Key provisions of this Act came into force on 26 December 2023 and could affect businesses around the world. It is therefore essential to have a clear understanding of the new laws and what they could mean for your organisation.

Following intensive debate, King Charles III gave royal assent to the Economic Crime and Corporate Transparency Act 2023 (“ECCTA”) on 26 October 2023. As we set out in our client alert of 18 September 2023,[1] and in an article for Börsen-Zeitung of 25 November 2023,[2] the UK Government has described the corresponding bill as the most significant reform of the “identification doctrine”, which governed the attribution of criminal liability to corporate entities for more than 50 years.

Key Takeaways The new laws governing how criminal liability can be attributed to a corporate entity for economic crimes apply to offences from 26 December 2023 onwards. The ECCTA states that the actions of senior managers can be attributed to the corporate entity. The definition of senior managers is broad. The new offence of failure to prevent fraud, which only applies to large organisations, cannot come into force until guidance is published. It is anticipated guidance will be published in the course of 2024. The new laws governing attribution and the new offence of failure to prevent fraud can apply to non-UK corporate entities and to conduct outside the UK. UK law enforcement agencies may use these laws to cooperate closely with foreign agencies. The principle of double jeopardy may not necessarily prevent prosecutions in multiple jurisdictions. International companies should consider the practical steps outlined in this client alert, including identifying which officers and employees might fall within the definition of senior managers, assessing the extent to which they are exposed to risk of fraud, considering existing fraud prevention procedures and ensuring clear records of training and policies are retained.

New Rules of Attributing Criminal Liability to Corporate Entities

The ECCTA introduces the concept of a “senior manager” which defines whose actions can be attributed to a corporate entity. It is anticipated that this will allow prosecutors to fix companies with criminal liability more easily, as they no longer have to rely on the vague and narrowly applied “identification doctrine” which relies on identifying “the directing mind and will of the corporation”.[3] The concept of “senior manager” will include any individual who plays a significant role in:

• the making of decisions about how the whole or a substantial part of the activities of the body corporate or partnership are to be managed or organised, or
• the actual managing or organising of the whole or a substantial part of those activities.[4]

At present, the new attribution rules only apply to offences specified in schedule 12 of the ECCTA which are called “listed offences”[5] and include various economic crime offences such as cheating the public revenue, false accounting, money laundering, bribery or fraud. However, this list is apt to be extended to other offences in the future. Indeed, on 14 November 2023, the UK Government introduced the Criminal Justice Bill 2023 which seeks to extend the new attribution laws to all types of crime for which corporate liability may be appropriate.[6] This bill is being considered by the House of Commons and it is currently unclear if and when it may be passed.

Extraterritorial Effect

A key feature of the new attribution laws is their wide extraterritorial effect. Corporate entities may be held criminally liable for an offence, even if the offending took place outside the UK as long as the offending would constitute a criminal offence in the location where it took place (see section 196(3) ECCTA).[7] Consider the following example:

A pharmaceutical company has a UK headquarters and a subsidiary in Germany, which has been underperforming. The Head of Accounting is based in Munich and is also a member of the management board of the German entity. She overstates the revenue of the German subsidiary when submitting the annual accounts in order to “smooth things over” until business improves. Therefore, the accounts of the Group were significantly inflated.

In Germany, this could constitute the offence of false accounting under section 331 of the Commercial Code (Handelsgesetzbuch). In the UK, this conduct could constitute false accounting under the Theft Act 1968 which is an offence listed in schedule 12 of the ECCTA. This means that both the German entity and the UK headquarters could potentially face prosecution in the UK.

Because the ECCTA does not require the corporate entity or partnership to be incorporated or formed in the UK, on its face, the ECCTA does not expressly require any particular tie to the UK. However, when introducing section 196(3), Parliament pointed out that a UK connection is required: “…criminal liability will not attach to an organisation based and operating overseas for conduct carried out wholly overseas simply because the senior manager concerned was subject to the UK’s extraterritorial jurisdiction; for instance, because that manager is a British citizen. Domestic law does not generally apply to conduct carried out wholly overseas unless the offence has some connection with the UK. This is an important matter of international legal comity.”[8]

The extraterritorial ambit of the underlying offence will be relevant. As Parliament also noted, some offences, wherever they are committed, can be prosecuted against individuals or organisations who have certain close connections to the UK. Consider this example:

A telecommunications company has a UK headquarters and a subsidiary in Germany. The German subsidiary recently pitched for a large contract in India which, if successful, would boost its business and benefit the whole group. The German Head of Sales thought the pitch went well, but in order to be sure, he offers his contact in India an all-expenses paid holiday at a five star resort in Spain, on the understanding that the German subsidiary will be awarded the contract.

In Germany, this could constitute the offence of giving bribes in commercial practice (sec. 299 of the German Criminal Code). In the UK, this conduct could constitute the offence of bribing another person under the UK Bribery Act 2010 (“UKBA”) which is an offence listed in schedule 12 of the ECCTA. Both corporate entities, i.e. the German subsidiary and the UK headquarters, could potentially face prosecution in the UK. Prior to the ECCTA, it would have been difficult to prove that a Head of Sales was a directing mind and will of the company and prosecutors would arguably only have been able to bring charges for failure to prevent bribery.[9] However, it is likely that the Head of Sales would fall under the definition of senior manager and therefore allow the corporate entities to be prosecuted for the principal bribery offence,[10] despite their being no involvement by a board member.

It is also noteworthy that the new rules of attribution also apply to attempts or conspiracy to commit offences listed in schedule 12 as well as aiding, abetting, counselling or procuring the commission of those offences.[11] A senior manager may be based outside the UK but act as an accomplice to a UK offence. For example, a banker working for a Frankfurt bank could put the German bank at risk if he encouraged a London-based employee of its UK subsidiary to act in violation of the Financial Services and Markets Act 2000.

The new rules of attribution follow an international trend to hold legal entities more comprehensively accountable for criminal conduct committed by employees and other representatives. For instance, although German law does not recognise criminal liability of corporate bodies as such, the German Administrative Offences Act (Ordnungswidrigkeitengesetz, “OWiG”) allows a legal entity to be fined if certain “leading individuals” (Leitungspersonen) commit a criminal or an administrative offence. While some clarifications by the competent courts will be needed, the standard of a “leading individual” is arguably comparable with the notion of a “senior manager” now adopted under UK law.

The Offence of Failure to Prevent Fraud

The ECCTA introduces a new corporate offence of “failure to prevent fraud”[12] which, following a controversial debate between the House of Commons and the House of Lords, only applies to “large organisations”.[13] Before this offence comes into force, guidance must be published[14] and it is anticipated that this will happen in 2024.

Under the new offence, an organisation will be liable where a specified fraud offence is committed by an “associate” for the organisation’s benefit (an employee, subsidiary or agent, or a person who otherwise performs services for or on behalf of the organisation), and the organisation did not have reasonable fraud prevention procedures in place. Importantly, it does not need to be demonstrated that senior personnel ordered or knew about the fraud.

The new offence will apply to bodies corporate and partnerships wherever incorporated or formed.[15] However, the Government Factsheet envisages there being a UK nexus: “If an employee commits fraud under UK law, or targeting UK victims, their employer could be prosecuted, even if the organisation (and the employee) are based overseas.”[16] The offence is clearly intended to have a broad application and could, for example, apply to any organisation offering goods and services through a website or providing an internet marketplace accessible to consumers based in the UK.

In order for an organisation to be guilty of the offence of failure to prevent fraud, an offence listed in schedule 13 ECCTA has to be committed. The listed offences include, for example, the statutory offences of fraud, false accounting, false statements by company directors, fraudulent trading or the common law offence of cheating the public revenue.[17] This includes aiding, abetting, counselling or procuring the commission of a listed offence, but – in contrast to section 196(2) – does not extend to conspiracies.[18]

In order to understand the extraterritorial reach of the offence of failure to prevent fraud, the jurisdictional ambit of the underlying offences in schedule 13 should be considered. On the basis of the Criminal Justice Act 1993 and the common law principles, the courts of England and Wales can: “apply the English criminal law where a substantial measure of the activities constituting a crime take place in England, and restrict its application in such circumstances solely in cases where it can seriously be argued on a reasonable view that these activities should, on the basis of international comity, be dealt with by another country.” (see R v Smith (Wallace Duncan) (No. 4))[19]. Consider the following example:

An international construction firm incorporated in France planned to build and sell a number of holiday cottages across France. The holiday cottages were specifically marketed to and attracted a number of UK investors. The construction firm ran out of money making it highly unlikely that the cottages would be built. However, the managers directed their sales team to continue selling the cottages anyway. They also discussed the issue with the construction firm’s auditors which led to the auditors signing off accounts, knowing they did not reflect the true financial position of the construction company. The result was that many individuals in the UK who had invested in the properties lost considerable amounts of money.

In the example above, both the construction firm and the auditing company in France may be exposed to prosecution for the offence of failure to prevent fraud on the basis that UK victims were targeted. Given the changes to the “identification doctrine” set out above, there might also be an argument to prosecute both companies for the underlying offence of fraud by false representation,[20] given in the impact on UK victims.

The above example also raises the question of whether corporate entities will be prosecuted for both the underlying offence e.g. fraud by false representation, and the offence of failure to prevent fraud for the same conduct. The Crown Prosecution Service guidance indicates that this is possible in relation to offences under the UKBA[21] but it does not appear to have happened in practice.

The underlying legal concept of the new offence and of similarly structured offences under English law,[22] is comparable with certain provisions under civil law systems (e.g. section 130 of the German OWiG)[23] which aim to sanction improper supervision.

Cooperation between Law Enforcement Agencies

The current trend of national enforcement authorities working together in cross-border cases is likely to continue and may expand to use the new legal tools under the ECCTA. In the examples set out above, it is conceivable that at least the individuals and the subsidiaries in Germany may find themselves prosecuted by German criminal law enforcers – in addition to prosecution by UK authorities.

In particular, the EU-UK Trade and Cooperation Agreement (“EU-UK Agreement”) governs the relationship between the EU and the UK post Brexit. It contains provisions about cooperation in criminal matters between the UK and EU Member States,[24] including mutual judicial assistance, surrender, exchange of criminal record information, and confiscation. Furthermore, the EU-UK Agreement strives to ensure that special EU enforcement agencies like Europol and Eurojust cooperate with UK authorities. In addition to cooperation between the UK and EU Member States, the UK is also party of numerous other bilateral treaties on mutual legal assistance in criminal matters.[25]

In its Annual Report for 2022, Eurojust stated that the United Kingdom participated in 29 Joint Investigation Teams and 79 coordination meetings.[26] While many investigations of Eurojust concern crimes like human trafficking and smuggling, these figures suggest that UK law enforcement may also seek cooperation in cases relating to offences under the ECCTA.

The new Director of the SFO, Nick Ephgrave QPM has now been in place for just over three months, and it remains to be seen how he will guide the agency and use the new legal tools at his disposal and whether he continues the moves towards greater international cooperation. In the past, there have been several examples of successful cooperation between different enforcement agencies such as the settlement that Airbus SE reached with the UK, the United States and French authorities in 2020. All three settlement agreements were approved by the courts in each jurisdiction on the same day, indicating strong cooperation efforts between the three states involved.[27] In its judgment approving the DPA, the UK High Court stressed that international cooperation is crucial in cases of corporate wrongdoings across jurisdictions for many reasons, including to avoid forum shopping for settlements.[28]

The risk of an organisation being prosecuted in both the UK and other states for the same criminal conduct also depends on whether each jurisdiction applies the principle of double jeopardy. Generally, a defendant in the UK may argue that he should not be tried for the same offence in law and fact for which he was previously convicted or acquitted (autrefois acquit or autrefois convict). A UK conviction may not automatically prevent EU Member States from double prosecution, but only influence the sentencing in that other jurisdiction. International double jeopardy, however, is not uniformly accepted. Therefore, whether a jurisdiction will prohibit the prosecution of misconduct that was already resolved by a foreign court, must be determined on a case-by case basis, depending on which states are involved.[29]

Practical Steps

Following the new attribution laws in force since 26 December 2023 and in anticipation of the new offence of failure to prevent fraud likely coming into force later this year, we have set out some practical steps to be considered by corporate entities both inside and outside the UK.

Risk Analysis: companies should determine the business units most likely to be affected by the new regulations and the audience which may need particular training and supervision. This analysis may cover a variety of aspects such as:

• the extent to which UK customers may be impacted by the business activities, predominantly with respect to selling goods or services to UK customers;
• any other connection the entity has to the UK. This could include a subsidiary entity, a branch, employees working remotely or on secondment in the UK, as well as suppliers or other business partners in the UK;
• identification of individuals who fall within the ECCTA definition of a “senior manager” whether they are based inside or outside the UK. Check whether the titles of individuals accurately reflect their roles, and whether the responsibilities of their managers are clearly defined and documented;

• considering any parts of the business which are potentially vulnerable to the offences listed in schedules 12 and 13 of the ECCTA (e.g. offences under Financial Services and Markets Act 2000 may be particularly relevant for organisations offering financial services).

Recordkeeping: corporate entities should keep a clear record of policies, including previously applicable versions, and of conducted training. If needed, this might assist organisations in the future to show that reasonable prevention procedures were in place. These training materials and policies should reflect the outcome of the risk analysis mentioned above and address the practical realities of the relevant business units.

Culture: senior leadership teams may wish to consider whether any changes can be made to promote an open “anti-fraud” culture.

Whistleblowing: consider revising whistleblowing procedures to enable reporting of potential violations of foreign laws. This should assist with early identification of potential risks. Many enterprises in the EU are currently reviewing their procedures on whistleblowing in light of the EU whistleblowing directive and the respective implementation laws.[30]

Monitoring: the status and effectiveness of the compliance framework will need to be checked, regularly reviewed and continuously developed with regard to the risks arising from the ECCTA. This should include a regular testing of the threshold values for determining a “large organisation” as well as monitoring the catalogue of offences in schedules 12 and 13 of the ECCTA and associated legal risks. This will enable corporate entities to have a good overview of their current status and allow them to quickly assess whether they meet the requirements of the guidance once it is published. Obviously, a comprehensive review should take place once the UK Government has published its guidance on reasonable preventive measures, which we expect to happen in the course of 2024.

__________

[1]  Expansion of Corporate Criminal Liability in the UK: Reform of the Identification Principle and New Offence of Failure to Prevent Fraud.

[2]  London verschärft das Unternehmensstrafrecht.

[3]  See our previous client alert, Expansion of Corporate Criminal Liability in the UK: Reform of the Identification Principle and New Offence of Failure to Prevent Fraud for further detail.

[4]  Economic Crime and Corporate Transparency Act 2023, s 196(4).

[5]  Economic Crime and Corporate Transparency Act 2023 schedule 12.

[6]  Criminal Justice Bill, Committee debates: compilation pdf of sittings so far, page 68.

[7]  Economic Crime and Corporate Transparency Act 2023 s 196(3).

[8]  https://hansard.parliament.uk/Lords/2023-06-27/debates/EF8264AF-6478-470E-8B37-018C4B278F6E/EconomicCrimeAndCorp rateTransparencyBill.

[9]  UKBA, s 7.

[10]  UKBA, ss 1, 2, 6.

[11]  Economic Crime and Corporate Transparency Act 2023, s 196(2).

[12]  Economic Crime and Corporate Transparency Act 2023, s 199.

[13]  As defined in Economic Crime and Corporate Transparency Act 2023, ss 201, 202. For further discussion see our previous client alert, Expansion of Corporate Criminal Liability in the UK: Reform of the Identification Principle and New Offence of Failure to Prevent Fraud.

[14]  Economic Crime and Corporate Transparency Act 2023, s 219(8).

[15]  Economic Crime and Corporate Transparency Act 2023, s 199(13).

[16]  Factsheet: failure to prevent fraud offence of 26 October 2023.

[17]  Schedule 13 ECCTA.

[18]  Economic Crime and Corporate Transparency Act 2023, s 199(6).

[19]  [2004] EWCA Crim 631.

[20]  Section 2 Fraud Act 2006.

[21]  Bribery Act 2010: Joint Prosecution Guidance of The Director of the Serious Fraud Office and The Director of Public Prosecutions.

[22]  See, e.g. failure to prevent bribery under the UKBA or failure to prevent facilitation of UK tax or foreign evasion offences under the Criminal Finances Act 2007.

[23]  Although OWiG, s 130 and the new UK offence sanctioning failure to prevent fraud have some similarities, there are also notable differences. Unlike ECCTA, s 199, the provision under German law is not limited to fraud offences and does not require that the person is acting with the intend to benefit anybody. Furthermore, unlike OWiG, s 130, the ECCTA establishes a direct criminal liability of the corporation itself. It is the responsibility of the corporation itself to prove that it had the necessary preventive procedures in place at the time the fraud offence was committed to avoid criminal liability. Under OWiG, s 130, the prosecution will take into account the preventive measures of the individual person obliged to exercise proper supervision.

[24]  Pursuant to Article 633 (1) EU-UK Trade and Cooperation Agreement, the provisions on mutual assistance (Title VIII) are meant to supplement and facilitate the provisions of the European Convention on Mutual Assistance in Criminal Matters, done at Strasbourg on 20 April 1959 and its additional protocols.

[25]  For a full list of all bilateral treaties, see https://www.gov.uk/government/publications/bilateral-treaties-on-mutual-legal-assistance-in-criminal-matters.

[26]  European Union Agency for Criminal Justice Cooperation, Annual Report 2022 – Eurojust Activity Map, United Kingdom.

[27]  See the respective press releases on 31 January 2020: U.S. Department of Justice; Serious Fraud Office, and the Parquet National Financier.

[28]  SFO v Airbus SE, Case No: U20200108, 31 January 2020, para. 92.

[29]  For an overview of national and international double jeopardy in various jurisdictions, see OECD, Resolving Foreign Bribery Cases with Non-Trial Resolutions, OECD Data Collection Questionnaire Results (2019) pp. 231 et seq.

[30]  Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law. National implementation laws do not necessarily require that violations for foreign law can be reported, see e.g. section 2(1) no. 1 of the German Whistleblower Protection Act (Hinweisgeberschutzgesetz).

---

The following Gibson Dunn lawyers prepared this client alert: Matthew Nunan, Allan Neil, Patrick Doris, Benno Schwarz, Katharina Humphrey, Amy Cooke, Andreas Dürr, Rebecca Barry, Sam Firmin*, Vanessa Ludwig, and Julian Reichert.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work, any member of Gibson Dunn’s White Collar Defense and Investigations and Anti-Corruption and FCPA practice groups, or the following authors in Frankfurt, London and Munich.

London:
Matthew Nunan (+44 20 7071 4201, mnunan@gibsondunn.com)
Allan Neil (+44 20 7071 4296, aneil@gibsondunn.com)
Patrick Doris (+44 20 7071 4276, pdoris@gibsondunn.com)
Amy Cooke (+44 20 7071 4041, acooke@gibsondunn.com)
Rebecca Barry (+44 20 7071 4086, rbarry@gibsondunn.com)
Sam Firmin* (+44 20 7071 4051, sfirmin@gibsondunn.com)

Munich / Frankfurt:
Benno Schwarz (+49 89 189 33-110, bschwarz@gibsondunn.com)
Katharina Humphrey (+49 89 189 33-155, khumphrey@gibsondunn.com)
Andreas Dürr (+49 89 189 33-219, aduerr@gibsondunn.com)
Julian Reichert (+49 89 189 33-229, jreichert@gibsondunn.com)
Vanessa Ludwig (+49 69 247 411-531, vludwig@gibsondunn.com)

*Sam Firmin is a staff attorney working in the firm’s London office.

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

The rule, scheduled to take effect on March 11, 2024, defines independent contractor status more narrowly than the rule published in 2021 by the Trump Administration.

Today the U.S. Department of Labor released a final rule regarding who is an “independent contractor” under the Fair Labor Standards Act (“FLSA”), and thus not subject to the minimum wage and overtime requirements the FLSA applies to “employees.”  The rule defines independent contractor status more narrowly than the rule published in 2021 by the Trump Administration.  It is scheduled to take effect on March 11, 2024.

The rule largely hews to the Department’s October 2022 proposal.  It codifies a six-factor, totality-of-the-circumstances test for who qualifies as an independent contractor.  Under the rule, independent contractor status will be determined by looking to the following factors:  the worker’s opportunity for profit or loss; the worker’s investments; the permanency of the relationship; the degree of control by the employer over the worker; whether the work is an integral part of the employer’s business; and the skill and initiative required to do the work.  The test will not assign special weight to any of the six factors, and instead consider them “in view of the economic reality of the whole activity” in which the worker in question is engaged.

Apart from jettisoning the framework of the 2021 rule—which relied on five factors, not six, and gave particular weight to “control” and the “opportunity for profit or loss”—the new rule makes important adjustments to how the traditional factors were applied in the 2021 rule.  For example, DOL will consider the worker’s investments on a relative basis with the employer’s investments.  The Department states, “if the worker is making similar types of investments as the employer or investments of the type that allow the worker to operate independently in the worker’s industry or field, then that fact suggests that the worker is in business for themself,” and, like the proposal, indicates that the “dollar values” of the company’s and workers’ investments should be compared.  The rule also reformulates the factor in the 2021 rule concerning whether a worker’s activities are part of an “integrated unit of production,” changing it to an assessment of whether the activity is important or “central” to a business’s operations, and rejecting many commenters’ assertions that this factor will nearly always weigh in favor of employee status and thus is not a useful indicator of the appropriate classification.  Additionally, the Department will consider a worker’s “initiative” indicative of independent contractor status under several different aspects of its test.

Many commenters disagreed with the proposed rule’s provision that “[c]ontrol implemented by the employer for purposes of complying with legal obligations” and “safety standards” was “indicative” of employee status.  In a notable change, the final rule provides that “[a]ctions taken by the potential employer for the sole purpose of complying with a specific, applicable Federal, State, Tribal, or local law or regulation are not indicative of control.”  Still, the rule emphasizes that any action taken by the employer that goes beyond what is strictly required by law or regulation may be indicative of employee status.  Moreover, the rule’s “sole purpose” language may still allow consideration of actions taken to ensure compliance with legal requirements.

The Department has also removed the provision of the 2021 rule that clarified that “the actual practice of the parties involved is more relevant than what may be contractually or theoretically possible.”  Under the Department’s new rule, a company’s so-called “reserved” control can be more important than control the company actually exercises over workers.

In its release, the Department acknowledges that the rule is an “interpretive” rule and asserts that the rule will be entitled only to “Skidmore deference” from the courts, rather than the more robust “Chevron deference” that sometimes is given to federal regulations.  Nevertheless, the rule is a substantial departure from the 2021 rule it replaces and, by the Department’s admission, the rule provides “broader discussion” of many factors than the Department has given before.  Commenters representing a wide variety of industries and independent contractors have warned the Department that the rule could result in the misclassification of many independent contractors as employees and chill innovative and valuable work relationships to the detriment of established companies, startups, and workers alike.

The new rule is likely to face litigation.  A coalition of industry groups successfully challenged the Department’s previous attempt to withdraw the 2021 rule, arguing among other things that DOL’s action was arbitrary and capricious.  That suit remains pending before the Fifth Circuit Court of Appeals.  See Coal. for Workforce Innovation v. Walsh, No. 1:21-CV-130, 2022 WL 1073346 (E.D. Tex. Mar. 14, 2022), appeal filed, No. 22-40316 (5th Cir. May 13, 2022).

In addition to litigation, Senator Bill Cassidy (R-La.) announced that he will introduce a Congressional Review Act (“CRA”) resolution to repeal the new rule, and Representative Kevin Kiley (R-Cal.) also stated that he would introduce a CRA resolution in the House.  If passed by both houses of Congress, a CRA resolution would almost certainly be vetoed by President Biden.

---

The following Gibson Dunn attorneys prepared this update: Eugene Scalia, Jason Schwartz, Katherine Smith, Theane Evangelis, Michael Holecek, Jason Mendro, Andrew Kilberg, Alex Harris, Max Schulman, and Andrew Ebrahem*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment or Administrative Law and Regulatory practice groups, or the following authors and practice leaders:

Eugene Scalia – Co-Chair, Administrative Law & Regulatory Practice Group, Washington, D.C.
(+1 202.955.8210, escalia@gibsondunn.com)

Jason C. Schwartz – Co-Chair, Labor & Employment Practice Group, Washington, D.C.
(+1 202.955.8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Co-Chair, Labor & Employment Practice Group, Los Angeles
(+1 213.229.7107, ksmith@gibsondunn.com)

Helgi C. Walker – Co-Chair, Administrative Law & Regulatory Practice Group, Washington, D.C.
(+1 202.887.3599, hwalker@gibsondunn.com)

*Andrew Ebrahem is admitted only in Virginia; practicing under the supervision of members of the District of Columbia Bar under D.C. App. R. 49.

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

We are pleased to provide you with Gibson Dunn’s ESG update for Winter 2023. This update covers the following key developments from November and December 2023.

I. GLOBAL

1. Institutional Shareholder Services (ISS) publishes 2024 Benchmark Policy Updates

On December 19, 2023, the proxy advisor ISS published its updated 2024 Benchmark Proxy Voting Policies, which will apply to shareholder meetings that take place on or after February 1, 2024. ISS have also published separate regional update documents announcing policy changes for each of the Americas, EMEA and Asia-Pacific. The main changes by ISS concern executive compensation, board composition and diversity, and risk oversight.

These updates by ISS follow the 2024 guidelines on proxy voting polices published earlier in November 2023 by Glass Lewis.

2. ICMA publishes new voluntary code of conduct for ESG ratings and data products providers

On December 14, 2023, the ICMA published a new voluntary Code of Conduct for ESG ratings and data products providers in line with IOSCO recommendations. Setting out 6 different principles, the Code introduces clear standards for ESG ratings and data product providers, and clarifies their interaction with wider market participants. The 6 principles concern: (1) good governance; (2) securing quality (systems and controls); (3) conflicts of interest; (4) transparency; (5) confidentiality (systems and controls); and (6) engagement (systems and controls).

The overarching aims of the Code are to: (1) improve the availability and quality of information provided to investors at product and entity levels; (2) enhance market integrity through increased transparency, good governance and sound systems and controls; and (3) improve competition through better comparability of products and providers.

ESG ratings and data products providers who sign up to the Code will need to make a public annual statement of application which explains their approach to implementing the Code. An implementation period of 6 months for ESG ratings providers, and 12 months for ESG data products providers, will then apply. By the time this period lapses, the 6 principles should be embedded within the provider’s organization. Providers that have agreed to adopt the Code will also be listed on the ICMA’s website.

Based heavily on the IOSCO recommendations, the ICMA intends for the Code to be applied internationally and a step towards creating a globally consistent regulatory framework. A hybrid event for stakeholders will take place at the London Stock Exchange on January 31, 2024 to discuss how the Code will work in practice.

3. Network for Greening the Financial System (NGFS) publishes Recommendations toward the development of scenarios for assessing nature-related financial risks

On December 13, 2023, the NGFS published a Technical Document providing recommendations toward the development of scenarios to assess nature-related economic and financial risks. The Technical Document is premised upon a two-part framework required for conducting forward-looking risk assessments: (1) envisioning consistent narratives to identify different hazards; and (2) exploring methods and tools e.g. models and data needs, to assess the impacts of such hazards and the ability to mitigate them. It also highlights the specificities of nature-related risks as opposed to climate-related risks, and discusses and outlines potential ways forward.

The NGFS intends for the Technical Document to pave the way for the future development of nature-related scenarios and the ability of central banks and supervisors to conduct comprehensive forward-looking nature risk assessments.

4. COP28 countries agree deal to transition away from fossil fuels

On December 13, 2023, representatives from nearly 200 countries reached a deal at the COP28 summit to transition away from fossil fuels in the effort to meet global net zero emissions by 2050. Specifically, governments are called upon to triple renewable energy capacity globally by 2030, accelerate efforts to reduce coal use, focus on technologies such as carbon capture and storage and low-carbon hydrogen production, and phase out fossil fuel subsidies. All countries will need to set “ambitious” emissions targets over the next 2 years to limit global warming to 1.5°C above pre-industrial levels. However, the agreement does recognize that targets should be set in light of “different national circumstances”, taking into account poorer nations.

5. IOSCO publishes a final report presenting supervisory practices across its members to address greenwashing

On December 4, 2023, the IOSCO published a final Report on Supervisory Practices to Address Greenwashing. The Report discusses the initiatives undertaken in various jurisdictions to address greenwashing, in line with IOSCO recommendations published in November 2021 (Report 1 and Report 2) and the subsequent Call for Action in November 2022, with the aim of increasing visibility of the roles that regulators are playing in this space. It also sets out the challenges hindering the implementation of these recommendations, including data gaps, transparency, quality, and reliability of ESG ratings, consistency in labelling and classification of sustainability-related products, evolving regulatory approaches, and capacity building needs.

The IOSCO highlighted that the main findings of the Report indicate the following:

• There is no global definition of greenwashing.
• Most jurisdictions have supervisory tools and mechanisms in place to address greenwashing in the area of asset managers and their products.
• Educational, awareness measures and capacity building activities are being used as proactive tools to prevent greenwashing. However, addressing greenwashing also requires financial education initiatives, both at investor and industry levels.
• The ESG ratings and data products markets are growing rapidly.
• Steps are reportedly being taken by Affiliate Members Consultative Committee (AMCC) members to improve the consistency of terminology, which could lead to better classification of funds and labelling.
• Enforcement measures such as infringement notices, fines, revocations of licenses, and suspension of businesses have been applied to greenwashing cases. Civil or criminal liability can also be applicable depending on the severity of the particular case.
• The cross-border nature of sustainable finance investments requires adequate sharing of information, data and knowledge between countries.

6. International Organization of Securities Commissions (IOSCO) publishes a Consultation Report to promote the integrity and orderly functioning of the Voluntary Carbon Markets (VCMs)

On December 3, 2023, the IOSCO published a 90-day consultation report outlining a set of 21 ‘Good Practices’ to promote the integrity and orderly functioning of the VCMs. The proposed ‘Good Practices’ relate to regulatory frameworks, primary market issuance, secondary market trading, and use and disclosure of use of carbon credits. Although not legally binding, the IOSCO’s intention is that they help to support sound market structures and enhance financial integrity in the VCMs, allowing for carbon credits to be traded in an orderly and transparent way.

The proposed ‘Good Practices’ build on the Key Considerations included in the November 2022 Discussion Paper, the feedback received in response to that Discussion Paper, and IOSCO members’ knowledge and oversight of financial markets. They also draw upon existing good practices and  principles for well-functioning markets, such as IOSCO’s Objectives and Principles of Securities Regulation (including the derivatives markets).

The deadline for comments from relevant regulators, authorities and market participants on the proposed ‘Good Practices’ is March 3, 2024.

7. COP28: the global climate summit convenes in United Emirates

The 2023 UN Climate Change Conference convened in Dubai over the first few weeks of December, with the spotlight on climate finance, gender-responsive climate action, the energy transition and climate mitigation.  Notable developments on the finance front include the announcement by the UK, France, the World Bank, the African Development Bank Group, the European Bank for Reconstruction and Development, and the Inter-American Development Bank (IDB) of new commitments to expand the use of climate resilient debt clauses (CDRCs)—which allow the lenders to pause debt for countries that are faced with a natural disasters—in their lending. The UK announced the first ever CDRC to Senegal, the first in Africa. In addition, a consortium of multilateral development banks and funders, States and NGOs announced the issuance of Guiding Principles for Financing Climate and Health Solutions, which aim to foster collaboration between funders and accelerate the allocation of finance to countries and communities for climate and health solutions.

Elsewhere during the conference, the new Gender-Responsive Just Transitions & Climate Action Partnership was endorsed by over 60 state parties, making a series of commitments to support women’s economic empowerment and ensure women’s livelihoods are protected during the just transition.

8. Basel Committee proposes mandatory climate change disclosures by banks

On 29 November, 2023, the Basel Committee on Banking Supervision—the primary global standard setter for the prudential regulation of banks—issued a public consultation paper on its proposed Pillar 3 disclosure framework for climate-related financial risks. The consultation seeks the views of stakeholders on various qualitative and quantitative disclosure requirements that would complement the work of other standard setters, including the International Sustainability Standards Board (ISSB) and provide a global common disclosure baseline for internationally active banks. The Committee will use feedback from the consultation process to consider which requirements should be mandatory and which should be subject to national discretion.

9. International Capital Markets Association issues updates to Guidance Handbook

On November 29, 2023, the International Capital Market Association (ICMA) and Executive Committee of the Principles published an updated edition of the Guidance Handbook, which gives guidance on the Green Bond Principles (2014), Social Bond Principles (2017), Sustainability Bond Guidelines (2017) and Sustainability-Linked Bond Principles (2020). The updated edition includes further guidance on relabelling bonds as GSS bonds post-issuance, use of proceeds of GSS bonds, bonds issued by “pure play companies” (i.e. organisations that are mainly or entirely involved in environmentally and/or socially sustainable activities), impact reporting, and identifying target populations for the purpose of Social Bonds.

10. International Capital Markets Association (ICMA) and the Executive Committee of the Principles update the Guidance Handbook

On November 29, 2023, the ICMA and the Executive Committee of the Principles published an updated edition of the Guidance Handbook, replacing the January 2022 edition.

The Guidance Handbook provides market participants with sought-after additional information on how to interpret the Green Bond Principles, Social Bond Principles, Sustainability Bond Guidelines and Sustainability-Linked Bond Principles (collectively, the Principles), as well as advice on their practical application for transactions. The updated Guidance Handbook also now includes the Q&As initially published separately which concern secured green, social and sustainability bonds (GSS Bonds) (Chapter 3), sustainability-linked bonds (Chapter 4), and GSS bonds related to pandemics and social projects to support fragile and conflict states (Chapter 8). Further guidance is also provided on re-labelling (Chapter 1.18), net asset value (Chapter 2.1), pure play companies (Chapter 2.1), impact reporting (Chapter 2.3), and social bonds (Chapter 2.3).

The revised Guidance Handbook seeks to support market development and underpin market integrity. The ICMA intends for the Guidance Handbook to be widely circulated and used by the green, social, sustainability and sustainability-linked bond market (GSSS bond market).

11. Basel Committee consults on a disclosure framework for climate-related financial risk

On November 29, 2023, the Basel Committee on Banking Supervision published a public consultation paper on the disclosure of climate-related financial risks. In particular, the Committee is evaluating how a Pillar 3 disclosure framework would further its mandate to strengthen the regulation, supervisions and practices of banks worldwide to enhance financial stability. The Committee is also investigating the potential design of such a framework. Its initial proposals for the framework include qualitative and quantitative disclosure requirements, bank-specific metrics for quantitative climate disclosures, forecasts, and quantitative disclosure requirements subject to jurisdictional discretion.

The Committee intends for the disclosure framework to complement the work of other standard setters, including the International Sustainability Standards Board (ISSB), and provide a common disclosure baseline for internationally active banks.

The consultation is part of the Committee’s approach to addressing climate-related risks to the global banking system. The deadline for stakeholder feedback is February 29, 2024, with a revised or final proposal expected to be published in Q3-Q4 2024. The Committee is further contemplating a potential implementation date of January 1, 2026, one year after the effective date proposed by the ISSB and after the expiration of the ISSB’s proposed transitional arrangements.

12. Abu Dhabi launches its first ESG benchmark index

Ahead of the COP28 summit, on November 28, 2023 the Abu Dhabi Securities Exchange (ADX) announced the launch of its ESG benchmark index developed in collaboration with FTSE Russell. The benchmark is designed to provide investors with a tradable ESG benchmark that ranks companies according to ESG scores sourced from London Stock Exchange Group (LSEG) Data & Analytics. The companies will be measured on an annual basis based on their public reporting.

The index will initially include 24 companies that are listed on the ADX market and are constituents of the FTSE ADX General Index.

13. Global Reporting Initiative releases new draft climate and energy standards

On November 21, 2023, the Global Reporting Initiative (GRI) published two draft standards designed to support organisations in their accountability efforts relating to their climate change impacts. The first is a new draft Climate Change Standard to assist organisations in disclosing their climate change transition and adaption plans and actions and in explaining their use of carbon credits and GHG removals. The second is a draft revised Energy Standard, which includes an additional management disclosure on the role of the organisation’s energy policies and commitments in the transition to a decarbonised economy, as well as extended requirements on energy consumption and generation.

Both drafts are currently subject to public comment period; interested parties can submit online comments on the draft by February 29, 2024.

14. Glass Lewis publishes 2024 Benchmark Policy Guidelines, including guidelines for shareholder proposals and ESG-related issues

On November 16, 2023, the proxy advisor Glass Lewis published its 2024 Benchmark Policy Guidelines which apply to shareholder meetings held on or after January 1, 2024. The Guidelines set out Glass Lewis’ views on current market practice and its approach in different global markets for 2024, including the US, UK, France, Germany, Switzerland, MENA, China, Hong Kong, and Singapore.

The key changes seen in this year’s edition vary between markets but largely focus on areas including the following:

• Director attendance levels;
• Cyber risk oversight;
• Executive ownership guidelines;
• Utility of compensation clawback provisions;
• Material weaknesses in internal controls over financial reporting;
• Board accountability for climate-related issues;
• Board oversight of ESG issues; and
• Clarification on remuneration at financial institutions.

Glass Lewis has also published a 2024 edition of its Guidelines for Shareholder Proposals and ESG-Related Issues which apply globally. The main updates here concern board accountability for climate-related issues, consideration for engagement between companies and investors, and recommendations on non-financial reporting.

15. CFA Institute, PRI and GSIA announce harmonised definitions for sustainable investments

On November 1, 2023, the CFA Institute, Principles for Responsible Investment (PRI) and the Global Sustainable Investment Alliance (GSIA) issued a new paper containing harmonised definitions aimed at clarifying the language of responsible investment. In particular, the harmonised definitions serve to promote consistent and precise use of terminology with regard to five existing responsible investment terms: “screening”, “ESG integration”, “thematic investing”, “stewardship” and “impact investing”, and thereby to deepen understanding of the nuances of responsible investment approaches.

The paper is available on the each of the respective organizations’ websites: CFA Institute here, PRI here, and GSIA here.

16. International Bar Association publishes report on use of arbitration in ESG-related disputes

On October 30, 2021, the International Bar Association (IBA) published a Report on use of ESG contractual obligations and related disputes, based in part on a survey of in-house and counsel and compliance staff at large multinationals by the IBA’s ESG subcommittee. The report addresses use of ESG-related obligations in both commercial contracts and investment treaties, as well as the role of arbitration in the resolution of ESG-related disputes.

On the commercial front, the report notes the proliferation of ESG-specific requirements in commercial contracts in the past decade, including references to the Equator Principles, UN Guiding Principles on Business and Human Rights and the Green Loan principles, and the availability of model ESG clauses such as those developed by The Chancery Lane Project and American Bar Association. The report anticipates an increased inclusion of termination rights for breach of ESG obligations as regulation in this area increases.

On the investment front, the report finds that the language adopted in some modern model investment treaties indicates that States are seeking investment that furthers the E, S and G elements of their sustainability agenda, and that specific substantive ESG-related standards are making an appearance in model investment treaties. Further, that there are frequent carve outs for the State’s right to regulate on issues including ESG matters.

Finally, on the matter of dispute resolution, the report points to the survey’s finding that one of the most important factors in the choice of disputes resolution mechanisms to resolve ESG disputes is confidentiality. This, in turn, likely presages the increased use of arbitration to resolve ESG disputes (especially contractual disputes) in future.

II. UNITED KINGDOM

1. UK enacts The Greenhouse Gas Emissions Trading Scheme (Amendment) (No. 2) Order 2023

The Greenhouse Gas Emissions Trading Scheme (Amendment) (No 2) Order 2023 (SI 2023/1387) (Amendment No 2 Order) came into force on January 1, 2024. The Amendment No 2 Order was made on December 13, 2023 and, alongside the Greenhouse Gas Emissions Trading Scheme (Amendment) Order 2023 (SI 2023/850) and the Greenhouse Gas Emissions Trading Scheme Auctioning (Amendment) Regulations 2023 (SI 2023/994), is part of a package of legislation targeting reforms to the UK Emissions Trading Scheme (UK ETS).

The Amendment No 2 Order has implemented amendments to the UK ETS which concern the following:

• Capping of free allocation for aviation at 100% of emissions;
• Amending free allocation rules for electricity generators, including clarification of the definition of combined heat and power (CHP) plants and electricity generator, as well as an updated definition of electricity generator which only considers electricity exports for the baseline period 2019-2023 rather than all electricity exports since 2005; and
• Clarification for carbon capture and storage (CCS) plants, including that an industrial installation that installs a capture plant is not disqualified from receiving free allocation.

2. FCA publishes 46^th Edition of Primary Market Bulletin featuring guidance on ESG stewardship and TCFD disclosure obligations compliance

On December 19, 2023, the FCA released its 46^th edition of the Primary Market Bulletin. This edition focuses on providing guidance in two areas:

1. Shareholder cooperation regarding ESG stewardship more generally and with respect to Article 10 of the UK Market Abuse Regulation (MAR), under which it is an offence to unlawfully disclose inside information.
The FCA advised that two pre-existing resources remain relevant to issues on shareholder activism, engagement and cooperation: (1) a letter from the FSA to the Association of British Insurers titled “Shareholder engagement and the current regulatory regime” dated August 19, 2009; and (2) the FSA’s Market Watch 20 dated May 20, 2007.

Further, the FCA clarified that the earlier outcome in the case of FCA v Sir Christopher Gent does not alter its approach to the MAR and should also not inhibit engagement between companies and their shareholders.

2. Procedures and policies by sponsors for compliance with the Task Force on Climate-Related Financial Disclosures (TCFD) disclosure obligations.
The FCA also discussed its assessment of how sponsors have made changes to their procedures to ensure listing applicants have systems in place to comply with the TCFD requirements. As required by the Listing Rules, premium and standard listed companies must include climate-related financial disclosures in their annual reports consistent with the TCFD disclosure requirements. The FCA’s findings were largely positive and the review found most sponsors had amended their policies to take into account the increased focus on climate-related matters.

The FCA further noted its expectations that sponsors should have sufficient skills, knowledge and expertise to interpret and apply relevant elements of the FCA Handbook. It also flagged the importance of sponsors providing their staff with appropriate training, including in relation to general developments in climate and sustainability-related disclosure.

3. Climate related risks features in the FRC’s areas of supervisory focus and priority sectors for 2024/25

On December 6, 2023, the Financial Reporting Council (FRC) announced its 2024/25 supervisory focus areas and priority sectors for both corporate reporting review and audit quality inspections. However, the FRC observed that it monitors companies and audits from all sectors, and the priority sectors are just one risk factor amongst many that are taken into a consideration when making its selections.

The FRC declared its 4 areas of supervisory focus to be: (1) risks related to the current economic environment, such as going concern, impairment, recoverability and recognition of tax assets/liabilities; (2) climate-related risks, including Task Force on Climate-related Financial Disclosures (TCFD); (3) implementation of IFRS 17 – Insurance Contracts; and (4) cash flow statements.

In addition, when selecting corporate reports and audits for review, the FRC has 5 priority sectors: (1) construction and materials; (2) food producers; (3) gas, water and multi-utilities; (4) industrial metals and mining; and (5) retail. The FRC has also stated that the financial services sector, including banking and insurance, will continue to be a focus of review and will be included annually in its selections.

4. Financial Conduct Authority publishes final rules on sustainability disclosure and investment labels

On November 28, 2023, the Financial Conduct Authority (FCA) published a Policy Statement containing its final rules and guidance on sustainability disclosure requirements (SDR) and investment labels, which aim to improve trust and transparency to the market for sustainable investment products.  The new regime applies (albeit in different respects) to UK asset managers and to FCA-authorised firms who make sustainability-related claims about their products and services, and is for the benefit of both professional and institutional investors as well as “retail investors”, i.e. consumers.

The new regime comprises the following package of measures: (i) an anti-greenwashing rule to ensure that sustainability-related claims are fair, clear and not misleading, (ii) four new product labels to help consumers navigate the investment product landscape, (iii) naming and marketing rules for investment products to ensure accurate use of sustainability-related terms, (iv) consumer-facing information requirements to help consumers understand key sustainability product features, (v) detailed information requirements in pre-contractual, ongoing product-level and entity-level disclosures for the benefit of institutional investors and consumers, and (vi) requirements for distributors to ensure that product-level information such as labelling is made available to consumers.

5. Sustainability disclosure and labelling regime confirmed by the FCA

On November 28, 2023, the Financial Conduct Authority (FCA) announced in its Policy Statement the introduction of its new UK Sustainability Disclosure Requirements and a new investment labels regime to improve the trust, transparency and credibility of sustainable investment products, increase consumer protection through greater access to information when investing, and also minimise greenwashing by companies.

The new FCA regime will introduce the following measures:

1. From May 31, 2024, an anti-greenwashing rule for all FCA-authorised firms to ensure sustainability-related claims are fair, clear and not misleading. Final guidance providing further clarity on this rule is due to be published prior to the rule’s introduction once its public consultation closes on January 26, 2024;

2. From July 31, 2024, the application of 4 different product labels (Sustainability Focus, Sustainability Improvers, Sustainability Impact, and Sustainability Mixed Goals) to investment products to help investors understand what their money is being used for, based on clear sustainability goals and criteria;

3. From December 2, 2024, naming and marketing requirements for UK asset managers so investment products cannot be described as having a positive impact on sustainability when they do not; and

4. From December 2, 2025, ongoing product-level and entity-level disclosures for firms with assets under management exceeding £50 billion. Additionally, from December 2, 2026, entity-level disclosures will be extended to firms with assets under management exceeding £5 billion.

The measures do not yet apply to portfolio management products and services, and the FRC plans to consult on this in early 2024.

6. UK to set out regulatory rules for ESG ratings industry imminently

On November 8, 2023, Financial Times reported that the UK government will publish a formal proposal for regulation of agencies that evaluate companies’ environmental, social and governance performance as early as January 2024. The Treasury is said to be examining whether this will require new legislation or can be achieved through measures implemented under existing laws. The proposal will take into account responses from a consultation process which ended in June 2023, with a government response to the consultation due to be published by the Treasury “in due course”.

Ministers have not ruled out the possibility of the creation of a new supervisory body to take on this function, but it is more likely that the remit of the Financial Conduct Authority will be expanded. The FCA is currently developing a voluntary code of conduct for ESG ratings and data product providers (see our earlier update here).

The European Commission proposed new regulations for ESG rating providers on June 13, 2023. See also update on Hong Kong (below) on development of an ESG ratings and data providers code of conduct.

7. Financial Reporting Council indicates intention to drop proposed ESG-related changes to UK Corporate Governance Code

Following consultation with stakeholders on proposed revisions to the UK Corporate Governance Code (the governance code applicable to all companies with a ‘premium listing’ on the London Stock Exchange), the Financial Reporting Council announced on November 7, 2023 that it will only be taking forward a small number of its original 18 proposals, and will be abandoning the proposals relating to the role of audit committees on environmental and social governance, and to modifications to existing code provisions around diversity, over-boarding, and Committee Chairs engaging with shareholders. The updated Code will be published in January 2024.

This follows the announcement by the UK government, on October 16, 2023, that it was withdrawing the  draft Companies (Strategic Report and Directors’ Report) (Amendment) Regulations following concerns by companies on burdensome and ever-increasing reporting requirements.

III. EUROPE

1. European Insurance and Occupational Pensions Authority (EIOPA) seeks feedback on its proposed approach to tackle greenwashing in the insurance and occupational pension sectors

EIOPA has launched a public consultation on its Consultation Paper on the Opinion on sustainability claims and greenwashing in the insurance and pensions sectors. The principles within the Opinion aim to pave the way for a more effective and harmonised supervision of sustainability claims across Europe and thereby limit the risk of greenwashing in the insurance and occupational pensions sectors. The deadline for submission of comments is March 12, 2024.

2. European Commission proposes to update free allocation rules to implement EU emissions trading system

The European Commission has opened a consultation process on the proposed updates to multiple regulatory acts under the Delegated Regulation for the implementation of the EU emissions trading system (ETS). The intention is to allow transitional EU-wide rules for harmonised free allocation of emission allowances. The consultation will close on January 2, 2024.

3. European Parliament’s Economic and Monetary Affairs Committee (ECON) adopts position on regulation to increase ESG ratings transparency and competition

On December 4, 2023, ECON adopted its position on a regulation by the European Commission aimed at enhancing transparency and competition in ESG ratings. ECON advocates for changes to the rules proposed by the European Commission – in particular:

• breaking down the ESG rating into separate E, S and G factors to avoid rating obscuring poor performance on any of these individual metrics;
• promoting the “double materiality” approach, i.e. whether the delivered rating addresses both material financial risk to the rated entity and the material impact of the rated entity on the environment and society;
• increasing transparency on the methodologies, models and key rating assumptions which rating providers use in their ESG rating activities; and
• boosting competition in favour of smaller rating providers.

The regulation aligns with other EU sustainability initiatives. On December 20, 2023, the Council of the EU has agreed its negotiating mandate on the proposal for a regulation on ESG ratings. In its negotiating mandate, the Council clarified the circumstances under which ESG ratings fall under the scope of the regulation, providing further details on the applicable exemptions.

4. European Securities and Markets Authority (ESMA) presents methodology for climate risk stress and considers use of ESG controversies to monitor greenwashing

On December 19, 2023, ESMA published two articles outlining (i) an approach to modelling the impact of asset price shocks from adverse scenarios involving climate-related risks, and (ii) exploring the use of ESG controversies for the purpose of monitoring greenwashing risk. ESMA is holding a webinar on the topics on February 7, 2024.

5. European Central Bank (ECB) and the European Systemic Risk Board (ESRB) publish report on climate-related financial stability risks

On December 18, 2023, the ECB and the ESRB published a joint report on the impact of climate change on the EU financial system. The reports sets out a framework for addressing risk by gathering evidence on the most important financial stability indicators and looks to develop a macroprudential strategy for addressing climate broader nature-related risks.

6. European Banking Authority (EBA) proposes voluntary EU label for green loans

On December 15, 2023, EBA published a response to the European Commission’s call for advice on green loans and mortgages. In its response, EBA suggests the introduction of a voluntary EU label for green loans based on a common EU definition and as well as the integration of the concept of a ‘green mortgage’ and its key sustainability features in the Mortgage Credit Directive. In particular, EBA proposes that:

• such EU definition and labelling framework incorporate a degree of flexibility to facilitate market participants’ credible efforts in contributing to environmental objectives;
• for the labelling framework to include information on the long-term benefits of investing in energy-efficient solutions, documentation requirements and availability of financial support schemes; and
• when reviewing the Mortgage Credit Directive, the European Commission consider integrating the concept of green mortgages as well as the expected features of these loans.

7. Council of the EU and European Parliament strike deal on the Corporate Sustainability Due Diligence Directive; European Securities and Markets Authority (ESMA) consults on draft guidelines on enforcement of sustainability information

On December 14, 2023, the Council of the EU and the European Parliament reached a provisional agreement on the Corporate Sustainability Due Diligence Directive, which will oblige firms to integrate their human rights and environmental impact into their management systems. Eligible companies will be required to make investments, seek contractual assurances from partners, improve their business plans or provide support to their partners from SMEs in order to identify, assess, prevent, mitigate and remedy the negative impact of their activities on people and the planet. Companies’ business model will also have to comply with limiting global warming to 1.5°C. In addition, supervisory authorities will be able to launch inspections and impose penalties on non-compliant companies, including fines of up to 5% of their net worldwide turnover. As a next step, the provisional agreement needs to be endorsed and formally adopted by both institutions.

On December 15, 2023, ESMA published a consultation paper on a set of draft guidelines on enforcement of sustainability information, with responses sought by 15 March 2024. The main goals of the draft guidelines are to ensure that national competent authorities carry out their supervision of listed companies’ sustainability information under the Corporate Sustainability Reporting Directive (CSRD), the European Sustainability Reporting Standards and Article 8 of the Taxonomy Regulation in a converged manner; and to establish consistency in, and equally robust approaches to, the supervision of listed companies’ sustainability and financial information. ESMA says this will facilitate increased connectivity between the two types of reporting.

8. European Securities and Markets Authority (ESMA): “Update on the guidelines on funds’ names using ESG or sustainability-related terms – Postponement of Publication”

On December 14, 2023, ESMA has published a statement that it has postponed the adoption of the Guidelines on ESG and sustainability-related terms in fund names to ensure that the outcome of reviews of AIFMD and the UCITS Directive may be fully considered. In particular, the text of the provisional agreement resulting from the interinstitutional negotiations contains two new mandates for ESMA to develop guidelines specifying the circumstances where the name of an AIF or UCITS is unclear, unfair, or misleading.  ESMA plans to adopt the Guidelines shortly after the date of entry into force of AIFMD and UCITS Directive revised texts.

9. European Securities and Markets Authority (ESMA) to launch and participate in Common Supervisory Action on ESG disclosures for Benchmarks Administrators

On December 13, 2023, ESMA announced that it will launch a common supervisory action (CSA) with national competent authorities (NCAs) on environmental, social and governance disclosures under the EU Benchmarks Regulation. This is ESMA’s first CSA in its role as a direct supervisor of benchmarks administrators. It will be carried out by ESMA and the NCAs during 2024 and until Q1 2025.

10. ESAs put forward amendments to sustainability disclosures for the financial sector

The three European Supervisory Authorities (European Banking Authority, European Insurance and Occupational Pensions Authority, and European Securities and Markets Authority – togethers the ESAs) are finalising amendments to the Sustainable Finance Disclosure Regulation (SFDR), proposing new social indicators, streamlined disclosure frameworks for adverse impacts, and additional product disclosures on greenhouse gas emissions reduction targets. The Final Report was published on December 4, 2023. Other revisions include improvements to “Do No Significant Harm” disclosures, simplified disclosure templates, and other technical adjustments regarding derivatives and sustainable investment calculations.

11. Loan Market Association (LMA) updates sustainable lending glossary

In December 2023, the LMA updated its sustainable lending glossary, produced in conjunction with the Loan Syndications and Trading Association and the Asia Pacific Loan Market Association. The glossary (which was first published in March 2020 and was last revised in August 2021) intends to assist the transparency of terms in the rapidly evolving sustainable lending market and provides an alphabetical list of terms, concepts, institutions, and agreements relevant to green and sustainable lending transactions.

12. European Green Bonds Regulation published in Official Journal

On November 30, 2023, the Official Journal of the EU has published Regulation (EU) 2023/2631 of the European Parliament and of the Council on European Green Bonds and optional disclosures for bonds marketed as environmentally sustainable and for sustainability-linked bonds. This Regulation lays down uniform requirements for issuers of bonds that wish to use the designation ‘European green bond’ or ‘EuGB’ for their environmentally sustainable bonds, and entered into force on December 2023, 2023, and will apply from December 21, 2024.

13. EU finalises European Green Bond Regulations

On November 30, 2023, Regulation (EU) 2023/2631 on European Green Bonds and optional disclosures for bonds marketed as environmentally sustainable and for sustainability-linked bonds was published in the Official Journal of the European Union. The Regulation provides for uniform requirements for issuers of environmentally sustainable bonds who intend to designate their bonds as “European green bonds” or “EuGB”. See our earlier update here.

14. EU Commission publishes proposal for carbon certification framework

On November 30, 2023, the EU Commission published its proposal for a new regulation establishing a voluntary EU certification framework for carbon removals. The proposal sets out quality criteria (“Qu.AL.ITY critera”) for carbon removal activities that take place in the EU, rules for the independent verification of carbon removals, and rules to recognise certification schemes that can be used to demonstrate compliance with the EU framework.

The proposal is now under discussion by the European Parliament and the Council, with the Commission due to develop tailored certification methodologies for the different types of carbon removal activities based on the QU.A.L.ITY criteria, supported by an expert group which will meet in the first quarter of 2023.

15. COP28: EU Parliament pushes for end of global fossil fuel subsidies by 2025

On November 21, 2023, the EU Parliament adopted a resolution calling, among other things, for the EU and all parties at COP28 to end all direct and indirect fossil fuel subsidies as soon as possible, and by 2025 at the latest. The resolution also called for an end to all environmentally harmful subsidies as soon as possible and latest by 2027, at both EU and Member State levels, and called on Member states to improve their national reporting of fossil fuel subsidies and plan for their phase-out in the upcoming revisions of their national energy and climate plans.  

16. EU Parliament and Council agree to introduce “ecocide” offence

On November 16, 2023, it was announced that the Parliament and Council have reached a provisional agreement on a new EU directive that will impose new criminal sanctions for environmental harm. The directive was first proposed in December 2021, to replace the existing Environmental Crime Directive 2008 and establish minimum rules that bring the existing criminal regime into alignment with the objectives of the EU’s Green Deal.

The agreed directive will introduce “qualified offences” described by the Parliament as “comparable to ecocide”, whereby stricter sanctions are imposed for intentional acts that caused destruction, irreversible, widespread and substantial damage, or long-lasting widespread and substantial damage to an ecosystem of considerable size of environmental value, or to a natural habitat within a protected site, or to the quality of air, soil or water.

Specific new offences include timber trafficking, illegal recycling of polluting components of ships, and serious breaches of legislation on chemicals.

The provisional agreement is due to be formally adopted by both the European Parliament and the Council. The press releases of the Commission, Parliament and Council are available here, here and here.

17. European Parliament and Council agree on new EU Methane Regulation

On November 15, 2023, it was announced that the European Parliament and Council have reached a provisional agreement on a EU new regulation to reduce energy sector methane emissions in Europe and in global supply chains. The regulation was first proposed in December 2021, under the banner of the European Green Deal, with the aim of preventing avoidable release of methane into the atmosphere and minimise methane leaks by fossil energy companies operating in the EU.

The EU Methane Regulation, in its agreed form, will impose obligations on companies in the oil, gas and coal sectors, including requiring oil and gas companies to carry out regular surveys of their equipment to detect and repair methane leaks on the EU territory within specific deadlines, banning routine venting and flaring by the oil and gas sectors and limiting venting from thermal coal mines from 2027, and requiring companies in all three sectors to carry out an inventory of closed, inactive, plugged and abandoned assets with a view to monitoring and mitigating their emissions as soon as possible.

The regulation also targets methane emissions related to imported oil, gas and coal into the EU, including by establishing a methane transparency database where data on methane emissions reported by importers and EU operators is made available to the public, and by requiring the Commission to establish methane performance profiles of countries and companies to allow importers to make informed choices on their energy imports.

The provisional agreement is due to be formally adopted by both the European Parliament and the Council. The press releases of the Commission and Council are available here and here.

18. European Commission proposes postponement of pending European Sustainability Reporting Standards until June 2026

On October 24, 2023, the Commission published a proposal for a Decision postponing the deadlines for adoption of the second tranche of European Sustainability Reporting Standards (ESRS) (i.e. the sector-specific standards) which underpin the disclosure requirements of the EU’s new comprehensive sustainability rules in the Corporate Sustainability Reporting Directive (CSRD) . The current deadline is June 30, 2024, but the Commission is proposing a two-year delay until June 2026, in order to allow companies within the scope of the  to focus on implementation of the first tranche of ESRS. These first-tranche standards were adopted on July 31, 2023 and are sector-agnostic, applying to all companies within scope of the CSRD. This is in response to a demand from the corporate sector.

The Commission also proposes that the adoption date for the ESRS to be used by certain non-EU companies with business in the EU be likewise postponed by two years, to June 2026.

The feedback period on the Commission proposal closes on December 19, 2023.

IV. NORTH AMERICA

1. New York State Department of Financial Services (NYFDS) adopted guidance for New York State-regulated banking and mortgage institutions related to climate change risks

On December 21, 2023, NYFDS adopted guidance aimed at assisting institutions with the management of material financial and operational risks from climate change. NYFDS has not currently set a timeline for implementing the guidance, but it will be issuing a request for information in 2024 in order to ascertain the steps regulated institutions are taking, or are planning to take, to identify, monitor, and control these risks.

2. BlackRock, Inc. (BlackRock) sued by U.S. state for allegedly misleading ESG representations

On December 18, 2023, Tennessee filed a consumer protection lawsuit in Tennessee state court against BlackRock, alleging the company had misled or made false representations to the state’s consumers regarding the incorporation of ESG into its investment strategy.

3. Commodity Futures Trading Commission (CFTC) proposes federal guidelines targeting voluntary carbon markets

As reported in our recent client alert, on December 4, 2023, the CFTC issued proposed guidance focused on the trade of voluntary carbon credit derivative contracts listed on CFTC-regulated exchanges. The guidance is directed at such exchanges and provides factors for them to consider in light of applicable regulatory standards, including requirements designed to support quality standards and appropriate governance and validation, among other topics. The public has until February 16, 2024 to comment on the proposed guidance.

4. U.S. Environmental Protection Agency’s (EPA) adopts final rule to targeting methane and other air pollutants from the oil and natural gas industry

On December 2, 2023, the EPA adopted a final rule consisting of several initiatives aimed at preventing an estimated 58 million tons of methane emissions between 2024 and 2038, a nearly 80% reduction of projected methane emissions without the rule. Among other things, the final rule will include new source performance standards to reduce methane and smog-forming volatile organic compounds from new or modified sources as well as emissions guidelines clarifying how states can use their existing program in plans for limiting methane emissions from existing sources.

A detailed summary of this final rule is summarized in our recent client alert.

5. California AB 1305 author shares his intent for first reporting deadline

In October, California adopted the “Voluntary Carbon Market Disclosures Act,” which imposes website disclosure requirements on (1) business entities that market or sell voluntary carbon offsets within California and (2) entities operating in California that make certain sustainability claims (e.g., achieving net zero emissions, carbon neutrality, or significant emission reductions, among others), with additional disclosure obligations if such entities  purchase or use voluntary carbon offsets sold in the state. The statute provides that the required disclosures must be “updated no less than annually,” but does not specify when the first set of disclosures were required. The law became effective on January 1, 2024.

On November 30, 2023, the California Assembly member who authored AB 1305 submitted a letter to the Clerk of the Assembly stating his intention that the first annual disclosure should be posted by January 1, 2025, and to provide a more formal letter to the Assembly Daily Journal after the State Assembly reconvened in early January.

6. EPA Office of Environmental Justice and External Civil Rights receives funding for environmental and climate justice community change grants

On November 21, 2023, the Biden-Harris administration announced the funding of approximately $2 billion in the EPA’s Community Change Grants through the Inflation Reduction Act. The funds are described as “the largest single investment in environmental justice in history” and are to be used to support the deployment of community-driven clean energy projects, bolster climate resilience, and strengthen communities’ abilities to combat environmental and climate change challenges.

7. Glass Lewis announces several new and revised ESG-related proxy voting policies

On November 16, 2023, Glass Lewis published its updated voting policies for the U.S.  The policies became effective on January 1, 2024.  Noteworthy changes related to ESG topics include two new policies on cyber risk oversight and board oversight of environmental and social issues, and a revised policy on board diversity.  The first new policy provides that, where a company has been materially impacted by a cyberattack, Glass Lewis may recommend votes against appropriate directors should Glass Lewis find the board’s oversight, response or disclosures concerning cybersecurity-related issues to be insufficient or if they are not provided to shareholders.  In addition, when evaluating the board’s role in overseeing environmental and/or social issues, Glass Lewis will examine a company’s committee charters and governing documents to determine if the company has codified a meaningful level of oversight of and accountability for a company’s material environmental and social impacts. Glass Lewis also clarified that it will review a company’s disclosures for a rationale or plan to address the lack of board diversity, including a timeline on intended appointments, in making voting recommendations.

8. U.S. Federal Insurance Office (FIO) to collect information on homeowners’ insurance to assess climate-related financial risk to consumers

On November 1, 2023, the FIO published a public notice of its intention to collect zip-code-level insurance data from insurers as part of its effort to assess the possible impact of climate-related financial risks on Americans. Based on feedback to a prior proposal, the FIO revised its data collection request to reduce the estimated number of hours insurance companies need to comply with the request.

V. APAC

1. Partnership for Carbon Accounting Financials (PCAF) and China-based Green Finance Forum of 60 (GF60) forms partnership to harmonise greenhouse gas accounting methodologies for financial institutions in China

On December 21, 2023, PCAF announced that it has entered into a strategic partnership agreement with GF60 which is aimed at harmonizing greenhouse gas accounting methodologies for financial institutions in China, and enhancing the capability of such financial institutions to calculate the greenhouse gas emissions of their financial activities. PCAF will assist the Chinese financial sector in implementing PCAF standards and it observed that the collaboration will ultimately help to promote China’s progress in decarbonization.

GF60 is a non-profit international green finance and sustainability platform operated by the Shanghai Jinsinan Institute of Finance.

2. First ESG Disclosure Guidance for China’s insurance industry released

At a press conference held in Beijing on December 13, 2023, the Insurance Association of China (IAC) launched the Chinese insurance industry’s first ever Guidelines for Environmental, Social and Governance Information Disclosure by Insurance Institutions. Expected to help improve the quality of ESG disclosures in the insurance industry, the Guidelines set standards for insurance companies to disclose ESG information, including providing guidance both on disclosure content and disclosure methods.

The self-regulatory Guidelines take reference from international ESG disclosure standards such as the Global Reporting Initiative (GRI), Sustainability Accounting Standards Board (SASB), and the Stock Exchange of Hong Kong, whilst seeking to incorporate the unique characteristics of China and the Chinese insurance industry such as disclosure requirements for rural revitalization, insurance agent management and enhancement, sustainable insurance products, and green investment of insurance funds.

3. Philippines relaxes rules to encourage lending for green projects

On December 13, 2023, the Philippine central bank, Bangko Sentral ng Pilipinas, announced that it will temporarily allow banks to set aside lower reserves for sustainable bond sales and increase their lending capability. In particular, the reserve requirement rate for green, social, sustainability, and other sustainable bonds issued by banks will be gradually reduced from the current rate of 3% to 0%: the rate will fall to 1% in the first year after the change takes effect, before being cut to 0% in the second year. The central bank has also approved an additional 15% single borrower limit on loans to finance sustainable projects, including transition to decarbonization. Both measures will be in place for 2 years, subject to review, and constitute part of the central bank’s 11-point Sustainable Central Banking Strategy established to combat climate change.

4. Thailand Finance Ministry and investment management industry launches 22 new mutual funds to support Thailand’s ESG goals

At a joint press conference on December 8, 2023, Thailand’s Ministry of Finance, the Federation of Thai Capital Market Organizations (FETCO), Thailand’s Securities and Exchange Commission (SEC), the Stock Exchange of Thailand (SET) and Thailand’s Association of Investment Management Companies (AIMC) announced the launch of a new Thailand ESG Fund (Thai ESG Fund). The Fund consists of 22 new mutual funds with a fundraising target of 10 billion baht by the end of the year to accelerate sustainable development in Thailand, and progress towards carbon neutrality and net-zero greenhouse gas emissions. All Thai ESG Funds will largely invest in domestic assets such as debt securities or stocks of listed companies that meet disclosure requirements for emissions disclosures and reduction targets, and that are themed around environmental protection or sustainability.

5. Monetary Authority of Singapore (MAS) releases Code of Conduct for ESG Rating and Data Product Providers

On December 6, 2023, MAS published both its finalised Singapore Code of Conduct for ESG Rating and Data Product Providers and an accompanying Checklist for such providers to self-attest their compliance with the voluntary Code. It builds upon the recommendations from the International Organisation of Securities Commissions (IOSCO) for good practices by ESG rating and data product providers. A list of providers who have publicly adopted the Code will be available on the International Capital Market Association’s (ICMA) website, subject to the provider notifying the ICMA of their publication.

The industry Code seeks to establish baseline industry standards for transparency in methodologies and data sources, governance, and management of conflicts of interest that may compromise the reliability and independence of the products.

MAS are implementing the industry Code on a ‘Comply or Explain’ basis: ESG rating and data product providers are to state they comply with the principles and best practices set out in the Code or explain why they do not. Third party assurance or audit may also be sought by providers for their self-attestation on the Checklist. Providers are encouraged by MAS to disclose their adoption of the Code and publish a completed Checklist on their websites within 12 months of the Code’s publication.

6. Monetary Authority of Singapore taxonomy for sustainable finance

On December 3, 2023, the Monetary Authority of Singapore (MAS) launched the Singapore-Asia Taxonomy for Sustainable Finance, which sets out detailed thresholds and criteria for defining green and transition activities that contribute to climate change mitigation across eight focus sectors. Transition activities are those that do not meet the green thresholds now but are on a pathway to net zero or contributing to net zero outcomes. The taxonomy was drawn up with support and recommendations from the Climate Bonds Initiative. Whilst aimed at providing guidance for Singapore-based financial institutions, asset owners and investment managers, it is also expected to be used by companies, regulators, policymakers and other financial market participants seeking to identify and allocate capital to “green” and transition activities.

7. Hong Kong Stock Exchange and China Beijing Green Exchange sign MOU to promote green finance

On November 28, 2023, Hong Kong Exchanges and Clearing Limited (HKEX) announced the signing of a Memorandum of Understanding (MOU) with the China Beijing Green Exchange (CBGEX) – the designated trading platform for the Emissions Trading Scheme under the Beijing Municipal Government – to explore cooperation in areas such as building an ESG ecosystem, promoting green and sustainable finance, and contributing to the green development of the Belt and Road Initiative.

HKEX and CBGEX will be jointly exploring cross-border sustainable development, with a focus on addressing China’s growing demand for green infrastructure investments and its shift to a low-carbon economy. Both exchanges will also research green and transition finance, collaborate on capabilities building for ESG standards and information disclosure, and explore opportunities in the carbon market.

8. Hong Kong postpones mandatory climate disclosures for listed issuers

On November 3, 2023, the Hong Kong Stock Exchange (HKEX) announced that it would postpone the implementation of proposed Listing Rule amendments on climate-related disclosures from January 2024 to January 2025, after seeking market feedback on the proposed amendments (consultation paper here). The proposed new rules were informed by the new IFRS S2 Climate-related Disclosures promulgated by the International Sustainability Standards Board (ISSB). The HKEX is postponing implementation in order to allow issuers more time to familiarize themselves with the new climate-related disclosure requirements and to give itself time to take account of recommended approaches on scalability and phasing-in of disclosure requirements which the ISSB is providing global regulators in its upcoming ISSB Adoption Guide.

9. Australia announces Sustainable Finance Strategy

On November 2, 2023, the Australian Treasury released a consultation paper outlining its Sustainable Finance Strategy, which is aimed at mobilizing private investment needed in coming decades, enabling Australian firms to access the capital needed to finance their own transitions, ensuring that financial opportunities and risks presented by climate change are identified and well managed, and aligning Australia’s capital markets with emerging international standards on sustainable finance. This is consistent with the Australian government’s adoption of a “climate first” approach to sustainable finance reforms.

Key proposals cover:

• Reporting: Implementing mandatory climate reporting requirements for large companies and financial institutions from July 2024 onwards, to ensure standardized disclosure of climate and other sustainability-related financial opportunities and risks.
• Taxonomy: Developing an Australian sustainable finance taxonomy, to provide a comprehensive medium-term framework for understanding how certain economic activities and investments align with good sustainability outcomes, and to provide a consistent set of metrics for firms and investors to support credible transition planning.
• Labelling: Improving sustainability labelling for investment products, to provide more consistent information on design and sustainability characteristics of products labelled as “green”, “sustainable”, “ESG”, or similar.
• Sector Guidance on Emission Reduction: Developing national sectoral emissions reduction pathways, to provide firms and investors with clearer policy guidance on anticipated emissions reductions trajectories and priorities in key sectors, supporting more rigorous corporate transition planning and increasing accountability.

The consultation process ended on December 1, 2023 and the results will inform ongoing policy development and regulatory engagement on sustainable finance in Australia.

10. ICMA to form a working group to develop an ESG ratings and data providers code of conduct for Hong Kong Securities and Futures Commission

On October 31, 2023, the International Capital Market Association (ICMA) announced that it is convening a working group to lead the development of a voluntary code of conduct for ESG ratings and data product providers based in Hong Kong.

The code will be informed by the recommendations from the International Organization of Securities Commission’s report on “Environmental, Social and Governance Ratings and Data Product Providers”, and the working group is expected to release its draft code of conduct for public consultation in early 2024.

Please let us know if there are other topics that you would be interested in seeing covered in future editions of the monthly update.

Warmest regards,

Susy Bullock
Elizabeth Ising
Perlette M. Jura
Ronald Kirk
Michael K. Murphy
Selina S. Sagayam

Chairs, Environmental, Social and Governance Practice Group, Gibson Dunn & Crutcher LLP

---

The following Gibson Dunn lawyers prepared this client update: Lauren Assaf-Holmes, Grace Chong, Natalie Harris, Sophy Helgesen, Elizabeth Ising, Cynthia Mabry, Ian Mwiti Mathenge, Patricia Tan Openshaw, Selina S. Sagayam and Theresa Witoszynski.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Environmental, Social and Governance practice group:

Environmental, Social and Governance (ESG):
Susy Bullock – London (+44 (0) 20 7071 4283, sbullock@gibsondunn.com)
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
Perlette M. Jura – Los Angeles (+1 213-229-7121, pjura@gibsondunn.com)
Ronald Kirk – Dallas (+1 214-698-3295, rkirk@gibsondunn.com)
Michael K. Murphy – Washington, D.C. (+1 202-955-8238, mmurphy@gibsondunn.com)
Patricia Tan Openshaw – Hong Kong (+852 2214-3868, popenshaw@gibsondunn.com)
Selina S. Sagayam – London (+44 (0) 20 7071 4263, ssagayam@gibsondunn.com)

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

The final rule marks a significant transition in the regulatory oversight of the carbon capture and sequestration industry within Louisiana.  

On December 28, 2023, the United States Environmental Protection Agency (EPA) signed a final rule giving the State of Louisiana primary enforcement authority (or “primacy”) over Class VI underground injection wells, which are used by the carbon capture and sequestration (CCS) industry to permanently sequester captured carbon in underground geological formations, within the state.[1]  The final rule represents a long-sought and important win for Louisiana, which initially submitted its application for Class VI primacy to the EPA on September 17, 2021.[2]  It also marks a significant transition in the regulatory oversight of the CCS industry within Louisiana, as the primary regulatory body for the CCS industry in the state shifts from the EPA to the Louisiana Department of Natural Resources (LDNR).[3]  The Class VI permitting process under the LDNR is expected to be faster than the process under the EPA, leading to accelerated growth of the CCS industry within Louisiana.  Louisiana now joins North Dakota and Wyoming among states with Class VI primacy.

Class VI Wells, Primacy and Federal Incentives

Class VI underground injection wells are specifically designed for the permanent geological sequestration of carbon dioxide, playing a crucial role in CCS technologies aimed at mitigating climate change.[4]  Geological sequestration involves injecting captured carbon dioxide into underground rock formations, such as in deep saline formations, at depths and pressures high enough to keep the carbon dioxide in a supercritical fluid phase, which allows more carbon dioxide to be sequestered and is less likely to lead to the carbon dioxide escaping into the atmosphere or migrating into other underground formations.[5] Class VI wells are distinct from other injection wells in that they are exclusively dedicated to long-term storage of carbon dioxide that is either captured directly from the ambient atmosphere (in direct air capture CCS projects) or from industrial emissions or other anthropogenic sources (in point source CCS projects).

Federal income tax credits are available under the Inflation Reduction Act of 2022 (IRA) for the capture and utilization or sequestration of qualified carbon oxides (see our previous alert here). Significantly greater credits are awarded for “secure” geological sequestration of carbon oxides, and Class VI wells generally satisfy IRS and Treasury requirements for such secure sequestration. The IRA further enhanced the economic benefit of these credits by making it easier to monetize them, extending the benefit of new direct payment (see our previous client alert here) and transferability (see our previous client alert here) rules to these credits. Additional federal funding for CCS projects was also made available under the Infrastructure Investment and Jobs Act.[6]

Permitting Backlog at the EPA Driving Interest in Class VI Primacy

As shown in the map below, many states have been granted primacy by the EPA over multiple classes of injection wells, particularly Class II injection wells, which can be utilized for CCS projects utilizing captured carbon for enhanced oil recovery projects.[8] However, prior to Louisiana, only North Dakota and Wyoming had successfully applied for primacy over Class VI wells.  As a result, the EPA retains oversight over nearly all Class VI well permit applications in the US.

As of 1/1/24. Source: The United States Environmental Protection Agency

The EPA’s process for granting a Class VI well permit is rigorous and requires applicants to provide extensive (and expensive) data and modeling to show that the Class VI well will protect drinking water and prevent the escape or migration of carbon dioxide.[9]  Although the EPA currently estimates that the Class VI permitting process for new permits will take about 25 months from start to finish, some Class VI permits have taken as long as six years to be approved.[10]

The EPA has also issued very few Class VI permits, leading to a backlog of pending permit applications. As of January 1, 2024, the EPA has only issued six Class VI permits, all for projects in Illinois, and of those six permits, only two have been utilized in connection with an active CCS project.[11] The EPA is nearing final approval of six additional Class VI well permits for CCS projects in Indiana and California, but these represent a fraction of the pending Class VI well permit applications before the EPA.[12] As of December 22, 2023, there were 63 permit applications covering 179 wells at some point in the EPA’s permitting process, and most applications are not close to approval, as shown in the attached CHART. (As of 12/22/23. Source: The United States Environmental Protection Agency.)

The permitting backlog at the EPA is one of the reasons Louisiana sought primacy over Class VI wells. Of the 63 pending permit applications before the EPA, approximately one-third were for CCS projects located in Louisiana, and the lengthy approval process was a major impediment to CCS projects in the state.  Now that Louisiana has obtained primacy over Class VI wells, all pending permits before the EPA will be transferred to the LDNR for review, and the LDNR will have oversight of all future Class VI well applications in Louisiana.  Many CCS industry participants have welcomed the switch to the review process under the LDNR, which is expected to be more efficient and to take a shorter period of time than the EPA’s process, a belief which is supported by the Class VI permit process in North Dakota, which has produced eight Class VI permits since North Dakota obtained Class VI primacy in 2018 (compared to the six Class VI well permits issued by the EPA nationwide since the UIC program was implemented in 2010).[13]

Class VI Requirements Adopted by Louisiana

The Class VI well requirements adopted by Louisiana are more stringent than the EPA’s requirements in several key areas, including:

• requiring each individual Class VI well to be reviewed and permitted on its own, rather than issuing permits for multiple wells in a given project at once;
• prohibiting the sequestration of carbon dioxide in salt caverns;
• not granting waivers to injection depth requirements; and
• requiring additional monitoring systems and operating requirements, over and above those required by the EPA.[14]

In addition, the EPA included several environmental justice requirements in the Memorandum of Agreement between Louisiana and the EPA, including an environmental justice review process. These requirements include:

• adding steps to enhance the public’s participation in the permit application process;
• analyzing environmental justice impacts on communities as part of the permitting process, including identifying environmental hazards, potential exposure pathways, and susceptible populations; and
• incorporating mitigation measures to ensure Class VI wells do not increase environmental impacts and public health risks in already overburdened communities, such as installing carbon dioxide monitoring networks, carbon dioxide release networks, and enhanced pollution controls.[15]

Class VI applications before LDNR for review will need to be evaluated to ensure that they comply with Louisiana’s enhanced regulations and environmental justice requirements, and companies with pending Class VI applications that will be transferred to the LDNR may need to amend their applications if they do not meet these requirements.

Additional States Seeking Class VI Primacy

Louisiana’s successful primacy application over Class VI wells is likely to encourage other states to apply for Class VI primacy. Currently, only Texas, West Virginia, and Arizona are actively seeking Class VI primacy, but all three states are in the early stages of the primacy application process and are not expected to be given primacy in the near future.[16]  Texas, for example, consolidated jurisdiction for Class VI wells under the Railroad Commission of Texas (RRC) in 2021 and submitted its formal application for primacy on December 19, 2022.[17]  The EPA has reviewed Texas’s application for completeness, but the EPA still considers Texas to be in the “pre-application activities” phase of the primacy application process.[18] The RRC has adopted several amendments to the Texas Administrative Code to meet the EPA’s Class VI requirements, and the RRC submitted its final rules to the EPA in August 2023.[19]

States that seek Class VI primacy should pay close attention to Louisiana’s application for guidance on how to approach the primacy application process, especially with respect to the environmental justice requirements, as the EPA has indicated that Louisiana’s environmental justice commitments are a clear benchmark for any state that seeks Class VI primacy in the future.[20]

Conclusion

The recent signing of the final rule granting the State of Louisiana primary enforcement authority over Class VI wells signals a pivotal moment in the regulation of the CCS industry. This achievement, following a protracted application process, not only provides Louisiana with autonomy in overseeing Class VI wells but also signifies a significant shift from federal EPA oversight to the LDNR. With expectations of a more expedited and efficient permitting process under the LDNR, the decision is poised to catalyze accelerated growth in the CCS industry within the state.

[1] View here.

[2] Id.

[3] https://gov.louisiana.gov/index.cfm/newsroom/detail/4372

[4] https://www.epa.gov/uic/class-vi-wells-used-geologic-sequestration-carbon-dioxide

[5] “Sequestration of Supercritical CO2 in Deep Sedimentary Geological Formations”, Negative Emissions Technologies and Reliable Sequestration: A Consensus Study Report of The National Academies of Sciences, Engineering, and Medicine, pg. 320.

[6] View here.

[7] View here.

[8] The Underground Injection Control program consists of six classes of injection wells. Each well class is based on the type and depth of the injection activity, and the potential for that injection activity to result in endangerment of an underground source of drinking water (USDW). Class I wells are used to inject hazardous and non-hazardous wastes into deep, isolated rock formations. Class II wells are used exclusively to inject fluids associated with oil and natural gas production. Class III wells are used to inject fluids to dissolve and extract minerals. Class IV wells are shallow wells used to inject hazardous or radioactive wastes into or above a geologic formation that contains a USDW. Class V wells are used to inject non-hazardous fluids underground. Class VI wells are wells used for injection of carbon dioxide into underground subsurface rock formations for long-term storage, or geologic sequestration.

[9] https://www.epa.gov/uic/class-vi-wells-used-geologic-sequestration-carbon-dioxide#ClassVI_PermittingProcess

[10] Observations on Class VI Permitting: Lessons Learned and Guidance Available, Bob Van Voorhees et al. at 3 (https://www.ideals.illinois.edu/items/117640); see EPA Permit Tracker Chart.

[11] Id.; https://www.epa.gov/uic/table-epas-draft-and-final-class-vi-well-permits.

[12] https://www.epa.gov/uic/table-epas-draft-and-final-class-vi-well-permits.

[13] https://www.dmr.nd.gov/dmr/oilgas/ClassVI.

[14] View here.

[15] Id.

[16] Id.

[17] View here.

[18] View here.

[19] View here.

[20] Id.

---

The following Gibson Dunn attorneys prepared this update: Michael P. Darden, Rahul D. Vashi, Graham Valenta, Michael Cannon, Matt Donnelly, and Josiah Bethards.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have about these developments. To learn more, please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Oil and Gas, Tax, or Environmental Litigation and Mass Tort practice groups, or the authors:

Oil and Gas:
Michael P. Darden – Houston (+1 346.718.6789, mpdarden@gibsondunn.com)
Rahul D. Vashi – Houston (+1 346.718.6659, rvashi@gibsondunn.com)
Graham Valenta – Houston (+1 346.718.6646, gvalenta@gibsondunn.com)

Tax:
Michael Q. Cannon – Dallas (+1 214.698.3232, mcannon@gibsondunn.com)
Matt Donnelly – Washington, D.C. (+1 202.887.3567, mjdonnelly@gibsondunn.com)
Josiah Bethards – Dallas (+1 214.698.3354, jbethards@gibsondunn.com)

Environmental Litigation and Mass Tort:
Stacie B. Fletcher – Washington, D.C. (+1 202.887.3627, sfletcher@gibsondunn.com)
David Fotouhi – Washington, D.C. (+1 202.955.8502, dfotouhi@gibsondunn.com)
Rachel Levick – Washington, D.C. (+1 202.887.3574, rlevick@gibsondunn.com)

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Because of the Data Act’s extensive requirements, all companies should assess if any of their products or services will be caught by the Data Act, which will start applying from the second half of 2025.  

The EU’s Data Act will enter into force on 11 January 2024. With the stated goal of ‘unlocking’ the EU’s data economy, the Data Act imposes a set of wide-ranging data sharing, product design and contractual obligations on providers of Internet of Things (‘IoT’) devices and related services, and on cloud computing providers. The obligations under the Data Act apply to all sectors of the economy, and to businesses of all sizes. Because of the Data Act’s extensive requirements, all companies should assess if any of their products or services will be caught by the Data Act. The obligations under the Act will start applying from the second half of 2025 so there is little time to prepare effective compliance strategies.

1. Executive summary

The Data Act rests on the general assumption that the vast majority of data generated by connected devices, services and cloud software is unused, or collected by a small number of large companies. Through this new legislation, the EU seeks to ‘unlock’ this data, facilitate moving data between one service and another, and make it accessible to users – and also to third party businesses if approved by the respective users.

The scope of the Data Act will apply to (i) manufacturers of connected products and providers of related services placed on the market in the EU; (ii) the users of such connected products or services in the EU; (iii) data holders that make data available to recipients in the EU; (iv) data recipients in the EU; (v) providers of data processing services offering services to customers in the EU; and (vi) EU institutions and public sector bodies accessing data under the regulation. The Data Act will therefore also apply to foreign companies that operate in EU markets, irrespective of their place of establishment or subsidiary presence in the EU.

The types of products and services covered by the Data Act are deliberately defined very broadly. ‘Connected product’ is defined as ‘an item that obtains, generates or collects data concerning its use or environment and that is able to communicate product data via an electronic communications service, physical connection or on-device access, and whose primary function is not the storing, processing or transmission of data on behalf of any party other than the user’. ‘Related service’ is defined as ‘a digital service, other than an electronic communications service, including software, which is connected with the product at the time of the purchase, rent or lease in such a way that its absence would prevent the connected product from performing one or more of its functions, or which is subsequently connected to the product by the manufacturer or a third party to add to, update or adapt the functions of the connected product’.

The Data Act will touch companies of all sizes in almost every sector of the European economy, including manufacturers of smart consumer devices, cars, connected industrial machinery, smart fridges and other home appliances, and any related services which interact with connected products such as streaming services or data analytics software.  The Data Act will equally impact on cloud computing providers.

The Data Act will require availability and portability of data generated through the use of IoT devices (‘Connected Products’) or related services which connect to these devices.  It also introduces far-reaching obligations aimed at allowing users to easily switch between cloud service providers, as well as regulating smart contracts.[1]

The Data Act has now been published in the Official Journal of the European Union and will enter into force on 11 January 2024. The provisions of the Data Act will begin to apply 20 months from the date of entry into force, meaning affected businesses will need to be ready to comply with the Act by 12 September 2025. Design requirements related to Connected Products will apply to products which are placed on the market in the Union after 12 September 2026.

The Data Act will also introduce a set of rules governing agreements relating to data access and use between companies and prohibiting contractual terms that are considered unfair or abusive. Where contracts are concluded after 12 September 2025, these provisions will automatically apply. For contracts concluded on or before 12 September 2025, these provisions will begin to apply from 12 September 2027.[2]

Because of the Data Act’s extensive scope and range of obligations, it is imperative that businesses start preparing now by reviewing their products, practices and policies to ensure compliance. The Data Act implementation will require significant product changes and revision of contract terms. For example, companies should start auditing their data storage policies and considering the changes required to implement the Data Act’s extensive data sharing requirements. Contracts governing data sharing and processing practices will also need to be reviewed and likely revised.

For some companies the Data Act will also open up novel business opportunities, and – as the rights under the Data Act are not limited to SMEs – large businesses will be empowered to benefit from this legislation and develop new business models based on third party data becoming accessible under the Data Act.

The main elements and implications of the Data Act are described further below.

2. IoT Devices and Services

The Data Act creates a legal obligation to make data generated from Connected Products available to users of such Connected Products, to third parties if requested by the user, and to public sector bodies in circumstances where there is an exceptional need to do so.

The scope of affected products and services is very broad. Connected Products include all devices and equipment which collect data concerning their use or environment and which can then communicate such data through an electronic communications service, a physical connection or on-device access. For instance, B2B connected products might include car braking systems, elevators, factory machines capable of collecting data or smart solar panels. In the B2C sphere, examples include home appliances such as smart fridges, smart speakers and cleaning robots, fitness trackers, medical devices, and modern cars. However, products which are primarily designed to display or play content, or to record and transmit content (e.g., personal computers, servers, tablets and smart phones, cameras) are outside the scope of the Data Act.

Obligations related to Connected Products also cover related services. These are digital services which are incorporated in, or inter-connected with, the product at the time of purchase or subsequently connected to the product by a manufacturer or a third-party, and which are essential for the product to perform its primary function. Notable examples include voice assistants, music streaming services which connect to a smart speaker, lifestyle advice applications connecting to fitness trackers, command and control software for industrial machines, and software used for energy optimization in buildings.

Manufacturers of Connected Products are recognised as ‘data holders’ in the Data Act. As regards data in scope of the Data Act, the regulation distinguishes between ‘product data’ and ‘related service data’. ‘Product data’ refers to data generated by the use of a connected product which is designed by the manufacturer to be retrievable by a user, data holder or a third party via an electronic communications service, a physical connection or on-device access. ‘Related service data’ covers ‘data representing the digitisation of user actions or of events related to the connected product, recorded intentionally by the user or generated as a by-product of the user’s action during the provision of a related service by the provider’. To fall within the scope of the Data Act, ‘related service data’ must be related to the use of the device in question.

Under the Data Act, data holders will be obliged to design Connected Products in a manner which provides users with simple and secure access to the data generated by their use. Access should be provided by default, or at the user’s request if direct access is not possible. Upon the user’s request, data holders must make data ‘readily available’, as well as the metadata that is necessary to interpret and use that data.

Further, if requested by the user, data holders must share data with third parties. Data holders must share the data under fair, reasonable and non-discriminatory terms. To incentivise the generation of valuable data, in B2B relations, data holders may request reasonable compensation when legally obliged to make data available to a data recipient.

One of the hotly debated topics during the Data Act negotiations was how to balance the protection of trade secrets against data sharing requirements. As a general rule, trade secrets must be protected and only disclosed if the data holder and user take all necessary measures prior to disclosure to protect confidentiality. The recitals to the Data Act provide that the obligation to disclose data should be interpreted in such a manner as to preserve the protections afforded under the Trade Secrets Directive (Directive (EU) 2016/943).  Data holders should identify trade secrets prior to disclosure and should have the possibility to agree with users, or third parties of a user’s choice, on necessary measures to preserve their confidentiality, including by the use of model contractual terms, confidentiality agreements, strict access protocols, technical standards and the application of codes of conduct. Where there is no agreement on the necessary measures or where a user, or third parties of the user’s choice, fail to implement agreed measures or undermine the confidentiality of the trade secrets, the data holder should be able to withhold or suspend the sharing of data identified as trade secrets. In ‘exceptional circumstances’ and on a ‘case-by-case basis’, it may be possible for a data holder to refuse the request for access to data where it can be demonstrated that it faces a threat of ‘serious economic damage’ due to the disclosure of trade secrets. The text provides that serious economic damage ‘implies serious and irreparable economic loss’. This exception is likely to be strictly applied. Moreover, the open-ended nature of the exception does not allow affected businesses to rely on a clear legal standard and it remains to be seen how the exception will be interpreted by the CJEU.

3. Gatekeepers

The Data Act notes that ‘start-ups, small enterprises, enterprises that qualify as a medium-sized enterprises under Article 2 of the Annex to Recommendation 2003/361/EC and enterprises from traditional sectors with less-developed digital capabilities struggle to obtain access to relevant data’. On that basis, the Data Act’s aim is for such smaller companies to be the primary beneficiaries of the legislation. On the other hand, the Data Act prevents companies that are designated as gatekeepers under the EU’s Digital Markets Act from being able to receive data (with the exception of their cloud services).

4. Cloud Switching

The Data Act will have a significant impact on both public and private cloud computing services by requiring providers to facilitate switching across cloud and edge offerings.

The Data Act introduces a number of contractual, commercial and technical requirements to facilitate the transfer of data from one provider to another. Affected providers will be required to remove ‘obstacles to effective switching’ between their own and competing cloud services, which can be commercial, technical, contractual and organisational. They will also no longer be permitted to charge costs if a user wishes to remove its data from its current provider and switch to a new one. The Data Act, however, states that cloud services providers are not required to develop new technologies or services, disclose digital assets protected by intellectual property or take measures compromising the integrity and security of their service.

The cloud switching obligations in the Data Act leave scope for interpretation and the exact nature of their application is difficult to predict. Additionally, given the complexity of cloud switching, especially for certain types of workloads, it remains to be seen how regulators will approach the implementation of this requirement in practice given the apparently limited attention paid to the technical complexities when formulating vague and broad obligations. In order to build a defence, it likely will be important for a company that faces significant technical hurdles to comply with the requirements under the Data Act to develop strategies for the documentation of those hurdles and the efforts put into compliance.

5. Smart Contracts

One of the Data Act’s more controversial requirements concerns the design of smart contracts. A smart contract is defined very broadly as ‘a computer program used for the automated execution of an agreement or part thereof, using a sequence of electronic data records and ensuring their integrity and the accuracy of their chronological ordering’. The Data Act does not distinguish between just digital contracts and smart contracts utilizing distributed ledger technology, and may also potentially affect existing smart contracts on public blockchains.

Vendors of an application using smart contracts must ensure that smart contracts offer ‘access control mechanisms’ and a ‘very high degree of robustness’. They also need to ensure that smart contracts contain a kill switch which is a mechanism that can either destroy the contract or pause its operation ‘to terminate the continued execution of transactions.’

While the full extent of businesses affected by these requirements is difficult to ascertain, any provider of a smart contract application should carefully consider how to comply with the Data Act.

6. Interplay with the GDPR

Unlike Regulation (EU) 2016/679 (the “GDPR”), which applies to personal data only, the Data Act has a broader scope since it applies to both personal and non-personal data. As a consequence, and as clearly stated in Article 1(5) of the Data Act, this regulation is without prejudice to EU and national law on the protection of personal data and privacy, in particular the GDPR and the Directive 2002/58/EC (the “e-Privacy Directive”). This means that insofar as users are data subjects, all of the rights granted under the Data Act complement the rights granted under the GDPR such as the right of access and the right to data portability. However, in order to limit the risk of an interpretation or implementation of the Data Act that could be inconsistent with the existing data protection legal framework, the Data Act clearly provides that in the event of a conflict between the Data Act and EU law on the protection of personal data and privacy, or national law adopted in accordance with such EU law, such EU or national law should prevail.

7. Enforcement

While the Data Act introduces harmonized rules across the EU, it will be enforced by national authorities and it is left to the individual Member States to determine which authority (or indeed, authorities) they wish to designate for this purpose. The Data Act also leaves the determination of applicable penalties in the hands of Member States, subject to some minimum requirements set out in the text. Penalties must be ‘effective, proportionate and dissuasive’, and Member States must notify the Commission of the substance of these penalties by 20 months from the date of entry into force, i.e. by 12 September 2025.

The Commission will nevertheless support Member States in their enforcement by adopting guidelines and implementing legislation on, e.g., reasonable compensation for shared data, interoperability specifications, model contractual terms or harmonized smart contract standards. For those reasons, companies should put in place a coordinated and centralized EU-wide compliance strategy.

8. Why should you care?

The Data Act is an extensive and highly complex piece of legislation which will have wide-ranging implications across industries and enterprises of all sizes. Given the numerous exceptions, to an extent open-ended provisions and seemingly unclear definitions, a lot of uncertainty remains about how the Data Act will be enforced in practice. One thing is clear, however: affected businesses should begin preparing their compliance strategies and review product designs and relevant contractual frameworks right away. Such preparation will also require a closer analysis of the legal and technical issues relevant for each particular business and product as well as the interfaces to other relevant legal frameworks that may apply to, or limit, data flows under the Data Act, including the GDPR and, with respect to gatekeepers, the Digital Markets Act.

__________

[1]   I.e., computer programs used for the automated execution of an agreement or part thereof, using a sequence of electronic data records and ensuring their integrity and the accuracy of their chronological ordering.

[2]   Provided they are of indefinite duration or due to expire at least 10 years from 11 January 2024.

---

The following Gibson Dunn attorneys prepared this update: Ahmed Baladi, Nicholas Banasevic*, Stéphane Frank, Kai Gesing, Joel Harrison, Christian Riis-Madsen, Robert Spano, Ciara O’Gara, and Jan Przerwa.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Antitrust and Competition or Privacy, Cybersecurity & Data Innovation practice groups, or the authors:

Antitrust and Competition:
Nicholas Banasevic* – Managing Director, Brussels (+32 2 554 72 40, banasevic@gibsondunn.com)
Rachel S. Brass – Co-Chair, San Francisco (+1 415.393.8293, rbrass@gibsondunn.com)
Stéphane Frank – Brussels (+32 2 554 72 07, sfrank@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33 180, kgesing@gibsondunn.com)
Ali Nikpay – Co-Chair, London (+44 20 7071 4273, anikpay@gibsondunn.com)
Cynthia Richman – Co-Chair, Washington, D.C. (+1 202.955.8234, crichman@gibsondunn.com)
Christian Riis-Madsen – Co-Chair, Brussels (+32 2 554 72 05, criis@gibsondunn.com)
Stephen Weissman – Co-Chair, Washington, D.C. (+1 202.955.8678, sweissman@gibsondunn.com)

Privacy, Cybersecurity and Data Innovation:
Ahmed Baladi – Co-Chair, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
S. Ashlie Beringer – Co-Chair, Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)
Joel Harrison – London (+44 20 7071 4289, jharrison@gibsondunn.com)
Jane C. Horvath – Co-Chair, Washington, D.C. (+1 202.955.8505, jhorvath@gibsondunn.com)
Alexander H. Southwell – Co-Chair, New York (+1 212.351.3981, asouthwell@gibsondunn.com)
Robert Spano – London/Paris (+44 20 7071 4902, rspano@gibsondunn.com)

*Nicholas Banasevic is managing director in the firm’s Brussels office, an economist by background, and not admitted to practice law.

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Heightened compliance challenges for international banks as U.S. authorities continue to ramp up Russia-related trade controls and diligence expectations.

On December 22, 2023, the Biden Administration took further action to add significantly to its Russia-related sanctions by issuing a new Executive Order (“EO”) 14114 that, among other things, now subjects foreign financial institutions (“FFIs”)[1] to secondary sanctions risks when they conduct or facilitate certain Russia-related transactions, even unwittingly.  These new regulations are noteworthy not simply because they create new secondary sanctions risks for foreign banks and other financial institutions, but also because they expose these financial institutions to such risks based on the facilitation of trade of certain enumerated goods, and do so under a standard of strict liability.  These new measures build upon an already expansive suite of economic sanctions, export controls and other regulatory measures the United States has implemented that target the Russian Federation, and follow through on the United States’ commitment to the G7 Leaders’ Statement of December 6, 2023.[2]

As discussed in further detail below, these particular secondary sanctions risks will, in some novel ways, add to the already complex and nuanced compliance challenges facing financial institutions when it comes to Russia-related trade activity, and signal yet another move by U.S. regulatory authorities to ratchet up diligence expectations on banks and other financial institutions in the trade finance space.

Specifically, EO 14114 amends previous EOs 14024 and 14068, which authorize portions of the Russian sanctions regime (namely, the Russian Harmful Foreign Activities Sanctions Regulations (“RHFASR”)).[3]  The amendments to EO 14024 contain the new secondary sanctions provisions which aim to deter foreign banks from supporting certain Russia-related transactions and trade. The amendments to EO 14068 expand the current ban on importation into the United States of certain Russian-origin seafood, and set the stage for (but do not yet implement) similar expanded restrictions on other import-controlled goods such as diamonds.

Concurrent with the issuance of EO 14114, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”): issued two new substantive Determinations; issued two general licenses (“GLs”);[4] and published 12 new Russia-related FAQs and amended three existing FAQs (collectively with EO 14114, the “New Regulations”).[5]  OFAC also published a compliance advisory for foreign financial institutions on the new secondary sanctions regulations (“Compliance Advisory”).

These measures are effective immediately, and we discuss the key elements and takeaways below.

New Secondary Sanctions Risks for Foreign Financial Institutions

Arguably the most significant impact of the New Regulations is the addition of ‘traditional’ financial institution-focused secondary sanctions[6] to the multitude of Russia sanctions that have been imposed in response to the war in Ukraine, which increases the overall sanctions risk for foreign financial institutions when engaging in certain Russia-related activities. Such secondary sanctions did not previously exist in the RHFASR program.[7]

Consistent with a number of previous U.S. government actions, this new executive order employs unprecedented provisions to continue to target Russia’s military-industrial base and attempt to isolate it and degrade its ability to procure materiel necessary for Russia’s war effort.  Specifically, EO 14114  authorizes OFAC to impose secondary sanctions on foreign financial institutions that are deemed to have:

1. conducted or facilitated significant transactions for a certain class of persons sanctioned pursuant to EO 14024 (i.e., those persons designated as Specially Designated Nationals (“SDNs”) for operating or having operated in Russia’s technology, defense and related materiel, construction, aerospace or manufacturing sectors);[8] or
2. conducted or facilitated any significant transactions, or provided any service, involving Russia’s military-industrial base, including the direct or indirect sale, supply or transfer to Russia of certain items specified by the New Regulations, such as certain machine tools, semiconductor manufacturing equipment, electronic test equipment, propellants and their precursors, lubricants and lubricant additives, bearings, advanced optical systems and navigation instruments (such items, “Critical Items”).

OFAC’s FAQ 1151 provides guidance that Russia’s “military-industrial base” includes the Russian technology, defense and related materiel, construction, aerospace and manufacturing sectors as well as individuals and entities that support the sale, supply or transfer of Critical Items.  This definition lends itself to potentially a very broad interpretation, and the New Regulations, taken together, appear to capture: (i) significant transactions with persons designated as SDNs within the enumerated sectors; (ii) significant transactions and services involving sanctioned or unsanctioned persons operating in those sectors more broadly, including maintaining accounts, transferring funds or providing other financial services to such persons, either inside or outside Russia to support Russia’s military-industrial base; and (iii) significant transactions with persons operating in any sector if the activity involves facilitating the sale, supply or transfer of Critical Items to Russia.[9]

FAQ 1151 applies the multi-factor test commonly used in other similar secondary sanctions provisions which provides wide interpretive latitude for OFAC to determine whether a transaction is “significant.”  OFAC will consider “(a) the size, number, and frequency of the transaction(s); (b) the nature of the transaction(s); (c) the level of awareness of management and whether the transactions are part of a pattern of conduct; (d) the nexus of the transaction(s) to persons sanctioned pursuant to E.O. 14024, or to persons operating in Russia’s military-industrial base; (e) whether the transaction(s) involve deceptive practices; (f) the impact of the transaction(s) on U.S. national security objectives; and (g) such other relevant factors that OFAC deems relevant.”[10]

Critically, these New Regulations do not require that the foreign financial institution “knowingly” engages in the significant transactions covered by the provisions.  This departs from the language that OFAC more commonly uses when crafting thresholds needed for the imposition of secondary sanctions.  It thus seemingly requires more stringent and forward-leaning diligence protocols for banks that may want to fully assess their potential secondary sanctions risks by identifying transactions which could be caught under these new provisions.  OFAC’s multi-factor “significance” test will still include a consideration of whether management teams at international financial institutions were aware that their institutions were processing targeted transactions.  However, such awareness is only one factor to be considered, and assuming the test for “significance” is otherwise satisfied upon OFAC’s review, the prospect of a resulting strict liability secondary sanctions risk no doubt will alter the diligence and risk calculus for financial institutions who may still be dealing in legally permitted Russia-related trade.

The new Determination which implements these secondary sanctions provision also contains a list of the items which constitute Critical Items.[11]  The New Regulations do not qualify Critical Items by references to U.S. export control laws nor do they appear to require the items in question to be of U.S.-origin or have any other U.S. nexus.  This is consistent in approach with other secondary sanctions, which by express purpose are geared to cover activity without a U.S. nexus.  And along these lines, OFAC has also clarified that financial institutions that engage in any of the proscribed transactions in non-USD currencies are still subject to secondary sanctions risk.[12]  The implications of this are that a foreign bank, for example, which processes a significant transaction denominated in a non-USD currency on behalf of a non-U.S. customer supplying a wholly foreign-produced “Critical Item” to Russia will face secondary sanctions risks.

Consequences of Engaging in Covered Conduct

Upon a determination by OFAC that a foreign financial institution has engaged in the conduct described in the amended 14024 secondary sanctions provisions, OFAC can prohibit the opening of, or prohibit or impose strict conditions on the maintenance of, correspondent accounts or payable-through accounts in the United States, or impose full blocking measures on the institution.

For any entities subject to full blocking sanctions pursuant to the amended EO 14024, all property and interests in property of that institution that are in the United States or in possession or control of U.S. persons will be required to be blocked and reported to OFAC.  Any entities that are owned, directly or indirectly, 50% or more by one or more sanctioned entities, individually or in the aggregate, will also be subject to the blocking sanctions.

In relation to banks for which the opening or maintaining of a correspondent account or a payable-through account is prohibited pursuant to the amended 14024, U.S. financial institutions will be required to close any correspondent account or payable-through account maintained for or on behalf of such banks within 10 days of the imposition of sanctions.

The newly issued GL 84 provides a temporary general authorization to U.S. financial institutions to engage in certain limited transactions to close the account accordingly.

Compliance Advisory for Foreign Financial Institutions and Enhanced Controls Considerations

As discussed above, the New Regulations create additional due diligence and risk considerations for foreign banks when engaging in Russia-related transactions.  Such banks weighing these new secondary sanctions risks may want to evaluate Russia-related transactions for connections to Russia’s military-industrial base or to trade in Critical Items.  This may involve additional due diligence on customers and the nature of items involved in such transactions.  To assist in this complex task, OFAC issued a Compliance Advisory to provide guidance to foreign financial institutions on mitigating these risks under EO 14114, including practical guidance on how to identify sanctions risks and implement corresponding controls.  In addition to the activities described in FAQ 1148 which could expose a foreign financial institution to secondary sanctions risk (discussed above), the Compliance Advisory also notes that helping companies or individuals evade U.S. sanctions on Russia’s military-industrial base is activity that could on its own expose a foreign financial institution to such risk under the new provisions.  According to the advisory, such activity could include:

• “offering to set up alternative or non-transparent payment mechanisms;
• changing or removing customer names or other relevant information from payment fields;
• obfuscating the true purpose of or parties involved in payments; or
• otherwise taking steps to hide the ultimate purpose of transactions to evade sanctions.”

The Compliance Advisory advises institutions seeking to mitigate these new secondary sanctions risks to implement controls commensurate with their specific risk and current exposure to Russia’s military-industrial base and its supporters, and suggests a few examples of such controls.[13]  It also refers to OFAC’s “Framework for OFAC Compliance Commitments” and previous agency alerts focused on Russia sanctions and export control evasion risks for further guidance on risk-based sanctions compliance controls, and suggests a few best practices, including working sanctions risks and information into traditional anti-money laundering controls.[14]

Appropriately tailoring and incorporating these suggested controls and best practices into an  existing compliance framework operationally may require new, and increasingly sophisticated and nuanced risk assessments and control reviews given the unique issues presented by these New Regulations.

We also note that this Compliance Advisory builds upon a series of previous advisories issued by U.S. regulators addressing Russia-connected sanctions and export controls evasion risks, and in our view is thematically consistent with this previously published guidance, highlighting the cohesiveness of the United States’ whole-of-government approach to Russia.  The Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) and the Commerce Department’s Bureau of Industry and Security (“BIS”), for example, have published three joint notices―on June 28, 2022, on May 19, 2023, and on November 6, 2023 —that urge financial institutions to employ risk-based controls to detect criminal activity and/or attempts to evade U.S. sanctions and export controls (and particularly those targeting Russia).[15]  As with OFAC’s Compliance Advisory, the FinCEN-BIS joint notices contain specific guidance on transaction due diligence, including lists of compliance “red flags” and best practices, and financial institutions will want to familiarize themselves with these advisories in context as well.

Expanding the EO 14068 Import Bans

EO 14114 also expands the existing import restrictions in EO 14068 on Russian-origin seafood, to prohibit the importation into the United States of Russian-origin salmon, cod, pollock and crab[16] that was produced wholly or in part in Russia or harvested in Russian waters or by Russia-flagged vessels.  This prohibition extends to such seafood that has been incorporated or substantially transformed into another product outside of Russia.  While continued prohibitions despite a “substantial transformation” is very rare in OFAC regulations (to our knowledge it is only present in the Cuba sanctions program), newly issued GL 83 authorizes, until February 20, 2024, all transactions incident and necessary to the importation into the United States of seafood derivative products, pursuant to written contracts or agreements entered into prior to December 22, 2023.   OFAC FAQ 1154 notes that the Agency intends to issue (but has not yet implemented) a similar Determination related to the importation of certain Russian diamonds processed in third countries.

Lastly, the New Regulations also clarify the import treatment of certain Russian-origin gold.  Since June 28, 2022, pursuant to a Determination made under EO 14068, importation into the United States of Russian-origin gold has been prohibited.  OFAC’s revised FAQ 1070 and a revised Determination clarify, however, that this prohibition does not extend to Russian-origin gold located outside Russia prior to June 28, 2022.

Conclusions and Key Takeaways

While financial institution-focused secondary sanctions provisions are certainly not new, as discussed above we see some noteworthy implications of these particular secondary sanctions provisions imposed under the New Regulations.

For one, by disincentivizing foreign financial institutions from processing transactions related to trade in Critical Items, even when the items would not be controlled for supply to Russia under existing U.S. export control laws, EO 14114 appears to create an extraterritorial U.S. export control-like regime, but through the use of secondary sanctions risks.  This likely will create enhanced compliance considerations and challenges for financial institutions.  Financial institutions, including foreign financial institutions, are already subject to a certain degree of compliance obligations under U.S. export controls when it comes to knowingly facilitating prohibited trade in items subject to U.S. export controls.[17]  However, these entities have now become subject to an additional strict liability secondary sanctions risk when dealing with certain items not subject to the EAR (i.e., Critical Items), when they may be destined for Russia.  As noted above, the consequences of secondary sanctions exposure can be much more severe than the consequences of violating U.S. export controls laws (i.e., full financial blocking measures are available under a sanctions action).  Accordingly, the New Regulations will likely necessitate many foreign financial institutions reexamining their risk appetite and related controls when it comes to trade finance and other trade-related activity involving Russia.

This compliance challenge is compounded by two additional factors.  First, the list of Critical Items is not tethered to U.S. export control classifications.  This presents significant due diligence challenges and creates a degree of uncertainty as to the full scope of items that could fall within the list of Critical Items compared to those items subject to U.S. export controls.  Second, as noted above, there are material differences in the culpable mental state standards required for compliance by financial intermediaries with U.S. export controls and the secondary sanctions risks under OFAC’s New Regulations (i.e., a “knowledge” standard under General Prohibition 10 of U.S. export controls versus this new strict liability risk under EO 14024).  These two factors likely will create significant added challenges for any institution looking to implement a nuanced compliance and controls framework.

As with all secondary sanctions, banks ought to apply appropriate controls designed to identify and triage transactions for possible secondary sanctions risk, in line with their individual internal risk appetite and risk profile.  However, with the more stringent strict liability standard doing away with any need for intent, mitigating secondary sanctions risks under the New Regulations may require more nuanced controls – and hence more resources – in order to apply an appropriately risk-tailored program.  It is possible that, in turn, this may result in increased compliance and operational risks.  Conversely, in an effort to simply avoid such increased risks and costs, banks may end up erring on the side of overcompliance.

__________

[1] A term defined broadly to include “any foreign entity that is engaged in the business of accepting deposits; making, granting, transferring, holding, or brokering loans or credits; purchasing or selling foreign exchange, securities, futures or options; or procuring purchasers and sellers thereof, as principal or agent. It includes depository institutions; banks; savings banks; money services businesses; operators of credit card systems; trust companies; insurance companies; securities brokers and dealers; futures and options brokers and dealers; forward contract and foreign exchange merchants; securities and commodities exchanges; clearing corporations; investment companies; employee benefit plans; dealers in precious metals, stones, or jewels; and holding companies, affiliates, or subsidiaries of any of the foregoing.” EO 14024 11(f), as amended by EO 14114.

[2] Available here.

[3] 31 C.F.R. Part  587.

[4] For the sake of completeness we note that OFAC issued on the same day a third GL 85, providing a temporary wind down license for certain transactions involving Expobank Joint Stock Company, which was sanctioned pursuant to WO 14024 on December 12, 2023.

[5] See OFAC Press Release, “Issuance of new Russia-related Executive Order and related Determinations; Issuance of Russia-related General Licenses and Frequently Asked Questions; Publication of Russia-related Compliance Advisory,” Dec. 22, 2023, available at https://ofac.treasury.gov/recent-actions/20231222.

[6] Note that we do not consider EO 14024 provisions authorizing SDN designations for persons providing ‘material support’ to other SDNs to be ‘traditional’ secondary sanctions for a variety of analytical, structural, practical and historical usage reasons.

[7] None of the executive orders authorizing the provisions of the RHFASR included secondary sanctions, nor did the secondary sanctions provisions of the Countering America’s Adversaries Through Sanctions Act (“CAATSA”), which amended The Support for the Sovereignty, Integrity, Democracy, and Economic Stability of Ukraine Act of 2014 and the Ukraine Freedom Support Act, apply to the executive orders authorizing the various components of the RHFASR.   For reference, see the language of Sections 226 and 228 of CAATSA; the Ukraine-/Russia-Related Sanctions Regulations, 31. C.F.R. Part 589, Note 2 to § 589.209(c) and Note 2 to § 589.201; and related OFAC FAQs 541 and 547 (both of which were last amended over one year after the issuance of EO 14024).

[8] See OFAC FAQ 1126 for definitions of each of these sectors.

[9] See OFAC FAQ 1148.

[10] OFAC FAQ 1151.

[11] Determination Pursuant to Section 11(a)(ii) of E.O. 14024, as amended by E.O. of December 22, 2023 (Effective December 22, 2023).

[12] OFAC FAQ 1152.

[13] Examples form the Compliance Advisory include:

• “Reviewing an institution’s customer base to determine exposure to the following:
  • Any customers involved in the specified sectors of the Russian economy or who conduct business with designated persons in the specified sectors.
  • Any customers that may be involved in the sale, supply, or transfer of the specified items to Russia or to jurisdictions previously identified as posing a high risk of Russian sanctions evasion.
• Communicating compliance expectations to customers, including informing them that they may not use their accounts to do business with designated persons operating in the specified sectors or conduct any activity involving Russia’s military-industrial base. This may also include sharing the list of the specified items with customers, especially customers engaged in import-export activity, manufacturing, or any other relevant business lines.
• Sending questionnaires to customers known to deal in or export specified items to better understand their counterparties.
• Taking appropriate mitigation measures for any customers or counterparties engaged in high risk activity or who fail to respond to requests for information regarding activity of concern. These measures include restricting accounts, limiting the type of permissible activity, exiting relationships, and placing customers or counterparties on internal “do not onboard” or “do not process” watchlists.
• On a risk-basis, obtaining attestations from customers that they do not operate in the specified sectors, engage in any sales or transfers of the specified items to Russia, or otherwise conduct any transactions involving Russia’s military-industrial base.
• Incorporating risks related to Russia’s military-industrial base into sanctions risk assessments and customer risk rating criteria. This includes updating jurisdictional risk assessments as appropriate.
• Implementing enhanced trade finance controls related to the specified items, including monitoring information collected as part of documentary trade.
• Using open-source information and past transactional activity to inform due diligence and to conduct proactive investigations into possible sanctions and export control evasion.”

[14] Best practices from the Compliance Advisory include:

• “Training staff on sanctions risks and common red flags. This includes not only compliance personnel but also front-line staff, senior management, and business lines (e.g., underwriters, relationship managers).  It is especially important to train staff that while it is appropriate for customers to ask for guidance on how to comply with bank policies and sanctions, any request for assistance in evading sanctions should be treated as a serious red flag and result in appropriate mitigation measures.
• Ensuring any identified risks or issues are escalated quickly to the proper level (e.g., senior risk committee) and promoting a “culture of compliance.”
• Communicating clearly and frequently with U.S. and other correspondent banks on their due diligence expectations and requests for information.
• Incorporating information and typologies from relevant FinCEN and OFAC alerts and advisories into automated and manual anti-money laundering controls. Of particular concern for Russian sanction evasion are:
  • Customers conducting business with newly formed Russian companies or newly formed companies in third-party countries known to be potential transshipment points for exports to Russia.
  • Companies or counterparties supposedly involved in production or import-export of sophisticated items with no business history or little-to-no web presence.
  • Customers or counterparties using unusual or atypical payment terms and methods, such as large cash payments, frequent or last-minute changes to end-users or payees, or routing payments through third countries not otherwise involved in the transaction.”

[15] See FinCEN & BIS Joint Alert, FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Increased Vigilance for Potential Russian and Belarusian Export Control Evasion Attempts, June 28, 2022, available at https://www.fincen.gov/sites/default/files/2022-06/FinCEN%20and%20Bis%20Joint%20Alert%20FINAL.pdf; FinCEN & BIS Joint Alert, Supplemental Alert: FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Urge Continued Vigilance for Potential Russian Export Control Evasion Attempts, May 19, 2023, available here; FinCEN & BIS Joint Alert, FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Announce New Reporting Key Term and Highlight Red Flags Relating to Global Evasion of U.S. Export Controls, Nov. 6, 2023, available here.

[16] See OFAC FAQ 1157, which defines salmon, cod, pollock and crab to include articles defined at the specified Harmonized Tariff Schedule of the United States (HTSUS) subheadings.

[17] See 15 C.F.R. § 736.2(b)(10) (“General Prohibition 10”).

---

The following Gibson Dunn lawyers prepared this alert: Adam M. Smith, David Wolber, Stephenie Gosnell Handler, Chris Timura, Dharak Bhavsar, and Audi Syarief.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. For additional information about how we may assist you, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or the following leaders and members of the firm’s International Trade practice group:

United States
Ronald Kirk – Co-Chair, Dallas (+1 214.698.3295, rkirk@gibsondunn.com)
Adam M. Smith – Co-Chair, Washington, D.C. (+1 202.887.3547, asmith@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, shandler@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202.887.3786, dburns@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213.229.7269, nhanna@gibsondunn.com)
Marcellus A. McRae – Los Angeles (+1 213.229.7675, mmcrae@gibsondunn.com)
Courtney M. Brown – Washington, D.C. (+1 202.955.8685, cmbrown@gibsondunn.com)
Christopher T. Timura – Washington, D.C. (+1 202.887.3690, ctimura@gibsondunn.com)
Hayley Lawrence – Washington, D.C. (+1 202.777.9523, hlawrence@gibsondunn.com)
Annie Motto – New York (+1 212.351.3803, amotto@gibsondunn.com)
Chris R. Mullen – Washington, D.C. (+1 202.955.8250, cmullen@gibsondunn.com)
Sarah L. Pongrace – New York (+1 212.351.3972, spongrace@gibsondunn.com)
Anna Searcey – Washington, D.C. (+1 202.887.3655, asearcey@gibsondunn.com)
Samantha Sewall – Washington, D.C. (+1 202.887.3509, ssewall@gibsondunn.com)
Audi K. Syarief – Washington, D.C. (+1 202.955.8266, asyarief@gibsondunn.com)
Scott R. Toussaint – Washington, D.C. (+1 202.887.3588, stoussaint@gibsondunn.com)
Claire Yi – New York (+1 212.351.2603, cyi@gibsondunn.com)
Shuo (Josh) Zhang – Washington, D.C. (+1 202.955.8270, szhang@gibsondunn.com)

Asia
Kelly Austin – Hong Kong/Denver (+1 303.298.5980, kaustin@gibsondunn.com)
David A. Wolber – Hong Kong (+852 2214 3764, dwolber@gibsondunn.com)
Fang Xue – Beijing (+86 10 6502 8687, fxue@gibsondunn.com)
Qi Yue – Beijing (+86 10 6502 8534, qyue@gibsondunn.com)
Dharak Bhavsar – Hong Kong (+852 2214 3755, dbhavsar@gibsondunn.com)
Felicia Chen – Hong Kong (+852 2214 3728, fchen@gibsondunn.com)
Arnold Pun – Hong Kong (+852 2214 3838, apun@gibsondunn.com)

Europe
Attila Borsos – Brussels (+32 2 554 72 10, aborsos@gibsondunn.com)
Susy Bullock – London (+44 20 7071 4283, sbullock@gibsondunn.com)
Patrick Doris – London (+44 207 071 4276, pdoris@gibsondunn.com)
Sacha Harber-Kelly – London (+44 20 7071 4205, sharber-kelly@gibsondunn.com)
Michelle M. Kirschner – London (+44 20 7071 4212, mkirschner@gibsondunn.com)
Penny Madden KC – London (+44 20 7071 4226, pmadden@gibsondunn.com)
Benno Schwarz – Munich (+49 89 189 33 110, bschwarz@gibsondunn.com)
Nikita Malevanny – Munich (+49 89 189 33 160, nmalevanny@gibsondunn.com)
Irene Polieri – London (+44 20 7071 4199, ipolieri@gibsondunn.com)

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Gibson Dunn has formed a Workplace DEI Task Force, bringing to bear the Firm’s experience in employment, appellate and Constitutional law, DEI programs, securities and corporate governance, and government contracts to help our clients develop creative, practical, and lawful approaches to accomplish their DEI objectives following the Supreme Court’s decision in SFFA v. Harvard. Prior issues of our DEI Task Force Update can be found in our DEI Resource Center. Should you have questions about developments in this space or about your own DEI programs, please do not hesitate to reach out to any member of our DEI Task Force or the authors of this Update (listed below).

Key Developments:

On December 19, 2023, a dues-paying member of the Wisconsin Bar filed a complaint against the Bar over its “Diversity Clerkship Program,” a summer hiring program for first-year law students. Suhr v. Dietrich, No. 2:23-cv-01697-SCD (E.D. Wis. 2023). The program’s application requirements had previously stated that eligibility was based on membership in a minority group. After SFFA v. Harvard, the eligibility requirements were changed to include students with “backgrounds that have been historically excluded from the legal field.” The plaintiff claims that the Bar’s program is unconstitutional after SFFA, even with the new race-neutral language, because, in practice, the selection process is still based on the applicant’s race or gender. The plaintiff also alleges that the Bar’s diversity program constitutes compelled speech and compelled freedom of association in violation of the First Amendment.

In December 2023, America First Legal (“AFL”) filed FOIA requests with two federal agencies, seeking records related to the agencies’ DEI practices and decision making. On December 13, 2023, AFL sent a FOIA request to the Federal Housing Finance Agency (“FHFA”) in connection with a proposed rule that uses “past discrimination” as a factor to be considered in determining whether a community is “underserved.” AFL’s FOIA request seeks all records showing the FHFA’s definition of the term “equity” as used in the proposed rule, as well as all records of communications and meetings with the Office of General Counsel relating to the proposed rule. Five days later, AFL filed another FOIA request, this time with the EEOC, in response to a recent Bloomberg Law News article about EEOC Commissioner Kalpana Kotagal, who recently made a statement that “[t]here are three commissioners who feel that DEIA programs’ continued implementation in the workplace are important.” AFL’s FOIA request seeks all records containing several words and phrases related to DEI and the SFFA case since January 1, 2023 from all EEOC commissioners and the General Counsel.

On December 12, 2023, AFL sent a letter to the EEOC, calling for the Commission to investigate IBM for discrimination in violation of Title VII. The letter describes a video leaked to X (formerly Twitter), in which IBM CEO Arvind Krishna appears to answer a question asked during an internal company meeting about the company’s commitment to DEI goals. Krishna remarked that executives “have to move forward by 1% on both underrepresented minorities,” which AFL construed to refer to goals for hiring women and racial minorities. In the video, Krishna also stated that executives’ bonuses depend in part on meeting these goals, and Paul Cormier, the chairman of IBM subsidiary Red Hat, added that Red Hat executives had been terminated for failing to meet company standards for diverse hiring. AFL asserts that these statements represent IBM’s enforcement of unlawful racial and national origin quotas. AFL sent a similar letter to IBM’s Board of Directors, claiming that IBM has violated Section 1981 by allocating set percentages of its spending to Black-owned businesses and has breached its fiduciary duty to shareholders by “necessarily pass[ing] over some of the most qualified candidates.”

On December 19, 2023, AFL sent the EEOC letters alleging that Hasbro’s and Mattel’s hiring and recruitment programs violate Title VII. The letters focus on data from the companies’ Form 10-K SEC filings and published DEI reports and allege that Hasbro and Mattel have unlawfully set goals for the hiring and advancement of women and racially diverse employees. AFL also sent letters to each company’s Board of Directors, making the same allegations. In the letter to the Mattel board, AFL claims that the company is damaging its goodwill and brand in breach of its fiduciary obligations by alienating parents through its sale of a children’s book that discusses gender as separate from biological sex.

On December 13, 2023, Hello Alice and Progressive Insurance filed their motions to dismiss in Roberts & Freedom Truck Dispatch v. Progressive Preferred Ins. Co., No. 23-cv-1597 (N.D. Ohio 2023). Hello Alice argued that the plaintiffs failed to state a claim because the challenged grant was not a “contract” under Ohio contract law, and because applying Section 1981 to Hello Alice’s grant program would violate the First Amendment since donating money qualifies as expressive conduct. Hello Alice also argued that the program is a permissible private voluntary affirmative action program as supported by Supreme Court precedent. Progressive Insurance echoed Hello Alice’s arguments and also argued that the plaintiffs did not have standing because (1) they did not show that they would have received the grant but for their race, and (2) the program concluded months before the plaintiffs filed their complaint. The plaintiff’s responses to the motions are due on February 14, 2024.

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

• The Guardian, “Oklahoma governor signs order effectively banning diversity programs at public colleges” (December 14): The Guardian’s Adria R. Walker reports on the executive order signed by Oklahoma governor Kevin Stitt on December 13, 2023, which prohibits state agencies and public colleges and universities from using state funds, property, or resources to support DEI programming. The order directs state entities to review all DEI positions and initiatives and to “restructure” or “eliminate” those not essential to accreditation or university-wide student support. University of Oklahoma president Joseph Harrosz, Jr. released a statement in response to the governor’s order, indicating that the institution would comply with the order but confirming the university’s “unwavering” commitment to “access and opportunity for all of those with the talent and tenacity to succeed; being a place of belonging for all who attend; dedication to free speech and inquiry; and civility in our treatment of each other,” calling these “values [that] transcend political ideology.”
• Forbes, “Elon Musk Says DEI ‘Must Die’ And Criticizes Diversity Schemes as ‘Discrimination’” (December 15): Forbes’ Robert Hart reports on anti-DEI comments made by Elon Musk on his social media platform X. On December 15, Musk opined that, although DEI is intended to “end discrimination,” it instead “replace[s] it with different discrimination.” Hart notes that, only days earlier, Musk also commented on video footage of statements by IBM leaders interpreted by AFL and others as tying IBM executive bonuses to meeting diverse hiring quotas; Musk called the practice “[e]xtremely concerning and obviously illegal.”
• The Hill, “Congressional Black Caucus urges corporate America to recommit to diversity, equity and inclusion” (December 15): The Hill’s Cheyanne M. Daniels reports on the December 15 open letter sent by the Congressional Black Caucus (CBC) to corporate leaders, requesting that, by January 31, 2024, those leaders “reaffirm their commitments to diversity, equity, and inclusion, update [the CBC] on their racial equity investments, and work with the [CBC] to create legislative solutions that will help close the racial wealth gap.” In support of its request, the CBC cites several studies showing the lack of representation of racial and ethnic minorities on corporate boards and in corporate management, including a 2023 study by Deloitte and the Alliance for Board Diversity and a 2021 report by McKinsey. In its letter, the CBC also signals the forthcoming release of “an equity scorecard,” measuring diversity-related progress—or lack thereof—by major U.S. companies.
• Reuters, “Some companies alter diversity policies after conservatives’ lawsuit threat” (December 18): According to Jody Godoy and Disha Raychaudhuri of Reuters, at least six major U.S. companies have changed the descriptions for their DEI initiatives in response to shareholder letters from AFL and the American Civil Rights Project complaining that the initiatives constitute reverse discrimination. Godoy and Raychaudhuri report that at least twenty-five companies received similar letters over the last two years. The authors identify that the changes made to these companies’ DEI initiatives primarily involve removing language that said certain programs were for underrepresented groups or modifying executives’ goals for increased racial representation in the work force.
• Bloomberg Law, “Contested Nasdaq Board Diversity Rules Take Effect: Explained” (December 21): Bloomberg Law’s Andrew Ramonas reports that, as of December 31, 2023, most companies listed on Nasdaq will need to comply with its recent rules requiring diverse board members or an explanation for why the company does not meet this requirement. Since 2022, listed companies have had to disclose demographic data that board members voluntarily self-report. The new requirements have gone into effect despite two pending petitions for rehearing of the Fifth Circuit’s October decision upholding the rules in Alliance for Fair Board Recruitment v. SEC.

Case Updates:

Below is a list of updates in new and pending cases:

1. Contracting claims under Section 1981, the U.S. Constitution, and other statutes:

• Alexandre v. Amazon.com, Inc., No. 3:22-cv-1459 (S.D. Cal. 2022): White, Asian, and Native Hawaiian plaintiffs, on behalf of a putative class of past and future Amazon “delivery service partner” program (DSP) applicants, challenged a DEI program that provides a $10,000 grant to qualifying delivery service providers who are “Black, Latinx, and Native American entrepreneurs.” Plaintiffs alleged violations of Section 1981 and California state civil rights law prohibiting discrimination.
  • Latest update: On December 6, 2023, Amazon filed its motion to dismiss the amended complaint. Amazon argued the plaintiffs lack standing because the grant program is only available to DSPs and the plaintiffs are not DSPs and have never applied to become DSPs. Amazon also argued that the plaintiffs failed to state a claim under Section 1981 because they did not allege that Amazon impaired an existing contract or prevented plaintiffs from making a new one on account of race; the fact that the plaintiffs may have been deterred from contracting is not actionable under Section 1981. Additionally, Amazon argued that California civil rights law is inapplicable because it applies to the “proprietor/customer” relationship, not to business-to-business relationships. Finally, Amazon argued that California civil rights law actually allows diversity programs like Amazon’s because it is not invidious discrimination and instead promotes diversity.
• Harker v. Meta Platforms, Inc. et al., No. 23-cv-7865 (S.D.N.Y. 2023): A lighting technician who worked on a set where a Meta commercial was produced sued Meta and a film producers association, alleging that Meta and the association violated Title VII, Sections 1981 and 1985, and New York law through a diversity initiative called Double the Line (DTL). Plaintiff also claims that he was retaliated against after raising questions about the qualifications of a coworker hired under the program.
  • Latest update: On December 19, 2023, the defendants filed their motions to dismiss in response to the plaintiff’s first amended complaint. Meta and other defendants who operated the program but did not employ the production workers argued first that the plaintiff lacked standing because he did not apply to the position and was not eligible because the program was designed for candidates with less experience. Additionally, they argued that the plaintiff failed to state a Section 1981 claim because he had no contractual or employment relationship with them. And they argued that the plaintiff could not show that race was the but-for cause of his failure to be hired. Something Ideal, the production company that employed the plaintiff, additionally argued that the plaintiff failed to state a retaliation claim because merely asking questions about the DTL program was not protected activity, and he did not actually plead that he had attempted to be re-hired.
• Landscape Consultants of Texas, Inc. v. City of Houston, No. 4:23-cv-3516 (S.D. Tex. 2023): Plaintiff landscaping companies owned by white individuals challenged Houston’s government contracting set-aside program for “minority business enterprises” that are owned by members of racial and ethnic minority groups. The companies claim the program violates the Fourteenth Amendment and Section 1981.
  • Latest update: On December 13, 2023, defendant Midtown Management District, a political subdivision of Houston that implements the minority business enterprise program, filed its motion to dismiss. Midtown argued that, as a procedural matter, the plaintiffs’ Section 1981 claims should be dismissed because they were not alleged through Section 1983, which Midtown argues provides the relevant cause of action for relief against a local government entity. Midtown also argued that the plaintiffs failed to state a claim under Section 1981 because, under Fifth Circuit law, plaintiffs must demonstrate an actual loss of a contractual interest, and the plaintiffs never alleged they had ever bid on, negotiated, or attempted to secure a contract. Finally, Midtown argued that the plaintiffs failed to state a claim for an Equal Protection violation because they did not make specific factual allegations of disparate treatment or discriminatory intent.
• Mid-America Milling Company v. U.S. Dep’t of Transportation, No. 3:23-cv-00072-GFVT (E.D. Ky. 2023): Two plaintiff construction companies sued the Department of Transportation, asking the court to enjoin the DOT’s Disadvantaged Business Enterprise Program (DBE), an affirmative action program that awards contracts to minority-owned and women‑owned small businesses in DOT-funded construction projects with the statutory aim of granting 10% of certain DOT-funded contracts to these businesses nationally. Plaintiffs allege that the program constitutes unconstitutional race discrimination in violation of the Fifth Amendment.
  • Latest update: On December 15, 2023, the plaintiffs filed a motion for a preliminary injunction, requesting that the court prohibit the defendants from implementing or enforcing the DBE program’s race and gender requirements and its goals of minority participation. The plaintiffs reiterated their assertion that the DBE program discriminates based on race and gender and fails to meet the requirements of both strict and intermediate scrutiny, because it only targets general “societal” discrimination, rather than specific past episodes of governmental discrimination. As to the preliminary injunction factors, the plaintiffs asserted that their irreparable injury should be presumed because the program allegedly threatened constitutional rights, and that the public interest would be supported by enjoining the allegedly unconstitutional program.
• Do No Harm v. Vituity, No. 3:23-cv-24746-TKW-HTC (N.D. Fla. 2023): On December 8, 2023, Do No Harm, an advocacy group representing doctors and healthcare professionals, sued a nationwide physician partnership, claiming its Bridge to Brilliance Incentive Program—a DEI and recruitment program which advertises a sign-on bonus and benefits specifically to qualified Black physicians—violates Section 1981 and Section 1557 of the Affordable Care Act, which prohibits discrimination by healthcare providers receiving federal financial assistance. Do No Harm sought a temporary restraining order (TRO) and preliminary injunction, barring the defendant from closing the application period on December 17, 2023.
  • Latest update: On December 14, 2023, the court denied the plaintiff’s motion for a TRO, on the ground that the plaintiff misunderstood the deadline for applications to the program; it also rejected the plaintiff’s request to treat the motion for a TRO as a motion for a preliminary injunction against filling the roles. The court expressed doubt that the plaintiff had standing on the basis of a single member’s declaration. However, in a footnote, the judge stated that “it appears to be undisputed that the challenged program discriminates based on race” and found it noteworthy that the defendants defended the program as permissible under pre-SFFA precedents.

2. Employment discrimination under Title VII and other statutory law:

• Langan v. Starbucks Corporation, No. 3:23-cv-05056 (D.N.J. 2023): On August 18, 2023, a white female former employee of Starbucks sued Starbucks, claiming she was wrongfully accused of racism and terminated when Starbucks unsuccessfully attempted to deliver T-shirts supporting the “Black Lives Matter” movement to her store, and accused the plaintiff of rejecting the delivery out of her alleged political opposition to the movement. The plaintiff alleged that she was discriminated and retaliated against on the basis of her race and disability as part of a programmatic favoring of non-white employees, in violation of Title VII, Section 1981, New Jersey antidiscrimination law, the ADA, the ADEA, and alleged state tort claims for emotional distress and negligent hiring.
  • Latest update: Starbucks filed its motion to dismiss on December 8, 2023. Starbucks argued that the plaintiff’s New Jersey antidiscrimination and retaliation claims are barred by the statute of limitations because she failed to file within two years of bringing an administrative charge. Starbucks also argued that the plaintiff’s state common law tort claims are barred by the statute of limitations and that she did not plead sufficient facts to make out her claim of emotional distress. Finally, Starbucks argued that the plaintiff failed to plead a Section 1981 claim because she did not plead facts distinct from those supporting her Title VII claims and did not show that race was the but-for cause of the loss of a contractual interest.

3. Challenges to agency rules, laws, and regulatory decisions:

• Alliance for Fair Board Recruitment v. SEC, No. 21-60626 (5th Cir. 2021): On October 18, 2023, a unanimous Fifth Circuit panel rejected challenges to Nasdaq’s Board Diversity Rules and the SEC’s approval of those rules. Petitioners Alliance for Fair Board Recruitment and National Center for Public Policy Research sought review of the SEC’s approval of Nasdaq’s Board Diversity Rules, which require companies that have contracted to list their shares on Nasdaq’s exchange to (1) disclose aggregated information about their board members’ voluntarily self-identified diversity characteristics (including race, gender, and sexual orientation), and (2) provide an explanation if fewer than two board members are diverse. The SEC approved the rules after determining that they were consistent with the Exchange Act. Petitioners challenged the rules on constitutional and statutory grounds. Gibson Dunn represents Nasdaq, which intervened to defend its rules.
  • Latest update: On December 18, 2023, the SEC and Nasdaq filed responses in opposition to the plaintiff’s petition for en banc rehearing. The SEC argued that, because Nasdaq is a private entity, its actions can be challenged as unconstitutional only if they are “fairly attributable” to the government. However, the fact that the Commission approved Nasdaq’s rule does not make the rule attributable to the government, the SEC argued, because the Securities Exchange Act requires the Commission to approve all rules not inconsistent with the statute. The SEC also argued that the private non-delegation doctrine—which states that regulatory authority may not be delegated to a private entity—was inapplicable. Nasdaq, which is represented by Gibson Dunn, argued that the panel decision correctly held that under Supreme Court and Fifth Circuit precedent Nasdaq is not a state actor, and the Commission’s “yes-or-no” approval process was insufficient to make the action attributable to the SEC. Nasdaq also argued that its rules were consistent with statutory requirements of Section 6(b)(5) of the Exchange Act because they would provide information that would contribute to investors’ investment and proxy voting decisions.
• Palsgaard v. Christian et al., No. 1:23-cv-01228-SAB (E.D. Cal. 2023): On August 17, 2023, community college professors in California filed suit, challenging the adoption of the state’s new DEI-related evaluation competencies and corresponding language in the faculty union contract for their local community college district. The plaintiffs allege that the regulations and contract language require them to endorse the state’s views on DEI concepts, and they challenge the regulations and language as compelled speech in violation of the First and Fourteenth Amendments. The plaintiffs sued officials of both the state board that adopted the competencies and the local community college district that negotiated the contract.
  • Latest update: On December 25, 2023, the defendants filed their motions to dismiss. The State defendants first argued that the plaintiffs lack standing to sue because the regulations do not apply to the plaintiff professors but rather to the community colleges, which have discretion to implement them through policy and collective bargaining. Relatedly, the State defendants argued that the mere possibility that community colleges might implement the regulations did not sufficiently threaten a risk of harm that would give rise to an Article III injury. They also argued that the plaintiffs failed to state a First Amendment claim because the regulations express the Board’s view and do not include any enforcement mechanisms that would penalize the plaintiffs. Separately, the community college district defendants argued that the plaintiffs lacked standing to assert a pre-enforcement challenge to the regulations. They also argued that the plaintiffs’ collective bargaining agreement waived First Amendment challenges to the provisions at issue. To the extent that they were not waived, the community college district defendants argued that the policies did not violate the First Amendment because regulating plaintiffs’ teaching practices and measuring their proficiencies was not equivalent to regulating speech, and that teachers’ speech in their work capacity is within the realm of permissible regulation.

4. Board of Director or Stockholder Actions:

• Ardalan v. Wells Fargo, No. 3:22-cv-03811 (N.D. Cal. 2022): On June 28, 2022, a putative class of Wells Fargo stockholders brought a class action against the bank related to an internal policy requiring that half of the candidates interviewed for positions that paid more than $100,000 per year be from an underrepresented group. The plaintiffs alleged that the bank conducted sham job interviews to create the appearance of compliance with this policy and that this was part of a fraudulent scheme to suggest to shareholders and the market that Wells Fargo was dedicated to DEI principles. The plaintiffs argued that this alleged practice constituted fraudulent misstatements in violation of Sections 10(b) and 20(a) of the Exchange Act in an attempt to maintain artificially high stock prices.
  • Latest update: On April 4, 2023, Wells Fargo filed its motion to dismiss, arguing that the plaintiffs failed to state a claim, and, in the alternative, that they failed to adequately plead that Wells Fargo acted knowingly or with deliberate recklessness. On August 18, 2023, the district court granted the motion to dismiss, finding that the plaintiffs did not meet the pleading standards for their fraud claim. The plaintiffs filed an amended complaint on September 8, 2023, which Wells Fargo moved to dismiss on October 23, 2023, reiterating the arguments made in its prior motion.

5. Educational Institutions and Admissions (Fifth Amendment, Fourteenth Amendment, Title VI, Title IX):

• Students for Fair Admissions v. United States Naval Academy, No. 1:23-cv-02699-ABA (D. Md. 2023): On October 5, 2023, SFFA sued the U.S. Naval Academy, arguing that consideration of race in its admissions process violates the Fifth Amendment.
  • Latest update: On December 14, 2023, the district court heard oral argument on the plaintiff’s preliminary injunction motion and denied the motion from the bench. On December 20, the court issued an opinion, holding that SFFA did not show that it would succeed on the merits of its Equal Protection claim. The court found that SFFA failed to show that the defendants’ justification for race-conscious admissions policies did not satisfy strict scrutiny. Noting that SFFA v. Harvard excluded military academies from its ruling, the court stated that “compelling government interests may justify affirmative action at military academies.” The court also found that as part of the military, the defendants deserved deference that courts traditionally give the military regarding personnel decisions, in contrast to civilian institutions. The court found that the defendants’ use of race was narrowly tailored, as it appeared to be limited and never determinative, and there was evidence the Naval Academy had considered race-neutral alternatives that were ineffective. In denying preliminary relief, however, the court rejected defendants’ contention that SFFA’s reliance on unnamed plaintiffs failed to demonstrate organizational standing, reasoning that protecting members’ anonymity is a core purpose of the organizational standing doctrine.
• Boston Parent Coalition for Acad. Excellence Corp. v. The School Committee of the City of Boston, No. 1:21-cv-10330-WGY (D. Mass. Apr. 15, 2021), on appeal at No. 21-1303 (1st Cir. 2021): In an attempt to increase diversity in admissions to three prestigious public schools in the wake of COVID-19, the Boston School Committee adopted an admissions plan for these schools that considered both the students’ grades and the median income of their home zip code. The plaintiff, an organization representing white and Asian students, sued the School Committee, claiming that the plan violated the Equal Protection Clause of the Fourteenth Amendment and Massachusetts state law. In April 2021, the district court found the plan to be constitutional. The plaintiff, who had sought a preliminary injunction, appealed the denial of that motion to the First Circuit, which denied the appeal. After discovering allegedly racist statements by School Committee members, the plaintiff moved for reconsideration of the district court’s judgment, which was denied. The plaintiff appealed again to the First Circuit, again challenging the program as unconstitutional.
  • Latest update: On December 19, 2023, the First Circuit affirmed the denial of the reconsideration motion and again affirmed that Boston’s admissions policy for the schools was constitutional. In response to the plaintiffs’ claims that the policy disparately impacted white and Asian students, the First Circuit observed that the new policy “created less disparate impact, not more” than the schools’ previous admission policy, which solely ranked students by grades. Thus, Boston could not be liable under a theory of disparate impact for choosing “between equally valid, facially neutral selection criteria.” The First Circuit also held that, even if the intent of some of the policymakers may have been to increase diversity in the student population, the use of indicators like zip code and income was facially neutral and did not trigger strict scrutiny without more evidence of clearly race-conscious policies. The First Circuit grounded its reasoning in the language of SFFA v. Harvard, which, it found, “identified use of socio-economic status indicators” as a permissible tool for increasing racial diversity.

---

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Blaine Evanson, Molly Senger, Zakiyyah Salim-Williams, Matt Gregory, Zoë Klein, Mollie Reiss, Teddy Rube,* Alana Bevan, Marquan Robertson,* and Elizabeth Penava.*

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and authors:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, ksmith@gibsondunn.com)

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, mdenerstein@gibsondunn.com)

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, zswilliams@gibsondunn.com)

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, msenger@gibsondunn.com)

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group
Orange County (+1 949-451-3805, bevanson@gibsondunn.com)

*Teddy Rube, Marquan Robertson, and Elizabeth Penava are associates working in the firm’s Washington, D.C. office who are not yet admitted to practice law.

© 2024 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

New Colorado laws impose sweeping changes to employment practices, such as pay transparency, paid family and medical leave benefits, sick leave, nondisclosure provisions, and more.

On January 1, 2024, a flurry of new employment laws, regulations, and programs will go into effect in Colorado. The laws affect a broad range of employment issues, from job posting requirements to the launch of benefits for the State’s family-leave insurance program. Read together, these laws and regulations continue to add to Colorado’s reputation as one of the most employee-friendly jurisdictions in the United States.

In light of these new laws, employers may wish to review their employment policies and practices as they move into 2024. Additional detail about the most notable aspects of these laws is provided below, including steps employers could consider taking to ensure compliance.

I. Ensure Equal Pay for Equal Work Act (EEPEWA) – Effective January 1, 2024

Signed into law on June 5, 2023, the Ensure Equal Pay for Equal Work Act (“EEPEWA”) – which amends Colorado’s pay transparency law, the Equal Pay for Equal Work Act (“EPEWA”) – goes into effect on January 1, 2024. The EEPEWA, together with the Equal Pay Transparency (“EPT”) Rules issued by the Colorado Department of Labor and Employment (“CDLE”), create significant, new disclosure and notice requirements for employers with even one employee in Colorado.

Steps to consider: Most notably, to comply with the amended requirements, covered employers may consider undertaking the following:

1. provide notice of each “job opportunity” to employees;
2. disclose how to apply and the application deadline, in addition to information about compensation and benefits, in both external and internal covered job postings;
3. disclose certain information about selected candidates to employees with whom the candidate will likely work, and about how employees can express interest in similar jobs in the future;
4. provide notice to eligible employees of career-progression positions, including the requirements to progress, compensation, benefits, responsibilities, further advancement, and full-time or part-time status; and
5. continue to preserve records of wages and job descriptions.

Additional detail about the amendments to Colorado’s pay transparency law is provided below.

A. The EEPEWA Requires Employers to Announce “Job Opportunities.”

Under the EEPEWA, employers are required to take reasonable steps to ensure that every “job opportunity” is announced, posted, or made known to all Colorado employees on the same day and before any selection decisions are made. But employers physically outside Colorado that have fewer than 15 remote employees in Colorado need only provide notice of remote job opportunities through July 1, 2029.

The EEPEWA defines a “job opportunity” as a “current or anticipated vacancy” for which an employer is considering or interviewing candidates, or that an employer has posted publicly. Notably, a “job opportunity” does not encompass either “career development” or a “career progression.” “Career development,” as defined in the statute, refers to changes in an employee’s terms of “compensation, benefits, full-time or part-time status,” or job title that recognize an employee’s performance or contributions. And “career progression” means a “regular or automatic” movement from one position to another based on objective metrics, such as time spent in a role.

B. The EEPEWA Requires Disclosing Information About Job Opportunities, Career Progression, and Selected Candidates.

The EPT Rules provide that employers should include in both external job postings and internal job-opportunity notices the application deadline and information about how to apply, in addition to the already-required information about compensation and benefits for any job that can be performed in or from Colorado.

Furthermore, within 30 days of selecting a candidate for a job opportunity, the EEPEWA requires the employer to make reasonable efforts internally to disclose certain information about the selected candidate – at a minimum, to employees who will work with the new hire. This includes (a) the candidate’s name, (b) their former job title (if the candidate was an internal hire), (c) their new job title, and (d) information on how employees can express interest in similar job opportunities in the future. The regulations provide a limited exception to some of these requirements where disclosure would pose risks to a selected candidate’s health or safety.

For positions that constitute “career progression,” moreover, the EEPEWA requires employers to make available to “eligible employees” information about the requirements for such progression, in addition to information about each position’s compensation, benefits, full-time or part-time status, responsibilities, and further advancement. In new regulations issued by the CDLE, “eligible employees” are defined as “those in the position that, when the requirements in the notice are satisfied, would move from their position to another position listed in the notice.” Career progression notices should be made available to eligible employees shortly after beginning any position within a career progression, though employers retain discretion in how to provide these notices (e.g., in an employee’s new hire packet, on a company intranet page accessible by all eligible employees, etc.).

C. The EEPEWA Requires the CDLE to Take Further Protective and Investigative Measures.

Finally, the EEPEWA requires the CDLE to create and implement systems to accept and mediate complaints regarding violations of the sex-based wage equity provision of the EPEWA and create new rules as necessary to accomplish this purpose. Previously, the EPEWA simply permitted the CDLE to take these measures, but did not make them mandatory.

Furthermore, the EEPEWA requires the CDLE to investigate complaints or leads related to sex-based wage inequity (employing fact-finding procedures from the EPEWA), promulgate rules as needed, and order compliance and relief if a violation is found. However, these enforcement actions will “not affect or prevent the right of an aggrieved person from commencing a civil action.” Moreover, the EEPEWA allows plaintiffs bringing sex-based wage discrimination claims to seek back pay going back twice as long as they could previously: up to six years instead of three.

II. Family and Medical Leave Insurance Program (FAMLI) – Benefits Begin January 1, 2024

In November 2020, Colorado voters approved Proposition 118, which required the establishment of a state-run paid Family and Medical Leave Insurance (“FAMLI”) program. The program is mandatory for most employers with one or more employees working in Colorado. While most Colorado employers and employees began paying into the program in 2023, the program will begin providing paid leave benefits to employees starting on January 1, 2024.

Under the FAMLI program, workers generally can take off up to twelve weeks in a one-year period to: (1) care for a new child during the first year after their birth, adoption, or foster care placement; (2) care for a family member with a serious health condition; (3) care for an employee’s own serious health condition; (4) make arrangements for a family member’s military deployment; and/or (5) obtain safe housing, care, and/or legal assistance in response to domestic violence, stalking, sexual assault, or sexual abuse. Individuals with serious health conditions caused by pregnancy or childbirth complications are entitled to up to four additional weeks of FAMLI leave.

Under the law, employees can take the leave continuously, intermittently, or in the form of a reduced schedule, and there is no minimum amount of time the employee must work with a company to be eligible for leave. Employers are required to preserve the employee’s job (or a similar job) for them upon their return if they have worked at the company for at least 180 days. Employees may also choose to use sick leave or other paid time off prior to accessing FAMLI benefits, but cannot be required to do so. In addition, an employer and an employee may mutually agree (in writing) that the employee may use any accrued PTO or other employer-provided leave as a supplement to FAMLI benefits, in an amount not to exceed the difference between the employee’s FAMLI wage replacement benefits and the employee’s average weekly wage. Finally, employees enrolled in the state-run program apply for leave directly to the FAMLI Division, meaning that employers will receive a notice from the FAMLI Division that an employee has applied for FAMLI leave, then whether that period of leave has been approved, without employer discretion to approve or reject such requests.

Steps to consider: Going into 2024, employers should continue to file their premium payments and wage reports, as was already required in 2023. Employers also can update their total employee headcounts by January 31, 2024, to ensure they are charged the correct premiums each quarter. In addition, employers may want to designate on the “My FAMLI+Employer” portal a dedicated point of contact at the company to receive the relevant documentation from the FAMLI Division when an employee files a claim. Employers also can consider training HR employees and managers who handle leave requests from Colorado employees regarding the employer’s obligations and policies pursuant to the FAMLI Act.

Further, employers should update their FAMLI notices with the most updated version, available here. And employers may wish to update their leave policies to address the FAMLI program, with an eye toward ensuring compliance with the FAMLI Act’s notice and non-retaliation requirements, as well as explaining how FAMLI benefits can be used in coordination with other leave benefits the employer may offer, including those under the federal Family and Medical Leave Act. Employers also may want to consider whether to opt into a private plan instead, now that such plans are available.

III. Colorado Overtime and Minimum Pay Standards Order (COMPS Order) – Changes Effective January 1, 2024

The CDLE adopted the 39th edition of Colorado’s wage-and-hour regulations – the Colorado Overtime and Minimum Pay Standards Order (“COMPS” Order) – on November 9, 2023, which will take effect on January 1, 2024.

The new Order is mostly consistent with COMPS Order #38, but there are a few significant changes. Most notably, the COMPS Order purports to expand the definition of “time worked” (i.e., time that employers must compensate employees for) to include even an activity (or combination of multiple activities consecutively) of less than one minute, depending “on the balance of the following factors, as shown by the employer: (A) the difficulty of recording the time, or alternatively of reasonably estimating the time; (B) the aggregate amount of compensable time, for each employee as well as for all employees combined; and (C) whether the activity was performed on a regular basis.” The Order also clarifies rules around tip sharing, among other updates.

Steps to consider: Importantly, the Division also published the 2024 version of Colorado’s wage-and-hour poster and notice, which most employers are required to post and otherwise provide to employees. So employers should update their existing posters/notices with the new poster/notice, which is available here. In addition, employers may wish to consider whether they need to update any of their policies and/or train any employees in connection with the changes created by COMPS Order #39.

IV. Job Application Fairness Act (JAFA) – Effective July 1, 2024

In June 2023, Governor Polis signed into law the Job Application Fairness Act (JAFA), which restricts employers’ ability to inquire initially about applicants’ age. The law covers all public and private employers in Colorado, regardless of company size or industry. It also covers individuals who are “an agent, a representative, or a designee of the employer.”

Under the law, employers cannot ask applicants on an initial application to disclose their date of birth, dates of attendance at an educational institution, dates of graduation from an educational institution, or other similar inquiries that would disclose age (e.g., asking which election they first voted in). Employers may still request additional application materials, such as school transcripts, but are required to notify applicants that they may redact age-related information prior to submission.

The JAFA includes limited exceptions to allow employer compliance with age requirements imposed by or pursuant to: (1) a bona fide occupational qualification related to public or occupational safety, (2) a federal statute or regulation, or (3) a state or local statute or regulation based on a bona fide occupational qualification. However, CDLE guidance makes clear that an employer verifying compliance in an initial application still cannot ask an individual’s specific age.

For example, federal and state law prohibits minors from selling or serving alcoholic beverages. For an initial application for such a position, the employer could ask whether the applicant would be at least 18 when starting work. Only after a job offer was extended could the employer ask the applicant to provide evidence of their specific age without redacting age information.

Steps to consider: In light of this new law, employers may wish to review their job application materials to ensure they do not include any prohibited age-related inquiries. Employers also could consider training hiring managers and interviewers regarding when they may and may not make age-related inquiries.

V. Sick Leave, Nondisclosure Limitations, and Other Changes – Already in Effect Since August 7, 2023

A number of other Colorado employment laws passed in 2023 already went into effect on August 7, 2023. We’ve briefly summarized the most notable of these laws below, with additional detail available in our prior client alert about these laws.

A. New Limits on Nondisclosure Provisions and Other Changes

Wide-ranging amendments to Colorado’s anti-discrimination law took effect on August 7. The amendments void nondisclosure provisions that limit an employee’s ability to disclose or discuss alleged discriminatory or unfair employment practices, unless the nondisclosure provision satisfies certain conditions. Employers who violate this law face a potential $5,000 penalty for each instance in which they include in an agreement a noncompliant nondisclosure provision, as well as potential liability for actual damages, costs, and attorneys’ fees.

The amendments also modified the definition of harassment and replaced the “severe or pervasive” standard for such claims. In addition, the amendments impose limitations on the circumstances under which an employer may assert an Ellerth/Faragher-type affirmative defense (providing employers a safe harbor from vicarious liability resulting from sexual harassment claims against a supervisory employee), including requiring that the employer communicated to supervisors and non-supervisors the existence and details of its complaint and investigation/remediation process.

In addition, the amendments made “marital status” a protected class in Colorado. The amendments also imposed new recordkeeping mandates, requiring employers to maintain personnel and employment records for a minimum of five years, and to “maintain an accurate, designated repository of all written or oral complaints of discriminatory or unfair employment practices.”

Steps to consider: Employers may wish to review any agreements that include nondisclosure provisions, such as separation agreements, settlement agreements, and so on, to ensure those agreements comply with Colorado’s new requirements. Employers also could consider taking steps to ensure they are complying with Colorado’s expanded recordkeeping obligations. In addition, employers may wish to consider whether to update their handbooks and other EEO-related materials to include information about Colorado’s revised definition of harassment, the company’s anti-harassment investigation/remediation process, and the inclusion of marital status as a protected class. Employers also could consider training managers and HR employees on these issues.

B. Expansion of Paid Sick Leave

Since August 7, Colorado employees are allowed to take paid “sick” leave for qualifying bereavement- and disaster-related needs, in addition to the other uses of paid sick leave already required under the prior version of Colorado’s sick leave statute. The CDLE consequently updated the required paid sick leave poster/notice, which is available here.

Steps to consider: Employers may wish to (1) incorporate Colorado’s updated paid sick leave notice into their onboarding documents for Colorado employees and (2) post and provide the updated paid sick leave notice to current Colorado employees by the end of 2023. While not expressly required, it may also make sense to inform or remind HR employees and managers who handle leave requests from Colorado employees that the State has expanded the uses for which employees may use paid sick leave. Employers also could consider whether to update their sick leave and/or PTO policies to address Colorado’s expansion of paid sick leave.

---

The following Gibson Dunn attorneys prepared this update: Jessica Brown, Marie Zoglo, and Ming Lee Newcomb.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and partners:

Jessica Brown – Partner, Denver (+1 303.298.5944, jbrown@gibsondunn.com)

Jason C. Schwartz – Co-Chair, Washington, D.C. (+1 202.955.8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Co-Chair, Los Angeles (+1 213.229.7107, ksmith@gibsondunn.com)

Class action filings continue to rise and present substantial exposure to companies. This article previews several issues that will impact these cases in the year ahead, including significant circuit splits and procedural disputes.  

I. Three Circuit Splits to Watch …

There are several emerging circuit splits that may be ripe for Supreme Court review, including on ascertainability, “fail-safe” classes, and personal jurisdiction.

A. Ascertainability—What Good Is a Class If You Can’t Tell Who’s In It?

For years, courts have grappled with whether a Rule 23(b)(3) class can be certified if it’s not ascertainable.  After all, what good does it do to certify a class if there’s no easy way to tell who is part of it?  Most circuits agree that at a minimum, Rule 23 requires that a class be defined using objective criteria.  Many practical-minded judges have further recognized that the text, structure, and purpose of Rule 23 also require a reliable and administratively feasible way to determine who is, and who is not, part of a certified class.  The Third Circuit recently joined the First and Fourth Circuits in adopting this heightened ascertainability requirement as a formal Rule 23(b)(3) prerequisite.  In re Niaspan Antitrust Litig., 67 F.4th 118, 133–34 (3d Cir. 2023); In re Nexium Antitrust Litig., 777 F.3d 9, 19 (1st Cir. 2015); EQT Prod. Co. v. Adair, 764 F.3d 347, 358 (4th Cir. 2014).

But not all courts agree, with some holding that there is no heightened requirement to “ascertain” class members before certification.  For example, in Cherry v. Dometic Corp., 986 F.3d 1296, 1304 (11th Cir. 2021), the Eleventh Circuit reasoned that “administrative feasibility” is just one of many factors that courts can consider when assessing certification.  In this decision, the Eleventh Circuit joined the Second, Sixth, Seventh, Eighth, and Ninth Circuits in rejecting a strict “ascertainability” requirement in Rule 23(b)(3).  See id. at 1302.  In the Eleventh Circuit’s view, “administrative difficulties … do not alone doom a motion for certification,” and “manageability problems will rarely, if ever, be in themselves sufficient to prevent certification.”  Id. at 1304 (cleaned up).

But is the Eleventh Circuit right?  As the Third Circuit observed, if “members of a Rule 23(b)(3) class cannot be identified in an economical and administratively feasible manner, the very purpose of the rule is thwarted.”  Niaspan, 67 F.4th at 132.  Ascertainability thus goes part in parcel with the objectives that rule makers had in mind when drafting Rule 23.  Being able to actually identify class members protects absent class members by ensuring a way to disseminate the “best notice practicable” under Rule 23(c)(2) and helping them understand who is, and is not, bound by a class judgment.  See id. at 132 (citing Marcus v. BMW of N. Am., LLC, 687 F.3d 583, 593 (3d Cir. 2012)).

The purpose of the class device is to “save[] the resources of both the courts and the parties by permitting an issue potentially affecting every [class member] to be litigated in an economical fashion under Rule 23.”  Califano v. Yamasaki, 442 U.S. 682, 701 (1979).  Even in circuits that may not recognize formal ascertainability as a prerequisite to certification, defendants should continue to raise these issues because the Supreme Court may eventually weigh in.

B. Fail-Safe Classes—Do They Fail Rule 23?

Can a class be defined based on the merits of the claim?  One problem with a “fail-safe” class is that it creates a “heads I win, tails you lose” proposition for defendants: by defining a class as including only those entitled to relief, such a class would “shield[] the putative class members from receiving an adverse judgment,” because “[e]ither the class members win or, by virtue of losing, they are not in the class and, therefore, not bound by the judgment.”  Randleman v. Fidelity Nat’l Title Ins. Co., 646 F.3d 347, 352 (6th Cir. 2011).

Several circuits—including the First, Third, Sixth, Seventh, and Eighth—have adopted a bright-line rule prohibiting fail-safe classes.  See Orduno v. Pietrzak, 932 F.3d 710, 716 (8th Cir. 2019); McCaster v. Darden Rests., Inc., 845 F.3d 794, 799 (7th Cir. 2017); Byrd v. Aaron’s Inc., 784 F.3d 154, 167 (3d Cir. 2015); In re Nexium Antitrust Litig., 777 F.3d 9, 22 (1st Cir. 2015); Young v. Nationwide Mut. Ins. Co., 693 F.3d 532, 538 (6th Cir. 2012).  Other circuits stop short of a per se prohibition, but have recognized that such classes are inherently suspect.  See Olean Wholesale Grocery Coop., Inc. v. Bumble Bee Foods LLC, 31 F.4th 651, 669 n.14 (9th Cir. 2022) (en banc); Cordoba v. DIRECTV, LLC, 942 F.3d 1259, 1276–77 (11th Cir. 2019); EQT Prod. Co. v. Adair, 764 F.3d 347, 360 n.9 (4th Cir. 2014).

But a minority of circuits have rejected such a prohibition.  See In re Rodriguez, 695 F.3d 360, 370 (5th Cir. 2012).  Earlier this year, the D.C. Circuit declined to impose a prohibition against fail-safe classes.  In re White, 64 F.4th 302 (D.C. Cir. 2023).  Although it recognized the majority of circuits forbid (or at the very least, strongly discourage) “fail-safe” classes, the D.C. Circuit reasoned that the existing Rule 23 framework adequately addresses these problems.  Id. at 312.  However, the court did recognize that the issue “is an important, recurring, and unsettled question of class action law.”  Id. at 310.  The Supreme Court denied a petition for writ of certiorari from this decision, but it may be only a matter of time before this issue reaches the High Court.

C. Personal Jurisdiction in Class Actions—Does the Bristol-Myers Squibb Rule Apply to Nationwide Classes?

Bristol-Myers Squibb Co. v. Superior Court, 582 U.S. 255 (2017), ruled that a California state court could not assert jurisdiction over the tort claims of non-California plaintiffs against a non-California defendant.  Since that decision, lower courts have considered whether this “mass tort” rule applies in class actions.  In recent years, the Third, Sixth, and Seventh Circuits have held that Bristol-Myers Squibb does not apply in this context, because defendants litigate only against named plaintiffs and not absent class members.  See Fischer v. Fed. Express Corp., 42 F.4th 366 (3d Cir. 2022); Lyngaas v. Curaden AG, 992 F.3d 412 (6th Cir. 2021); Mussat v. IQVIA, Inc., 953 F.3d 441 (7th Cir. 2020).  These courts reason that “the named representatives must be able to demonstrate either general or specific personal jurisdiction, but the unnamed class members are not required to do so.”  Mussatt, 953 F.3d at 447.

These holdings have drawn dissents.  In Lyngaas, Judge Thapar argued that courts “cannot just assume that jurisdiction over the class representative’s claims confers jurisdiction over the claims of the class” because, under Bristol-Myers, courts “lack[] the power to decide the absent class members’ claims if they arise from wholly out-of-state activity.”  992 F.3d at 441 (Thapar, J., concurring in part and dissenting in part).  Likewise, Judge Silberman dissented from a D.C. Circuit decision holding that this question was not ripe at the pleadings stage:  “the class action mechanism … is not a license for courts to enter judgments over claims which they have no power.”  Molock v. Whole Foods Mkt. Grp. Inc., 952 F.3d 293, 307 (D.C. Cir. 2020) (Silberman J., dissenting).

Although no court has held that Bristol-Myers expressly applies in the class action context, some courts have applied it to FLSA claims.  See, e.g., Fischer, 42 F.4th at 380; Canaday v. Anthem Cos., 9 F.4th 392 (6th Cir. 2021); Vallone v. CJS Sols. Grp., LLC, 9 F.4th 861 (8th Cir. 2021); but see Waters v. Day & Zimmermann NPS, Inc., 23 F.4th 84 (1st Cir. 2022) (holding that Bristol-Myers does not apply to collective actions).  In March, the Supreme Court declined a cert petition raising the FLSA issue.  Fischer v. Fed. Express Corp., 143 S. Ct. 1001 (2023).

II. … and Four Trends We’re Watching

The following issues involving Article III, “mass” arbitrations, arbitration waiver, and class settlements also continue to percolate in the courts.

A. Article III Injury and Standing in Class Actions

While the Supreme Court has provided guidance on the interplay between class actions and Article III standing, lower courts continue to delineate the metes and bounds of standing for statutory violations—as we have discussed in prior quarterly updates here, here, and here.  This question of statutory standing dovetails with another trend we have observed in recent years, which is the continued prevalence of privacy class actions (e.g., class actions alleging data breach, data collection/tracking, statutory privacy claims).

TransUnion LLC v. Ramirez, 594 U.S. 413 (2021), has proved to be a significant decision.  In that case, the Supreme Court held that every member of a class certified under Rule 23 must establish Article III standing to be awarded individual damages.  It further explained that “an injury in law is not an injury in fact,” and “[o]nly those plaintiffs who have been concretely harmed by a defendant’s statutory violation” have standing.  Id. at 427.  Although all class members had suffered a statutory violation (for inaccurate information on their credit reports and the company’s failure to disclose information required under the Fair Credit Reporting Act), most did not experience a “physical, monetary, or cognizable intangible harm” necessary to establish a concrete injury under Article III (because the inaccurate credit information was not disclosed to third parties).  Id.

While TransUnion requires absent class members demonstrate standing to receive monetary damages, that case involved a jury verdict awarding each class member (including those who were not concretely harmed) both statutory and punitive damages.  The Supreme Court did not address how courts should treat motions to certify where the class contains some number of uninjured absent class members, but instead stated that “[p]laintiffs must maintain their personal interest in the dispute at all stages of litigation” and a plaintiff “must demonstrate standing ‘with the manner and degree of evidence required at the successive stages of the litigation.’”  TransUnion, 592 U.S. at 431.  Courts have disagreed on whether a class may be certified when a single absent class member cannot prove Article III standing.

The majority of courts have held that classes with absent class members who lack standing may be certified, but only if the number of uninjured class members is “de minimis”—though the precise limits remain unsettled.  While these cases generally predate TransUnion, they are currently still seen as good law, though TransUnion’s impact is still uncertain.  For example, the D.C. Circuit acknowledged that the few decisions involving uninjured class members “suggest that 5% to 6% constitutes the outer limits of a de minimis number” of class members who are uninjured.  In re Rail Freight Fuel Surcharge Antitrust Litig.- MDL No. 1869, 934 F.3d 619, 625 (D.C. Cir. 2019).  Other courts have similarly held that a class may be certified when the class includes a small number of uninjured class members, but not when the number is so large to defeat predominance.[1]

The Ninth Circuit, on the other hand, rejected the D.C. and First Circuits’ categorical rule precluding certification of a class that includes more than a de minimis number of uninjured class members.  Olean Wholesale Grocery Coop., Inc. v. Bumble Bee Foods LLC, 31 F.4th 651, 669 (9th Cir. 2022) (en banc) (“[W]e reject the dissent’s argument that Rule 23 does not permit the certification of a class that potentially includes more than a de minimis number of uninjured class members.”).  The en banc court reversed a panel decision adopting the “de minimis” requirement, though it emphasized that individual questions of class members’ injury—both as an element of the underlying claim and as a requirement of Article III—can sometimes predominate over common questions, precluding certification under Rule 23(b)(3).  Id.

Similarly, courts have applied the standing requirement inconsistently in the settlement context.  In Drazen v. Pinto, the Eleventh Circuit held that every settlement class member must have standing before settlement class can be certified.  41 F.4th 1354, 1359 (11th Cir. 2022), rev’d on other grounds, 74 F.4th 1336 (11th Cir. 2023) (en banc); id. at 1362 (“when a class seeks certification for the sole purpose of a damages settlement under Rule 23(e), the class definition must be limited to those individuals who have Article III standing”).  The Second Circuit, on the other hand, certified a Rule 23(b)(2) class where absent class members lacked standing, reasoning that “[s]tanding is satisfied so long as at least one named plaintiff can demonstrate the requisite injury.”  Hyland v. Navient Corp., 48 F.4th 110, 117 (2d Cir. 2022).

B. The Continued Rise in “Mass” Arbitrations

In recent years, the Supreme Court has repeatedly recognized that arbitration clauses and class action waivers must be enforced according to their terms.  See, e.g., AT&T Mobility LLC v. Concepcion, 563 U.S. 333, 339-344 (2011); Lamps Plus, Inc. v. Varela, 139 S. Ct. 1407, 1415 (2019); Epic Systems Corp. v. Lewis, 138 S. Ct. 1612, 1630-32 (2018).  Many plaintiffs’ lawyers have responded to these decisions by filing “mass” arbitrations, often on behalf of claimants who have had no business dealings with the respondents.  The strategy is to rack up thousands or millions of dollars in filing fees (which typically are borne solely by the respondents), and to extort a windfall settlement from a company.

This issue recently came to a head in an Illinois case now on appeal, Wallrich v. Samsung Electronics America Inc., No. 22-C-5506, 2023 WL 5935024 (N.D. Ill. Sept. 12, 2023).  The plaintiffs filed petitions to compel arbitration on behalf of nearly 50,000 consumers, resulting in an assessment of $4.125 million in initial filing fees by the American Arbitration Association (AAA).  Id. at *3.  When the defendant declined to pay, plaintiffs filed an action to compel the defendant to arbitration and pay the fees.  After dismissing the portion of claimants who failed to properly allege venue, the district court ordered Samsung to pay the filing fees for the 35,000 remaining claimants.  Id. at *13.  This ruling disregarded evidence that the claimants were leveraging the court and arbitration proceedings to extract a windfall settlement, as well as the fact that compelling arbitration was improper, given that the claimants could either pursue their claims in court or proceed in arbitration by fronting the filing fees.  See Mot. to Dismiss Petition to Compel Arbitration, Wallrich v. Samsung Electronics America Inc., No. 22-C-5506 (N.D. Ill.).  The court also refused to engage with the question of whether claimants’ filing of mass arbitration was inconsistent with the arbitration agreement’s prohibition on collective actions.  Wallrich, 2023 WL 5935024 at *9.  This case is now on appeal and is one to watch in 2024.

Wallrich demonstrates that mass arbitration can sometimes impose significant costs on defendants.  The risk on both sides of the coin seems to have led to a somewhat slower rise in mass arbitrations than some expected.  One survey—the 2023 Carlton Fields Class Action Survey—found that only 3.9% of companies had experienced mass arbitrations in the prior 12 months.  See Carlton Fields, 2023 Carlton Fields Class Action Survey, at 29, https://www.carltonfields.com/getmedia/d71bff8d-56f9-4448-89e1-2d7ee3f8fe6a/2023-carlton-fields-class-action-survey.pdf.  Nevertheless, practitioners have observed a growth of mass arbitrations, particularly in the consumer and privacy areas, and it is important for defendants to carefully consider how their arbitration agreements may be implemented in the mass arbitration context.

C. Arbitration Waivers After Morgan v. Sundance

Courts continue to grapple with the question of when defendants waive their right to arbitration following the Supreme Court’s 2022 decision in Morgan v. Sundance, 142 S. Ct. 1708, 1714 (2022), which eliminated the longstanding requirement that a party opposing arbitration on the grounds of waiver needed to demonstrate prejudice.  Since that decision, while the waiver analysis remains highly fact specific, we have seen that courts are more willing to find waiver.  For example, in Hill v. Xerox Business Servs., 59 F.4th 457 (9th Cir. 2023), the Ninth Circuit in a 2-1 decision found that the defendant waived its right to arbitration against absent class members by not moving to compel at outset of the case—even though those absent class members were not yet parties to the proceeding, as no class had been certified.  Other circuits have also been more inclined to find waiver.  See, e.g., White v. Samsung, 61 F.4th 334 (3d Cir. 2023).

Other circuits are less so willing to find waiver, particularly as to absent class members.  For example, the Eighth Circuit concluded that defendant did not waive its right to compel arbitration against absent class members because there were no arbitration agreements with the named plaintiffs, and the defendant moved to compel arbitration promptly after the class was certified.  See H&T Fair Hills, Ltd. v. Alliance Pipeline L.P., 76 F.4th 1093 (8th Cir. 2023).  The issue of waiver, particularly as to absent class members, thus remains an issue we are actively monitoring going into the next year.

D. Continued Judicial Scrutiny of Class Settlements

Many class actions are ultimately resolved through settlement.  Perhaps sparked by vocal objectors—and fueled by high-profile class settlements that are larger than ever—we have continued to see courts taking on active roles in scrutinizing class settlements.  See, e.g., Kim v. Allison, 87 F.4th 994 (9th Cir. 2023) (scrutinizing adequacy of named plaintiff).  Some of the more frequently litigated issues concern the scope of releases in class settlement agreements; potential conflicts of interest between the lead plaintiffs, counsel, and absent settlement class members; and plans of distribution.  See, e.g., In re Blue Cross Blue Shield Antitrust Litig., 85 F.4th 1070 (11th Cir. 2023) (analyzing class releases, adequacy of representation, and fairness of distribution plan).  Awards of attorney fees in connection with class settlements also continue to draw objections, with courts keeping a close eye on whether such awards are justified and reasonable.  See, e.g., In re Broiler Chicken Antitrust Litig., 80 F.4th 797 (7th Cir. 2023) (vacating fee award and remanding for “greater explanation” to justify award); Lowery v. Rhapsody Int’l, Inc., 75 F.4th 985 (9th Cir. 2023) (holding fees should be based on actual, not theoretical, recovery by class).  Because parties should expect potential objectors to scour settlements for potential weaknesses, settling parties review settlement terms carefully to ensure they withstand the watchful eye of objectors and judges alike.  Defects in class settlements can result in increased administrative expenses, undermine the certainty and finality that class settlements afford to all parties, and delay the distribution of settlement benefits to the class.

Another issue receiving attention is the practice of awarding incentive awards to named plaintiffs in class settlements.  These awards arose several decades ago, and have been increasingly common in class settlements.  The theory is that the named plaintiff and class representative should be compensated above and beyond the class recovery, to “incentivize” people to serve as class representatives and to recognize the time and effort spent in discovery and for lending their names to the lawsuit.  These awards had been largely non-controversial until a few years ago, when the Eleventh Circuit held that such incentive awards are impermissible under a century-old Supreme Court case prohibiting payment of salaries or expenses for a plaintiff that initiated litigation to preserve securities owed to himself and other creditors.  See Johnson v. NPAS Solutions, LLC, 975 F.3d 1244 (11th Cir. 2020) (citing Trustees v. Greenough, 105 U.S. 527 (1882), and Cent. R.R. & Banking Co. v. Pettus, 113 U.S. 116 (1885)).  So far, it does not appear there’s much appetite for other circuits to follow the Eleventh Circuit’s approach, and incentive awards remain permissible in all other circuits.  The Supreme Court also denied a petition for review of the Eleventh Circuit’s Johnson decision, suggesting that the Eleventh Circuit will remain the outlier for the foreseeable future.

One final issue that bears watching is the rise of fraud in class settlement administration.  In recent years, there have been reports of fraudulent claims activity in connection with some class settlements, including the use of automated “bots” to submit fraudulent claims en masse from suspicious IP addresses or email domains.  These efforts have picked up considerably over the last year.  This type of sophisticated fraud jeopardizes settlement approval, harms legitimate class members, and undermines trust in the process.  While these criminals are using increasingly sophisticated technology to perpetrate fraud, settlement administrators are developing new tools to detect and weed out fraud during settlement administration.  Parties should ensure that administrators are capable to handle these sophisticated fraud efforts.

__________

[1]  See, e.g., In re Asacol Antitrust Litig., 907 F.3d 42, 47, 51-58 (1st Cir. 2018) (denying class certification when thousands of class members suffered no injury); see also Krakauer v. Dish Network, L.L.C., 925 F.3d 643, 657–59 (4th Cir. 2019) (rejecting argument that uninjured class members should preclude certification because “there is simply not a large number of uninjured persons”); Messner v. Northshore Univ. HealthSystem, 669 F.3d 802, 825 (7th Cir. 2012) (recognizing “‘a class should not be certified if it is apparent that it contains a great many persons who have suffered no injury at the hands of the defendant,’” but acknowledging “[t]here is no precise measure for ‘a great many’”); Cordoba v. DIRECTV, LLC, 942 F.3d 1259, 1277 (11th Cir. 2019) (stating that when a large portion of the class does not have standing, individualized issues may predominate).

---

The following Gibson Dunn lawyers contributed to this update: Christopher Chorba, Kahn Scolnick, Michael Holecek, Wesley Sze, Emily Riff, and Lena Cohen.

Gibson Dunn attorneys are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Class Actions, Litigation, or Appellate and Constitutional Law practice groups, or any of the following lawyers:

Theodore J. Boutrous, Jr. – Los Angeles (+1 213.229.7000, tboutrous@gibsondunn.com)
Christopher Chorba – Co-Chair, Class Actions Practice Group – Los Angeles (+1 213.229.7396, cchorba@gibsondunn.com)
Theane Evangelis – Co-Chair, Litigation Practice Group, Los Angeles (+1 213.229.7726, tevangelis@gibsondunn.com)
Lauren R. Goldman – New York (+1 212.351.2375, lgoldman@gibsondunn.com)
Kahn A. Scolnick – Co-Chair, Class Actions Practice Group – Los Angeles (+1 213.229.7656, kscolnick@gibsondunn.com)
Bradley J. Hamburger – Los Angeles (+1 213.229.7658, bhamburger@gibsondunn.com)
Michael Holecek – Los Angeles (+1 213.229.7018, mholecek@gibsondunn.com)
Lauren M. Blas – Los Angeles (+1 213.229.7503, lblas@gibsondunn.com)

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Any taxpayer seeking to transfer or receive a direct payment in respect of credits must complete a registration process and obtain a registration number for each eligible credit property before claiming the credit or refund.

On December 22, 2023, the IRS and Treasury unveiled their new pre-filing registration portal (available here) for transferrable and refundable tax credits under the Inflation Reduction Act of 2022 (the “IRA”)[1] and the CHIPS and Science Act of 2022 (the “CHIPS Act”). As discussed in greater detail in our earlier alerts about the transferability of IRA tax credits (available here) and the direct payment rules related to these credits (available here), any taxpayer seeking to transfer or receive a direct payment in respect of credits must complete a registration process and obtain a registration number for each eligible credit property before claiming the credit or refund. Without a registration number, no tax credit transfer or direct payment is permitted, so understanding the process for obtaining a registration number will be critical to taxpayers seeing to take advantage of IRA and CHIPS Act incentives.

In connection with rolling out the new pre-filing registration portal, the IRS provided detailed (64 pages, plus appendices) instructions (available here). These instructions explain how to access and use the pre-filing registration portal,[2] describe the information that must be submitted (including both general information applicable to all taxpayers using the portal and credit-specific information),[3] explain the process that taxpayers with multiple qualifying projects or facilities should use (including specifying procedures for bulk registrations),[4] describe the process that the IRS will utilize if it requires additional information from a taxpayer,[5] clarify which person is required to submit a registration (including addressing consolidated groups and disregarded entities),[6] and clarify the process that should be followed if facts change after a registration number is obtained.[7]

Although a comprehensive discussion of the portal and its explanatory instructions is beyond the scope of this alert, we have included ten, important observations below:

1. Lengthy Waiting Period Required – The instructions recommend that taxpayers make sure to budget 120 days for receipt of a registration number after submission, assuming no comments. This recommendation suggests that the IRS review period for submissions may be lengthy.

2. Get in Line Quickly – The instructions note that applications for registration numbers will be processed in the order in which the applications are received. Taxpayers seeking to transfer credits will want to move as quickly as possible to get in line.

3. Don’t Lose Your Spot in Line – If the IRS makes a follow-up request to an applicant before providing a registration number, but the applicant fails to respond that request in a timely fashion, the applicant will be pushed to the back of the line. For this reason, applicants should put in place processes to make sure they are carefully monitoring the IRS portal after submitting a request for a registration number.

4. One Registration Package Per Year – The portal allows only one registration package per taxable year per applicant. So, for example, even if an applicant has multiple facilities for which registration numbers are needed, that applicant can submit only one registration package. Once a package is submitted, no adjustments are allowed until the IRS has responded to the package.  (An amended submission can be made, but only after the IRS has provided its response.)

5. Advisors May Not be Welcome – The portal requires the person applying for a registration for an entity transferor to certify that the person is “a corporate officer, partner, guardian, executor, receiver, administrator, trustee, or individual other than the taxpayer” and that they “have the legal authority to execute [the] authorization on behalf of the taxpayer.” The instructions go on to state that information submitted will be compared to information in IRS records and that errors in creating a portal account for a business result in a 24 hour lockout. Based on these statements, it is not clear whether an advisor can complete the registration on behalf of a taxpayer. It would be useful for the IRS to clarify whether representatives may assist in obtaining registration numbers.

6. Know Which EIN to Use – The instructions for the portal include detailed directions regarding employer identification numbers (“EINs”), including rules related to the EIN to use in the case of a disregarded entity (for disregarded entities owned by trusts/individuals, the disregarded entity’s name and EIN is used, and for disregarded entities owned by other taxpayers, the EIN and name of the regarded owner is to be used), and rules that apply to consolidated groups (the EIN for the consolidated parent must be utilized).

7. Collect Necessary Information and Documents in Advance – Applicants are required to submit detailed information, both about themselves and about the projects for which registration numbers are being sought. In addition, for many of the credits, various documents (or summaries of documents) are required. While this information (e.g., longitude and latitude coordinates that pinpoint a project location precisely (within inches)) and these documents will undoubtedly help guard against fraud, it is reasonable to anticipate that the burden on taxpayers will not be insignificant, and it will be important for applicants to collect all needed materials in order to make sure the submission process goes smoothly.

8. Bulk Submissions – The online application portal allows applicants to submit requests for registration numbers related to multiple facilities in bulk (using a spreadsheet that can be downloaded from the portal). This will be particularly useful for applicants that have many projects with many facilities (e.g., a wind farm), given that a separate registration number is required for each facility. As mentioned, however, each taxpayer is not allowed to have more than one application process outstanding at a particular time.

9. In-Service Dates Are Key. No pre-filing registration is allowed for a facility before the date on which the facility is placed in service. For tax credit transferees that demand that a registration number be obtained before the payment for tax credits, this feature may affect transactions or financings related to credits.

10. Watch Out for Traps – The pre-filing registration process prioritizes fraud prevention over flexibility. Thus, it is important to remember that a registration number is specific to a type of election (i.e., transfer vs. direct pay), type of credit, facility/property, tax period for the election, and the owner of the facility/property. If any of these changes, a new registration number will be required. For corporations, if a corporation has obtained a registration number and subsequently joins or leaves a consolidated group, a new registration number will be needed.

__________

[1] As was the case with the so-called Tax Cuts and Jobs Act, the Senate’s reconciliation rules prevented Senators from changing the Act’s name, and the formal name of the so-called Inflation Reduction Act is actually “An Act to provide for reconciliation pursuant to title II of S. Con. Res. 14.”

[2] The IRS and Treasury have partnered with ID.me, a third-party technology provider, to provide identity verification and sign-in services. The portal requires each taxpayer to create an account, and, if the person submitting the filing is not the taxpayer (e.g., in the case of transferors that are entities), mandates an authorization process, which requires submission of information about both the taxpayer and the person acting on behalf of the taxpayer

[3] All taxpayers must submit their name, address, entity type, bank account information (required for verification), tax period to which the election relates, types of tax returns filed by the taxpayer, and (if applicable) information about consolidated subsidiaries. In addition, information about the type of election being made (i.e., direct pay vs. transfer), key dates (including beginning of construction and placement in service) and facility/property location is required for many credits. Moreover, many credits require the submission of unique, credit-specific information or attestations. For example, for a taxpayer seeking to register production tax credits, an attestation is required that no investment tax credit under section 48 will be claimed for the facility/property.

[4] The portal requires that each taxpayer have no more than a single submission outstanding at a given time. The portal allows taxpayers who require numerous registration numbers to make a bulk submission using a specific format.

[5] Once a submission has been made, the IRS will utilize the portal to communicate with the taxpayer, although it is possible for taxpayers to opt into email alerts.

[6] The relevant rules are very specific, and not always intuitive, particularly the rules that apply to disregarded entities and consolidated groups. These rules are discussed in greater detail below.

[7] At a high level, and as discussed in greater detail later on in this alert, a new submission is generally required.

---

The following Gibson Dunn attorneys prepared this update: Mike Cannon and Matt Donnelly.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Tax or Power and Renewables practice groups, or the authors:

Tax:
Michael Q. Cannon – Dallas (+1 214.698.3232, mcannon@gibsondunn.com)
Matt Donnelly – Washington, D.C. (+1 202.887.3567, mjdonnelly@gibsondunn.com)

Power and Renewables:
Peter J. Hanlon – New York (+1 212.351.2425, phanlon@gibsondunn.com)
Nicholas H. Politan, Jr. – New York (+1 212.351.2616, npolitan@gibsondunn.com)

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

The case is an example in which the UK Competition and Markets Authority focused on innovation theories of harm in its assessment. It also is notable in that the proposed remedies would effectively amount to a prohibition of the proposed merger.

On 18 December 2023, Adobe and Figma (together, the “Parties”) mutually agreed to terminate their $20 billion merger deal (the “Proposed Merger”), after they concluded that there was “no clear path” to get clearance from EU and UK antitrust regulators. This case is an example in which the UK Competition and Markets Authority (“CMA”) focused on innovation theories of harm in its assessment, and is further notable in that the CMA’s proposed remedies would effectively amount to a prohibition of the Proposed Merger.

Background

On 13 July 2023, the CMA announced that it had decided to refer the Proposed Merger for an in-depth Phase 2 investigation under the Enterprise Act 2002. In its Phase 1 investigation, the CMA found that the Parties compete in the supply of: (i) screen design software (where Figma has established a substantial share of the market and Adobe has been continually making investments), and (ii) creative design software (where Adobe is the industry standard and Figma is an emerging competitive threat).

The CMA provisionally concluded that the merger may be expected to result in a substantial lessening of competition (“SLC”) in the global markets for: (i) all-in-one product design software for professional users, and (ii) certain creative design software (vector and raster editing software).

Theories of harm considered by the CMA focused on innovation and potential competition

1. SLC in all-in-one product design software

In its assessment of the potential SLC in all-in-one product design software, the CMA noted that Figma accounts for over 80% of the relevant market by revenue, and that Adobe’s competing product, Adobe XD, has a market share of 5-10%. Also, Adobe had significantly reduced investment in Adobe XD prior to the Proposed Merger, and had also cancelled the development of a new product design software (Project Spice) which would compete more strongly with Figma in product design. The CMA provisionally found that, absent the Proposed Merger, Adobe would have continued to be a close competitor of Figma through its innovation efforts in an all-in-one product design software.

2. SLC in vector and raster editing software

The competitive harm identified by the CMA in the market for vector and raster editing software was expansive in that the Parties do not currently compete in this market; rather, Figma is a potential competitor of Adobe. The CMA’s provisional conclusion was rooted in the premises that Figma has the ability and incentive to develop vector and raster editing functionality, and Adobe perceived Figma to pose a competitive threat, and undertook actions to mitigate this threat, for example through product development.

Notably, the CMA considered that the markets for vector and raster editing software on the one hand and product design software on the other are adjacent. Particularly, Adobe and Figma’s platforms are characterised by network effects, which cause the value of their respective platforms to increase with the number of users, and, importantly, operate across markets. This means, for example, that the value of Figma’s vector and raster editing offerings is greater the more Figma is used for product design, and vice versa. This consideration of network effects is indicative of the new focus by competition regulators on mergers that involve several linked markets (or “ecosystems”), a theory of harm that was central in the European Commission’s prohibition of the Bookings / eTraveli merger.

Remedies proposed by the CMA

In response to its provisional findings, the CMA only presented two possible structural remedies, in keeping with its preferred stance, in its notice to the Parties:

1. Prohibition of the merger (being regarded by the CMA as a “feasible remedy” that provides a “comprehensive solution”); and
2. Divestiture of overlapping operations to eliminate the SLC in each of the markets in which the CMA provisionally identified an SLC.

Despite presenting these two options, the CMA acknowledged that, as substantially all of Figma’s business is carried out in the all-in-one product software market, which includes its leading product, Figma Design, this would effectively mean that any ‘partial’ divestiture involving Figma operations would in reality be substantially similar to prohibition of the Proposed Merger.[1]

Likewise, as the CMA remained of the belief that, absent the Proposed Merger, Adobe would have continued to compete with Figma in all-in-one product design and has a strong position in an adjacent market, any partial divestiture involving Adobe assets may not be sufficient to restore the conditions of competition that would have prevailed absent the Proposed Merger.[2]

The CMA also considered, given the nature of the relevant products in the digital design sector, there may be an unacceptably high level of composition risk relating to identification, allocation and transfer of assets arising from the carve-out of any divestiture package; for example, Adobe’s businesses are closely integrated with its operations in creative design.[3]

Increased reliance by CMA on parties’ internal documents

The CMA’s provisional findings in Adobe / Figma also demonstrate its continued reliance on the internal documents of parties when considering evidence for a proposed merger, despite the Parties’ submission in this case that such evidence had been “mischaracterised and misunderstood” by the CMA. Importantly, the CMA considered that some documents evidenced concerns by Adobe’s management over the competitive threat from Figma weeks before the Proposed Merger was announced. The CMA’s approach in this case is reflective of a wider trend of the CMA increasingly relying on internal documents in merger investigations.

Parallel European Commission investigation also focused on innovation and potential competition

In parallel to the CMA’s probe, the European Commission (“EC”) opened a Phase 2 investigation into the Proposed Merger on 7 August 2022, citing similar competition concerns to the CMA in the markets for the supply of product design and digital asset creation tools. In its statement of objections, the EC set out the provisional view that the Proposed Merger may significantly reduce competition in both of these markets, with reasoning that was substantially similar to the CMA’s. Following the abandonment of the Proposed Merger, Executive Vice-President Vestager commented that the Proposed Merger “would have terminated all current and prevented all future competition between [the Parties]”, emblematic of the EC’s continued focus on innovation and the safeguarding of potential future competition.

Conclusion

The approach of the CMA and EC in the Adobe / Figma case indicates an intention on the part of the agencies to continue to be seen as strong enforcers, particularly in the tech space and anywhere innovation or future competition could be seen to be put at risk through merger activity. It serves as a warning that it is important for legal teams to acknowledge the scale of risks that a deal may pose and to address those risks upfront and early.

Key steps for companies contemplating deals that may raise these kinds of risks include building in sufficient time at the outset for thorough internal document review to pick up potential sources of concern, stress-testing of efficiencies and pro-competitive arguments, and early consideration of possible remedy packages. Early substantive engagement with the agencies’ possible theories of harm and potential remedies will also be key. In this respect, the proposed amendments to the CMA’s Phase 2 processes are intended to encourage exactly this kind of engagement.

__________

[1] CMA Notice of possible remedies (28 November 2023), paragraph 27.

[2] CMA Notice of possible remedies (28 November 2023), paragraphs 28 – 29.

[3] CMA Notice of possible remedies (28 November 2023), paragraph 31.

---

The following Gibson Dunn attorneys prepared this update: Deirdre Taylor, Attila Borsos, Molly Heslop, and Konstantinos Flogaitis.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Antitrust and Competition, Mergers and Acquisitions, or Private Equity practice groups, or the following authors and practice leaders:

Antitrust and Competition:
Attila Borsos – Brussels (+32 2 554 72 11, aborsos@gibsondunn.com)
Rachel S. Brass – San Francisco (+1 415.393.8293, rbrass@gibsondunn.com)
Ali Nikpay – London (+44 20 7071 4273, anikpay@gibsondunn.com)
Cynthia Richman – Washington, D.C. (+1 202.955.8234, crichman@gibsondunn.com)
Christian Riis-Madsen – Brussels (+32 2 554 72 05, criis@gibsondunn.com)
Deirdre Taylor – London (+44 20 7071 4274, dtaylor2@gibsondunn.com)
Stephen Weissman – Washington, D.C. (+1 202.955.8678, sweissman@gibsondunn.com)

Mergers and Acquisitions:
Robert B. Little – Dallas (+1 214.698.3260, rlittle@gibsondunn.com)
Saee Muzumdar – New York (+1 212.351.3966, smuzumdar@gibsondunn.com)

Private Equity:
Richard J. Birns – New York (+1 212.351.4032, rbirns@gibsondunn.com)
Wim De Vlieger – London (+44 20 7071 4279, wdevlieger@gibsondunn.com)
Federico Fruhbeck – London (+44 20 7071 4230, ffruhbeck@gibsondunn.com)
Scott Jalowayski – Hong Kong (+852 2214 3727, sjalowayski@gibsondunn.com)
Ari Lanin – Los Angeles (+1 310.552.8581, alanin@gibsondunn.com)
Michael Piazza – Houston (+1 346.718.6670, mpiazza@gibsondunn.com)
John M. Pollack – New York (+1 212.351.3903, jpollack@gibsondunn.com)

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

The VCC Proposal enumerates certain factors that a CFTC-regulated exchange, such as a designated contract market or a swap execution facility, should consider.

On December 4, 2023, the Commodity Futures Trading Commission (the “CFTC” or the “Commission”) approved proposed guidance and a request for public comment regarding the listing for trading of voluntary carbon credit (“VCC”) derivative contracts (the “VCC Proposal”).[1] The VCC Proposal enumerates certain factors that a CFTC-regulated exchange, such as a designated contract market (“DCM”) or a swap execution facility (“SEF”)[2] should consider in connection with the relevant Commodity Exchange Act (“CEA”) requirements and CFTC regulations applicable to the design and listing of contracts. Comments on the VCC Proposal are due on or before February 16, 2024.

This alert provides a high-level summary of the VCC Proposal and related considerations for participants in the voluntary carbon markets.

Overview

The VCC Proposal represents the most recent development in the CFTC’s interest in the voluntary carbon markets and explains how the statutory “Core Principles”[3] apply to VCC[4] derivatives. In particular:

• Recognizing that VCC derivatives are a relatively new set of products that continue to receive an increasing amount of attention, the CFTC issued the VCC Proposal as guidance for DCMs and SEFs to consider in the context of product design and listing.
• The CFTC builds on private sector initiatives that are designed to foster the standardization of VCC derivatives and promote transparent and liquid markets. The CFTC specifically requested comment on whether it should require DCMs to incorporate any VCC standards set by the private sector into the terms and conditions of a VCC derivative contract.[5]
• The CFTC referenced its regulatory authority over environmental commodity derivatives, as established in a joint product definition rulemaking with the Securities Exchange Commission following the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act.[6]
• Critically, the CFTC does not have regulatory authority over the spot trading of VCCs. However, the CFTC does have enforcement authority over fraud and manipulation in the spot VCC market.[7] The VCC Proposal is an effort by the CFTC to promote integrity in the voluntary carbon markets by requiring more diligence on VCC derivatives, which can indirectly influence behavior in the spot market.[8]
• DCM Core Principle 3 (a requirement that a DCM only list for trading contracts that are not readily susceptible to manipulation) and DCM Core Principle 4 (a requirement that a DCM prevent manipulation, price distortion, and disruptions of the physical delivery or cash-settlement process through market surveillance, compliance, and enforcement practices and procedures) form the foundation of the VCC Proposal.
• The VCC Proposal addresses the product submission requirements under Part 40 of the CFTC’s regulations and CEA section 5c(c), as such requirements relate to VCC derivatives.
• The VCC Proposal is limited in scope. As Commissioner Johnson stated, the CFTC “provides much-needed direction to DCMs (and SEFs) to facilitate their compliance with core principles when they list futures contracts (and swaps contracts) on VCCs. However, the Commission is only addressing one small aspect of the market for derivatives on these underlying assets. There is also a segment of the swaps market that is not traded on a SEF for which VCCs are underliers and an even more significant volume of environmental forwards that are not considered to be swaps. The VCC Proposal suggests the potential for a broader and more comprehensive regulatory framework… there may be several interventions that may bring similar needed reforms to over-the-counter traded environmental commodities—material risk disclosures, good faith and fair dealing, and clearing.”[9]

The CFTC and Voluntary Carbon Markets

The VCC Proposal states that there are now more than 150 derivative contracts on mandatory emissions program instruments listed on DCMs.[10] Eighteen futures contracts on voluntary carbon market products have been submitted to the CFTC by DCMs as of November 2023. Three of those eighteen contracts currently have open interest.[11]

Chairman Benham has increased the CFTC’s attention on carbon markets and environmental aspects of the derivatives and commodities markets in recent years.[12] For example:

• In June 2022, Chairman Behnam held the first-ever Voluntary Carbon Markets Convening to address product standardization, integrity, and other matters related to the supply of and demand for high quality carbon credits.
• Also in June 2022, the CFTC issued for public comment a request for information regarding the CFTC’s ability to regulate climate-related financial risk relevant to the derivatives markets and underlying commodities markets.
• In July 2023, Chairman Behnam held the Second Voluntary Carbon Markets Convening to discuss private sector efforts on developing high quality carbon credits, market trends and developments, public sector initiatives, and to hear market participants’ concerns.

CFTC Guidance for DCMs Regarding the Listing of VCC Derivative Contracts

The VCC Proposal is not meant to modify or supersede the existing regulatory framework regarding the listing of derivative products by CFTC-regulated exchanges. The VCC Proposal focuses mainly on physically-settled VCC derivative contracts because, to date, all listed VCC derivative contracts are physically-settled. However, the CFTC noted that it “continues to believe that, with respect to cash-settled derivative contracts, an acceptable specification of the cash settlement price would include rules that fully describe the essential economic characteristics of the underlying commodity.”[13]

1. A DCM Shall Only List Derivative Contracts That Are Not Readily Susceptible to Manipulation.

The requirement that a DCM only list derivative contracts that are not readily susceptible to manipulation follows DCM Core Principle 3.[14] While the Commission acknowledges that “standardization and accountability mechanisms for VCCs are currently still being developed,” it has identified certain criteria, present in both mandatory and voluntary carbon markets, as critical to assessing the integrity of carbon credits. The VCC Proposal explains that the Commission “preliminarily believes” that a DCM should take into consideration quality standards, delivery points and facilities, and inspection provisions (which the CFTC refers to as “VCC commodity characteristics”) when designing a VCC derivative contract.

(A) Quality Standards

A DCM should consider transparency, additionality, permanence and risk of reversal, and robust quantification when addressing quality standards in the development of the terms and conditions of a VCC derivative contract.[15]

• Transparency. The contract terms and conditions should include information that readily specifies the crediting program(s)[16] – and, as applicable, the specific types of projects or activities – from which VCCs that are eligible for delivery under the contract may be issued. Whether the crediting program(s) make such information publicly available is an important consideration.
• Additionality. It is critical that the greenhouse gas emission reductions or removals of the underlying VCC would not have occurred but for the monetary incentive created by the sale of carbon credits. Information on the crediting program(s) assessment and testing of additionality may constitute an economically significant attribute of the underlying VCCs, which should be described or defined in the terms and conditions of a VCC derivative contract.
• Permanence and Risk of Reversal.
  • The crediting program(s) should be able to demonstrate that it has measures in place to adequately address the risk that VCCs issued for a project or activity may have to be recalled or cancelled due to carbon removed by the project or activity being released back into the atmosphere, or due to a reevaluation of the amount of carbon reduced or removed from the atmosphere by the project or activity.
  • A DCM should consider whether the crediting program for a VCC has measures in place, such as “buffer reserves” or other mechanisms, that provide reasonable assurance that, in the event of a reversal, the VCC will be replaced by a VCC of comparably high quality that meets the contemplated specifications of the contract. (The risk of reversal may impact the risk management needs of VCC derivative market participants.)
• Robust Quantification.
  • A DCM should consider the methodology or protocol used by a crediting program to calculate the level of greenhouse gas emission reductions or removals associated with credited projects or activities.
  • Given the current absence of a standardized methodology or protocol to quantify greenhouse gas emission reduction or removal levels (both across crediting programs and within a particular crediting program) with respect to different types of projects or activities, the Commission believes that a DCM that lists a VCC derivative contract should consider whether the crediting program for the underlying VCCs can demonstrate that the quantification methodology or protocol that it uses to calculate greenhouse gas emission reductions or removals for the underlying VCCs is robust, conservative, and transparent.
  • A quantitative estimate of the deliverable supplies can be used as the basis for effectively setting the DCM’s exchange-set speculative position limits.

(B) Delivery Points and Facilities

Delivery procedures for a physically-settled derivative contract should, among other things, seek to minimize or eliminate any impediments to making or taking delivery by both deliverers and takers of delivery, to help ensure convergence of cash and derivative contract prices at the expiration of the derivative contract.[17]

With respect to a physically-settled VCC derivative contract, the CFTC “preliminarily believes” that a DCM should consider the governance framework and tracking mechanisms of the crediting program for the underlying VCCs, as well as the crediting program’s measures to prevent double-counting. In particular:

• Governance. The CFTC stated that it may be appropriate for a DCM to include information about the crediting program’s governance framework in the terms and conditions of a physically-settled VCC derivative contract. Accordingly, in reviewing a crediting program’s governance mechanisms, a DCM should assess, at a minimum:
  • Who is responsible for administration of the program and how the independence of key functions is ensured;
  • Reporting and disclosure procedures;
  • Public and stakeholder engagement processes;
  • Risk management policies (including financial resources/reserves, cyber-security, and anti-money laundering policies); and
  • Whether information regarding such procedures and policies is made publicly available.
• Tracking.
  • A DCM should ensure that the crediting program for the underlying VCCs can demonstrate that it has processes and procedures in place to help ensure clarity and certainty with respect to the issuance, transfer, and retirement of VCCs.
  • A DCM should consider whether the crediting program operates or makes use of a registry that has measures in place to effectively track the issuance, transfer, and retirement of VCCs; to identify who owns or retires a VCC; and to make sure that each VCC is uniquely and securely identified. The CFTC suggested additional considerations would apply in the event that the registry also serves as the delivery point.
• No Double Counting. The CFTC preliminarily believes that a DCM should consider whether the crediting program for the underlying VCCs can demonstrate that it has effective measures in place that provide reasonable assurance that credited emission reductions or removals are not double counted (i.e., VCCs cannot be issued to more than one registry and cannot be used after retirement or cancelation).
  • Effective measures to ensure that emission reductions or removals are not double counted may include, among other things, procedures for conducting cross-checks across multiple carbon credit registries.

(C) Inspection Provisions – Third Party Validation and Verification

Any inspection or certification procedures for verifying compliance with quality requirements or any other related delivery requirements for physically-settled VCC derivative contracts should be specified in the contract’s terms and conditions and should be consistent with the latest procedures in the voluntary carbon markets.

• A DCM should consider, among other things, how the crediting program for the underlying VCCs requires validation and verification that credited mitigation projects or activities meet the crediting program’s rules and standards.
• Additionally, in designing a VCC derivative contract, a DCM should consider whether the crediting program has up-to-date, robust and transparent validation and verification procedures, including whether those procedures contemplate validation and verification by a reputable, disinterested party or body, and – more broadly – whether they reflect best practices.

2. A DCM Shall Monitor a Derivative Contract’s Terms and Conditions as They Relate to the Underlying Commodity Market.

DCM Core Principle 4 requires a DCM to prevent manipulation, price distortion, and disruptions of the physical delivery or cash-settlement process through market surveillance, compliance, and enforcement practices and procedures. With respect to a DCM’s monitoring of the terms and conditions of a physically-settled VCC, the CFTC preliminarily believes that such monitoring would include, at a minimum:

• Ensuring that the underlying VCC reflects the latest certification standard applicable for that VCC by, among other things, amending the contract’s terms to correspond to any such update and monitoring the available deliverable supply in connection with the developments regarding new standards or certifications and
• Maintaining rules that require their market participants to (i) keep records of their trading, including records of their activity in the underlying commodity and related derivatives market, and, importantly, (ii) make such records available to the DCM upon request.

3. A DCM Must Satisfy the Product Submission Requirements Under Part 40 of the CFTC’s Regulations and CEA section 5c(c).

The VCC Proposal highlights three submission requirements in connection with the listing of VCC derivative contracts.

1. The contract submission must include an explanation and analysis of the contract and its compliance with applicable provisions of the CEA, including the DCM Core Principles and CFTC regulations.
2. The explanation and analysis of the contract must “either be accompanied by the documentation relied upon to establish the basis for compliance with applicable law, or incorporate information contained in such documentation, with appropriate citations to data sources.”[18]
3. A DCM must provide any “additional evidence, information or data that demonstrates that the contract meets, initially or on a continuing basis, the requirements” of the CEA or the CFTC’s regulations or policies thereunder.[19]

The information provided to the CFTC in connection with the above may include qualitative explanations and analysis and is expected to be “complete and thorough.”

Conclusion

While the VCC Proposal’s scope is limited to exchange-traded VCC derivatives, it suggests implications for the over-the-counter VCC derivatives markets, as well as the VCC spot markets, including by providing DCMs and the CFTC greater insight into trading activity in the VCC spot markets. Accordingly, the comment process and the Commission’s guidance should play an important role in shaping the future of the voluntary carbon markets.

__________

[1]  The VCC Proposal and statements by the Chairman and Commissioners are available at: https://www.cftc.gov/PressRoom/PressReleases/8829-23.

[2]  As discussed in the body of the alert, the CFTC focuses on physically-settled VCC derivative contracts but “preliminarily believes that the [VCC Proposal] also should be considered by any SEF that may seek to permit trading in swap contracts that settle to the price of a VCC, or in physically-settled VCC swap contracts.” VCC Proposal at 20.

[3]  See, generally, CEA Section 5(d), 7 U.S.C. 7(d).

[4]  In footnote 31 of the VCC Proposal, the CFTC clarifies its use of the term “voluntary carbon credits” rather than “verified carbon credits.” The VCC Proposal concerns itself with “the quality and other attributes of the intangible commodity underlying a derivative,” while recognizing that the cash and secondary markets for voluntary carbon credits may avail themselves of the standard terms and templates published by the International Swaps and Derivatives Association (ISDA) for the trading and retirement of “verified carbon credits,”. See 2022 ISDA Verified Carbon Credit Transactions Definitions (“VCC Definitions”) Frequently Asked Questions, available at https://www.isda.org/a/jBXgE/2022-ISDA-Verified-Carbon-Credit-Transactions-Definitions-FAQs-061323.pdf.

[5]  VCC Proposal at 38.

[6]  Further Definition of “Swap,” “Security-Based Swap,” and “Security-Based Swap Agreement”; Mixed Swaps; Security-Based Swap Agreement Recordkeeping; Final Rule, 77 Fed Reg 48208, 48233-48235 (August 13, 2012). (“An agreement, contract or transaction in an environmental commodity may qualify for the forward exclusion from the “swap” definition set forth in section 1a(47) of the CEA, 7 U.S.C. 1a(47), if the agreement, contract or transaction is intended to be physically settled.”)

However, the VCC Proposal “does not address the regulatory treatment of any underlying VCC or associated offset project or activity, including whether any such product, project or activity may qualify as a swap or be eligible for the forward contract exclusion….” See VCC Proposal at footnote 68.

[7]  See 7 U.S.C. § 9; 17 CFR § 180.1.

[8]  This approach – providing guidance to DCMs for the listing of new or novel products – is similar to the CFTC’s approach to regulating Bitcoin futures and other digital assets. See e.g., “CFTC Backgrounder on Self-Certified Contracts for Bitcoin Products” (2017), available here.

[9]  We note that swap dealers are subject to CFTC Regulation 23.600(c)(3)’s “New Product Policy” requirement and the external business conduct standards applicable to swap dealers (17 CFR Part 23 Subpart H).

[10]  The CFTC explains that derivative contracts on mandatory emissions products have been trading since 2005, with greenhouse gas emissions-related products first listed in 2007.  See VCC Proposal at 14.

[11]  See VCC Proposal at footnote 51. (“The NYMEX CBL Global Emissions Offset (GEO) futures contract; the NYMEX CBL Nature-Based Global Emissions Offset (N-GEO) futures contract; and the NYMEX CBL Core Global Emission Offset (C-GEO) futures contract are currently the only listed futures contacts with open interest and trading volume. Information is available at: https://www.cmegroup.com/markets/energy/emissions/cbl-global-emissions-offset.volume.html.”)

[12]  In his statement accompanying the VCC Proposal, Commissioner Benham stated that “The publication of this [VCC Proposal] and request for public comment marks the culmination of years of work with stakeholders such as farmers, foresters, end users, energy traders and associations, emission-trading focused entities, carbon-credit rating agencies, crediting programs, CFTC-registered exchanges and clearinghouses, and derivatives trade associations.”

[13]  VCC Proposal at 19.

[14]  CEA section 5(d)(3), 7 U.S.C. 7(d)(3). See also 17 CFR §§ 38.200-201.

[15]  The VCC Proposal should be considered in light of recent issues involving the verification of carbon credits. For more detail on one issue, involving Verra, please refer to Gibson Dunn’s Carbon Markets Update – Q2 2023 at page 1, available here: https://www.gibsondunn.com/wp-content/uploads/2023/07/carbon-markets-update-q2-2023.pdf.

[16]  Commissioner Goldsmith Romero focused on the role of crediting programs in her remarks, asking commenters to address “whether market integrity can be improved by exchanges relying on a crediting program’s processes and diligence, as assumed in the [VCC Proposal], or if there is a benefit to exchanges conducting additional due diligence into specific categories, protocols, or projects.”

[17]  See Appendix C to Part 38 of the CFTC’s regulations, paragraph (b)(2)(i)(B)

[18]  17 CFR §§ 40.2(a)(3)(v) (for self-certification) and 40.3(a)(4) (for Commission approval).

[19]  17 CFR §§ 40.2(b) (for self-certification) and 40.3(a)(10) (for Commission approval).

---

The following Gibson Dunn attorneys prepared this update: Jeffrey Steiner, Adam Lapidus, and Hayden McGovern.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Derivatives practice group, or the following authors:

Jeffrey L. Steiner – Washington, D.C. (+1 202.887.3632, jsteiner@gibsondunn.com)

Adam Lapidus – New York (+1 212.351.3869, alapidus@gibsondunn.com)

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

The Guidelines include some shifts from prior Agency guidance, although in practice they reflect many developments already seen at the Agencies under the Biden Administration’s leadership. 

On December 18, 2023, the U.S. Federal Trade Commission (FTC) and Department of Justice (DOJ) (collectively, the Agencies) jointly released the final version of the 2023 Merger Guidelines following a public comment period on an earlier draft version released in July 2023. The Guidelines reflect the Biden Administration’s competition policy and provide guidance on the Agencies’ enforcement priorities. The Guidelines are now effective, and although they include some shifts from prior Agency guidance, in practice the Guidelines reflect many developments already seen at the Agencies under the Biden Administration’s leadership.

The final revised Guidelines include several notable changes from the July draft, including:

• An expanded discussion of a transaction’s potential to harm competition by eliminating potential entrants or nascent competitive threats, making clear that the Agencies view their burden to prove the loss of potential competition is materially lower than that of parties to prove that third-party potential entrants will preserve competition;
• A modified discussion of vertical merger enforcement that softens the prior draft’s presumption of harm, but expands the discussion of potential foreclosure risks associated with vertical deals; and
• A reframing of “trends toward consolidation” as a framework for analyzing mergers in the broader context of developments in their industry rather than as an independent theory of harm.

Overall, the final Guidelines continue to reflect the Agencies’ increased skepticism of merger and acquisition activity, especially in concentrated markets, and attempt to revive seldom-used and novel theories of competitive harm, including some based on case law from many decades ago. While they reflect current enforcement guidance, the new Guidelines are not binding on the federal courts, and it remains to be seen whether courts in the future will find them persuasive as courts have done with the 2010 Merger Guidelines. Likewise, if there is an Administration change in 2025, we expect that there will be a significant, if not wholesale, “dialing back” of these revised Guidelines.

1. Potential Future Competition

The final Guidelines signal Agency intent to challenge more acquisitions where no immediate competitive overlaps exist between the merging parties under the theory that parties may nevertheless be potential future competitors or important partial constraints as part of a broader “ecosystem” of competitive industry participants. While courts have historically required the Agencies to show, at least by reasonable probability (noticeably greater than 50%), that merging parties will be future competitors,[1] the 2023 Guidelines generally articulate a lower burden for the Agencies to show harm to future competition.

The theme of preventing mergers from eliminating potential and nascent competitive threats reaches across multiple sections of the final Guidelines. In addressing vertical mergers, the Guidelines focus on mergers’ potential to prevent the entry of competitors in the relevant markets under investigation as well as related markets. And in addressing horizontal mergers, the Guidelines carefully distinguish between harm to competition from a merger’s elimination of a potential entrant and rebuttal claims by merging parties that likely or potential entry of new competitors will offset competitive effects. Notably, the Guidelines articulate two different standards for establishing the likelihood of potential entry: a lower standard for Agency claims that effects on a merging party’s potential entry can harm competition because the Agencies “seek to prevent threats at their incipiency,” and a higher standard for merging parties to show that potential entry by a third party can offset competitive harms because potential entrants only offer an attenuated effect on competition compared to active participants. It remains to be seen how courts will address the inconsistency in standards (and the Guidelines cite no case law to support the bifurcated proposition).

The final Guidelines also add new language addressing the effects of “ecosystem” competition in mergers where one or both parties offer a “wide array of products or services.” The Guidelines state that large incumbent firms who acquire small niche players offering non-competing services to the acquirer may nevertheless harm competition by reducing the “ecosystem” of services and products offered by multiple competitors that in concert may constrain larger incumbent firms. The final Guidelines single out markets undergoing “technological transitions” where new technological developments can create competitive threats to incumbent firms. Under this framework, the Agencies may recontextualize smaller acquired parties as “nascent threats” who offer “partial constraints” to large incumbent acquirers.

2. Vertical Mergers

The final Guidelines’ treatment of vertical mergers is markedly different from the July 2023 draft, reducing the draft version’s focus on categorical presumptions but expanding the discussion of potential harms.

While the draft Guidelines articulated a presumption of illegality when a merged firm has a “foreclosure share” above 50 percent, the final version notes in a footnote that this threshold is sufficient for a general inference of harm “in the absence of countervailing evidence.” In most regards, however, the Guidelines expand categories of potential harms resulting from vertical consolidation. For example, the Guidelines contain an expanded discussion of foreclosure concerns stemming from a vertical merger, including foreclosure of “routes to market,” referring to limiting market participants’ means of access to trading partners, distribution channels, or customers. The final Guidelines also expand on vertical mergers’ potential creation of barriers to entry by requiring potential entrants to invest in related products as well as the relevant product at issue in an investigation. Finally, the Guidelines expound on foreclosure incentives, articulating a low Agency burden of proof that the existence of close competition between merging parties alone signifies an incentive to foreclose rivals through direct or indirect downstream means.

3. Trends Toward Consolidation

The final Guidelines significantly alter and expand Guideline 7 (formerly Guideline 8 in the draft Guidelines) regarding industry trends towards consolidation. The draft Guidelines appeared to articulate an independent theory of harm that mergers could lessen competition by “contribut[ing] to a trend towards consolidation,” relying on language from the Supreme Court in General Dynamics “allow[ing] the Government to rest its case on a showing of even small increases of market share or market concentration in those industries or markets where concentration is already great or has been recently increasing.”[2]

By contrast, the final Guidelines now note that a trend towards consolidation is a “highly relevant factor” that may “heighten the competition concerns identified in Guidelines 1-6.” Rather than serve as an independent theory of harm on which the Agencies may challenge a merger, however, the Guidelines now articulate that mergers will be reviewed in the context of other industry consolidation activity, and the Agencies will analyze proposed transactions’ potential effect on potential future consolidation activity. The Guidelines discuss an “arms race” concern that consolidation can create leverage against participants in upstream, downstream, or other related markets that encourage further consolidation and generally reduce competition. Vertical mergers, while generally considered inherently procompetitive by courts due to synergies such as elimination of double-marginalization, are particularly susceptible to scrutiny where other market participants may move to vertically integrate to achieve similar efficiencies. Additionally, the Guidelines note that multiple mergers by different players in the same industry may be examined in context of one another, though the Guidelines do not expound further on how this may affect concentration calculations and to what extent trends towards consolidation could serve as a factor in enforcement action claims. The final Guidelines make clear, however, that merging parties must remain cognizant of wider industry merger and acquisition trends in analyzing risk of investigation in planned transactions.

Conclusions and Takeaways

The 2023 Merger Guidelines provide a window into the expanded and more aggressive antitrust enforcement characterizing Agency review of mergers under the Biden Administration.[3] Importantly, as noted, the Guidelines neither reflect nor create binding authority on merging parties. Rather, the Guidelines provide guidance on how and under what circumstances the Agencies will consider enforcement actions and the theories under which they may bring such actions. Actions brought under the enforcement policies articulated and expanded upon in the final Guidelines are subject to review by federal courts, assuming the parties decide to litigate. To prevail on the novel and expanded theories of harm in the Guidelines, the Agencies will ultimately need to persuade federal courts that these theories are supported by legal precedent. Nevertheless, merging parties should expect aggressive enforcement action by the Agencies that seek abandonment of mergers through lengthy investigations, procedural delay, and more frequent court challenges.

Firms considering transactions should continue to proactively consult with antitrust counsel early in the transaction consideration process to identify and mitigate risk. Gibson Dunn attorneys are closely monitoring these developments and are available to discuss these issues as applied to your particular business.

__________

[1] See, e.g., FTC v. Meta Platforms Inc., ___ F.3d __, 2023 WL 2346238, at *22 (N.D. Cal. 2023) (requiring a probability of entry “noticeably greater than fifty percent”). Other courts have imposed an even stricter standard, requiring the government to establish the likelihood of future entry with “clear proof.” FTC v. Atl. Richfield Co., 549 F.2d 289, 295 (4th Cir. 1977).

[2] United States v. General Dynamics Corp., 415 U.S. 486 (1974).

[3] See Gibson Dunn Client Alerts: U.S. Antitrust Agencies Release Updated Merger Guidelines (July 20, 2023); DOJ Signals Increased Scrutiny on Information Sharing (Feb. 10, 2023); FTC Proposes Rule to Ban Non-Compete Clauses (Jan. 5, 2023); FTC Announces Broader Vision of Its Section 5 Authority to Address Unfair Methods of Competition (Nov. 14, 2023); DOJ Antitrust Secures Conviction for Criminal Monopolization (Nov. 9, 2022); DOJ Antitrust Division Head Promises Litigation to Break Up Director Interlocks (May 2, 2022).

---

The following Gibson Dunn attorneys prepared this update: Kristen Limarzi, Stephen Weissman, Chris Wilson, Jamie France, Zoë Hutchinson, Logan Billman, and Kyla Osburn*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Antitrust and Competition, Mergers and Acquisitions, or Private Equity practice groups, or the following practice leaders:

Antitrust and Competition:
Rachel S. Brass – San Francisco (+1 415.393.8293, rbrass@gibsondunn.com)
Kristen C. Limarzi – Washington, D.C. (+1 202.887.3518, klimarzi@gibsondunn.com)
Ali Nikpay – London (+44 20 7071 4273, anikpay@gibsondunn.com)
Cynthia Richman – Washington, D.C. (+1 202.955.8234, crichman@gibsondunn.com)
Christian Riis-Madsen – Brussels (+32 2 554 72 05, criis@gibsondunn.com)
Stephen Weissman – Washington, D.C. (+1 202.955.8678, sweissman@gibsondunn.com)
Chris Wilson – Washington, D.C. (+1 202.955.8520, cwilson@gibsondunn.com)
Jamie E. France – Washington, D.C. (+1 202.955.8218, jfrance@gibsondunn.com)

Mergers and Acquisitions:
Robert B. Little – Dallas (+1 214.698.3260, rlittle@gibsondunn.com)
Saee Muzumdar – New York (+1 212.351.3966, smuzumdar@gibsondunn.com)

Private Equity:
Richard J. Birns – New York (+1 212.351.4032, rbirns@gibsondunn.com)
Wim De Vlieger – London (+44 20 7071 4279, wdevlieger@gibsondunn.com)
Federico Fruhbeck – London (+44 20 7071 4230, ffruhbeck@gibsondunn.com)
Scott Jalowayski – Hong Kong (+852 2214 3727, sjalowayski@gibsondunn.com)
Ari Lanin – Los Angeles (+1 310.552.8581, alanin@gibsondunn.com)
Michael Piazza – Houston (+1 346.718.6670, mpiazza@gibsondunn.com)
John M. Pollack – New York (+1 212.351.3903, jpollack@gibsondunn.com)

*Kyla Osburn is an associate working in the firm’s Palo Alto office who is not yet admitted to practice law.

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

The case is particularly significant for limited partners in private equity and hedge fund managers organized as limited partnerships. 

On November 28, 2023, the U.S. Tax Court (the “Tax Court” or the “Court”) issued its opinion in Soroban Capital Partners LP v. Commissioner,[1] holding that a “functional analysis test” must be applied in determining whether the “limited partner exception” to the imposition of Self-Employed Contributions Act (“SECA”) tax under section 1402(a)(13)[2] applies to limited partners in a limited partnership.[3]  The case is particularly significant for limited partners in private equity and hedge fund managers organized as limited partnerships.  Since the launch of its SECA tax compliance campaign in 2018,[4] the Internal Revenue Service (the “IRS”) has been pursuing self-employment tax audits of limited partnerships, limited liability companies, and limited liability limited partnerships.  The campaign seeks to address the IRS’s contention that certain taxpayers have been improperly claiming to be “limited partners” for purposes of the “limited partner exception” from SECA tax.

The decision in Soroban Capital Partners LP (“Soroban”), amidst the IRS’s SECA tax compliance campaign, represents a meaningful victory for the IRS that, if sustained on appeal, could significantly limit the ability of many limited partners to assert that they are not subject to self-employment tax.

I.   Background

SECA, enacted into law in 1954,[5] requires self-employed individuals to contribute to Social Security and Medicare by imposing a tax on their net earnings from self-employment.  The SECA tax applies to “self-employment income,” defined – somewhat tautologically – in section 1402(b) as “net earnings from self-employment” (“NESE”).  The SECA tax currently comprises two component parts:  a 12.4 percent Social Security tax on the first $160,200 (for 2023) of NESE and 3.8 percent Medicare tax on all NESE.[6]  The SECA tax applies to a partner’s distributive share of the partnership’s business income, unless an exception applies, and also applies to a partner’s guaranteed payments for services.

Section 1402(a)(13), enacted as part of the Social Security Amendments of 1977,[7] carves out an exception from NESE (the “Limited Partner Exception”) for “limited partners” that excludes “the distributive share of any item of income or loss of a limited partner, as such, other than guaranteed payments described in section 707(c) to that partner for services actually rendered to or on behalf of the partnership to the extent that those payments are established to be in the nature of remuneration for those services.”  (Emphasis added).  In enacting this exception, Congress was concerned that individuals were investing as limited partners in investment-related business ventures, paying a small amount of SECA tax, and thereby qualifying for future Social Security benefits.  The Limited Partner Exception was intended to curb this perceived abuse.[8]

The scope of the Limited Partner Exception has been subject to some debate because the term “limited partner” is not defined in section 1402 or in the Treasury regulations and, in general, is not a term elsewhere defined in the U.S. federal tax law or commonly understood to have a particular meaning for U.S. federal tax purposes.[9]  The emergence – in the 1990s and the first decade of this century – of so-called “hybrid entities,” such as limited liability companies (“LLCs”), limited liability partnerships (“LLPs”), and limited liability limited partnerships (“LLLPs”), which often are classified as partnerships for U.S. federal income tax law purposes, has given rise to questions as to the scope of interpreting and applying the Limited Partner Exception.

In 1994, the Treasury Department and the IRS issued proposed regulations defining “limited partner” for purposes of the Limited Partner Exception.[10]  Those regulations were re-proposed in 1997.[11]  The proposed regulations also applied to owners of entities other than limited partnerships, such as LLCs.  These proposed regulations would have disqualified individuals from being considered limited partners if they bore personal liability for partnership debts, had authority to contract for the partnership, or participated in the partnership’s trade or business for over 500 hours during the partnership’s taxable year.[12]  In response to negative reaction from parts of the U.S. media, Congress subsequently enacted a one-year moratorium preventing the finalization of the proposed regulations, due to a  concern that the proposed change in the treatment of individuals who are limited partners under applicable state law would have exceeded Treasury’s regulatory authority.[13]  In the twenty-five years that have passed since the expiration of the moratorium, neither the IRS nor Congress has clarified the definition of a “limited partner.”[14]

Although several cases have interpreted the Limited Partner Exception in the context of LLPs and LLCs,[15] until Soroban no case had interpreted the Limited Partner Exception in the context of a limited partner who owns a limited partner interest in a limited partnership.  Somewhat ironically, Judge Buch wrote the only opinion in this area of the law holding that a member of an LLC classified as a partnership for tax purposes should be treated as a limited partner for purposes of the Limited Partnership Exception.[16]

II.   Background to Soroban Capital Partners LP

Soroban, a Delaware limited partnership, is a hedge fund manager located in New York City.  During 2016 and 2017, Soroban had four partners: three individual limited partners, each of whom was a limited partner, and Soroban Capital Partners GP LLC, a Delaware limited liability company, as the general partner.  The general partner was owned indirectly by the three individual limited partners.

According to the limited partnership agreement, the general partner was to carry on the business and affairs of the limited partnership and had the ultimate authority to make decisions on behalf of the limited partnership.  One of the limited partners served as the Managing Partner and Chief Investment Officer, another limited partner served as the Co-Managing Partner, and the third limited partner served as the Head of Trading and Risk Management of Soroban.  Two of the limited partners had negative consent rights over certain enumerated actions of a fundamental nature.  Each of the three individual limited partners devoted his full-time efforts to the activities of Soroban and its affiliates.

During the years at issue, Soroban made guaranteed payments for services to each of the three individual limited partners and allocated the remaining ordinary business income among all of its partners.  Soroban reported the guaranteed payments, as well as the general partner’s share of ordinary business income, but not the limited partners’ shares of ordinary business income, as subject to SECA tax.

The IRS challenged Soroban’s position that the limited partners’ shares of ordinary business income were not subject to SECA tax and issued Notices of Final Partnership Administrative Adjustment (“FPAAs”) making adjustments to Soroban’s NESE for the years in issue.  Soroban’s tax matters partner filed a petition in Tax Court challenging the FPAAs and then filed a motion for summary judgment requesting that the Court find as a matter of law that the Limited Partner Exception precludes the limited partners’ shares of ordinary business income from being subject to SECA tax.

III.   The Court’s Analysis

Addressing the merits of the case,[17] the Court held that the “limited partner exception does not apply to a partner who, is limited in name only,”[18] even when that person is a limited partner in a limited partnership.  The Court turned to principles of statutory construction to ascertain Congress’s intent, as neither section 1402(a)(13) nor applicable regulations define the term “limited partner.”  The Court focused on the phrase “limited partner, as such.”  In the Court’s view, if Congress had intended for limited partners to be per se excluded from the SECA tax, Congress could have simply used the term “limited partner” without “as such.”  In support of its interpretation, the Court reviewed legislative history, stating that “Congress enacted section 1402(a)(13) to exclude earnings from a mere investment.  It [Congress] intended for the phrase ‘limited partners, as such’ used in section 1402(a)(13) to refer to passive investors.”[19]  The Court held that it must apply a “functional analysis test” to determine whether a limited partner in a limited partnership is a “limited partner, as such.”

In other words, the Court effectively concluded that there is no legally relevant distinction between limited partners in a limited partnership and the partners or members of the other entities (e.g., LLCs and LLPs) addressed under the Court’s prior precedent.  This is a surprising expansion of the prior precedent given the very clear language of the Code and the much more obvious meaning of the words “as such,” reflecting a distinction between the distributive share of income received by an individual who is both a limited partner and a general partner in the limited partnership.  As stated in the legislative history, “if a person is both a limited partner and a general partner in the same partnership, the distributive share received as a general partner would continue to be covered ….”[20]  Thus, “as such” was a necessary clarification that only the distributive share of income attributable to the limited partnership interest is excepted from NESE.

IV.   Implications

Because the Soroban opinion addressed only the legal question on summary judgment of whether a partner in a limited partnership is per se excluded from SECA tax, the Tax Court has not yet addressed whether the limited partners in Soroban satisfy the “functional analysis test,” which will depend on the specific facts and circumstances.  Resolution of that issue will require further proceedings, including potentially a trial, for the Tax Court to hear evidence on and apply the functional analysis test.

We expect that, if, in applying that test, the Soroban limited partners are found not to be “limited partner[s], as such,” Soroban will appeal the Tax Court’s decision to the U.S. Court of Appeals for the Second Circuit.  It is also possible that, to avoid a potentially unnecessary trial, Soroban could pursue an interlocutory appeal of the Tax Court’s summary judgment order, which would require approval of both the Tax Court and the Second Circuit to proceed.  There has yet to be a circuit court review of section 1402(a)(13), and now appears to be an opportune time for such a review given both the legal history of this provision and the broad effects on taxpayers.  A decision by the Second Circuit in the Soroban case, however, would only control Tax Court cases appealable to the Second Circuit.  As a result, in cases appealable to other circuits, taxpayers or the IRS could be expected to continue to litigate the issue.

Currently, there are two other pending Tax Court cases relating to fund managers which raise the same arguments as Soroban, and the IRS is still actively auditing numerous partnerships as part of its SECA tax compliance campaign.

Please reach out to your Gibson Dunn lawyers for assistance with any IRS examinations on this topic or to determine how this case may influence your compliance with SECA tax obligations going forward.

__________

[1]   161 T.C. No. 12 (2023).

[2]   Unless indicated otherwise, all “section” references are to the Internal Revenue Code of 1986, as amended (the “Code”), and all “Treas. Reg. §” references are to the Treasury regulations promulgated under the Code.

[3]   Judge Buch authored the Soroban opinion, which is the second opinion he has written for the Tax Court applying section 1402(a)(13).  See Hardy v. Commissioner, 113 T.C.M (CCH) 1070 (2017) (holding that a plastic surgeon’s distributive share of income from a surgical center organized as an LLC (classified as a partnership) was exempt from SECA tax under section 1402(a)(13) because he was a mere investor in the LLC).

[4]   IRS Announces Rollout of Five Large Business and International Compliance Campaigns (March 13, 2018), available at https://www.irs.gov/businesses/irs-lbi-compliance-campaigns-mar-13-2018.

[5]   Self Employment Contributions Act of 1954, c. 736, 68A Stat. 353.

[6]   Section 1401(a), (b).  The base Medicare tax is 2.9 percent, but it increases to 3.8 percent on NESE in excess of certain thresholds.

[7]   Pub. L. No.  95-216, Title III, § 313(b), 91 Stat. 1536.

[8]   H.R. Rep. No. 95-702, pt. 1, at 40-41 (1977).

[9]   In 2011, the IRS issued proposed regulations under section 892 defining a “limited partner interest” as an interest held by a partner who does not have rights to participate in the management and conduct of the partnership’s business at any time during the partnership’s taxable year under the law of the jurisdiction in which the partnership is organized or under the governing agreement.  REG-146537–06, 76 Fed. Reg. 68119  (Nov. 3, 2011).  In addition, in 2011, the IRS proposed regulations under section 469(h)(2) that was intended to clarify the definition and tax treatment of “limited partners” for purposes of defining material participation in partnership activities.  REG-109369-10, 76 Fed. Reg. 72367 (Nov. 23, 2011).  Neither of these proposed regulations addressed the definition of a limited partner for purposes of section 1402.

[10]   59 Fed. Reg. 67253 (Dec. 29, 1994).

[11]   REG-209824096, 62 Fed. Reg. 1701 (Jan. 13, 1997).

[12]   Id., Prop. Treas. Reg. § 1.1402(a)-2(h)(2)(i)-(iii).

[13]   Taxpayer Relief Act of 1997, Pub. L. No. 105-34, Title IX, § 935, 111 Stat. 882.

[14]   Just weeks before issuance of the Tax Court’s decision in Soroban, the IRS and Treasury Department released the 2023-2024 Priority Guidance Plan, adding “[g]uidance under section 1402(a)(13)” and indicating a renewed interest in addressing the Limited Partner Exception through regulations or other published guidance.  2023-2024 Priority Guidance Plan, available at https://www.irs.gov/pub/irs-utl/2023-2024-priority-guidance-plan-initial-version.pdf.

[15]  See, e.g., Renkemeyer, Campbell & Weaver LLP v. Commissioner, 136 T.C. No. 137 (2011).  In Renkemeyer, the Court analyzed the legislative history of section 1402(a)(13) and concluded that its intent “was to ensure that individuals who merely invested in a partnership and who were not actively participating in the partnership’s business operations … would not receive credits towards Social Security coverage.”  Id. at 150.  The Court held that partners in a law firm organized as a limited liability partnership were not limited partners for purposes of section 1402(a)(13) because their “distributive shares arose from legal services … performed on behalf of the law firm” and not “as a return on the partners’ investments.”  Id.

[16]  See Hardy v. Commissioner, 113 T.C.M (CCH) 1070 (2017).

[17]  The Court also held that, under the now-repealed TEFRA partnership audit rules, SECA tax adjustments constituted “partnership items” within the meaning of former section 6231(a)(3), giving it jurisdiction to decide the case.  Soroban, 161 T.C. No. 12, slip. op. at 13-15.  Under partnership audit rules enacted by the Bipartisan Budget Act (the “BBA”), which generally are effective beginning with the 2018 tax year, the treatment would be different as the BBA is limited to Subtitle A, Chapter I Income Tax and does not include the SECA tax under Subtitle A, Chapter 2.

[18]   Soroban, 161 T.C. No. 12, slip. op at 11.

[19]   Id.

[20]   H.R. Rep. No. 95-702, pt. 1, at 40 (1977).

---

The following Gibson Dunn attorneys prepared this update: Michael Benison, Michael Desmond, Evan Gusler, Galya Savir, and Terrell Ussing.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Tax and Global Tax Controversy and Litigation practice groups:

Tax:
Dora Arash – Los Angeles (+1 213.229.7134, darash@gibsondunn.com)
Sandy Bhogal – Co-Chair, London (+44 20 7071 4266, sbhogal@gibsondunn.com)
Michael Q. Cannon – Dallas (+1 214.698.3232, mcannon@gibsondunn.com)
Jérôme Delaurière – Paris (+33 (0) 1 56 43 13 00, jdelauriere@gibsondunn.com)
Michael J. Desmond – Los Angeles/Washington, D.C. (+1 213.229.7531, mdesmond@gibsondunn.com)
Anne Devereaux* – Los Angeles (+1 213.229.7616, adevereaux@gibsondunn.com)
Matt Donnelly – Washington, D.C. (+1 202.887.3567, mjdonnelly@gibsondunn.com)
Pamela Lawrence Endreny – New York (+1 212.351.2474, pendreny@gibsondunn.com)
Benjamin Fryer – London (+44 (0) 20 7071 4232, bfryer@gibsondunn.com)
Kathryn A. Kelly – New York (+1 212.351.3876, kkelly@gibsondunn.com)
Brian W. Kniesly – New York (+1 212.351.2379, bkniesly@gibsondunn.com)
Loren Lembo – New York (+1 212.351.3986, llembo@gibsondunn.com)
Jennifer Sabin – New York (+1 212.351.5208, jsabin@gibsondunn.com)
Eric B. Sloan – Co-Chair, New York/Washington, D.C. (+1 212.351.2340, esloan@gibsondunn.com)
Jeffrey M. Trinklein – London/New York (+44 (0) 20 7071 4224), jtrinklein@gibsondunn.com)
Edward S. Wei – New York (+1 212.351.3925, ewei@gibsondunn.com)
Lorna Wilson – Los Angeles (+1 213.229.7547, lwilson@gibsondunn.com)
Daniel A. Zygielbaum – Washington, D.C. (+1 202.887.3768, dzygielbaum@gibsondunn.com)

Global Tax Controversy and Litigation:
Michael J. Desmond – Co-Chair, Los Angeles/Washington, D.C. (+1 213.229.7531, mdesmond@gibsondunn.com)
Saul Mezei – Washington, D.C. (+1 202.955.8693, smezei@gibsondunn.com)
Sanford W. Stark – Co-Chair, Washington, D.C. (+1 202.887.3650, sstark@gibsondunn.com)
C. Terrell Ussing – Washington, D.C. (+1 202.887.3612, tussing@gibsondunn.com)

*Anne Devereaux is of counsel working in the firm’s Los Angeles office who is admitted to practice in Washington, D.C.

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

In this article, originally published by Law360, we distill the array of major global AI developments to spotlight a narrow but vitally important area — practical insights for employers using AI in the workplace.

We have been witnessing an absolute whirlwind of artificial intelligence policy developments around the globe.

On Dec. 8, European Union policymakers reached a historic agreement on the AI Act — the world’s most comprehensive risk-based framework governing AI systems. Although details will be finalized in the coming weeks, the AI Act’s full set of requirements is expected to go into effect in approximately the next two years.

This is just the latest significant development in AI regulation and governance — following the release of the risk-based AI international code of conduct by G7 leaders, 18 countries signing onto international guidelines on safe AI development and deployment, and the UK’s AI Safety Summit.

Additionally, in the U.S., the White House recently issued its AI executive order. At the same time, AI-related developments have been continuing at the state level, including the California Privacy Protection Agency, or CPPA, publishing discussion draft regulations relating to automated decision-making technology.

Each of these developments shows keen interest in AI regulation and is a road map to the potential requirements and guardrails for those developing and deploying AI tools.

There is a recognition that AI has the potential to transform a range of industries, and that we are merely at the beginning of this technological journey.

In this article, we will seek to move past AI buzzwords and amorphous definitions to distill the array of major AI developments to spotlight a narrow — but vitally important area — practical insights for employers using AI in the workplace.

In particular, we will address how:

• • The now officially forthcoming EU AI Act may impose compliance obligations on U.S. employers deploying AI systems;
  • The U.S. Department of Labor’s new role as articulated under the AI executive order and recent coordinating efforts with two federal agencies is likely to result in increased AI enforcement actions and influence how AI in the workplace is regulated;
  • The recently released draft AI guidance from the White House’s Office of Management and Budget — while not directly applicable to most companies, other than government contractors — is likely to be an instructive guide as to expectations at the federal level; and
  • California’s recently published automated decision-making prerulemaking efforts might shape regulation at the state level.

Read More

Reproduced with permission. Originally published by Law360, New York (December 14, 2023).

---

The following Gibson Dunn attorneys prepared this article: Vivek Mohan and Emily M. Lamm.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Artificial Intelligence or Labor and Employment practice groups, or the authors:

Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)

Emily Maxim Lamm – Washington, D.C. (+1 202.955.8255, elamm@gibsondunn.com)

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

The Second Amended Cybersecurity Regulation signals a significant shift in the cybersecurity regulatory landscape, reflecting NYDFS’s proactive efforts to empower covered entities to protect themselves against escalating threats of sophisticated and frequent cyber events.

On November 1, 2023, the New York Department of Financial Services (“NYDFS” or “the Department”) finalized the amendments to its Part 500 Cybersecurity Regulation (the “Second Amended Cybersecurity Regulation”) and cemented its status as a proactive regulatory leader in the effort to protect consumer data, promote cybersecurity governance best practices, and keep pace with new cybersecurity threats and emerging technology.

In line with NYDFS’s risk-based approach to cybersecurity, and as previewed in its previous drafts, the Second Amended Cybersecurity Regulation introduces several notable changes, including expanded responsibility for senior governing bodies, obligations to implement additional safeguards, new requirements for larger companies, new and increased obligations related to written policies and procedures, heightened requirements around audits and risk assessments, and additional reporting requirements for cybersecurity incidents.

NYDFS’s cybersecurity regulation, 23 NYCRR Part 500 (the “Cybersecurity Regulation”), was first released in March 2017 and went into full effect in March 2019.  A minor, ministerial amendment changing the date of the required annual certification was made in 2020 (the “First Amended Cybersecurity Regulation”).  In July of 2022, NYDFS began the process of a thorough review and update to the regulation.  Since then, NYDFS has issued three draft amendments—the initial Draft Proposed Second Amendment (published July 29, 2022), the Proposed Second Amendment (published November 9, 2022), and the Revised Proposed Second Amendment (published June 28, 2023)—and held two notice and comment periods with active stakeholder participation.

Key updates to the Cybersecurity Regulation, as reflected in the Second Amended Cybersecurity Regulation, are highlighted below:

1. Heightened Obligations for Senior Leadership and Governing Bodies

Under the Second Amended Cybersecurity Regulation, the “senior governing body” of a covered entity joins the Chief Information Security Officer (“CISO”) at the helm of the company’s cybersecurity apparatus.  “Senior governing body” is broadly defined to account for the varied sizes, corporate structures, business models, and industries under NYDFS’s purview.  A covered entity’s board of directors or equivalent governing body, a board committee, or senior officer(s) responsible for the entity’s cybersecurity program would all qualify as senior governing bodies under the updated regulation.

The senior governing body of a covered entity is required to exercise oversight of the covered entity’s cybersecurity risk management.  At a minimum, this entails (i) having a sufficient understanding of cybersecurity-related matters; (ii) requiring management to develop, implement, and maintain the covered entity’s cybersecurity program; (iii) regularly receiving and reviewing management reports on cybersecurity; and (iv) confirming that sufficient resources are allocated in order to implement and maintain the cybersecurity program.  Previously, a covered entity’s CISO was charged with ensuring sufficient allocation of resources to develop and maintain an effective cybersecurity system; in recognition of the fact that senior governing bodies, not CISOs, tend to make enterprise-wide resource allocation decisions, NYDFS shifted that responsibility to the senior governing body.

The Second Amended Cybersecurity Regulation also expands reporting obligations on the CISO, requiring the timely reporting of material cybersecurity issues to the senior governing body or senior officer(s), such as significant cybersecurity events and significant changes to the cybersecurity program.

2. Increased Investment in Cybersecurity Programs

The Second Amended Cybersecurity Regulation requires covered entities assess the adequacy of their governance practices and their investments in technology and personnel.  In addition to significantly expanding the breadth of covered entities’ cybersecurity efforts by including “nonpublic information stored on the covered entity’s information systems” in its definition of “cybersecurity program,” NYDFS established additional requirements related to written policies and procedures.

Companies must have written incident response plans, business continuity and disaster recovery plans, and plans for investigating and mitigating cybersecurity events.  As it did in the original Cybersecurity Regulation in 2017 for the then-novel incident response plans, NYDFS took care to enumerate a number of proactive measures intended to help covered entities formulate effective business continuity plans.  The draft amendments related to business continuity and incident response plans remained largely the same throughout the process of reviewing and updating the regulation, though the Department did make a few practical and logistical changes.

Each covered entity must also implement written policies and procedures that are designed to produce and maintain a complete, accurate, and documented asset inventory of its information systems.  NYDFS made a subtle adjustment to this provision from the June 2023 Revised Proposed Second Amendment, requiring covered entities to “produce and maintain” an asset inventory rather than “ensure” it exists—this is one of many instances where the Department made revisions geared toward providing covered entities with concrete guidance on how to navigate the cybersecurity landscape.

3. Separate Requirements for Larger “Class A” Companies

NYDFS codified heightened cybersecurity requirements for a newly defined class of larger entities, termed “Class A” companies.  Throughout its drafting process, NYDFS iterated upon the scope and scale of Class A companies, and ultimately chose a relatively limited definition.  Class A companies are those with an in-state gross annual revenue over $20 million in each of the last two fiscal years, and have had either (i) an average of more than 2,000 employees, or (ii) over $1 billion in gross annual revenue in each of the last two fiscal years.  When calculating these figures, entities should include any affiliates that it shares information systems, cybersecurity resources, or a cybersecurity program with.

The Department has imposed several obligations on Class A companies, including to design and conduct independent audits of their cybersecurity programs based upon their respective risk assessments; monitor privileged access activity and implement privileged use management solutions; and implement security precautions such as centralized logging and notifications for security alerts, automatic rejection of common or simple passwords, and endpoint detection and response solutions for anomalous activity.

While the Revised Proposed Second Amendment published on June 28, 2023 would have required audits of Class A cybersecurity programs on an annual basis, the final Second Amended Cybersecurity Regulation introduces some flexibility by requiring audits at a frequency determined by the results of the entity’s risk assessments.  This change reflects the Department’s understanding that designing and conducting annual audits may be a particularly burdensome, time-consuming, and resource-heavy endeavor given the size of Class A companies and the complexity of their cybersecurity programs.  NYDFS did, however, add that Class A companies should design their audits, in addition to conducting them, which demonstrates NYDFS’s desire for covered entities to be engaged, comprehensive, and diligent about their cybersecurity efforts.

4. Additional Requirements for Audits and Risk Assessments

In earlier draft amendments, NYDFS had proposed strict requirements related to audits, risk assessments, and penetration tests, such as prohibiting the use of internal auditors and requiring covered entities retain external auditors.  Many public commenters took issue with these proposals; in response, the Department expanded the pool of eligible auditors and experts to include internal personnel and reduced the rigidity of timetables for certain obligations.  Under the Second Amended Cybersecurity Regulation:

• An “independent” audit is one conducted by internal or external auditors, who are free to make their own decisions and are not influenced by the covered entity or its owners, managers, or employees;
• Class A companies must re-review and update their risk assessments at least annually, and whenever changes to their business or technology result in a “material change” to the cyber risk they face;[1] and
• Penetration testing of information systems must be performed annually by qualified internal or external “parties” (not necessarily by “experts,” as contemplated in the Proposed Second Amendment).

In addition, the Second Amended Cybersecurity Regulation includes a new requirement that risk assessments must “inform the design” of the cybersecurity program and enable adjustments in controls to address evolving cybersecurity and privacy risks.  This includes general risks and those particular to the covered entity’s business operations.

5. Incident Notification Obligations

Covered entities should take note of the growing number and increased sophistication of cybersecurity events in recent years.  In an effort to combat these threats, NYDFS established a new 24-hour notification obligation in the event a covered entity makes a ransom payment, and a 30-day window for covered entities to provide a written description of why the payment was necessary, alternatives to payment that were considered, and all diligence conducted to ensure compliance with applicable rules and regulations.

NYDFS narrowed the circumstances for which covered entities would have to provide NYDFS with notice by differentiating between “cybersecurity events” and “cybersecurity incidents.”  Under the Second Amended Cybersecurity Regulation, entities must notify NYDFS only where the covered entity has determined that there is an incident at the covered entity, its affiliate, or a third-party service provider that: (i) impacts the covered entity and has triggered the notification requirement of another governmental body, self-regulatory agency, or other supervisory body; (ii) has a reasonable likelihood of materially harming normal operations of the covered entity; or (iii) results in the deployment of ransomware within a material part of the covered entity’s information systems.

NYDFS considered, but did not adopt, a requirement that entities notify the Department of any incident involving unauthorized access to a “privileged account,”[2] acknowledging that such an overbroad requirement would likely lead to overreporting and the inefficient use of resources.

6. Compliance Timeline

In general, entities have 180 days, or until April 29, 2024, to comply with the Second Amended Cybersecurity Regulation. However, several provisions have different specified transitional periods that override this general timeline:

• Incident reporting requirements take effect 30 days after the effective date of the Second Amended Cybersecurity Regulation, or December 1, 2023.
• Governance, encryption, incident response plan and business continuity management, and the limited exemption provisions take effect one year after the effective date of the Second Amended Cybersecurity Regulation, or November 1, 2024.
• Vulnerability scanning, access privileges and management, and monitoring and training provisions take effect 18 months after the effective date of the Second Amended Cybersecurity Regulation, or May 1, 2025.
• Multifactor authentication and asset management and data retention provisions take effect two years after the effective date of the Second Amended Cybersecurity Regulation, or November 1, 2025.

Looking Ahead

The proliferation of artificial intelligence (“AI”), generative AI, and large language models is on NYDFS’s radar[3] and may receive attention in a forthcoming round of amendments.  Although NYDFS declined to dedicate a section of the Cybersecurity Regulation to these rapidly expanding technologies, it cautioned covered entities that cybersecurity risks associated with AI are “concerning” and should be taken into account in risk assessments and addressed in cybersecurity programs.[4]

The Second Amended Cybersecurity Regulation signals a significant shift in the cybersecurity regulatory landscape, reflecting NYDFS’s proactive efforts to empower covered entities to protect themselves against escalating threats of sophisticated and frequent cyber events.  Organizations should assess their cybersecurity policies and practices to ensure that adequate controls, resources, and personnel are in place to comply with NYDFS’s regulatory changes.

__________

[1] NYDFS did not adopt its proposed requirement that external experts conduct risk assessments at least once every three years.

[2] Privileged account means “any authorized user account or service account that can be used to perform security-relevant functions that ordinary users are not authorized to perform,  including but not limited to the ability to add, change or remove other accounts, or make configuration changes to information systems.”  Section 500.1(n).

[3] Assessment of Public Comments on the Revised Proposed Second Amendment to 23 NYCRR Part 500, here.

[4] Assessment of Public Comments on the Revised Proposed Second Amendment to 23 NYCRR Part 500, here.

---

The following Gibson Dunn lawyers assisted in preparing this alert: Alexander Southwell, Stephenie Gosnell Handler, Vivek Mohan, Sara Weed, Cassarah Chu, Anne Lonowski, and Ruby Lang.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any member of the firm’s Privacy, Cybersecurity & Data Innovation practice group:

United States
S. Ashlie Beringer – Co-Chair, Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)
Jane C. Horvath – Co-Chair, Washington, D.C. (+1 202.955.8505, jhorvath@gibsondunn.com)
Alexander H. Southwell – Co-Chair, New York (+1 212.351.3981, asouthwell@gibsondunn.com)
Matthew Benjamin – New York (+1 212.351.4079, mbenjamin@gibsondunn.com)
Ryan T. Bergsieker – Denver (+1 303.298.5774, rbergsieker@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202.887.3786, dburns@gibsondunn.com)
Gustav W. Eyler – Washington, D.C. (+1 202.955.8610, geyler@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, cgaedt-sheckter@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202.955.8657, sgans@gibsondunn.com)
Lauren R. Goldman – New York (+1 212.351.2375, lgoldman@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, shandler@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213.229.7269, nhanna@gibsondunn.com)
Howard S. Hogan – Washington, D.C. (+1 202.887.3640, hhogan@gibsondunn.com)
Kristin A. Linsley – San Francisco (+1 415.393.8395, klinsley@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)
Karl G. Nelson – Dallas (+1 214.698.3203, knelson@gibsondunn.com)
Rosemarie T. Ring – San Francisco (+1 415.393.8247, rring@gibsondunn.com)
Ashley Rogers – Dallas (+1 214.698.3316, arogers@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)
Benjamin B. Wagner – Palo Alto (+1 650.849.5395, bwagner@gibsondunn.com)
Sara K. Weed – Washington, D.C. (+1 202.955.8507, sweed@gibsondunn.com)
Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415.393.8333, mwong@gibsondunn.com)
Debra Wong Yang – Los Angeles (+1 213.229.7472, dwongyang@gibsondunn.com)

Europe
Ahmed Baladi – Co-Chair, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com)
Joel Harrison – London (+44 20 7071 4289, jharrison@gibsondunn.com)
Vera Lukic – Paris (+33 (0) 1 56 43 13 00, vlukic@gibsondunn.com)

Asia
Connell O’Neill – Hong Kong (+852 2214 3812, coneill@gibsondunn.com)
Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com)

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

We are pleased to provide you with the next edition of Gibson Dunn’s digital assets regular update. This update covers recent legal news regarding all types of digital assets, including cryptocurrencies, stablecoins, CBDCs, and NFTs, as well as other blockchain and Web3 technologies. Thank you for your interest.

ENFORCEMENT ACTIONS

UNITED STATES

• DOJ, CFTC, Treasury, and Binance, CZ Reach Settlement
  On November 21, Binance, the largest cryptocurrency exchange in the world, reached a settlement with the U.S. Department of Justice (DOJ), the Commodity Futures Trading Commission (CFTC), the U.S. Department of Treasury’s Office of Foreign Asset Control (OFAC) and Financial Crimes Enforcement Network (FinCEN), to resolve a multi-year investigation by the agencies and a civil suit brought by the CFTC. Attorney General Merrick Garland, Treasury Secretary Janet Yellen, and CFTC Commissioner Rostin Benham announced the multi-agency resolutions in a press conference. As part of the settlement, Binance agreed to pay $4.3 billion across the four agencies and pleaded guilty to conspiracy to conduct an unlicensed money transmitting business and violation of the International Emergency Economic Powers Act. The plea agreement requires Binance to engage in remedial compliance measures over a three-year probationary term and imposes an Independent Compliance Monitor, in addition to requiring the payment of fines and forfeitures. Concurrent with the company’s settlement, Binance’s founder Changpeng Zhao also pleaded guilty to one count of failing to maintain an effective AML program. NBC; CNN; ABC; Law360; CNBC; C-SPAN.
• SEC Sues Kraken Cryptocurrency Exchange
  On November 20, the SEC sued Kraken, the world’s third-largest crypto asset exchange, alleging that it operates as an unregistered securities exchange, broker, dealer, and clearing agency. The complaint’s allegations track those made in complaints against other crypto exchanges. The SEC’s complaint, filed in federal district court in San Francisco, seeks injunctive relief, disgorgement of ill-gotten gains plus interest, and penalties. SEC; Reuters; Fortune.
• DOJ Seizes Millions of Dollars of Tether
  On November 21, the Department of Justice seized $9 million worth of Tether (USDT), a U.S. dollar stablecoin, from accounts associated with “pig butchering” scams. These schemes involve scammers developing fake romantic relationships with victims, convincing them to transfer digital assets into fake exchanges before stealing the assets. Tether Limited, which manages Tether, had earlier frozen $225 million worth of USDT in accounts connected to these scams, from which the $9 million was seized. The operation was a collaboration between the Department of Justice, the U.S. Secret Service, and Tether Limited. CryptoNews; DOJ; Law360; CNBC.
• SEC’s Crypto Enforcement Increases in 2023
  The SEC announced their enforcement results for fiscal year 2023 which marked the third consecutive year that enforcement activity had increased since Chair Gary Gensler became head of the agency. While investment adviser cases, insider trading, and individual accountability cases saw a decrease in the 2023 fiscal year, cryptocurrency cases increased from 18 in fiscal year 2022 to 44 in fiscal year 2023. The SEC said it will continue to prioritize violations involving crypto in 2024. Law360.

INTERNATIONAL

• Feds Seize and Sanction Sinbad, a North Korean-Linked Crypto Mixer
  On November 29, Sinbad, a company that makes crypto transactions anonymous, was sanctioned by the U.S. Department of Treasury. Authorities have alleged that Sinbad washed millions of dollars of stolen cryptocurrency for North Korean state-backed hackers the Lazarus Group following high-profile digital heists. Sinbad is the third crypto mixer to face U.S. sanctions since 2022. Last month, the Financial Crimes Enforcement Network proposed rules to reclassify companies like Sinbad to bring them under its jurisdiction, which could require mixers to report some transactions to the federal government. Law360.
• Montenegro Court Approves Extradition of “Cryptocurrency King” Do Kwon
  On November 24, 2023, the High Court in Podgorica, Montenegro approved the extradition of Terraform Labs co-founder Do Hyeong Kwon to the United States or South Korea to face charges related to the collapse of stablecoin Terra USD. In February of this year, the U.S. Securities and Exchange Commission charged Kwon with orchestrating a multi-billion dollar crypto asset securities fraud. This followed South Korea’s issuance of a warrant for Kwon’s arrest in September of last year. Kwon agreed to be extradited to South Korea after serving a four-month sentence in Montenegro for document forgery. Montenegro’s justice minister will issue a final decision approving or denying extradition at the expiration of Kwon’s sentence. Reuters; Financial Times.

REGULATION AND LEGISLATION

UNITED STATES

• New York State Announces New Crypto Regulations
  On November 15, the New York State Department of Financial Services (NYDFS) unveiled new restrictions on crypto companies under the New York Financial Services Law. The restrictions require companies to submit for pre-approval policies regarding the listing and delisting of cryptocurrency coins. The submitted policies must include provisions on governance, risk assessment, monitoring, de-listing process, and execution. The new restrictions apply to digital currency businesses licensed under New York law and to limited purpose trusts under New York banking law. Covered businesses must meet with NYDFS by December 8 to discuss draft policies, and must submit final policies by January 31, 2024. Cointelegraph; N.Y. Dep’t Fin. Servs.
• CFPB Proposes Rule to Supervise Nonbank Companies Offering Digital Wallets and Payment Apps
  On November 7, the Consumer Financial Protection Bureau (CFPB) issued a proposed rule to supervise certain nonbank companies that offer services such as digital wallets and payment apps. The proposed rule would apply to nonbank payments companies providing general-use digital consumer payment applications that process more than five million consumer payment transactions per year and are not a “small business concern” as defined under the Small Business Act. The proposed rule defines “consumer payment transactions” as “the transfer of funds by or on behalf of a consumer physically located in a State to another person primarily for personal, family, or household purposes,” though it excludes certain transactions (including international money transfers). And it further asserts that “funds” include cryptocurrencies. The comment period for the proposed rule closes on January 8, 2024. CFPB.
• Officials’ Questions at Hearing Suggest Further Tax Proposal Revisions to Come Following Crypto Industry’s Criticism
  The IRS held a hearing on November 13 regarding its proposed crypto tax reporting rule, which has been heavily criticized by the crypto industry. The proposed rule would set forth reporting requirements and applicable definitions for digital asset brokers. At the hearing, IRS officials asked questions to clarify the criticism regarding the proposal’s wide definition of “brokers,” which as of now includes decentralized finance (DeFi) projects and wallet software. Industry representatives explained that there is no specific person that controls software used in DeFi and that it is therefore impractical to collect the information that would be required to be reported under the IRS’s proposal. In addition, the IRS asked questions relating to potentially excluding the stablecoin-reporting requirement. The industry has argued that the government should not track these transactions as taxable exchanges of assets. Furthermore, the IRS inquired about data privacy risks for consumers as a result of the proposed regulations. CoinDesk; Reuters.
• Key Cryptocurrency Legislation Likely Delayed to 2024, Lawmakers Say
  In recent months, legislators in Congress have introduced a series of bills to modernize the legal framework governing cryptocurrencies. These include the Financial Innovation and Technology for the 21st Century Act, introduced by Congressman French Hill (R-Ark.), Congressman Dusty Johnson (R-S.D.) and Congressman Glenn G.T. Thompson (R-Pa.) and the Clarity for Payment Stablecoins Act of 2023, introduced by Congressman Patrick McHenry (R-N.C.). Efforts to advance those bills had been sidelined as a leadership dispute roiled the House of Representatives following the ouster of Congressman Kevin McCarthy (R-CA) as Speaker of the House. Key proponents of the legislation have indicated that further progress on the bills is unlikely until at least early-2024. CoinDesk; CNBC.
• FASB Says Cryptocurrencies to Be Measured at Fair Value
  On December 13, 2023, the Financial Accounting Standards Board (FASB) promulgated new standards governing accounting for digital assets. Under the new standards, companies that hold bitcoin or ether will be required to record their holdings at fair value. The standards do not cover non-fungible tokens, stablecoins, and issuer-created tokens. Previous rules had required companies to record assets at their low values, which some had criticized as artificially depressing the reported value of cryptocurrency holdings due to temporary downturns in price. The FASB accounting standards will take effect after December 15, 2024, but companies may voluntarily adopt them sooner. Bloomberg; CoinDesk.

INTERNATIONAL

• Hong Kong’s SFC Updates Guidance on Tokenized Securities-Related ActivitiesOn November 2, Hong Kong’s Securities and Futures Commission (SFC) published two circulars providing updated guidance to intermediaries engaging in tokenized securities-related activities and on the tokenization of SFC-authorized investment products. The SFC now considers tokenized securities to be traditional financial instruments that are securities which utilize blockchain (or similar) technology in their security lifecycle. This updated characterization supersedes the SFC’s previous March 2019 statement characterizing tokenized securities as complex products requiring extra investment protection measures and restricting their offering to professional investors. A detailed breakdown of the circulars is available in Gibson Dunn’s November 10, 2023 Client Alert. Gibson Dunn.
• European Banking Authority Launches Public Consultation on Crypto Money Laundering
  On November 24, the European Banking Authority initiated a public consultation program to gather opinions on “new Guidelines on preventing the abuse of funds and certain crypto-assets transfers for money laundering and terrorist financing purposes.” The proposed Guidelines set out procedures that payment service providers and crypto asset service provides must follow to “detect missing or incomplete information that accompanies a transfer of funds or crypto-assets” and to manage transfers ordered with less than complete information. The Authority will take comments on its published consultation paper until February 26, 2024, and will hold a virtual public hearing on the Guidelines on January 17, 2024. EBA 1; EBA 2.
• Monetary Authority of Singapore Finalizes New Crypto Regulations
  On November 23, the Monetary Authority of Singapore (MAS) issued a response to feedback on its proposed regulation of crypto service providers. In an effort to combat the encouragement of crypto speculation, with regard to retail persons, the regulation prohibits crypto service providers from financing crypto transactions, permitting margin transactions, or providing incentives to trade. Providers are barred from accepting locally issued credit card payments, and must assess customers’ risk awareness before permitting trading. The regulation also relaxes requirements for qualifying as an accredited investor by allowing a certain quantity of crypto assets to count toward the net-worth calculation. The MAS previously issued responses to feedback in July when it promulgated regulations requiring providers to deposit customer assets in a statutory trust for safekeeping and restricting providers from lending and staking cryptocurrency to retail investors. The rules will take effect in phases, beginning in mid-2024. CoinDesk; MAS 1; MAS 2; MAS 3.
• Countries Announce Intent to Implement the OECD’s Crypto Reporting Framework
  The Organization for Economic Cooperation and Development (OECD) released the Crypto-Asset Reporting Framework (CARF) in October 2022, which focused on ensuring crypto-assets are not used for illicit purposes such as tax evasion. This month, 48 jurisdictions, including the U.S., U.K., France, Spain, Germany, Canada, and Japan, announced their intent to implement the CARF by 2027. Erika Nijenhuis, a U.S. Department of Treasury official, said earlier that regulations to implement the CARF were in process and that the Treasury can require reporting for much of what the CARF covers. Law360.
• U.K.’s Financial Conduct Authority Licenses Crypto.com As Electronic Money Institution
  On December 4, the U.K.’s Financial Conduct Authority granted crypto exchange Crypto.com a license to operate in the country as an Electronic Money Institution. Crypto.com plans to use the license to “offer a suite of UK-localised e-money products,” according to a press release. Since August 2022, the firm has held the status of a registered crypto-asset business in the U.K., but the new license will enable it to provide cash placements and withdrawals from payment accounts; to execute payment transactions; to issue payment instruments; to remit money; and to issue electronic money. Conversely, the license restricts Crypto.com from hiring agents or using distributors and from providing payment services unrelated to those licensed. Other crypto exchanges hold similar licenses in the U.K. CoinDesk; Crypto.com; Financial Conduct Authority; Crypto.news.
• South Korea Proposes New Consumer Protection Rules for Cryptocurrency
  In June of this year, South Korea’s lawmakers approved the Virtual Asset User Protection Act, which defined digital assets and imposes penalties for trading such assets on nonpublic information, manipulating markets, or otherwise engaging in unfair trading practices. The legislation also gave South Korea’s Financial Services Commission power to oversee cryptocurrency firms and asset custodians. On December 11, 2023, the country’s Financial Services Commission promulgated comprehensive regulations to effectuate the new law. The proposed rules (a) broaden the range of covered tokens, (b) prescribe standards for custodying digital assets, (c) require virtual asset service providers (VASPs) to store 80% or more of customer assets in cold wallets, (d) mandate certain insurance and reserve baselines to prevent catastrophic losses in the event of hacking or technological failures, (e) specify when nonpublic information becomes public, (f) limit when VASPs may block customer deposits and withdrawals, and (g) require VASPs to monitor abnormal transaction activity. Bloomberg; CoinDesk; S.K. Financial Services Commission.
• Regulators Approve El Salvador’s “Bitcoin Bonds”
  In January 2023, El Salvador’s lawmakers approved a bill authorizing the issuance of sovereign “Bitcoin bonds.” El Salvador’s National Bitcoin Office (ONBTC) announced on Monday that the country’s Digital Assets Commission had approved issuing the bonds, known colloquially as the “Volcano Bond” – a reference to geo-thermal energy sources used to support the country’s mining operations. According to ONBTC, the bonds are expected to issue in the first quarter of 2024 on the Bitfinex Securities Platform, a registered trading site for blockchain-based assets in El Salvador. Cointelegraph; Yahoo.

CIVIL LITIGATION

UNITED STATES

• Celsius Network Faces Roadblock in Pivot to Bitcoin Mining After Winning Initial Ch. 11 Plan Approval
  On November 30, Chief Judge Martin Glenn of the U.S. Bankruptcy Court for the Southern District of New York said that Celsius Network, the bankrupt cryptocurrency investment platform, may have to seek a new creditor vote on its proposed transformation into a bitcoin mining business. This development comes just days after Judge Glenn signed an order confirming the initial Chapter 11 plan of Celsius. Under that plan, crypto consortium Fahrenheit LLC would acquire Celsius’ assets and focus on mining new bitcoin and on earning “staking” fees by validating blockchain transactions. Customers who had Celsius accounts at the time of the bankruptcy would receive pro rata distributions of the company’s remaining cryptocurrency and preserve their right to pursue claims against parties accused of manipulating the price of Celsius’ tokens prior to the bankruptcy.However, Celsius scaled back its post-bankruptcy business plans to focus only on bitcoin mining after receiving feedback from the SEC. Although the SEC did not explicitly oppose Celsius’ bankruptcy plan before it was approved, Celsius claims that the SEC is unwilling to approve crypto lending and staking activity. Judge Glenn expressed frustration with the late pivot, saying that he had been a “broken record” about Celsius’ need to reach agreement with the SEC. Law360; Reuters.
• Genesis, Digital Currency Group Reach Agreement on New Settlement Plan
  A recent bankruptcy filing revealed that Genesis Global and its parent company, Digital Currency Group (DCG), have agreed on a repayment plan to settle their lawsuit. In September 2023, Genesis sued DCG seeking repayment of over $600 million in loans. The settlement plan shows that DCG has already settled roughly $227.3 million of its debt to Genesis and lays out a plan for an additional $275 million to be paid by April 2024 using a combination of U.S. dollars and bitcoin. The settlement also includes other consideration. CryptoSlate.
• Genesis Sues Gemini to Recover ‘Preferential Transfers’ Worth $689M
  On November 21, Genesis Global, a crypto lender, sued cryptocurrency exchange Gemini Trust Co, for allegedly making preferential transfers of approximately $689 million. Genesis filed for bankruptcy in January 2023. Genesis alleges that, before the bankruptcy filing, Gemini made “unprecedented withdrawals” that contributed to a “run on the bank.” Gemini has stated that the claims are “baseless and inflammatory.” Reuters; CoinDesk.
• FTX Says IRS Tax Estimate Is $24 Billion Too High
  On November 29, FTX asked a Delaware bankruptcy judge to set its tax bill at $0 claiming that the IRS is estimating $24 billion in claims without evidence. Given its collapse in November 2022, FTX is arguing that it has no tax liability. FTX expects to seek votes for its Chapter 11 plan in March and asked for a hearing with the IRS in February to resolve this issue beforehand as it has the potential to derail these Chapter 11 cases. After the IRS began an audit of FTX’s taxes, it had originally estimated claims at $44 billion before being revised in November to $24 billion. FTX is concerned that these claims could halt plan confirmation and indefinitely delay distributions on allowed claims to customers and creditors. Law360.

INTERNATIONAL

• FTX Investors Sue MLB, F1 Team Over Crypto Promotions
  On November 27, FTX investors filed three class action suits in Florida federal court against Major League Baseball, Mercedes-Benz’s Formula One race team, and media companies Wasserman Media Group LLC and Dentsu McGarry Bowen LLC for promoting FTX. The investors claim that all the organizations failed to conduct adequate due diligence on FTX and “aided and abetted FTX’s deceptive marketing practices.” Further, the suits allege that the organizations had a pivotal role in deceiving the public through their promotion of FTX. Law360.

SPEAKER’S CORNER

UNITED STATES

• Presidential Candidate Vivek Ramaswamy Shares Crypto Plan
  On November 16, Republican presidential candidate Vivek Ramaswamy shared his plan for regulating digital assets. Ramaswamy advocated for classifying most cryptocurrencies as commodities rather than securities, and has been critical of SEC Chair Gary Gensler’s unwillingness to share how he thinks ether should be classified. Ramaswamy also shared that his administration would not target software developers just for writing code and would leave unhosted wallets unregulated. Fellow GOP candidate Ron DeSantis also has pledged to “defend the right of Americans to hold digital assets without government interference.” CoinDesk; Washington Examiner.

INTERNATIONAL

• Singapore to Pilot Use of Wholesale Central Bank Digital Currencies in 2024
  On November 16, Ravi Menon, Managing Director of the Monetary Authority of Singapore (MAS), announced Singapore’s plan to pilot the live issuance and use of wholesale central bank digital currencies (CBDCs) in 2024. Previously, the MAS had only simulated the issuance of wholesale CBDCs within test environments. The MAS will soon partner with local banks to pilot the use of wholesale CBDCs as a common settlement asset in domestic payments. Banks will have the ability to issue tokenized bank liabilities that represent claims on their balance sheets. Retail customers can utilize these tokenized bank liabilities in transactions with merchants who, in turn, can credit these liabilities with their respective banks. MAS; CNBC.
• IMF Says Central Bank Digital Currencies Can Replace Cash
  On November 15, Kristalina Georgieva, Managing Director of the International Monetary Fund (IMF), said that central bank digital currencies (CBDCs) have the potential to replace cash in island economies where the distribution of physical currency is costly. Georgieva encouraged the public sector to prepare for the deployment of CBDCs and related payment platforms in the future, noting that such technologies could potentially improve financial inclusion and financial literacy. Georgieva noted that the success of CBDCs will ultimately rely on policy decisions, how technologies evolve, personal privacy and data security, and how the private sector responds. The IMF has said that more than 100 countries are exploring CBDCs, with countries such as Jamaica, Nigeria, and the Bahamas having already issued retail CBDCs. CNBC.

OTHER NOTABLE NEWS

• Gibson Dunn Debuts Fintech and Digital Assets Practice
  On November 13, Gibson, Dunn & Crutcher LLP announced its fintech and digital assets practice group. The practice group consists of 40 attorneys and is co-chaired by three Washington, D.C. partners, M. Kendall Day, Jeffrey Steiner, and Sara Weed. These attorneys will “advise traditional and emerging companies on the most complex investigations and enforcement actions brought by regulators in critical markets in the United States, Europe, and Asia.” Working alongside their colleagues in other practice areas like artificial intelligence, financial institutions, data innovation, public policy, privacy and cybersecurity and many others, the fintech and digital assets practice group aims to handle a broad range of “regulatory, policy and supervision and enforcement situations involving fintech, digital assets and blockchain technology” that will enable their clients to seamlessly accelerate their growth worldwide. Gibson Dunn.
• Argentina Elects Pro-Bitcoin President Javier Milei
  On November 19, Argentina elected Javier Milei as its new president. Milei is known for his anti-central banking stance, criticizing the central bank for “cheating” Argentinians through inflationary tax and even proposing the elimination of the Central Bank of Argentina. As Argentina struggles with triple-digit rates of inflation, Milei sees bitcoin as “the natural reaction against central bank scammers; to make money private again.” While Milei has not proposed making bitcoin legal tender in Argentina, as it is in El Salvador, he plans to dollarize the Argentine economy to combat the country’s inflation issues. Despite his strong views on bitcoin and cryptocurrency, it remains unclear how Milei’s administration will integrate crypto into national economic policies. Blockworks

---

The following Gibson Dunn attorneys contributed to this issue: Jason Cabral, M. Kendall Day, Chris Jones, Jay Minga, Nick Harper, Grace Feitshans, Justin Fishman, Kameron Mitchell, Michelle Lou, and Edward Ferguson.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s FinTech and Digital Assets practice group, or the following:

FinTech and Digital Assets Group:

Ashlie Beringer, Palo Alto (650.849.5327, aberinger@gibsondunn.com)

Michael D. Bopp, Washington, D.C. (202.955.8256, mbopp@gibsondunn.com

Stephanie L. Brooker, Washington, D.C. (202.887.3502, sbrooker@gibsondunn.com)

Jason J. Cabral, New York (212.351.6267, jcabral@gibsondunn.com)

Ella Alves Capone, Washington, D.C. (202.887.3511, ecapone@gibsondunn.com)

Grace Chong, Singapore (+65 6507 3608, gchong@gibsondunn.com)

M. Kendall Day, Washington, D.C. (202.955.8220, kday@gibsondunn.com)

Michael J. Desmond, Los Angeles/Washington, D.C. (213.229.7531, mdesmond@gibsondunn.com)

Sébastien Evrard, Hong Kong (+852 2214 3798, sevrard@gibsondunn.com)

William R. Hallatt, Hong Kong (+852 2214 3836, whallatt@gibsondunn.com)

Martin A. Hewett, Washington, D.C. (202.955.8207, mhewett@gibsondunn.com)

Michelle M. Kirschner, London (+44 (0)20 7071.4212, mkirschner@gibsondunn.com)

Stewart McDowell, San Francisco (415.393.8322, smcdowell@gibsondunn.com)

Mark K. Schonfeld, New York (212.351.2433, mschonfeld@gibsondunn.com)

Orin Snyder, New York (212.351.2400, osnyder@gibsondunn.com)

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, jsteiner@gibsondunn.com)

Eric D. Vandevelde, Los Angeles (213.229.7186, evandevelde@gibsondunn.com)

Benjamin Wagner, Palo Alto (650.849.5395, bwagner@gibsondunn.com)

Sara K. Weed, Washington, D.C. (202.955.8507, sweed@gibsondunn.com)

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

The agreement marks a watershed moment for AI regulation and is the most significant endorsement of so-called “comprehensive” AI regulation from a major political actor on the world stage.

I.  Introduction

After almost 6 months of negotiations, in the late night and early morning hours of December 8-9, 2023, the European Commission, the Council and the Parliament reached political agreement on the provisional rules that will comprise the European Union’s Artificial Intelligence Act (the “AI Act”).[1] This agreement marks a watershed moment for AI regulation, and is the most significant endorsement of so-called “comprehensive” AI regulation from a major political actor on the world stage.  The provisional agreement on the AI Act would:

• Establish a broad and extraterritorial scope of application,
• Prohibit certain uses of AI entirely, and
• Define a broad range of other uses as “high-risk” and subject to stringent requirements.

A number of procedural steps remain before the AI Act is finalized (as summarized in more detail in Section III); however, the staggered – and relatively rapid – planned enforcement of certain provisions bears note. Provisions related to prohibited AI systems are set to become enforceable six months after the Act is finalized; and provisions related to so-called General Purpose AI (“GPAI”) become enforceable 12 months after this date.  The rest of the AI Act is expected to become enforceable in 2026.

The “long arm” of the AI Act will impact a broad range of business – including, but not limited to, those that intend to provide or deploy AI systems within the EU.[2]  The distinct posture of the AI Act – based in part on fundamental and human rights jurisprudence – requires companies to think differently when preparing compliance strategies:

• Proactive engagement with novel regulatory measures, such as a fundamental rights impact assessment for certain AI systems, and
• Reimagining and documenting strategic decision-making related to internal governance and compliance in the face of unpredictable and uncertain go-forward risks.

This alert builds on our previous alerts which analyzed the European Commission’s 2021 proposal on the AI Act, the European Council’s common position (December 2022) and European Parliament’s negotiating position (June 2023). This alert takes a closer look at some of the key areas of debate in the trilogue procedure and the political agreement that was reached.

Negotiations on the final text of the AI Act remain underway, and the final wording of the provisional agreement is not yet public.  The analysis below is based on public reports and our understanding of the substance of the agreement, but this may change based on a variety of factors.  Keen followers of artificial intelligence would no doubt agree a lack of forward-looking certainty is the one guarantee in this area, and that applies equally to the AI Act’s journey from initial gestation to “political agreement.”

II.  From negotiation to agreement: Outcome of the trilogue procedure

a)  Scope of Application

The AI Act will provide for an extra-territorial scope of application that includes obligations for providers and deployers of AI systems. This has significant consequences for businesses not established in the EU, if they place an AI system on the market or put it into service in the EU. Furthermore, the regulations apply when “outputs” produced by an AI system are (or are intended to be) used in the EU. A key issue yet to be determined relates to the scope of the “output” provisions and the extent to which the AI Act regulates activities across the AI supply chain. One example could be AI-assisted R&D that is outsourced outside Europe such that only the final product (e.g., products designed using AI that do not themselves fall within the definition of an AI system and are not, technically, “outputs” of an AI system) are marketed in the EU.

b)  Definition of AI

The definition of AI, a key threshold for applicability of the AI Act, has been subject to significant change throughout the legislative process. As noted in our previous alert, what started out as an overly broad definition has been reportedly narrowed over time with the goal of ensuring that traditional computational processes and software are not inadvertently captured. While the final text of the AI Act has not yet been released, the language reportedly aligns with the definition of AI recently adopted by the OECD[3] and reflects the need to preserve the ability to adjust the definition as necessary to account for future developments in the fast-moving AI landscape. While the definition in the final text does not reflect the OECD’s definition verbatim, it reflects its main elements, i.e., objective-based output generation that is able to influence its environment with varying degrees of autonomy.[4]

c)  Prohibited AI systems

The AI Act classifies AI systems by risk level (unacceptable, high, limited, and minimal or no risk). AI systems that carry “unacceptable risk” are per se prohibited. In other words, the Act adopts bright line rules as to some uses of AI systems, based on fundamental rights concerns, differently from some other flagship regulations in the EU which usually allow for exceptions based on general rules. This framework will require particular diligence on behalf of businesses when classifying their AI systems for the purposes of the Act’s risk-based approach.

While the European Commission and Council advocated for a narrower list of prohibited AI systems, the Parliament’s mandate included a longer list of prohibited AI systems, banning certain use cases entirely. The agreed AI Act prohibits, inter alia:[5]

• Manipulation of human behavior to circumvent end-users’ free will;
• Social scoring;
• Certain applications of predictive policing;
• Emotion recognition systems used in the workplace; and
• Real time remote biometric identification for law enforcement purposes in publicly accessible spaces (with narrow exceptions).

The European Council resisted the full ban on real-time remote biometric identification in publicly accessible spaces proposed by the European Parliament. Instead, real-time remote biometric identification for law enforcement purposes is prohibited unless it fits within narrow exceptions, such as for uses tied to the prevention of terrorist attacks or to locate victims or suspects in connection with serious offences, such as terrorism. Under the agreed version of the AI Act, other forms of biometric identification that fall outside the scope of the prohibition (i.e., ex-post biometric identification) are considered “High-Risk” (for which, see below).

d)  High-risk AI systems

High-risk AI systems, while permitted, are subject to the most stringent obligations. AI systems may fall into this category if they pose a “significant risk” to an individual’s health, safety, or fundamental rights, and are used, or intended to be used, for inter alia education, employment, critical infrastructure, public services, law enforcement, border control, and administration of justice. One new obligation for companies imposed by the AI Act will be to prepare fundamental rights impact assessments (‘FRIAs’). Determining when and how to conduct an FRIA will raise many strategic and compliance-focused questions, taking account of the nature and scope of the AI system in question. Businesses will need to take steps to engage with this obligation as soon as possible.

In response to concerns that the high-risk category may be over-inclusive, the agreed version of the AI Act adds the concept of a filter system, which provides a series of exemptions that would allow providers of AI systems to avoid the high-risk category based on self-assessments.

The European Commission is expected to develop guidelines on the application of these filters. Currently, it has been reported that the filters exempt AI systems that are (i) intended to perform a narrow procedural task; (ii) intended to review or improve the result of a previously completed human activity; (iii) purely intended to detect decision-making patterns or deviations from prior decision-making patterns to flag potential inconsistencies; or (iv) used to perform preparatory tasks for an assessment relevant to critical use cases. It is not unlikely that the operation of this filter system may cause some problems in practice and lack of legal certainty as to the scope of the exemptions.

Providers that make an assessment that their systems fall outside of the high-risk category may be obliged to provide, upon request, the results of their prior assessment as to classification to the respective national market surveillance authorities. The agreed AI Act also contemplates allowing these market surveillance authorities to carry out evaluations of AI systems where they have sufficient reason to believe they should be considered high-risk, and to impose fines where they have sufficient evidence that the AI system provider misclassified their system to avoid a high-risk classification.[6]

e)  General Purpose AI (Foundation Models)

As explained in our previous alert, the Parliament’s negotiating position introduced a regime for regulating GPAI models – or foundation models – consisting of models that “are trained on broad data at scale, are designed for generality of output, and can be adapted to a wide range of distinctive tasks”.[7] Parliament also introduced certain separate testing and transparency requirements, with most of the obligations falling on any deployer that substantially modifies a GPAI system for a specific use case.

The regulation of GPAI models was heavily debated during the trilogue procedure. The final text features a tiered approach (initially proposed by the European Commission) which places more onerous obligations on GPAI models that could pose “systemic” risks. The AI Act contains a presumption categorizing models as carrying a “systemic risk” where the model was trained using computing power greater than 10^25 floating point operations (FLOPs), indicating their capabilities and amount of underlying data. The European Commission has commented that “these new obligations will be operationalized through codes of practices developed by industry, the scientific community, civil society and other stakeholders together with the Commission.”[8]  The tiered approach represents a compromise between the stark opposition to any regulation of foundation models in the AI Act by some Member States, including France, Germany and Italy, and the European Parliament’s preferred approach of establishing horizontal obligations which would apply equally to all foundation models.[9]

While certain obligations will apply to GPAI models, e.g., transparency obligations relating to the training data as well as copyright safeguards or making AI-generated content recognizable, providers of foundation models that meet the “systemic risks” threshold will need to notify the Commission of their status and comply with the relevant obligations in the AI Act (similar to the notification mechanism in the EU Digital Services Act). The regime places onerous obligations on providers of foundation models that are similar to those that apply to high-risk AI systems, e.g., requirements to assess and mitigate the risks their models entail, comply with certain design, information and environmental requirements and register such models in an EU database.

f)  Enforcement

The AI Act envisions a strict enforcement regime set to be overseen by national authorities designated by each EU Member State to supervise compliance within its territory as well as a centralized European Artificial Intelligence Office tasked with coordinating enforcement efforts. Notably, the AI Act does not contemplate a de-centralized system of enforcement or a “one-stop shop” as under the GDPR. However, the competent national authorities will be gathered in the European Artificial Intelligence Board to ensure consistent application of the law. The maximum fines for non-compliance with the AI Act can reach up to EUR 35 million or, if the offender is a company, up to 7% of its total worldwide annual turnover for the preceding financial year, whichever is higher.[10] Certain proportionate caps on fines will apply for small and medium-sized enterprises (SMEs) and start-ups.

III.  Next Steps

The AI Act is an extensive and complicated piece of legislation, and its impact will be far-reaching. After the conclusion of the trilogue process, the AI Act is now subject to formal adoption by the European Parliament and the Council. Once adopted, the AI Act will be published in the Official Journal and will enter into force 20 days following publication. However, the AI Act will not become fully enforceable until two years after its entry into force—likely in 2026—with some exceptions for specific provisions such as prohibited AI systems and AI systems classified as GPAI, which will be applicable after 6 and 12 months, respectively.

Now that political agreement has been reached, companies should be proactively engaging with the provisions of the AI Act and making preparations to ensure compliance by the applicable deadlines.

__________

[1] Council of the EU, Artificial intelligence act: Council and Parliament strike a deal on the first rules for AI in the world, press release of 9 December 2023, available here.

[2] The scope of some of the broadest jurisdictional hooks, including governing companies that are responsible for generating output from AI tools that have effect in the Union, remains to be seen.

[3] See, Luca Bertuzzi, Euractiv, OECD updates definition of Artificial Intelligence ‘to inform EU’s AI Act’, Article of 9 November 2023, available here.

[4] See, Luca Bertuzzi, Euractiv, AI Act: EU policymakers nail down rules on AI models, butt heads on law enforcement, Article of 9 December 2023, available here.

[5] European Commission, Commission welcomes political agreement on Artificial Intelligence Act, Article of 9 December 2023, available here.

[6] See, Luca Bertuzzi, Euractiv, AI Act: Leading MEPs revise high-risk classification, ignoring negative legal opinion, Article of 10 November 2023, available here.

[7] European Parliament’s compromise proposal, Art. 3(1c), available here.

[8] European Commission, Commission welcomes political agreement on Artificial Intelligence Act, Article of 9 December 2023, available here.

[9] See, Luca Bertuzzi, Euractiv, EU’s AI Act negotiations hit the brakes over foundation models, Article of 10 November 2023, available here.

[10] European Commission, Commission welcomes political agreement on Artificial Intelligence Act, Article of 9 December 2023, available here.

---

The following Gibson Dunn attorneys assisted in preparing this update: Vivek Mohan, Robert Spano, Kai Gesing, Joel Harrison, Christian Riis-Madsen, Nicholas Banasevic, Stéphane Frank, Frances Waldmann, Leon Freyermuth, Christoph Jacob, Jonas Jousma, Yannick Oberacker, Ciara O’Gara, Tine Rasmussen, and Hayley Smith.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any of the leaders and members of the firm’s Artificial Intelligence or Privacy, Cybersecurity & Data Innovation practice groups, or the following authors:

Stéphane Frank – Brussels (+32 2 554 72 07, sfrank@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33 180, kgesing@gibsondunn.com)
Joel Harrison – London (+44 20 7071 4289, jharrison@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)
Christian Riis-Madsen – Brussels (+32 2 554 72 05, criis@gibsondunn.com)
Robert Spano – London/Paris (+44 20 7071 4902, rspano@gibsondunn.com)
Frances A. Waldmann – Los Angeles (+1 213.229.7914, fwaldmann@gibsondunn.com)

Artificial Intelligence:
Cassandra L. Gaedt-Sheckter – Co-Chair, Palo Alto (+1 650.849.5203, cgaedt-sheckter@gibsondunn.com)
Vivek Mohan – Co-Chair, Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)
Robert Spano – Co-Chair, London/Paris (+44 20 7071 4902, rspano@gibsondunn.com)
Eric D. Vandevelde – Co-Chair, Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)

Privacy, Cybersecurity and Data Innovation:
Ahmed Baladi – Co-Chair, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
S. Ashlie Beringer – Co-Chair, Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)
Jane C. Horvath – Co-Chair, Washington, D.C. (+1 202.955.8505, jhorvath@gibsondunn.com)
Alexander H. Southwell – Co-Chair, New York (+1 212.351.3981, asouthwell@gibsondunn.com)

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

Gibson Dunn has formed a Workplace DEI Task Force, bringing to bear the Firm’s experience in employment, appellate and Constitutional law, DEI programs, securities and corporate governance, and government contracts to help our clients develop creative, practical, and lawful approaches to accomplish their DEI objectives following the Supreme Court’s decision in SFFA v. Harvard. Prior issues of our DEI Task Force Update can be found in our DEI Resource Center. Should you have questions about developments in this space or about your own DEI programs, please do not hesitate to reach out to any member of our DEI Task Force or the authors of this Update (listed below).

Key Developments:

On December 6, 2023, Fearless Fund (represented by Gibson Dunn) filed its merits brief in Am. Alliance for Equal Rights v. Fearless Fund Mgmt., LLC, No. 23-13138 (11th Cir. 2023). The brief is available here. Fearless Fund is a Black women-owned venture capital firm with a “Fearless Strivers” charitable grant program that provides $20,000 grants to Black female entrepreneurs as part of its mission to raise awareness about inequities in access to capital. AAER sued Fearless Fund in August 2023, claiming the program violates Section 1981 and seeking a preliminary injunction preventing Fearless Fund from awarding the grants. The district court denied the plaintiff’s motion for a preliminary injunction, but on September 30, 2023, the Eleventh Circuit temporarily enjoined the program pending appeal. AAER filed its merits brief on November 6, 2023. Its reply brief is due on January 3, 2024. Oral argument is scheduled for January 31, 2024.

On December 6, 2023, the U.S. Supreme Court heard oral arguments in Muldrow v. City of St. Louis, a case that presents potentially sweeping implications for workplace discrimination claims. The question before the Court is whether Title VII prohibits discrimination in transfer decisions if the transfer did not create a significant disadvantage for the employee, such as diminished earnings, benefits, or future career prospects. The plaintiff argued that all job-transfer decisions based on a protected characteristic violate Title VII regardless of whether an employee suffers any additional harm, an argument to which a number of Justices appeared sympathetic. The defendant argued that an employee must experience a materially adverse employment action—beyond the transfer decision itself—for the action to be cognizable under Title VII. Depending on its scope, a finding by the Court that the lateral transfer in this case was an actionable change in the “terms, conditions and privileges of employment” could significantly expand the range of employment actions subject to Title VII. An expanded definition of “terms, conditions and privileges of employment” could raise questions, for example, about whether workplace DEI programs that do not constitute tangible employment actions like promotions could nevertheless be actionable under Title VII if they provide differential treatment based on race or gender.

On November 28, 2023, America First Legal (“AFL”), on behalf of Target shareholders, filed an amended complaint in its lawsuit against Target Corporation and certain of its officers. Plaintiffs allege that the Target board depressed Target’s stock price by falsely representing that it was monitoring social and political risks to the company, when it was, in fact, only focused on risks associated with not achieving ESG and DEI goals. The original complaint alleged violations of Sections 10(b) and 14(a) of the Securities Exchange Act of 1934. The amended complaint adds a claim under Section 20(a) of the Exchange Act based on the company’s 2023 Pride Month collection. The amended complaint also adds four new plaintiffs. Responsive pleadings are due on January 26, 2024.

On December 4, 2023, the Sixth Circuit issued a decision in Ames v. Ohio Department of Youth Services, No. 23-3341 (6th Cir. Dec. 4, 2023), calling attention to a circuit split relating to a plaintiff’s burden of proof in Title VII “reverse-discrimination” cases. In affirming the district court’s decision granting summary judgment for the Department, the court relied on Sixth Circuit precedent that requires plaintiffs in reverse-discrimination cases to make an additional showing that “background circumstances . . . support the suspicion that the defendant is that unusual employer who discriminates against the majority.” In a concurring opinion, Judge Raymond M. Kethledge took issue with the background circumstances rule, noting that the rule goes against the express language of Title VII because it imposes different burdens on different plaintiffs based on their membership in different demographic groups. The Sixth, Seventh, Eighth, Tenth, and D.C. Circuits have adopted the background circumstances rule, while the Third and Eleventh Circuits have expressly rejected it. Judge Kethledge predicted that the Supreme Court will resolve the circuit split and review the validity of the background circumstances rule.

With the 2024 proxy season approaching for many publicly traded companies, special interest investors with viewpoints that span the political spectrum continue to use the shareholder proposal process set forth in Securities and Exchange Commission (SEC) Rule 14a-8 to advance their particular pro- or anti-DEI agendas. As we reported on here, shareholder proposals focused on nondiscrimination and diversity issues were the fourth most popular proposals submitted during the 2023 proxy season. These proposals largely focused on requesting racial equity or civil rights audits, reports on DEI efforts, and analyses of gender and racial pay equity. Companies also received shareholder proposals from ESG skeptics like the National Legal and Policy Center and the National Center for Public Policy Research. These proposals asked that companies roll back plans to undertake a racial equity audit, conduct a cost/benefit analysis of DEI programs and conduct a “return to merit” audit where the supporting statements focused on concerns about potential discrimination against “non-diverse” employees or discrimination based on religious and political views. DEI-related shareholder proposals submitted for 2024 annual meetings to date are similar, including shareholder proposals requesting reports on corporate DEI programs and on any risks associated with potential discrimination against conservative viewpoints or ideologies.

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

• The Washington Post, “Conservatives are suing law firms over diversity efforts. It’s working.” (December 9): The Post’s Julian Mark and Taylor Telford summarize the efforts of Edward Blum’s conservative advocacy group American Alliance for Equal Rights, which has sued or sent threat letters to at least seven law firms challenging their diversity recruitment programs. At least three of these firms changed their diversity fellowship eligibility criteria. Blum noted that “it is likely that other corporate entities with similar racially discriminatory policies will be sued in the coming weeks.” Professor Kenji Yoshino was quoted extensively and offered alternative paths to achieving DEI goals in this new legal landscape.
• Bloomberg Law, “Blum Says He’s Done Suing Law Firms as Winston Yields on DEI.” (December 6, 2023): Bloomberg Law’s Tatyana Monnay reports that AAER has no further plans to sue law firms, however, Edward Blum noted that his team still “combs websites of hundreds of firms looking for any evidence of programs he views as illegal.”
• Law360, “Commerce Dept. Wants Feedback on Draft DEI Principles” (November 27): Law360’s Sarah Jarvis reports on a recent request by the U.S. Department of Commerce for comments on a proposed set of DEIA principles that set out best practices for DEI in the private sector. According to the Department’s Federal Register notice, the Initiative is intended to be the first step in a long-term effort to “convene private sector business diversity leaders, amplify existing efforts, and inspire additional, voluntary business diversity efforts.” The draft principles are focused on executive leadership, organizational strategy, workforce development, human resources, business opportunities, and community investment. Comments are due January 5, 2024.
• Bloomberg Law, “Nasdaq’s Board Diversity Court Win Draws New Conservative Appeal” (November 28): Bloomberg Law’s Andrew Ramonas reports that the National Center for Public Policy Research (“NCPPR”) has filed a petition for en banc review of the Fifth Circuit’s October decision in Alliance for Fair Board Recruitment v. SEC, upholding Nasdaq’s Board Diversity Rules. The Alliance for Fair Board Recruitment, the other petitioner in the case, previously filed a petition for rehearing in October. Among other things, NCPPR contends that the rules exceed the scope of the Exchange Act. Gibson Dunn represents Nasdaq as an intervenor in the case.
• Law360 California Pulse, “Diversity In Management Linked To Higher Long-Term Growth” (November 30): Law360’s Aaron West summarizes a new study by corporate social responsibility and workplace equity nonprofit As You Sow, which found that, in certain industries, companies with more racial diversity in management are more likely to demonstrate increases in average long-term financial growth, income after tax, and other financial metrics. According to the report, these positive correlations were evident in the “communication services, consumer discretionary, consumer staples, financials, health care, and information technology sectors.” West notes that the study also identified that the most statistically significant positive financial gains occurred among companies with the largest market capitalization.
• Law360, “4th Circ. Reluctant To Reverse White Exec’s Race Bias Verdict” (December 7): Law360’s Hayley Fowler reports on the oral argument before a panel of the Fourth Circuit in Duvall v. Novant Health Inc., a case in which a white executive was awarded nearly $4.6 million after a jury trial on his claim that he was fired as a result of a North Carolina hospital’s diversity initiative, in violation of Title VII. Oral argument on Novant Health’s appeal included an extended discussion of the efforts white collar workers must make to find new employment, in order to mitigate damages. According to Fowler, the panel “seemed dubious” overall of undoing the jury verdict in favor of the plaintiff.

Current Litigation:

Below is a list of updates in new and pending cases:

1. Contracting claims under Section 1981, the U.S. Constitution, and other statutes:

• Am. Alliance for Equal Rights v. Winston & Strawn LLP, No. 4:23-cv-04113 (S.D. Tex. 2023): AAER sued law firm Winston & Strawn, challenging its 1L diversity fellowship program as racially discriminatory in violation of Section 1981.
  • Latest update: On December 6, 2023, AAER dismissed the case after Winston & Strawn changed its fellowship program eligibility language to be race-neutral.
• Phillips v. Starbucks Corp., No. 19-cv-19432 (D.N.J. 2019): On October 28, 2019, a white former Starbucks regional director sued the company for firing her based on her race, allegedly to protect its image after the company suffered bad press when two Black men were arrested in a store for which the plaintiff oversaw operations. The plaintiff alleged discrimination and retaliation in violation of Title VII, Section 1981, and New Jersey state law. On June 12, 2023, a New Jersey federal jury awarded $25.6 million in compensatory and punitive damages to the plaintiff. On July 13, 2023, Starbucks filed a number of post-trial motions, including a motion to vacate and a motion for judgment as a matter of law.
  • Latest update: The court heard oral argument on the post-trial motions on November 30, 2023.
• Correll v. Amazon.com, Inc., No. 3:21-cv-1833 (S.D. Cal. 2022): On October 28, 2021, a white male businessman sued Amazon, alleging that by having a feature within its website that allows consumers to identify products sold by non-white, non-male sellers, the company violated Section 1981 and separately California Civil Code §§ 51 and 51.5, which prohibit racial discrimination by businesses.
  • Latest update: On November 28, 2023, the parties filed a joint motion to dismiss, stipulating to the plaintiff’s dismissal of the action against Amazon with prejudice. The court granted the motion on November 30, 2023.
• Bradley, et al. v. Gannett Co. Inc., 1:23-cv-01100 (E.D.V.A. 2023): On August 18, 2023, white plaintiffs sued Gannett over its alleged “Reverse Race Discrimination Policy,” in response to Gannett’s expressed commitment to having its staff demographics reflect the communities it covers, alleging violations of Section 1981.
  • Latest update: On November 24, Gannett moved to dismiss, arguing that the plaintiffs failed to state Section 1981 claims because they did not plead specific facts connecting the allegedly discriminatory policy with their own differential treatment on the basis of race. Gannett also argued that many of the actions that the plaintiffs challenged, including performance evaluations and reassignments, did not rise to actionable adverse employment actions. A hearing on the motion to dismiss has been scheduled for January 10, 2024.

2. Challenges to agency rules, laws, and regulatory decisions:

• Alliance for Fair Board Recruitment v. SEC, No. 21-60626 (5th Cir. 2021): On October 18, 2023, a unanimous Fifth Circuit panel rejected challenges to Nasdaq’s Board Diversity Rules and the SEC’s approval of those rules. Petitioners Alliance for Fair Board Recruitment and National Center for Public Policy Research sought review of the SEC’s approval of Nasdaq’s Board Diversity Rules, which require companies that have contracted to list their shares on Nasdaq’s exchange to (1) disclose aggregated information about their board members’ voluntarily self-identified diversity characteristics (including race, gender, and sexual orientation), and (2) provide an explanation if fewer than two board members are diverse. The SEC approved the rules after determining that they were consistent with the Exchange Act. Petitioners challenged the rules on constitutional and statutory grounds. Gibson Dunn represents Nasdaq, which intervened to defend its rules.
  • Latest update: On October 25, 2023, AFBR petitioned for a rehearing en banc. On November 27, 2023, NCPPR also petitioned for rehearing en banc, and the court ordered the SEC and Nasdaq to respond to the petitions. On November 28, Republican Attorneys General from Utah and 18 other states filed an amicus brief in support of the petitions. Responses to these petitions are due December 18, 2023.
• Johnson v. Watkin, No. 1:23-cv-00848-ADA-CDB (E.D. Cal. 2023): On June 1, 2023, a community college professor in California sued to challenge new “Diversity, Equity and Inclusion Competencies and Criteria Recommendations” enacted by the California Community Colleges Chancellor’s Office, claiming the regulations violated the First and Fourteenth Amendments. The plaintiff alleged that the adoption of the new competency standards, which require professors to be evaluated in part on their success in integrating DEI-related concepts in the classroom, will require him to espouse DEI principles with which he disagrees, or be punished. The plaintiff moved to enjoin the policy.
  • Latest update: On November 29, 2023, both plaintiff and defendant filed objections to the magistrate judge’s recommendation and proposed order granting a preliminary injunction to prevent the college from disciplining or investigating the plaintiff based on his political speech. The plaintiff argued that the court should enjoin the new DEI rules in their entirety. The defendants argued that the proposed injunction is overbroad and forecloses all DEI policies (including those not yet written), and is factually inaccurate as to how disciplinary procedures work. The defendants further argued that the plaintiff lacks standing and that the rules are constitutionally permissible standards for job-related conduct rather than restrictions of the plaintiff’s personal views.

3. Educational Institutions and Admissions (Fifth Amendment, Fourteenth Amendment, Title VI, Title IX):

• Students for Fair Admissions, Inc. v. University of Texas at Austin, 1:20-cv-00763-RP (W.D. Tex. 2020): On July 20, 2020, SFFA sued the University of Texas, alleging that UT Austin’s methods of considering race in undergraduate admissions violated the Equal Protection Clause of the Fourteenth Amendment, Sections 1981, Title VII, the Texas Constitution, and Texas state law.
  • Latest update: On October 27, 2023, the defendants moved to dismiss the action as moot, claiming UT Austin made its admissions process race-neutral following the Supreme Court’s decision in SFFA v. Harvard. On November 27, SFFA opposed dismissal, arguing the case is still live because UT Austin has allegedly failed to implement safeguards to ensure its admissions officers comply with the new policy and because SFFA is still seeking an injunction to prohibit UT from reinstituting its prior policy. The defendants’ reply is due on January 11, 2024.
• Students for Fair Admissions v. United States Naval Academy, No. 1:23-cv-02699-ABA (D. Md. 2023): On October 5, 2023, SFFA sued the U.S. Naval Academy, arguing that consideration of race in its admissions process violates the Fifth Amendment.
  • Latest update: On November 27, 2023, the court set a hearing on the plaintiffs’ motion for a preliminary injunction for December 14, 2023. On December 1, 2023, the Naval Academy and other federal defendants filed their response to the preliminary injunction motion, arguing that SFFA did not demonstrate that it had standing because it submitted only anonymous declarations on behalf of its members, and that it did not demonstrate irreparable harm because there had been a substantial delay in bringing the action. On the merits, the Academy argued that the military has a compelling national security interest in a diverse officer corps, and that its admissions process was narrowly tailored.
• Students for Fair Admissions v. U.S. Military Academy at West Point, No. 7:23-cv-08262 (S.D.N.Y. 2023): On September 19, 2023, SFFA sued West Point, arguing that affirmative action in its admissions process, including alleged racial “benchmarks” of “desired percentages” of minority representation, violates the Fifth Amendment of the U.S. Constitution by taking applicants’ race into account.
  • Latest update: On November 22, 2023, West Point and other federal officials filed their opposition to the motion for a preliminary injunction. They argued that SFFA has not demonstrated it has standing because it has not pled facts to show its members, who are described anonymously in the complaint, have a stake in the controversy. They also argued that SFFA did not demonstrate irreparable harm, in part because its members have not actually applied for admission to West Point. On the merits, West Point argued that its admissions process is constitutional because the military has a compelling national security interest in a diverse officer corps distinct from academic interests in student diversity, and its admissions process is narrowly tailored.

---

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Elizabeth Ising, Blaine Evanson, Molly Senger, Zakiyyah Salim-Williams, Matt Gregory, Zoë Klein, Mollie Reiss, Teddy Rube*, Alana Bevan, and Marquan Robertson*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and authors:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, ksmith@gibsondunn.com)

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, mdenerstein@gibsondunn.com)

Elizabeth A. Ising – Partner & Co-Chair, Securities Regulation and Corporate Governance
Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, zswilliams@gibsondunn.com)

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, msenger@gibsondunn.com)

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group
Orange County (+1 949-451-3805, bevanson@gibsondunn.com)

*Teddy Rube and Marquan Robertson are associates working in the firm’s Washington, D.C. office who are not yet admitted to practice law.

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

This edition of Gibson Dunn’s Federal Circuit Update summarizes the current status of several petitions pending before the Supreme Court, and recent Federal Circuit decisions concerning attorneys’ fees under 35 U.S.C. § 285, Article III standing, and the Board’s authority to issue a final written decision past the statutory deadline.

Federal Circuit News

Noteworthy Petitions for a Writ of Certiorari:

As we summarized in our October 2023 update, there are a few petitions pending before the Supreme Court.  We provide an update below:

• In VirnetX Inc. v. Mangrove Partners Master Fund, Ltd. (US No. 23-315), the Court granted an extension for the response, which is now due December 27, 2023. An amicus curiae brief has been filed by the Cato Institute.
• In Intel Corp. v. Vidal (US No. 23-135), a response was filed on November 9, 2023. Three amici curiae briefs have been filed.  The petition will be considered during the Court’s January 5, 2024 conference.
• The Court denied the petition in HIP, Inc. v. Hormel Foods Corp. (US No. 23-185).

Other Federal Circuit News:

New Federal Circuit Rules.  The December 1, 2023 amendments to the Federal Circuit Rules are now in effect.  The Federal Circuit has also approved increases to its local fees effective December 1, 2023.  Details can be found here.

Upcoming Oral Argument Calendar

The list of upcoming arguments at the Federal Circuit is available on the court’s website.

Key Case Summaries (November 2023)

In re PersonalWeb Technologies LLC, Nos. 21-1858, 21-1859, 21-1860 (Fed. Cir. Nov. 3, 2023):  This was the third appeal from a multidistrict litigation involving PersonalWeb.  In 2011, PersonalWeb sued Amazon for patent infringement. After claim construction, PersonalWeb dismissed with prejudice its claims against Amazon.  Then, in 2018, PersonalWeb brought claims against Amazon’s customers on the same patents.  Amazon intervened and filed a motion for declaratory judgment barring PersonalWeb’s infringement actions against Amazon and its customers.  The cases were consolidated.  The district court ultimately entered judgment of non-infringement in favor of Amazon.  Amazon then moved for attorneys’ fees and costs under 35 U.S.C. § 285.  The district court granted that motion and awarded over $5 million in fees and costs.

The majority (Reyna, J., joined by Lourie, J.) affirmed, holding that the district court did not abuse its discretion in awarding fees and costs.  In particular, the majority concluded that the district court did not abuse its discretion when it determined that PersonalWeb’s claims were objectively baseless because it required only a “straightforward application of Kessler,” which precludes follow-up suits against a company’s customers over the same allegedly infringing products that had already been adjudicated.  The majority reasoned that a dismissal with prejudice operates as an adverse adjudication on the merits.

Judge Dyk dissented, reasoning that PersonalWeb’s claims against Amazon’s customers were not objectively baseless in light of unsettled case law surrounding the Kessler doctrine, and specifically whether the Kessler doctrine applies to a stipulated dismissal with prejudice or only to a litigated determination of non-infringement.  Indeed, PersonalWeb sought certiorari on that very issue from its 2018 litigation, and the Solicitor General filed an amicus brief agreeing with PersonalWeb that its claims should not have been barred under Kessler.  Thus, Judge Dyk would have remanded because, in his view, the district court abused its discretion in awarding fees based on PersonalWeb’s Kessler argument.

Actelion Pharmaceuticals Ltd. v. Mylan Pharmaceuticals Inc., No. 22-1889 (Fed. Cir. Nov. 6, 2023):  Actelion sued Mylan for infringing two of Actelion’s patents directed to epoprostenol formulations.  The parties disputed the meaning of a limitation in the patents requiring “a pH of 13 or higher.”  The district court construed the phrase to encompass “values that round up or down to 13, 12.5 and 13.4,” relying exclusively on the intrinsic evidence.  Mylan stipulated to infringement of Actelion’s patents under the district court’s construction, and appealed.

The Federal Circuit (Stoll, J., joined by Reyna and Stark, J.J.) vacated and remanded.  The Court concluded that the intrinsic evidence was not sufficiently clear as to the level of precision required by a “pH of 13 or higher” and that the district court should have considered the extrinsic evidence the parties presented to ascertain the ordinary meaning of the phrase.  Accordingly, the Court vacated the district court’s construction and remanded for the district court to consider the extrinsic evidence in the first instance.

Allgenesis Biotherapeutics Inc. v. Cloudbreak Therapeutics, LLC, No. 22-1706 (Fed. Cir. Nov. 7, 2023):  Allgenesis filed a petition for inter partes review (“IPR”) challenging Cloudbreak’s patent directed to the use of multikinase inhibitors, including nintedanib, for treating pterygium, an eye condition involving tumorous growths.  During the proceeding, Cloudbreak disclaimed the genus claims, leaving only the claims that more narrowly claimed the use of nintedanib.  The Board issued a final written decision finding that Allgenesis failed to show that the remaining nintedanib claims were unpatentable.  Specifically, the Board found that the nintedanbi claims were sufficiently described by the specification of a provisional application from which the Cloudbreak patent claimed priority and therefore predated the alleged prior art reference.

The Federal Circuit (Moore, C.J., joined by Stoll and Cunningham, JJ.) dismissed the appeal because it determined that Allgenesis lacked Article III standing.  The Court determined that Allgenesis failed to establish an injury-in-fact from potential infringement liability or that the Board’s priority analysis would have a preclusive effect, impacting Allgenesis’s patent rights in issued or still-pending continuation applications.  Specifically, the Court held that collateral estoppel would not attach to the Board’s non-appealable priority determination.  Instead, if an examiner were to reach the same priority determination during prosecution of Allgenesis’s pending application, “Allgenesis can challenge that determination in a separate appeal.”

Purdue Pharma L.P. v. Collegium Pharmaceutical, Inc., No. 22-1482 (Fed. Cir. Nov. 21, 2023):  Purdue sued Collegium for infringement of Purdue’s patent directed to a formulation containing a gelling agent that “prevent[s] or deter[s] the abuse of opioid analgesics by the inclusion of at least one aversive agent in the dosage form.”  Collegium filed a petition for post-grant review (“PGR”) of the patent.  Purdue subsequently filed for bankruptcy and requested a stay of all proceedings, including the PGR.  After the statutory deadline for the Board to issue a final written decision had passed, Purdue asked for the stay to be lifted for the district court proceedings only, but the bankruptcy court lifted the stay for both the district court and PGR proceedings.  Purdue then moved to terminate the PGR proceeding, arguing that the Board no longer had the authority to issue a final written decision.  The Board denied the motion and issued its final written decision, finding the challenged claims unpatentable for lack of written description and anticipation.

The Federal Circuit (Dyk, J., joined by Hughes and Stoll, JJ.) affirmed.  The Court determined that the Board’s failure to meet the statutory deadline did not deprive the Board of authority to issue a final written decision.  The Court noted that the statutory language required that the Board issue a final written decision by a certain deadline, but found no congressional intent to “deprive the agency of power” to act after the deadline passed.

---

The following Gibson Dunn attorneys assisted in preparing this update: Blaine Evanson, Jaysen Chung, Audrey Yang, Al Suarez, Julia Tabat*, and Vivian Lu.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups, or the following authors:

Blaine H. Evanson – Orange County (+1 949.451.3805, bevanson@gibsondunn.com)
Audrey Yang – Dallas (+1 214.698.3215, ayang@gibsondunn.com)

Appellate and Constitutional Law:
Thomas H. Dupree Jr. – Washington, D.C. (+1 202.955.8547, tdupree@gibsondunn.com)
Allyson N. Ho – Dallas (+1 214.698.3233, aho@gibsondunn.com)
Julian W. Poon – Los Angeles (+ 213.229.7758, jpoon@gibsondunn.com)

Intellectual Property:
Kate Dominguez – New York (+1 212.351.2338, kdominguez@gibsondunn.com)
Y. Ernest Hsin – San Francisco (+1 415.393.8224, ehsin@gibsondunn.com)
Josh Krevitt – New York (+1 212.351.4000, jkrevitt@gibsondunn.com)
Jane M. Love, Ph.D. – New York (+1 212.351.3922, jlove@gibsondunn.com)

*Julia Tabat is an associate working in the firm’s Dallas office who currently is admitted to practice in Illinois.

© 2023 Gibson, Dunn & Crutcher LLP.  All rights reserved.  For contact and other information, please visit us at www.gibsondunn.com.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials.  The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel.  Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.