Insights

From June 19, 2026, all online traders active within the EU are required to provide a “withdrawal button” on their websites and apps. The introduction of this withdrawal button represents a significant shift in the online consumer cancellation landscape. In this alert, we provide an overview of what this requirement means in practice and why compliance is so important.

The General Services Administration (GSA) is seeking public comment on a new GSA Regulation clause, 552.239-7001, Basic Safeguarding of Data within Large Language Model Artificial Intelligence Systems (LLMs), governing data safeguards and requirements prime contractors must comply with when providing or using LLMs under federal contracts. This updated clause (Revised Clause) reflects substantial revisions from an earlier version released in March 2026 (Original Clause) that faced substantial pushback from industry. Where the Original Clause cast a wide net — imposing obligations broadly across AI systems with little differentiation among supply-chain participants — the Revised Clause is more narrowly tailored. The Revised Clause:

On the surface, United States v. Bankman-Fried is a case about the collapse of a cryptocurrency exchange. But the U.S. Court of Appeals for the Second Circuit’s recent opinion — affirming Samuel Bankman-Fried’s conviction on seven counts of fraud and conspiracy — carries important lessons that extend well beyond the world of digital assets.

A Kansas federal court held that inconsistent enforcement of trade secret rights can defeat a claim under the Defend Trade Secrets Act (DTSA). In Edelman Financial Engines, LLC v. Mariner Wealth Advisors LLC, No. 2:23-cv-02515-HLT (D. Kan. June 5, 2026), the court applied a selective enforcement theory, holding that when a company does not consistently pursue legal remedies against similarly situated former employees, that inconsistency can be affirmative evidence that it failed to protect its trade secrets. While the selective enforcement theory has appeared in academic hypothetical discussions, the decision appears to be one of the clearest judicial applications of a “selective enforcement” theory in a trade secret case.

On June 9, 2026, the U.S. Department of Justice (DOJ) issued a formal opinion concluding that the Equal Opportunity Employment Commission’s (EEOC) existing interpretations of Title VII of the Civil Rights Act of 1964 (Title VII) disparate-impact liability, including the Uniform Guidelines on Employee Selection Procedures (UGESP), are unconstitutional. According to the opinion, EEOC’s prior interpretations contemplate liability based on disproportionately adverse effects alone, without regard to an employer’s likely intent, rather than treating disparate impact as an evidentiary mechanism to “smoke out” intentional discrimination. DOJ found that this approach functions as a “qualified racial-proportionality mandate” that places “a racial thumb on the scales, often requiring employers to evaluate the racial outcomes of their policies, and to make decisions based on (because of) those racial outcomes.” The opinion fulfills one mandate of Executive Order 14281, which rejected disparate-impact liability insofar as it “creates a near insurmountable presumption that unlawful discrimination exists wherever there are any differences in outcomes among different [demographic groups].”

When the U.S. Court of Appeals for the Fifth Circuit vacated the FTC's Combating Auto Retail Scams (CARS) Rule in January 2025 on procedural grounds, some dealers may have interpreted the decision as a signal that federal regulatory pressure on the auto industry had eased. Recent developments make clear that such optimism was misplaced.

The EU Cyber Resilience Act (CRA) is an EU product cybersecurity law for connected products (formally, “products with digital elements” under the CRA) commercialized in the EU; it entered into force on 10 December 2024, with direct application across the EU. Full application begins 11 December 2027, but one of its most operationally demanding provisions takes effect in just under 100 days, on 11 September 2026: the mandatory vulnerability and incident reporting under Article 14 CRA.

On June 5, 2026, President Trump issued National Security Presidential Memorandum (NSPM) 11 (NSPM-11) to accelerate AI adoption by the U.S. military and intelligence agencies. It directs updated AI management, acquisition, and use policies and seeks to compel AI companies to comply with Trump administration policies.  It calls for expanded training and enhanced security in collaboration with the private sector and orders the “termination for default or for convenience” of government contracts with AI companies that wish to limit how the government uses their products. NSPM-11 could also herald a major change in autonomous warfighting policy by directing the update of the Pentagon’s primary directive on autonomous weapon systems.

On Wednesday, June 3, 2026, the Department of Health and Human Services (HHS) published an interim final rule with comment (IFC) instructing all state Medicaid agencies to incorporate “community engagement” as an eligibility condition for program participation by no later than January 1, 2027. The rule (Medicaid Program; Community Engagement Requirement for Certain Individuals) does not impose affirmative operational obligations for Medicaid managed care plans, as it focuses primarily on equipping the states to administer the community engagement requirement. However, it does establish a few specific guardrails to govern the role managed care organizations, prepaid inpatient health plans, and prepaid ambulatory health plans may — and may not — play in that administration.

Qatar's financial markets regulator, the Qatar Financial Markets Authority (QFMA), has overhauled the rules governing public company mergers and acquisitions, replacing a decade-old framework with a modernised regime that will reshape how deals are structured, timed, and executed. Here are the headlines:

On December 11, 2025, New York Governor Kathy Hochul signed S.8420-A/A.8887-B into law. This first-in-the-nation legislation, called the New York AI Synthetic Performers Disclosure Law, is intended to protect consumers and promote transparency in the age of AI advertising. This law represents a meaningful shift in the legal landscape for AI advertising. For the first time in any U.S. jurisdiction, the mere use of an AI-generated human likeness in a commercial advertisement triggers an affirmative disclosure obligation. The practical implications are significant, particularly for e-commerce retailers, digital advertisers, and agencies that have integrated AI-generated human imagery into high-volume creative workflows.

On June 4, 2026, the U.S. Supreme Court unanimously held that the U.S. Securities and Exchange Commission (SEC) can continue to pursue disgorgement as an equitable remedy in securities fraud cases without showing pecuniary loss by investors. The Court’s ruling in Sripetch v. SEC resolves a split between the U.S. Court of Appeals for the Second Circuit, which concluded that the SEC must demonstrate pecuniary loss, and the U.S. Courts of Appeals for the First and Ninth Circuits, which declined to require such a showing.

Introduced to Parliament on 19 May 2026, the Commercial Payments Bill represents a significant reform to payment legislation. Targeting a problem that costs the economy £11 billion per year, the Bill introduces a package of hard-edged protections that businesses cannot avoid through contract.

Crowell & Moring’s International Trade Group Secures Top Rankings in Chambers USA 2026

On June 8, 2026, a new EU regulation was adopted to replace the 2019 Foreign Direct Investment (FDI) Screening Regulation. The new regulation requires all Member States to establish a screening mechanism for inbound FDI. It also defines a mandatory minimum sectoral scope, expands coverage to investments by foreign investors’ EU subsidiaries, and improves coordination between Member States and the Commission.

The Office of Management and Budget issued on May 29, 2026 a Proposed Rule that would significantly revise the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) at 2 C.F.R. Part 200, potentially impacting the full lifecycle of federal grants, cooperative agreements and other forms of financial assistance, from pre-award merit review through post-award administration and termination. These proposed changes are designed to implement the President’s policy priorities, executive actions related to diversity, equity and inclusion (DEI) activities, and Executive Order No. 14332, Improving Oversight of Federal Grantmaking (EO 14332).

Three years have passed since the EU Pay Transparency Directive ("PTD") came into existence, and it now appears highly likely that very few EU Member States will have fully transposed its provisions into national law by the 7 June 2026 deadline.  For employers operating across the EU, this creates a deeply uncomfortable question: what are your obligations right now?

On May 27, 2026, the California State Assembly advanced AB 2564, which would prohibit surveillance pricing by retailers. Assemblymember Christopher Ward originally introduced AB 2564 on February 20, 2026, to “ensure that people are not being unfairly charged higher prices due to their actual or perceived characteristics.”

On June 2, 2026, the U.S. Trade Representative (USTR) announced a landmark set of enforcement actions under Section 301 of the Trade Act of 1974, targeting 60 economies worldwide for failing to prohibit the importation of goods produced with forced labor. This is one of the most sweeping forced labor-related trade enforcement actions in U.S. history. USTR has proposed new tariffs ranging from 10% to 12.5% on all products from these economies. Interested parties may file public comments, due by July 6, and the USTR has scheduled a public hearing on July 7 before final implementation. Companies sourcing from any of the 60 affected economies should assess exposure immediately.

On June 2, 2026, President Trump signed a highly anticipated artificial intelligence and cybersecurity Executive Order, “Promoting Advanced Artificial Intelligence Innovation and Security” (the EO), directing several national security and civilian agencies to ramp up scrutiny of cutting-edge AI models and bolster federal cybersecurity defenses against AI-enabled threats.