Insights

The EU has adopted its 20th package of sanctions in connection with Russia's ongoing war against Ukraine, resolving a prolonged internal political deadlock that had been caused by vetoes from Hungary and Slovakia. The package amends Regulations 833/2014, 269/2014, and 765/2006 and the respective Council Decisions and Implementing Regulations. The texts entered into force on 24 April 2026. They are available through this link.

The recent $285 million theft from Drift Protocol serves as a high-stakes reminder that the human element remains one of the biggest cybersecurity gaps in any organization. This was not a “hack” in the traditional sense of breaking through a digital wallet. North Korean actors used sophisticated social engineering to exploit human trust ―  highlighting what looks like a “hacking” risk into valuable lessons learned for cybersecurity oversight.

In our seventh alert in this EU Pharma Package Series, we provided an analysis of the increasing focus on shortages of medicinal products in the EU and the prevention and mitigation measures as proposed by the EU institutions.

An Alabama mother filed suit on April 8, 2026, in the U.S. District Court for the Northern District of California against Roblox and Fortnite developer Epic Games, alleging that they design their platforms and games to be addictive through random reward tactics, especially targeting minors. The case is Turner et al. v. Epic Games Inc. et al., Case No. 3:26-cv-02975.

On April 21, 2026, the U.S. Department of Labor (DOL) issued a notice of proposed rulemaking (NPRM) outlining a new standard for “joint employment” — under which separate entities will be found jointly liable for the other’s violations — under the Federal Labor Standards Act (FLSA), the Family and Medical Leave Act (FMLA), and the Seasonal Agricultural Worker Protection Act (MPSA). The Proposed Rule purports to standardize the definition of “joint employment” across all three laws to create “clarity” and “uniformity” for employers and employees alike.

In its April 21, 2026, opinion, the U.S. Court of Appeals for the Tenth Circuit affirmed the lower court’s ruling in Liberty Global, holding that the codified economic substance doctrine applies even when a taxpayer mechanically utilizes the provisions of the Tax Code. The court also held that common mergers and acquisitions elements and basic business transactions are not categorically carved out from the economic substance doctrine. The court dismissed the taxpayer’s argument that a separate relevancy determination needs to be made before the economic substance doctrine can be applied.

In mid-April, a bipartisan coalition of 45 State Attorneys General (AG) submitted a formal letter to the U.S. Department of Labor (DOL) expressing their collective support for a proposed rule (Improving Transparency into Pharmacy Benefit Manager Fee Disclosure, or RIN 1210-AB37), which would — if enacted — impose new disclosure obligations on pharmacy benefit managers (PBM) regulated under the Employee Retirement Income Security Act of 1974 (ERISA).

In keeping with ongoing efforts to intensify regulatory oversight of organ procurement organizations (OPOs) and curtail improper spending within federal health programs, the Centers for Medicare & Medicaid Services (CMS) recently issued a proposed rule that would, among other adjustments, align Medicare payment policies for non-renal organs to be consistent with those currently applicable to kidneys. If enacted as drafted, this latest rule could have a direct impact on the financial stability of OPOs and histocompatibility laboratories (HCL) at a time when such organizations face increasing pressure to meet CMS’s new outcome measures — or else face non-renewal or decertification later this year. 

As companies and individuals increasingly embed AI tools in legal practice, courts are grappling with how to treat communications with, and information generated by, these tools. Chief among these questions is whether and in what circumstances attorney-client privilege and work-product protections as they are applied in different jurisdictions extend to AI-generated content or communications with an AI tool.

On April 16, 2026, a complaint alleging a putative class and collective action was filed in the U.S. District Court for the Northern District of Illinois, alleging that a property management company violated Illinois’ biometric privacy law through the use of its biometric timekeeping software. The complaint, which begins with the statement that “[t]his is a wage theft and privacy case,” emphasizes the legal risks that may arise when employers deploy biometric timekeeping technology without adequate compliance measures, particularly in Illinois, one of the most employee-protective states for biometric privacy claims.

The landscape of counterfeiting litigation is shifting in ways that place online marketplace operators at the center of disputes from two directions. Brand owners are escalating efforts to hold platforms liable for counterfeit goods sold through their sites, while some marketplace operators have begun joining brand owners as co-plaintiffs to pursue counterfeiters directly. This dual role has significant implications for how platforms manage their legal exposure and their relationships with brand owners.

On March 4, 2026, the European Commission proposed the Industrial Accelerator Act (IAA), a draft regulation that aims to reverse the decline of the EU’s manufacturing sector while supporting the adoption of cleaner technologies. This client alert is the third in a three-part series dedicated to the IAA. In our first alert, we provided an overview of the draft regulation. In a second alert, we took a closer look at the new foreign direct investment (FDI) review framework that the IAA would establish for certain strategic sectors. In this third and final instalment of the series, we focus on the implications of the proposal for the automotive industry.

As discussed in our March 30, 2026, client alert, Déjà Vu: New Executive Order Outlines Restrictions on Contractor and Subcontractor DEI Activity, President Trump issued Executive Order 14398 (EO 14398), Addressing DEI Discrimination by Federal Contractors, on March 26, 2026. The EO declared DEI activities “unethical and often illegal,” required a new mandatory contract clause for federal contracts and subcontracts, and directed the Federal Acquisition Regulatory (FAR) Council to issue an implementing deviation. That deviation has now arrived. At the same time, a coalition of higher education and government contractor associations has filed suit seeking to block the underlying executive order.

In our sixth alert in this EU Pharma Package Series, we provided an analysis of the history and interpretation issues for another highly debated topic: the “Bolar” exemption.

On April 6, 2026, the Centers for Medicare & Medicaid Services (CMS) published its final rule governing the Medicare Advantage (Part C) and Prescription Drug Benefit (Part D) programs for Contract Year (CY) 2027. The final rule is effective June 1, 2026, with most provisions applicable to coverage beginning January 1, 2027, and marketing and communications changes taking effect October 1, 2026. Beyond payment, the rule pursues a broad deregulatory agenda aligned with Executive Order 14192, reversing marketing and enrollment safeguards introduced in 2023 and easing documentation and reporting obligations, while introducing new program integrity requirements.

In Danziger et al. v. U.S., No. 25-cv-1241 (Fed. Cl. Apr. 10, 2026) (a Crowell & Moring case), the Court of Federal Claims (COFC) denied the government’s motion to dismiss a complaint seeking breach of contract damages for improper terminations in bad faith and/or abuse of discretion. The case involves hundreds of contractors for the U.S. Agency for International Development (USAID), who were terminated in 2025 in connection with the dismantling of USAID. The government sought to dismiss the case for failure to state a claim, arguing that the complaint failed to sufficiently plead bad faith or abuse of discretion. The court rejected these arguments, noting that the complaint was “replete with allegations implicating bad faith,” and specifically rejected the “peculiar notion” “that governmental misconduct is immunized when a contracting officer acts pursuant to directives from higher-ranking officials.” The court also held that the government’s payment of certain termination costs was no defense to the contractors’ breach claim and confirmed that an improper termination for convenience entitles contractors to termination costs as well as breach damages.

On March 18, 2026, the Antitrust Division (Division) of the U.S. Department of Justice (DOJ) entered into a Non-Prosecution Agreement (“NPA”) with Broadway Across America (“BAA”), resolving a criminal antitrust investigation into agreements between BAA and another entertainment company (“Company A”) that included non-compete restrictions on Company A’s ability to offer potentially competing programming. Notably, the restrictions were contained in a vertical agreement by which BAA presented touring shows at theaters owned by Company A. The announcement is a reminder that the agencies continue to scrutinize non-compete agreements contained in business contracts, and all non-compete provisions, even those included between vertical partners, should be reviewed by antitrust counsel.

In a significant decision for government contractors, on April 15, 2026, in Life Science Logistics, LLC v. United States, the U.S. Court of Appeals for the Federal Circuit held that bid protesters challenging an agency’s override of an automatic stay of contract performance under the Competition in Contracting Act (CICA) need not satisfy the demanding four-factor test traditionally required for preliminary injunctive relief.  In so doing, the Federal Circuit clarified that CICA stay override challenges need only demonstrate that the override decision was arbitrary and capricious—nothing more.

Is evidence that a company tracked return on investment (ROI) for certain actions and expenses sufficient to prove mens rea and plead a violation of the federal Anti-Kickback Statute (AKS) with the requisite particularity? A recent decision in the U.S. District Court for the Southern District of New York (SDNY) suggests that it is.

Meta continues to face lawsuits around the country alleging that its platforms are designed to induce compulsive use by children. In March 2026, a California jury delivered a landmark verdict that Meta and YouTube were liable for allegedly addictive platform features that resulted in a child’s mental health distress.