Insights

On April 6, 2026, the Centers for Medicare and Medicaid Services (CMS) circulated the Announcement of Calendar Year (CY) 2027 Medicare Advantage (MA) Capitation Rates and Part C and Part D Payment Policies (the CY 2027 Rate Announcement) to communicate Medicare Advantage (MA) capitation rates and Parts C and D payment policies. The Rate Announcement announces decisions regarding proposals initially published on January 26, 2026, in CMS’s CY 2027 Advance Notice for MA and Part D. The following is a summary of the most significant issues in the Rate Announcement, with further details below: 

On April 7, 2026, six federal agencies (FBI, CISA, NSA, EPA, DOE, and U.S. Cyber Command – Cyber National Mission Force) published a joint advisory warning that Iranian-affiliated threat actors are targeting internet-facing OT devices, particularly PLCs.  In some cases, the threat actors have caused operational disruptions and financial losses at U.S. critical infrastructure organizations by manipulating software files that contain configuration settings as well as showing false data on hardware and software dashboards and displays.

The Federal Trade Commission (FTC) recently released its Strategic Plan for Fiscal Years 2026–2030, setting out the agency’s enforcement priorities and operational objectives for the next five years under Chairman Andrew N. Ferguson. The plan reaffirms the FTC’s commitment to vigorously enforcing the nation’s antitrust and consumer protection laws “without fear or favor.” Critically for businesses, the plan returns the phrase “without unduly burdening legitimate business activity” to the agency’s mission statement, signaling a commitment to ending what the agency characterizes as overregulation of businesses that compete fairly and deal honestly with consumers. Despite this business-friendly framing, the plan signals robust enforcement across consumer protection, antitrust, and emerging technology — areas that will directly affect in-house counsel’s compliance planning over the coming years.

On April 7, 2026, Acting Attorney General Todd Blanche issued a memorandum establishing the National Fraud Enforcement Division (NFED) within the U.S. Department of Justice (DOJ). This new division will be dedicated to the centralized, coordinated investigation and prosecution of fraud against taxpayer dollars and taxpayer-funded programs. AAG Blanche acknowledged that, while DOJ has a “storied history of combatting fraud,” DOJ has “never adopted a comprehensive and coordinated approach to investigating and prosecuting fraud against taxpayer dollars and tax-payer funded programs.” The NFED was created to close that gap with its core mission being to “zealously investigate and prosecute those who steal or fraudulently misuse taxpayer dollars.”

On March 31, 2026, the Executive Office of the President, Office of Management and Budget (OMB), issued Memorandum M-26-10 titled, “Reinforcing Transparency, Accountability, and Oversight of Federal Technology,” (Memorandum) containing a new policy designed to reinforce oversight, transparency, and accountability across federal technology programs, increase accountability for agency chief information officers (CIOs), and enhance information sharing among government agencies.  OMB issued the policy in furtherance of several executive orders (EOs) issued by President Trump, including: EO 13833, “Enhancing the Effectiveness of Agency Chief Information Officers,” EO 14240, “Eliminating Waste and Saving Taxpayer Dollars by Consolidating Procurement,” and EO 14243, “Stopping Waste, Fraud, and Abuse by Eliminating Information Silos.”  

The U.S. Court of Appeals for the Federal Circuit recently decided in Bd. of Trs. of Columbia Univ. v. Gen Digital Inc., No. 2024-1243 (Fed. Cir. 2026) that the district court erred in its denial of judgment as a matter of law as to damages resulting from foreign sales of downloadable software. At Columbia University's request, the jury had been instructed that “Columbia [was] entitled to damages based on sales to customers located outside of the United States if . . . the infringing product sold to those customers was made in or distributed from the United States, even if the infringing product [was] delivered to and used by the customer outside the United States.” The court concluded as a matter of law that the software sold to Gen Digital‘s (Norton) foreign customers was made outside the United States, and therefore the $94 million in foreign sales damages could not stand.

At the International Association of Privacy Professionals’ (IAPP) annual conference March 30-31, 2026, enforcement officials from California, Connecticut, Indiana, and Delaware shared their current and upcoming enforcement priorities under U.S. state consumer privacy laws. This alert summarizes the key themes from the panel and offers practical guidance for companies navigating the evolving enforcement landscape.

The Modernization of Cosmetics Regulation Act of 2022 (MoCRA) marked the most significant expansion of FDA’s authority over cosmetics in 80 years — and the agency is putting that authority to work. From the launch of a new adverse event reporting tool to forthcoming rules on fragrance allergens and good manufacturing practices (GMP), FDA is reshaping the regulatory landscape for manufacturers, packers, and distributors of cosmetic and personal care products.

Last month, in a ruling that may carry significant implications for the artificial intelligence industry, a California federal court held that state tort and contract claims related to the training of AI models were not preempted by federal law and could proceed in state court. Because many AI models were trained in a similar fashion---by scraping data from online posts and repositories---the decision suggests other plaintiffs may bring such claims in state courts, in addition to federal claims of copyright infringement.

Chambers Europe Guide and Legal 500 Europe, Middle East & Africa (EMEA) Recognize Crowell & Moring Trade Practice and Partner in 2026

In March 2026, the Office of the United States Trade Representative (USTR) launched two parallel Section 301 investigations: one targeting manufacturing overcapacity across 16 countries (including China, the EU, Japan, India, Mexico, Vietnam, and other major manufactures), and one targeting forced labor enforcement failures across 60 countries. Here are the top seven questions Crowell & Moring’s International Trade team is getting regarding pending Section 301 comment deadlines from our clients and how to address them:

In our fourth alert in this EU Pharma Package Series, we provided an analysis of the long-standing but increasingly debated issue of fiscal imports in the pharmaceutical supply chain and the EU’s evolving approach to this issue.

On April 2, 2026, President Trump issued a Proclamation invoking Section 232 of the Trade Expansion Act of 1962, as amended (19 U.S.C. § 1862), to impose tariffs on imports of patented pharmaceuticals, biologics, and associated ingredients into the United States.  The action affects pharmaceutical manufacturers, importers, and supply chain participants.   

As pharmaceutical weight-loss therapies have surged in popularity, health plans, regulators, and courts have found themselves grappling with a set of increasingly pressing and complex questions: who must cover these drugs, under what circumstances, and for whom?

In a development likely to ramp up regulatory pressure on an industry already under significant federal scrutiny, Federal Trade Commission (FTC) Chairman Andrew Ferguson recently directed leaders across his agency to launch a team dedicated to cooperatively advancing enforcement and advocacy activities relevant to health care.

Organizations facing cyber incidents increasingly encounter follow-on civil litigation alleging failures to implement reasonable security measures. In response, a growing number of states — the most recent being Oklahoma this year — have enacted safe harbor laws designed to both protect consumers and reward organizations that take a proactive, documented, and structured approach to cyber threats.

On March 25, 2026, in Cox Communications, Inc. v. Sony Music Entertainment, the U.S. Supreme Court reversed a $1 billion verdict against Cox. The judgment was the result of a jury trial in which Sony claimed that Cox was liable for contributory copyright infringement because it knew that its customers were using its service to infringe yet did not respond with sufficient diligence to prevent that infringement.

Despite facing existential challenges in several federal courts, the performance metrics established by the Centers for Medicare and Medicaid Services’ (CMS) 2020 Final Rule for organ procurement organizations (OPO) appear to be, at least for now, withstanding scrutiny in litigation proceedings.  

On March 4, 2026, the European Commission proposed the Industrial Accelerator Act (IAA), a draft regulation that aims to reverse the decline of the EU’s manufacturing sector while supporting the adoption of cleaner technologies. This client alert is the second in a three-part series dedicated to the IAA. In our first alert we provided an overview of the draft regulation. In this second alert, we take a closer look at the new foreign direct investment (FDI) review framework that the IAA would establish for certain strategic sectors.

In about a year’s time, all worker noncompetition and nonacceptance of business provisions in Washington state will become void and unenforceable unless they qualify for one of the limited exceptions to the ban, thanks to a new law signed by Washington’s Governor Bob Ferguson on March 23, 2026. The new law takes effect June 30, 2027.