional economic integration organisation (“REIO”), such as the EU, cannot bring an investor-state arbitral claim against another Contracting Party member of the same REIO—i.e., prohibiting what is referred to as “intra-EU arbitration”.[6]
A narrowed definition of a qualifying “investment” and “investor” under the treaty. An “investment” must fulfil a list of characteristics, such as the commitment of capital, the expectation of gain or profit, be made for a certain duration or involve the assumption of risk. An “investor” cannot hold the nationality—or permanent residency—in the Contracting Party hosting the investment, and must demonstrate that it carries on substantial business activity in the host state.[7]
Provision for a list of measures that constitute a violation of the ECT’s fair and equitable treatment (“FET”) standard, including a description of the circumstances that give rise to an investors’ legitimate expectations.[8]
Clarification that the treaty’s expropriation provision covers indirect expropriations, identifying in this context the types of measures that cannot be considered an indirect expropriation.[9]
Provision that the treaty’s observance of undertakings clause—i.e., umbrella clause—only applies to breaches of specific written commitments made through the exercise of governmental authority.[10]

As noted, it is anticipated that the ECT Contracting Parties will vote in April 2023 on whether to formally adopt the Modernised ECT. If adopted, the Modernised ECT will enter into force 90 days after its ratification by three-fourths of the treaty’s Contracting Parties.

IV. Announced Intention by Contracting Parties to Withdraw from the ECT

In parallel to these developments, several ECT Contracting Parties—that are also EU Member States—have announced that they intend to withdraw from the ECT. At the time of writing, Germany, Slovenia, Poland, the Netherlands, France, Spain and Luxembourg have made such announcements. It is reported that Austria is also considering withdrawal.

These Contracting Parties have cited various reasons for their intention to withdraw. The reasons appear generally to centre around complaints that the ECT impedes their ability to tackle climate change. Relatedly, there are around a billion Euros’ worth of outstanding ECT arbitral awards rendered against EU Member States—a figure which continues to grow, and which EU Member States may be keen to limit insofar as possible.

Withdrawal, however, does not take immediate effect. Rather, Article 47 of the ECT (Withdrawal) contains what is referred to as a “sunset clause”, which provides that, following formal notification of a Contracting Party’s withdrawal from the ECT, the withdrawal shall take effect one year after the notification is given.[11] Further, the protections afforded by the ECT shall continue to apply to pre-existing investments made in the territory of a Contracting Party for a period of 20 years after the withdrawal has taken effect—i.e., “the sunset period”.

Additionally, in the face of the announcements regarding withdrawal, the Energy Charter Secretariat, which provides the Energy Charter Conference “with all necessary assistance for performance of its duties,”[12] issued a Guidance Note explaining that withdrawal from the ECT may need to conform with Article 62 on the Vienna Convention on the Law of Treaties[13] (the “VCLT”).

Article 62 of the VCLT only allows a state—as a matter of general international law—to withdraw from a treaty due to “fundamental changes of circumstances” that were “essential” for the decision to enter into the treaty, and which “radically” transform the obligations created by the treaty so that its further implementation becomes unduly burdensome.[14] In addition, the change of circumstance relied on as the reason for withdrawal must have been unforeseen by the contracting parties to that treaty.

The Energy Charter Secretariat also observed that the International Court of Justice, in Gabčíkovo-Nagymaros Project (Hungary/Slovakia), did “not consider that new developments in the state of environmental knowledge and of environmental law can be said to have been completely unforeseen.”[15]

As a result, the analysis as to whether an ECT Contracting Party can validly withdraw from the ECT is not straightforward. And the issue of withdrawal may be subject to challenge, for example by investors bringing claims in international arbitration against Contracting Parties that have purported to withdraw from the ECT.

Against this backdrop, the European Parliament passed a resolution on 24 November 2022, “urg[ing] the Commission to initiate immediately the process towards a coordinated exit of the EU from the ECT and calls on the Council to support such a proposal”.[16] Although this resolution is not binding on the European Commission, it is an indication of the EU’s intention as regards the ECT. For the EU to withdraw from the ECT, the Council of the EU—which is one of the EU’s legislative bodies and is comprised of representatives from the EU Member States—would need to formally approve a withdrawal from the ECT by the EU. This is a very recent development, so precise details as to the path ahead are not yet clear.

V. Implications for Potential Claims by Investors Against ECT Contracting Parties

The developments outlined above carry several implications, some of which overlap:

Investors in ECT Contracting Parties may seek to submit claims to international arbitration before a vote is passed and the Modernised ECT becomes effective, because they will presumably want their claims to come under the current ECT’s standards of investment protection.
A Contracting Party’s attempt to withdraw from the ECT altogether may not impact an investor’s ability to commence international arbitration in the short-to-medium term, given the ECT’s 20-year sunset clause.
Withdrawal is likely to become a contested issue in individual cases. The Energy Charter Secretariat suggested that Article 62 of the VCLT would apply to any attempt to withdraw from the ECT. In this context, the reasons given by a Contracting Party for its withdrawal may need to be assessed against Article 62’s criteria on an individualised basis. As a result, international arbitration tribunals confronted with claims by investors against a state that has purported to withdraw from the ECT may have to rule on the validity of that withdrawal as a jurisdictional issue.
If the Modernised ECT is adopted next year, an ECT Contracting Party can choose both to ratify the Modernised ECT and pursue withdrawal in parallel, since these are independent issues. Indeed, a Contracting Party wishing to minimise international arbitration claims against itself may well choose to vote for and ratify the Modernised ECT—with its narrower investor protections—and pursue withdrawal on a longer timeline.
Finally, it is worth noting that if the Modernised ECT is not adopted at the vote scheduled for April 2023, the scope of investment protection offered under the current ECT will continue to remain in force for Contracting Parties.

____________________________

[1] ECT, Article 10.

[2] ECT, Article 1(5).

[3] ECT, Article 26(3)(a).

[4] It was adopted by 196 Parties at COP 21 in Paris, on 12 December 2015, and entered into force on 4 November 2016. See UNFCC, The Paris Agreement, available here.

[5] See Energy Charter Secretariat, Public Communication explaining the main changes contained in the agreement in principle, 24 June 2022, 1. Definitions – Pillar 2: Flexibility, available here.

[6] Id., 6. Regional Economic Integration Organisation (REIO).

[7] Id., 2. Investment Protection – Definitions of Investment and Investor.

[8] Id., 2. Investment Protection – Definition of Fair and Equitable Treatment.

[9] Id., 2. Investment Protection – Definition of Indirect Expropriation.

[10] Id., 2. Investment Protection – Umbrella clause.

[11] ECT, Article 47(2).

[12] ECT, Article 35.

[13] VCLT, Article 62.

[14] Energy Charter Secretariat, Sunset Clause (Article 47 of the ECT) in relation to Article 62 of the Vienna Convention on the Law of Treaties (VCLT), 3 November 2022, available here.

[15] Ibid.

[16] European Parliament resolution of 24 November 2022 on the outcome of the modernisation of the Energy Charter Treaty (2022/2934(RSP)), at 20, available here.

The following Gibson Dunn lawyers assisted in the preparation of this client update: Jeff Sullivan KC, E Jin Lee, and Theo Tyrrell.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s International Arbitration, Judgment and Arbitral Award Enforcement or Transnational Litigation practice groups, or any of the following:

Jeff Sullivan KC – London (+44 (0) 20 7071 4231, Jeffrey.Sullivan@gibsondunn.com)
Cyrus Benson – London (+44 (0) 20 7071 4239, CBenson@gibsondunn.com)
Penny Madden KC – London (+44 (0) 20 7071 4226, PMadden@gibsondunn.com)
E Jin Lee – New York (+1 212 351 5327, ELee@gibsondunn.com)
Theo Tyrrell – London (+44 (0) 20 7071 4016, TTyrrell@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Join us for a 30-minute briefing covering a wide range of M&A practice topics. The goal of the program is to provide quick insights into recent market trends and practical advice on how to manage common M&A problems.

Topics discussed:

Jonathan Whalen and Matthew Wiener discuss recent developments in the representation and warranty insurance markets
Kristen Poole and David Wilf discuss how to choose among different efforts standards when drafting and negotiating covenants
Cassandra Gaedt-Sheckter and Alexander Southwell discuss practice pointers on assessing and managing cybersecurity and privacy risk in M&A transactions

PANELISTS:

Cassandra Gaedt-Sheckter is a partner in Gibson, Dunn & Crutcher’s Palo Alto office, lead of the firm’s State Privacy Law Task Force, and a Co-Chair of the firm’s Artificial Intelligence and Automated Systems Practice Group. She is an award-winning practitioner, and just in 2022, has been featured as 40 under 40 in Silicon Valley by the Silicon Valley Business Journal, Woman Leader in Tech Law by The Recorder, and Best Lawyers’ One to Watch for Technology Law for her work. Her practice focuses on data privacy, cybersecurity, AI, and data regulatory enforcement, transactional, and product and compliance counseling representations. She has significant experience advising companies on legal and regulatory compliance, diligence, and risks in transactions, particularly with respect to California’s CCPA and CPRA, and other federal and state laws and regulations.

Kristen P. Poole is a corporate partner in Gibson, Dunn & Crutcher’s New York office, where her practice focuses on mergers and acquisitions and private equity. Ms. Poole represents both public and private companies, as well as financial sponsors, in connection with mergers, acquisitions, divestitures, minority investments, restructurings, and other complex corporate transactions. She also advises clients with respect to general corporate governance matters and shareholder activism matters.

Alexander Southwell is a partner in Gibson, Dunn & Crutcher’s New York office, and he is a Co-Chair of the firm’s Privacy, Cybersecurity and Data Innovation Practice Group. He is a Chambers-ranked former federal prosecutor and was named a “Cybersecurity and Data Privacy Trailblazer” by The National Law Journal. Mr. Southwell’s practice focuses on privacy, information technology, data breach, theft of trade secrets and intellectual property, computer fraud, national security, and network and data security issues, including handling investigations, enforcement defense, and litigation. He regularly advises companies and private equity firms on privacy and cybersecurity diligence and compliance.

Jonathan Whalen is a partner in Gibson, Dunn & Crutcher’s Dallas office, and he is a member of the firm’s Mergers and Acquisitions Practice Group. Chambers USA named Mr. Whalen an Up and Coming Corporate/M&A attorney in their 2022 publication. Mr. Whalen’s practice focuses on a wide range of corporate and securities transactions, including mergers and acquisitions, private equity investments, and public and private capital markets transactions.

David Wilf is a partner in Gibson, Dunn & Crutcher’s New York office, and he is Co-Chair of Gibson Dunn’s Transportation and Space Practice Group. Mr. Wilf is recognized as a leading M&A attorney by the International Financial Law Review. His practice focuses on mergers and acquisitions, joint ventures, strategic alliances and general corporate matters, including strategic complex corporate contracts. Mr. Wilf has represented United States entities in Europe, Asia, Latin America, and Africa in acquisitions, divestitures and joint ventures, and non-U.S. entities in similar types of domestic and international transactions, in addition to his general domestic U.S. practice.

Matthew Wiener is a Managing Director, M&A and Transaction Solutions in the Houston office of Aon. He is the co-practice leader for Aon’s Transaction Solutions team. In this role, Mr. Wiener is responsible for the development and implementation of transactional-based risk solutions, including the deployment of insurance capital for M&A transactions through representations and warranties, litigation, tax and other contingent liabilities insurance. Prior to joining the Aon Transaction Solutions team, Matthew was an attorney at Vinson & Elkins LLP, where he specialized in corporate finance and securities law matters, including mergers and acquisitions, private equity, public and private securities offerings, divestitures, and general corporate representation.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 0.5 credit hour, of which 0.5 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact CLE@gibsondunn.com to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 0.5 hour.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

As discussed in our November 21 Client Alert, following a recent interpretation by the SEC Staff regarding the application of Exchange Act Rule 15c2-11 to fixed income securities initially offered and sold by private companies, such issuers will be required to publicly disclose specified current financial and other information if they wish to allow US broker-dealers to publish quotations on their securities. Based on a December 2021 no action letter (referenced in our client alert), this interpretation was scheduled to be phased in over time, with “Phase Two” taking effect as of January 3, 2023, which would have affected trading in securities offered by non-reporting issuers in Rule 144A offerings.

On November 30, 2022, however, the SEC issued a no-action letter that delayed implementation of Phase Two until January 4, 2025 to provide non-reporting issuers and US broker-dealers more time to implement compliance systems to meet the demands of the rule. While various industry groups are expected to continue to engage with the Commission on the application of the Rule to fixed income securities, a further change in Commission policy remains uncertain.

The following Gibson Dunn lawyers prepared this client update: Alan Bannister and James Moloney.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have about these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Capital Markets or Securities Regulation and Corporate Governance practice groups:

Capital Markets Group:
J. Alan Bannister – New York (+1 212-351-2310, abannister@gibsondunn.com)
Andrew L. Fabens – New York (+1 212-351-4034, afabens@gibsondunn.com)
Hillary H. Holmes – Houston (+1 346-718-6602, hholmes@gibsondunn.com)
Douglas S. Horowitz – New York (+1 212-351-3817, dhorowitz@gibsondunn.com)
Stewart L. McDowell – San Francisco (+1 415-393-8322, smcdowell@gibsondunn.com)
Peter W. Wardle – Los Angeles (+1 213-229-7242, pwardle@gibsondunn.com)

Securities Regulation and Corporate Governance Group:
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
James J. Moloney – Orange County (+1 949-451-4343, jmoloney@gibsondunn.com)
Lori Zyskowski – New York (+1 212-351-2309, lzyskowski@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

The U.S. Treasury Department recently issued proposed regulations[1] to address certain concerns raised by taxpayers and other stakeholders in response to final foreign tax credit regulations published in January 2022[2]. Although the proposed regulations do not grapple with some of the more fundamental problems previously identified by commentators, they do offer taxpayers relief in certain narrow circumstances. In general, the proposed regulations are proposed to apply to tax years ending on or after November 18, 2022 (i.e., starting immediately in 2022 for calendar-year taxpayers). Once the proposed regulations are finalized, taxpayers may choose to apply “some or all of the final regulations to earlier taxable years, subject to certain conditions” described in detail in the notice of proposed rulemaking. Until the effective date of final regulations, taxpayers may rely on the proposed regulations. If a taxpayer chooses to rely on a portion of the proposed regulations, taxpayers must consistently follow all proposed rules for that portion of the regulations for all years until final regulations are effective.[3]

Royalties

One of the primary areas of concern for taxpayers after the publication of the January 2022 final foreign tax credit regulations was the introduction of a source-based attribution requirement (described in earlier iterations of the regulations as the “jurisdictional nexus” requirement) that compares foreign laws governing the source of income with United States income tax laws to determine if a foreign tax should be creditable in the United States. Under the source-based attribution requirement in Treas. Reg. § 1.901-2(b)(5)(i)(B), a foreign tax imposed on a nonresident’s income meets the attribution requirement only if the foreign tax law’s sourcing rules are reasonably similar to the United States sourcing rules.

In the case of gross income arising from royalties, the foreign tax law must impose tax on the royalties consistent with the manner in which the Internal Revenue Code (the “Code”) sources royalty income: i.e., based on the place of use or the right to use the licensed intangible property.[4] In this regard, the United States’ place-of-use rule for sourcing royalties is far from representative of a global consensus. Other jurisdictions source royalties in a manner that does not fall neatly into that category, such as the United Kingdom, where a multi-factor approach is used to source royalties. As a result, in those countries where withholding taxes on royalties are imposed on the basis of some other approach, royalty withholding taxes would not be creditable against the recipient’s U.S. tax liability even if the licensed intangible property is in fact used within the territory of the taxing jurisdiction.[5]

Complicating this inquiry is the lack of certainty that often arises when determining the location where intangible property is used. Although it may be easy to identify where certain manufacturing-related intangibles are used (e.g., at a multinational enterprise’s manufacturing facility), it is more difficult in other situations, such as where employees in one jurisdiction use intangibles to generate sales through social media to customers residing in another jurisdiction.

The proposed regulations provide a limited exception to the source-based attribution requirement of the January 2022 regulations for situations in which the taxpayer can show that a withholding tax is imposed on royalties received in exchange for the right to use intangible property pursuant to a single-country license within the territory of the taxing jurisdiction. For this purpose, a payment is made pursuant to a single-country license if the terms of the license agreement under which the payment is made characterize the payment as a royalty and limit the territory of the license to the country imposing the withholding tax. Therefore, U.S. taxpayers may need to revise existing license agreements to qualify for the single-country license exception.

Cost Recovery Requirement

The proposed regulations also provide further insight into the net gain requirements that foreign income taxes must meet to give rise to U.S. foreign tax credits. The final regulations require generally that significant items of expense—including capital expenditures, interest, rents, royalties, wages and research and experimentation—must be recovered against income, but the proposed regulations permit a foreign tax to disallow significant costs and expenses if the disallowance is consistent with any principle underlying disallowances required under the Code.

For taxpayers determining whether a disallowance is consistent with Code-based principles, the proposed regulations provide helpful guidance. Treas. Reg. § 1.901-2(b)(4)(iv)(J), Example 10, makes clear that taxpayers would be permitted to claim foreign tax credits in respect of taxes paid to foreign taxing jurisdictions that do not allow any deductions for stock based compensation because the Code “contain[s] targeted disallowances or limits on the deductibility of certain items of compensation in particular circumstances based on non-tax public policy reasons, including to influence the amount or use of a certain type of compensation in the labor market,” citing sections 162(m) and 280G. Without the inclusion of Example 10 in the proposed regulations, it would not otherwise have been obvious that a complete disallowance of deductions for stock-based compensation would be considered to be consistent with (or resemble) the limitations in sections 162(m) and 280G.

For taxpayers analyzing whether any other type of disallowance under foreign tax law resembles a Code-based disallowance, the example and its principles should provide helpful authority in determining whether the net gain requirement is satisfied.

Summary

While the recently released proposed regulations do not address many substantive issues raised by taxpayers and other stakeholders in response to the January 2022 regulations, they do represent an effort to answer narrower problems identified by taxpayers, and they are designed in a way that allows taxpayers the opportunity to make broad arguments in other areas by analogy to these narrow rules. Given the relief provided in response to high profile comments from the technology and other sectors on royalty withholding issues in particular, interested parties with other specific issues should consider communicating those issues to the Treasury Department and the IRS with proposals for relief or clarification.

Please contact any Gibson Dunn tax lawyer for updates on this issue.

__________________________

[1] 87 Fed. Reg. 71,271, 71,275 (Nov. 22, 2022).

[2] T.D. 9959, 87 Fed. Reg. 276 (Jan. 4, 2022).

[3] Until the effective date of final regulations, taxpayers may rely on the proposed regulations. If a taxpayer chooses to rely on a portion of the proposed regulations, taxpayers must consistently follow all proposed rules for that portion of the regulations for all years until final regulations are effective. 87 Fed. Reg. 71,271, 71,277 (Nov. 22, 2022).

[4] Sections 861(a)(4) and 862(a)(4) of the Code.

[5] Foreign tax on royalties can often be eliminated altogether under United States income tax treaties that eliminate royalty withholding tax, in which case there is no need to claim a foreign tax credit. But foreign taxes on royalties are a significant focus of many U.S. taxpayers, as other U.S. treaties only reduce the royalty withholding tax, and many substantial U.S. trading partners, including Brazil, Singapore, and Hong Kong, do not enjoy tax treaties with the United States. We also note that in determining the availability of a deemed paid credit to a U.S. shareholder of a CFC, the IRS and Treasury have taken the position in the January 2022 regulations that a U.S. taxpayer may not rely on a U.S. treaty provision that a country’s royalty withholding tax is creditable in a context where withholding taxes are imposed on royalties paid by one CFC to another CFC.

This alert was prepared by Jeffrey M. Trinklein, Anne Devereaux, John F. Craig III, Michael A. Benison, Eric Sloan, Sandy Bhogal, Jérôme Delaurière, and Hans Martin Schmid.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Tax and Global Tax Controversy and Litigation practice groups:

Tax Group:
Dora Arash – Los Angeles (+1 213-229-7134, darash@gibsondunn.com)
Sandy Bhogal – Co-Chair, London (+44 (0) 20 7071 4266, sbhogal@gibsondunn.com)
Michael Q. Cannon – Dallas (+1 214-698-3232, mcannon@gibsondunn.com)
Jérôme Delaurière – Paris (+33 (0) 1 56 43 13 00, jdelauriere@gibsondunn.com)
Michael J. Desmond – Los Angeles/Washington, D.C. (+1 213-229-7531, mdesmond@gibsondunn.com)
Anne Devereaux* – Los Angeles (+1 213-229-7616, adevereaux@gibsondunn.com)
Matt Donnelly – Washington, D.C. (+1 202-887-3567, mjdonnelly@gibsondunn.com)
Pamela Lawrence Endreny – New York (+1 212-351-2474, pendreny@gibsondunn.com)
Benjamin Fryer – London (+44 (0) 20 7071 4232, bfryer@gibsondunn.com)
Brian R. Hamano – Los Angeles (+1 310-551-8805, bhamano@gibsondunn.com)
Kathryn A. Kelly – New York (+1 212-351-3876, kkelly@gibsondunn.com)
Brian W. Kniesly – New York (+1 212-351-2379, bkniesly@gibsondunn.com)
Loren Lembo – New York (+1 212-351-3986, llembo@gibsondunn.com)
Jennifer Sabin – New York (+1 212-351-5208, jsabin@gibsondunn.com)
Hans Martin Schmid – Munich (+49 89 189 33 110, mschmid@gibsondunn.com)
Eric B. Sloan – Co-Chair, New York (+1 212-351-2340, esloan@gibsondunn.com)
Jeffrey M. Trinklein – London/New York (+44 (0) 20 7071 4224 /+1 212-351-2344), jtrinklein@gibsondunn.com)
John-Paul Vojtisek – New York (+1 212-351-2320, jvojtisek@gibsondunn.com)
Edward S. Wei – New York (+1 212-351-3925, ewei@gibsondunn.com)
Lorna Wilson – Los Angeles (+1 213-229-7547, lwilson@gibsondunn.com)
Daniel A. Zygielbaum – Washington, D.C. (+1 202-887-3768, dzygielbaum@gibsondunn.com)

Global Tax Controversy and Litigation Group:
Michael J. Desmond – Co-Chair, Los Angeles/Washington, D.C. (+1 213-229-7531, mdesmond@gibsondunn.com)
Saul Mezei – Washington, D.C. (+1 202-955-8693, smezei@gibsondunn.com)
Sanford W. Stark – Co-Chair, Washington, D.C. (+1 202-887-3650, sstark@gibsondunn.com)
C. Terrell Ussing – Washington, D.C. (+1 202-887-3612, tussing@gibsondunn.com)

*Anne Devereaux is an of counsel working in the firm’s Los Angeles office who is admitted only in Washington, D.C.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

On November 28, 2022, the European Council formally adopted the Corporate Sustainability Reporting Directive (“CSRD”), following adoption by the European Parliament on November 10, 2022. The CSRD is now due to be signed and published in the European Union (“EU”) Official Journal and will come into force 20 days after publication.[1]

The CSRD will replace and significantly broaden the scope of the existing sustainability reporting requirements under the EU’s current sustainability reporting rules, which are set out in a suite of directives and regulations, including the Non-Financial Reporting Directive[2] (“NFRD”). The NFRD currently requires that “public interest” entities, including large EU listed entities, credit institutions, insurance companies, and other entities designated as such by an EU member state, report certain sustainability information on an annual basis. While still subject to further implementation (as discussed below), the CSRD will also have important implications for non-EU groups with significant EU operations, as it will impose substantive and expanded disclosure requirements on those groups, with a resulting increase in costs. It will also likely lead to increased regulatory complexity and compliance risks.

Overview of the CSRD

The CSRD is intended to revise and strengthen the rules introduced by the NFRD by promoting relevant, comparable, reliable, and accessible sustainability information for investors and stakeholders.[3] The CSRD reporting requirements will complement and be aligned to other key EU sustainable finance initiatives that are directed principally at companies in the financial services and capital markets sectors, including the Sustainable Finance Disclosure Regulation (“SFDR”) (effective as of March 10, 2021)[4] and the EU Taxonomy Regulation (partially effective as of January 1, 2022, and fully effective as of January 1, 2023).[5]

As discussed in detail below, the CSRD will materially broaden the scope of sustainability information disclosed to stakeholders, increase the number of entities required to report such information, and introduce a new limited audit assurance requirement prior to October 1, 2026 and a new reasonable assurance requirement prior to October 1, 2028. The CSRD will apply to all large EU undertakings, both public and private. This expanded scope will apply the CSRD to, among others, U.S. entities with significant EU operations. Under the CSRD, small and medium enterprises (“SMEs”) will have delayed compliance requirements, and micro-undertakings will be excluded from compliance altogether.

Entities Covered by the CSRD and Exemptions

Entities covered by the CSRD include:

all undertakings with securities listed on EU regulated markets (other than listed micro-undertakings);
all “large undertakings” (whether listed or not), being an EU undertaking or an EU subsidiary of a non-EU entity that satisfies at least two of the three following criteria as of the relevant balance sheet date:

1. a balance sheet total exceeding €20,000,000;
2. a net turnover[6] exceeding €40,000,000; and
3. in excess of 250 employees on average during the financial year.

all parent undertakings of “large groups” (whether listed or not), being groups which on a consolidated basis satisfy two of the three criteria set out at a. through c. above; and
as of January 1, 2026 (with the ability to opt-out until 2028), “small” and “medium-sized enterprises” with transferable securities on an EU regulated market.[7]

Note that certain EU subsidiaries of non-EU entities, as well as any non-EU entities with transferable securities listed on an EU regulated market, accordingly will be subject to the CSRD.

From financial years starting on or after January 1, 2028, the CSRD will also apply to non-EU undertakings (labelled “third country undertakings”) that generate a net turnover of more than €150,000,000 in the EU and have: (i) an EU branch office with a net turnover of at least €40,000,000 in the EU; or (ii) a large or listed EU subsidiary.[8] The subsidiary or branch will be responsible for preparing a sustainability report for the third country undertaking at a consolidated level. These sustainability reports will need to be prepared according to: (i) separate standards to be adopted by the European Commission (“Commission”) by June 30, 2024; (ii) the standards applicable to EU undertakings; or (iii) standards which are deemed equivalent by the Commission. These sustainability reports of third country undertakings need to be published with an assurance opinion by a firm authorized to give such an opinion under the national law of the third country undertaking or of a member state.

A subsidiary undertaking will be exempt from reporting if that entity and its subsidiaries (if applicable) were included in the consolidated management report of the parent undertaking, provided that the parent’s report is compliant with the CSRD. This exemption would also apply where a subsidiary undertaking (and its subsidiaries) were included in the consolidated management report of a non-EU parent undertaking and that parent’s sustainability disclosures were determined to be “equivalent” to EU sustainability reporting standards. At this time, there is ambiguity on the equivalence protocol and likely outcomes of allowing non-EU parents to produce compliant consolidated reporting. Because it is not clear how this “equivalence test” will be applied (or indeed which non-EU countries will be treated as having equivalent sustainability reporting standards), non-EU entities must keep abreast of regulatory developments in this regard. While a parent in a non-EU country will be able to voluntarily choose to publish compliant consolidated management reports containing the relevant sustainability information mandated by the CSRD, this will not automatically exempt any of its EU subsidiary undertakings that fall within the scope of the CSRD.

For U.S. companies, the “equivalence” analysis adds another element of regulatory complexity, especially given that the U.S. Securities and Exchange Commission (“SEC”) has separately proposed new rules for climate change disclosure requirements for both U.S. public companies and foreign private issuers on March 21, 2022[9] (as discussed in further detail in our webcast here and our previous client alert here). There is no guarantee that those rules or any final SEC sustainability rules will be determined to be “equivalent” by the Commission for purposes of CSRD compliance,[10] and notably the proposed SEC rules deal with disclosures only for climate-related matters while disclosures under the CSRD include climate-related matters as well as other ESG-related matters.

For UK groups with substantial European operations, post-Brexit, a similar question will arise in relation to “equivalence”. The UK has arguably been leading the global landscape in relation to mandatory climate reporting pursuant to the Task Force on Climate-related Financial Disclosures (“TCFD”) and there exists a suite of specific ESG-related reporting requirements (e.g. in relation to modern slavery, consideration of broader stakeholder considerations and gender pay gap information). Nonetheless, the UK has yet to introduce a comprehensive set of mandatory non-climate related reporting requirements of the type envisaged by the CSRD.

As a practical matter, this means that EU large undertakings with non-EU parents could have to report consolidated sustainability information on a subsidiary-by-subsidiary basis if equivalence with the non-EU country’s sustainability reporting requirements is not determined. This could have wide-reaching implications for non-EU parent entities with significant subsidiary operations in the EU, not just in relation to the compliance burden of increased reporting costs across multiple entities, but also the compliance challenge and associated risks of ensuring relevance, accuracy and consistency across multiple reports.

Scope of Matters to be Reported and Relevant Reporting Standards

The CSRD will require reporting of forward-looking, retrospective, qualitative and quantitative information necessary to understand an undertaking’s impacts on sustainability matters and, from the “opposite” lens, the information necessary to understand how sustainability matters affect an undertaking’s development, performance, and position (i.e., “double materiality” reporting). The principle of double materiality requires that entities look inward to evaluate how sustainability issues affect the entity and look outward to understand how the entity impacts people and the environment.

The CSRD clarifies that entities will need to report on both elements of materiality for compliance with the reporting requirements. In particular, CSRD reporting entities will need to disclose:[11]

Strategy: Their business model and strategy, including:

- the resilience of their business model and strategy to risks related to sustainability matters;
- their opportunities related to sustainability matters;
- their plans to ensure that their business model and strategy are compatible with the transition to a sustainable economy and with the limiting of global warming to 1.5°C in line with the Paris Agreement and the objective of achieving climate neutrality by 2050;
- their business model and strategy take account of the interests of their stakeholders and of their impact on sustainability matters; and
- how their strategy has been implemented with regard to sustainability matters.

Targets: The sustainability targets set and the progress made towards achieving them.
Governance: The role of the administrative, management and governance bodies in relation to sustainability factors.
Policies: Their policies in relation to sustainability matters.
Incentives: Information about the existence of sustainability-linked incentive schemes offered to members of the administrative, management and supervisory bodies.
Due Diligence: The due diligence process implemented with regard to sustainability matters.
Impacts: Their most significant negative impacts on sustainability factors.
Remedial Actions: Any actions taken, and the results of such actions, to prevent, mitigate, remediate or bring an end to actual or potential adverse impacts.
Risks: Their principal risks related to sustainability matters, including their principal dependencies on such matters, and how those risks are managed.
Reporting Scope: The manner in which they identified the information on which the report.

Time horizons: The CSRD will also require that qualitative and quantitative, forward-looking and retrospective information be disclosed, taking into account short, medium and long-term time horizons.

Value chains: Where appropriate, undertakings will also be required to disclose information regarding their own operations as well as their value chains, including products and services, business relationships and supply chains.

Sustainability Standards: Disclosures will need to be reported in accordance with the European Sustainability Reporting Standards (“ESRS”) currently being developed by the European Financial Reporting Advisory Group (“EFRAG”), a public-private partnership tasked to advise the Commission on the adoption of international financial reporting standards into EU law. By June 30, 2023, the Commission must adopt the first set of standards and by June 30, 2024, the Commission must adopt further complementary information requirements with regards to sustainability matters, separate standards for third country undertakings and SMEs, and sector-specific standards.[12] The Commission has noted that sector-specific standards are particularly important for sectors associated with high sustainability risks and/or impacts on the environment, human rights and governance.

The standards are required to specify the information that should be disclosed regarding the following sustainability matters:

Environmental: (i) climate change mitigation; (ii) climate change adaptation; (iii) water and marine resources; (iv) resource use and circular economy; (v) pollution; and (vi) biodiversity and ecosystems (with reference to natural capital accounting to effectively monetize and quantify the cost/benefit of natural resources);
Social: (i) equal treatment and opportunities, including gender equality and equal pay for equal work, training and skills development, employment and inclusion of people with disabilities, measures against violence and harassment in the workplace, and diversity; (ii) working conditions, including secure employment, working time, adequate wages, social dialogue, freedom of association, existence of work councils, collective bargaining, the information, consultation and participation rights of workers, work-life balance and health and safety; and (iii) respect for human rights, fundamental freedoms, democratic principles and standards established in the International Bill of Human Rights and other core UN human rights conventions, the International Labor Organization’s Declaration on Fundamental Principles and Rights at Work and the ILO fundamental conventions, the European Convention of Human Rights, the revised European Social Charter, and the Charter of Fundamental Rights of the European Union; and
Governance: (i) the role of the undertaking’s administrative, management and supervisory bodies with regard to sustainability matters, and their composition, and their expertise and skills to fulfil this role or access to such expertise and skills; (ii) the main features of the undertaking’s internal control and risk management systems in relation to the sustainability reporting process; (iii) business ethics and corporate culture, including anticorruption and anti-bribery, the protection of whistle-blowers and animal welfare; (iv) engagement of the undertaking to exert its political influence, including its lobbying activities; (v) the management and quality of relationships with customers, suppliers and communities affected by the activities of the undertaking, including payment practices, especially with regard to late payment to SMEs; and (vi) the main features of the undertaking’s internal control and risk management systems, in relation to the sustainability reporting and decision-making process.

While the Commission has flagged the need for the standards to be consistent with other European legislation (i.e., EU Taxonomy Regulation and SFDR), the proposal does not point towards any one international standard or framework as a model or foundation. Instead, the proposal refers to the broad objective of taking into account existing standards and frameworks such as the Global Reporting Initiative (GRI), the Sustainability Accounting Standards Board, TCFD, the Climate Disclosure Standards Board, International Integrated Reporting Council, International Accounting Standards Board and any standards developed under the auspices of the IFRS Foundation.[13]

Audit Assurance: To help prevent greenwashing, the CSRD will also introduce a general EU-wide audit assurance requirement for reported sustainability information.[14] Previously, under the NFRD, audit assurance was optional. Under the CSRD, the Commission must adopt legislation to provide for a “limited assurance” requirement by October 1, 2026, and subsequently adopt further legislation to provide for a higher “reasonable assurance” requirement by October 1, 2028. EU member states will have the power to authorize independent assurance service providers to carry out this sustainability assurance work, which will broaden the choice of assurance providers beyond statutory auditors or audit firms.

Where to Report and Format of Reporting

The CSRD requires sustainability information to be published in an entity’s management report and not a separate, standalone report. To aid in the access, review, and comparability of sustainability information, the financial statements and management reports of CSRD reporting entities will be required to be published in a digital file format. Note that U.S. entities will likely include the management report as part of the Annual Report on Form 10-K since a separate, standalone ESG report will not comply with the CSRD.

CSRD Regulatory Approval Process

In connection with the CSRD rulemaking, the Commission carried out an Impact Assessment, including a public consultation. On April 21, 2021, the Commission adopted a proposal for the CSRD, and the proposal was open for public feedback until July 14, 2021. On June 21, 2022, the member states in the European Council and the European Parliament reached a provisional political agreement on the CSRD. On November 10, 2022, The European Parliament adopted a final legislative text based on the Commission’s proposal on November 10, 2022, which was then adopted by the European Council on November 28, 2022. The CSRD is now due to be signed by the President of the European Parliament and the President of the European Council, after which it will be published in the EU Official Journal, and enter into force 20 days thereafter. Following this, member states must incorporate the CSRD into their local law within 18 months.[15]

In parallel, EFRAG set up a task force to lead the development of the sustainability standards applicable under the CSRD – the Project Task Force Non-Financial Reporting Standards (“PTF-NFRS”). The PTF-NFRS published a report in March 2021 outlining its proposed roadmap for development of a comprehensive set of EU sustainability standards. Elaboration of draft standards in project mode commenced in June 2021 and, significantly, on July 8, 2021, the EFRAG task force announced a Statement of Cooperation with the GRI. The GRI standards are currently the most commonly used sustainability reporting standards amongst EU entities.

EFRAG launched a public consultation on the ESRS exposure drafts in April 2022, with the consultation period closing on August 8, 2022. These exposure drafts corresponded to the first set of standards required under the CSRD and covered environmental, social and governance matters (described as “topical” standards) as well as cross-cutting standards (such as general principles, strategy, governance and materiality assessment disclosure requirements). On November 22, 2022, EFRAG submitted a set of twelve draft ESRS to the Commission, which take into consideration the results of the public consultation. The Commission will now consult with other EU bodies and member states on the draft ESRS, and is expected to adopt a set of final standards in June 2023. EFRAG is expected to release a second set of draft ESRS in the coming months, with a focus on sector-specific and SME standards.

The CSRD will apply to entities that are already subject to NFRD for financial years starting on or after January 1, 2024 with the new disclosures therefore appearing in reports published in 2025. In scope entities that are not already subject to NFRD will be required to apply CSRD for financial years starting on or after January 1, 2025. Reporting will be delayed for SMEs whose securities are admitted to trading on an EU regulated market until financial years starting on or after January 1, 2026 (subject to an opt-out until 2028) and for third country undertakings until financial years starting on or after January 1, 2028.[16]

Note that once adopted, the CSRD requires member state implementation into local law. Thus, it is possible that there may be divergences on both the timing of implementation and the approach between member states.

Key Takeaways

The reporting obligations arising from the CSRD are significant compared to the NFRD. In addition, the CSRD’s scope is much broader given the breadth and relative sizes of many U.S., UK and non-EU entities with significant operations in various EU jurisdictions. As a result, the CSRD may lead to a marked increase in additional substantive disclosures (and increased costs), including multiple subsidiary-level reporting obligations, and the associated risks of divergent reporting. With the CSRD’s adoption, the SEC’s proposed expanded climate change requirements in the U.S., and the UK Government and relevant agencies rolling out mandatory TCFD-aligned climate disclosure requirements while also pushing for enhanced non-climate related disclosures, it will be important for U.S. and UK companies with significant EU operations to start compiling and developing standards and procedures to confirm the accuracy of sustainability information.

____________________________

[1] Council of the European Union, Press Release, Council gives final green light to corporate sustainability reporting directive (November 28, 2022), available at https://www.consilium.europa.eu/en/press/press-releases/2022/11/28/council-gives-final-green-light-to-corporate-sustainability-reporting-directive/.

[2] The key rules and regulations are set out in the Accounting Directive (Directive 2013/34/EU) (which was amended by the NFRD), the Transparency Directive (Directive 2004/109/EC), the Audit Directive (2006/43/EC) and the Audit Regulation (Regulation (EU) 537/2014.

[3] Executive Summary of the Impact Assessment, European Commission (April 21, 2021), available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52021SC0151&from=EN.

[4] The SFDR complements corporate disclosures by providing a comprehensive reporting framework for financial products and financial entities. FAQ: what is the EU Taxonomy and how will it work in practice?, European Commission, (April 21, 2021) at page 3, available here.

[5] The EU Taxonomy Regulation is a green classification system that translates the EU’s climate and environmental objectives into criteria for specific economic activities for investment purposes and provides a common understanding of economic activities that make a substantial contribution to the EU’s environmental goals. Id at page 1.

[6] The definition of “net turnover” is “the amounts derived from the sale of products and the provision of services after deducting sales rebates and value added tax and other taxes directly linked to turnover” as defined in the Accounting Directive (see footnote 2 above).

[7] Listed micro-undertakings (those that do not satisfy two of the three following criteria: (i) a balance sheet total exceeding €350,000; (ii) a net turnover exceeding €700,000; and (iii) in excess of ten employees) will be exempt from the CSRD.

[8] Corporate Sustainability Reporting Directive (November 10, 2022), at point (14) of Article 1 (introducing Article 40a to the Accounting Directive) and point (2) of Article 5, available at https://www.europarl.europa.eu/doceo/document/TA-9-2022-0380_EN.pdf

[9] Securities and Exchange Commission, The Enhancement and Standardization of Climate-Related Disclosures for Investors, available at https://www.sec.gov/rules/proposed/2022/33-11042.pdf.

[10] “Equivalence” will be determined pursuant to the formal mechanisms established by the European Commission as envisaged under Article 23(4)(i) of Directive 2004/109/EC, available here.

[11] Corporate Sustainability Reporting Directive (November 10, 2022), at point (4) of Article 1 (replacing Article 19a of the Accounting Directive), available at https://www.europarl.europa.eu/doceo/document/TA-9-2022-0380_EN.pdf.

[12] Id. at point (8) of Article 1 (inserting Articles 29b and 29c into the Accounting Directive) and point (14) of Article 1 (inserting Article 40b into the Accounting Directive).

[13] In March 2021 the IFRS Foundation announced creation of a working group to accelerate convergence in global sustainability reporting standards focused on enterprise value and to undertake technical preparation for a potential international sustainability reporting standards board under the governance of the IFRS Foundation. Press Release, IFRS, IFRS Foundation Trustees announce working group to accelerate convergence in global sustainability reporting standards focused on enterprise value (March 22, 2021), available here.

[14] Corporate Sustainability Reporting Directive (November 10, 2022), at point (13) of Article 1 (amending Article 34 of the Accounting Directive), available at https://www.europarl.europa.eu/doceo/document/TA-9-2022-0380_EN.pdf.

[15] Id. at point (1) of Article 5.

[16] Id. at point (2) of Article 5.

The following Gibson Dunn attorneys assisted in preparing this client update: Selina Sagayam, Elizabeth Ising, Sarah Leiper-Jennings, Vivian Leong*, and Ryan Butcher*.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have about these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Environmental, Social and Governance (ESG) or Securities Regulation and Corporate Governance practice groups:

Environmental, Social and Governance (ESG) Group:
Susy Bullock – London (+44 (0) 20 7071 4283, sbullock@gibsondunn.com)
Perlette M. Jura – Los Angeles (+1 213-229-7121, pjura@gibsondunn.com)
Ronald Kirk – Dallas (+1 214-698-3295, rkirk@gibsondunn.com)
Michael K. Murphy – Washington, D.C. (+1 202-955-8238, mmurphy@gibsondunn.com)
Selina S. Sagayam – London (+44 (0) 20 7071 4263, ssagayam@gibsondunn.com)
Lena Sandberg – Brussels (+32 2 554 72 60, lsandberg@gibsondunn.com)

*Vivian Leong and Ryan Butcher are trainee solicitors working in the firm’s London office who are not yet admitted to practice law.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

In December 2021, the Securities and Exchange Commission (“SEC”) proposed amendments to Rule 10b5-1 meant to address potential abuses of the current insider trading regime. As the SEC contemplates the final form of these amendments, it has already begun to crack down on improper reliance on or abuse of Rule 10b5-1 from an enforcement perspective. In the last few months, both the SEC and Department of Justice (“DOJ”) have reportedly prioritized investigations of Rule 10b5-1 trading plan abuses, and it’s likely that heightened enforcement challenging claims of reliance on Rule 10b5-1 (whether in its current form or as amended) is soon to follow.

Proposed Changes to Rule 10b5-1

Rule 10b5-1(c) under the Securities Exchange Act of 1934 provides an affirmative defense to insider trading for parties, such as corporate executives and directors, that often have access to material nonpublic information about their companies. Rule 10b5-1(c) provides a means for these parties to sell their company stock without violating Rule 10b-5’s prohibition on insider trading so long as any trades are made pursuant to pre-determined trading plans, known as Rule 10b5-1 plans, that are entered into a time when such parties are not aware of material nonpublic information.[i]

Rule 10b5-1 has long been criticized as allowing opportunistic trading and being subject to manipulation. Citing the need to “address critical gaps in the SEC’s insider trading regime,” the SEC proposed amendments to Rule 10b5-1 in December 2021.[ii] The amendments are targeted at enhancing protections against insider trading by making the requirements more restrictive, including by requiring 120-day cooling off periods before an executive officer’s or director’s trades can be executed under new or modified plans, prohibiting overlapping plans for the same class of securities, limiting single-trade plans to one plan per 12-month period, and requiring insiders to certify that they are not aware of material nonpublic information prior to adopting or modifying a new plan.[iii] The requirement that a 10b5-1 plan be entered into in good faith would be expanded to require that the plan also be operated in good faith.[iv] The amendments would also introduce multiple new reporting requirements pertinent to insider trading, including with respect to issuer’s insider trading policies and the usage of Rule 10b5-1 plans by insiders.[v] In its regulatory agenda published in June 2022, the SEC indicated that it planned to adopt the final amendments by April 2023.[vi]

Signs of Heightened Enforcement Activity

In addition to proposing amendments aimed at curbing alleged abuses of Rule 10b5-1, the SEC—together with the DOJ—has also recently demonstrated an increased interest in investigating and enforcing potential abuses of the rule. Historically, trades made in reliance on Rule 10b5-1 have only been infrequently investigated by U.S. authorities. However, according to recent reports, the DOJ’s Fraud Section and SEC enforcement attorneys are now using computer algorithms to identify potential manipulations of Rule 10b5-1 plans, and there are some indicators in the market that these investigations have been fruitful.[vii] In September, the SEC reached a settlement with the CEO and the former President of Cheetah Mobile Inc. based on allegations that the two executives sold stock pursuant to a 10b5-1 plan that they entered into while they were aware of material nonpublic information that the company’s second quarter revenue would be lower than expected.[viii] By selling shares before the public disclosure of the negative revenue report, the executives avoided losses of approximately $300,000.[ix] Not only does this settlement indicate that insider trading enforcement is likely on the rise, it also demonstrates that the SEC will investigate and punish infractions that result in relatively small benefits for insiders. In addition, the SEC’s order stipulated that for a period of five years following the order, the CEO would include a 120-day cooling off period for trading under any new or modified Rule 10b5-1 plan, and would not maintain overlapping plans, with respect to Cheetah Mobile securities.[x] The inclusion of these restrictions in the order suggests that the SEC remains supportive of including these restrictions in the final Rule 10b5-1 amendments, as proposed.

Other signs of robust investigations suggest that increased enforcement activity is on the horizon. In October, a breast-implant company disclosed that it had received subpoenas from DOJ and the SEC seeking materials related to its former CEO’s trading activities.[xi] And, while other companies have yet to publicly disclose similar requests, we are aware that other market participants have also noticed a sudden increase in inquiries from the SEC and DOJ regarding 10b5-1 plans. In light of these indicators, companies and corporate insiders should be particularly scrupulous when adopting Rule 10b5-1 plans, remain mindful of actions or provisions that could attract scrutiny or that underlie concerns prompting the proposed SEC amendments, and consult with counsel to reduce the risk of potential investigation and enforcement.

____________________________

[i] See 17 CFR § 240.10b5-1.

[ii] U.S. Sec. & Exch. Comm’n, SEC Proposes Amendments Regarding Rule 10b5-1 Insider Trading Plans and Related Disclosures (Dec. 15, 2021), https://www.sec.gov/news/press-release/2021-256.

[iii] See Gibson Dunn Client Alert, SEC Proposes Rules on Insider Trading, Rule 10b5-1 and Share Repurchases (Dec. 23, 2021).

[iv] Id.

[v] Id.

[vi] U.S. Sec. & Exch. Comm’n, Rule 10b5-1 and Insider Trading (2022), https://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202204&RIN=3235-AM86.

[vii] Bloomberg, US Probes Insider Trading in Prearranged Executive Stock Sales (Nov. 3, 2022).

[viii] U.S. Sec. & Exch. Comm’n, Order in the Matter of Sheng Fu and Ming Xu (Sep. 21, 2022).

[ix] Id.

[x] Id.

[xi] Bloomberg, US Probes Insider Trading in Prearranged Executive Stock Sales (Nov. 3, 2022).

The following Gibson Dunn attorneys assisted in preparing this client update: Joel M. Cohen, Lori Zyskowski, Nina Meyer, and Matthew Dolloff, with contributions by Ronald Mueller and Thomas Kim.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have about these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Securities Enforcement or Securities Regulation and Corporate Governance practice groups:

Securities Enforcement Group:
Joel M. Cohen – New York (+1 212-351-2664, jcohen@gibsondunn.com)
Richard W. Grime – Washington, D.C. (+1 202-955-8219, rgrime@gibsondunn.com)
Mark K. Schonfeld – New York (+1 212-351-2433, mschonfeld@gibsondunn.com)

Securities Regulation and Corporate Governance Group:
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
Thomas J. Kim – Washington, D.C. (+1 202-887-3550, tkim@gibsondunn.com)
James J. Moloney – Orange County (+1 949-451-4343, jmoloney@gibsondunn.com)
Ronald O. Mueller – Washington, D.C. (+1 202-955-8671, rmueller@gibsondunn.com)
Lori Zyskowski – New York (+1 212-351-2309, lzyskowski@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Following a recent interpretation of a long-standing rule, Rule 15c2-11 (the “Rule”) under the Securities Exchange Act of 1934, as amended (the “Exchange Act”), by the Staff of the Securities and Exchange Commission (the “Commission”), issuers of fixed income (e.g., debt) securities, including such securities initially offered and sold to investors in reliance on available exemptions from registration under the Securities Act of 1933, as amended (the “Securities Act”) (most notably Rule 144A under the Securities Act (“Rule 144A”)), will be required to publicly disclose specified current financial and other information in order to allow US-regulated broker-dealers (“US broker-dealers”) to publish quotations on such securities. For example, this rule will impact private companies that issue high yield or other bonds under Rule 144A and who wish to ensure that there is sufficient liquidity for their investors. Securities of issuers that do not choose to publicly disclose the information required under the Rule could suffer significant limitations in liquidity, as discussed below.

Background

The Rule, first adopted in 1971, while not directly applicable to issuers, requires US broker-dealers to collect and review certain issuer information before publishing quotes on the issuer’s securities in the Over the Counter (“OTC”) markets.[1] In 2020, the Commission adopted amendments to that Rule, substantially limiting the exceptions to such requirements and requiring that specified issuer information be current and publicly available in order for US broker-dealers to publish quotes on that issuer’s securities. As these amendments were set to come into effect in September of 2021, the Division of Trading and Markets, in a no-action letter, confirmed a new and surprising interpretation of the Rule, stating that the rule applies to all securities, including fixed income securities, despite never having been applied or enforced in fixed income securities markets.[2] Following that initial letter, the Division of Trading and Markets issued an additional no-action letter a few months later, providing for a phased-in approach to its enforcement of the amended Rule with respect to fixed income securities markets (the “No-Action Letter”).[3]

Impact on Markets for Unregistered Securities

The implications of the new interpretation of the Rule are likely to be most keenly felt in the Rule 144A market in relation to fixed income securities issued by companies (“Private Companies”) which are not registrants under the Exchange Act[4] nor otherwise required to publicly provide current financial and other information in the manner contemplated in that Rule.[5] In addition, Private Companies which issue fixed income securities in reliance on certain other exemptions, such as Section 3(a)(9) (exempting exchanges of one security previously issued by an issuer for another security of the same issuer, for no further consideration), Section 3(a)(10) (exempting exchanges of securities for existing securities or other claims pursuant to a governmental hearing) or Section 1145 of the U.S. Bankruptcy Code (exempting issuances of securities by a debtor in exchange for claims against it or an affiliate pursuant to a plan of bankruptcy under Chapter 11 of the U.S. Bankruptcy Code), will also be similarly affected.

Securities offered and resold pursuant to Rule 144A are, by their nature, restricted to qualified institutional buyers (“QIBs”) and are generally subject to highly negotiated and detailed financial reporting covenants. In addition, for Private Company issuers, Rule 144A has, since its adoption in 1990, required that QIB investors be entitled upon request to receive certain specified information (the “Rule 144A(d)(4) Information”)[6] from the issuer. Typically, such information has been provided by Private Companies only to QIBs through a secure online portal, or direct delivery to the QIB, which allows the information to be disseminated efficiently, without public disclosure. As a result of the new interpretation of the Rule, Private Companies that issue Rule 144A fixed income securities and wish to ensure that US broker-dealers may publish quotations for such securities will no longer be able to rely solely on such private dissemination methods of Rule 144A(d)(4) Information.[7]

Requirements of the Rule

Below we summarize the key requirements for Private Company issuers of fixed income securities under the Rule (as recently amended) which, for Rule 144A fixed income securities, will take effect on January 4, 2023, absent any further action by the Commission.

Current Information Required by the Rule

For US broker-dealers to be permitted to provide quotations for fixed income securities of Private Companies, the Rule requires the following issuer information, as of a date within 12 months of the date of the quotation (unless otherwise indicated), be publicly available[8]:

identifying information about the issuer and the relevant security (including the name, address, title, class, etc.) and the total amount of the securities outstanding as of the end of the issuer’s most recent fiscal year;
information about the issuer’s business (e., a description of the business, the products and services offered, names and titles of all insiders, etc.); and
the issuer’s most recent balance sheet (as of a date less than 16 months) and profit and loss and retained earnings statements for the 12 months preceding the date of the most recent balance sheet, and similar financial information for such part of the two preceding fiscal years as the issuer or its predecessors have been in existence.

The information described above is substantially similar to the Rule 144A(d)(4) Information requirement of Rule 144A for a company that is neither subject to the reporting requirements of the Exchange Act nor a foreign private issuer exempt from such reporting requirements pursuant to Rule 12g3-2(b) thereunder. However, unlike those requirements under Rule 144A, the Rule will require that the Private Company issuer make such information publicly available if they wish to permit US broker-dealers to publish quotations on the issuer’s OTC securities.

Meaning of “Publicly Available”

Under Rule 15c2-1, as amended, the relevant current information will only be deemed “publicly available” if it is “available on EDGAR; on the website of a state or federal agency, a qualified interdealer quotation system, a registered national securities association, a registered broker or dealer or an issuer; or through an electronic information delivery system that is generally available to the public in the primary trading market of a foreign private issuer…”.[9] Notably, the definition in the Rule explicitly excludes information to which access is restricted by user name, password, fees, or other restraints, which issuers of Rule 144A securities have historically used to protect information disclosed to QIBs in accordance with highly-negotiated financial reporting covenants.

Phased Implementation

The Rule is now in effect for fixed income securities. However, in response to requests from industry representatives seeking additional time to implement the operational and systems changes necessary to comply with the Rule in respect of fixed income securities, the Division of Trading and Markets issued the No-Action Letter, providing a phased-in approach to application of the amended Rule to fixed income securities markets in limited circumstances.[10] Pursuant to the No-Action Letter, the Commission confirmed that, during the period from January 3, 2022 until January 3, 2023 (“Phase 1”), it would not recommend enforcement against a US broker-dealer that provides a quotation for a fixed income security where that security or its issuer meets one of a limited number of criteria[11], including, most notably for Private Company issuers, that such securities are being offered pursuant to Rule 144A (provided the US broker-dealer reasonably believes the issuer will provide the Rule 144A(d)(4) Information to investors upon request). Under the No-Action Letter, from January 4, 2023, “Phase 2” described in the No-Action Letter will begin and run from such date, there will no longer be an exemption available for quotations relating to fixed income securities sold pursuant to Rule 144A.

Accordingly, from and after January 4, 2023, US broker-dealers will no longer be permitted to provide quotations for securities sold pursuant to Rule 144A unless there is current and publicly available financial information about the issuer meeting the requirements of the Rule.

Next Steps and Considerations

Industry groups such as the Securities Industry and Financial Markets Association (SIFMA) and the Investment Company Institute (ICI) continue to engage with the Commission regarding the application of the Rule to fixed income securities.[12] These groups are also advocating publicly against the application of the Rule to fixed income securities generally[13] and, especially, Rule 144A securities.[14] Nonetheless, a change in policy by the Commission in advance of the expiration of the current phase of the No-Action Letter regulatory regime on January 4, 2023 remains uncertain.

In the absence of any further relief from the Commission, Private Company issuers and all other market participants in these fixed income securities should now be considering the effects of the Rule (including the obligation of Private Company issuers to make certain information publicly available and the consequences of not doing so within the time-frame required by the SEC). For US broker-dealers this will mean screening for fixed income issuers that do not publicly provide current financial and other information required by Rule 15c2-11 and refraining from quoting securities from such issuers until such financial information is publicly available. Investors, similarly, will need to consider the liquidity of potential investments in the fixed income securities (including Rule 144A securities) of Private Company issuers that do not publicly provide current financial and other information required by Rule 15c2-11. Private Company issuers of fixed income securities (including Rule 144A securities) that are not otherwise required to publicly disclose current financial information must determine whether they will begin providing such information publicly in order to allow US broker-dealers to quote their securities. Failure to do so could impact the liquidity (and trading value) of such securities. For those issuers who decide to make such information publicly available in accordance with the Rule, they should be implementing proper infrastructure and controls to be ready for publication before January 4th. In addition, future Private Company issuers may also consider whether they would prefer to rely on other sources of capital raising, such as bank debt or debt securities offerings into other markets (especially for foreign private issuers), if available to them.

____________________________

[1] The Rule does not (and the prohibition on US broker-dealers discussed herein does not), however, apply to publications or submissions by a US broker-dealer, solely on behalf of a customer, of certain quotations for an OTC security that represent customers’ unsolicited indications of interest. See Rule 15c2-11(f)(2).

[2] Letter from Josephine Tao, Assistant Director, Office of Trading Practices, Division of Trading and Markets to Racquel Russell, Senior Vice President and Director of Capital Markets Policy, Office of the General Counsel, FINRA (Sept. 24, 2021) (Temporary Staff No-action Letter Regarding Rule 15c2-11 and Fixed Income Securities), available here.

[3] Letter from Josephine Tao, Assistant Director, Office of Trading Practices, Division of Trading and Markets to Racquel Russell, Senior Vice President and Director of Capital Markets Policy, Office of the General Counsel, FINRA (Dec. 16, 2021) (Temporary Staff No-action Letter 2 Regarding Rule 15c2-11 and Fixed Income Securities), available here.

[4] Issuers that offer fixed income or other securities in public offerings registered under the Securities Act, and/or which otherwise register a class of securities under Section 12 of the Exchange Act, are require to file annual and interim reports with the Commission pursuant to Sections 15(d) and/or 13 of the Exchange Act until such time, if any, that the issuer validly suspends or terminates such reporting requirements. The issuer’s annual and interim reports timely filed with the Commission in accordance with Sections 15(d) or 13 of the Exchange Act will also satisfy the publicly available current information requirement of Rule 15c2-11. However, notwithstanding any valid suspension and/or termination of its Exchange Act reporting requirements, for so long as any of the issuer’s OTC securities (including fixed income securities) remain outstanding thereafter, Rule 15c2-11 will require that issuer publicly disclose the required current information in accordance with the Rule if it wishes for US broker-dealers to be able to provide quotations for such securities.

[5] See below under “Meaning of Publicly Available.”

[6] 17 CFR § 230.144A(d)(4).

[7] In contrast to Rule 144A issuers, issuers of fixed income securities under certain other exemptions from registration under the Securities Act, such as Sections 3(a)(9) and 3(a)(10) under the Securities Act and Section 1145 of the Bankruptcy Code, are not required, by the terms of those exemptions, to provide or otherwise make public any information on an ongoing basis after issuance. Following this new interpretation of the Rule, however, such Private Company issuers that wish to ensure that US broker-dealers may provide quotations in such securities will similarly be required to publicly provide the financial and other information required by the Rule.

[8] For companies that are not Private Companies, such current information requirement alternatively may, if sufficiently current for purposes of the Rule, be met, for example, by any of the following (i) a prospectus or offering circular filed by the issuer as part of a registered public offering or offering under Regulation A under the Securities Act, (ii) an annual report or statement filed pursuant to Sections 15(d) and/or 13 of the Exchange Act, or pursuant to Regulation A or Regulation Crowd Funding under the Securities Act, or (iii) a copy of the information that, since the first day or its most fiscal year that a foreign private issuer has published in order to establish or maintain its exemption from registration under Section 12(g) of the Exchange Act provided by Rule 12g3-2(b) thereunder.

[9] Additionally, note that the Rule does not provide any limitation on liability or safe harbor for issuers who make the financial and other information publicly available in order to permit US broker-dealers to provide quotations for such issuer’s securities pursuant to the Rule.

[10] See supra note 4.

[11] In Phase 1, these criteria include fixed income securities (i) issued by an issuer that is not a Private Company, (ii) issued by certain foreign private issuers, which are foreign sovereign debt or are guaranteed by a foreign government, (iii) for which current and publicly available information about the issuer, (iv) issued by a by a bank, a bank holding company or a credit union with certain reporting requirements, and (v) offered and sold in accordance with Rule 144A (see Appendix A of the No-Action Letter). Phase 2 covers the same list, with the exception of fixed income securities offered and sold in accordance with Rule 144A, which will no longer be exempted (see Appendix B of the No-Action Letter). In Phase 3, a US broker-dealer will need to have determined that the security or its issuer satisfies the requirements of Phase 2 and either (i) the fixed income security is foreign sovereign debt or a debt security guaranteed by a foreign government; or (ii) there is a link on the quotation medium to the on which the security is being quoted, directly to the current and publicly available information about the issuer.

[12] See ICI Joint Letter to SEC on Application of Rule 15c2-11 to Fixed Income (Sept. 23, 2021), available here; see also
ICI Follow-Up Letter to SEC on Rule 15c2-11 and Rule 144A Debt Securities (Oct. 25, 2022), available here.

[13] See The Detriment of Rule 15c2-11’s Application to Fixed Income Markets (Sept. 12, 2022), available here.

[14] See The Collision of Rule 15c2-11 and Rule 144A (Sept. 19, 2022), available here.

The following Gibson Dunn lawyers prepared this client update: Alan Bannister and Thomas Canny*.

*Mr. Canny is an associate working in the firm’s New York office who is admitted only in Texas.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

First published on Thomson Reuters Regulatory Intelligence on 14th November 2022

Transitioning the world to “net zero” is one of the greatest global challenges that all – governments, corporates, investors and individuals – are called to rise up to and commit to deliver. To this end, we are seeing the move globally, across different regulatory regimes, towards increased transparency on the steps being taken by organisations to deliver on efforts to reduce green-house gas emissions coupled with a move from voluntary to mandatory climate-related disclosure requirements.

As organisations enhance their efforts to grapple with the challenge of setting and delivering upon their climate related action plans (whether to achieve net zero or carbon neutrality), we have also seen mounting frustration of investors and other stakeholders with the quality of climate-related disclosures being published by issuers resulting, in some cases, in activist actions and litigation. Regulatory bodies are addressing these concerns and now, having set their regulatory expectations, are moving sharply into substantive scrutiny of disclosures and initiating enforcement actions for “greenwashing”.

The UK regulator, the Financial Reporting Council (FRC), whose ambit includes setting the UK’s corporate governance code and supporting (through enhancing the transparency and integrity of corporate reporting) investors and others who rely on company reports, published in October 2022 a Net Zero Disclosures Report. The FRC recognises the desire of many investors and other stakeholders to understand the commitments being made by companies and their abilities to deliver against targets and through this lens has set out in this report guidance for organisations when setting and disclosing their plans to deliver upon their climate related commitments. Selina Sagayam discusses with Thomson Reuters insights from the Report and the key takeaways for organisations who are looking to enhance the quality and breath of their disclosures of ‘net zero’ commitments.

TRRI’s OpenWeb pages https://regintel-content.thomsonreuters.com/document/I5CEB5A905F6F11EDAD8A97919921B9B4.

For additional information, please contact London partner Selina S. Sagayam –
(+44 (0) 20 7071 4263, ssagayam@gibsondunn.com).

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Originally published in The Hill

The recently released National Security Strategy sets forth the Biden administration’s approach to a changing world at an inflection point providing a roadmap for the administration and for Congress. The administration’s national security priorities largely echo those of past administrations, but they diverge with their focus on a “modern industrial and innovation strategy” that promises deep use of industrial and economic tools to create a bulwark against autocracies like Russia and China. The resulting message is clear: The administration’s national security goals are inherently tied to, and will necessarily impact, a broad swath of American companies.

Five areas of the strategy stand-out for their potential impact on companies.

First, increased investment scrutiny will ensure the Committee on Foreign Investment in the United States (CFIUS), with its expansive authority to review foreign investments, continues to be a prominent national security tool. The strategy also contemplates new outbound investment restrictions, which have been gaining congressional momentum as well. Should “reverse-CFIUS” come into effect, companies will need to transform their outbound investment strategies, planning for increased investment timelines, heightened scrutiny for investments in certain sectors and in certain countries, and potentially restrictions on certain outbound investments deemed to pose national security risk. Further, increased export controls will require companies to reinforce compliance programs and reevaluate offshoring operations. As the Commerce Department’s recent semiconductor restrictions demonstrate, new regulations can quickly reverberate across an industry, in some cases having a material impact.

Second, foreign policy and domestic policy lines blur with the focus on making strategic public investments in strategic sectors and supply chains, especially critical and emerging technologies. New laws, including the CHIPS and Science Act and the Inflation Reduction Act, illustrate the administration’s commitment — and congressional support — for such investments. These investments can be a significant catalyst for technological innovation for the private sector. However, companies will need to be clear on the tradeoffs that such subsidies present, as business decisions may be impacted, such as whether certain operations can be offshored.

Third, the administration’s focus on supply chain integrity and resilience means that companies — especially those in critical technology industries — may leverage this support to further optimize their supply chains and improve resilience. But it also means that in the short-term, as the administration focuses on countering Chinese influence, companies may feel pressure to improve knowledge of their supply chain, identify geographically diverse suppliers, and develop shorter-term, more flexible contracts with suppliers to better adapt to changes in supply chains. Many companies began laying the foundation for improved supply chain resilience with the COVID-19 pandemic. These efforts may need to accelerate, and companies will need to develop a sound business and legal strategy to enable operations relying on complex global supply chains in a fracturing geopolitical environment. The impact of the new semiconductor restrictions underscore supply chain complexity and the need to quickly adapt to changing regulatory requirements to minimize operational impact.

Fourth, securing critical infrastructure and strengthening cybersecurity will significantly impact the private sector, given the common cite that 85 percent of critical infrastructure is in the private sector. We have seen this start to play out with the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) giving the Cybersecurity and Infrastructure Security Agency (CISA) an increased mandate to develop critical infrastructure cybersecurity regulations, the setting of minimum security standards for federal software use, and recent White House announcements that communications, water and health care sectors are next on the administration’s cyber priority list. Companies in critical infrastructure must not only prepare for incoming cyber regulations, but ensure they properly invest in cybersecurity, adopting a “shields up” posture to defend against attacks perpetrated by a range of threat actors, including Russia.

Finally, the push to develop an inclusive international technology ecosystem likely means companies will need to navigate an increasingly regulated environment. An important prong of “transformative cooperation“ with Europe will focus on adequate privacy protections, building on the recent executive order on EU-U.S. data transfers. Practically, this means that companies should ensure transfer impact assessments are updated, evaluate the sufficiency of data transfer mechanisms, and adjust their commercial models as appropriate. There is also likely to be renewed focus on regulation of internet operating standards to ensure that standards governing the internet continue to promote core tenets of democracy, such as free speech.

Top Democrats support the administration’s strategy. Republicans have criticized the strategy. The midterm elections will play a key role in determining the likelihood of translating the strategy into legislative action. If the Democrats retain control of Congress, expect to see more legislative activity. However, if either the House or the Senate flips, then the administration’s national security priorities may not materialize in congressional action. Instead, the administration will likely focus more on executive national security authorities to progress the strategy’s objectives. The recent National Biotechnology and Biomanufacturing Initiative could serve as a blueprint. Regulatory agencies have also been assertive in issuing new regulations to achieve national security goals, such as the recent export control restrictions on advanced semiconductors and supercomputing. But, as Republicans are already calling for a congressional review of the handling of export controls should the House flip, there could be greater scrutiny of regulatory agencies should the Republicans gain control.

Regardless of how events play out on Election Day, the strategy’s focus on industrial and economic tools of national power portends significant impact on companies.

Stephenie Gosnell Handler is a partner in Gibson Dunn’s Washington, D.C. office, where she is a member of the International Trade and Privacy, Cybersecurity and Data Innovation practices. She advises clients on complex legal, regulatory and compliance issues relating to international trade, cybersecurity and technology matters. Handler’s legal advice is deeply informed by her operational cybersecurity and in-house legal experience at McKinsey & Company, as well as by her active-duty service in the U.S. Marine Corps.

Roscoe Jones Jr. is a partner in Gibson, Dunn & Crutcher’s Washington, D.C. office and co-chairs the firm’s Public Policy Group and serves as a core member of the Congressional Investigations practice group. Recognized in 2022 as one of Lawdragon’s “500 Leading Lawyers in America,” Jones has represented companies, nonprofits and individuals in legislative and policy matters before the Congress and executive branch. Jones has almost a decade of Capitol Hill experience advising three U.S. senators and a member of Congress and political experience in the executive branch.

Additional contributors include Michael D. Bopp, Daniel P. Smith*, and Apratim Vidyarhi*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s International Trade or Public Policy practice groups, or the following:

Stephenie Gosnell Handler – Partner, International Trade Group, Washington, D.C. (+1 202-955-8510, shandler@gibsondunn.com)

Roscoe Jones, Jr. – Co-Chair, Public Policy Group, Washington, D.C. (+1 202-887-3530, rjones@gibsondunn.com)

Michael D. Bopp – Co-Chair, Public Policy Group, Washington, D.C. (+1 202-955-8256, mbopp@gibsondunn.com)

*Mr. Smith is admitted only in Illinois and practicing under the supervision of members of the District of Columbia Bar under D.C. App. R. 49. Mr. Vidyarhi is a recent law graduate in the firm’s New York office who is not admitted to practice law.

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

This quarter marked demonstrable progress toward sector-specific approaches to the regulation of artificial intelligence and machine learning (“AI”). As the EU continues to inch toward finalizing its draft Artificial Intelligence Act—the landmark, cross-sector regulatory framework for AI/ML technologies—the White House published a “Blueprint for an AI Bill of Rights,” a non-binding set of principles memorializing the Biden administration’s approach to algorithmic regulation. The AI Bill of Rights joins a number of recent U.S. legislative proposals, both at the federal and state levels,[1] and the Federal Trade Commission’s (“FTC”) Advanced Notice of Proposed Rulemaking to solicit input on questions related to potentially harmful data privacy and security practices, including automated decision-making systems.

Our 3Q22 Artificial Intelligence and Automated Systems Legal Update focuses on these regulatory efforts and also examines other policy developments within the U.S. and Europe.

I. U.S. REGULATORY & POLICY DEVELOPMENTS

A. AI Bill of Rights

The past several years have seen a number of new algorithmic governance initiatives take shape at the federal level, building on the December 2020 Trustworthy AI Executive Order that outlined nine distinct principles to ensure agencies “design, develop, acquire and use AI in a manner that fosters public trust and confidence while protecting privacy.”[2]

On October 4, 2022—almost a year after announcing its development[3]—the White House Office of Science and Technology Policy (“OSTP”) released a white paper titled “Blueprint for an AI Bill of Rights” intended to guide the design, use, and deployment of automated systems to “protect the American public in the age of artificial intelligence.”[4] It provides practical guidance to government agencies and a call to action for technology companies, researchers, and civil society to build protections towards human-centric AI that is “designed to proactively protect [people] from harms stemming from unintended, yet foreseeable, uses or impacts of automated systems.” The Blueprint identifies five non-binding principles to act as a “backstop” in order to minimize potential harms stemming from certain applications of AI:

Safe and Effective Systems. To protect individuals from unsafe or ineffective systems, the Blueprint recommends proactive and ongoing consultation with the public and experts, risk identification and mitigation (which includes potentially not deploying a system or removing it from use), oversight mechanisms, and “adherence to domain-specific standards.” The use of inappropriate, low-quality, or irrelevant data should be avoided, and data the AI system derives from other data should be identified and tracked to avoid feedback loops, compounded harms, and inaccurate results. AI systems should be subject to independent evaluations and reporting.
Algorithmic Discrimination Protections. AI systems should be designed and used in an equitable way and not discriminate on the basis of a characteristic protected by law. Systems should be subject to proactive equity and disparity assessments, reflect a representative and robust data set used for the development of AI, ensure accessibility for people with disabilities, and guard against the use of non-representative data or proxies that contribute to algorithmic discrimination. There should be independent evaluation of potential algorithmic discrimination and reporting, including making assessments public “whenever possible.”
Data Privacy. Individuals should have agency over how their data is used and should not be subject to surveillance. To that end, AI systems should process data consistent with data privacy principles, including privacy by design, data minimization, consents for collection, use, access, transfer and deletion of data, and proactively identifying and mitigating privacy risks. Systems should not use AI for design decisions that “obfuscate user choice or burden users with defaults that are privacy invasive.” Surveillance and monitoring systems should be subject to heightened oversight, including an assessment of potential harms, and should not be used in contexts such as housing, education, or employment, or where the surveillance would monitor the exercise of democratic rights in a way that limits civil rights and liberties.
Notice and Explanation. Designers, developers, and deployers of automated systems should provide generally accessible plain language documentation, including clear descriptions of the overall system functionality and the role automation plays, notice that such systems are in use, the individual or organization responsible for the system, and explanations of outcomes that are clear, timely, and accessible. Individuals should know how and why an outcome impacting them was determined by an automated system, including when the automated system is not the sole input determining the outcome. Automated systems should provide explanations that are technically valid, meaningful, useful, and calibrated to the level of risk.
Human Alternatives, Consideration, and Fallback. People should be able to opt out of automated systems in favor of a human alternative, where appropriate, with a focus on ensuring broad accessibility and protecting the public from especially harmful impacts. There must be access to timely human consideration and remedy by a fallback and escalation process. Automated systems with an intended use within sensitive domains (e.g., criminal justice, employment, education, and health) should additionally be tailored to the purpose, provide meaningful access for oversight, include training for any people interacting with the system, and incorporate human consideration for adverse or high-risk decisions.

The principles apply broadly to “ automated systems that … have the potential to meaningfully impact the American public’s rights, opportunities, or access to critical resources or services.” “Automated systems” are themselves defined very broadly, encompassing essentially any system that makes decisions using computation.[5] The Blueprint is intended to further the ongoing discussion regarding privacy among federal government stakeholders and the public, but its impact on the private sector is likely to be limited because—unlike the wide-ranging EU AI Act, which is inching towards an implementation date—it lacks prohibitions on AI deployments and details or mechanisms for enforcement. The Blueprint is accompanied by supporting documentation, including a set of real-life examples and a high-level articulation of how the five principles can “move into practice.”[6]

B. FTC Rulemaking on “Harmful Commercial Surveillance and Lax Data Security”

On August 11, 2022, the FTC announced an Advance Notice of Proposed Rulemaking (“ANPRM”) to seek public comment on data privacy and security practices (“commercial surveillance”) that harm consumers.[7] Specifically, the FTC invites comment on “whether it should implement new trade regulation rules or other regulatory alternatives concerning the ways in which companies collect, aggregate, protect, use, analyze, and retain consumer data, as well as transfer, share, sell, or otherwise monetize that data in ways that are unfair or deceptive.”[8]

Notably, the ANPRM also solicits public input on algorithmic decision-making, including the prevalence of algorithmic error, discrimination based on protected categories facilitated by algorithmic decision-making systems, and how the FTC should address algorithmic discrimination through the use of proxies.[9] On September 27, the FTC continued the rulemaking process by hosting a virtual “Commercial Surveillance and Data Security Public Forum (the “Public Forum”)” to gather public feedback on the proposed rulemaking.[10]

The FTC is undertaking this rulemaking under Section 18 of the FTC Act (also known as “Magnuson-Moss”),[11] a lengthy and complicated hybrid rulemaking process that goes beyond the Administrative Procedure Act’s standard notice-and-comment procedures.[12] In light of these procedural hurdles, any new proposed rules likely will take considerable time to develop. The ANPRM notes that, if new rules are not forthcoming, the record developed in response to the ANPRM nevertheless will “help to sharpen the Commission’s enforcement work and may inform reform by Congress or other policymakers.” The inclusion of algorithmic decision-making in the scope of the potential rulemaking underscores the FTC’s continued focus on taking the lead in the regulation of automated systems at federal level.[13]

C. National Institute of Standards and Technology (“NIST”)

On August 18, 2022, NIST published and sought comments on a second draft of the NIST Artificial Intelligence Risk Management Framework (“AI RMF”).[14] The AI RMF, as mandated by Congress, is intended for voluntary use to help incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.[15] NIST plans to publish AI RMF in January 2023. NIST also sought comments on the draft NIST AI RMF Playbook, an online resource providing recommended actions on how to implement the AI RMF.

D. New York City Artificial Intelligence Law

On September 19, 2022, the New York City Department of Consumer and Worker Protection (“DCWP”) proposed rules in an attempt to clarify numerous ambiguities in New York City’s AI law, which takes effect on January 1, 2023.[16]

New York City’s law will restrict employers from using AEDT in hiring and promotion decisions unless it has been the subject of a bias audit by an “independent auditor” no more than one year prior to use.[17] The law also imposes certain posting and notice requirements to applicants and employees. The DCWP’s proposed rules are currently under consideration and may well invite more questions than answers as uncertainty about the requirements lingers. The proposed rules attempt to clarify certain key terms, specify the requirements for and provide examples of bias audits, and outline several different ways by which, if passed, employers may provide the advance notice to candidates and employees regarding the use of an AEDT.[18]

A public hearing was held on November 4, 2022, and the record for comments is now closed, but DCWP has not provided a firm date on which the proposed rules will be finalized. We will continue to monitor further guidance that will emerge as the January 1, 2023 effective date nears.

II. INTELLECTUAL PROPERTY

A. Federal Circuit Rules Inventors Must Be Natural Human Beings

On August 11, 2022, The U.S. Court of Appeals for the Federal Circuit affirmed a lower court’s ruling in Thaler v. Vidal that the plain text of the Patent Act requires that inventors must be human beings.[19] Attorneys for Steven Thaler, the creator of the AI system “DABUS” (Device for the Autonomous Bootstrapping of Unified Sentience), argued that an AI system that has “created” several inventions should be granted a patent application, and that inventorship requirements should not be a bar to patentability. The argument followed the U.S. Patent and Trademark Office’s rejection of two DABUS patent applications. A Virginia federal court affirmed that ruling last year, finding AI cannot be an inventor under U.S. patent law.[20] The DABUS project has also lodged several unsuccessful test cases in Australia, the EU, and the UK.[21]

III. EU REGULATORY & POLICY DEVELOPMENTS

A. AI Act Developments

Following the agreement on a common European AI strategy in 2018, the establishment of a high-level expert group in 2019, and various other publications, including a 2020 White Paper, on April 21, 2021, the EU Commission published its proposal for “the world’s first legal framework on AI”—the EU Artificial Intelligence Act (“AI Act”).[22] In September 2022, the Czech Presidency of the Council of the European Union published a new proposal and may be on the cusp of finalizing the text for the proposed AI Act.[23] The recent proposed changes to the draft legislation were relatively minor but notably included narrowing the definition of AI to focus on an AI system’s degree of autonomy and adding a chapter on General Purpose AI (“GPAI”)—large, multipurpose data models—indicating that obligations for these systems will likely be imposed through an implementing act.

The Committee of the Permanent Representatives of the Governments of the Member States to the European Union is expected to approve the final version on November 18, 2022, before ministers in the Transport, Telecommunications and Energy Council sign off on December 6, 2022.[24]

B. Draft AI Liability Directive and New Draft Product Liability Directive

On September 28, 2022, the European Commission (“EC”) published a set of proposals aiming to modernize the EU’s existing liability regime and adapt it to AI systems, give businesses legal certainty, and harmonize member states’ national liability rules for AI. The EC had previewed the draft rules in its February 2020 Report on Safety and Liability, emphasizing the specific challenges posed by AI products’ complex, opaque, and autonomous characteristics.[25] The draft EU AI Act, the AI Liability Directive (“ALD”) [26] and the updated Product Liability Directive (“PLD”)[27] are intended to be complementary[28] and, together, are set to significantly change liability risks for developers, manufacturers and suppliers who place AI-related products on the EU market.[29]

The draft Product Liability Directive (“PLD”) establishes a framework for strict liability for defective products across the EU—including AI systems—meaning claimants need only show that harm resulted from the use of a defective product. Notably, the mandatory safety requirements set out in the draft AI Act can be taken into account by a court for the purpose of determining whether a product is defective.

The AI Liability Directive (ALD”), which would apply to fault-based liability regimes in the EU, would create a rebuttable “presumption of causality” against any AI system’s developer, provider, or user, and would make it easier for potential claimants to access information about specific “High-Risk” AI Systems—as defined by the draft EU AI Act. Of particular significance to companies developing and deploying AI-related products is the new disclosure obligation related to “High-Risk” AI systems, which could potentially require companies to disclose technical documentation, testing data, and risk assessments—subject to safeguards to protect sensitive information, such as trade secrets. Failure to produce such evidence in response to a court order would permit a court to invoke a presumption of breach of duty.

The PLD and ALD will be subject to review and approval by the European Council and Parliament before taking effect. Once implemented, Member States will have two years to implement the requirements into local law. We are monitoring developments closely and stand ready to assist clients with preparing for compliance with the emerging EU AI regulatory framework.

IV. UK REGULATORY AND POLICY DEVELOPMENTS

A. UK Unveils Data Reform Bill, Proposes Approach to AI Regulation

On July 18, 2022, the UK government introduced several data reform initiatives aimed at guiding responsible use of data while promoting innovation, and regulating the use of AI.

The Data Protection and Digital Information Bill (“DPDI”),[30] which includes measures to “use AI responsibly while reducing compliance burdens on businesses to boost the economy,” is now facing delays[31] and a new public consultation, but would, if enacted, amend the current rules on data protection and privacy, including AI. As introduced, DPDI clarifies the circumstances in which organizations can use automated decision-making. If a decision produces a legal or similarly significant effect for an individual and involves the processing of sensitive
“special category” data, it cannot (other than in very specific circumstances) be taken solely on an “automated decision basis” with no “meaningful” human involvement. Otherwise, automated decision-making systems can be used, subject to safeguards intended to “protect the rights and freedoms of the individual.” These safeguards include requirements that the organization deploying the automated decision-making system can provide information about the decisions and provide individuals about whom a decision is being made with an opportunity to make representations about the decision, escalate to human intervention, and contest any decisions.

In parallel with the new legislation, the government also released a set of policy initiatives outlining the government’s approach to regulating AI in the UK, reiterating a commitment to sector-specific regulation and a “less centralized approach than the EU.”[32] Its “AI Action Plan” highlights the UK government’s “focus on supporting growth and avoiding unnecessary barriers being placed on businesses,” emphasizing that the proposal will “allow different regulators to take a tailored approach to the use of AI in a range of settings . . . [which] better reflects the growing use of AI in a range of sectors.”[33] The guidance sets out six core principles, which require developers and users to: (1) ensure that AI is used safely; (2) ensure that AI is technically secure and functions as designed; (3) make sure that AI is appropriately transparent and explainable; (4) consider fairness; (5) identify a legal person to be responsible for AI; and (6) clarify routes to redress or contestability.

A range of regulators—Ofcom, the Competition and Markets Authority, the Information Commissioner’s Office, the Financial Conduct Authority, and the Medicine and Healthcare Products Regulatory Agency—will be asked to interpret and implement the principles and encouraged to consider “lighter touch options which could include guidance and voluntary measures or creating sandboxes.”[34]

B. UK ICO Publishes Guidance on Privacy Enhancing Technologies

On September 7, 2022, the UK Information Commissioner’s Office (“ICO”) published draft guidance on privacy-enhancing technologies (“PETs”) intended to “help organisations unlock the potential of data by putting a data protection by design approach into practice.”[35] PETs are technologies that are intended to help organizations share and use people’s data responsibly, lawfully, and securely, including by minimizing the amount of data used and by encrypting or anonymizing personal information.

The ICO’s draft PETs guidance explains the benefits and different types of PETs currently available, as well as how they can help organizations comply with data protection law. For example, the guidance contains information on the benefits and risks of using synthetic data to train large models. This guidance forms part of the ICO’s draft guidance on anonymization and pseudonymization, and the ICO is seeking feedback to help refine and improve the final guidance.

_________________________

[1] See, e.g., the American Data Privacy Protection Act (“ADPPA”), which would require certain types of businesses developing and operating AI to undertake risk assessments. For more details, please see our Artificial Intelligence and Automated Systems Legal Update (2Q22).

[2] For more details, please see President Trump Issues Executive Order on “Maintaining American Leadership in Artificial Intelligence.”

[3] White House, Join the Effort to Create a Bill of Rights for an Automated Society (Nov. 10, 2021), available at https://www.whitehouse.gov/ostp/news-updates/2021/11/10/join-the-effort-to-create-a-bill-of-rights-for-an-automated-society/.

[4] White House, Office for Science and Technology, available at https://www.whitehouse.gov/ostp/ai-bill-of-rights/.

[5] “An “automated system” is any system, software, or process that uses computation as whole or part of a system to determine outcomes, make or aid decisions, inform policy implementation, collect data or observations, or otherwise interact with individuals and/or communities. Automated systems include, but are not limited to, systems derived from machine learning, statistics, or other data processing or artificial intelligence techniques, and exclude passive computing infrastructure. “Passive computing infrastructure” is any intermediary technology that does not influence or determine the outcome of decision, make or aid in decisions, inform policy implementation, or collect data or observations, including web hosting, domain registration, networking, caching, data storage, or cybersecurity. Throughout this framework, automated systems that are considered in scope are only those that have the potential to meaningfully impact individuals’ or communities’ rights, opportunities, or access.” See The White House, OSTP, Blueprint for an AI Bill of Rights, Definitions, https://www.whitehouse.gov/ostp/ai-bill-of-rights/definitions/.

[6] The White House, OSTP, Blueprint for an AI Bill of Rights, From Principles to Practice, https://www.whitehouse.gov/ostp/ai-bill-of-rights/safe-and-effective-systems-3/.

[7] Federal Register, Trade Regulation Rule on Commercial Surveillance and Data Security, https://www.federalregister.gov/documents/2022/08/22/2022-17752/trade-regulation-rule-on-commercial-surveillance-and-data-security.

[8] Id.

[9] Public comments are available at https://www.federalregister.gov/documents/2022/08/22/2022-17752/trade-regulation-rule-on-commercial-surveillance-and-data-security.

[10] For more details, please see FTC Launches Commercial Surveillance and Data Security Rulemaking, Holds a Public Forum, and Seeks Public Input.

[11] Magnuson-Moss Warranty Federal Trade Commission Improvement Act, 15 U.S.C. § 57a(a)(1)(B).

[12] The FTC may promulgate a trade regulation rule to define acts or practices as unfair or deceptive “only where it has reason to believe that the unfair or deceptive acts or practices which are the subject of the proposed rulemaking are prevalent.” The FTC may make a determination that unfair or deceptive acts or practices are prevalent only if: “(A) it has issued cease and desist orders regarding such acts or practices, or (B) any other information available to the Commission indicates a widespread pattern of unfair or deceptive acts or practices.” That means that the agency must show (1) the prevalence of the practices, (2) how they are unfair or deceptive, and (3) the economic effect of the rule, including on small businesses and consumers.

[13] For more detail on the FTC’s activities in this space, please see our 2021 Artificial Intelligence and Automated Systems Annual Legal Review.

[14] NIST Seeks Comments on AI Risk Management Framework Guidance, Workshop Date Set, https://www.nist.gov/news-events/news/2022/08/nist-seeks-comments-ai-risk-management-framework-guidance-workshop-date-set; NIST, AI Risk Management Framework: Second Draft, https://www.nist.gov/system/files/documents/2022/08/18/AI_RMF_2nd_draft.pdf.

[15] NIST Risk Management Framework, https://www.nist.gov/itl/ai-risk-management-framework.

[16] NYC Dep’t Consumer & Worker Prot., Notice of Public Hearing and Opportunity to Comment on Proposed Rules, https://rules.cityofnewyork.us/wp-content/uploads/2022/09/DCWP-NOH-AEDTs-1.pdf.

[17] For more details, please see Gibson Dunn’s New York City Enacts Law Restricting Use of Artificial Intelligence in Employment Decisions.

[18] For more details regarding the proposed rules, please see Gibson Dunn’s New York City Proposes Rules to Clarify Upcoming Artificial Intelligence Law for Employers.

[19] Thaler v. Vidal, 43 F.4th 1207 (Fed. Cir. 2022).

[20] Thaler v. Hirshfeld, 558 F. Supp. 3d 238 (E.D. Va. 2021).

[21] See, e.g., 2021 Artificial Intelligence and Automated Systems Annual Legal Review.

[22] For more details, please see 2021 Artificial Intelligence and Automated Systems Annual Legal Review.

[23] EURActiv, AI Act: Czech EU presidency makes final tweaks ahead of ambassadors’ approval (Nov. 4, 2022), https://www.euractiv.com/section/digital/news/ai-act-czech-eu-presidency-makes-final-tweaks-ahead-of-ambassadors-approval/.

[24] Euractiv, Last-minute changes to EU Council’s AI Act text ahead of general approach (Nov. 14, 2022), available at https://www.euractiv.com/section/digital/news/last-minute-changes-to-eu-councils-ai-act-text-ahead-of-general-approach/.

[25] EC, Report on the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics, COM(2020) 64 (Feb. 19, 2020), available at https://ec.europa.eu/info/files/commission-report-safety-and-liability-implications-ai-internet-things-and-robotics_en; see also European Commission, Questions & Answers: AI Liability Directive, available at https://ec.europa.eu/commission/presscorner/detail/en/QANDA_22_5793 (“Current national liability rules are not equipped to handle claims for damage caused by AI-enabled products and services. In fault-based liability claims, the victim has to identify whom to sue, and explain in detail the fault, the damage, and the causal link between the two. This is not always easy to do, particularly when AI is involved. Systems can oftentimes be complex, opaque and autonomous, making it excessively difficult, if not impossible, for the victim to meet this burden of proof.”)

[26] European Commission, Proposal for a Directive on adapting non contractual civil liability rules to artificial intelligence (Sept. 28, 2022), available at https://ec.europa.eu/info/files/proposal-directive-adapting-non-contractual-civil-liability-rules-artificial-intelligence_en.

[27] European Commission, Proposal for a directive of the European Parliament and of the Council on liability for defective products (Sept. 28, 2022), available at https://single-market-economy.ec.europa.eu/document/3193da9a-cecb-44ad-9a9c-7b6b23220bcd_en.

[28] The AI Liability Directive uses the same definitions as the AI Act, keeps the distinction between high-risk/non-high risk AI, recognizes the documentation and transparency requirements of the AI Act by making them operational for liability through the right to disclosure of information, and incentivizes providers/users of AI-systems to comply with their obligations under the AI Act.

[29] European Commission, Questions & Answers: AI Liability Directive, available at https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_5793 (“Together with the revised Product Liability Directive, the new rules will promote trust in AI by ensuring that victims are effectively compensated if damage occurs, despite the preventive requirements of the AI Act and other safety rules.”).

[30] Data Protection and Digital Information Bill, available at https://publications.parliament.uk/pa/bills/cbill/58-03/0143/220143.pdf.

[31] Spencer, M. (2022, September 5). Business Statement [Hansard]. (Vol. 719), available at https://hansard.parliament.uk/commons/2022-09-05/debates/FB4997E6-14A2-4F25-9472-E2EE7F00778A/BusinessStatement (“the Government will not move the Second Reading and other motions relating to the Data Protection and Digital Information Bill today to allow Ministers to consider the legislation further”).

[32] Gov.UK, Press Release, UK sets out proposals for new AI rulebook to unleash innovation and boost public trust in the technology, available at https://www.gov.uk/government/news/uk-sets-out-proposals-for-new-ai-rulebook-to-unleash-innovation-and-boost-public-trust-in-the-technology.

[33] Id.

[34] Id.

[35] ICO, ICO publishes guidance on privacy enhancing technologies (Sept. 7, 2022), available at https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/09/ico-publishes-guidance-on-privacy-enhancing-technologies/. See also https://ico.org.uk/media/about-the-ico/consultations/4021464/chapter-5-anonymisation-pets.pdf.

The following Gibson Dunn lawyers prepared this client update: H. Mark Lyon, Frances Waldmann, and Emily Lamm.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Artificial Intelligence and Automated Systems Group, or the following authors:

H. Mark Lyon – Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com)
Frances A. Waldmann – Los Angeles (+1 213-229-7914,fwaldmann@gibsondunn.com)

Please also feel free to contact any of the following practice group leaders and members:

Artificial Intelligence and Automated Systems Group:
J. Alan Bannister – New York (+1 212-351-2310, abannister@gibsondunn.com)
Patrick Doris – London (+44 (0)20 7071 4276, pdoris@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Co-Chair, Palo Alto (+1 650-849-5203, cgaedt-sheckter@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33 180, kgesing@gibsondunn.com)
Joel Harrison – London (+44(0) 20 7071 4289, jharrison@gibsondunn.com)
Ari Lanin – Los Angeles (+1 310-552-8581, alanin@gibsondunn.com)
Carrie M. LeRoy – Palo Alto (+1 650-849-5337, cleroy@gibsondunn.com)
H. Mark Lyon – Co-Chair, Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com)
Vivek Mohan – Co-Chair, Palo Alto (+1 650-849-5345, vmohan@gibsondunn.com)
Alexander H. Southwell – New York (+1 212-351-3981, asouthwell@gibsondunn.com)
Christopher T. Timura – Washington, D.C. (+1 202-887-3690, ctimura@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com)
Michael Walther – Munich (+49 89 189 33 180, mwalther@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

A proposed rule published in the Federal Register on November 14, 2022 would amend the Federal Acquisition Regulation (FAR) to require certain Federal contractors to provide data regarding their greenhouse gas (GHG) emissions and climate-based financial risks, and to establish “science-based targets” for reducing their GHG emissions.[1] The proposed rule implements President Biden’s May 20, 2021 Executive Order (EO) 14030, Climate-Related Financial Risk, which directed the FAR Council to consider amending the FAR to “require major Federal suppliers to publicly disclose greenhouse gas emissions and climate-related financial risk and to set science-based reduction targets.”[2] The comment period for the proposed rule is open until January 13, 2023.

The FAR Council’s proposed rule would significantly expand the GHG reporting obligations for federal contractors, and reflects the Biden Administration’s “whole of government” approach to addressing climate change. The preamble to the proposed rule notes, for example, similarities the proposal bears to the Securities and Exchange Commission’s March 21, 2022 proposal to impose climate-related disclosure requirements on U.S. public companies and foreign private issuers.[3] Like the SEC’s proposed rule, which has been controversial, the proposed amendment to the FAR aims to standardize the disclosure of climate-related financial risks and leverage existing standards, such as those of the Task Force on Climate-Related Financial Disclosures (TCFD).[4] Unlike the SEC’s proposed rule, the proposed FAR amendment requires certain companies to establish emissions reduction targets, although the SEC did propose that registrants disclose such targets if they have them.[5]

The FAR Council’s proposed GHG reporting rule would apply to “significant contractors,” defined as contractors that receive at least $7.5 million, but less than $50 million, in Federal contract obligations during the prior fiscal year, and “major contractors,” defined as contractors that received more than $50 million in Federal contract obligations during the prior fiscal year.[6] The proposed rule articulates baseline compliance requirements that would apply to both significant contractors and major contractors, as well as additional compliance requirements that would apply to major contractors only.[7] The baseline compliance requirements would begin one year after the publication of a final rule, while major contractors would have two years from the publication of a final rule to come into compliance with their additional reporting obligations.[8] Overall, the FAR Council’s proposed rule would (1) create a new FAR subpart at 23.XX, “Public Disclosure of Climate Information,” that would outline annual climate-related inventory and disclosure requirements for certain contractors, (2) amend existing annual climate-related representations in certain FAR solicitation clauses, and (3) amend the standard of responsibility for prospective significant and major contractors such that they are presumed to be nonresponsible if they have not complied with the new GHG disclosure requirements described in subpart 23.XX, unless “the noncompliance resulted from circumstances properly beyond the prospective contractor’s control,” they have “provided documentation sufficient for purposes of award that demonstrates substantial efforts taken to comply” with the requirements, they have “made a public commitment to comply as soon as possible (within [one] calendar year) on a publicly accessible website,” or a valid exception, exemption, or waiver applies.[9]

The disclosure scheme outlined in the FAR Council’s proposed rule represents a substantial expansion of the FAR’s current GHG-related provisions. Promulgated in 2016, FAR 23.802(d) currently requires only that contractors that receive $7.5 million or more in Federal contract obligations in a fiscal year represent whether they publicly disclose their GHG emissions and quantitative GHG emissions reduction goals.[10] While the current GHG-related provisions were promulgated to “assist agencies in developing strategies to engage with offerors to reduce supply chain emissions,”[11] the FAR Council now appears prepared to make affirmative use of the information it collects from contractors regarding their GHG emissions, stating in the preamble to the proposed rule that its purpose is to “ensure major Federal suppliers make the required disclosures and set targets to reduce their GHG emissions.”[12] As outlined in Section 23.XX03, the proposed rule would require a significant or major contractor, itself or through its immediate owner or highest-level owner, to complete an annual GHG inventory of its Scope 1 emissions, which are “emissions from sources that are owned or controlled” by the contractor, and its Scope 2 emissions, which “include GHG emissions associated with the generation of electricity, heating and cooling, or steam” purchased by the contractor but produced elsewhere.[13] The proposed rule also directs a significant contractor or major contractor to disclose its total Scope 1 and Scope 2 emissions in the Federal Government’s System for Award Management (SAM) each year.[14]

In addition to the requirements that apply to both significant and major contractors, the FAR Council’s proposed rule would require a major contractor to complete an “annual climate disclosure,” which is “a set of disclosures by an entity that aligns with recommendations of the TCFD,” and to publish the disclosure on a publicly accessible website.[15] The proposal states that the TCFD annual climate disclosure “includes a GHG inventory of not only Scope 1 and Scope 2 emissions, but also relevant Scope 3 emissions, which are emissions [(other than Scope 2 emissions)] that are a consequence of the operations of the reporting entity but occur at sources other than those owned or controlled by the entity.”[16] Additionally, the TCFD framework calls for the annual climate disclosure to “describe[] the entity’s climate risk assessment process and any risks identified.”[17]

The proposed rule would also require major contractors to develop “science-based targets” for GHG emission reductions.[18] A “science-based target” is an emissions reduction target that is consistent with the goals of the 2015 Paris Agreement, namely, “to limit global warming to well below 2^oC above pre-industrial levels and pursue efforts to limit warming to 1.5^oC.”[19] Under the proposed rule, the science-based targets developed by major contractors must have been validated by the Science-Based Targets Initiative (SBTi) within the last five calendar years, and the major contractors must publish the targets on publicly accessible websites.[20]

The proposed rule indicates that the Government would enforce these new requirements by instructing contracting offerors “to treat a prospective contractor that is a significant or major contractor as nonresponsible under [FAR] 9.104-3(e),” unless the prospective contractor satisfies its GHG inventory and reporting obligations.[21] Only contractors deemed responsible are eligible to receive Federal Government contracts or subcontracts.[22] However, the proposed rule also provides for the issuance of exemptions from, and waivers to, the procedures for determining a contractor’s responsibility, outlined at Section 23.XX05, and the corresponding new responsibility standards at FAR 9.104-3(e), under certain circumstances.[23]

The FAR Council’s proposed rule is representative of the Biden Administration’s willingness to use the federal procurement process to address cross-cutting policy issues like climate change. For example, we have previously written about the Biden Administration’s mandate that federal contractor employees be vaccinated against COVID-19,[24] an initiative that was first announced in EO 14042 of September 9, 2021 to “promote[] economy and efficiency in Federal procurement.”[25] That mandate drew a number of legal challenges, including one that resulted in a decision by the U.S. Court of Appeals for the Eleventh Circuit that upheld a district court preliminary injunction blocking the implementation of the contractor vaccine mandate, but that narrowed the injunction’s scope to limit it to contracts with the specific plaintiffs in that case (Georgia, Alabama, Idaho, Kansas, South Carolina, Utah, West Virginia, and a construction trade group).[26] It remains to be seen how the federal contractor community will respond to the FAR Council’s GHG reporting rule in the notice and comment process, and whether the final rule will spark litigation.

As noted, the comment period for the FAR Council’s proposed rule runs through January 13, 2023.

_____________________________

[1] See generally Federal Acquisition Regulation: Disclosure of Greenhouse Gas Emissions and Climate-Related Financial Risk, 87 Fed. Reg. 68312 (Nov. 14, 2022) (to be codified at 48 C.F.R. pts. 1, 4, 9, 23, and 52).

[2] Executive Order 14030 of May 20, 2021: Climate-Related Financial Risk, 86 Fed. Reg. 27967 (May 25, 2021).

[3] Federal Acquisition Regulation: Disclosure of Greenhouse Gas Emissions and Climate-Related Financial Risk, 87 Fed. Reg. at 68312; see also The Enhancement and Standardization of Climate-Related Disclosures for Investors, 87 Fed. Reg. 21334 (Apr. 11, 2022) (to be codified at 17 C.F.R. pts. 210, 229, 232, 239, and 249).

[4] Federal Acquisition Regulation: Disclosure of Greenhouse Gas Emissions and Climate-Related Financial Risk, 87 Fed. Reg. at 68312.

[5] Id.

[6] Id. at 68313.

[7] Id. at 68329.

[8] Id. at 68316.

[9] Id. at 68327.

[10] 48 C.F.R. § 23.802(d).

[11] Federal Acquisition Regulation: Public Disclosure of Greenhouse Gas Emissions and Reduction Goals—Representation, 81 Fed. Reg. 83092 (Nov. 18, 2016) (to be codified at 48 C.F.R. pts. 1, 4, 23, and 52).

[12] Federal Acquisition Regulation: Disclosure of Greenhouse Gas Emissions and Climate-Related Financial Risk, 87 Fed. Reg. at 68312.

[13] Id. at 68313, 68329.

[14] Id. at 68329.

[15] Id. at 68313-14, 68329.

[16] Id. at 68314.

[17] Id.

[18] Id.

[19] Id.

[20] Id. at 68329.

[21] Id.

[22] 48 C.F.R. § 9.103(a) (“Purchases shall be made from, and contracts shall be awarded to, responsible prospective contractors only.”)

[23] Federal Acquisition Regulation: Disclosure of Greenhouse Gas Emissions and Climate-Related Financial Risk, 87 Fed. Reg. at 68316.

[24] Eugene Scalia et al., President Biden Announces COVID-19 Vaccine Mandates, with Legal Challenges Likely to Follow, Gibson Dunn (Sept. 10, 2021), https://www.gibsondunn.com/president-biden-announces-covid-19-vaccine-mandates-with-legal-challenges-likely-to-follow/.

[25] Executive Order 14042 of September 9, 2021: Ensuring Adequate Safety Protocols for Federal Contractors, 86 Fed. Reg. 50985 (Sept. 14, 2021).

[26] Georgia v. Pres. of the U.S., 46 F.4th 1283 (11th Cir. 2022).

The following Gibson Dunn attorneys assisted in preparing this client update: Eugene Scalia, Lindsay M. Paulin, Rachel Levick, and Nick Perry.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Administrative Law and Regulatory, Environmental Litigation and Mass Tort, or Government Contracts practice groups:

Government Contracts Group:
Dhananjay S. Manthripragada – Los Angeles (+1 213-229-366, dmanthripragada@gibsondunn.com)
Lindsay M. Paulin – Washington, D.C. (+1 202-887-3701, lpaulin@gibsondunn.com)
Joseph D. West – Washington, D.C. (+1 202-955-8658, jwest@gibsondunn.com)

Environmental Litigation and Mass Tort Group:
Stacie B. Fletcher – Washington, D.C. (+1 202-887-3627, sfletcher@gibsondunn.com)
Daniel W. Nelson – Washington, D.C. (+1 202-887-3687, dnelson@gibsondunn.com)
Rachel Levick – Washington, D.C. (+1 202-887-3574, rlevick@gibsondunn.com)

Administrative Law and Regulatory Group:
Eugene Scalia – Washington, D.C. (+1 202-955-8543, escalia@gibsondunn.com)
Helgi C. Walker – Washington, D.C. (+1 202-887-3599, hwalker@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

This course covers the rise of nationwide injunctions and their effect on public perception of the judicial system. We discuss the differentiation between nationwide injunctions in private law cases and public law cases, and take a deeper look into the arguments both for and against nationwide injunctions. Finally, we address the increase in appellate skepticism and proposals for reform.

Topics discussed:

The rise of nationwide injunctions
Nationwide injunctions in private law cases
Nationwide injunctions in public law cases
Arguments for and against nationwide injunctions
Increased appellate skepticism and proposals for reform

PANELISTS:

Gregg Costa is a partner in the Houston office of Gibson, Dunn & Crutcher and co-chair of the firm’s Global Trial Practice Group. Mr. Costa previously served on the U.S. Court of Appeals for the Fifth Circuit from 2014 to 2022, following his nomination by President Obama and confirmation by the U.S. Senate with a vote of 97-0. His broad experience – having handled complex civil and criminal matters, at trial and on appeal, as advocate and judge – allows him to offer invaluable skills and strategic insights.

Collin Cox is a partner in the Houston office of Gibson, Dunn & Crutcher, where he represents plaintiffs and defendants in high-stakes commercial cases. He has been a lead trial lawyer in computer software trade secrets cases, several actions related to the Bernard L. Madoff fraud, royalty disputes, patent litigation, and other business crisis situations. He continues to be one of the youngest trial lawyers in Texas to receive band ranking recognition in commercial litigation from Chambers USA.

Miguel A. Estrada is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher, where he represents clients before federal and state courts on a broad range of matters and has also argued 24 cases before the United States Supreme Court. Mr. Estrada is the lead appellate counsel in two securities-fraud appeals from jury verdicts that are currently pending in the Second Circuit. From 2014-2022, Chambers & Partners has named him as one of a handful of attorneys that it ranked in the top tier among the nation’s leading appellate lawyers.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1 credit hour, of which 1 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact CLE@gibsondunn.com to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1 hour.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

On November 9, 2022, the New York Department of Financial Services (“DFS”) announced proposed amendments (“Proposed Amendments”) to DFS’ Part 500 Cybersecurity Rules (the “Cybersecurity Rules”). The Proposed Amendments reflect a revised set of amendments based on the draft Part 500 amendments released on July 29, 2022 (“Draft Amendments”). The initial Draft Amendments were covered in our prior alert. The Proposed Amendments continue to reinforce DFS’ forward-leaning, “catalytic” role in strengthening cybersecurity practices, but reflect that DFS did consider the comments received in response to the Draft Amendments as they clarify certain security requirements, strengthen some requirements to protect consumers and covered entities, and soften others to make them more closely aligned with industry standards and better account for public concerns.

We highlight seven key takeaways of the Proposed Amendments:

Continue the Draft Amendments’ stringent 72-hour and 24-hour notification requirements—and add new provisions that would require covered entities to (i) notify DFS within 72 hours if affected by a third-party service provider cybersecurity event, and (ii) respond within 90 days to any requests by DFS in connection with DFS’ investigation of the cybersecurity event;
Modify the definition of Class A companies, likely reducing the scope of those subject to heightened requirements;
Soften some of the increased requirements on boards and senior management;
Ease the heightened requirements for incident preparedness and operational resilience;
Adjust certain technical requirements and their implementation timelines to be less aggressive;
Expand requirements for risk assessments; and
Reinforce new enforcement considerations.

We discuss each in turn below.

Even More Stringent Notification Obligations

The Draft Amendments previously proposed new, more stringent, cybersecurity event notification obligations, including:

Requiring notification to DFS within 72 hours of unauthorized access to privileged accounts or the deployment of ransomware within a material part of a covered entity’s information systems; and
Imposing a new 24-hour notification obligation in the event a ransom payment is made and a 30-day requirement to provide a written description of why the payment was necessary, alternatives considered, and sanctions diligence conducted.

The Proposed Amendments maintain these tight timetables, as well as add other obligations for incident notification, which reinforces DFS’ desire to be promptly kept informed about cybersecurity events at covered entities. These additional obligations include:

Requiring covered entities to provide DFS with any information requested regarding the investigation of the notified cybersecurity event within 90 days; and
Requiring covered entities affected by a cybersecurity event at a third-party service provider to notify DFS within 72 hours from the time the covered entity becomes aware of the event.

Revised Definition of “Class A” Companies with Heightened Requirements

The Draft Amendments increased cybersecurity obligations for a newly defined group of larger DFS covered entities, termed “Class A companies.” Although some requirements were removed or altered under the Proposed Amendments, the heightened requirements on this class of covered entities under the Draft Amendments included to:

Conduct weekly systematic scans or reviews reasonably designed to identify publicly known cybersecurity vulnerabilities and document and report any material gaps in testing to the board and senior management;
Implement an endpoint detection and response solution to monitor anomalous activity and a solution that centralizes logging and security event alerting;
Monitor privileged access activity and implement a password vaulting solution for privileged accounts and an automated method of blocking commonly used passwords;
Conduct an annual, independent audit of their cybersecurity programs; and
Use external experts to conduct a risk assessment at least once every three years.

After considering public comments, DFS modified its proposed scope for the new category of “Class A companies,” likely reducing the number of covered entities that would fall within this definition. The new definition for Class A companies under the Proposed Amendments include covered entities with:

In-state gross annual revenue of $20 million in each of the last two fiscal years from business operations of the covered entity and its affiliates, and that have:
- averaged over 2,000 employees over the last two fiscal years; or
- over $1 billion in gross annual revenue in each of the last two fiscal years.

While this is a broad definition that will still cover a large number of entities, it is a material narrowing of the Draft Amendments, which would have covered any entity with over 2,000 employees or companies with a three-year average of over $1 billion in gross annual revenue. Notably, the changes in the Proposed Amendments may result in excluding from the Class A definition certain covered entities that have a small presence in New York, and also shifts the Draft Amendments’ focus on gross annual revenues averaged over three years.

Under the Draft Amendments, Class A companies were required to conduct weekly systematic scans or reviews with respect to vulnerability assessments. The Proposed Amendments remove this requirement, instead requiring covered entities more broadly to have a monitoring process that ensures prompt notification of any new security vulnerabilities. The Proposed Amendments also revise certain technical and audit requirements included in the Draft Amendments for Class A companies, requiring:

A privileged access management solution along with an automated method of blocking commonly used passwords, or a reasonable equivalent of such blocking if approved annually by the CISO and if there is a reasonably equivalent or more secure compensating control; and
Independent audits to be conducted by external auditors, modifying the initial proposal that an internal auditor would suffice, and thereby reducing flexibility on how such audits should be conducted.

Softened Increased Obligations on Company Governing Bodies

Under the Proposed Amendments, DFS re-commits to its focus on the accountability of boards and senior management, but softens and removes some of the previously proposed obligations. These revised obligations:

Continue to require that the CISO has adequate authority and now also the “ability to direct sufficient resources to implement and maintain a cybersecurity program” (notably, the Proposed Amendments remove the Draft Amendments’ requirement for adequate “independence”);
Only require that the CISO’s annual board reports consider certain factors (i.e., the confidentiality of nonpublic information and the integrity and security of the covered entity’s information systems, the covered entity’s cybersecurity policies and procedures, plans for remediating material inadequacies, etc.) in the report, but no longer require those factors be expressly addressed;
Remove the obligation included in the Draft Amendments that the CISO review the feasibility of encryption of nonpublic information at rest and the effectiveness of compensating controls annually;
Change the obligation that both the CEO and CISO sign an annual certification or acknowledgement of noncompliance to a requirement that the “highest-ranking executive” and the CISO sign—the Proposed Amendments now also require that such certification or acknowledgement include remediation plans and a timeline for their implementation; and
Clarify that the role of the board (or its equivalent or the appropriate committee) shall also include exercising oversight of and providing direction to management on cybersecurity risk management.

These changes in the Proposed Amendments help clarify some ambiguities. For example, changing the obligation for signing certifications or acknowledgements of noncompliance to the CISO and the “highest-ranking executive” clarifies that all companies, even those without a CEO, are required to have and sign annual certifications or acknowledgements of noncompliance.

Eased Expanded Requirements for Incident Response and Operational Resilience

The Draft Amendments expanded measures requiring covered entities to have written plans for business continuity and disaster recovery (“BCDR”), including requiring certain measures to mitigate disruptive events. DFS also increased its requirements for incident response plans (“IRPs”) in the Draft Amendments, requiring certain additional content requirements for IRPs, such as clearly defined roles. These requirements for BCDR and IRPs have remained largely the same in the Proposed Amendments, with a few practical changes. Specifically, the Proposed Amendments:

Remove the Draft Amendments’ requirement that covered entities provide relevant personnel with copies of the IRPs and BCDR plans and maintain these plans “offsite,” instead requiring only that these plans be distributed to or otherwise accessible to relevant personnel; and
Replace the requirement that backups be “isolated from network connections” with a requirement that backups be “adequately protected from unauthorized alterations or destruction.”

Practically implemented, there may not be a significant difference concerning the changes to distribution of the IRPs and BCDR plans, as the Proposed Amendments require that the plans be accessible during a cybersecurity event, but the revised requirement will afford more flexibility for covered entities to develop an approach most effective for them. Further, in the Proposed Amendments, training is still required for personnel involved in implementing the plans, as are incident response and BCDR exercises, which are required at least annually. However, the changes to the requirement concerning backups is a significant technical change that will reduce the burden of compliance for many covered entities who do not have backups fully isolated from network connections.

Modified Enhanced Technology and Policy Requirements

The Proposed Amendments make significant changes to the strengthened technical and written policy requirements proposed by the Draft Amendments. Changes to technical requirements—focused on penetration testing, vulnerability management, and access controls—include:

Requiring user access privileges for privileged accounts be reviewed at least annually and terminated upon employee departures, supplementing the Draft Amendments’ requirements (i.e., that privileged accounts have multi-factor authentication and be limited to only users who need it to perform their job and when performing functions requiring such access);
Clarifying that penetration testing should be conducted both inside and outside the covered entity’s information systems’ boundaries and can be conducted by a qualified internal or external independent party;
Replacing the Draft Amendments’ exception to multi-factor authentication for service accounts with an exception where the CISO approves a reasonably equivalent or more secure control, and otherwise requiring multi-factor authentication for: (i) remote access to the covered entity’s information systems, (ii) remote access to third-party applications from which nonpublic information is accessible, and (iii) all privileged accounts; and
Replacing the Draft Amendments’ requirement for “strong, unique passwords” with a requirement to implement a “written password policy that meets industry standards.”

Many of these revisions, such as allowing the CISO to approve reasonably equivalent controls to replace multi-factor authentication, provide covered entities with more flexibility in achieving compliance with these regulations.

Amendments focused on covered entities’ written policies include:

Replacing the Draft Amendments’ requirement for “strong, unique passwords” with a requirement to implement a “written password policy that meets industry standards”;
Removing the requirement that covered entities’ written policies and procedures include all information systems and their components, such as such as hardware, operating systems, applications, infrastructure devices, APIs, and cloud services;
Requiring that the covered entity’s cybersecurity policies, based on its risk assessment, additionally cover data retention, systems and network monitoring, security awareness and training, systems and application security, and incident notification;
Requiring that incident responses plans include measures to investigate, in addition to mitigate, disruptive events;
Requiring that cybersecurity awareness training be conducted annually, at a minimum, and cover social engineering exercises rather than just “phishing training”; and
Requiring that the senior officers and the “highest-ranking executive,” rather than the CEO, of the covered entity revise the incident response plan as necessary.

These measures provide important clarification for covered entities. Certain measures, such as allowing for a written password policy that meets industry standards, also demonstrate DFS’ consideration of industry best practices in revising these regulations.

Additional Requirements for Risk Assessments

The Draft Amendments expanded the requirements for and definition of “risk assessments.” These changes have been maintained in the Proposed Amendments. The Draft Amendments required that covered entities review and update risk assessments annually and conduct impact assessments whenever a change in the business or technology causes a material change to the covered entity’s cyber risk. The requirement for impact assessments has since been removed, so covered entities now only have to review and update risk assessments annually and whenever such a change in business or technology occurs.

The Proposed Amendments also add a requirement that covered entities’ written policies and procedures for vulnerability management mandate automated scans of information systems and a manual review of systems not covered by such scans to identify vulnerabilities. The frequency of these scans and reviews is to be determined by the risk assessment and where there are any major system changes.

Reinforced New Enforcement Considerations

The Draft Amendments contained two significant provisions regarding the enforcement of the Cybersecurity Rules, specifically that:

Violations occur when a covered entity commits any act prohibited by the regulations or fails to satisfy a required obligation, which includes failing to: (i) comply for more than 24 hours with any part of the regulations, or (ii) prevent unauthorized access to nonpublic information due to noncompliance with the regulations; and
DFS may consider certain aggravating and mitigating factors when assessing the severity of penalties, for example: cooperation, prior violations, provision of false or misleading information, harm to customers, etc.

The Proposed Amendments do not materially change these requirements.

Next Steps

The Proposed Amendments illustrate DFS’ stated commitment to ensuring the Cybersecurity Rules continue to “keep[] pace with new threats and technology purpose-built to steal data or inflict harm,” as Superintendent Adrienne Harris stated in announcing the Proposed Amendments. The publication of the Proposed Amendments triggered a 60-day comment period that will end on January 9, 2023. Covered entities who have views on the proposed changes to the DFS Cybersecurity Rules should consider submitting comments. The Proposed Amendments demonstrate that DFS took into account prior comments as part of their “data-driven approach to amending the regulation to ensure that regulated entities address new and increasing cybersecurity threats with the most effective controls and best practices to protect consumers and businesses.” Following this comment period, DFS will review submitted comments and decide whether to re-propose revised amendments or adopt the Proposed Amendments as final regulations.

Covered entities should assess their cybersecurity practices to ensure they have adequate controls in place to comply with these anticipated regulatory changes. We are available to assist in those efforts and will continue to monitor and report on developments during and after the comment period.

This alert was prepared by Alexander Southwell, Stephenie Gosnell Handler, Vivek Mohan, Amanda Aycock, Snezhana Stadnik Tapia, Terry Wong, and Ruby Lang.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any member of the firm’s Privacy, Cybersecurity & Data Innovation practice group:

United States
Matthew Benjamin – New York (+1 212-351-4079, mbenjamin@gibsondunn.com)
Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com)
S. Ashlie Beringer – Co-Chair, PCDI Practice, Palo Alto (+1 650-849-5327, aberinger@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202-887-3786, dburns@gibsondunn.com)
Gustav W. Eyler – Washington, D.C. (+1 202-955-8610, geyler@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650-849-5203, cgaedt-sheckter@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202-955-8657, sgans@gibsondunn.com)
Lauren R. Goldman– New York (+1 212-351-2375, lgoldman@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202-955-8510, shandler@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213-229-7269, nhanna@gibsondunn.com)
Howard S. Hogan – Washington, D.C. (+1 202-887-3640, hhogan@gibsondunn.com)
Robert K. Hur – Washington, D.C. (+1 202-887-3674, rhur@gibsondunn.com)
Kristin A. Linsley – San Francisco (+1 415-393-8395, klinsley@gibsondunn.com)
H. Mark Lyon – Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650-849-5345, vmohan@gibsondunn.com)
Karl G. Nelson – Dallas (+1 214-698-3203, knelson@gibsondunn.com)
Rosemarie T. Ring – San Francisco (+1 415-393-8247, rring@gibsondunn.com)
Ashley Rogers – Dallas (+1 214-698-3316, arogers@gibsondunn.com)
Alexander H. Southwell – Co-Chair, PCDI Practice, New York (+1 212-351-3981, asouthwell@gibsondunn.com)
Deborah L. Stein – Los Angeles (+1 213-229-7164, dstein@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com)
Benjamin B. Wagner – Palo Alto (+1 650-849-5395, bwagner@gibsondunn.com)
Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415-393-8333/+1 650-849-5393, mwong@gibsondunn.com)
Debra Wong Yang – Los Angeles (+1 213-229-7472, dwongyang@gibsondunn.com)

Europe
Ahmed Baladi – Co-Chair, PCDI Practice, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
James A. Cox – London (+44 (0) 20 7071 4250, jacox@gibsondunn.com)
Patrick Doris – London (+44 (0) 20 7071 4276, pdoris@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com)
Bernard Grinspan – Paris (+33 (0) 1 56 43 13 00, bgrinspan@gibsondunn.com)
Joel Harrison – London (+44(0) 20 7071 4289, jharrison@gibsondunn.com)
Vera Lukic – Paris (+33 (0) 1 56 43 13 00, vlukic@gibsondunn.com)
Penny Madden – London (+44 (0) 20 7071 4226, pmadden@gibsondunn.com)
Michael Walther – Munich (+49 89 189 33-180, mwalther@gibsondunn.com)

Asia
Kelly Austin – Hong Kong (+852 2214 3788, kaustin@gibsondunn.com)
Connell O’Neill – Hong Kong (+852 2214 3812, coneill@gibsondunn.com)
Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Against the backdrop of increased geopolitical tensions and broader decoupling trends, the United States has implemented sweeping new export controls designed to make it extremely difficult for Chinese companies to develop cutting-edge technologies that might have military applications. The restrictions will make it increasingly difficult for Chinese companies to obtain or manufacture advanced semiconductors and integrated circuits, which are critical for the development of artificial intelligence. The new rules also bar U.S. individuals and companies from providing direct or indirect support for the development or production of such chips in China and will make it harder for Chinese companies to develop supercomputers with potential military applications.

Taken together, these new restrictions impose an effective embargo against China in these technology sectors. In imposing the restrictions, the U.S. government explained that it developed this sweeping set of new regulations to curtail China’s use of these items in the development of weapons of mass destruction, artificial intelligence and supercomputing-enhanced war fighting, and in technologies that enable violations of human rights.

These new changes have already proven to be disruptive. U.S. suppliers have already reportedly cut ties to Chinese chipmakers, and there are reports of “mass resignations” of U.S. employees in China’s semiconductor industry.

Hear from our experienced export controls attorneys in the U.S. and Hong Kong about these new restrictions and their potential impact. We discuss:

This development in the context of a series of efforts by both the U.S. and China to “decouple” in the technology sector
How these new restrictions are affecting Chinese companies as well as U.S. companies with operations in China
The potential impact on the broader semiconductor global supply chain
The outlook for enforcement and new restrictions

PANELISTS:

Fang Xue is a partner and Chief Representative in the Beijing office of Gibson, Dunn & Crutcher. Ms. Xue has represented Chinese and international corporations and private equity funds in cross-border acquisitions, private equity transactions, stock and asset transactions, joint ventures, going private transactions, tender offers and venture capital transactions, including many landmark deals among those. She also advises clients on corporate, compliance, export control and international trade related matters.

Judith Alison Lee is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher and Co-Chair of the firm’s International Trade Practice Group. Ms. Lee practices in the areas of international trade regulation, including USA Patriot Act compliance, Foreign Corrupt Practices Act, economic sanctions and embargoes and export controls. Ms. Lee also advises on issues relating to virtual and digital currencies, blockchain technologies and distributed cryptoledgers.

Stephenie Gosnell Handler is a partner in the Washington, D.C. office of Gibson, Dunn & Crutcher, where she advises clients on complex legal, regulatory, and compliance issues relating to international trade, cybersecurity and technology matters. Ms. Handler has prior experience advising clients on diverse global cybersecurity and technology matters, including strategic legal issues, data localization, regulatory compliance, risk management, governance, preparedness and data and export control and sanctions requirements.

David A. Wolber is a Registered Foreign Lawyer (New York) in Hong Kong and of counsel in the Hong Kong office of Gibson, Dunn & Crutcher. Mr. Wolber’s practice focuses on navigating complex legal, compliance, reputational, political and other risks arising out of various international trade, national security and financial crime laws and regulations. He advises clients on economic and trade sanctions, export controls, foreign direct investment controls/CFIUS, anti-money laundering and anti-bribery and anti-corruption laws and regulations.

Chris R. Mullen is an associate in the Washington, D.C. office of Gibson, Dunn & Crutcher. Mr. Mullen’s practice focuses on international trade and investment. He has experience on a range of matters, including navigating export controls under the ITAR and EAR, global economic sanctions, anti-money laundering regulations, CFIUS review and FCPA compliance. He has also advised companies on international trade matters related to corporate mergers and acquisitions and compliance with anti-money laundering obligations at the state and federal levels.

MCLE CREDIT INFORMATION:

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact CLE@gibsondunn.com to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1 hour.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

The New York Attorney General’s Office (the “NYAG” or the “Office”) continues to serve as a leader for other state attorneys general, having a profound impact on corporations, nonprofits, and individuals in New York and beyond. This round-up summarizes the major cases and initiatives pursued by New York State’s 67th Attorney General, Letitia James, and her team since August 2021. AG James was just re-elected to another four-year term beginning January 2023.

The NYAG’s priorities include a mix of local and national issues, including data privacy, cybersecurity, and data breaches; employee rights; investor protection; environmental and animal protection; protecting consumers, including homeowners, taxpayers, and seniors; and cracking down on Medicare fraud. There is certainly overlap in the NYAG’s priorities and those of federal regulators, and, like attorneys general around the country, increasingly the NYAG investigates and brings high-profile actions alongside federal regulators—including in cases where she may not have jurisdiction.

One new trend is that AG James is issuing reports that provide information about the NYAG’s investigative findings. Although these reports are not “legal proceedings” and often do not have any legal significance, the reports can have important public relations and reputational impact, and potentially spawn other regulatory investigations. Recently, for example, the Office has issued reports on the Nursing Home Response to the COVID-19 Pandemic, fake comments submitted in response to an FTC rulemaking on net neutrality, the sexual harassment allegations against Governor Andrew Cuomo, and the mass shooting in Buffalo, NY.

In terms of litigation, in recent years, the Office has made headlines for bringing large-scale suits in healthcare, including e-cigarette use among youth, the opioid crisis, and access to health care. That said, the Office initiates litigation in very few cases, resolving most through settlements. Like many AGs offices around the country, the Office is focused on enforcement against what it calls “Big Tech,” based on various legal theories, and in the past year has initiated several high-profile investigations into technology companies and other businesses. AG James continues to advocate for legislation in various key areas, including health care and the environment.

The Office’s biggest headline-grabber this year has been the September 2022 lawsuit against Donald Trump, the Trump Organization, senior management, and other entities. The case alleges that the Trump defendants engaged in years of financial fraud by falsely inflating Trump’s worth by billions of dollars in order to induce banks to lend money to the Trump Organization on more favorable terms, satisfy continuing loan covenants, induce insurers to provide insurance coverage for higher limits and at lower premiums, and gain tax benefits.[1] On November 4, AG James won a motion that granted a preliminary injunction freezing certain assets, appointed an independent monitor to oversee the submission of financial information to certain third parties, and scheduled a preliminary conference for November 22 to set an expedited trial schedule.[2]

In this Round-Up, we discuss in further detail numerous of AG James’s key cases and initiatives over the past year, including her support for antitrust legislation and efforts to enforce antitrust laws; her continued focus on data privacy rights of New Yorkers as reliance on consumer technology has increased as a result of the COVID-19 pandemic; her new efforts to in investor protection; her ongoing focus on health care, including abortion access; and her attention on the environment and labor and employment rights of New Yorkers.

I. Antitrust and Competition

AG James has continued to support efforts seeking to strengthen and modernize the antitrust laws. In September 2021, AG James co-led a bipartisan coalition of 32 state attorneys general in calling on Congress to fund state antitrust efforts in response to changing technology.[3]

In New York specifically, AG James has continued to be a proponent of enacting the 21st Century Antitrust Act, a bill that its supporters claim would update New York’s antitrust laws to address the modern economy.[4] The bill passed the New York State Senate on May 25, 2022 but did not pass the Assembly.[5] The law seeks to expand antitrust liability under New York’s Donnelly Act to, among other things, make it unlawful for a company to “abuse” a “dominant position” in a relevant market—a standard that is adopted from European law.[6] The bill has been criticized as excessively vague and potentially harmful to the New York economy.

AG James has also continued to aggressively investigate and pursue litigation against technology and pharmaceutical companies for alleged antitrust violations.[7] In January 2022, a coalition of 48 attorneys general (led by AG James) appealed the D.C. federal district court’s dismissal of their claims against a tech giant for allegedly anticompetitive acquisitions.[8] Also in January 2022, the Southern District of New York ruled in favor of New York, the FTC, and six other states in finding that Martin Shkreli engaged in illegal and anticompetitive practices while serving as the CEO of a pharmaceutical company. Shkreli was banned from the pharmaceuticals industry for life and was ordered to pay nearly $65 million.[9]

AG James also launched antitrust investigations into and reached agreements with other businesses. For example, in November 2021, the Office reached an agreement with two large supermarket chains to divest stores located in New York in connection with the companies’ proposed merger because it would have allegedly eliminated direct competition between local supermarkets.[10] And on July 28, 2022, AG James announced a lawsuit against a national pharmacy for alleged antitrust violations that allegedly impacted hospitals and clinics that provide care for underserved communities across New York State, by purportedly restricting their ability to take advantage of certain federal subsidies.[11]

II. Data Privacy, Cybersecurity, and Data Breaches

AG James continued to be active in the data privacy and cybersecurity realms over the past year, announcing several investigations arising from alleged data breaches, focusing on the importance of corporations keeping their customers’ personal data safe. In fact, according to a list identifying the number of complaints AG James’s Office received in 2021, which AG James published in March of this year, the Office received the greatest number of complaints for “Internet-Related” issues, including “data privacy and security” and “data breaches.”[12] Notable investigations and settlements, specifically arising from data breaches, include the following:

In January 2022, the Office reached a $600,000 agreement with a vision care provider, arising from an alleged 2020 data breach compromising the personal information of approximately 2.1 million consumers nationwide, including 98,632 New York State residents.[13] AG James’s investigation was brought pursuant to the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD” Act), New York’s cybersecurity statute which, effective March 2020, expanded the State’s data breach notification law and imposed cybersecurity requirements on companies that collect or maintain “private information” of New York residents.[14] In addition to the monetary payment, the company agreed to maintain a comprehensive information security program, regularly report any security risks to its leadership, maintain reasonable account management and authentication systems, encrypt sensitive consumer information, maintain appropriate logging and monitoring of network activity, and permanently delete consumers’ personal information when there is no reasonable business or legal purpose to maintain it.[15]
In June 2022, the Office, along with 45 other attorneys general, reached a $1.25 million settlement with a cruise line, arising from an alleged 2019 data breach that compromised the personal information of 180,000 employees and customers nationwide, including 6,575 New Yorkers.[16] Under the agreement, the cruise line will strengthen its email security and breach response practices, including by implementing and maintaining a breach response and notification plan; requiring email security training for employees; instituting multi-factored authentication for remote email addresses; requiring strong, complex passwords, password rotation, and secure password storage; maintaining enhanced behavior analytics tools to log and monitor potential security events; and undergoing an independent information security assessment.[17]
In June 2022, the Office reached a $400,000 settlement with a grocery store chain based on allegations that the company exposed the personal information of more than three million consumers, including more than 830,000 New Yorkers, due to allegedly unsafe cloud storage practices.[18] The NYAG alleged that compromised data included usernames and passwords, customers’ names, email addresses, mailing addresses, and data derived from driver’s license numbers.[19] Under the terms of the settlement, aside from paying $400,000 in penalties, the grocery store will overhaul its security and data management policies, particularly those related to cloud assets.[20]

AG James has also launched several consumer protection investigations into various social media companies in connection with in allegedly harmful activity or prolonged social media engagement by young adult users.[21]

Additionally, on January 5, 2022, AG James released a Business Guide for Credential Stuffing Attacks after an investigation into “credential stuffing”—repeated, automated attempts to access online accounts using usernames and passwords stolen from online services—revealed that over 1.1 million online accounts had allegedly been compromised in cyberattacks at 17 well-known online retailers, restaurant chains, and food delivery services.[22] According to press reports, this “credential stuffing” allegedly compromised customer accounts at each of the companies.[23] The Office urged the companies to investigate and protect impacted users, and every company complied.[24]

Given evolving technology and the increase in cyber-attacks against businesses and consumers, we expect data privacy and cybersecurity to remain a high priority for the Office in the next year.

III. Cryptocurrency and Consumer/Investor Protection

We also expect that AG James will continue to scrutinize actors, investments, and exchanges in the cryptocurrency space, and generally in the consumer financial and investor protection areas. AG James’s efforts this past year demonstrate continued scrutiny of allegedly misleading statements and practices, including by debt collection agencies and student loan servicing agencies, as well as scrutiny of general consumer financing practices by non-bank retailers and money transmitters.

AG James’s focus on cryptocurrency investment has included an August 1, 2022 “investor alert” that urged “any New Yorker deceived or affected by the cryptocurrency crash to contact her office.”[25] The alert also “encourage[d] workers in the cryptocurrency industry who may have witnessed misconduct or fraud to file a whistleblower complaint.”[26] The alert, which is only AG James’s most recent action in the space, came after the cryptocurrency market, in general, lost significant value this summer. Prior to this most recent notice, in March 2022, AG James issued a “taxpayer notice,” reminding cryptocurrency investors and their tax advisors “to make sure that they accurately declare and pay taxes on their virtual investments” to avoid any violations of tax law.[27]

AG James has also focused on cryptocurrency exchanges. On October 18, 2021, AG James sent cease and desist letters to two unnamed cryptocurrency platforms and directed three other unnamed platforms to provide information about their activities and products.[28] According to redacted cease and desist letters made publicly available by the NYAG, the two unnamed exchanges are allegedly “unlawfully selling or offering to sell . . . securit[ies] . . . without having registered as required” under New York’s Martin Act, which requires these exchanges to be registered with the Office as brokers, dealers, or salespersons, unless otherwise exempted.[29] The letters also came only weeks after AG James won a $3 million judgment against a cryptocurrency trading platform in New York County State Supreme Court.[30]

On September 26, 2022, AG James joined the securities regulators of seven other states in suing related cryptocurrency companies in New York County State Supreme Court for allegedly failing to register with the state as securities and commodities brokers or dealers and for allegedly misrepresenting their registration status to investors.[31] The defendants have not yet responded to the NYAG’s complaint.

Moreover, on September 13, 2021, AG James settled alleged claims without admission against two related media companies in connection with allegations that they unlawfully sold stock and cryptocurrency without registering them in New York State.[32] In addition to offering and selling stock beginning in April 2020, the two companies allegedly raised more than $30 million from pre-sales of two digital instruments promoted as cryptocurrencies.[33] Pursuant to the agreement, the companies will get credit toward the $479.9 million settlement for payments to the Securities and Exchange Commission (“SEC”) in connection with a related SEC investigation.[34]

AG James has also been active in the consumer financial protection space, particularly with respect to debt collectors and student debt services. Most recently, on August 16, 2022, AG James applauded the U.S. Department of Education for discharging the federal student loan debt of over 4,000 New Yorkers who attended certain for-profit colleges between 2005 and 2016.[35] Earlier this year, AG James also encouraged students who attended other institutions that allegedly inflated their job placement statistics to apply for federal loan discharges, and led a coalition of eight attorneys general in asking President Biden to fully cancel federal student debt writ large.[36] In August 2022, President Biden announced that the Department of Education will cancel $10,000 of student debt for borrowers who meet identified income requirements.[37] The Eighth Circuit Court of Appeals issued an administrative stay pausing the program on October 21.[38]

AG James also secured two agreements earlier this year with federal loan servicers. In the first, one of the country’s largest student loan servicers agreed to cancel $1.85 billion in private student loan debt nationwide, and to pay $95 million in restitution to students and $142.5 million to states.[39] The agreement followed an investigation by 39 attorneys general, including AG James, into whether the servicer allegedly improperly caused students to enter into forbearance plans that were ultimately detrimental to borrowers.[40] In the second, the student loan servicer agreed to automatically review the accounts of approximately 10,000 New Yorkers and credit accounts as appropriate, in order to settle a 2019 lawsuit alleging the servicer mismanaged student debt.[41] In addition to student loan servicing, AG James has also devoted attention to practices of debt collection agencies. This year, AG James has settled claims with two debt collection businesses, enjoining these business from acting as debt collectors in the future.[42] AG James also issued a consumer alert in December aimed at educating consumers about their rights and warning of improper debt collection tactics.[43]

Aside from settling recent cases, AG James has also initiated litigations to enforce consumer protection laws in the financial services area. For example, in April 2022, AG James and the Consumer Financial Protection Bureau filed a lawsuit against a large money transfer provider, alleging the provider violated consumer protection laws, including by failing to timely transfer funds or refund consumers for delayed transfers.[44] In August, the money transfer provider filed a motion to transfer the action from the United States District Court for the Southern District of New York to the Northern District of Texas and to dismiss the complaint.[45] Moreover, in February 2022, state regulators, including AG James, along with the SEC and the U.S. Commodity Futures Trading Commission, brought a lawsuit alleging that a precious metals company and its owner unlawfully solicited nearly $68 million for precious metals and misrepresented fees charged to investors.[46] These litigations are still pending.

IV. Health Care

AG James has continued to focus on inadequately managed properties that threaten tenant and worker safety, health products that endanger children and babies, the opioid epidemic, the COVID-19 pandemic, and reproductive health.

AG James has sought to protect the public from inadequately managed properties that threaten tenant health. For example, in September 2021, AG James and the New York City Department of Investigation indicted four Certified Asbestos Investigators on 19 counts, including felony charges, for allegedly filing false asbestos inspection reports.[47] And in June 2022, AG James agreed to resolve an October 2021 lawsuit against a landlord in Syracuse for allegedly failing to protect children from lead paint.[48] This success comes in the wake of a multi-state call on the Environmental Protection Agency (“EPA”)—which AG James led—to strengthen protections against lead poisoning for children living in low-income communities and communities of color.[49] That same month, AG James reached an agreement with a wireless network operator to help prevent the spread of Legionnaires’ disease, which can be spread by poorly monitored building cooling towers.[50]

AG James has taken other steps involving children’s health. In October 2021, AG James led a coalition of 23 attorneys general to petition the Food and Drug Administration to accelerate the removal of heavy metals from baby food.[51] She also issued an alert to protect children from deceptive cannabis products sold in snack packaging, warning New Yorkers to “remain vigilant” against such products.[52]

AG James has devoted significant attention to the opioid epidemic. In March 2019, AG James filed an extensive lawsuit aiming to hold various manufacturers and distributors accountable for the epidemic.[53] AG James entered three notable settlements in the suit in the last year, with one manufacturer for $523 million and another for $200 million (most of which are earmarked for opioid abatement) and with a pharmaceutical company for $58.5 million. She also sought to bring a previously dismissed pharmaceutical company back into the lawsuit, moving to vacate their dismissal for allegedly making “significant and intentional misrepresentations” to her Office regarding the extent of its role in its subsidiary’s opioids business.[54]

AG James has also urged the CDC to adopt stronger opioid prescription guidelines,[55] and in recent months has distributed over $100 million from settlements with opioid manufacturers and distributors to communities across the State impacted by the epidemic.[56] AG James has also begun to distribute $256 million earmarked for New York City to combat the crisis—the first round of payments from the $1.5 billion that AG James has secured for the State from settlements with opioid manufacturers and distributors.[57]

AG James has also continued to prioritize public health in light of the COVID-19 pandemic. For example, AG James issued a warning letter to a diagnostics company for allegedly misrepresenting its turnaround times for COVID-19 test results, and she launched an investigation into a clinic over reports that it allegedly wrongfully billed New Yorkers for COVID-19 tests.[58] AG James has helped consumers recover over $400,000 who paid for expedited COVID-19 tests but received results later than promised.[59]

Finally, after a draft Supreme Court opinion in Dobbs v. Jackson Health Women’s Health Organization was leaked to the press in May 2022, AG James quickly mobilized around women’s reproductive health issues. AG James and Assembly Member Jessica González-Rojas announced a bill to establish a state program to provide financial resources to abortion providers, which is currently in committee, and offered guidance to protect the privacy of individuals seeking abortions.[60] Following the publication of the Supreme Court’s decision in Dobbs, AG James vowed to keep New York a “safe haven” for those seeking an abortion.[61]

V. Environmental Protection

AG James’s Office continued its environmental activism over the past year, leading other state attorneys general in urging federal agencies to take more aggressive stances on environmental issues, particularly climate change.

The majority of AG James’s actions directed at federal regulations came in the form of letters to various federal actors urging progressive rules and regulations concerning climate and pollution-related topics. For example, on September 14, 2021, AG James, along with 20 state attorneys general, asked Congress to respond to the climate crisis and support environmental justice by funding programs in budget reconciliation legislation.[62] In December 2021, AG James and 15 other Democratic state attorneys general also filed comments in support of the Pipeline and Hazardous Materials Safety Administration’s proposal to suspend a Trump-era rule allowing liquefied natural gas to be shipped in rail tank cars, arguing, in part, that the environmental assessment of the rule “did not adequately consider upstream and downstream effects on greenhouse gas emissions.”[63] On June 30, 2022, in response to the Supreme Court ruling in West Virginia v. EPA, which ruled that the EPA lacked authority to restructure the electric power industry, AG James issued a statement saying that her Office “will continue to be a champion for our environment, our future, and the health of New Yorkers” and “will work to end our nation’s reliance on fossil-fuel power plants that pollute our environment, and move towards clean, renewable, and affordable electricity.”[64] Most recently, on September 20, 2022, AG James announced an agreement with the U.S. Department of Energy (“DOE”) committing DOE to a new timetable for updating energy efficiency standards for 20 categories of common consumer products and commercial equipment, ranging from residential furnaces to laundry machines to electric motors.[65] This agreement resolved a complaint against the DOE filed by the NYAG and a coalition of 17 states in 2020 alleging that the DOE failed to comply with certain deadlines for updating energy efficiency standards set by the Energy Policy and Conservation Act of 1975.[66]

In addition to regulatory advocacy, AG James also filed lawsuits related to environmental protection. On April 28, 2022, AG James and California Attorney General Rob Bonta led a multistate coalition in suing the United States Postal Service for allegedly failing to consider the environmental impact of its new fleet of mail trucks.[67] The lawsuit is currently pending before the Judicial Panel on Multidistrict Litigation, and oral argument the motion to transfer for coordinated pretrial proceedings was denied on October 7, 2022.[68] On March 31, 2022, the offices of AG James and Department of Environmental Conservation Commissioner Basil Seggos announced the indictment of a Kentucky-based freight shipping and trucking company and its Vice President for allegedly dumping hazardous materials in Chenango County and creating fake scale tickets to conceal the alleged disposal.[69]

VI. Labor and Employment

This year, as labor organizing efforts generally have picked up around the state, AG James turned to support local unions. In August 2021, AG James announced that she, along with 16 other attorneys general, asked the U.S. Senate to pass the Protecting the Right to Organize Act of 2021 (“PRO Act”).[70] The bill would allow unions to override “right-to-work” laws in more than two-dozen states, curtail employer intervention in union elections, and introduce new monetary penalties for certain retaliatory actions, among several other labor-friendly reforms.[71] Although unlikely to pass the Senate this year, AG James’s support for the bill indicates her enthusiasm for expanding workers’ rights and union membership.[72] Throughout the past year, AG James has met with young organizers and made several statements in support of a coffeehouse chain’s employees’ ultimately successful union campaign in Buffalo.[73] She also expressed support for a health system’s employees’ decision to strike in late 2021.[74] Looking ahead, AG James has indicated that she plans to work alongside the Service Employees International Union (“SEIU”) to seek stronger protections for nursing home workers in light of staffing, wage, and operations issues that were brought to light during the COVID-19 pandemic.[75]

AG James has been active across the labor and employment area. These efforts include the following:

After settling allegations of sexual harassment, unlawful sex discrimination, and retaliation against a celebrity chef in 2021, AG James’s Office has continued to investigate sexual harassment and discrimination in the entertainment and hospitality industries.[76] Following a 16-month investigation, on July 13, 2022, AG James’s Office announced a $500,000 settlement with the owner of a Manhattan bar on behalf of sixteen former employees. The settlement also requires the bar to update its training materials, post notices regarding anti-discrimination rights, and submit to periodic monitoring.[77] This spring, AG James also joined other attorneys general in issuing a warning to NFL Commissioner Roger Goodell that gender discrimination and sexual harassment would not be tolerated in any workplace.[78]
AG James’s lawsuit against an American multinational technology company over the company’s COVID-19 protocols was dismissed with finality this year when, after the First Department unanimously dismissed all of the Office’s claims in May, the court denied the Office’s motion for re-argument or, in the alternative, for leave to appeal, on September 13, 2022.[79] The court had previously found that the NYAG’s retaliation claims were federally preempted and that the workplace-safety claims were based on withdrawn guidance and, therefore, moot.[80]
As COVID-19 restrictions were lifted, AG James broadened her efforts related to workplace health and safety. Her Office continued to negotiate settlements related to COVID-19 safety issues, including a $400,000 settlement with a healthcare services company related to allegations of improper termination and denials of sick leave during the pandemic.[81]
The Office’s attention also shifted to a relatively novel employment issue: climate change. On January 27, 2022, AG James, along with other states attorneys general, asked the Occupational Safety and Health Administration to implement national standards to protect outdoor and indoor workers from occupational exposure to extreme heat. The suggested regulations would require employers to develop acclimatization plans; offer mandatory hydration and rest breaks in shaded or cool areas; and provide personal protective equipment, heat alert plans, and worker training and monitoring. The regulations would also require employers to keep records related to heat-related injuries and submit to more frequent workplace inspections. This new climate-focused regulatory push signals a potential new workplace safety focus for AG James as COVID-19 restrictions lift.[82]

AG James has also focused on the rights of terminated employees. For example, in October 2021, AG James announced a $2.7 million settlement on behalf of 250 employees of a hotel and conference center after they were allegedly denied wages and terminated without sufficient legal notice under the New York Worker Adjustment and Retraining Notification Act.[83] In May 2022, AG James announced an agreement with a hotel company that would collectively provide 500 previously terminated workers with $2.95 million in severance pay following allegations that non-unionized workers had been promised, but not provided, the same or better benefits as unionized hotel workers, in violation of Section 63(12) of the Executive Law.[84] This year, AG James also brought suit against a religious diocese for allegedly depriving more than 1,100 former employees of pensions through various alleged violations of the New York Not-for-Profit Corporations Law and New York Estates, Powers & Trusts Law.[85] This lawsuit is currently pending.[86]

AG James also settled several wage-and-hour cases this year, including two particularly large settlements in the home healthcare industry:

First, in November 2021, AG James entered into an $18.8 million-dollar settlement with two home healthcare agencies that allegedly violated the New York Labor Law and NYC Paid Safe and Sick Leave Law. In addition to the payout to 12,000 former employees, the two companies are also required to update their handbooks and leave processes and submit to monitoring by the Office and the New York City Department of Consumer and Worker Protection.[87]
Then, in March 2022, AG James announced the largest settlement to date for alleged violations of the Wage Parity Act. The combined $5.5 million-dollar settlement requires the two subject home healthcare agencies to revise company policies, retrain personnel, and report staff wages to the Office for six years.[88]

This year, AG James also reached several smaller settlements related to alleged unpaid wages for apartment building superintendents ($130,000), restaurant workers ($175,000), and construction workers on certain public works contracts ($930,000).[89]

We expect AG James will continue to advance the rights of and protections for workers in New York, as this has consistently been a primary focus for the Office.

* * *

We expect that AG James will continue to pursue an active and progressive agenda in the remainder of 2022. We also anticipate that AG James will continue to work alongside state attorneys general around the country—forming coalitions with Democrats and Republicans alike—on matters of national import, including antitrust, the environment, consumer protection, data privacy, and financial fraud investigations and litigation. Gibson Dunn will continue to monitor the actions of the Office.

_______________________________

[1] Press Release, N.YS. Attorney General, Attorney General James Sues Donald Trump for Years of Financial Fraud (Sept. 21, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-sues-donald-trump-years-financial-fraud.

[2] Mem. in Supp. of Pl.s’ Mot. for Prelim. Inj. at 6, New York v. Donald J. Trump, Index No. 452564/2022 (Oct. 13, 2022), NYSCEF No. 38; Order, New York v. Donald J. Trump, Index No. 452564/2022 (Nov. 4, 2022), NYSCEF No. 183.

[3] Press Release, N.Y.S. Attorney General, Attorney General James Leads Bipartisan Coalition in calling on Congress to Modernize Federal Antitrust Laws (Sept. 20, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-leads-bipartisan-coalition-calling-congress-modernize; Bipartisan Coalition Asks Congress to Modernize Federal Antitrust Laws, Competition Policy Int’l (Sept. 20, 2021), https://www.competitionpolicyinternational.com/bipartisan-coalition-asks-congress-to-modernize-federal-antitrust-laws/.

[4] Winston Bribach, State Case You Need to Know: Analyzing New York’s 21st Century Antitrust Act, Am. Bar Ass’n (Jun. 22, 2022), https://www.americanbar.org/groups/antitrust_law/resources/newsletters/state-case-new-yorks-21st-century-antitrust-act/.

[5] Id.; Kate Lisa, NY state Senate-passed antitrust reform expected to die in Assembly, State of Politics (May 25, 2022), https://nystateofpolitics.com/state-of-politics/new-york/politics/2022/05/25/senate-passed-anti-trust-bill-expected-to-die-in-assembly.

[6] Senate Bill S933A § 340(10)(a)(i)-(ii); NYU Law Program on Corporate Compliance and Enforcement, Developments in Antitrust Law: Keep an Eye on New York (Mar. 16, 2021), https://wp.nyu.edu/compliance_enforcement/2021/03/16/developments-in-antitrust-law-keep-an-eye-on-new-york/.

[7] Tony Romm, States Sue Facebook as an Illegal Monopoly, Setting Stage for Potential Breakup, Wash. Post (Dec. 9, 2020), https://www.washingtonpost.com/technology/2020/12/09/facebook-antitrust-lawsuit/; Press Release, N.Y.S. Attorney General, AG James Investigating Facebook For Possible Antitrust Violations (Sept. 6, 2020), https://ag.ny.gov/press-release/2019/ag-james-investigating-facebook-possible-antitrust-violations; Press Release, N.Y.S. Attorney General, Attorney General James Announces Antitrust Investigation Into Google (Sept. 9, 2020) https://ag.ny.gov/press-release/2019/attorney-general-james-announces-antitrust-investigation-google.

[8] Cecilia Kang, States appeal a judge’s decision to throw out their Facebook antitrust case, N.Y. Times (Jan. 14, 2022), https://www.nytimes.com/2022/01/14/technology/facebook-antitrust-case-appeal.html; Lauren Feiner, State AGs appeal dismissal of their antitrust suit against Facebook, CNBC (Jan. 14, 2022), https://www.cnbc.com/2022/01/14/state-ags-appeal-dismissal-of-their-antitrust-suit-against-facebook.html; New York v. Facebook, 549 F. Supp. 3d 6, 14 (D.D.C. 2021); Brief for Appellants, New York v. Facebook, Inc., No. 21-7078, D.C. Cir. (Jan. 14, 2022), Doc. No. 1930765.

[9] Press Release, N.Y.S. Attorney General, Pharma Bro No More’: Attorney General James Scores Court Victory Against Convicted Criminal Martin Shkreli, Banning Him From Pharmaceutical Industry for Life, Ordering Him to Pay Nearly $65 Million (Jan. 14, 2022), https://ag.ny.gov/press-release/2022/pharma-bro-no-more-attorney-general-james-scores-court-victory-against-convicted.

[10] Press Release, N.Y.S. Attorney General, Attorney General James Protects Supermarket Choices and Competitive Prices for Upstate New York Residents (Nov. 9, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-protects-supermarket-choices-and-competitive-prices; Rick Moriarty, Price Chopper and Tops Markets complete merger, Syracuse.Com (Nov. 9, 2021), https://www.syracuse.com/business/2021/11/price-chopper-and-tops-markets-complete-merger.html.

[11] Press Release, N.Y.S. Attorney General, Attorney General James Sues CVS for Harming New York Safety Net Hospitals and clinics by Diverting Millions from Underserved Communities (Jul. 28, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-sues-cvs-harming-new-york-safety-net-hospitals-and-clinics.

[12] Press Release, N.Y.S. Attorney General, Attorney General James Releases Top 10 Consumer Complaints of 2021 (Mar. 7, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-releases-top-10-consumer-complaints-2021.

[13] Press Release, N.Y.S. Attorney General, Attorney General James Announces $600,000 Agreement with EyeMed After 2020 Data Breach (Jan. 24, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-announces-600000-agreement-eyemed-after-2020-data-breach.

[14] N.Y. Gen. Bus. Law § 899; $600,000 Reasons to Review Your SHIELD Act Compliance Program: NY Attorney General Announces Significant Settlement Stemming From Email Data Breach, Nat’l L. Rev. (Feb. 16, 2022), https://www.natlawreview.com/article/600000-reasons-to-review-your-shield-act-compliance-program-ny-attorney-general.

[15] Id.

[16] Press Release, N.Y.S. Attorney General, Attorney General James Recovers $1.25 Million for Consumers Affected by Carnival Cruise Line’s Data Breach (June 23, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-recovers-125-million-consumers-affected-carnival-cruise; see also Michael R. Graif, New York Attorney General: Data Breaches Will Cost You, Mintz Levin: Insights Center (Aug. 1, 2022), https://www.mintz.com/insights-center/viewpoints/2826/2022-08-01-new-york-attorney-general-data-breaches-will-cost-you.

[17] Id.

[18] Press Release, N.Y.S. Attorney General, Attorney General James Secures $400,000 From Wegmans After Data Breach Exposed Consumers’ Personal Information (June 30, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-secures-400000-wegmans-after-data-breach-exposed-consumers; see also New York Attorney General: Data Breaches Will Cost You, supra note 12.

[19] Id.

[20] Id.; Cozen O’Connor, AG James Recovers $400,000 From Webmans Over Alleged Data Security Lapses, JDSupra (July 8, 2022), https://www.jdsupra.com/legalnews/ag-james-recovers-400-000-from-wegmans-1636011/.

[21] Press Release, N.Y.S. Attorney General, Attorney General James Investigating Instagram’s Impact on Young People (Nov. 18, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-investigating-instagrams-impact-young-people; Press Release, N.Y.S. Attorney General, Attorney General James Launches Investigations Into Social Media Companies for Role in Buffalo Attack (May 18, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-launches-investigations-social-media-companies-role.

[22] Press Release, N.Y.S. Attorney General, Attorney General James Alerts 17 Companies to “Credential Stuffing” Cyberattacks Impacting More Than 1.1 Million Consumers (Jan. 5, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-alerts-17-companies-credential-stuffing-cyberattacks; N.Y.S. Attorney General, Bureau of Internet & Tech. Bus. Guide for Credential Stuffing Attacks (Jan. 5, 2022), https://ag.ny.gov/sites/default/files/businessguide-credentialstuffingattacks.pdf.

[23] Id.

[24] Id.

[25] Press Release, N.Y.S. Attorney General, INVESTOR ALERT: Attorney General James Urges New Yorkers Deceived by Crypto Platforms to Report Concerns to OAG (Aug. 1, 2022), https://ag.ny.gov/press-release/2022/investor-alert-attorney-general-james-urges-new-yorkers-deceived-crypto-platforms.

[26] Id.

[27] Press Release, N.Y.S. Attorney General, TAXPAYER NOTICE: Attorney General James Reminds Crypto Investors to Pay Taxes on Virtual Investments (Mar. 23, 2022), https://ag.ny.gov/press-release/2022/taxpayer-notice-attorney-general-james-reminds-crypto-investors-pay-taxes-virtual.

[28] Press Release, N.Y.S. Attorney General, Attorney General James Directs Unregistered Crypto Lending Platforms to Cease Operations In New York, Announces Additional Investigations (May 23, 2022), https://ag.ny.gov/press-release/2021/attorney-general-james-directs-unregistered-crypto-lending-platforms-cease.

[29] Redacted Letter (October 18, 2021), https://ag.ny.gov/sites/default/files/cease_letter_redacted.pdf.

[30] Press Release, N.Y.S. Attorney General, Attorney General James Shuts Down Virtual Currency Trading Platform and Stops Cryptocurrency CEO From Continuing Fraudulent Conduct (Sept. 13, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-shuts-down-virtual-currency-trading-platform-and-stops.

[31] People of the State of New York, by Letitia James, Attorney General of the State of New York v. Nexo Inc. et al, Index No. 452610/2022 , NYSCEF No. 2 (N.Y. Supt. Ct. N. Y. Cnty. Sept. 26, 2022); see also Press Release, Attorney General James Sues Cryptocurrency Platform for Operating Illegally and Defrauding Investors (Sept. 26, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-sues-cryptocurrency-platform-operating-illegally-and.

[32] Press Release, N.Y.S. Attorney General, Attorney General James Secures Nearly Half a Billion Dollars to Resolve Illegal Stock and Cryptocurrency Sales (Sept. 13, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-secures-nearly-half-billion-dollars-resolve-illegal-stock.

[33] Id.

[34] Id.

[35] Press Release, N.Y.S. Attorney General, Attorney General James Announces Debt Relief for Students who Attended ITT Educational Services For-Profit Colleges (Aug. 16, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-announces-debt-relief-students-who-attended-itt.

[36] Id.; see also Press Release, N.Y.S. Attorney General, Attorney General James Urges Former Students Deceived by DeVry University to Apply for Federal Loan Discharge (Mar. 31, 2022), available at https://ag.ny.gov/press-release/2022/attorney-general-james-urges-former-students-deceived-devry-university-apply; Press Release, N.Y.S. Attorney General, Attorney General James Calls for Full Cancelation of Federal Student Loan Debt (May 4, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-calls-full-cancelation-federal-student-loan-debt.

[37] Press Release, The White House, Fact Sheet: President Biden Announces Student Loan Relief for Borrowers Who Need It Most (Aug. 24, 2022), https://www.whitehouse.gov/briefing-room/statements-releases/2022/08/24/fact-sheet-president-biden-announces-student-loan-relief-for-borrowers-who-need-it-most./.

[38] Order, Nebraska v. Biden, No. 22-3179 (8th Cir. Oct. 21, 2022).

[39] Press Release, N.Y.S. Attorney General, Attorney General James Secures $1.85 Billion From Deceptive Student Loan Servicer Navient (Jan. 13, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-secures-185-billion-deceptive-student-loan-servicer.

[40] Id.

[41] Press Release, N.Y.S. Attorney General, Attorney General James Secures Student Debt Relief for Thousands of New Yorkers (Apr. 27, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-secures-student-debt-relief-thousands-new-yorkers; see also Press Release, N.Y.S. Attorney General, AG James Sues Student Loan Servicer For Mismanaging Loan Forgiveness Program (Oct. 3, 2019), available at https://ag.ny.gov/press-release/2019/ag-james-sues-student-loan-servicer-mismanaging-loan-forgiveness-program.

[42] Press Release, N.Y.S. Attorney General, Attorney General James and CFPB Shut Down Predatory Debt Collection Operation (May 23, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-and-cfpb-shut-down-predatory-debt-collection-operation; Joint Stipulation for Entry of Proposed Stipulated Final Judgment and Order, CFTB v. JPL Recovery Solutions, LLC, No. 20-cv-1217 (W.D.N.Y. May 23, 2022), https://ag.ny.gov/sites/default/files/jpl_stipulation_stipulated_judgment_5.23.2022_combined.pdf; Press Release, N.Y.S. Attorney General, Attorney General James Shuts Down Illegal Debt Collection Businesses, Recovers $1.2 Million (Nov. 23, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-shuts-down-illegal-debt-collection-businesses-recovers-12.

[43] Press Release, N.Y.S. Attorney General, CONSUMER ALERT: Attorney General James Urges Consumers to Be Aware of Rights when Faced with Attempts to Collect Upon Consumer Debt (Dec. 1, 2021), https://ag.ny.gov/press-release/2021/consumer-alert-attorney-general-james-urges-consumers-be-aware-rights-when-faced.

[44] Press Release, N.Y.S. Attorney General, Attorney General James and Consumer Financial Protection Bureau Sue Major International Money Transfer Provider for Violating Consumer Protection Laws (Apr. 21, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-and-consumer-financial-protection-bureau-sue-major; see also Stacy Cowley, MoneyGram Sued for Allegedly Delaying Transfers and Witholding Refunds, N.Y. Times (Apr. 21, 2022), https://www.nytimes.com/2022/04/21/business/moneygram-lawsuit-new-york-ag-cfpb.html.

[45] CFTB v. MoneyGram International, Inc., 22-cv-3256 (S.D.N.Y. Aug. 4, 2022). AG James and the CFTB’s response to the consolidated motion is due September 19, 2022.

[46] Press Release, N.Y.S. Attorney General, Attorney General James Sues Precious Metals Company and Owner for Defrauding Seniors Out of $68 Million (Feb. 1, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-sues-precious-metals-company-and-owner-defrauding-seniors; Mark Schoeff Jr., Regulators charge metals dealer with $67 million fraud, Investment News (Feb. 1, 2022) https://www.investmentnews.com/regulators-charge-metals-dealer-with-67-million-fraud-216709.

[47] Press Release, N.Y.S. Attorney General, Attorney General James and DOI Commissioner Garnett Announce Indictment of Four Asbestos Investigators for Filing Fraudulent Inspection Reports (Sept. 2, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-and-doi-commissioner-garnett-announce-indictment-four.

[48] Press Release, N.Y.S. Attorney General, Attorney General James Shuts Down Syracuse Landlord That Exposed Children to Lead Poisoning (June 13, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-shuts-down-syracuse-landlord-exposed-children-lead.

[49] Press Release, N.Y.S. Attorney General, Attorney General James Leads Coalition Urging EPA to Strengthen Protections Against Childhood Lead Poisoning (Mar. 17, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-leads-coalition-urging-epa-strengthen-protections-against.

[50] Press Release, N.Y.S. Attorney General, Attorney General James Reaches Agreement with Verizon to Prevent Legionnaires’ Disease (June 2, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-reaches-agreement-verizon-prevent-legionnaires-disease.

[51] Press Release, N.Y.S. Attorney General, Attorney General James Leads Coalition Urging FDA to Accelerate Actions to Protect Children From Toxic Metals in Baby Food (Oct. 21, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-leads-coalition-urging-fda-accelerate-actions-protect.

[52] Press Release, N.Y.S. Attorney General, CONSUMER ALERT: Attorney General James Issues Alert to Protect Children From Deceptive Cannabis Products Sold in Snack Packaging (Oct. 26, 2021), https://ag.ny.gov/press-release/2021/consumer-alert-attorney-general-james-issues-alert-protect-children-deceptive.

[53] Press Release, N.Y.S. Attorney General, Attorney General James Concludes New York’s Opioid Trial (Dec. 14, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-concludes-new-yorks-opioid-trial.

[54] Press Release, N.Y.S. Attorney General, Attorney General James Secures $523 Million from Top Opioid Manufacturer Teva, Bringing Total Funds for New Yorkers to More Than $2 Billion (Nov. 3, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-secures-523-million-top-opioid-manufacturer-teva-bringing; Press Release, N.Y.S. Attorney General, Attorney General James Uncovers Evidence That Teva Pharmaceuticals Lied to Evade Accountability for Opioid Crisis in New York (Jul. 11, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-uncovers-evidence-teva-pharmaceuticals-lied-evade; Press Release, N.Y.S. Attorney General, Attorney General James Secures $58.5 Million from Top Opioid Manufacturer Mallinckrodt for Fueling Opioid Crisis (June 16, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-secures-585-million-top-opioid-manufacturer-mallinckrodt; Press Release, N.Y.S. Attorney General, Attorney General James Delivers Up to $200 Million to Help New York Combat Opioid Crisis, Allergan Agrees Not to Sell Opioids (Dec. 8, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-delivers-200-million-help-new-york-combat-opioid-crisis.

[55] Press Release, N.Y.S. Attorney General, Attorney General James Urges CDC to Adopt Stronger Opioid Prescription Guidelines (Apr. 14, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-urges-cdc-adopt-stronger-opioid-prescription-guidelines.

[56] E.g., Press Release, N.Y.S. Attorney General, Attorney General James Distributes First Funds from Historic Opioid Settlements to Finger Lakes Region (Apr. 19, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-distributes-first-funds-historic-opioid-settlements-finger.

[57] Press Release, N.Y.S. Attorney General, Attorney General James and Mayor Adams Fight Opioid Crisis with First of $256 Million in Payments for New York City (Apr. 21, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-and-mayor-adams-fight-opioid-crisis-first-256-million.

[58] Press Release, N.Y.S. Attorney General, Attorney General James Issues Warning to LabQ Diagnostics to Stop Misrepresenting Turnaround Times for COVID-19 Test Results (Dec. 21, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-issues-warning-labq-diagnostics-stop-misrepresenting; Press Release, N.Y.S. Attorney General, CONSUMER ALERT: Attorney General James Launches Investigation Into CareCube for Wrongfully Billing New Yorkers for COVID-19 Tests (Jan. 6, 2022), https://ag.ny.gov/press-release/2022/consumer-alert-attorney-general-james-launches-investigation-carecube-wrongfully.

[59] See Press Release, N.Y.S. Attorney General, Attorney General James Recovers Over $400,000 for Consumers Unfairly Charged for Expedited COVID-19 Tests (Feb. 14, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-recovers-over-400000-consumers-unfairly-charged-expedited; Press Release, N.Y.S. Attorney General, Attorney General James Recoups $122,000 for Consumers Charged for Expedited COVID-19 Tests That Were Late (July 7, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-recoups-122000-consumers-charged-expedited-covid-19-tests.

[60] Press Release, N.Y.S. Attorney General, Attorney General James Takes Action to Expand Abortion Access (May 9, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-takes-action-expand-abortion-access; Press Release, N.Y.S. Attorney General, CONSUMER ALERT: Attorney General James Provides Guidance to Protect the Digital Privacy of People Seeking Abortion Care (May 13, 2022), https://ag.ny.gov/press-release/2022/consumer-alert-attorney-general-james-provides-guidance-protect-digital-privacy.

[61] Press Release, N.Y.S. Attorney General, Attorney General James Calls for State Constitutional Amendment for Abortion (May 7, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-calls-state-constitutional-amendment-abortion.

[62] Press Release, N.Y.S. Attorney General, Attorney General James Calls on Congress to Prioritize Funding for Programs to Address Climate Crisis, Environmental Injustice (Sept. 14, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-calls-congress-prioritize-funding-programs-address-climate.

[63] Notice of Proposed Rulemaking – Hazardous Materials: Suspension of HMR Amendments Authorizing Transportation of Liquefied Natural Gas by Rail, Docket No. PHMSA-2018-0025 (HM-264) (Dec. 23, 2021), https://portal.ct.gov/-/media/AG/Press_Releases/2021/Comments-of-State-Attorneys-General-on-Proposed-Suspension-Rule-12-23-21.pdf.

[64] Press Release, Attorney General James Issues Statement on SCOTUS Decision Limiting EPA Authority to Regulate Power Plant Emissions (June 30, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-issues-statement-scotus-decision-limiting-epa-authority

[65] Press Release, Attorney General James Helps Secure New Federal Energy Standards for American Families (Sept. 20, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-helps-secure-new-federal-energy-standards-american.

[66] Id.

[67] Press Release, N.Y.S. Attorney General, Attorney General James Sues U.S. Postal Service For Failing to Consider Environmental Impact of New Trucks (Apr. 28, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-sues-us-postal-service-failing-consider-environmental.

[68] In re U.S. Postal Services Next Generation Delivery Vehicle Acquisitions Program Record of Decision Litig., Docket No. 3046 (J.P.M.L. Jul, 22, 2022); Dkt. 54, Order Denying Transfer, MDL No. 3046 (Oct. 7, 2022).

[69] Press Release, N.Y.S. Attorney General, Attorney General James and DEC Commissioner Seggos Announce Indictment of Kentucky Corporation and its Principal for Illegal Disposal of Hazardous Railroad Ties (Mar. 31, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-and-dec-commissioner-seggos-announce-indictment-kentucky.

[70] Press Release, N.Y.S. Attorney General, Attorney General James Calls on the U.S. Senate to Strengthen Protections for Working Americans By Passing PRO Act (Aug. 11, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-calls-us-senate-strengthen-protections-working-americans.

[71] Actions – H.R.842 – 117th Congress (2021-2022): Protecting the Right to Organize Act of 2021, H.R.842, 117th Cong. (2021); Don Gonyea, House Democrats Pass Bill That Would Protect Worker Organizing Efforts, NPR (Mar. 8, 2021), https://www.npr.org/2021/03/09/975259434/house-democrats-pass-bill-that-would-protect-worker-organizing-efforts.

[72] Levi Sumagaysay, Biden Marks Labor Day with Call for Congress to Pass PRO Act, MarketWatch (Sept. 3, 2022), https://www.marketwatch.com/story/biden-marks-labor-day-with-call-for-congress-to-pass-pro-act-11662148894; Nick Niedzwiadek & Eleanor Miller, Unions’ Post-Reconciliation PRO Act Push, Politico (Aug. 15, 2022), https://www.politico.com/newsletters/weekly-shift/2022/08/15/unions-post-reconciliation-pro-act-push-00051726.

[73] Press Release, N.Y.S. Attorney General, Attorney General James Applauds Buffalo Starbucks Employees’ for Forming Company’s First Union in the Nation (Dec. 10, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-applauds-buffalo-starbucks-employees-forming-companys; Press Release, N.Y.S. Attorney General, Attorney General James Applauds Buffalo Starbucks Employees’ for Forming Company’s Second Union in the Nation (Jan. 10, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-applauds-buffalo-starbucks-employees-forming-companys.

[74] Press Release, N.Y.S. Attorney General, Attorney General James Demands Fair Treatment for CWA Workers on Strike in Buffalo (Oct. 8, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-demands-fair-treatment-cwa-workers-strike-buffalo; Press Release, N.Y.S. Attorney General, Attorney General James Visits Starbucks Workers in Buffalo (Apr. 12, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-visits-starbucks-workers-buffalo; Press Release, N.Y.S. Attorney General, Attorney General James Releases Statement on Tentative Agreement Between CWA and Catholic Health System (Nov. 4, 2021) https://ag.ny.gov/press-release/2021/attorney-general-james-releases-statement-tentative-agreement-between-cwa-and.

[75] Press Release, N.Y.S. Attorney General, Attorney General James, 1199SEIU Call for Stronger Protections for Nursing Home Workers (Mar. 21, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-1199seiu-call-stronger-protections-nursing-home-workers.

[76] Press Release, N.Y.S. Attorney General, Attorney General James Delivers $600,000 to Survivors of Sexual Harassment and Discrimination at Restaurants Owned by Famed Chef Mario Batali and Joseph Bastianich (Jul. 23, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-delivers-600000-survivors-sexual-harassment-and.

[77] Press Release, N.Y.S. Attorney General, Attorney General James Secures Settlement for Victims of Sexual Harassment, Discrimination, and Wage Theft at NYC Bar (Jul. 13, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-secures-settlement-victims-sexual-harassment.

[78] See Rachel Scharf, NY AG Warns NFL of Workplace Harassment Crackdown Law360 (April 6, 2022), https://www.law360.com/employment-authority/articles/1481443/ny-ag-warns-nfl-of-workplace-harassment-crackdown-; Press Release, N.Y.S. Attorney General, Attorney General James Demands NFL Address Gender-Based Discrimination (Apr. 6, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-demands-nfl-address-gender-based-discrimination.

[79] Press Release, N.Y.S. Attorney General, Attorney General James Files Lawsuit Against Amazon for Failing to Protect Workers During COVID-19 Pandemic (Feb. 17, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-files-lawsuit-against-amazon-failing-protect-workers; People of the State of New York v. Amazon.com, Inc. et al., Index No. 450362/2021, NYSCEF No. 163 (N.Y. Supt. Ct. N. Y. Cnty. Oct. 15, 2021); People of the State of New York v. Amazon.com, Inc. et al., Index No. 450362/2021, NYSCEF No. 171 (N.Y. Supt. Ct. N. Y. Cnty. Oct. 22, 2021); People of the State of New York v. Amazon.com, Inc. et al., No. 2021-03934, NYSCEF No. 37 (1st Dep’t May 10, 2022); People of the State of New York v. Amazon.com, Inc. et al., No. 2021-03934, NYSCEF No. 48 (1st Dep’t Sept. 13, 2022).

[80] People of the State of New York v. Amazon.com, Inc. et al., No. 2021-03934, NYSCEF No. 37 (1st Dep’t May 10, 2022).

[81] Press Release, N.Y.S. Attorney General, Attorney General James Protects Long Island Workers Unlawfully Fired During COVID-19 Pandemic (Sept. 22, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-protects-long-island-workers-unlawfully-fired-during-covid.

[82] See, e.g., Hannah Redmond, Labor Law Lessons In amazon’s NY COVID Suit Win, Law360 (June 17, 2022), https://www.law360.com/employment-authority/articles/1502844/labor-law-lessons-in-amazon-s-ny-covid-suit-win-.

[83] Press Release, N.Y.S. Attorney General, Attorney General James, State Senator Mayer Deliver $2.7 Million to Westchester Hotel Workers Unlawfully Fired (Oct. 27, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-state-senator-mayer-deliver-27-million-westchester-hotel.

[84] Press Release, N.Y.S. Attorney General, Attorney General James Recovers More Than $2.9 Million for Hundreds of New York City Marriott Workers Denied Full Severance Pay (May 5, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-recovers-more-29-million-hundreds-new-york-city-marriott.

[85] Press Release, N.Y.S. Attorney General, Attorney General James Sues to Protect St. Clare’s Hospital Retirees (May 24, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-sues-protect-st-clares-hospital-retirees.

[86] People of the State of New York, By Letitia James, Attorney General of the State of New York et al., v. Roman Catholic Diocese of Albany, New York et al., Index No. 2022-830 (N.Y. Sup. Ct. Schenectady Cnty. 2022).

[87] Press Release, N.Y.S. Attorney General, Attorney General James and NYC Department of Consumer and Worker Protection Recover Up to $18.8 Million in Unpaid Wages for 12,000 Home Health Aides (Nov. 16, 2021), https://ag.ny.gov/press-release/2021/attorney-general-james-and-nyc-department-consumer-and-worker-protection-recover.

[88] Press Release, N.Y.S. Attorney General, Attorney General James Secures Nearly $7 Million From Home Health Agencies for Cheating Workers and Medicaid Fraud (Mar. 25, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-secures-nearly-7-million-home-health-agencies-cheating.

[89] Press Release, N.Y.S. Attorney General, Attorney General James Recovers $130,000 in Stolen Wages for Unpaid Building Superintendents in Queens (Mar. 15, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-recovers-130000-stolen-wages-unpaid-building; Press Release, N.Y.S. Attorney General, Attorney General James Recovers $175,000 in Stolen Wages for Manhattan Pizzeria Workers (Apr. 29, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-recovers-175000-stolen-wages-manhattan-pizzeria-workers; Press Release, Attorney General James and DOI Commissioner Strauber Deliver $900,000 to 200 NYCHA Construction Workers Denied Fair Pay (Apr. 4, 2022), https://ag.ny.gov/press-release/2022/attorney-general-james-and-doi-commissioner-strauber-deliver-900000-200-nycha.

The following Gibson Dunn lawyers assisted in the preparation of this client update: Mylan Denerstein, Alexander Southwell, Amanda Aycock, Stephanie Silvano, Samantha Weiss, Amanda George, Timothy Deal, Rachel Jackson, Sam Berman, and Julia Ross.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these developments. For additional information, please feel free to contact the Gibson Dunn lawyer with whom you usually work, or the following authors in New York:

Mylan L. Denerstein – Co-Chair, Public Policy Group, New York (+1 212-351- 3850, mdenerstein@gibsondunn.com)

Alexander H. Southwell – Co-Chair, Privacy, Cybersecurity & Data Innovation Group, New York (+1 212-351-3981, asouthwell@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.