Insights

On February 13, 2026, the U.S. Department of Homeland Security (DHS) announced upcoming virtual town hall meetings scheduled for March 2026 regarding the implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).  The meetings will allow industry stakeholders to provide input to DHS to refine the “scope and burden” of the forthcoming CIRCIA final rule.

Artificial intelligence tools have already transformed the practice of law, but they come with serious legal risks that are now taking shape. A recent ruling by a federal judge in the U.S. District Court for the Southern District of New York highlights one such risk: certain inputs and outputs from commercial AI models may not be considered privileged attorney-client communications or protected by the work-product doctrine.

The Court of Justice of the European Union (CJEU) recently delivered its judgment in the CeramTec case (C-17/24).

On January 27, 2026, the U.S. District Court for the Northern District of Texas ruled favorably for policyholders in a major ongoing cyber-insurance dispute between Southwest Airlines and Liberty Insurance when it accepted the Magistrate Judge's findings and recommendations in Southwest Airlines Co. v. Liberty Insurance Underwriters Inc., Civil Action No. 3:19-CV-2218-E, the court reinforced critical legal protections for policyholders facing coverage denials. 

In October 2024, the FTC adopted a final rule that substantially modified the HSR form, requiring new categories of information and documents. The final rule was the most significant overhaul of the HSR premerger notification requirements in decades. The new requirements imposed additional time and expense on merging parties, with the FTC estimating that the new form would likely take triple the amount of time to complete than the previous form. Numerous groups, including the U.S. Chamber of Commerce, sued to challenge the rule.

FAQs: What OPOs Need to Know About the Proposed Rule

On 9 January 2026, the European Commission published its Guidelines on the application of Regulation (EU) 2022/2560, also known as the Foreign Subsidies Regulation (FSR).

On February 9, 2026, the U.S. Department of the Treasury’s (Treasury) Office of Investment Security (OIS) published a request for information (RFI) seeking public comments on how the Committee on Foreign Investment in the United States (CFIUS) might streamline its foreign investment review process, including through the Known Investor Program (KIP). The RFI requests feedback on (1) proposed eligibility criteria and a draft questionnaire for the KIP, including certain defined terms, and (2) other ways that CFIUS and transaction parties can streamline aspects of the foreign investment review process. Written comments are due March 18, 2026.

Rising electricity prices are becoming an increasingly potent political issue, with both utilities and data centers facing growing scrutiny from federal and state lawmakers on how to insulate ratepayers from rising costs. While headlines have been dominated by the White House and Governors of states in the PJM Interconnection proposing reforms to the PJM capacity market, and by New Jersey Governor Sherrill’s goal to freeze rate hikes, the issue is also quickly becoming a focal point of congressional oversight.

Employers are increasingly relying on artificial intelligence and automated decision systems (ADS) in workplaces across California and the world as avenues to boost productivity or achieve cost savings. However, some state legislators have raised concerns about the lack of worker protections and oversight in discipline and termination decisions made by ADS.

On July 8, 2025, the U.S. Court of Appeals for the Eighth Circuit vacated the Federal Trade Commission’s (FTC) Rule Concerning Subscriptions and Other Negative Option Plans, commonly known as the “Click-to-Cancel” rule. As detailed in a previous client alert, the rule was intended to regulate negative option plans[1]— such as subscriptions and automatic renewals — by imposing stringent requirements on businesses, including streamlined cancellation processes and enhanced disclosure obligations. The Eighth Circuit vacated the Click-to-Cancel rule because it found that the FTC had failed to comply with mandatory procedural requirements. As a result, the rule is no longer in effect, and businesses are not currently subject to its mandates.

On February 3, 2026, President Trump signed a $1.2 trillion spending deal that, among other points, introduced significant regulatory changes for Medicare Part D plans and PBMs providing services to PDP sponsors in the Medicare Advantage and Medicare Part D programs, and imposed significant new restrictions and transparency requirements on PBMs contracting with private group health plans.

The UK Financial Conduct Authority (FCA) recently issued consultation paper CP26/5, proposing to replace the existing Task Force on Climate-related Financial Disclosures (TCFD) requirements with new rules mandating listed companies to report against the UK Sustainability Reporting Standards (UK SRS). These are based on the IFRS Sustainability Disclosure Standards developed by the International Sustainability Standards Board (ISSB).

On February 3, 2026, the Belgian government submitted a draft law containing various labor-related provisions. The draft legislation aims to modernize Belgian labor law and includes significant changes to work regulations, minimum working time for part-time employees, night work restrictions, and notice period rules.

Last week, the Federal Circuit heard oral argument in Global K9 Protection Group, LLC v. United States, a bid protest appeal concerning, in part, whether an awardee who chose not to intervene at the outset of the protest should have been allowed to do so after its award was enjoined.

On January 27, the EU and Brazil announced their positive determination on the mutual adequacy of Brazil’s and the EU’s data privacy frameworks — confirming the growing importance of transatlantic data transfers and the EU-Mercosur relationship. This adequacy decision, while not formally tied to the EU-Mercosur trade negotiations, is a historic development that can facilitate cross-border data transfers and fuel shared economic growth driven by data-centered service sectors.

On January 29, 2026, the U.S. Department of Justice (DOJ) Antitrust Division (Division) and U.S. Postal Service announced the first-ever payment under the antitrust whistleblower rewards program, awarding $1 million to an individual whose information led to a $3.28 million fine as part of a deferred prosecution agreement with EBLOCK Corporation, an online auction platform for used vehicles.

In GuideOne National Insurance Co. v. Systems 2000 Plumbing Service, Inc., the U.S. District Court for the Southern District of New York addressed whether excess insurer GuideOne was required to provide coverage under a “follow form” excess policy based on mutual mistake or illusory coverage principles. The insured, Systems 2000, is a plumbing contractor that worked exclusively in residential apartment buildings. It held a $2 million primary general liability insurance policy with Travelers and a $4 million excess insurance policy with GuideOne, both of which were effective March 15, 2021. Eight days later, there was a fire in a Manhattan apartment building where Systems 2000 had been performing work. Systems 2000 made timely claims under both policies for coverage related to the fire.

Liesbeth Truyens, Economic Sanctions and Commercial Disputes Lawyer, Joins Crowell & Moring’s Brussels Office

On January 27, 2026, the Centers for Medicare and Medicaid Services (CMS) released a Health Plan Management System (HPMS) memo that provided a long-awaited update on how the agency plans to approach previously announced Risk Adjustment Data Validation (RADV) audits for Payment Years (PY) 2020-2024. The memo is the agency’s most comprehensive statement on the subject since September 25, 2025, when the Northern District of Texas vacated the 2023 RADV Final Rule. The memo makes clear that, while CMS has made certain operational adjustments in response to concerns expressed by Medicare Advantage Organizations (MAOs), the agency is largely pressing forward with the accelerated audit strategy announced in May 2025.