Insights

On May 1, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. National Security Agency (NSA), the Australian Cyber Security Centre, the UK National Cyber Security Centre, the Canadian Centre for Cyber Security, and the New Zealand National Cyber Security Centre, published joint guidance on the “Careful Adoption of Agentic AI Services” (Guidance).

According to the U.S. Supreme Court, freight brokers are the transportation industry’s “matchmakers, connecting sellers of goods to the carriers who move them.” Montgomery v. Caribe Transport II, LLC, No. 24-1238, slip op. at 1 (U.S. May 14, 2026). Those matchmakers now potentially face liability when they make a bad match.

On May 4, 2026, the U.S. Department of Justice (“DOJ”) filed a federal complaint seeking to enjoin Minnesota’s state-court climate lawsuit against major energy companies. DOJ contends that Minnesota’s claims—which target global greenhouse gas emissions—intrude on exclusive federal authority. The complaint asserts that Minnesota’s lawsuit violates the dormant Commerce Clause and is preempted based on uniquely federal interests, the prohibition on extraterritorial state regulation, the Clean Air Act (“CAA”), and the Foreign Affairs doctrine.

From June 11 to July 19, 2026, 16 cities across the United States, Mexico, and Canada will host the 2026 FIFA Men’s World Cup, the largest in history. For construction firms, vendors, and suppliers, this trinational event has presented a significant commercial opportunity. Yet, cross-border projects involving parties operating under three distinct legal systems — common law in the United States and Canada, and civil law in Mexico — also create fertile ground for commercial disputes. Given the scale, technical complexity, and commercial significance of the FIFA World Cup and all the projects surrounding it, disputes are often unavoidable. As companies navigate intricate contractual obligations across multiple jurisdictions, international arbitration may play a pivotal role in resolving conflicts tied to these major commercial undertakings.

It has been a couple of years since the introduction of Qatar's Judicial Enforcement Law No. 4 of 2024 (the Judicial Enforcement Law), but enforcement is still a process that many do not understand. It is therefore perhaps worth a reminder of the law and its far-reaching scope. I conclude the article with a brief look at how the law has benefitted creditors.

The Department of Justice (DOJ) and the cross-agency Trade Fraud Task Force have upped the ante by an order of magnitude in the government’s pursuit of customs fraud. On May 1, 2026—only a few months after setting its previous record-high customs-related False Claims Act (FCA) settlement of $54.4 million with Ceratizit USA, LLC—the DOJ shattered that record with a $549.5 million settlement with Perfectus Aluminum Inc., its subsidiary Perfectus Aluminum Acquisitions LLC, and a set of four affiliated warehousing companies. The Perfectus settlement resolves allegations that the defendants violated the FCA by evading antidumping and countervailing duties (AD/CVD). The settlement resolves three separate qui tam complaints filed by two individual relators and the Aluminum Extruders Council, an international industry association. Defendants were previously criminally convicted on charges related to the same scheme, and those convictions were affirmed by the Ninth Circuit in 2024.

The first applications to lift an automatic suspension under the Procurement Act 2023 (the Act) have recently been decided. In Parkingeye Limited v Velindre University NHS Trust & Anor [2026] EWHC 1019 (TCC), handed down on 1 May 2026, HHJ Keyser KC dismissed applications by two NHS contracting authorities to lift the suspension preventing them from concluding a car park management services contract. This is the first judicial consideration of the new test under section 102(2) of the Act.

The U.S. Court of Appeals for the Seventh Circuit recently vacated the U.S. Tax Court’s decision in Hyatt Hotels v. Commissioner, a case concerning the taxation of loyalty programs. The Seventh Circuit remanded the case to the Tax Court for further review.

PFAS in cosmetics is quickly becoming one of the highest-stakes compliance issues in the beauty and personal care industry.

For 15 years, the question “Should we file an IPR?” was easy. The answer — almost invariably — was “yes.” High institution rates, a famously skeptical U.S. Patent Trial and Appeal Board (PTAB), and minimal downside made inter partes review (IPR) a nearly reflexive tool in the litigator’s arsenal. U.S. Patent and Trademark Office (USPTO) Director Squires’ precedential decision issued May 14, 2026, in Magnolia Medical Technologies, Inc. v. Kurin, Inc. (IPR2026-00097) provides clarity to that calculus.

On May 5, 2026, CISA announced CI Fortify — an initiative directing critical infrastructure owners and operators to prepare for geopolitical conflict in which OT networks are actively targeted while communications infrastructure is simultaneously degraded.

On May 6, 2026, the Federal Aviation Administration (FAA) published a long-awaited Notice of Proposed Rulemaking (NPRM) that would create a formal process for designating drone-free zones — known as Unmanned Aircraft Flight Restrictions (UAFRs) — over critical infrastructure facilities. The proposed rule has significant implications for the entire drone ecosystem. Facility operators across a broad range of industries would gain a potential pathway to restrict unauthorized drone access to their airspace, while commercial drone operators and companies that rely on UAS services face new compliance obligations, operational constraints, and potential criminal liability in designated zones.

On May 7, 2026, the Department of War issued the long-awaited Proposed Rule to implement Section 847 of the FY 2020 National Defense Authorization Act (NDAA) regarding Foreign Ownership, Control or Influence (FOCI) requirements for contractors. The proposed rule would expand the applicability of FOCI reviews, requiring contractors and subcontractors on unclassified “covered contracts” — defense contracts and subcontracts valued in excess of $5 million that are not for commercial products and services — to submit FOCI disclosures to the Defense Counterintelligence and Security Agency (DCSA) for FOCI risk assessment (and as applicable, mitigation) as part of contract award. This would effectively require DCSA assessment and adjudication of FOCI considerations prior to contract award. Thus, both cleared and uncleared defense contractors would be subject to the rigorous DCSA disclosure requirements, scrutiny, and FOCI mitigation. Crowell discussed the Section 847 requirements in a prior alert.

Businesses affected by the Strait of Hormuz crisis are likely to be navigating both sides of the contractual liability equation: seeking to enforce protections while simultaneously trying to limit their own exposure. This balancing act will feel familiar to those who managed supply chain disruptions during the Covid pandemic or in response to Russian sanctions. But the scale of uncertainty and the severity of the current situation make it particularly challenging to chart a clear path forward. This note provides an overview of the English-law issues that have arisen in this current crisis and is relevant for companies and legal counsel seeking to understand and mitigate contractual risk in their supply chains, including for shipping, energy, commodities, and construction.

The president of the Competition Appeal Tribunal (CAT) has signalled a more rigorous approach to scrutinising opt-out collective actions at the certification stage, with particular attention to whether the financial benefits of such claims flow to the claimant class or primarily to their lawyers and funders. Coming at a time when the UK Law Commission is consulting on expanding the scope of the opt-out regime, this development warrants careful consideration by all those with interests in the UK litigation funding market.

In our ninth alert in this EU Pharma Package Series, we discussed the proposals of the Commission, Council, and Parliament with respect to advertising of medicinal products.

On April 29, 2026, the New York Department of Financial Services (NYDFS) announced the finalization of a $2.25 million settlement with Delta Dental of New York and Delta Dental Insurance Co., resolving allegations that the affiliated companies failed to comply with the state’s stringent cybersecurity, consumer data protection, and incident reporting requirements. For health insurers, managed care organizations, and their third-party service providers operating in New York, the announcement comes as the latest signal that the NYDFS intends to aggressively enforce its cybersecurity regulations — which are widely considered the strictest in the nation following a 2023 overhaul. These regulations, codified at 23 NYCkRR 500 (Cybersecurity Requirements for Financial Services Organizations), apply to any entity licensed under New York insurance law, including health insurers, managed care organizations, and their third-party service providers.

The ICCU is poised to become one of the most significant international compensation mechanisms of this generation. Crowell & Moring has the experience to help with your claim.

This news bulletin is provided by the International Trade Group of Crowell & Moring. If you have questions or need assistance on trade law matters, please contact Anand Sithian or Simeon Yerokun or any member of the International Trade Group.

On April 30, 2026, USPTO Director John A. Squires issued an updated memorandum superseding the December 4, 2025, guidance on Best Practices for Submission of Rule 132 Subject Matter Eligibility Declarations (SMEDs). The USPTO has also created a new position — Deputy Commissioner for Patents focusing on AI Policy, Practice, and Operations — and has welcomed longtime practitioner and private-sector AI expert Barry Schindler to this role. This alert summarizes the key updates and actionable guidance for patent applicants and practitioners.