Client Alert Archives

Decided July 31, 2023

Boermeester v. Carry, S263180

Yesterday, the California Supreme Court held that private universities do not need to provide students accused of misconduct with the right to cross examine accusers and other witnesses at live hearings during administrative disciplinary proceedings.

Background: The University of Southern California expelled student Matthew Boermeester after determining he violated USC’s policy against intimate partner violence. Boermeester filed a petition for writ of administrative mandate under Code of Civil Procedure 1094.5(b), alleging that he was deprived a “fair trial.” Specifically, he claimed that his common-law right to a fair procedure was violated when he was denied the right to attend a live hearing at which he or his attorney could directly cross examine his accuser and third-party witnesses.

The trial court disagreed with Boermeester and denied the petition. A divided Court of Appeal reversed, concluding that USC provided unfair procedures because USC did not provide Boermeester with the opportunity to cross examine critical witnesses at an in-person hearing.

Issue: The common-law right to fair procedure requires fair notice of the charges and a meaningful opportunity to be heard. Must private organizations provide in-person hearings with the right to cross examination in order to comply with the common-law right to a fair procedure?

Court’s Holding:

No. Private organizations are not required to provide accused individuals with the opportunity to directly or indirectly cross examine the accuser and other witnesses at a live hearing.

“[T]here is no absolute right to a live hearing with cross-examination in administrative proceedings, even where constitutional due process applies.”

Justice Groban, writing for the Court

Gibson Dunn submitted an amicus brief on behalf of the California Women’s Law Center and Equal Rights Advocates in support of respondent: University of Southern California

What It Means:

Although this case arose in the context of private university disciplinary proceedings, the Court’s reasoning appears to extend to administrative proceedings in other private organizations.
The opinion distinguishes between the procedures afforded to individuals in criminal trials versus private administrative hearings. Even “where constitutional due process applies,” “there is no absolute right to a live hearing with cross-examination” in private “administrative proceedings.”
Instead, private universities “must balance competing interests, including the accused student’s interests in a fair procedure and completing a postsecondary education, the accuser’s interest in not being retraumatized by the disciplinary process, and the private university’s interests in maintaining a safe campus and encouraging victims to report instances of sexual misconduct or intimate partner violence without having to divert too many resources from its main purpose of education.”
The Court recognized that there are “practical limitations” on the ability of private organizations to “function as courts” because they, for example, lack subpoena power, rely on voluntary participation of witnesses, and such administrative hearings “divert both resources and attention from” the organization’s main calling.
The Court expressly declined to consider under what circumstances an individual must be permitted to submit questions for an adjudicator to ask any accuser or third-party witnesses outside the presence of the individual under investigation.

The Court’s opinion is available here.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the California Supreme Court. Please feel free to contact the following practice leaders:

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 tdupree@gibsondunn.com	Allyson N. Ho +1 214.698.3233 aho@gibsondunn.com	Julian W. Poon +1 213.229.7758 jpoon@gibsondunn.com
Blaine H. Evanson +1 949.451.3805 bevanson@gibsondunn.com	Bradley J. Hamburger +1 213.229.7658 bhamburger@gibsondunn.com	Michael J. Holecek +1 213.229.7018 mholecek@gibsondunn.com

Related Practice: Litigation

Theodore J. Boutrous, Jr.
+1 213.229.7804
tboutrous@gibsondunn.com

Theane Evangelis
+1 213.229.7726
tevangelis@gibsondunn.com

On July 28, 2023, a new EU regulation regarding the cross-border access to electronic evidence in criminal proceedings was announced in the Official Journal of the European Union (the “Regulation”).[1] The Regulation, which will apply as of August 18, 2026, contains rules under which an authority of a EU Member State may issue a European Production Order or a European Preservation Order to request a service provider in another Member State to produce or to preserve electronic evidence regardless of the location of the data.[2] Failing to comply with such orders may involve severe sanctions for such service providers.

The Regulation is a considerable step forward for cross-border government investigations in the European Union. Currently, to obtain electronic evidence, EU Member State authorities must rely either on lengthy judicial cooperation procedures with the risk that data are moved or deleted or on the voluntary cooperation of service providers, a process which, according to the EU Commission, lacks reliability, transparency, accountability, and legal certainty.[3]

1. European Production Orders

Pursuant to the Regulation, a judicial authority of a Member State will be entitled to issue a European Production Order to request electronic evidence directly from a service provider located in another Member State. In the case of requesting traffic data[4] or content data,[5] a judge, a court or an investigating judge will be a proper issuing authority. If a Member State wanted to obtain subscriber data[6] or data for the sole purpose of identifying the user, a public prosecutor would also be entitled to issue a European Production Order. The Member States may define further competent issuing authorities, but in these case the Regulation requires a validation process.[7]

A European Production Order for obtaining traffic data or content data may be issued if these data are necessary and proportionate to the purpose of criminal proceedings relating to offenses punishable in the issuing State by a custodial sentence of a maximum of at least three years or to specific offenses[8] referenced in the Regulation. Further, a European Production Order requires that a similar order could have been issued under the same conditions in a domestic case. These data may also be requested for the execution of a custodial sentence or a detention order of at least four months, following criminal proceedings and imposed by a decision that was not rendered in absentia in cases where the person convicted absconded from justice.[9]

In the case of subscriber data or of data requested for the sole purpose of identifying the user, the same conditions apply, but in these cases European Production Orders may be issued for all offenses subject to a criminal investigation.[10]

A European Production Order will be addressed directly to the service provider,[11] but in certain cases of requesting traffic or content data the issuing authority must notify an enforcing authority based in the Member State where the service provider resides.[12] The enforcing authority will assess the case as soon as possible, but no later than ten days following the receipt of the notification, and decide whether it wants to invoke a ground for refusal, such as the protection of fundamental rights or of immunities and privileges.[13]

Upon receipt of a European Production Order, a service provider must expeditiously preserve the requested data and transmit them at the latest within ten days directly to the issuing authority or to the law enforcement authority designated on the order.[14]In cases of emergency, the service provider must transmit the data without undue delay and at the latest within eight hours following the receipt of the order.[15]

2. European Preservation Orders

By way of a European Preservation Order, a judge, a court, an investigating judge, a public prosecutor or – upon validation – another designated authority may order that a service provider located in another Member State preserve electronic evidence for the purposes of a subsequent request for production.[16]

Such an order may be issued for all criminal offenses if necessary for and proportionate to the purpose of preventing the removal, deletion or alteration of data with a view to issuing a subsequent request for production of those data and if it could have been issued under the same conditions in a similar domestic case. These orders may also serve for the execution of a custodial sentence or a detention order of at least four months, following criminal proceedings, imposed by a decision that was not rendered in absentia, in cases where the person convicted absconded from justice.[17]

In the case of a European Preservation Order, the service provider must preserve the requested data without undue delay. The obligation to preserve the data will cease after 60 days, unless the issuing authority confirms that a subsequent request for production has been issued. During that 60-day period, the issuing authority may extend the duration of the obligation to preserve the data by an additional 30-day period if necessary to allow for the issuing of a subsequent request for production.[18]

3. Notion of a Service Provider Offering Services in the Union

The Regulation applies to service providers which offer services in the European Union.[19] The Regulation defines a “service provider” as any natural or legal person that provides one or more of the following categories of services:

Electronic communications services;[20]
Internet domain name and IP numbering services, such as IP address assignment, domain name registry, domain name registrar and domain name-related privacy and proxy services;
Other information society services[21] that enable their users to communicate with each other; or make it possible to store or otherwise process data on behalf of the users to whom the service is rendered, provided that the storage of data is a defining component of the service provided to the user.[22]

Financial services such as such as banking, credit, insurance and re-insurance, occupational or personal pensions, securities, investment funds, payment and investment advice are not covered by the Regulation.[23]

A service provider in that sense offers services within the European Union if it enables natural or legal persons in a Member State to use the services listed above and if it has a substantial connection, based on specific factual criteria, to that Member State.[24] Such a substantial connection is considered to exist where the service provider has an establishment in a Member State, where there is a significant number of users in one or more Member States or where the service provider targets its activities towards one or more Member States.[25]

Pursuant to a EU Directive announced on the same day as the Regulation in the Official Journal of the European Union (the “Directive”), Member States will have to ensure that all service providers offering services in the European Union designate a legal representative or a designated establishment to receive, comply with, and enforce requests to gather electronic evidence.[26]

4. Sanctions, Enforcement, Conflict of Laws

The Regulation sets forth that Member States must enact rules on pecuniary penalties for infringements of the execution of European Production Orders or European Preservation Orders. These pecuniary penalties must be effective, proportionate and dissuasive. In that respect, Member States must ensure that pecuniary penalties of up to 2% of the total worldwide annual turnover of the service provider’s preceding financial year can be imposed.[27] Pursuant to the Directive, Member States will have to ensure that that both the designated establishment or the legal representative and the service provider can be held jointly and severally liable for non-compliance so that each of them may be subject to penalties.[28]

Apart from pecuniary penalties, the Regulation contains detailed rules on the enforcement by the enforcing state.[29] However, a service provider must inform the issuing authority and the enforcing authority if it considered that the execution of a European Production Order or of a European Preservation Order could interfere with immunities or privileges, or with rules on the determination or limitation of criminal liability that relate to freedom of the press or freedom of expression in other media, under the law of the enforcing State. In such cases, the issuing authority decides whether to withdraw, adapt or maintain the respective order. In addition, in the case of a European Production Order, the enforcing authority may raise a ground for refusal.[30]

A special review procedure applies, if a service provider invoked that complying with a European Production Order would conflict with an obligation under the law of a third country. Then, the service provider would have to file a “reasoned objection” within ten days after receipt of the European Production Order. If the issuing authority decided to uphold the order, a competent court of the issuing state would have to review the case. Importantly, if this court found that the law of the third country prohibits disclosure of the data concerned, the court would not automatically lift the European Production Order but rather balance relevant factors (some of which are set out in more detail in the Regulation[31]) to decide whether to uphold or lift the order.

______________________

[1] Eur-Lex, Regulation (EU) 2023/1543 of the European Parliament and of the Council of 12 July 2023 on European Production Orders and European Preservation Orders for electronic evidence in criminal proceedings and for the execution of custodial sentences following criminal proceedings, available under https://eur-lex.europa.eu/eli/reg/2023/1543/oj (last visited [July 31, 2023]).

[2] Article 1(1) of the Regulation.

[3] EU Commission, press release of November 29, 2022, https://ec.europa.eu/commission/presscorner/detail/es/ip_22_7246 (last visited [July 31, 2023]).

[4] Article 3 no. 11 of the Regulation.

[5] Article 3 no. 12 of the Regulation.

[6] Article 3 no. 9 of the Regulation.

[7] Article 4(1) and (2) of the Regulation.

[8] Article 5(4) of the Regulation.

[9] Article 5(2) and (4) of the Regulation.

[10] Article 5(2) and (3) of the Regulation.

[11] Article 7 of the Regulation.

[12] Article 3 no. 16, 17 and Article 8 of the Regulation. No notification is necessary where the offense has been committed, is being committed or is likely to be committed in the issuing State and the person whose data are requested resides in the issuing State.

[13] Article 12 of the Regulation.

[14] Article 10 of the Regulation.

[15] Article 10(4) of the Regulation.

[16] Article 5(3) of the Regulation.

[17] Article 6(2) and (3) of the Regulation.

[18] Article 11(1) of the Regulation.

[19] Article 2(1) of the Regulation.

[20] Article 2 no. 4 of Directive (EU) 2018/1972 establishing the European Electronic Communications Code.

[21] As referred to in Article 1(1) (b) of Directive (EU) 2015/1535 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services.

[22] Article 3 no. 3 of the Regulation.

[23] Article 3 no. 3 of the Regulation, see also Article 2(2) lit. b of the Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market.

[24] Article 3 no. 4 of the Regulation.

[25] Article 3 no. 4 of the Regulation.

[26] Eur-Lex, Directive (EU) 2023/1544 of the European Parliament and of the Council of 12 July 2023 laying down harmonised rules on the designation of designated establishments and the appointment of legal representatives for the purpose of gathering electronic evidence in criminal proceedings, available under https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32006L0123 (last visited [July 31, 2023]).

[27] Article 15 of the Regulation.

[28] Article 3(5) of the Directive.

[29] Article 16 of the Regulation.

[30] Articles 10(5) and 11(4) of the Regulation.

[31] According to Article 17(6) of the Regulation, the assessment shall in particular be based on the following factors, while giving particular weight to the factors referred to in points (a) and (b): (a) the interest protected by the relevant law of the third country, including fundamental rights as well as other fundamental interests preventing disclosure of the data, in particular national security interests of the third country; (b) the degree of connection between the criminal case for which the European Production Order was issued and either of the two jurisdictions, as indicated inter alia by: (i) the location, nationality and place of residence of the person whose data are being requested or of the victim or victims of the criminal offense in question; (ii) the place where the criminal offense in question was committed; (c) the degree of connection between the service provider and the third country in question; in this context, the data storage location alone shall not suffice for the purpose of establishing a substantial degree of connection; (d) the interests of the investigating State in obtaining the evidence concerned, based on the seriousness of the offence and the importance of obtaining evidence in an expeditious manner; (e) the possible consequences for the addressee or for the service provider of complying with the European Production Order, including the potential penalties.

The following Gibson Dunn attorneys assisted in preparing this update: Andreas Dürr, Kai Gesing, Katharina Humphrey, and Benno Schwarz.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following members of Gibson Dunn’s White Collar Defense and Investigations or Anti-Corruption and FCPA practice groups in Germany:

Corporate Compliance / White Collar Matters
Andreas Dürr (+49 89 189 33 219, aduerr@gibsondunn.com)
Ferdinand Fromholzer (+49 89 189 33 270, ffromholzer@gibsondunn.com)
Kai Gesing (+49 89 189 33 285, kgesing@gibsondunn.com)
Katharina Humphrey (+49 89 189 33 217, khumphrey@gibsondunn.com)
Markus Nauheim (+49 89 189 33 222, mnauheim@gibsondunn.com)
Markus Rieder (+49 89 189 33 260, mrieder@gibsondunn.com)
Benno Schwarz (+49 89 189 33 210, bschwarz@gibsondunn.com)
Finn Zeidler (+49 69 247 411 530, fzeidler@gibsondunn.com)
Mark Zimmer (+49 89 189 33 230, mzimmer@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice. Please note, prior results do not guarantee a similar outcome.

On July 26, 2023, the Securities and Exchange Commission (“SEC” or “Commission”), in a 3-to-2 vote, adopted a final rule requiring the disclosure of material cybersecurity incidents and cybersecurity risk management, strategy, and governance by public companies, including foreign private issuers. The Commission’s rule proposal, issued in March 2022,[1] was the subject of much commentary and criticism. In response, the Commission made important changes to the required disclosures regarding cybersecurity risk management, strategy, and governance, but the final rule will significantly change the status quo and will impose a substantial burden and introduce complexity to incident response for all public companies.

In summary, the final rule requires: (i) Form 8-K disclosure of material cybersecurity incidents within four (4) business days of the company’s determination that the cybersecurity incident is material; (ii) new annual disclosures in Form 10-K regarding the company’s cybersecurity risk management and strategy, including with respect to the company’s processes for managing cybersecurity threats and whether risks from cybersecurity threats have materially affected the company; and (iii) new annual disclosures in Form 10-K regarding the company’s cybersecurity governance, including with respect to oversight by the board and management. The annual disclosures are also required in foreign private issuers’ annual reports on Form 20-F, and material cybersecurity incident disclosure will be covered by Form 6-K.

The adopting release is available here, a Fact Sheet from the SEC is available here, and a two page summary prepared by Gibson Dunn is available here. The final rule will become effective 30 days after publication in the Federal Register.

Most public companies will be required to comply with the Form 8-K incident disclosure requirements beginning on the later of December 18, 2023 and 90 days after the final rule is published in the Federal Register.
Smaller reporting companies are eligible for an extension for complying with the Form 8-K incident disclosure requirements and have until the later of June 15, 2024 and 270 days after the date the final rule is published in the Federal Register.
All public companies will be required to comply with the new annual disclosure requirements beginning with the annual report on Form 10-K or 20-F for the fiscal year ending on or after December 15, 2023.

Set forth below is a summary of the final rule and some considerations for public companies.

I. Disclosure of Material Cybersecurity Incidents

Timing of Disclosure. The final rule adds new Item 1.05 to Form 8-K, which requires companies to determine whether a cybersecurity incident[2] is material “without unreasonable delay after discovery of the incident.” If a company determines that a cybersecurity incident is material, it is required to disclose the incident within four (4) business days of such determination.

Consistent with the SEC’s rule proposal, the final rule uses the date of the materiality determination as the trigger for when the four (4) business day time period begins to run, rather than the date of discovery of the incident—an important distinction.

The timeline for the materiality determination – which must be made “without unreasonable delay” – reflects a change from the rule proposal, which required the determination to be made “as soon as reasonably practicable” after discovery of an incident.[3] Commenters noted that the proposed standard could pressure companies to draw conclusions about incidents with insufficient information. While the SEC revised the timeline in the final rule, the adopting release notes that there may be instances where a company does not have complete information about the incident but knows enough to determine that the incident was material, such as when incidents impact key systems and information or involve unauthorized access to or exfiltration of large quantities of particularly important data. The adopting release states that, in such instances, the materiality determination should not be delayed.[4] Examples of unreasonable delay provided by the adopting release include deferring committee meetings for the responsible committee past the normal time it takes to convene its members or revising existing incident response policies and procedures to support a delayed materiality determination of an ongoing cybersecurity event.[5]

Scope of Disclosure and Materiality Determination. When disclosing the material cybersecurity incident, companies must disclose the material aspects of the nature, scope, and timing of the incident, and the material impact or “reasonably likely” material impact on the company, including on its financial condition and results of operations. If a company determines a cybersecurity incident is material, but the information that is required to be disclosed has not been determined or is unavailable at the time of the required filing, companies must later update the disclosure through a Form 8-K amendment. In contrast to the SEC’s rule proposal, which would have provided for updates to appear in subsequent quarterly reports on Form 10-Q, companies must disclose this information within four (4) business days after the company, without unreasonable delay, determines such information or after such information “becomes available.”

In the adopting release, the Commission indicated that companies should consider qualitative factors in assessing the material impact of an incident, and indicated that harm to a company’s reputation, customer or vendor relationships, or competitiveness, and the possibility of litigation or regulatory investigations or actions, were all examples of potential material impacts on a company.[6]

The final rule’s focus on the material aspects of the incident and material impacts on the company represents a narrowing in the scope of required incident disclosure, in comparison to the rule proposal, although compliance will likely present a significant burden to companies actively working to respond to a cybersecurity incident. The SEC’s rule proposal would have required disclosure of the specific details of the incident, such as remediation status, whether the incident was ongoing, and whether data were compromised, regardless of materiality. The final rule provides companies with slightly more flexibility, as the instructions to Item 1.05 note that companies “need not disclose specific or technical information” about incident response, systems, networks, or potential vulnerabilities “in such detail as would impede” response or remediation of the incident. However, commentary in the adopting release suggests that the SEC may nonetheless expect companies to disclose sensitive information where it is a significant factor in the determination that a cybersecurity incident is material.[7]

In the adopting release, the Commission took the view that this change in scope alleviates some of the concerns commenters raised about the difficulty of the four (4) business day reporting deadline. The Commission argued that the materiality analysis for most companies will include consideration of the financial impact, so the company will have already developed information about the impact on the company’s financial condition and results of operations when Item 1.05 is triggered by the materiality determination.[8] In rejecting a longer deadline suggested by commenters, the SEC asserted that “in the majority of cases registrants will have had additional time leading up to the materiality determination, such that disclosure becoming due less than a week after discovery should be uncommon.”[9]

Exceptions Permitting Reporting Delays. The Commission introduced two narrow exceptions that allow for a delay in reporting a material cybersecurity incident on Form 8-K. The only generally applicable exception permitting a delay in reporting applies only if the U.S. Attorney General notifies the SEC in writing that the disclosure poses a substantial risk to national security or public safety. Outside of extraordinary circumstances or an exemptive order issued by the SEC, the maximum delay permitted under this exception will be 60 days.[10]

The second exception is also extraordinarily limited, and applies only to companies subject to the Federal Communications Commission’s (“FCC’s”) notification rule for breaches of customer proprietary network information (“CPNI”). The FCC’s rule requires covered entities to notify the United States Secret Service (“USSS”) and Federal Bureau of Investigation (“FBI”) no later than seven (7) business days after reasonable determination of a CPNI breach and to refrain from disclosing the breach until seven (7) days have passed following notification to the USSS and FBI.[11] The SEC notes that the FCC has proposed amending the CPNI rule to remove this seven (7) business day waiting period, and suggests that this conflict may be eliminated if the FCC’s proposed rule is adopted.[12] The SEC’s final rule permits companies subject to the notification requirements to delay making the Item 1.05 disclosure up to seven (7) business days following notification to the USSS and FBI, with written notification to the SEC. This exception is being provided as, according to the SEC, this was the only Federal law or regulation that conflicted with Item 1.05.[13]

Additionally, as noted by Commissioner Uyeda during the meeting adopting the final rule, while not an exception built into Item 1.05, the adopting release gives deference to Rule 0-6 under the Securities Exchange Act of 1934 (the “Exchange Act”). Rule 0-6 provides for the omission of information that has been classified by an appropriate department or agency of the Federal government for the protection of the interest of national defense or foreign policy. The adopting release provides that if any information that a registrant would otherwise disclose under Item 1.05 (or pursuant to Item 106 of Regulation S-K, as discussed below) is classified, companies should comply with Rule 0-6, meaning that such information should not be disclosed.[14]

Broad Definition of “Cybersecurity Incident.” The final rule broadly defines a cybersecurity incident as “an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.”[15] The final rule also broadly defines “information system” to mean electronic systems “owned or used by” a company, which covers information resources owned by third parties.[16] The SEC’s adopting release reaffirmed the SEC’s view that an accidental incident is an “unauthorized incident” within the scope of the rule.[17] The SEC acknowledged that the use of the term “jeopardizes” requires a forward-looking assessment of whether the effect of an incident is or is reasonably likely to be material.

The final rule adds the concept of “a series of related unauthorized occurrences”[18] to the definition of “cybersecurity incident,” a situation it had proposed to address through a quarterly Form 10-Q reporting requirement. The change means that companies materially affected by a series of related intrusions will still be required to comply with Item 1.05, even when the material impact attributable to each individual intrusion is immaterial by itself. The SEC provided two examples of such a series that would necessitate disclosure under Item 1.05:[19]

The same malicious actor engages in a number of smaller but continuous cyberattacks related in time and form against the same company and collectively, they are either quantitatively or qualitatively material; and
A series of related attacks from multiple actors exploit the same vulnerability and collectively impede the company’s business materially.

Safe Harbors. Consistent with the rule proposal, an untimely filing under Item 1.05 would not result in a loss of Form S-3 eligibility and the failure to file the Item 1.05 Form 8-K would not be deemed to be a violation of Section 10(b) and Exchange Act Rule 10b-5.

II. Cybersecurity Risk Management, Strategy, and Governance Disclosure

Risk Management and Strategy Disclosure. The final rule introduces new Item 106 of Regulation S-K, which will require a description in the Form 10-K of a company’s processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats[20] in sufficient detail for a reasonable investor to understand those processes. Item 106 states that in providing such disclosure, a company should address, as applicable, the following non-exclusive list of disclosure items:

Whether and how any such processes have been integrated into the company’s overall risk management system or processes;
Whether the company engages assessors, consultants, auditors, or other third parties in connection with any such processes; and
Whether the company has processes to oversee and identify such risks from cybersecurity threats associated with its use of any third-party service provider.

Companies must also describe whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the company, including its business strategy, results of operations, or financial condition and if so, how.

The list of disclosure items under this caption represents a significant paring back from the rule proposal. In the adopting release, the SEC acknowledged concerns on the rule proposal’s prescriptiveness and its potential to affect a company’s risk management and strategy decision-making.[21] The Commission believes that the formulation in the final rule will not result in companies providing a level of detail that goes beyond material information or that could increase a company’s vulnerability.[22] Notably, the final rule requires disclosure of “processes” rather than “policies and procedures,” with the SEC noting that the former avoids disclosing operational details that could be used by malicious actors and removes the question of whether companies without written policies and procedures should disclose that fact.[23] Other changes aimed at reducing the prescriptiveness of the rule include the removal of the list of risk types (e.g., intellectual property theft, fraud, etc.) and the removal of certain disclosure items, such as the company’s activities undertaken to prevent, detect, and minimize effects of cybersecurity incidents, and the company’s business continuity, contingency, and recovery plans in the event of a cybersecurity incident.

Governance Disclosure. Item 106 also requires companies to describe the board of directors’ oversight of risks from cybersecurity threats. If applicable, companies must identify any board committee or subcommittee responsible for the oversight of risks from cybersecurity threats and describe the processes by which the board or such committee is informed about such risks. Importantly, the final rule omits the proposed requirement to disclose cybersecurity expertise within the board of directors, although the SEC noted that a company that has determined that board-level expertise is a necessary component to its cyber-risk management would likely provide that disclosure under Item 106.[24]

In addition, companies must describe management’s role in assessing and managing the registrant’s material risks from cybersecurity threats, with such disclosure addressing, as applicable, the following non-exclusive list of disclosure items:

Whether and which management positions or committees are responsible for assessing and managing such risks, and the relevant expertise of such persons or members in such detail as necessary to fully describe the nature of the expertise;
The processes by which such persons or committees are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents; and
Whether such persons or committees report information about such risks to the board of directors or a committee or subcommittee of the board of directors.

With respect to management’s expertise, the instructions to Item 106 provide that it may include “[p]rior work experience in cybersecurity; any relevant degrees or certifications; any knowledge, skills, or other background in cybersecurity.”

The final governance disclosure requirements also are significantly less prescriptive than under the rule proposal. Exclusions from the final rule include the proposed requirement to disclose whether and how the board integrates cybersecurity into its business strategy, risk management, and financial oversight, and details such as whether the company has a chief information security officer, the frequency of the board’s discussions on cybersecurity, and the frequency with which responsible management positions or committees report to the board on cybersecurity risk. However, the SEC indicated that details such as frequency of discussions or updates may be included in Item 106 disclosure to the extent relevant to an understanding of the board’s oversight of risks from cybersecurity threats.[25] While the requirement to disclose whether the company has a chief information security officer was also omitted from the final rule, the SEC noted that the remaining requirement to discuss which management positions or committees are responsible for assessing and managing cybersecurity risk “would typically encompass identification of whether a registrant has a chief information security officer, or someone in a comparable position.”[26]

Foreign Private Issuers. The final rule amends Form 20-F to include requirements parallel to Item 106 regarding a foreign private issuer’s risk management, strategy, and governance. In addition, the final rule adds “material cybersecurity incidents” to the items that may trigger a current report on Form 6-K. Under the new rule, foreign private issuers will be required to furnish on Form 6-K information about material cybersecurity incidents that the issuers disclose or otherwise publicize in a foreign jurisdiction, to any stock exchange or to security holders.

XBRL Requirements. All new disclosure requirements must be tagged in Inline XBRL (block text tagging for narrative disclosures and detail tagging for quantitative amounts) beginning one year after the initial compliance date for the applicable disclosure requirement.

III. Considerations and Next Steps

Companies should review their cybersecurity incident response playbooks to reflect the processes contemplated under the new Form 8-K requirements. Companies should review and test their procedures for responding to cybersecurity incidents and amend or supplement those procedures as appropriate to address the procedures and attendant documentation contemplated under the new Form 8-K reporting requirements. The final rule provides that the materiality determination for a given cybersecurity incident may not be “unreasonably delayed,” so companies should confirm that their disclosure controls and procedures provide for effective communication between the cybersecurity team, the legal team supporting cybersecurity, the legal team responsible for securities disclosure, and the disclosure committee, as well as for appropriate interaction with the board of directors or a responsible committee of the board. Maintaining clearly understood channels of communication will be important in fulfilling the need for a reasonable and timely assessment and escalation of detected cybersecurity incidents, and will assist companies in meeting the cybersecurity incident disclosure requirements. In addition, companies should confirm that their disclosure controls and procedures reflect the considerations discussed in the final rule’s adopting release for assessing materiality, including inputs to consider potential reputational harm and damage to customer and vendor relationships. Companies should plan to carefully document both their materiality analysis and the reasonableness of the time that it takes to assess materiality. As Commissioner Peirce noted during the meeting at which the SEC approved the final rule, the days and weeks following detection of a cybersecurity incident are incredibly demanding and stressful on companies, and the new SEC disclosure rules significantly heighten those pressures, but a well-documented playbook that is both sufficiently detailed and sufficiently flexible will serve companies well. In addition, while the final rule did not impose new insider trading procedures relating to cybersecurity incidents, companies should continue to carefully assess that topic during the course of their response to a cybersecurity incident and consider whether and when to suspend any purchases or sales of company securities by the company and by insiders.[27]

Only a narrow set of circumstances qualify for delaying the reporting of material cybersecurity instances and the delay may be difficult to obtain. As described above, the SEC retained the proposed requirement to disclose material cybersecurity incidents within four (4) business days of the company’s materiality determination with only narrow exceptions. The only generally applicable exception will require the Attorney General’s determination that disclosure poses substantial risk to national security or public safety. While the SEC stated that it has established an interagency communication process, we expect that there may be difficulty in a company obtaining a determination by the Department of Justice, through the Attorney General, that is provided to the Commission in writing within the four (4) business day window following the company’s materiality determination, at which point disclosure would be required. It is possible that companies will seek, and the Department of Justice will issue, such a notification of such determination to the Commission in only the most exceptional circumstances. For companies that regularly interact with agencies of the U.S. government responsible for national security, it is possible that certain incidents may be classified and consequently omitted from disclosure.

Companies may need to revisit their processes for managing cybersecurity risk. While the final rule is less prescriptive than the rule proposal, there are still a number of details regarding a company’s cybersecurity risk management processes that will need to be disclosed. Companies hoping to avoid disclosure of processes that lack features addressed in the final rule or that appear less robust than those of their peers may want to revisit their processes as they develop their disclosure. Specifically, companies should be aware of the need to describe their engagement of third parties in connection with the risk management process, any processes to oversee and identify risks associated with the use of third-party service providers, and the delegation of responsibility for cybersecurity risks between the board and management. While the SEC did not adopt the requirement to disclose cybersecurity expertise among board members, Commissioner Crenshaw stated that the Commission should continue to consider requiring such disclosure.[28]

Disclosures regarding material cybersecurity incidents and company’s risk management processes will require careful drafting. While some of the information required to be disclosed under the final rule has historically been disclosed to regulatory agencies and affected customers, the need to publicly disclose the information in an SEC filing will subject this information to much greater scrutiny and potential liability as a result of possible regulatory enforcement or litigation. These disclosures will require careful drafting to balance the obligation to timely disclose material information without material omission with the important business objective of avoiding unintentionally exposing weaknesses in a company’s cybersecurity profile that can be further exploited by malicious actors. While, as discussed above, incident disclosures do not require specific technical information, as Commissioner Peirce noted in her dissent,[29] disclosures could nonetheless provide attackers with important information, such as what the company knows about the incident and the potential financial impact, among other details, and may make it easier for attackers to identify targets. While the final rule allows companies a reasonable time to assess materiality, companies will be well served by avoiding a rushed drafting experience when preparing Form 8-K disclosures by involving inside and outside experts at an early stage. A careful review of companies’ cybersecurity incident response playbook, as addressed above, will also facilitate drafting the annual risk management and strategy disclosures. Companies’ disclosure controls and procedures should also address post-incident monitoring that allows them to address the highly fraught requirement to annually disclose how risks from previous cyber threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the company. Assuming the final rule’s publication in the Federal Register is not substantially delayed, companies will have less than six months to review their existing incident response plans, consider them in light of the new disclosure rules, and make updates as needed.

Companies should coordinate their disclosure of cybersecurity risk management, strategy, and governance with existing disclosures. One of the SEC’s stated objectives in adopting the final rule is to consolidate disclosure into a single location in company filings. As noted by the SEC, many companies address cybersecurity risks and incidents in the risk factor sections of their filings, and risk oversight and governance is often addressed in companies’ proxy statements. However, the new rule requires disclosure to appear in a newly designated item in Part I of the annual report on Form 10-K and does not allow the disclosures to be incorporated from the proxy statement. Therefore, companies should review their risk factor and proxy statement disclosures when drafting the new discussions of cybersecurity risk management, strategy, and governance for the Form 10-K in order to maintain consistency with the company’s past public statements regarding its cybersecurity governance and processes and to assess how those disclosures may be enhanced or revised going forward. We expect companies will continue to include disclosure of cybersecurity governance in their proxy statements, and therefore should consider whether any details disclosed in response to Item 106 should be incorporated into the proxy statement disclosure.

__________________________

[1] For our discussion of the rule proposal, see Gibson Dunn Client Alert, SEC Proposes Rules on Cybersecurity Disclosure (Mar. 11, 2022).

[2] The SEC adopted the definition of “cybersecurity incident” used in Regulation S-K for purposes of Item 1.05. Accordingly, “cybersecurity incident” is defined to mean an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through a company’s information systems that jeopardizes the confidentiality, integrity, or availability of a company’s information systems or any information residing therein. “Information systems” is defined to mean electronic information resources, owned or used by the company, including physical or virtual infrastructure controlled by such information resources, or components thereof, organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of the company’s information to maintain or support the company’s operations. Importantly, an unauthorized occurrence on or conducted through an information system that is used by, but not owned by, a company would still be considered a cybersecurity incident, meaning that companies may need to disclose cybersecurity incidents impacting information systems developed by a third party that the company uses.

[3] Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, 87 FR 16590, 16624 (Mar. 23, 2022).

[4] Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, Release No. 33-11216 (July 26, 2023) (“Adopting Release”) at 37-38.

[5] Id. at 38.

[6] Id. at 29-30.

[7] See Id. at 30.

[8] Id. at 31-32.

[9] Id. at 33.

[10] In extraordinary circumstances, disclosure may be delayed for a final additional period of up to 60 days if the Attorney General notifies the SEC in writing that disclosure continues to pose a substantial risk to national security. Public safety concerns alone would not be a sufficient basis to grant this additional 60-day delay. Id. at 34.

[11] See 46 CFR 64.2011(b)(1).

[12] Adopting Release, supra note 4, at 42 n.143.

[13] Id. at 41-42. This is despite the direct conflict that would arise should an “investigative agency,” such as the United States Secret Service, a component agency of the Department of Homeland Security, require a covered telecommunications carrier to delay disclosure consistent with 46 CFR 64.2011(b)(3). The SEC dismisses this conflict by suggesting that the Department of Homeland security may “work with the Department of Justice to seek a delay of disclosure,” presumably pursuant to a determination by the Attorney General. Id. at 42 n.145.

[14] Id. at 35 n.131.

[15] Id. at 169-170.

[16] Id. at 170.

[17] The Adopting Release mentions “chance technology outages” as an example of an accidental incident, which suggests that a crashed website (which, by definition, jeopardizes the availability of the company’s information systems) could meet the definition of a “cybersecurity incident.” Id. at 72.

[18] Id. at 169.

[19] Id. at 53.

[20] “Cybersecurity threat” is defined to mean any potential unauthorized occurrence on or conducted through a registrant’s information systems that may result in adverse effects on the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.

[21] Adopting Release, supra note 4, at 60.

[22] Id. at 61.

[23] Id.

[24] Id. at 85.

[25] Id. at 70.

[26] Id. at 69-70.

[27] The Adopting Release specifically pointed out that the 2018 interpretative guidance issued by the Commission addressing the application of insider trading prohibitions in the context of cybersecurity remains in place. Id. at 96.

[28] See Commissioner Caroline A. Crenshaw, “Statement on Cybersecurity Adopting Release” (Jul. 26, 2023), available here.

[29] See Commissioner Hester M. Peirce, “Harming Investors and Helping Hackers: Statement on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure” (Jul. 26, 2023), available here.

The following Gibson Dunn attorneys assisted in preparing this update: Matthew Dolloff, Nicholas Whetstone, Stephenie Gosnell Handler, Thomas Kim, Brian Lane, Julia Lapitskaya, Vivek Mohan, Ronald Mueller, Michael Scanlon, Alexander Southwell, Michael Titera, and Lori Zyskowski.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. To learn more, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Privacy, Cybersecurity and Data Innovation, Securities Regulation and Corporate Governance, or Securities Enforcement practice groups:

Privacy, Cybersecurity and Data Innovation Group:
Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com)
S. Ashlie Beringer – Co-Chair, Palo Alto (+1 650-849-5327, aberinger@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202-955-8510, shandler@gibsondunn.com)
Jane C. Horvath – Co-Chair, Washington, D.C. (+1 202-955-8505, jhorvath@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650-849-5345, vmohan@gibsondunn.com)
Ashley Rogers – Dallas (+1 214-698-3316, arogers@gibsondunn.com)
Alexander H. Southwell – Co-Chair, New York (+1 212-351-3981, asouthwell@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com)

Securities Regulation and Corporate Governance Group:
Elizabeth Ising – Co-Chair, Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
Thomas J. Kim – Washington, D.C. (+1 202-887-3550, tkim@gibsondunn.com)
Brian J. Lane – Washington, D.C. (+1 202-887-3646, blane@gibsondunn.com)
Julia Lapitskaya – New York (+1 212-351-2354, jlapitskaya@gibsondunn.com)
James J. Moloney – Co-Chair, Orange County (+1 949-451-4343, jmoloney@gibsondunn.com)
Ronald O. Mueller – Washington, D.C. (+1 202-955-8671, rmueller@gibsondunn.com)
Michael J. Scanlon – Washington, D.C. (+1 202-887-3668, mscanlon@gibsondunn.com)
Michael Titera – Orange County (+1 949-451-4365, mtitera@gibsondunn.com)
Lori Zyskowski – Co-Chair, New York (+1 212-351-2309, lzyskowski@gibsondunn.com)

Securities Enforcement Group:
Richard W. Grime – Co-Chair, Washington, D.C. (+1 202-955-8219, rgrime@gibsondunn.com)
Mark K. Schonfeld – Co-Chair, New York (+1 212-351-2433, mschonfeld@gibsondunn.com)
David Woodcock – Co-Chair, Dallas (+1 214-698-3211, dwoodcock@gibsondunn.com)

Over the last few years, market conditions have changed so dramatically that today, no matter its products or services, every company is also in the environmental business. Prompted by the real-world impacts of climate change, many consumers now demand environmental action from corporations and prefer to buy products marketed as environmentally friendly. Many companies therefore market their products as “net-zero” or “carbon neutral”—and make pledges to be, as a business, “net-zero” by a certain date. In support of these pledges, companies often buy carbon credits from voluntary carbon markets to offset or mitigate their carbon emissions voluntarily.

Voluntary carbon markets present opportunity, but also create financial, regulatory, and litigation risks. Because the voluntary markets are often fragmented, suffer from a lack of transparency and, above all, are not subject to any statutory common standards, there is a lack of trust in the credits issued under these system, which also limits the tradability of the credits.

This quarterly newsletter aggregates the knowledge and experience of Gibson Dunn attorneys around the globe as we help our clients across all sectors navigate the ever-changing landscape of voluntary carbon markets.

Read More

The following Gibson Dunn lawyers assisted in the preparation of this alert: Susy Bullock, Michael Cannon, Matt Donnelly, Abbey Hudson, Brad Roach, Lena Sandberg, Jeffrey Steiner, Adam Lapidus, Jonathan Cockfield, Arthur Halliday, Natalie Harris, Yannis Ioannidis, Alexandra Jones, Mark Tomaier, Richie Vaughan, and Alwyn Chan.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Environmental, Social and Governance (ESG), Environmental Litigation and Mass Tort, Global Financial Regulatory, Energy, or Tax practice groups, or the following authors:

Environmental, Social and Governance (ESG) Group:
Susy Bullock – London (+44 (0) 20 7071 4283, sbullock@gibsondunn.com)

Environmental Litigation and Mass Tort Group:
Abbey Hudson – Los Angeles (+1 213-229-7954, ahudson@gibsondunn.com)

Global Financial Regulatory Group:
Jeffrey L. Steiner – Washington, D.C. (+1 202-887-3632, jsteiner@gibsondunn.com)

Energy, Regulation and Litigation Group:
Lena Sandberg – Brussels (+32 2 554 72 60, lsandberg@gibsondunn.com)

Oil and Gas Group:
Brad Roach – Singapore (+65 6507 3685, broach@gibsondunn.com)

Tax Group:
Michael Q. Cannon – Dallas (+1 214-698-3232, mcannon@gibsondunn.com)
Matt Donnelly – Washington, D.C. (+1 202-887-3567, mjdonnelly@gibsondunn.com)

This client alert provides an overview of shareholder proposals submitted to public companies during the 2023 proxy season, including statistics and notable decisions from the staff (the “Staff”) of the Securities and Exchange Commission (the “SEC”) on no-action requests.

I. Summary of Top Shareholder Proposal Takeaways from the 2023 Proxy Season

As discussed in further detail below, based on the results of the 2023 proxy season, there are several key takeaways to consider for the coming year:

Shareholder proposal submissions rose yet again. For the third year in a row, the number of proposals submitted increased. In 2023, the number of proposals increased by 2% to 889—the highest number of shareholder proposal submissions since 2016.
The number of executive compensation proposals significantly increased, along with a continued increase in environmental and social proposals. Executive compensation proposals increased notably, up 108% from 2022, with the increase largely attributable to proposals seeking shareholder approval of certain executive severance agreements. The number of both environmental and social proposals also increased, up 11% and 3% respectively, compared to 2022 and 68% and 24% respectively, compared to 2021. In contrast, governance proposals declined 14%, and civic engagement proposals declined 6%. The five most popular proposal topics in 2023, representing 43% of all shareholder proposal submissions, were (i) climate change, (ii) independent chair, (iii) nondiscrimination and diversity-related, (iv) shareholder approval of certain severance agreements, and (v) special meetings. Of the five most popular topics in 2023, all but one (shareholder approval of certain severance agreements replacing lobbying spending and political contributions) were also in the top five in 2022.
While the number of no-action requests dropped significantly, the percentage of proposals excluded pursuant to a no-action request rebounded from 2022’s historic low. Only 175 no-action requests were submitted to the Staff in 2023, representing a submission rate of 20%, down from a submission rate of 29% in 2022 and 34% in 2021. The overall success rate for no-action requests, after plummeting to only 38% in 2022, rebounded to 58% in 2023, but was still well below the 71% success rate in 2021, and marked the second lowest success rate since 2012. Success rates in 2023 improved for duplicate proposals (100% in 2023, up from 31% in 2022), procedural (80% in 2023, up from 68% in 2022), ordinary business (50% in 2023, up from 26% in 2022), and substantial implementation grounds (26% in 2023, up from with 15% in 2022), while success rates declined for resubmissions (43% in 2023, compared with 56% in 2022) and violation of law (33% in 2023, compared with 40% in 2022).
The number of proposals voted on increased yet again, but overall voting support decreased significantly, and less than 3% of proposals submitted received majority support. In 2023, over 54% of all proposals submitted were voted on, compared with 50% of submitted proposals voted on in 2022. Despite this increase, average support for all shareholder proposals plummeted to 23.3% in 2023, down from 30.4% in 2022. The decrease in average support was primarily driven by decreased support for both social and environmental proposals, with support for social (non-environmental) proposals decreasing to 17.2% in 2023 from 23.2% in 2022 and support for environmental proposals decreasing to 21.3% in 2023 from 33.8% in 2022. And in line with lower support overall, only 25 shareholder proposals received majority support in 2023, down from 55 in 2022.
More change is in store for the shareholder proposal process, as the SEC considers further amendments to Rule 14a-8, Congress homes in on reform of Rule 14a-8, and stakeholders challenge the SEC’s role in the process. In July 2022, the SEC proposed amendments to Rule 14a-8 that, if adopted, would make it significantly more challenging for companies to exclude shareholder proposals on substantial implementation, duplication, and resubmission grounds. The SEC targeted approval of these amendments by October 2023, which means the 2024 proxy season could see further changes in how companies approach no-action requests. Additionally, the Financial Services Committee of the U.S. House of Representatives recently formed a Republican ESG Working Group, which has identified reforming the Rule 14a-8 no-action request process as a key priority of the Working Group’s focus on reforming the proxy voting system for retail investors. And, as discussed below, legal action by two stakeholder groups, the National Center for Public Policy Research and the National Association of Manufacturers, could disrupt the shareholder proposal process altogether.
Proponents’ use of exempt solicitations grows again, and now others are joining the game. Exempt solicitation filings continued to proliferate, with the number of filings reaching a record high again this year and increasing almost 22% over last year and 64% compared to 2021. As in prior years, the vast majority of exempt solicitations filed in 2023 were filed by shareholder proponents on a voluntary basis—i.e., outside of the intended scope of the SEC’s rules—in order to draw attention and publicity to pending shareholder proposals. Interestingly, third parties have begun intervening in the shareholder proposal process by using exempt solicitation filings to provide their views on shareholder proposals submitted by unaffiliated shareholder proponents.

Read More

The following Gibson Dunn attorneys assisted in preparing this update: Elizabeth Ising, Thomas J. Kim, Julia Lapitskaya, Ronald O. Mueller. Michael Titera, Lori Zyskowski, Geoffrey Walter, Victor Twu, Natalie Abshez, Meghan Sherley, Michael Svedman*, and Nicholas Whetstone.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, or any of the following lawyers in the firm’s Securities Regulation and Corporate Governance practice group:

Aaron Briggs – San Francisco, CA (+1 415-393-8297, abriggs@gibsondunn.com)
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
Thomas J. Kim – Washington, D.C. (+1 202-887-3550, tkim@gibsondunn.com)
Julia Lapitskaya – New York, NY (+1 212-351-2354, jlapitskaya@gibsondunn.com)
Ronald O. Mueller – Washington, D.C. (+1 202-955-8671, rmueller@gibsondunn.com)
Michael Titera – Orange County, CA (+1 949-451-4365, mtitera@gibsondunn.com)
Lori Zyskowski – New York, NY (+1 212-351-2309, lzyskowski@gibsondunn.com)
Geoffrey E. Walter – Washington, D.C. (+1 202-887-3749, gwalter@gibsondunn.com)
David Korvin – Washington, D.C. (+1 202-887-3679, dkorvin@gibsondunn.com)

*Michael Svedman is an associate practicing in the firm’s Washington, D.C. office who currently is admitted to practice only in New York.

Texas is known for its business-friendly environment, with low taxes and minimal government regulation. But the state has faced criticism for years about its legal system being slow, unpredictable, and costly, hindering economic growth and development. While nearly thirty other states have created specialized business courts, Texas has not updated its judicial system since the late 1960s. Consequently, elected judges who may never have been exposed to large-scale commercial litigation are called upon to preside over such complex cases alongside run-of-the-mill family law disputes and personal injury claims. And, unlike their federal colleagues, they usually do so without the benefit of full-time clerks to work through what can be mountains of paper.

The predictable result of this combination of bet-the-company cases with small-dollar disputes is that state trial judges’ dockets can become overwhelmed when faced with a complex, large-scale mergers-and-acquisitions or securities issue. These cases often require in-depth research by the judge, lengthy judicial consideration of complex motions, and extremely detailed parsing of complex commercial agreements, all of which are time-consuming and resource-intensive, taking time from their regular dockets. Consequently, these cases can be subject to significant processing delays at the state trial court level. Similarly, the lack of a requirement for written opinions in all cases and the comparatively rare nature of complex commercial cases in state trial courts—for many state trial court judges the first of these massive cases heard in their courtroom may also be the last—has led to a lack of certainty and stability around these types of cases in Texas business law.

Thus, despite its world-class economy, Texas’s judicial system has sometimes led corporations and other business entities to incorporate and litigate in other states, such as Delaware or New York, which have specialized business courts where the timeline for dispute resolution is more certain.

However, following the recently concluded legislative session, specialized business courts are coming to Texas. Last month, Texas enacted House Bill 19 (HB 19), which will create a specialized business trial court: the Texas Business Court (TBC)[1].

The TBC’s stated primary objective is to provide a faster, more efficient, and more cost-effective dispute resolution mechanism for businesses. It will be a specialized trial court designed to handle complex commercial disputes and streamline the litigation process. In this way, the new court will change the procedures for commercial litigation in Texas, with significant implications for businesses and individuals.

Supporters argue that the TBC will provide a more specialized and tailored approach to handling commercial disputes. The new court will also have the power to hear cases from other jurisdictions, potentially making Texas more attractive for businesses seeking a more predictable and efficient legal system.

Specialization

The TBC will oversee cases concerning corporate governance disputes, certain contract and commercial transactions, and actions seeking declaratory or injunctive relief. The TBC will have jurisdiction over matters in which the amount in controversy exceeds $5 million in some cases and $10 million in others, excluding interest, statutory damages, exemplary damages, penalties, attorney’s fees, and court costs.

The specialized nature of the court is intended to streamline the litigation process, reducing the time and cost associated with resolving disputes. Currently, businesses must navigate a court system that may not have the same level of specialization in commercial litigation, resulting in additional costs and delays.

As the enacting legislation is currently written, the court will start with only five divisions that oversee major metropolitan areas. The governor would appoint judges to the business court for a two-year term, and judges can be re-appointed multiple times. As time goes on, additional divisions will come online until the TBC covers all 11 existing judicial administrative regions.

Judges

Like probate or criminal courts, the TBC will be a specialized court and have specialized judges with expertise in business law and commercial litigation. Instead of being elected like other Texas district judges, business court judges will be appointed by the governor. And instead of being open to any attorney who meets the minimum legal requirement to stand for election—just four years of legal practice—business court judges appointed to the TBC by the governor must meet a set of requirements designed to ensure they have the knowledge, skills, and ability to handle complex commercial cases smoothly and efficiently. As currently written, business court judges must have ten years of experience practicing complex civil business litigation, practicing business transaction law, or serving as a judge of a Texas state court with civil jurisdiction (or any combination thereof). These requirements are designed to ensure a baseline level of business law experience and expertise for complex commercial cases being adjudicated in the new TBC.

Importantly, judges on the TBC will have access to more resources and information, allowing them to make more informed decisions on cases. For example, they may have access to technical experts or business consultants who can provide specialized knowledge on a particular issue. This can speed up the decision-making process and ensure that the court’s rulings are accurate and informed.

TBC judges will also be required to issue written opinions in their cases. This requirement should go far towards building up a stable and predictable body of precedent for Texas business law and put businesses on notice as to how Texas judges actually apply that precedent.

Efficiency

The TBC will aim to provide a more efficient dispute resolution mechanism, which is critical for businesses looking to resolve disputes quickly and cost-effectively. The TBC will also allow for more streamlined discovery, which is a process of gathering evidence before trial. Currently, discovery in commercial cases can be extensive and costly, taking up valuable time and resources. This is especially true when there are no prior written opinions from the judges outlining their approach to discovery in large-scale, complex cases. The TBC will limit discovery to only what is necessary, reducing the time and cost of the litigation process.

Removal and Transfer

Under HB 19, businesses will have the opportunity to remove cases to the TBC within 30 days of receiving the initial notice of summons that named the party in state court. Removing the case to the TBC will not waive a defect in venue or constitute an appearance to determine personal jurisdiction. Similarly, a transfer provision in HB 19 allows for the judge of a court in which an action was initially filed to request the transfer of the case to the business court if it was within the business court’s jurisdiction.

These provisions will help prevent businesses from being hauled into state court for disputes which fall under the more specialized jurisdiction of the business court and will ensure fair and equal access to the TBC for all businesses and disputes which fall under its specialized jurisdiction.

Appeals

HB 19 also provides that the new statewide 15th Court of Appeals, created by additional legislation from the Texas Legislature last session, will have exclusive jurisdiction over all appeals from an order or judgment of the business court, or an original proceeding related to an action or order of the business court. The 15th Court of Appeals will be composed of judges elected in statewide elections. The creation of this new appellate court, in conjunction with the creation of the TBC, means that Texas business law will have consistent precedents generated at both the district and appellate levels.

Predictions

It is difficult to predict exactly what will happen to the number of lawsuits filed after the TBC is enacted, as there are several factors that could influence those numbers. However, it is likely that the TBC’s creation will increase the filings of commercial and business suits in Texas as business grow more confident in the revamped Texas judicial system.

First, it is likely that the establishment of the TBC will lead to more businesses choosing Texas as the preferred jurisdiction for their commercial disputes due to the TBC’s specialization, efficiency, and predictability. Such a result will naturally attract more lawsuits to Texas. Based on anecdotal evidence, it appears that many Texas companies will adopt mandatory venue clauses that will place their commercial lawsuits in the TBC. This could lead to an increase in the number of lawsuits filed in Texas, particularly from businesses based outside of the state.

Second, it is likely that the TBC’s specialization in business disputes could lead to a virtuous cycle of an ever-increasing number of disputes being resolved through the TBC. If businesses have confidence in the TBC’s ability to handle complex commercial disputes and see a body of strong precedent and caselaw being built up by the TBC and the 15th Court of Appeals, they may be more willing to initiate disputes in the TBC, or remove existing disputes to the TBC. As time goes on, this may lead to an increase in the number of lawsuits filed in Texas.

Third, the certainty offered by the TBC for business law issues moving forward will, over time, likely result in more businesses choosing to incorporate in Texas and more individuals choosing to start businesses in Texas. It is an unfortunate reality that some of these businesses eventually will become embroiled in litigation, and when they do they will likely take their cases to the TBC. This too probably will lead to an increase in the number of lawsuits filed in Texas.

Overall, the impact of the TBC on the number of lawsuits filed in Texas will depend on a variety of factors, including the court’s effectiveness in handling commercial disputes, the degree to which businesses trust the TBC, and the willingness of litigants to pursue lawsuits in a court with strict timelines and streamlined procedures. But the establishment of the TBC is a major change in Texas law that will affect businesses and litigants for decades to come.

__________________________

[1] Please see the enacted bill and Texas House Research Organization analysis for additional details.

The following Gibson Dunn attorneys assisted in preparing this client update: Trey Cox and John Daniel Rimann.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Appellate, Litigation, or Trials practice groups, or any of the following in Texas:

Gregg J. Costa – Co-Chair, Trials Group, Houston (+1 346-718-6649, gcosta@gibsondunn.com)
Collin J. Cox – Houston (+1 346-718-6604, ccox@gibsondunn.com)
Trey Cox – Dallas (+1 214-698-3256, tcox@gibsondunn.com)
Allyson N. Ho – Co-Chair, Appellate & Constitutional Law Group, Dallas
(+1 214-698-3233, aho@gibsondunn.com)
John Daniel Rimann – Dallas (+1 214-698-3178 , jdrimann@gibsondunn.com)

On July 19, 2023, a federal district court held in Ultima Servs. Corp. v. United States Dep’t. of Agriculture, No. 2:20-CV-00041 (E.D. Tenn.), that certain racial preferences in government contracting violate constitutional guarantees of equal protection. The case appears to be the first federal decision that extends Students for Fair Admissions v. Harvard and Students for Fair Admissions v. University of North Carolina (“SFFA”) to the government contracting context. Although the case has no precedential effect and does not address the legality of private entities’ use of racial preferences in procurement decisions or otherwise, future courts might apply Ultima’s reasoning to Section 1981 cases that challenge private companies’ efforts to diversify their supply chains.

A. Background

Section 8(a) of the Small Business Act instructs the Small Business Administration (the “Administration”) to contract with other agencies “to furnish articles, equipment, supplies, services, or materials to the Government, or to perform construction work for the Government.” 15 U.S.C. § 637(a)(1)(A) (the “8(a) program”). The Administration is further authorized to “arrange for the performance of such procurement contracts by negotiating or otherwise letting subcontracts to socially and economically disadvantaged small business concerns.” 15 U.S.C. § 637(a)(1)(B). A “socially and economically disadvantaged small business concern” is one that is majority-owned by “socially disadvantaged individuals”—”those who have been subjected to racial or ethnic prejudice or cultural bias because of their identity as a member of a group without regard to their individual qualities.” Id. § 637(a)(4)-(5). The Act vests the Administration with authority to determine “whether a group has been subjected to prejudice or bias.” Id. § 637(a)(8).

Acting pursuant to this authority, the Administration adopted a regulation, creating a “rebuttable presumption” that “Black Americans; Hispanic Americans; Native Americans … Asian Pacific Americans … [and] Subcontinent Asian Americans” are “socially disadvantaged.” 13 C.F.R. § 124.103(b)(1). Thus, businesses owned by members of these racial minorities are presumptively entitled to participate in the 8(a) program. Plaintiff Ultima, a small business owned by a white woman, filed suit, alleging that it was able and willing to perform on contracts set aside for the 8(a) Program, but was ineligible to do so because of the race of its owner.

B. Analysis

1. The District Court’s opinion

The court held that the 8(a) program violates the equal-protection component of the Fifth Amendment. The court determined that Ultima had standing “because in equal protection cases, the injury-in-fact is the denial of equal treatment resulting from the imposition of the barrier, not the ultimate inability to obtain the benefit.” This injury was redressable because a ruling prohibiting the Administration “from using the rebuttable presumption based on race would remove the race-based barrier that injures Ultima.”

The court then held that the 8(a) program failed to satisfy strict scrutiny. First, the Administration did not assert a compelling interest supporting the program’s racial classification. Quoting SFFA, the court reasoned that while the government “has a compelling interest in remediating specific, identified instances of past discrimination that violated the Constitution or a statute,” it also “must present goals that are sufficiently coherent for purposes of strict scrutiny.” But according to the court, “[t]he 8(a) program suffered a fatal lack of any stated goals.” For example, the Administration did “not identify a specific instance of discrimination” that it sought to remedy via the rebuttable presumption. Although the government argued that the rebuttable presumption was necessary “to remedy the effects of past racial discrimination in government contracting,” the court held that the government was just a “passive participant in such discrimination in the relevant industries in which Ultima operates” and did not “allow[] discrimination to occur in the industries relevant to Ultima.” Additionally, the Administration did “not examine whether any racial group is underrepresented in a particular industry relevant to a specific contract in the 8(a) program” and therefore could not “measure the utility of the rebuttable presumption in remedying the effects of past racial discrimination,” as the court believed to be required by SFFA.

Second, the court held that even if the Administration had a compelling interest in remediating specific past discrimination, the 8(a) program was not narrowly tailored to combatting discrimination. The court reasoned that SFFA “reaffirms that racially conscious government programs must have ‘a logical end point,’” but that the 8(a) program “has no termination date.” Further, the court believed the 8(a) program to be both underinclusive and overinclusive. It was underinclusive, the court reasoned, because it used what SFFA referred to as “imprecise” racial categories to determine “who qualifies for the rebuttable presumption”; the program excluded “Central Asian Americans and Arab Americans [who] have faced significant discrimination,” and viewed “Hasidic Jews who have faced similarly appalling discrimination [as] ineligible for the rebuttable presumption.” The court perceived the program to be overinclusive because it “swe[pt] broadly by including anyone from the specified minority groups, regardless of the industry in which they operate.” The court therefore enjoined the Government from using the rebuttable presumption of social disadvantage in administering the SBA’s 8(a) program.

2. Existing law governing contracting-discrimination claims against private companies

42 U.S.C. § 1981 (“Section 1981”) prohibits racial discrimination in making and enforcing contracts. To prevail on a Section 1981 claim, a plaintiff must satisfy three elements. First, he must show that the defendant intended to discriminate on the basis of race. Second, he must demonstrate that the racial discrimination “interfered with a contractual interest,” Denny v. Elizabeth Arden Salons, Inc., 456 F.3d 427, 435 (4th Cir. 2006)—for example, that there was a “refusal to enter into a contract with someone” on the basis of race, or an “offer to make a contract only on discriminatory terms,” Patterson v. McLean Credit Union, 491 U.S. 164, 176–77 (1989). See also, e.g., Domino’s Pizza, Inc. v. McDonald, 546 U.S. 470, 476 (2006) (Section 1981 “offers relief when racial discrimination blocks the creation of a contractual relationship, as well as when racial discrimination impairs an existing contractual relationship.”). Third, a plaintiff must establish that race discrimination was a “but-for” cause of his injury. Comcast Corp. v. Nat’l Ass’n of African Am.-Owned Media, 140 S. Ct. 1009, 1019 (2020).

A defendant can defeat a Section 1981 claim by demonstrating that it acted pursuant to a valid affirmative-action plan. See, e.g., Johnson v. Transportation Agency, Santa Clara County, California, 480 U.S. 616, 626–27 (1987); see also, e.g., Doe v. Kamehameha Sch./Bernice Pauahi Bishop Estate, 470 F.3d 827, 836–40 (9th Cir. 2006) (en banc) (applying Johnson in Section 1981 case). A valid affirmative-action plan must be remedial in nature, and must rest “on an adequate factual predicate justifying its adoption, such as a ‘manifest imbalance’ in a ‘traditionally segregated job category.’” Shea v. Kerry, 796 F.3d 42, 57 (D.C. Cir. 2015) (quoting Johnson, 480 U.S. at 631) (alteration omitted).

C. Implications for Section 1981 cases

Ultima was not a Section 1981 case. Indeed, in Ultima, the court dismissed the plaintiff’s Section 1981 claim because the statute does not apply to the federal government. As a result, Ultima does not change existing law governing private actors’ use of racial preferences in awarding contracts. Nevertheless, the case suggests that some federal courts will be receptive to challenges to other uses of racial preferences in government contracting, like state and local set-aside programs and requirements that contractors employ a certain number of minority employees. In addition, courts have held that “purposeful discrimination that violates the Equal Protection Clause also will violate § 1981.” Anderson v. City of Boston, 375 F.3d 71, 78 n.7 (1st Cir. 2004); see also Dunnet Bay Const. Co. v. Borggren, 799 F.3d 676, 696 (7th Cir. 2015) (“Racial discrimination by a recipient of federal funds that violates the Equal Protection Clause also violates Title VI and § 1981.”). Ultima therefore suggests that some future courts could hold that Section 1981 prohibits private companies that seek to diversify their supply chains from implementing plans similar to the 8(a) program.

Additionally, Ultima includes a footnote, in which the court observes that while “[t]he facts in Students for Fair Admissions, Inc. concerned college admissions programs … its reasoning is not limited to just those programs.” Ultima applied SFFA to a government contracting program, and a future court could apply the same reasoning to bring challenges to employer or corporate programs under Section 1981, Title VII, and other anti-discrimination statutes. That said, the precedential effect of Ultima is limited, and the decision could be overturned on appeal. In the meantime, Ultima could represent another sign of an increasing trend towards reverse-discrimination claims in employment and contracting.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Molly Senger, Zakiyyah Salim-Williams, Mylan Denerstein, Dhananjay Manthripragada, Lindsay Paulin, Matt Gregory, and Josh Zuckerman.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment or Government Contracts practice groups, the authors, or the following practice leaders and partners:

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group, New York
(+1 212-351-3850, mdenerstein@gibsondunn.com)

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer, Washington, D.C.
(+1 202-955-8503, zswilliams@gibsondunn.com)

Molly T. Senger – Partner, Labor & Employment Group, Washington, D.C.
(+1 202-955-8571, msenger@gibsondunn.com)

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group, Washington, D.C.
(+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group, Los Angeles
(+1 213-229-7107, ksmith@gibsondunn.com)

Dhananjay S. Manthripragada – Partner & Co-Chair, Government Contracts Group, Los Angeles
(+1 213-229-366, dmanthripragada@gibsondunn.com)

Lindsay M. Paulin – Partner & Co-Chair, Government Contracts Group, Washington, D.C.
(+1 202-887-3701, lpaulin@gibsondunn.com)

On 13 June 2023, the European Parliament published a draft report[1] (the “Parliament Proposal”) on the proposal made by the European Commission on 7 December 2022[2] (the “Commission Proposal”) which sets out contemplated amendments to the European Market Infrastructure Regulation (“EMIR”).

The Commission Proposal resulted from a targeted review of EMIR, relating in particular to the supervisory arrangements for central counterparties (“CCPs”), which the Commission was required to carry out by 2 January 2023.[3] As part of the standard EU legislative process, it was then up to the Parliament to be involved, which led to the Parliament Proposal.

The primary aim of the changes contemplated by the Commission and the Parliament, referred to as EMIR 3, is to improve the attractiveness and resilience of the EU clearing system and reduce the exposure of EU entities to third-country CCPs. EMIR 3 also draws lessons from some specific issues that became apparent during the recent energy crisis, and includes other targeted modifications of EMIR.

In this context, the Parliament Proposal does entail some key divergences from the Commission Proposal, which this alert outlines.

I. The active account requirement

This is arguably the most impactful and debated provision considered by EMIR 3.

The Commission Proposal included an obligation for financial counterparties (“FCs”) and non-financial counterparties (“NFCs”) subject to the clearing obligation (such NFCs being often referred to as “NFC+s”) to hold active accounts at CCPs established in the EU. It also required these counterparties to clear in such accounts at least a certain proportion of specific systemic derivative contracts, namely:

interest rate derivatives denominated in euro and Polish zloty;
credit default swaps (“CDS”) denominated in euro; and
short-term interest rate derivatives denominated in euro.

The relevant proportion to be cleared at EU CCPs was to be determined by ESMA through regulatory technical standards.[4]

This approach, known as the “quantitative” approach, has been criticized by various market participants, including ISDA,[5] on the grounds that it would prove costly and jeopardize the competitiveness of EU firms.

Taking these concerns into account, the Parliament Proposal maintains the active account requirement, but provides for it to be gradually phased-in with a two-step approach.

During the first phase, the quantitative approach would be replaced with a qualitative one. EU counterparties would be required to exchange initial and variation margins in an account at a EU CCP, and to regularly enter into new positions on that account. ESMA would be charged with establishing the frequency of trading needed for it to be considered “regular”, which could vary depending on the type of entity considered.[6] Eighteen months after the entry into force of EMIR 3, ESMA and the Joint Monitoring Mechanism[7] would produce a report assessing whether such qualitative approach proves sufficient to relocate clearing activities to the EU clearing system and thus protect the stability of the EU financial system.[8]
If, at the end of the first phase, the qualitative approach proves not to have been sufficient, then the second, quantitative phase would be implemented and ESMA would determine the proportion of derivative contracts to be cleared in the EU CCPs’ active accounts.[9]

In addition, the Parliament Proposal removes euro-denominated CDS from the list of derivatives subject to the active account requirement and instead refers to other categories of derivative contracts pertaining to clearing services to be identified by ESMA as being of substantial systemic importance.[10]

II. Exemption from reporting obligation for NFC intragroup transactions

In 2019,[11] EMIR was amended to include an exemption from the reporting obligation for over-the-counter derivatives between counterparties within a group, where at least one of the counterparties is a non-financial counterparty and the parent undertaking is established in the EU[12]. The rationale for such exemption was that NFC intragroup transactions were not seen as a posing a significant systemic risk. However, in light of some of the difficulties revealed during the energy crisis, the Commission Proposal removed this exemption to ensure more visibility on NFC intragroup transactions.[13]

The Parliament Proposal considers that such removal of the exemption could be premature, as it would lead to additional burdens for corporate end-users of derivatives, without the potential supervisory upside having been established. Consequently, the Parliament Proposal reinstates the exemption and encourages ESMA to prepare a cost-benefit analysis, before reassessing whether to remove the exemption.[14] We note that other jurisdictions, such as the United States, provide relief for non-financial companies from the reporting of intragroup transactions and that in the UK, any intragroup transaction where at least one counterparty is a non-financial counterparty (or would be qualified as a non-financial counterparty if it were established in the UK) may be exempt from the reporting obligation provided that specific circumstances are met.

III. Margining exemption for single-stock and equity index options

To ensure a level playing field for EU firms and avoid regulatory arbitrage with other jurisdictions where they are exempted from margining requirements (e.g., the United States), temporary exemptions for single-stock and equity index options have been repeatedly extended, so that they would not be subject to initial margin and variation margin requirements under EMIR. The exemption is now set to expire on 4 January 2024. We note that the UK regulators are consulting on extending the UK exemption further until 4 January 2026.

The Parliament Proposal contemplates including in EMIR 3 a phase-in approach in respect of these transactions. The exemption, which would now be directly included in the Level 1 text, would be of a temporary nature. ESMA would monitor the regulatory developments in other jurisdictions and report on them every two years. On the basis of the report, the Commission would determine whether maintaining the exemption is justified. If the Commission concludes that it is not, it will specify the adaptation period at the end of which parties will need to comply with margin requirements in respect of their single-stock and equity index options, such period not to exceed 30 months.[15]

IV. Clearing exemption for transactions resulting from PTRR services

The Parliament Proposal contemplates an exemption to the clearing obligation in respect of transactions resulting from post-trade risk reduction (“PTRR”) services. Such services, which include portfolio compression, portfolio optimisation and rebalancing services, are deemed by the Parliament to reduce systemic and operational risk.[16] To encourage the use of PTRR services, it is thus proposed to exempt from the clearing obligation transactions which result from them (as opposed to the original trades which are the subject of the PTRR services and which would remain subject to the clearing obligation to the extent applicable). However, strict conditions would need to be complied with for the exemption to apply. In particular, the PTRR services must be performed by a provider independent of the market participants, and be a market risk neutral exercise not contributing to price formation. In addition, parties intending to benefit from the exemption must notify their competent authorities thereof.[17]

V. Centralization with ESMA of the supervision of EU CCPs

The Parliament Proposal would empower ESMA with a direct supervisory role with respect to EU CCPs, transferring decision-making authority on many matters from national authorities to ESMA. The aim is, through such centralized supervision, to better monitor clearing services in an increasingly cross-border and interconnected context and reduce the potential differences in the interpretation of EMIR between the Member States.[18]

VI. Equivalence approach in respect of margining requirements

The Commission Proposal removed the equivalence mechanism set out in Article 13 of EMIR in respect of reporting, clearing and margining obligations. This mechanism provided that counterparties were deemed to comply with such obligations as set out in EMIR to the extent that they were already subject to equivalent requirements in the jurisdiction in which they were established. This dealt with duplicative or conflicting rules applicable in different jurisdictions, and thus avoided excessive burdens on participants.

Noting that it had proven useful for market participants, the Parliament Proposal reinstates such equivalence mechanism in respect of the sole risk-mitigation techniques set out in Article 11 of EMIR, in particular the margining obligation.[19]

VII. Reporting by counterparties established outside the EU

The Parliament Proposal extends to counterparties established outside the EU, but belonging to a group subject to consolidated supervision in the EU, the requirement to report to trade repositories the conclusion (i.e. the execution), modification or termination of their derivatives. The stated intention of such change is to cover the offshore activities of EU supervised groups.[20]

VIII. Transparency in respect of clearing costs of CCPs

Under the Parliament Proposal, clearing services providers (whether clearing members or clients) would be required to inform their clients of the costs associated with the clearing services of the different CCPs where clearing of the relevant position is possible.[21]

IX. Transparency and control in respect of risk-mitigation techniques

In this respect, the Parliament Proposal entails two new requirements.

FCs and NFCs shall be required to notify the European Banking Authority (“EBA”) and their competent authorities of their initial margin calculation models, at the latest 60 working days prior to first using them. If they find such models not to comply with the applicable conditions, such authorities may object to their use, in which case the relevant entities will be required to cease using them and instead use another model within a year.
FCs shall be required to report information on their risk-management procedures (including, where applicable, in relation to the initial margin models used) to the EBA and their competent authorities and disclose key information therein.[22]

X. No prior authorization for CCPs’ “business as usual” changes

Taking one step further the “non-objection procedure” put forward in the Commission Proposal, the Parliament Proposal would create a new subset of “business as usual” changes, which CCPs could make without prior authorization. The changes would, however, be reviewed and reported on by ESMA on a regular basis.[23]

XI. Next steps

As illustrated above, the revisions that may result from EMIR 3 may have broad impacts for EU market participants (and their affiliates), including for non-financial corporates. However, there are still a number of points which require further discussions for a compromise to be reached. The Council, Commission and Parliament will need to engage in further exchanges to ultimately produce an agreed text.

___________________________

[1] https://www.europarl.europa.eu/doceo/document/ECON-PR-749908_EN.pdf.

[2] Available here.

[3] Article 85(7) of EMIR.

[4] Article (I) (4) of the Commission Proposal.

[5] https://www.isda.org/a/a6ygE/ISDA-commentary-EMIR-3.pdf

[6] Amendments 30 to 32 of the Parliament Proposal.

[7] This new mechanism, introduced by the Commission Proposal, is intended to bring together the various bodies involved in the supervision of EU CCPs, clearing members and clients.

[8] Amendment 38 of the Parliament Proposal.

[9] Amendment 38 of the Parliament Proposal.

[10] Amendment 35 of the Parliament Proposal.

[11] Article 1(7) of Regulation (EU) 2019/834.

[12] This need for the parent undertaking to be established in the EU in order to benefit from the exemption has been clarified by the Commission (TR answer 51(m) in ESMA’s Q&A relating to EMIR – available here).

[13] Article (I)(5) of the Commission Proposal.

[14] Amendment 50 of the Parliament Proposal.

[15] Amendment 60 of the Parliament Proposal. It is worth noting that, on 13 June 2023, the EBA, EIOPA and ESMA sent a letter to the Commission, Parliament and Council seeking for a permanent treatment of single-stock and equity index options with respect to margin requirements, indicating that EMIR 3 provides a good opportunity to clarify this issue (available here).

[16] Amendment 3 of the Parliament Proposal.

[17] Amendment 29 of the Parliament Proposal.

[18] Explanatory statement included in the Parliament Proposal.

[19] Amendment 64 of the Parliament Proposal.

[20] Amendment 49 of the Parliament Proposal.

[21] Amendment 42 of the Parliament Proposal.

[22] Amendment 59 of the Parliament Proposal.

[23] Amendment 101 of the Parliament Proposal.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Global Financial Regulatory, Financial Institutions or Derivatives practice groups, or any of the following:

Paris:
Vincent Poilleux (+33 (0) 1 56 43 13 00, vpoilleux@gibsondunn.com)
Farida Ouriachi (+33 (0) 1 56 43 13 00, fouriachi@gibsondunn.com)
Emma Lavaysse di Battista (+33 (0) 1 56 43 13 00, elavaysse@gibsondunn.com)

United Kingdom:
Michelle M. Kirschner (+44 (0) 20 7071 4212, mkirschner@gibsondunn.com)
Martin Coombes (+44 (0) 20 7071 4258, mcoombes@gibsondunn.com)

United States:
Jeffrey L. Steiner – Washington, D.C. (+1 202-887-3632, jsteiner@gibsondunn.com)
Adam Lapidus – New York (+1 212-351-3869, alapidus@gibsondunn.com)

We are pleased to provide you with Gibson Dunn’s Accounting Firm Quarterly Update for Q2 2023. The Update is available in .pdf format at the below link, and addresses news on the following topics that we hope are of interest to you:

ALI CLE Holds Annual Accountants’ Liability Conference
PCAOB Proposes Expansive NOCLAR Auditing Standard
Supreme Court Holds Section 11 Plaintiffs Must Show They Bought Registered Shares
Supreme Court Holds States Can Require Corporate Consent to General Jurisdiction
Australian Government Investigating Accounting Partnerships
PCAOB Continues China Inspections
PCAOB Issues Spotlight Report on Professional Skepticism
Supreme Court Grants Certiorari in Challenge to SEC Administrative Proceedings
Other Recent SEC and PCAOB Regulatory Developments

Please let us know if there are topics that you would be interested in seeing covered in future editions of the Update.

Read More

Accounting Firm Advisory and Defense Group:

James J. Farrell – Co-Chair, New York (+1 212-351-5326, jfarrell@gibsondunn.com)

Ron Hauben – Co-Chair, New York (+1 212-351-6293, rhauben@gibsondunn.com)

Monica K. Loseman – Co-Chair, Denver (+1 303-298-5784, mloseman@gibsondunn.com)

Michael Scanlon – Co-Chair, Washington, D.C.(+1 202-887-3668, mscanlon@gibsondunn.com)

In addition to the Accounting Firm Advisory and Defense Practice Group Chairs listed above, this Update was prepared by David Ware, Timothy Zimmerman, Benjamin Belair, Monica Limeng Woolley, John Harrison, and Nicholas Whetstone.

Gibson Dunn’s Supreme Court Round-Up provides an overview of cases decided during the October 2022 Term and other key developments on the Court’s docket. This past Term, the Court heard argument in 59 cases, released 58 opinions, and dismissed one case as improvidently granted.

Spearheaded by former Solicitor General Theodore B. Olson, the Supreme Court Round-Up keeps clients apprised of the Court’s most recent actions. The Round-Up previews cases scheduled for argument, tracks the actions of the Office of the Solicitor General, and recaps recent opinions. The Round-Up provides a concise, substantive analysis of the Court’s actions. Its easy-to-use format allows the reader to identify what is on the Court’s docket at any given time, and to see what issues the Court will be taking up next. The Round-Up is the ideal resource for busy practitioners seeking an in-depth, timely, and objective report on the Court’s actions.

To view the Round-Up, click here.

Gibson Dunn has a longstanding, high-profile presence before the Supreme Court of the United States, appearing numerous times in the past decade in a variety of cases. During the Supreme Court’s seven most recent Terms, 11 different Gibson Dunn partners have presented oral argument; the firm has argued a total of 17 cases in the Supreme Court during that period, including closely watched cases with far-reaching significance in the areas of intellectual property, securities, separation of powers, and federalism. Moreover, although the grant rate for petitions for certiorari is below 1%, Gibson Dunn’s petitions have captured the Court’s attention: Gibson Dunn has persuaded the Court to grant 34 petitions for certiorari since 2006.

* * * *

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Supreme Court. Please feel free to contact the following attorneys in the firm’s Washington, D.C. office, or any member of the Appellate and Constitutional Law Practice Group.

Theodore B. Olson (+1 202.955.8668, tolson@gibsondunn.com)
Amir C. Tayrani (+1 202.887.3692, atayrani@gibsondunn.com)
Kate Meeks (+1 202.955.8258, kmeeks@gibsondunn.com)
Jessica L. Wagner (+1 202.955.8652, jwagner@gibsondunn.com)

On July 19, 2023, the U.S. Federal Trade Commission (FTC) and Department of Justice (DOJ) (collectively, the Agencies) jointly released updated draft Merger Guidelines (Proposed Guidelines) for public comment.[1] The Proposed Guidelines address horizontal and vertical mergers and reflect the Biden Administration’s competition policy and existing enforcement priorities[2] while providing guidance about the Agencies’ recent efforts to expand the reach of antitrust and fair competition laws.[3] The Proposed Guidelines will not be formally effective for several months, but, in practice, they already reflect current enforcement policy in reality, and as such are a window into the Agencies’ thinking on competition analysis.

Notable provisions in the Proposed Guidelines that reflect changes from prior agency guidance include: (A) lower market share and concentration thresholds necessary to trigger the structural presumption that a transaction is anticompetitive, (B) de-prioritizing market definition as the starting place for analysis, (C) close scrutiny of transactions that may eliminate potential competition, (D) a framework for analyzing mergers involving multi-sided platforms, (E) a focus on potential harm to rivals, (F) attention to serial or “roll-up” acquisitions, (G) enhanced focus on labor market effects, and (H) expanded use of the FTC’s Section 5 authority.

Overall, the Proposed Guidelines reflect the Agencies’ increased skepticism of the benefits of mergers and acquisitions and a greater willingness to pursue new or revive older theories of competitive harm.

I. Background: The Proposed Guidelines reflect major policy changes.

Historically, the Agencies have jointly issued Guidelines to explain their enforcement policy, most recently in the 2010 Horizontal Merger Guidelines[4] and the 2020 Vertical Merger Guidelines.[5] In September 2021, the FTC withdrew the Vertical Merger Guidelines in favor of a new set of guidance to be developed with DOJ.[6] The new Proposed Guidelines touch on both vertical and horizontal merger enforcement.

II. The Proposed Guidelines reflect the Agencies’ current policy of enhanced scrutiny in merger analysis and pursuit of broader enforcement priorities.

The Proposed Guidelines reflect recent trends in merger review, including enhanced Agency scrutiny and expanded theories. The Proposed Guidelines seek to further these priorities by articulating a range of frameworks that the Agencies may use for assessing a merger’s legality.

A. Lower thresholds to trigger a structural presumption.

The lowering of the quantitative thresholds of market concentration necessary to trigger the presumption that a merger is anticompetitive is one of the most impactful policy changes articulated in the Proposed Guidelines. As a result of this change, the agencies may use the Proposed Guidelines as grounds to investigate more deeply transactions previously considered low-risk, and to discount pro-competitive features of the industry, regardless of the deal specifics. To apply a structural presumption, however, the Agencies would need to define the relevant market in which to evaluate the competitive effects of a proposed transaction.

While the Agencies have long used market concentration thresholds to guide antitrust analysis in merger review, the Proposed Guidelines utilize lower thresholds and ascribe greater weight to the attendant anticompetitive inferences.[7] Whereas the 2010 Horizontal Merger Guidelines characterize concentrations of seven competitors of equal share or more (utilizing the Herfindahl-Hirschman Index (HHI) index) as “unconcentrated”, the Proposed Guidelines would seek to label as “concentrated” any market with more concentration than, for example, 10 equal players. The specific proposed interplay of concentration and market shares is illustrated below.

B. Decreased focus on market definition in favor of competitive effects and other evidence.

While the 2010 Horizontal Merger Guidelines relied on market definition to focus the inquiry on the relevant competitive dynamics, the Proposed Guidelines eschew this approach. Instead, the Agencies may avoid defining markets and rely instead on non-traditional evidence, including evidence of competition between the merging parties (irrespective of alternative competitive threats), prior industry coordination (regardless of the parties’ participation), or recent mergers in the same market (regardless of whether prior transactions increased competition).

C. Close scrutiny of transactions that may eliminate potential competition.

Consistent with the Biden administration’s enforcement program, the Proposed Guidelines endorse an expansive view of the so-called “potential competition” doctrine, which describes transactions that may violate the antitrust laws by eliminating an “actual” or “perceived” potential competitor rather than a current market participant.[8] Under the Proposed Guidelines, a merger may be illegal where it eliminates “actual” potential competition, i.e., “the possibility that entry or expansion by one or both firms would have resulted in new or increased competition in the market in the future.”[9] The agencies may also investigate mergers that eliminate “perceived” potential competition, i.e., “current competitive pressure exerted on other market participants by the mere perception that one of the firms might enter.”[10]

The 2010 Horizontal Merger Guidelines neither distinguish between “actual” or “perceived” potential competition nor devote significant time to discussing them as an Agency priority, and the Agencies have found split Circuit opinions on frameworks for “actual” and “perceived” potential competition claims. The Proposed Guidelines set out a detailed framework under the most Agency-favorable Circuit views for analyzing potential competition issues. For example, the Proposed Guidelines suggest that, in challenging a deal that threatens to eliminate an “actual” potential entrant, the Agencies need only show whether one of the merging firms had a “reasonable probability” of entering the relevant market absent the merger.[11] This standard, while endorsed by some district courts, has been rejected by others (and at one time even the FTC itself) in favor of a more demanding showing of “clear proof.” Both here and elsewhere in the Proposed Guidelines, the Agencies rely on a generous and often selective reading of the relevant case law.

D. Framework for analyzing platform mergers.

The Proposed Guidelines set forth a framework for analyzing and challenging mergers involving competition between, on and to displace platform businesses (businesses that provide different products or services to two or more different groups or “sides” who may benefit from each other’s participation). The Proposed Guidelines provide that transactions involving platforms may attract scrutiny if 1) two platform operators are combining; 2) a platform operator acquires a platform participant; 3) it involves the acquisition of a company that facilitates participation on multiple platforms, or 4) it involves the acquisition by a platform operator of a company that provides important inputs for platform services (such as data enabling matching, sorting, or prediction).

E. Focus on potential harm to rivals.

Historically, the Agencies followed the Brown Shoe rule that antitrust law protections “competition, not competitors”, but the Proposed Guidelines highlight mergers’ potential to harm competitors. Where discussion of harm to competitors previously occurred primarily in a vertical context, the Agencies have expanded potential harms via potential foreclosure of products or services in “related” markets that could impact competition in an overlap product market. Most notably, the Proposed Guidelines indicate potential concerns may arise for related products rivals do not currently use but may in the future, and for circumstances where related products are or could be complementary to rivals’ competitive products and thus increase their value to customers.[12] Through the Proposed Guidelines, the Agencies have expanded theories of harm to include current and potential 3rd party competitors.

F. Investigations of serial or “roll-up” acquisitions.

The Proposed Guidelines also announce a new approach to analyzing multiple acquisitions by the same company. Traditionally, the Agencies have assessed a merger’s potential competitive effects independent of prior acquisitions, with an eye towards how future conduct will change because of the current merger. The Agencies now intend to investigate “pattern[s] or strateg[ies] of multiple small acquisitions, even if no single acquisition on its own would risk substantially lessening competition or tending to create a monopoly.”[13] This follows previously stated goals by the Agencies to bring enforcement actions against “roll-up” acquisitions, particularly in technology, pharmaceuticals, healthcare, and private equity investment.[14]

G. Enhanced focus on labor market effects.

The Proposed Guidelines expand the Agencies’ recent focus of mergers’ competitive effects in labor markets. In her recent Statement on the Proposed Guidelines, FTC Chair Lina Khan noted that “although antitrust law from its founding has been concerned about the effects of monopoly power on workers, merger analysis in recent decades has neglected to focus on labor markets.”[15] The Proposed Guidelines emphasize “labor markets are important buyer markets” that are separately subject to review, and downplay potential efficiencies created by firms combining operations.[16] The Agencies are already inquiring into potential labor market overlaps in Second Request investigations, as well as reviewing documents produced in merger investigations for evidence of wage fixing or no-poach agreements.

H. Expanded use of FTC Section 5 authority.

The Proposed Guidelines note several potential scenarios (and suggest more exist) where the FTC might exercise enforcement powers beyond the scope of the Sherman and Clayton Acts, reflecting Chair Khan’s often articulated intent to expand the FTC’s authority under Section 5 of the FTC Act.[17] The Proposed Guidelines leave the scope of this expanded enforcement authority open but note examples, such as otherwise lawful transactions whose acquisition structures, regulatory jurisdictions, or procurement processes might lessen competition.[18] As a result, the FTC may probe more widely into the acquisition dynamics and acquiring parties’ business structure during investigations and probe deeper into documents and interviews to root out potentially unique industry competitive conditions.

III. Practically, the Proposed Guidelines would bring greater antitrust scrutiny earlier in the regulatory review process and less certainty to merging parties.

Companies considering transactions should take note of the Proposed Guidelines and consider what changes to existing processes may be required. Companies should review due diligence templates with an eye toward early identification of items that may be the subject of regulatory scrutiny, including new and expanded areas of focus including labor markets, inputs to rivals, and past acquisitions. Companies may also want to proactively develop strong and persuasive advocacy that demonstrates the procompetitive aspects of a transaction and meets potential theories of competitive harm head-on. Finally, document creation and retention guidance continues to be of paramount importance as the number and types of documents that could be a focus item in merger investigations continues to grow, with potential changes to the HSR filing guidelines that may require submission of many additional documents related to the transaction.[19]

IV. Conclusion & Takeaways

The Proposed Guidelines are the latest in a larger trend of expanded and more aggressive antitrust enforcement by the Agencies in the current Administration, as we have noted in our prior Client Alerts regarding changes to the HSR merger notification form, FTC’s enforcement authority under Section 5 of the FTC Act, and interlocking directorates.[20] As with other efforts to expand the reach of the antitrust laws, the enforcement policies articulated in these Proposed Guidelines will be subject to review by federal courts. And, although prior Merger Guidelines have garnered widespread acceptance in the case law, to challenge proposed transactions based on novel theories articulated in these Proposed Guidelines, the Agencies will ultimately need to persuade federal courts that these theories are supported by legal precedent.

In light of this increasingly aggressive and unpredictable merger enforcement environment, firms considering transactions should continue to proactively consult with antitrust counsel to develop appropriate antitrust risk mitigation strategies. While the draft merger guidelines are simply guidance and may yet evolve in response to public comments, they are indicative of the theories that enforcers may study during a merger investigation.

Gibson Dunn attorneys are closely monitoring these developments and are available to discuss these issues as applied to your particular business.

___________________________

[1] Merger Guidelines (Draft for Public Comment), U.S. Dep’t of Justice & Fed. Trade Comm’n (July 19, 2023) (non-final draft for public comment purposes) (“Proposed Guidelines”).

[2] See, e.g., Exec. Order No. 14,036, 86 Fed. Reg. 36,987 (July 9, 2021). See also Fact Sheet: Executive Order on Promoting Competition in the American Economy, The White House (July 9, 2021).

[3] See Gibson Dunn Client Alerts: DOJ Signals Increased Scrutiny on Information Sharing (Feb. 10, 2023); FTC Proposes Rule to Ban Non-Compete Clauses (Jan. 5, 2023); FTC Announces Broader Vision of Its Section 5 Authority to Address Unfair Methods of Competition (Nov. 14, 2023); DOJ Antitrust Secures Conviction for Criminal Monopolization (Nov. 9, 2022); DOJ Antitrust Division Head Promises Litigation to Break Up Director Interlocks (May 2, 2022).

[4] Horizontal Merger Guidelines, U.S. Dep’t of Justice & Fed. Trade Comm’n (August 19, 2010).

[5] Vertical Merger Guidelines, U.S. Dep’t of Justice & Fed. Trade Comm’n (June 30, 2020).

[6] Press Release, Federal Trade Commission Withdraws Vertical Merger Guidelines and Commentary, Fed. Trade Comm’n, (Sept. 15, 2021).

[7] See Proposed Guidelines at 7 n.29 (“The first merger guidelines to reference an HHI threshold were the merger guidelines issued in 1982, which used the 1,800 HHI threshold for a highly concentrated market, and 100 HHI for a significant increase. Each subsequent iteration until 2010 maintained those thresholds. . . . . In practice, the Agencies tended to challenge mergers that greatly exceeded these thresholds to focus their limited resources on the most problematic transactions. The more permissive thresholds included in the 2010 Horizontal Merger Guidelines reflected that agency practice, rather than a judgment of the appropriate thresholds for competitive concem or the requirements of the law. The Agencies consider a threshold of a post-merger 1,800 HHI and an increase in HHI of 100 to better reflect both the law and the risks of competitive harm and have therefore returned to those thresholds here.”)

[8] See id. at 11–13.

[9] Id. at 13.

[10] Id. at 11.

[11] Id. at 11–12.

[12] See Proposed Guidelines at 14 (Section II. Guideline 5. Subsection A. “The Ability and Incentive to Weaken or Exclude Rivals”).

[13] Proposed Guidelines at 22 (Section II. Guideline 9. “When a Merger is Part of a Series of Multiple Acquisitions, the Agencies May Examine the Whole Series.”).

[14] See, e.g., Statement of Commissioner Rohit Chopra Regarding Private Equity Roll-ups and the Hart-Scott Rodino Annual Report to Congress, Fed. Trade Comm’n (July 8, 2020); Deputy Assistant Attorney General Andrew Forman, The Importance of Vigorous Antitrust Enforcement in Healthcare (June 3, 2022).

[15] Statement of Chair Lina M. Khan Joined by Commissioner Rebecca Kelly Slaughter and Commissioner Alvaro M. Bedoya Regarding FTC-DOJ Proposed Merger Guidelines, Fed. Trade Comm’n (July 19, 2023).

[16] See Proposed Guidelines at 26 (Section II. Guideline 11. “When A Merger Involves Competing Buyers, the Agencies Examine Whether It May Substantially Lessen Competition for Workers or Other Sellers.”).

[17] Statement of Chair Lina M. Khan Joined by Commissioner Rebecca Kelly Slaughter and Commissioner Alvaro M. Bedoya On the Adoption of the Statement of Enforcement Policy Regarding Unfair Methods of Competition Under Section 5 of the FTC Act, Fed. Trade Comm’n (Nov. 10. 2022); Statement of Chair Lina M. Khan Joined by Commissioner Rohit Chopra and Commissioner Rebecca Kelly Slaughter on the Withdrawal of the Statement of Enforcement Principles Regarding “Unfair Methods of Competition” Under Section 5 of the FTC Act, Fed. Trade Comm’n (July 1, 2021).

[18] Proposed Guidelines at 28 (Section II. Guideline 13. “Mergers Should Not Otherwise Substantially Lessen Competition or Tend to Create a Monopoly.”).

[19] See Gibson Dunn Client Alert: FTC Proposes Dramatic Expansion and Revision of HSR Merger Notification Form (June 29, 2023).

[20] See Gibson Dunn Client Alerts: DOJ Signals Increased Scrutiny on Information Sharing (Feb. 10, 2023); FTC Proposes Rule to Ban Non-Compete Clauses (Jan. 5, 2023); FTC Announces Broader Vision of Its Section 5 Authority to Address Unfair Methods of Competition (Nov. 14, 2023); DOJ Antitrust Secures Conviction for Criminal Monopolization (Nov. 9, 2022); DOJ Antitrust Division Head Promises Litigation to Break Up Director Interlocks (May 2, 2022).

The following Gibson Dunn lawyers prepared this client alert: Sophie Hansell, Kristen Limarzi, Josh Lipton, Michael Perry, Chris Wilson, Jamie France, Logan Billman, Zoë Hutchinson, Connor Leydecker, and Steve Pet.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Antitrust and Competition, Mergers and Acquisitions, or Private Equity practice groups, or the following practice leaders:

Antitrust and Competition Group:
Rachel S. Brass – Co-Chair, San Francisco (+1 415-393-8293, rbrass@gibsondunn.com)
Stephen Weissman – Co-Chair, Washington, D.C. (+1 202-955-8678, sweissman@gibsondunn.com)
Ali Nikpay – Co-Chair, London (+44 (0) 20 7071 4273, anikpay@gibsondunn.com)
Christian Riis-Madsen – Co-Chair, Brussels (+32 2 554 72 05, criis@gibsondunn.com)

Mergers and Acquisitions Group:
Robert B. Little – Co-Chair, Dallas (+1 214-698-3260, rlittle@gibsondunn.com)
Saee Muzumdar – Co-Chair, New York (+1 212-351-3966, smuzumdar@gibsondunn.com)

Private Equity Group:
Richard J. Birns – Co-Chair, New York (+1 212-351-4032, rbirns@gibsondunn.com)
Ari Lanin – Co-Chair, Los Angeles (+1 310-552-8581, alanin@gibsondunn.com)
Michael Piazza – Co-Chair, Houston (+1 346-718-6670, mpiazza@gibsondunn.com)

Decided July 17, 2023

California Medical Association v. Aetna Health of California, Inc., S269212

This week, the California Supreme Court held that organizations have standing to sue for violations of California’s Unfair Competition Law if they spent resources fighting the business practice they challenge as unfair.

Background: The California Medical Association (“CMA”), a nonprofit organization that advocates on behalf of member physicians, sued Aetna Health of California over Aetna’s implementation of a “Network Intervention Policy,” which limited in-network providers’ ability to refer patients to out-of-network providers. The CMA alleged that the policy violated California’s Unfair Competition Law (“UCL”).

Under the UCL, private plaintiffs have standing to sue only if they have “suffered injury in fact” and “lost money or property as a result of” the business practice they challenge as unlawful or unfair. (Bus. & Prof. Code, § 17204.) CMA argued that it met this standard because it had diverted more than 200 hours of staff time to responding to Aetna’s Network Intervention Policy. CMA alleged that, among other things, it prepared a letter to California regulators and advised affected physicians about the policy.

Aetna argued that CMA lacked statutory standing because it had not lost money or property as a result of the policy. The trial court agreed that the diversion of organizational resources is not the same as the loss of money or property and entered summary judgment for Aetna. The Court of Appeal affirmed.

Issue: California’s Unfair Competition Law requires private plaintiffs to have “suffered injury in fact” and “lost money or property as a result of the unfair competition” the plaintiffs challenge. Can plaintiffs satisfy this requirement by pointing to the costs they incurred in responding to the challenged business practice?

Court’s Holding:

Yes. When an organization incurs costs responding to perceived unfair competition that threatens its bona fide, preexisting mission, and those costs were not incurred through litigating or preparing to litigate the organization’s UCL claims, the organization has satisfied the UCL’s standing requirements.

“[T]he UCL’s standing requirements are satisfied when an organization … incurs costs to respond to perceived unfair competition that threatens [its] mission…”

Justice Evans, writing for the Court

What It Means:

The opinion gives organizational plaintiffs, such as nonprofits and unions, a new way to establish standing to bring claims under the UCL. Because these types of membership organizations are unlikely to suffer a direct economic injury aside from the diversion of resources, the decision potentially opens the door to lawsuits that would previously have been barred.
Even so, the Court imposed significant limitations on the circumstances that may give rise to standing. Organizations may not manufacture standing by relying on expenditures made “in the course of UCL litigation, or to prepare for UCL litigation.” And the organization’s diversion of resources must occur through its sincere pursuit of “missions separate from the planned UCL litigation,” and not through a “brief stint of advocacy.”
The Court clarified that its decision was “limited to organizational standing; we say nothing about individual standing.” Thus, an individual plaintiff cannot establish standing under the UCL by pointing to her own expenditure of “personal, uncompensated time responding to the alleged unfair competition.”
In a footnote, the Court indicated that organizational plaintiffs with standing may seek injunctive relief that would primarily benefit the public—and that such actions would not be considered “representative” actions.

The Court’s opinion is available here.

Appellate and Constitutional Law Practice

Thomas H. Dupree Jr. +1 202.955.8547 tdupree@gibsondunn.com	Allyson N. Ho +1 214.698.3233 aho@gibsondunn.com	Julian W. Poon +1 213.229.7758 jpoon@gibsondunn.com
Blaine H. Evanson +1 949.451.3805 bevanson@gibsondunn.com	Bradley J. Hamburger +1 213.229.7658 bhamburger@gibsondunn.com	Michael J. Holecek +1 213.229.7018 mholecek@gibsondunn.com

Related Practice: Class Actions

Christopher Chorba
+1 213.229.7396
cchorba@gibsondunn.com

Kahn A. Scolnick
+1 213.229.7656
kscolnick@gibsondunn.com

Related Practice: Litigation

Theodore J. Boutrous, Jr.
+1 213.229.7804
tboutrous@gibsondunn.com

Theane Evangelis
+1 213.229.7726
tevangelis@gibsondunn.com

As many companies prepare their quarterly reports on Form 10-Q for the quarter ended June 30, 2023, we offer the following observations and reminders regarding new disclosure requirements taking effect for this reporting period, as well as risk factor considerations that may be relevant to upcoming Form 10-Q reporting. For convenience, this publication also includes a summary of certain upcoming compliance dates for public companies.

Rule 10b5-1 Trading Arrangement Disclosures

Beginning with the filing that covers the first full fiscal period that begins on or after April 1, 2023 (i.e., Q2 2023 Form 10-Q for calendar year companies), the “Other Information” section of each periodic report (i.e., Part II, Item 5 of Form 10-Q and Part II, Item 9B of Form 10-K) must disclose whether any director or Section 16 officer adopted or terminated a trading arrangement intended to satisfy the affirmative defense conditions of Rule 10b5-1(c) or a “non-Rule 10b5–1 trading arrangement.” By its terms, the disclosure requirement (Item 408(a) of Regulation S-K) is triggered when a trading arrangement is “adopted or terminated”; however, the SEC deems certain modifications to a trading arrangement to be the termination of one arrangement and entry into another.

The disclosure must identify whether the arrangement is a Rule 10b5-1 trading arrangement or a non-Rule 10b5-1 trading arrangement, and provide a brief description of the material terms (other than price), including (i) the name and title of the director or officer, (ii) the date of adoption or termination of the trading arrangement, (iii) the duration of the trading arrangement, and (iv) the aggregate number of securities to be sold or purchased under the trading arrangement (including pursuant to the exercise of any options).

Read More

Originally published on Gibson Dunn’s Securities Regulation and Corporate Governance Monitor. The following Gibson Dunn attorneys assisted in preparing this update: Mike Titera, Ronald Mueller, Thomas Kim, Lori Zyskowski, Elizabeth Ising, James Moloney, Julia Lapitskaya, Aaron K. Briggs, Chris Ayers, and Lauren Assaf-Holmes.

In a July 13, 2023 letter, Attorneys General of 13 states (Alabama, Arkansas, Indiana, Iowa, Kansas, Kentucky, Mississippi, Missouri, Montana, Nebraska, South Carolina, Tennessee, and West Virginia) issued a warning to the CEOs of Fortune 100 companies, threatening “serious legal consequences” over race-based employment preferences and diversity policies. The letter refers to the recent Supreme Court decision in Students for Fair Admissions v. Harvard and Students for Fair Admissions v. UNC, in which the Supreme Court held that two colleges’ use of race in their admissions policies was unlawful, and warns that race-based employment decisions likewise violate federal and state laws prohibiting employment discrimination. While the Supreme Court’s holding addressed only college and university admissions and not private-sector employers, this letter confirms that the Court’s decision may have broader implications that could accelerate an existing trend of challenges to private employers’ workplace diversity, equity and inclusion efforts. The group emphasized the Court’s statement that “[e]liminating racial discrimination means eliminating all of it,” suggesting that this language in the Court’s opinion could be used as ammunition to challenge various private-sector diversity policies, including in actions by certain Attorneys General who have enforcement authority under the anti-discrimination laws of their respective states.

In their letter, the group of Attorneys General stated their view that “racial discrimination in employment and contracting is all too common among Fortune 100 companies and other large businesses.” They warned that if a company “previously resorted to racial preferences or naked quotas to offset its bigotry, that discriminatory path is now definitively closed” as a result of the Supreme Court’s decision in SFFA v. Harvard, and that those companies must “overcome [their] underlying bias and treat all employees, all applicants, and all contractors equally, without regard for race.” The letter provides specific examples of the ways in which employers allegedly engage in unlawful discrimination, such as “explicit racial hiring quota[s]” and preferences to contractors with diverse staff or minority leadership. The letter does not address federal and state government contracting requirements, including for the certification of minority and women-owned business enterprises (MWBEs). The Attorneys General further criticized pledges by several major companies to foster diversity and support minority-owned businesses during racial justice protests in 2020.

The letter indicates that challenges to employers’ diversity programs could stem from a comparison of the legal framework under Title VI (which governs race discrimination in government-funded programs) and Title VII (which governs race discrimination in employment). Specifically, the letter refers to Justice Gorsuch’s concurrence in the Harvard/UNC decision, where Justice Gorsuch reasoned that principles of Title VI “apply equally to Title VII and other laws restricting race-based discrimination in employment and contracting.” The letter also notes that courts “routinely interpret Title VI and Title VII in conjunction with each other, adopting the same principles and interpretation for both statutes.”

Democrat and Republican appointees to the EEOC have stated that the Supreme Court’s decision should not affect employers’ diversity programs, although they have widely divergent views on the implications of the decision in practice. The Chair of the EEOC, Charlotte A. Burrows, released an official statement, taking the view that the Court’s decision does “not address employer efforts to foster diverse and inclusive workforces,” and that “[i]t remains lawful for employers to implement diversity, equity, inclusion, and accessibility programs that seek to ensure workers of all backgrounds are afforded equal opportunity in the workplace.” Chair Burrows will preside over a Democrat majority at the EEOC with the confirmation last week of Commissioner Kalpana Kotagal. Although EEOC Commissioner Andrea Lucas similarly stated that the decision does not alter federal employment law, she noted that race-based decision-making by employers is already presumptively illegal under Title VII, and expressed her view that many employers’ programs already run afoul of existing law.

The AG’s letter serves as an important reminder that employers should carefully evaluate whether any of their diversity and inclusion policies could face additional scrutiny or threats of litigation. Please refer to our previous client alert for an analysis of the Court’s opinion, as well as a discussion of some potential implications for private employers.

Please note that the purpose of this alert is to summarize the letter by the Attorneys General, and not to opine on the accuracy of its contents. Gibson Dunn has formed a Workplace DEI Task Force, bringing to bear the Firm’s expertise in employment, appellate and Constitutional law, DEI programs, securities and corporate governance, and government contracts to help our clients conduct legally privileged audits of their DEI programs (including for employees, applicants, suppliers, directors and other constituents), assess litigation risk, develop creative and practical approaches to accomplish their DEI objectives in a lawful manner, and defend those programs in private litigation and government enforcement actions as needed.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Molly Senger, Zakiyyah Salim-Williams, Matt Gregory, Angela Reid, and Emily Lamm.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, the authors, or the following practice leaders and partners:

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group, New York
(+1 212-351-3850, mdenerstein@gibsondunn.com)

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer, Washington, D.C.
(+1 202-955-8503, zswilliams@gibsondunn.com)

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group, Washington, D.C.
(+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group, Los Angeles
(+1 213-229-7107, ksmith@gibsondunn.com)

Gibson, Dunn & Crutcher LLP is pleased to announce with Global Legal Group the release of the International Comparative Legal Guide to: Anti-Money Laundering 2023. Gibson Dunn partners Stephanie L. Brooker and M. Kendall Day were contributing editors to the publication which covers issues including criminal enforcement, regulatory and administrative enforcement and requirements for financial institutions and other designated businesses. The Guide, comprised of 10 expert analysis chapters and 23 jurisdictions, is live and FREE to access HERE.

Ms. Brooker, senior associate Chris Jones, and Managing Director and Associate General Counsel at the Securities Industry and Financial Markets Association Bernard Canepa co-authored “Key BSA/AML Compliance Trends in the Securities Industry.” Sandy Moss and Ben Belair provided invaluable assistance with the article.

In addition, Mr. Day and Gibson Dunn of counsels Ella Capone and Linda Noonan co-authored the jurisdiction chapter on “USA: Anti-Money Laundering 2023.”

You can view these informative and comprehensive chapters via the links below:

CLICK HERE to view Key BSA/AML Compliance Trends in the Securities Industry

CLICK HERE to view USA: Anti-Money Laundering 2023

About Gibson Dunn’s Anti-Money Laundering and White Collar Practices:

Gibson Dunn’s Anti-Money Laundering practice provides legal and regulatory advice to all types of financial institutions and nonfinancial businesses with respect to compliance with federal and state anti-money laundering laws and regulations, including the U.S. Bank Secrecy Act. We represent clients in criminal and regulatory government investigations and enforcement actions. We also conduct internal investigations involving money laundering and Bank Secrecy Act violations for a wide range of clients in the financial services industry and companies with multinational operations. For further information, please visit our practice page and feel free to contact Stephanie L. Brooker (+1 202.887.3502, sbrooker@gibsondunn.com) or M. Kendall Day (+1 202.955.8220, kday@gibsondunn.com) in Washington, D.C.

The White Collar Defense and Investigations Practice Group defends businesses, senior executives, public officials and other individuals in a wide range of investigations and prosecutions. The group is composed of more than 250 lawyers practicing across our U.S. and international offices and draws on the expertise of more than 75 of its members with extensive government experience. We provide white collar client services around the world, with certain of our non-U.S. locations offering particular capabilities. For example, our Hong Kong office leads Gibson Dunn’s anti-corruption and compliance practice for Asia and our London disputes lawyers work regularly with complex internal and regulatory investigations, with particular familiarity in cross-border investigations in the financial services sector.

About the Authors:

Stephanie Brooker is Co-Chair of Gibson Dunn’s White Collar Defense and Investigations and Financial Institutions Practice Groups. She also co-leads the firm’s Anti-Money Laundering practice. She is the former Director of the Enforcement Division at FinCEN, and previously served as the Chief of the Asset Forfeiture and Money Laundering Section in the U.S. Attorney’s Office for the District of Columbia and as a DOJ trial attorney for several years. Ms. Brooker’s practice focuses on internal investigations, regulatory enforcement defense, white-collar criminal defense, and compliance counseling. She handles a wide range of white collar matters, including representing financial institutions, multi-national companies, and individuals in connection with criminal, regulatory, and civil enforcement actions involving sanctions; anti-corruption; anti-money laundering (AML)/Bank Secrecy Act (BSA); securities, tax, and wire fraud; foreign influence; “me-too;” cryptocurrency; and other legal issues. Ms. Brooker’s practice also includes BSA/AML and FCPA compliance counseling and deal due diligence and asset forfeiture matters. Ms. Brooker has been consistently recognized as a leading practitioner in the areas of white collar criminal defense and anti-money laundering compliance and enforcement defense. Chambers USA has ranked her and described her as an “excellent attorney,” who clients rely on for “important and complex” matters, and noted that she provides “excellent service and terrific lawyering.” Ms. Brooker has also been named a National Law Journal White Collar Trailblazer, a Global Investigations Review Top 100 Women in Investigations, and an NLJ Awards Finalist for Professional Excellence—Crisis Management & Government Oversight.

Kendall Day is Co-Chair of Gibson Dunn’s Financial Institutions Practice Group, co-leads the firm’s Anti-Money Laundering practice, and is a member of the White Collar Defense and Investigations Practice Group. Prior to joining Gibson Dunn, Mr. Day was a white collar prosecutor for 15 years, eventually rising to become an Acting Deputy Assistant Attorney General, the highest level of career official in the Criminal Division at DOJ. He represents financial institutions; fintech, crypto-currency, and multi-national companies; and individuals in connection with criminal, regulatory, and civil enforcement actions involving anti-money laundering (AML)/Bank Secrecy Act (BSA), sanctions, FCPA and other anti-corruption, securities, tax, wire and mail fraud, unlicensed money transmitter, false claims act, and sensitive employee matters. Mr. Day’s practice also includes BSA/AML compliance counseling and due diligence, and the defense of forfeiture matters. Mr. Day is consistently recognized as a leading White Collar attorney in the District of Columbia by Chambers USA – America’s Leading Business Lawyers. Most recently, Mr. Day was recognized in Best Lawyers 2023 for white-collar criminal defense.

Ella Alves Capone is Of Counsel in the Washington, D.C. office, where she is a member of the White Collar Defense and Investigations and Anti-Money Laundering practice groups. Her practice focuses in the areas of white collar investigations and advising clients on regulatory compliance and the effectiveness of their internal controls and compliance programs. Ms. Capone routinely advises multinational companies and financial institutions, including cryptocurrency and other digital asset businesses, gaming businesses, fintechs, and payment processors, on BSA/AML and sanctions compliance matters. She also has extensive experience representing clients before DOJ, SEC, OFAC, FinCEN, and federal banking regulators on a variety of white collar matters, including those involving BSA/AML, sanctions, anti-corruption, securities, and fraud matters.

Linda Noonan is Of Counsel in the Washington, D.C. office and a member of the firm’s Financial Institutions and White Collar Defense and Investigations Practice Groups. She joined the firm from the U.S. Department of the Treasury, Office of General Counsel, where she had been Senior Counsel for Financial Enforcement. In that capacity, she was the principal legal advisor to Treasury officials on domestic and international money laundering and related financial enforcement issues. She specializes in BSA/AML enforcement and compliance issues for financial institutions and non-financial businesses.

Chris Jones is a senior associate in the Los Angeles office of Gibson, Dunn & Crutcher. He is a member of the White Collar Defense and Investigations, Litigation, Anti-Money Laundering, and National Security Practice Groups, among others. His practice focuses primarily on internal investigations and enforcement defense, regulatory and compliance counselling, and complex civil litigation. Mr. Jones has experience representing clients in a wide range of anti-corruption, anti-money laundering, litigation, sanctions, securities, and tax matters. He has represented various client in investigations by the DOJ, SEC, FinCEN, and OFAC, including a number of AML-related investigations.

We are pleased to provide you with Gibson Dunn’s ESG monthly updates for June 2023. This month, our update covers the following key developments. Please click on the links below for further details.

I. International

1. ISSB publishes first two IFRS Sustainability Disclosure Standards

In June 2023, the International Sustainability Standards Board (“ISSB”) issued its IFRS Sustainability Disclosure Standards based on the recommendations of the Task Force on Climate-related Financial Disclosures (“TCFD”). IFRS S1 relates to the General Requirements for Disclosure of Sustainability-related Financial Information. It is effective for annual reporting period beginning on or after January 1, 2024 – earlier application is permitted if IFRS S2 is also applied. IFRS S2 relates to Climate-related Disclosures. It is effective for annual reporting period beginning on or after January 1, 2024 – earlier application is permitted if IFRS S2 is also applied. The ISSB is continuing to seek feedback on its future priorities for its next two-year work plan, which consultation closes on September 1, 2023.

2. ICMA announces updates to the Climate Transition Finance Handbook and Sustainability Principles

On June 22, 2023, the International Capital Markets Association (“ICMA”) announced that the Green, Social, Sustainability and Sustainability-Linked Bond Principles (the “Principles”) published revised 2023 editions of: (i) the Climate Transition Finance Handbook, which was originally launched in 2020 – the revisions include the progress made on climate transition guidance and disclosures; (ii) the Sustainability-Linked Bond Principles – the revisions include language for sovereign issuers together with revisions to the accompanying Key Performance Indicator registry; (iii) the Social Bond Principles – the revisions reflect the need to identify target populations and separately provide specific guidance for impact reporting for Social Bonds; and (iv) additional Q&As for green, social and sustainable bond securitisation, among other updates.

3. New reporting window open for signatories of the UN PRI and guidance published

Our May 2023 Update included an update on the release by the United Nations Principles for Responsible Investment (“PRI”) of a report on “Minimum Requirements for PRI Investor Signatories.” On June 14, 2023, the new reporting window for signatories of the PRI opened – this closes on September 6, 2023. PRI also published guidance on net zero and climate reporting in PRI’s Investor Reporting Framework, including (a) guidance to assist signatories of the Net Zero Asset Owner Alliance (“NZAOA”) who choose to report on their NZAOA requirements through PRI’s Investor Reporting Framework; (b) guidance to assist signatories of the Net Zero Asset Managers (“NZAM”) initiative to report on their NZAM commitments; and (c) guidance for all PRI signatories on climate reporting, based on TCFD-aligned indicators.

4. OECD updates its Guidelines for Multinational Enterprises on Responsible Business Conduct

On June 8, 2023, the Organisation for Economic Co-operation and Development (“OECD”) published an updated version of the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct. Key updates include recommendations for enterprises to align with internationally agreed goals on climate change and biodiversity, recommendations on risk-based due diligence, and specific environmental responsibilities.

5. IEA-IFC issue a special joint report calling for ramping up clean energy investments in emerging and developing countries

On June 21, 2023, the International Energy Agency (“IEA”) and the International Finance Corporation (“IFC”) published a special joint report. The report examines how to scale up private finance for clean energy transitions, identifies key barriers and how to remove them, and sets out policy actions and financial instruments to deliver acceleration in private capital flows for energy transition.

6. Climate Action 100+ announces its second phase

On June 8, 2023, Climate Action 100+ announced the launch of its second phase. The second phase will run until 2030 and intends to drive greater corporate climate action, by shifting the focus from corporate climate-related disclosure to the implementation of climate transition plans.

7. Nature Action 100 releases investor expectations to support urgent corporate action on nature loss

Nature Action 100, which is a global investor engagement initiative to address biodiversity and nature loss, and its impact on shareholder value, has released a set of corporate actions intended to protect and restore nature and ecosystems. The Investor Expectation for Companies outlines six key focus areas for action: ambition, assessment, targets, implementation, governance and engagement. Among other expectations, target companies will be expected to publicly commit to minimising contributions to key drivers of nature loss and to conserve and restore ecosystems at the operational level and throughout value chains by 2030. The eight key sectors identified for action are: biotechnology and pharmaceuticals; chemicals, such as agricultural chemicals; household and personal goods; consumer goods retail, including e-commerce and speciality retailers and distributors; food, ranging from meat and dairy producers to processed foods; food and beverage retail; forestry and paper, including forest management and pulp and paper products; metals and mining.

II. United Kingdom

1. FCA outlines concerns about sustainability-linked loans market

The Financial Conduct Authority (“FCA”) has outlined its concerns about the sustainability-linked loans (“SLLs”) market by way of a letter to interested stakeholders and parties on June 29, 2023. Concerns have been raised around credibility (including increased transparency), market integrity, greenwashing, conflicts of interest and potentially weak incentives to issue SLLs. The FCA has noted that some of these concerns have been addressed by the recently published revision of the Loan Market Association’s Sustainability-Linked Loan Principles, which the FCA believes should be more broadly adopted to drive further growth. The FCA does not currently plan to introduce regulatory standards or a code of conduct for the SLLs market, but has stated that it may reconsider this if the market needs it.

2. Climate Change Committee criticises UK’s slow efforts to scale up climate action

The Climate Change Committee (“CCC”) is an independent statutory body established under the UK Climate Change Act 2008 to advise the UK and devolved Governments on emissions targets, to report on progress and to prepare for the impacts of climate change. On June 28, 2023, the CCC issued its statutory progress report providing an overview of the Government’s progress to date in reducing emissions. The report includes criticism of the Government’s progress as slow and notes that the CCC’s confidence in the UK’s 2030 target has markedly declined since 2022.

3. CMA’s enforcement powers to combat greenwashing under the UK Digital Markets, Competition and Consumers Bill

The UK Digital Markets, Competition and Consumers Bill was introduced to Parliament on April 25, 2023. It is presently in the Committee Stage with Committee debates having taken place through the month of June 2023. If adopted in its current form, it will give the UK Competition Markets Authority (“CMA”) the power to, without a court process, impose directions or fines for the breach of consumer law protections which could extend to greenwashing.

4. FRC publishes report on influence of proxy voting advisors and ESG rating agencies and HMT consultation on regulation of ESG ratings providers ends

On June 15, 2023, the Financial Reporting Council (“FRC”) published its report commissioned to look into the influence of proxy voting advisors and ESG rating agencies on actions and reporting by FTSE350 companies and investor voting decisions. This report was published during a period when His Majesty’s Treasury had been consulting on a proposed regulatory regime for ESG ratings providers, which consultation period ended on June 30, 2023.

5. Consultation on UK non-financial reporting requirements

On June 8, 2023, the UK Department of Business and Trade (“DBT”) and the FRC opened consultation in relation to a review of the non-financial reporting requirements UK companies need to comply with in their annual report filings and to meet requirements broader than the UK Companies Act (e.g. gender pay gap and modern slavery reporting). The review will also consider if certain matters remain fit for purpose, such as the current company size thresholds that determine certain non-financial reporting requirements, and the preparation and filing of accounts with Companies House. The consultation closes on August 16, 2023.

III. Europe

1. New Sustainable Finance Package published and crackdown on ESG rating providers

Our May 2023 Update included an update on the impending publication of the EU sustainable finance package as part of the EU’s long-term vision to make Europe climate-neutral by 2050. On June 13, 2023, the European Commission published the new sustainable finance package with a view to encouraging private funding of transition projects and technologies and facilitating sustainable investments. The European Commission has added additional activities to the EU Taxonomy and, to mitigate the risk of greenwashing, proposed new rules for ESG rating providers to improve integrity, reliability and transparency in the sustainable investments market. If the rules are approved, ESG rating providers offering ratings in the EU will be required to seek prior authorisation from the European Securities and Markets Authority and to divest from conflicting activities (e.g. offering insurance to businesses that they rate).

2. European Commission consults on the first set of European Sustainability Reporting Standards

On June 9, 2023, the European Commission proposed for consultation the first set of European Sustainability Reporting Standards (“ESRS”) under the Corporate Sustainability Reporting Directive (“CSRD”). This consultation closes on July 7, 2023. The ESRS will apply from January 1, 2024 (for financial years beginning on or after January 1, 2024). The first set of ESRS are sector-agnostic, with sector-specific standards to be adopted by June 2024.

3. European Parliament adopts position on Corporate Sustainability Due Diligence Directive

On June 1, 2023, the European Parliament adopted its position on the proposal for a directive on Corporate Sustainability Due Diligence and amending Directive (“CSDDD”). In April 2023, the European Parliament’s committee on legal affairs adopted a draft report setting out a suite of amendments to the CSDDD as proposed by the European Commission, which the European Parliament has now adopted. Inter-institutional negotiations between the European Commission, the European Parliament and EU Member States on the CSDDD will now commence. Following formal adoption of the CSDDD, EU Member States will have two years to implement it into national legislation. The subject matter relates to rules to integrate (prevent, identify and mitigate) human rights and environmental impact into companies’ governance and along their value chain, including pollution, environmental degradation and biodiversity loss.

4. EU Deforestation Regulation enters into force

Our May 2023 Update included an update on the adoption by the European Parliament of the final text of the EU Regulation aimed at tackling deforestation and forest degradation (the “EU Deforestation Regulation”). The EU Deforestation Regulation entered into force on June 29, 2023. Please refer to our earlier update in relation to the scope, purpose and applicability.

IV. United States

1. SEC delays climate change disclosure rulemaking once again

On June 13, 2023, in its updated rulemaking agenda for Spring 2023, the U.S. Securities and Exchange Commission (“SEC”) indicated a goal of October 2023 for the adoption of proposed climate change rules. Although the “Reg Flex” agenda is not binding and target dates frequently are missed or further delayed, the Spring agenda indicates that these remain a near-term priority for the SEC. If adopted, the proposed rules will require a registrant to provide information regarding: (a) climate-related risks that are reasonably likely to have a material impact on its business, results of operations or financial condition; (b) greenhouse gas emissions; and (c) certain climate-related financial metrics in its audited financial statements.

2. PCAOB proposes an expansive non-compliance standard

On June 6, 2023, the Public Company Accounting Oversight Board (“PCAOB”) proposed for public comment a draft auditing standard, A Company’s Noncompliance with Laws and Regulations, PCAOB Release 2023-003, that could significantly expand the scope of audits and potentially alter the relationship between auditors and their SEC-registered clients. The standard would require auditors to identify all laws and regulations applicable to the company and from that set determine those laws and regulations “with which noncompliance could reasonably have a material effect on the financial statements”; incorporate potential noncompliance into the auditor’s risk assessment; and identify whether noncompliance may have occurred through enhanced procedures and testing. If potential noncompliance is identified, the auditor must perform procedures to understand the nature of the matter and “determine” if noncompliance in fact occurred. This standard would mean, for example, that auditors would need to assess whether any climate change or other ESG-related regulations issued at the federal, state, local, international level could have a material effect on a company’s financial statements and, if so, assess noncompliance. Our client alert on this proposal is available here.

3. North Carolina passes anti-ESG bill

In our May 2023 Update, we provided an update on various U.S. states that remained split on their approach to ESG matters. An anti-ESG bill has become law in North Carolina, after legislators voted to override the Governor’s veto. The legislation bars state entities from considering ESG criteria when making investment and employment decisions.

4. House Appropriations Committee releases FY24 Financial Services and General Government Appropriations Bill prohibiting SEC funding for climate disclosure rules

The House Appropriations Committee released the Financial Services and General Government Bill for the fiscal year 2024 and approved the bill with riders that would prohibit the SEC from spending on various proposals, including the climate disclosure rules. The next step is for the legislation to be introduced in the Senate (where it may face resistance given the Democratic-majority).

5. July rumoured to be “ESG month” and Republican ESG Working Group releases interim report

Plans are rumoured to be afoot for the House Financial Services Committee’s flagship “ESG month,” with a full committee hearing on ESG on July 12 and subcommittee hearings to follow thereafter. The Republican ESG Working Group, which was formed in February 2023, released an interim report highlighting anti-ESG concerns on June 23, 2023.

6. ISS responds to State Treasurers’ letter

On June 29, 2023, the Institutional Shareholder Services Inc. (“ISS”) issued its response to a group of U.S. state treasurers and financial officers to address issues they raised in a letter dated May 15, 2023 to proxy advisory firms, including ISS. The response emphasises that ISS tailors its proxy voting advice, including on ESG, based on a client’s needs and preferences, such that it may offer two different clients opposing recommendations about the same ballot measure. It further notes that many investors believe that incorporating material ESG factors into fundamental investment analysis can be consistent with their duty to manage the long-term financial prospects of their investment portfolios and a growing number of investors consider ESG factors as material to their proxy voting determinations as well. ISS has developed Special Voting Policies, such as a Climate Policy (based on the TCFD), Socially Responsible Investor Policy, Sustainability Policy, among others.

V. APAC

1. Updated ASEAN Taxonomy Version 2 released

On June 9, 2023, the ASEAN Taxonomy Board released the updated ASEAN Taxonomy for Sustainable Finance Version 2. The ASEAN Taxonomy has a multi-tiered approach which allows for different levels of adoption based on the individual member states’ readiness. Version 2 provides the methodology that will be applied in setting the technical screening criteria for the Plus Standard and contains the technical screening criteria for all four environmental objectives for the energy sector, as well as the carbon storage, utilisation and storage enabling sector. Alongside the “Do No Significant Harm” and “Remedial Measures to Transition” criteria, Version 2 also introduces a third essential criteria – “Social Aspects.” Three key social aspects are to be considered as part of the assessment: Respect Human Rights, Prevention of Forced and Child Labour and Impact on People Living Close to Investments.

2. Thailand issues Phase One of its green taxonomy

The Bank of Thailand and Thailand’s Securities and Exchange Commission, together with the Climate Bonds Initiative, published the Thailand Taxonomy Phase One on June 30, 2023. Phase One of the Taxonomy focuses on economic activities relating to the energy and transportation sectors, and may be used as a reference for access to financial tools and services that support transition activities to address climate change. Phase Two of the Thailand Taxonomy will focus on the manufacturing, agriculture, real estate, construction and waste management sectors. The Thailand Taxonomy will employ the traffic light system, which is also employed in the ASEAN Taxonomy.

3. Malaysia rolls out new mandatory sustainability onboarding programme for PLC directors

The Securities Commission of Malaysia and the Malaysian stock exchange, Bursa Malaysia, have rolled out a new mandatory sustainability programme for onboarding directors of public listed companies. The “Mandatory Accreditation Programme (MAP) Part II: Leading for Impact (LIP)” is the second part of Bursa Malaysia’s listing requirements and will take effect on August 1, 2023, requiring first-time directors and directors of listing and transfer applicants to complete the sustainability programme within 18 months from appointment/admission. Existing PLC directors will have up to 24 months to complete the programme.

4. Singapore consults on ESG data and ratings code of conduct, to digitise basic ESG credentials for MSMEs, and to strengthen access to climate transition data

On June 28, 2023, the Monetary Authority of Singapore (“MAS”) launched a public consultation on a voluntary industry governance framework / code of conduct for providers of ESG ratings and ESG data products, which is modelled after the International Organization of Securities Commissions’ recommendations of good practices set out in its global call for action in November 2022. The regime is proposed to be voluntary, where providers would ratify the code of conduct and explain why they are unable to comply. The consultation closes on August 22, 2023. MAS is also seeking feedback on its proposed criteria for the early phase-out of coal-fired power plants under its draft green taxonomy (which is to be named the Singapore-Asia Taxonomy). This consultation closes on July 28, 2023. On June 22, 2023, MAS, the United Nations Development Programme and the Global Legal Entity Identifier Foundation executed a statement of intent for “Project Savannah,” to develop digital ESG credentials for micro, small and medium-sized enterprises (MSMEs). On June 27, 2023, MAS, the Secretariat of the Climate Data Steering Committee and Singapore Exchange executed a memorandum of understanding to strengthen access by stakeholders to key climate transition-related data.

5. UAE Independent Climate Change Accelerators launches UAE Carbon Alliance

The UAE Independent Climate Change Accelerators (“UICCA”) has launched the UAE Carbon Alliance, a new coalition to advance the development and scaling of a carbon market ecosystem in the UAE and to facilitate the transition to a green economy in line with the UAE’s Net Zero by 2050 Strategic Initiative. Founding members of the UAE Carbon Alliance include the UICCA, AirCarbon Exchange, First Abu Dhabi Bank, Mubadala Investment Company, TAQA, and Masdar.

Please let us know if there are other topics that you would be interested in seeing covered in future editions of the monthly update.

Warmest regards,

Susy Bullock
Elizabeth Ising
Perlette M. Jura
Ronald Kirk
Michael K. Murphy
Selina S. Sagayam

Environmental, Social and Governance Practice Group Leaders, Gibson, Dunn & Crutcher LLP

The following Gibson Dunn lawyers prepared this client update: Mitasha Chandok, Grace Chong, Elizabeth Ising, Patricia Tan Openshaw, Selina Sagayam, and David Woodcock.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Environmental, Social and Governance practice group:

Environmental, Social and Governance (ESG) Group:
Susy Bullock – London (+44 (0) 20 7071 4283, sbullock@gibsondunn.com)
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
Perlette M. Jura – Los Angeles (+1 213-229-7121, pjura@gibsondunn.com)
Ronald Kirk – Dallas (+1 214-698-3295, rkirk@gibsondunn.com)
Michael K. Murphy – Washington, D.C. (+1 202-955-8238, mmurphy@gibsondunn.com)
Patricia Tan Openshaw – Hong Kong (+852 2214-3868, popenshaw@gibsondunn.com)
Selina S. Sagayam – London (+44 (0) 20 7071 4263, ssagayam@gibsondunn.com)
David Woodcock – Dallas (+1 214-698-3211, dwoodcock@gibsondunn.com)

Gibson Dunn’s summary of director education opportunities has been updated as of July 2023. A copy is available at this link. Boards of Directors of public and private companies find this a useful resource as they look for high quality education opportunities.

This quarter’s update includes a number of new opportunities as well as updates to the programs offered by organizations that have been included in our prior updates. Some of the new opportunities include unique events for members of private boards.

Read More

The following Gibson Dunn attorneys assisted in preparing this update: Hillary Holmes, Lori Zyskowski, Ronald Mueller, and Elizabeth Ising, with assistance from Mason Gauch and To Nhu Huynh from the firm’s Houston office.

On June 30, 2023, the New York City Department of Consumer and Worker Protection (the “DCWP”) released Frequently Asked Questions (“FAQ”)[1] regarding New York City’s Local Law 144,[2] which went into effect on July 5, 2023.

Local Law 144 restricts employers and employment agencies from using an automated employment decision tool (“AEDT”) in hiring and promotion decisions unless it has been subject to an annual bias audit conducted by an “independent auditor.” The law also imposes posting and notice requirements to New York City applicants and employees subject to the use of AEDTs. The FAQs provide insight into how the DCWP will approach enforcing Local Law 144, including its penalty schedule, which imposes penalties ranging from $375 to $1500 for each violation of the bias audit, notice, and posting requirements.[3]

As summarized at a high-level below, the FAQs provide some helpful guidance for covered employers but questions remain regarding the law’s scope and audit requirements.

1. NYC Office Location Is Key.

The FAQs clarify that Local Law 144 only applies to employers with a physical office in New York City that use an AEDT for (i) jobs located in New York City, at least part-time or (ii) for remote positions, if the location “associated with [such remote position]” is an office in New York City.

2. Covered Employment Decisions Need Not Be Final.

The DCWP previously emphasized during May 2023 roundtable events that Local Law 144 covers employment decisions “at any point in the process.” Otherwise stated, the analysis of whether Local Law 144 applies is not limited to the ultimate employment decision.[4]

The FAQs echo this position and emphasize that the law defines “employment decisions” to include screening for hire or promotion. However, the FAQs also make clear that conducting outreach or sending invitations to potential job or promotion candidates falls outside the scope of the law.

3. Compliance Responsibility Rests With Employers, Not Vendors.

The FAQs state that a vendor of an AEDT is not responsible for conducting a bias audit of its tool. Instead, in the DCWP’s view, covered employers and employment agencies are responsible for complying with Local Law 144’s bias audit requirements.

4. Demographic Information May Not Be Inferred.

The FAQs expressly state that employers and employment agencies may not infer or impute data about an applicant’s demographic information. This differs from other areas of law, such as the EEO-1 Component 1 Report, which permits observer identification to be used to determine an employee’s race or ethnicity.[5]

Accordingly, bias audits may only be conducted using historical or test data, and cannot be run on demographic information inferred by an algorithm or otherwise.

5. No Set Threshold For Statistical Significance.

The DCWP has chosen not to set a specific standard for determining statistical significance, thereby leaving the determination to the independent auditor. If test data is used in lieu of historical data because the auditor determined that the historical data was not statistically significant, the public summary of the bias audit results must explain this decision.

6. No Specific Test Data Requirements.

The DCWP previously stated that Local Law 144’s bias audit requirement provides flexibility regarding what data is used and who (e.g., the vendor or employer) may provide data to the independent auditor.[6] The FAQs likewise provide that the DCWP has not set requirements for test data to allow for the “development of best practices in this rapidly developing field.”

Notwithstanding this apparent flexibility and flux, the FAQs state that the summary of the bias audit must include the source of the data and an explanation of the data used. For example, if the test data is limited to a specific region or time period, the public summary is expected to explain why and/or how.

7. Bias Audit Need Not Be Position Specific.

Employers that hire for an array of different positions may rely on a bias audit that is based on the historical data of multiple employers if it is either (a) their first time using the AEDT or (b) they provide historical data from their use of the AEDT to the independent auditor. To that end, the FAQs state that there is no requirement that the employers providing historical data for a bias audit use the AEDT to hire or promote for the same type of position. The FAQs therefore suggest that the data used for the bias audit can be aggregated from an assortment of different positions—though whether doing so may be accurate or prudent will vary case-by-case.

8. Notice Need Not Be Position Specific.

The notice posted in the employment section of an employer’s website for job applicants or in a written policy or procedure for candidates for promotion need not be position specific. The FAQs therefore appear to indicate that a notice’s description of the job qualifications and characteristics assessed by the AEDT may be categorical.

9. Discrimination Claims Will Be Referred To The City Commission On Human Rights.

The FAQs state that any claims of discrimination involving AEDTs that are sent to the DCWP will be automatically referred to the New York City Commission on Human Rights. The DCWP will enforce only Local Law 144’s prohibition on the use of AEDTs without a bias audit and the required notice and posting.

10. Numerous Questions And Ambiguities Remain.

Despite committing to address many unanswered questions raised during the DCWP’s roundtable events, the FAQs leave a number of open questions.

For example, there is still no clarification regarding the statute’s ill-fitting definition of an employment agency.[7] The final rules implementing Local Law 144 defined an “employment agency” as “all persons who, for a fee, render vocational guidance or counseling services, and who directly or indirectly represent” that they perform one of the enumerated functions such as arranging interviews or having knowledge of job openings or positions that cannot be obtained from other sources with a reasonable effort.[8] Since Local Law 144 is limited to applicants who have applied for a position (and not potential applicants), it is unclear how a definition focused on employment agencies attracting or assisting prospective applicants will be reconciled with the apparently narrower scope of the law.

The FAQs state that test data can be used to conduct a bias audit if demographic data is not available or collected, but it remains unclear whether covered employers could (let alone must) artificially create test data to conduct a bias audit, especially since the FAQs state that demographic data should not be inferred.

Finally, the FAQs state that a remote position “associated” with a New York City office is within the scope of the law, but the DCWP does not clarify or explain how a remote position may be “associated” with a New York City office. For example, it remains unclear if an “association” will be found if a remote employee reports to a manager in New York City, must occasionally come into the New York City office, or if their paycheck is issued from the employer’s New York City office.

Conclusion

To date, New York City’s Local Law 144 is the most expansive effort in the United States to attempt to regulate the use of automated decision tools in employment. Its impact will undoubtedly be closely watched (and scrutinized) by legal commentators and other states and cities. In the wake of the law’s passage and throughout the subsequent rulemaking process, employers in New York City have been grappling with various questions about the law’s scope and requirements. The FAQs are helpful in answering some of these questions. But many remain. As such, effective July 5, employers are faced with the unsettling prospect of attempting to comply with Local Law 144 without clear and comprehensive guidance.

______________________________

[1] DCWP, Automated Employment Decision Tools: Frequently Asked Questions (June 2023), https://www.nyc.gov/assets/dca/downloads/pdf/about/DCWP-AEDT-FAQ.pdf.

[2] NYC Int 1894-2020, Local Law 144 (enacted December 11, 2021), https://legistar.council.nyc.gov/LegislationDetail.aspx?ID=4344524&GUID=B051915D-A9AC-451E-81F8-6596032FA3F9.

[3] RCNY, tit. 6, ch. 6, § 6-81, Automated Employment Decision Tools Penalty Schedule (effective Aug. 5, 2022), https://codelibrary.amlegal.com/codes/newyorkcity/latest/NYCrules/0-0-0-134007.

[4] DCWP, Local Law 144 of 2021 Automated Employment Decision Tool Roundtable with Business Advocates/Employers (May 2023), https://www.nyc.gov/assets/dca/downloads/pdf/about/DCWP-AEDT-Educational-Roundtable-with-Business-Advocates-Employers.pdf.

[5] U.S. EEOC, 2021 EEO-1 Component 1 Frequently Asked Questions (FAQs), https://www.eeocdata.org/pdfs/2021_EEO_1_Component_1_FAQs.pdf.

[6] Id.

[7] See Harris Mufson, Danielle Moss, and Emily Lamm, 10 Ways NYC AI Discrimination Rules May Affect Employers, Law360 (Apr. 19, 2023) (discussing the definition of “employment agency” under the final rules implementing Local Law 144).

[8] DCWP, Notice of Adoption of Final Rule, https://rules.cityofnewyork.us/wp-content/uploads/2023/04/DCWP-NOA-for-Use-of-Automated-Employment-Decisionmaking-Tools-2.pdf.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Harris Mufson, Danielle Moss, and Emily Lamm.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and partners:

Harris M. Mufson – New York (+1 212-351-3805, hmufson@gibsondunn.com)

Danielle J. Moss – New York (+1 212-351-6338, dmoss@gibsondunn.com)

Emily M. Lamm – Washington, D.C. (+1 202-955-8255, elamm@gibsondunn.com)

Jason C. Schwartz – Co-Chair, Labor & Employment Group, Washington, D.C.
(+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Co-Chair, Labor & Employment Group, Los Angeles
(+1 213-229-7107, ksmith@gibsondunn.com)

This edition of Gibson Dunn’s Federal Circuit Update summarizes the current status of several petitions pending before the Supreme Court, provides an update on a proceeding by the Judicial Council of the Federal Circuit, and summarizes recent Federal Circuit decisions concerning secondary considerations, inventorship, inherency, and enablement.

Federal Circuit News

Noteworthy Petitions for a Writ of Certiorari:

A new potentially impactful petition was filed before the Supreme Court in June 2023:

Killian v. Vidal (US No. 22-1220): The petition raises the questions (1) whether the Federal Circuit’s “departures of the Supreme Court’s Alice/Mayo jurisprudence . . . enabled the USPTO to violate the” Administrative Procedure Act (“APA”) and the Due Process Clause of the Fifth Amendment; and (2) whether the exceptions created by Article III courts to 35 U.S.C. § 101 exceeds the courts’ constitutional authority.

As we summarized in our May 2023 update, there are several other petitions pending before the Supreme Court. We provide an update below:

In CareDx Inc. v. Natera, Inc. (US No. 22-1066), after the respondents waived their right to file a response, retired Federal Circuit Judge Paul R. Michel and Professor John F. Duffy filed an amici curiae brief in support of Petitioners. The Court thereafter requested a response, which is now due on July 31, 2023.

The Court denied the petitions in Nike, Inc. v. Adidas AG (US No. 22-927) and NST Global, LLC v. Sig Sauer Inc. (US No. 22-1001). A response has been filed in Ingenio, Inc. v. Click-to-Call Technologies, LP (US No. 22-873).

Noteworthy Federal Circuit En Banc Petitions:

On June 30, 2023, the Federal Circuit granted the en banc petition filed in LKQ Corp. v. GM Global Technology Operations LLC, No. 21-2348 (Fed. Cir. June 30, 2023). The Court requested that the parties file new briefs to address questions related to the obviousness inquiry for design patents.

Other Federal Circuit News:

Release of Materials in Ongoing Judicial Investigation. As we summarized in our May 2023 update, there is an ongoing proceeding by the Judicial Council of the Federal Circuit under the Judicial Conduct and Disability Act and the implementing Rules involving Judge Pauline Newman. Last month, the Court approved and released public versions of all prior orders of the Special Committee and the Judicial Council, as well as Judge Newman’s letter responses to date. On June 20, 2023, the Court released additional materials in the ongoing investigation. The orders may be accessed here.

Upcoming Oral Argument Calendar

The list of upcoming arguments at the Federal Circuit is available on the court’s website.

Key Case Summaries (June 2023)

Yita LLC v. MacNeil IP LLC, No. 22-1383 (Fed. Cir. June 6, 2023): The Patent Trial and Appeal Board (“Board”) determined as part of an inter partes review (“IPR”) that the challenged claims of one of MacNeil’s patents directed to constructing a vehicle floor tray based on digital scans would not have been obvious. Despite determining that the claims would have been obvious over the asserted prior art, the Board found MacNeil’s evidence of secondary considerations “compelling” enough to overcome this determination of obviousness.

The Federal Circuit (Taranto, J., joined by Chen and Stoll, JJ.) reversed. The Court stated that under the Court’s precedent, objective evidence of nonobviousness lacks a nexus to the claimed invention if the evidence exclusively relates to a “known” feature in the prior art. The Court held that the Board therefore erred in concluding that because the feature was not “well known” in the prior art, that MacNeil’s secondary considerations evidence was sufficient to overcome its prior art based obviousness determination.

Blue Gentian, LLC v. Tristar Products, Inc., Nos. 21-2316, 21-2317 (Fed. Cir. June 9, 2023): Blue Gentian sued Tristar for infringement of its patents generally related to an expandable hose. Tristar counterclaimed that each of the asserted patents were invalid for failing to name a co-inventor, Gary Ragner. The district court agreed and concluded that Mr. Ragner contributed three key features of the invention and should have been named an inventor on the patents.

The Federal Circuit (Prost, J., joined by Chen and Stark, JJ.) affirmed. The Court first rejected Blue Gentian’s argument that the district court erred by not engaging in claim construction, holding that there must be a material dispute about claim scope to require claim construction prior to an inventorship determination. Here, Blue Gentian failed to identify “a dispute about claim scope that was material, or even related to, inventorship.” Additionally, because the patent owner argued during prosecution that the three key features at issue distinguished the invention over the prior art, the Court held that it follows that these features are not insignificant in quality and amounted to a significant contribution to conception that met the requirements needed to be considered a joint inventor.

Parus Holdings, Inc., v. Google LLC, Nos. 2022-1269, 2022-1270 (Fed. Cir. June 12, 2023): Google filed an IPR petition concerning Parus’s patents directed to an interactive voice system that allowed a user to request information from a voice web browser. Google asserted that certain claims of these patents would have been obvious over a number of prior art references, including Kovatch. Parus argued that Kovatch did not qualify as prior art because the claimed inventions were conceived of and reduced to practice before the earliest possible priority date for Kovatch. In support of its arguments, Parus submitted over 1,400 pages of material, but only cited small portions of that material in its briefs without meaningful explanation. The Board declined to consider these arguments because Parus failed to comply with 37 C.F.R. § 42.6(a)(3), which prohibits incorporation by reference.

The Federal Circuit (Lourie, J., joined by Bryson and Reyna, JJ.) affirmed. The Court held that the Board did not violate the APA. The Board had determined that Parus failed to cite to the relevant record evidence with specificity and explain the significance of the produced materials in its briefing, and incorporated its arguments by reference in violation of 37 C.F.R. § 42.6(a)(3), and thus, the Court determined that the Board’s disregard of Parus’s arguments cannot be an abuse of discretion.

In re Couvaras, No. 22-1489 (Fed. Cir. June 14, 2023): The pending claims of the patent application at issue are directed to a method of increasing prostacyclin release to improve vasodilation, which decreases blood pressure. The increased prostacyclin is achieved by co-administering two well-known antihypertensive agents. The examiner finally rejected the claims finding that the claimed results of the compounds’ administration naturally flowed from administration of the known antihypertensive agents. Couvaras then appealed to the Board. The Board agreed with the examiner and found that the increase in prostacyclin release was “inherent in the obvious administration of the two known antihypertension agents.”

The Federal Circuit (Lourie, J., joined by Dyk and Stoll, JJ.) affirmed. Courvaras argued that even if the recited mechanism of action (the increased release of prostacyclin) was inherent, the Board erred in dismissing it as having no patentable weight, because the mechanism was unexpected. The Court rejected this argument holding that “[r]eciting the mechanism for known compounds to yield a known result cannot overcome a prima facie case of obviousness, even if the nature of that mechanism is unexpected.”

Medytox v. Galderma, No. 22-1165 (Fed. Cir. June 27, 2023): Galderma filed a post-grant petition of Medytox’s patent directed to a method for treating frown lines using an animal-protein-free botulinum toxin composition, which allegedly displayed an increased sustained effect compared to BOTOX^®. Medytox filed a motion to amend seeking to cancel the challenged claims and file substitute claims. In a final written decision, the Board found in part that the substitute claims were unpatentable for lack of enablement, because the specification only disclosed three responder rates: 52%, 61%, and 62%, and a skilled artisan would not have been able to achieve higher responder rates included in the claimed ranges without undue experimentation.

The Federal Circuit (Reyna, J., joined by Dyk and Stark, JJ.) affirmed. Citing the Supreme Court’s recent opinion in Amgen Inc. v. Sanofi, 143 S. Ct. 1243 (2023), the Federal Circuit determined that the Board did not err in concluding that the substitute claims were not enabled because a skilled artisan would not have been able to achieve responder rates higher than the limited examples disclosed in the specification.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit. Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this update:

Blaine H. Evanson – Orange County (+1 949-451-3805, bevanson@gibsondunn.com)
Audrey Yang – Dallas (+1 214-698-3215, ayang@gibsondunn.com)

Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups:

Appellate and Constitutional Law Group:
Thomas H. Dupree Jr. – Washington, D.C. (+1 202-955-8547, tdupree@gibsondunn.com)
Allyson N. Ho – Dallas (+1 214-698-3233, aho@gibsondunn.com)
Julian W. Poon – Los Angeles (+ 213-229-7758, jpoon@gibsondunn.com)

Intellectual Property Group:
Kate Dominguez – New York (+1 212-351-2338, kdominguez@gibsondunn.com)
Y. Ernest Hsin – San Francisco (+1 415-393-8224, ehsin@gibsondunn.com)
Josh Krevitt – New York (+1 212-351-4000, jkrevitt@gibsondunn.com)
Jane M. Love, Ph.D. – New York (+1 212-351-3922, jlove@gibsondunn.com)

On June 30, 2023, Sacramento Superior Court Judge James Arguelles held that the California Privacy Protection Agency (CPPA) cannot enforce its regulations issued on March 29, 2023, until March 29, 2024—about nine months later than the date the California Privacy Rights Act (CPRA) permitted enforcement of any provisions added or amended by the law.[1] This development provides helpful breathing room for businesses seeking to comply. It is important to note that this reprieve only exists for the new regulations issued under the CPRA on March 29, 2023, not all aspects of the CPRA, as explained below.

Delay Begets Delay

The saga of the CCPA, which ultimately led to the California privacy regulations saga, began in 2017. An advocacy group, Californians for Consumer Privacy, began collecting signatures and by 2018, was in position to successfully submit a ballot initiative for consideration by California voters in the November 2018 election titled the “California Consumer Privacy Act,” or CCPA. State legislators negotiated a compromise with key stakeholders, including Californians for Consumer Privacy, and enacted a last-minute compromise draft through the legislative process in exchange for pulling the initiative off of the November 2018 ballot.[2] The state legislature passed the California Consumer Privacy Act (CCPA) as AB 375 and it was signed into law on June 28, 2018, with provisions becoming operative January 1, 2020.

After the passage of the CCPA, but even before it came into effect, Californians for Consumer Privacy remained dissatisfied with the state of California privacy law and began a second ballot initiative, the California Privacy Rights Act (CPRA). Voters approved the initiative (Proposition 24) in November 2020. The CPRA amended the CCPA by, among other things, adding additional consumer rights, including the right to correct inaccurate personal information, the right to opt out of certain “sharing” of data (rather than just the right to opt out of “sale” of data), and the right to limit the use and disclosure of sensitive personal information.

The CPRA also created the California Privacy Protection Agency (CPPA) and charged it with promulgating final regulations under the law and, along with the Attorney General, enforcing the law and those regulations. The CPRA specified that “[t]he timeline for adopting final regulations required by the act … shall be July 1, 2022” and “[n]otwithstanding any other law, civil and administrative enforcement … shall not commence until July 1, 2023[.]”[3]

The CPPA, however, failed to finalize regulations by July 1, 2022, and businesses seeking to comply with the new requirements were left to wonder about both the ultimate content of the regulations and their potential enforcement exposure and liability. On March 29, 2023, nine months after the deadline, the CPPA issued final regulations relating to twelve of the fifteen topics contemplated by the CPRA—leaving businesses just three months to comply. Today, there are still no regulations concerning three key elements of the CPRA, that the CPPA is tasked with tackling, namely cybersecurity audits, risk assessments, and automated decision-making technology.[4] Further, the CPPA has publicly discussed other specific topics of consideration that it intends to address (on a much longer timeline), including employment-related data issues, and social media API access. The CPPA has not indicated a clear timeline to promulgate regulations or enforce the law in any of the remaining areas, despite consideration that certain of them are more difficult than others, and undergoing a diligence process.[5]

The Chamber of Commerce’s Lawsuit

The California Chamber of Commerce sued, seeking a delay of the CPRA for a period of one year after all required regulations were issued.[6]

Following a hearing on June 30, 2023, the California Superior Court, Sacramento County issued a Minute Order considering this request, applying rules of statutory interpretation to determine the voters’ intent in passing the CPRA and the appropriate resultant timeline for enforcement.[7] The court held that “the plain language of the statute indicates the [CPPA] was required to have final regulations in place by July 1, 2022” and “the [CPPA] should be prohibited from enforcing the Act on July 1, 2023 when it failed to pass final regulations by the July 1, 2022 deadline.”[8] “The very inclusion of [the timeline prescribed by subdivision (d)] indicates the voters intended there to be a gap between the passing of final regulations and enforcement of those regulations.”[9] The court also disagreed with the CPPA’s argument that the delayed regulations did not prejudice businesses seeking to comply with the law.[10]

Yet the court did not agree that enforcement of the entire regulatory scheme should be delayed. “[T]he Court agrees with the [CPPA] that delaying the [CPPA]’s ability to enforce any violation of the Act for 12 months after the last regulation in a single area has been implemented would likewise thwart the voters’ intent to protect the privacy of Californians as contemplated by Proposition 24.”[11]

The court struck a balance between the Chamber’s and the CPPA’s arguments, allowing enforcement of the regulations on a piecemeal basis, one year after they are finalized: “the Court hereby stays the Agency’s enforcement of any Agency regulation implemented pursuant to Subdivision (d) for 12 months after that individual regulation is implemented.”[12] “By way of example, if an Agency regulation passes regarding Section 1798.185 subdivision (a), subsection (16) (requiring the Agency issue regulations governing automated decision-making technology) on October 1, 2023, the Agency will be prohibited from enforcing a violation of said regulation until October 1, 2024. The Agency may begin enforcing those regulations that became final on March 29, 2023 on March 29, 2024.”[13]

The order is good news for businesses subject to the law, which will have an extra nine months to comply with the CPRA regulations that were finalized on March 29, 2023. The order also provides a clear timeline for enforcement of forthcoming CPRA regulations, including in the three areas mentioned above. The CPRA is only permitted to enforce these new regulations twelve months after they have been finalized by the Office of Administrative Law.

Other California Privacy Regulations—and the Underlying Laws—Are in Force

It is important to note that the court’s ruling focuses regulations promulgated under the CPRA. To the extent the statutory basis for existing CCPA regulations remained unchanged by the CPRA, those regulations may continue to be enforced. In addition, to the extent the CPPA intends to bring enforcement actions for a business’s failure to comply with requirements set out in the CPRA’s statutory text, itself, the court’s ruling is not likely to prevent it from doing so. But enforcement may be muddied by questions as to whether any compliance failures are the result of actual non-compliance or whether they were caused by a good-faith misunderstanding based on lack of insights from the regulations. In any case, the CPPA remains able to bring enforcement actions for failure to comply with provisions of the CCPA that were left unamended when the CPRA was enacted.

Viewed through that lens, though the ruling provides relief for businesses rushing to comply with the delayed CPRA regulations, the impact of the court’s ruling may be considered somewhat limited: only enforcement of the March 29, 2023 regulations are delayed until March 29, 2024 (and enforcement of any forthcoming regulations will begin one year after they are finalized). Enforceable regulations concern a host of topics relating to the seven core consumer rights under the CCPA and related topics.[14]

The CPPA May Continue the Fight

The CPPA may appeal the Superior Court order. The default California rules provide an automatic stay of trial court proceedings and of enforcement of the Superior Court’s order.[15] This means that the Superior Court’s order to delay the enforcement of the CPRA regulations could be put on pause. If that happens, the CPPA’s regulations could be enforceable, pending the CPPA’s appeal. If appealed, the Chamber could seek to maintain the status quo of the Superior Court’s order, allowing the delay of enforcement of the CPRA regulations to continue. In assessing such a request, the Court of Appeal would balance hardships and benefits, likely weighing the public’s and state’s interests in earlier enforcement of privacy regulations against the interests of businesses in having the time that voters’ prescribed to comply with the law.[16]

The CPPA Will Speak

The CPPA has scheduled a public meeting for July 14, 2023. The proposed agenda confirms that the CPPA Board will publicly discuss key updates, including enforcement. In addition, “the Board will meet in closed session to confer and receive advice from legal counsel regarding” the Chamber lawsuit.[17] We will continue to monitor the development of the CPPA, CCPA, CPRA, and other notable state privacy laws and regulations.

__________________________

[1] California Chamber Of Commerce vs. California Privacy Protection Agency (June 30, 2023) 34-2023-80004106-CU-WM-GDS (J. Arguelles order); Cal. Civ. Code § 1798.185, subd. (d) (“Notwithstanding any other law, civil and administrative enforcement of the provisions of law added or amended by this act shall not commence until July 1, 2023, and shall only apply to violations occurring on or after that date.”).

[2] The California legislature generally cannot repeal voter initiatives, once passed. These compromises are a common way for the legislature to refine voter initiatives. California Constitution, Article II, Section 10 (c); California Election Code, Section 9034.

[3] Cal. Civ. Code § 1798.185, subd. (d).

[4] Id. § 1798.185, subd. (a).

[5] The CPPA has invited and received pre-rulemaking comments on the three remaining topics. California Privacy Protection Agency, Preliminary Rulemaking Activities on Cybersecurity Audits, Risk Assessments, and Automated Decisionmaking (Feb. 10, 2023), available at https://cppa.ca.gov/regulations/pre_rulemaking_activities_pr_02-2023.html

[6] California Chamber of Commerce vs. California Privacy Protection Agency (March 30, 2023) 34-2023-80004106-CU-WM-GDS (complaint).

[7] Order at 3-5.

[8] Id. at 4.

[9] Id.

[10] Id. at 5.

[11] Id. at 4-5.

[12] Id.

[13] Id.

[14] For additional reading concerning the scope of the enforceable regulations, please review our Privacy, Cybersecurity and Data Innovation Practice Group’s publications.

[15] Cal. Cod Civ. Proc. § 916. The Superior Court’s order proceeded on the Chamber’s petition for writ of mandate (dismissing other causes of action for declaratory and injunctive relief as moot). Order at 5. In traditional mandamus, perfecting appeal automatically stays effect of the writ. Johnston v. Jones (1925) 74 Cal.App. 272; Cal. Code Civ. Proc. § 1094.5.

[16] See Building Code Action v. Energy Resources Conservation & Dev. Com. (1979) 88 Cal.App.3d 913, 922.

[17] California Privacy Protection Agency Board, Meeting Notice and Agenda (June, 30, 2023), available at https://www.cppa.ca.gov/meetings/agendas/20230714.pdf.

The following Gibson Dunn lawyers assisted in preparing this alert: Cassandra Gaedt-Sheckter, Jane Horvath, Vivek Mohan, Eric Vandevelde, Benjamin Wagner, Christopher Rosina, and Tony Bedel.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any member of the firm’s Privacy, Cybersecurity & Data Innovation practice group:

United States
S. Ashlie Beringer – Co-Chair, PCDI Practice, Palo Alto (+1 650-849-5327, aberinger@gibsondunn.com)
Jane C. Horvath – Co-Chair, PCDI Practice, Washington, D.C. (+1 202-955-8505, jhorvath@gibsondunn.com)
Alexander H. Southwell – Co-Chair, PCDI Practice, New York (+1 212-351-3981, asouthwell@gibsondunn.com)
Matthew Benjamin – New York (+1 212-351-4079, mbenjamin@gibsondunn.com)
Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202-887-3786, dburns@gibsondunn.com)
Gustav W. Eyler – Washington, D.C. (+1 202-955-8610, geyler@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650-849-5203, cgaedt-sheckter@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202-955-8657, sgans@gibsondunn.com)
Lauren R. Goldman – New York (+1 212-351-2375, lgoldman@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202-955-8510, shandler@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213-229-7269, nhanna@gibsondunn.com)
Howard S. Hogan – Washington, D.C. (+1 202-887-3640, hhogan@gibsondunn.com)
Kristin A. Linsley – San Francisco (+1 415-393-8395, klinsley@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650-849-5345, vmohan@gibsondunn.com)
Karl G. Nelson – Dallas (+1 214-698-3203, knelson@gibsondunn.com)
Rosemarie T. Ring – San Francisco (+1 415-393-8247, rring@gibsondunn.com)
Ashley Rogers – Dallas (+1 214-698-3316, arogers@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com)
Benjamin B. Wagner – Palo Alto (+1 650-849-5395, bwagner@gibsondunn.com)
Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415-393-8333/+1 650-849-5393, mwong@gibsondunn.com)
Debra Wong Yang – Los Angeles (+1 213-229-7472, dwongyang@gibsondunn.com)

Europe
Ahmed Baladi – Co-Chair, PCDI Practice, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com)
Joel Harrison – London (+44(0) 20 7071 4289, jharrison@gibsondunn.com)
Vera Lukic – Paris (+33 (0) 1 56 43 13 00, vlukic@gibsondunn.com)

Asia
Connell O’Neill – Hong Kong (+852 2214 3812, coneill@gibsondunn.com)
Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com)