Insights

On April 6, 2026, the Centers for Medicare & Medicaid Services (CMS) published its final rule governing the Medicare Advantage (Part C) and Prescription Drug Benefit (Part D) programs for Contract Year (CY) 2027. The final rule is effective June 1, 2026, with most provisions applicable to coverage beginning January 1, 2027, and marketing and communications changes taking effect October 1, 2026. Beyond payment, the rule pursues a broad deregulatory agenda aligned with Executive Order 14192, reversing marketing and enrollment safeguards introduced in 2023 and easing documentation and reporting obligations, while introducing new program integrity requirements.

In Danziger et al. v. U.S., No. 25-cv-1241 (Fed. Cl. Apr. 10, 2026) (a Crowell & Moring case), the Court of Federal Claims (COFC) denied the government’s motion to dismiss a complaint seeking breach of contract damages for improper terminations in bad faith and/or abuse of discretion. The case involves hundreds of contractors for the U.S. Agency for International Development (USAID), who were terminated in 2025 in connection with the dismantling of USAID. The government sought to dismiss the case for failure to state a claim, arguing that the complaint failed to sufficiently plead bad faith or abuse of discretion. The court rejected these arguments, noting that the complaint was “replete with allegations implicating bad faith,” and specifically rejected the “peculiar notion” “that governmental misconduct is immunized when a contracting officer acts pursuant to directives from higher-ranking officials.” The court also held that the government’s payment of certain termination costs was no defense to the contractors’ breach claim and confirmed that an improper termination for convenience entitles contractors to termination costs as well as breach damages.

On March 18, 2026, the Antitrust Division (Division) of the U.S. Department of Justice (DOJ) entered into a Non-Prosecution Agreement (“NPA”) with Broadway Across America (“BAA”), resolving a criminal antitrust investigation into agreements between BAA and another entertainment company (“Company A”) that included non-compete restrictions on Company A’s ability to offer potentially competing programming. Notably, the restrictions were contained in a vertical agreement by which BAA presented touring shows at theaters owned by Company A. The announcement is a reminder that the agencies continue to scrutinize non-compete agreements contained in business contracts, and all non-compete provisions, even those included between vertical partners, should be reviewed by antitrust counsel.

In a significant decision for government contractors, on April 15, 2026, in Life Science Logistics, LLC v. United States, the U.S. Court of Appeals for the Federal Circuit held that bid protesters challenging an agency’s override of an automatic stay of contract performance under the Competition in Contracting Act (CICA) need not satisfy the demanding four-factor test traditionally required for preliminary injunctive relief.  In so doing, the Federal Circuit clarified that CICA stay override challenges need only demonstrate that the override decision was arbitrary and capricious—nothing more.

Is evidence that a company tracked return on investment (ROI) for certain actions and expenses sufficient to prove mens rea and plead a violation of the federal Anti-Kickback Statute (AKS) with the requisite particularity? A recent decision in the U.S. District Court for the Southern District of New York (SDNY) suggests that it is.

Meta continues to face lawsuits around the country alleging that its platforms are designed to induce compulsive use by children. In March 2026, a California jury delivered a landmark verdict that Meta and YouTube were liable for allegedly addictive platform features that resulted in a child’s mental health distress.  

In Fortress Iron, LP v. Digger Specialties, Inc., No. 24-2313 (Fed. Cir. Apr. 2, 2026), the U.S. Court of Appeals for the Federal Circuit reaffirmed what happens when a patent incorrectly lists the true inventors, and that error cannot be corrected under 35 U.S.C. § 256(b), which requires notice and a hearing for all “parties concerned.” In Fortress, the patent owner sought judicial correction to add an inventor under § 256(b), but that inventor could not be located. Because the missing inventor qualified as a “concerned” party under the statute, the lack of notice and a hearing for that inventor made correction under § 256(b) impossible, and the patents could not be saved from invalidity.

On Friday, April 10, 2026, the U.S. Department of Justice (DOJ) announced that International Business Machines Corporation (IBM) has agreed to pay just over $17 million to resolve allegations that it violated the False Claims Act (FCA) by failing to comply with federal anti-discrimination requirements incorporated into its federal contracts due to allegedly discriminatory diversity, equity, and inclusion (DEI) employment practices. This resolution marks the first FCA settlement secured by the DOJ under its Civil Rights Fraud Initiative, created in May 2025, and announced by then-Deputy Attorney General Todd Blanche as part of the administration’s coordinated efforts to target allegedly unlawful DEI practices. Per the agreement, the settlement is neither an admission of liability by IBM nor a concession by the United States that its claims are not well founded.

The Federal Risk and Authorization Management Program (FedRAMP) continues to advance its modernization agenda. On April 8, 2026, FedRAMP released RFC-0031, Updated Incident Communications Procedures for public comment. This RFC proposes replacing the current FedRAMP Incident Communications Procedures (ICP) with what FedRAMP calls “a clear set of reporting requirements … established using a modern rules-based format.” 

The UK’s Office of Financial Sanctions Implementation (OFSI) has published details of a £390,000 penalty it imposed on ADI, an Irish subsidiary of Apple Inc., on 19 March 2026. The penalty relates to two payments totalling approximately £635,000 made in 2022 to Okko LLC, a sanctioned Russian app developer, for App Store revenue. Although the underlying facts are relatively simple, there are several interesting takeaways from OFSI’s penalty notice.

On April 13, 2026, President Trump signed the Small Business Innovation and Economic Security Act of 2026 (S. 3971) (the Act), extending the Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) programs through September 30, 2031. The legislation cleared the U.S. Senate on March 3, 2026 and then was passed by the U.S. House of Representatives on March 17, 2026 after a six-month interruption in program authority that halted the issuance of new awards across federal agencies. The programs’ previous authorization expired on September 30, 2025.

In our fifth alert in this EU Pharma Package Series, we provided an analysis of the background and ongoing legal debates regarding the concept of the global marketing authorization (GMA). We discussed in particular the missed opportunities in the Pharma Package to further codify and clarify the GMA, in view of its central role in determining the regulatory data protection (RDP) rights of a medicinal product.

At the European Patent Office (EPO), a recent referral of case T 873/24 from the Technical Board to the Enlarged Board of Appeal may clarify whether last summer’s decision in case G 1/24 on claim interpretation may be extended to the analysis of Added Subject-Matter. Already G 1/24 is impacting the assessment of patentability at the EPO, but should this referral be allowed, G 1/24’s effect on the assessment of added matter could result in a real shake up of the EPO’s notoriously strict assessment of support. Nonetheless, a review of how we got here highlights the value of late arguments during the EPO appeal process.

On April 6, 2026, the Centers for Medicare and Medicaid Services (CMS) circulated the Announcement of Calendar Year (CY) 2027 Medicare Advantage (MA) Capitation Rates and Part C and Part D Payment Policies (the CY 2027 Rate Announcement) to communicate Medicare Advantage (MA) capitation rates and Parts C and D payment policies. The Rate Announcement announces decisions regarding proposals initially published on January 26, 2026, in CMS’s CY 2027 Advance Notice for MA and Part D. The following is a summary of the most significant issues in the Rate Announcement, with further details below: 

On April 7, 2026, six federal agencies (FBI, CISA, NSA, EPA, DOE, and U.S. Cyber Command – Cyber National Mission Force) published a joint advisory warning that Iranian-affiliated threat actors are targeting internet-facing OT devices, particularly PLCs.  In some cases, the threat actors have caused operational disruptions and financial losses at U.S. critical infrastructure organizations by manipulating software files that contain configuration settings as well as showing false data on hardware and software dashboards and displays.

The Federal Trade Commission (FTC) recently released its Strategic Plan for Fiscal Years 2026–2030, setting out the agency’s enforcement priorities and operational objectives for the next five years under Chairman Andrew N. Ferguson. The plan reaffirms the FTC’s commitment to vigorously enforcing the nation’s antitrust and consumer protection laws “without fear or favor.” Critically for businesses, the plan returns the phrase “without unduly burdening legitimate business activity” to the agency’s mission statement, signaling a commitment to ending what the agency characterizes as overregulation of businesses that compete fairly and deal honestly with consumers. Despite this business-friendly framing, the plan signals robust enforcement across consumer protection, antitrust, and emerging technology — areas that will directly affect in-house counsel’s compliance planning over the coming years.

On April 7, 2026, Acting Attorney General Todd Blanche issued a memorandum establishing the National Fraud Enforcement Division (NFED) within the U.S. Department of Justice (DOJ). This new division will be dedicated to the centralized, coordinated investigation and prosecution of fraud against taxpayer dollars and taxpayer-funded programs. AAG Blanche acknowledged that, while DOJ has a “storied history of combatting fraud,” DOJ has “never adopted a comprehensive and coordinated approach to investigating and prosecuting fraud against taxpayer dollars and tax-payer funded programs.” The NFED was created to close that gap with its core mission being to “zealously investigate and prosecute those who steal or fraudulently misuse taxpayer dollars.”

On March 31, 2026, the Executive Office of the President, Office of Management and Budget (OMB), issued Memorandum M-26-10 titled, “Reinforcing Transparency, Accountability, and Oversight of Federal Technology,” (Memorandum) containing a new policy designed to reinforce oversight, transparency, and accountability across federal technology programs, increase accountability for agency chief information officers (CIOs), and enhance information sharing among government agencies.  OMB issued the policy in furtherance of several executive orders (EOs) issued by President Trump, including: EO 13833, “Enhancing the Effectiveness of Agency Chief Information Officers,” EO 14240, “Eliminating Waste and Saving Taxpayer Dollars by Consolidating Procurement,” and EO 14243, “Stopping Waste, Fraud, and Abuse by Eliminating Information Silos.”  

The U.S. Court of Appeals for the Federal Circuit recently decided in Bd. of Trs. of Columbia Univ. v. Gen Digital Inc., No. 2024-1243 (Fed. Cir. 2026) that the district court erred in its denial of judgment as a matter of law as to damages resulting from foreign sales of downloadable software. At Columbia University's request, the jury had been instructed that “Columbia [was] entitled to damages based on sales to customers located outside of the United States if . . . the infringing product sold to those customers was made in or distributed from the United States, even if the infringing product [was] delivered to and used by the customer outside the United States.” The court concluded as a matter of law that the software sold to Gen Digital‘s (Norton) foreign customers was made outside the United States, and therefore the $94 million in foreign sales damages could not stand.

At the International Association of Privacy Professionals’ (IAPP) annual conference March 30-31, 2026, enforcement officials from California, Connecticut, Indiana, and Delaware shared their current and upcoming enforcement priorities under U.S. state consumer privacy laws. This alert summarizes the key themes from the panel and offers practical guidance for companies navigating the evolving enforcement landscape.