Insights

On June 22, 2026, President Trump signed two executive orders, “Securing the Nation Against Advanced Cryptographic Attacks” (Quantum Security EO) and “Ushering in the Next Frontier of Quantum Innovation” (Quantum Innovation EO), marking the most significant federal action on quantum technology since the Quantum Computing Cybersecurity Preparedness Act of 2022, which directed agencies to harden their information systems against quantum-enabled hacking. The orders seek to speed the development of quantum computers, which are advanced processors that can calculate multiple possibilities simultaneously and thus solve problems exponentially faster than traditional computers. At the same time, the orders look to protect against the danger that quantum technology can “break” traditional encryption by easily decoding it. Of particular note for government contractors, the Quantum Security EO directs agencies to update federal acquisition regulations to require contractors by 2031 to adopt information processing standards that resist quantum-enabled codebreaking.

On June 17, 2026, the U.S. Department of Justice’s (DOJ( National Security Division (NSD) announced that it had issued a declination for Robert Bosch GmbH (Bosch) relating to potential violations of the Export Control Reform Act, 50 U.S.C. § 4819 (ECRA). Specifically, the DOJ declined to criminally prosecute Bosch’s violations of the Export Administration Regulations’ (EAR) Foreign Direct Product Rule (FDPR), which apparently resulted from two Bosch subsidiaries’ export of products and software manufactured with equipment that was the direct product of U.S. software or technology to Huawei Technologies Co., Ltd. and its “Entity List” affiliates, including Huawei Tech. Investment Co., Ltd., Hong Kong (collectively, Huawei). The same day, the U.S. Department of Commerce Bureau of Industry and Security (BIS) announced a parallel civil administrative settlement with Bosch.

Two significant recent developments illustrate the Trump administration’s increasing focus on policing of hospital contracting practices that limit health plan network design flexibility. On June 16, 2026, the U.S. Department of Justice (DOJ) Antitrust Division and Ohio attorney general filed a proposed consent decree resolving their civil antitrust suit against OhioHealth. (Prior Alert) Two days later, the White House Council of Economic Advisers (CEA) released a memorandum quantifying the potential economic effects of a broader ban on the types of contracting restrictions at issue in the OhioHealth case and the DOJ's parallel suit against NewYork-Presbyterian. This alert updates our prior coverage of the OhioHealth complaint and summarizes both developments.

The nation’s power grid and infrastructure are facing increased pressure from artificial intelligence (AI) data centers, prompting new questions around environmental regulatory design and compliance. As technology companies race to build and expand new data center factories, they face a web of permitting requirements as well as potential community opposition, and environmental litigation — all against a backdrop of rapid and still-evolving agency guidance.

A recent U.S. Government Accountability Office (GAO) decision dismissing three pre-award protests as untimely highlights an important procedural trap for would-be protesters. In Oready, LLC, GAO dismissed three protests filed one business day too late, even though they were submitted prior to the solicitation closing date and time. 

From June 19, 2026, all online traders active within the EU are required to provide a “withdrawal button” on their websites and apps. The introduction of this withdrawal button represents a significant shift in the online consumer cancellation landscape. In this alert, we provide an overview of what this requirement means in practice and why compliance is so important.

The General Services Administration (GSA) is seeking public comment on a new GSA Regulation clause, 552.239-7001, Basic Safeguarding of Data within Large Language Model Artificial Intelligence Systems (LLMs), governing data safeguards and requirements prime contractors must comply with when providing or using LLMs under federal contracts. This updated clause (Revised Clause) reflects substantial revisions from an earlier version released in March 2026 (Original Clause) that faced substantial pushback from industry. Where the Original Clause cast a wide net — imposing obligations broadly across AI systems with little differentiation among supply-chain participants — the Revised Clause is more narrowly tailored. The Revised Clause:

On the surface, United States v. Bankman-Fried is a case about the collapse of a cryptocurrency exchange. But the U.S. Court of Appeals for the Second Circuit’s recent opinion — affirming Samuel Bankman-Fried’s conviction on seven counts of fraud and conspiracy — carries important lessons that extend well beyond the world of digital assets.

A Kansas federal court held that inconsistent enforcement of trade secret rights can defeat a claim under the Defend Trade Secrets Act (DTSA). In Edelman Financial Engines, LLC v. Mariner Wealth Advisors LLC, No. 2:23-cv-02515-HLT (D. Kan. June 5, 2026), the court applied a selective enforcement theory, holding that when a company does not consistently pursue legal remedies against similarly situated former employees, that inconsistency can be affirmative evidence that it failed to protect its trade secrets. While the selective enforcement theory has appeared in academic hypothetical discussions, the decision appears to be one of the clearest judicial applications of a “selective enforcement” theory in a trade secret case.

On June 9, 2026, the U.S. Department of Justice (DOJ) issued a formal opinion concluding that the Equal Opportunity Employment Commission’s (EEOC) existing interpretations of Title VII of the Civil Rights Act of 1964 (Title VII) disparate-impact liability, including the Uniform Guidelines on Employee Selection Procedures (UGESP), are unconstitutional. According to the opinion, EEOC’s prior interpretations contemplate liability based on disproportionately adverse effects alone, without regard to an employer’s likely intent, rather than treating disparate impact as an evidentiary mechanism to “smoke out” intentional discrimination. DOJ found that this approach functions as a “qualified racial-proportionality mandate” that places “a racial thumb on the scales, often requiring employers to evaluate the racial outcomes of their policies, and to make decisions based on (because of) those racial outcomes.” The opinion fulfills one mandate of Executive Order 14281, which rejected disparate-impact liability insofar as it “creates a near insurmountable presumption that unlawful discrimination exists wherever there are any differences in outcomes among different [demographic groups].”

When the U.S. Court of Appeals for the Fifth Circuit vacated the FTC's Combating Auto Retail Scams (CARS) Rule in January 2025 on procedural grounds, some dealers may have interpreted the decision as a signal that federal regulatory pressure on the auto industry had eased. Recent developments make clear that such optimism was misplaced.

The EU Cyber Resilience Act (CRA) is an EU product cybersecurity law for connected products (formally, “products with digital elements” under the CRA) commercialized in the EU; it entered into force on 10 December 2024, with direct application across the EU. Full application begins 11 December 2027, but one of its most operationally demanding provisions takes effect in just under 100 days, on 11 September 2026: the mandatory vulnerability and incident reporting under Article 14 CRA.

On June 5, 2026, President Trump issued National Security Presidential Memorandum (NSPM) 11 (NSPM-11) to accelerate AI adoption by the U.S. military and intelligence agencies. It directs updated AI management, acquisition, and use policies and seeks to compel AI companies to comply with Trump administration policies.  It calls for expanded training and enhanced security in collaboration with the private sector and orders the “termination for default or for convenience” of government contracts with AI companies that wish to limit how the government uses their products. NSPM-11 could also herald a major change in autonomous warfighting policy by directing the update of the Pentagon’s primary directive on autonomous weapon systems.

On Wednesday, June 3, 2026, the Department of Health and Human Services (HHS) published an interim final rule with comment (IFC) instructing all state Medicaid agencies to incorporate “community engagement” as an eligibility condition for program participation by no later than January 1, 2027. The rule (Medicaid Program; Community Engagement Requirement for Certain Individuals) does not impose affirmative operational obligations for Medicaid managed care plans, as it focuses primarily on equipping the states to administer the community engagement requirement. However, it does establish a few specific guardrails to govern the role managed care organizations, prepaid inpatient health plans, and prepaid ambulatory health plans may — and may not — play in that administration.

Qatar's financial markets regulator, the Qatar Financial Markets Authority (QFMA), has overhauled the rules governing public company mergers and acquisitions, replacing a decade-old framework with a modernised regime that will reshape how deals are structured, timed, and executed. Here are the headlines:

On December 11, 2025, New York Governor Kathy Hochul signed S.8420-A/A.8887-B into law. This first-in-the-nation legislation, called the New York AI Synthetic Performers Disclosure Law, is intended to protect consumers and promote transparency in the age of AI advertising. This law represents a meaningful shift in the legal landscape for AI advertising. For the first time in any U.S. jurisdiction, the mere use of an AI-generated human likeness in a commercial advertisement triggers an affirmative disclosure obligation. The practical implications are significant, particularly for e-commerce retailers, digital advertisers, and agencies that have integrated AI-generated human imagery into high-volume creative workflows.

On June 4, 2026, the U.S. Supreme Court unanimously held that the U.S. Securities and Exchange Commission (SEC) can continue to pursue disgorgement as an equitable remedy in securities fraud cases without showing pecuniary loss by investors. The Court’s ruling in Sripetch v. SEC resolves a split between the U.S. Court of Appeals for the Second Circuit, which concluded that the SEC must demonstrate pecuniary loss, and the U.S. Courts of Appeals for the First and Ninth Circuits, which declined to require such a showing.

Introduced to Parliament on 19 May 2026, the Commercial Payments Bill represents a significant reform to payment legislation. Targeting a problem that costs the economy £11 billion per year, the Bill introduces a package of hard-edged protections that businesses cannot avoid through contract.

Crowell & Moring’s International Trade Group Secures Top Rankings in Chambers USA 2026

On June 8, 2026, a new EU regulation was adopted to replace the 2019 Foreign Direct Investment (FDI) Screening Regulation. The new regulation requires all Member States to establish a screening mechanism for inbound FDI. It also defines a mandatory minimum sectoral scope, expands coverage to investments by foreign investors’ EU subsidiaries, and improves coordination between Member States and the Commission.