Insights

In the first few years following the public launch of generative artificial intelligence (AI) in the autumn of 2022, litigation related to AI focused primarily on claims of copyright infringement. Suits revolved around allegations that the data on which AI models train, and/or the output they produce, infringe upon the intellectual property rights of others. (While some of these cases have settled or reached preliminary judgments, many remain ongoing.)

On September 23, Judge Vernon D. Oliver partially granted and partially denied the defendant’s motion for summary judgment in Post University Inc. v. Learneo, Inc., 3:21-cv-1242 (VDO) (D. Del. Sept. 23, 2025). For background, the defendant in this case, Learneo, Inc. (commonly known as Course Hero), is an online platform for college, trade, and high school students that provides access to user-submitted documents via a paid subscription. Course Hero allows users to search the documents that have been uploaded by school, textbook, book title, and subject, but only users with a subscription can view the documents. Users without a subscription may access a preview version of the document, consisting of a blurred and truncated version created by Course Hero. Course Hero users have uploaded documents to the platform for many thousands of colleges, grad schools, high schools, and trade schools.

The UK’s cyber threat landscape continues to evolve, with the rapid emergence of new technologies introducing novel risks across all sectors and attacks escalating in frequency and sophistication. Regulatory bodies and the UK Government have intensified their focus on cyber security and resilience, as evidenced by the latest National Cyber Security Centre (NCSC) 2025 annual review (Review) and the proposed UK Cyber Security and Resilience Bill (Bill), alongside recent developments in ransomware regulation.

The United States, European Union, and United Kingdom have significantly escalated Russia-related sanctions the past month, including the Trump Administration’s first sanctions directly imposed on Russia. These coordinated actions—which particularly target the Russian energy sector—indicate that Russia sanctions remain on the geopolitical agenda and require multinational companies to remain vigilant in their compliance with those sanctions.

Earlier this month, California enacted Senate Bill 763 (“SB 763”). The legislation amends the state’s long-standing antitrust statute, the Cartwright Act, to increase both criminal and civil maximum penalties for corporations and individuals.  California Attorney General Rob Bonta, whose office is responsible for enforcing the Cartwright Act and stands to benefit from any civil penalties recovered under the new law, sponsored the bill.

A new series of lawsuits have been filed in California courts alleging violations of the state’s Business and Professions Code § 17529.5 (the “Anti-Spam Law”). These cases target companies that send marketing and promotional emails to California residents, and they could present serious legal and financial risks for businesses engaged in email marketing.

On October 23rd, the U.S. Department of Energy (“DOE”) sent a letter to the Federal Energy Regulatory Commission (“FERC”) containing an Advance Notice of Proposed Rulemaking (“ANOPR”) with principles for all large load interconnections across the US, including those co-located with generating facilities.[1] Significantly, the Secretary of Energy states that the interconnection of large loads to the transmission system “falls squarely” within FERC’s jurisdiction, thus weighing in on a dispute that has been pending before FERC for over a year. This move appears to be a reaction to the continued pendency before FERC of the colocation dockets[2] and a technical conference on colocation held almost a year ago.[3]

Researchers have identified a new wave of cybersecurity attacks against European drone makers by the Lazarus Group, a well-known and sophisticated threat actor group, allegedly sponsored by the North Korean government.

In 2024, the U.S. Supreme Court determined that the civil penalties issued by the SEC against individuals for committing securities fraud were unconstitutional because they were levied without a jury trial.[1]

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) brings major changes to UK company law and the operation of Companies House. Whether you are a UK business, an LLP, or an international organisation with UK operations, these reforms will affect your compliance obligations and the way you manage company records. The ECCTA aims to strengthen the UK’s response to corporate and economic crime by improving transparency and accountability across all entities registered or operating in the UK.

Ransomware attacks continue to evolve in frequency, sophistication, and impact. Threat actors are now leveraging artificial intelligence to enhance phishing campaigns, automate data exfiltration, and execute double extortion schemes—where data is both encrypted and stolen for leverage.

On October 16, 2025, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented their Defense Readiness Roadmap 2030 to the EU Member States. This comprehensive plan aims to strengthen European defense capabilities. It follows, and should be read together with, the Commission’s Defense Readiness Omnibus that was published in June 2025. The Omnibus contains a set of proposals to facilitate defense investments and boost EU Member States’ responsiveness to today’s security challenges.

On October 3, 2025, the Sixth Circuit reaffirmed that the attorney-client privilege and the work-product doctrine protections apply to materials created during attorney-led internal investigations. In re FirstEnergy Corp., No. 24-3654 (6th Cir. Oct. 3, 2025).

The deadline for Department of Health and Human Services (“HHS”) to notify approved manufacturers of acceptance into the 340B Rebate Model Pilot Program has passed, and stakeholders across the healthcare industry should start planning for compliance and operational changes. The Model Pilot Program may also face legal challenges that could delay or disrupt implementation.

In recent years, there has been a wave of new legislation impacting contracts and contractual terms. The Belgian legislator is gradually adopting the different Books of the Belgian Civil Code, and the Belgian Code of Economic Law has been updated several times. These changes affect the way contract terms need to be drafted, not only between companies but also with consumers.

California recently enacted two laws instituting new restrictions and requirements for health care transactions. On October 6, Governor Newsom signed SB 351, which codifies elements of the state’s corporate practice of medicine doctrine and strengthens restrictions against private equity, hedge fund, and other private investor control of health care organizations and operations. On October 11, Newsom signed AB 1415, which expands the scope of parties and relevant transactions that require pre-transaction notice to the state’s Office of Health Care Affordability (OHCA). Both laws are intended to provide the State of California greater oversight of transactions involving health care entities, and raise additional hurdles for parties seeking to acquire or sell health care operations in the state,[1] consistent with a broader trend across the country. The key points of each of the California laws are summarized below:

On August 15, 2025, the Treasury Department and IRS released updated guidance concerning Beginning of Construction requirements to qualify for clean energy tax credits. This new guidance is critical for developers to consider as they rush to qualify for the tax credits before they expire entirely. The much-anticipated guidance followed the July 7, 2025 Executive Order 14315, Ending Market Distorting Subsidies for Unreliable, Foreign-Controlled Energy Sources (“July 7, 2025 Executive Order”), which signaled that the Trump Administration was planning to strictly enforce the termination of production and investment tax credits for solar and wind facilities that are set to expire under the One Big Beautiful Bill Act (OBBB Act), covered in more detail here. The new guidance comes at a time when many in the industry are struggling to keep up with the myriad ways that the new administration is working to roll back wind and solar tax credits, leaving developers to piece through the recent guidance to determine how best to structure and invest in clean energy projects given the volatile position of the current administration vis-a-vis wind and solar energy.

In June 2025, the European Commission adopted its first-ever measures under the International Procurement Instrument Regulation (IPI), restricting access to the EU public procurement market for medical devices for economic operators and medical devices from the People’s Republic of China. This is the first application of the IPI, a new trade instrument aimed at tackling lack of reciprocity in access to public procurement in third countries.

In Cox v. Sony, the US Supreme Court granted certiorari and will hear oral arguments this term. Cox seeks to overturn a decision by the US Court of Appeals for the Fourth Circuit that affirmed a billion-dollar judgment against Cox after a jury concluded that Cox was liable for contributory copyright infringement based on its users’ direct copyright infringement.

The Court of Justice of the European Union (CJEU) recently issued a landmark judgment in the LEGO Group case (C-211/24) concerning the scope of EU design protection for modular systems. This recent judgment addresses fundamental questions regarding the protection and enforcement of Community designs for modular products, specifically the LEGO Group’s iconic toy building blocks and parts: