November 2025

Updated December 4, 2025.  Originally posted November 26, 2025.

In November, the Federal Communication Commission (“FCC”) released a Second Further Notice of Proposed Rulemaking (“FNPRM”) proposing to eliminate or modify various broadband label rules for Internet Service Providers (“ISPs”).  The FCC’s primary rationale for these proposed changes is that the rules are cumbersome for ISPs

On November 19, 2025, the Equal Employment Opportunity Commission (“EEOC”) released a technical assistance document, “Discrimination Against American Workers Is Against The Law,” and updated its landing page on national origin discrimination.  This development reflects EEOC Chair Lucas’s focus on national origin discrimination and Anti-American bias and follows comments she made in January

As previously noted, although agency organizational conflict of interest (OCI) investigations are highly discretionary, that discretion is not boundless.  GAO’s recent sustain of an impaired objectivity OCI claim in Castro & Company, LLC, B-423689, Nov. 13, 2025, underscores that point, and highlights the need for contracting officers to meaningfully consider the potential conflict

After months of uncertainty, the outlook for key EU sustainability laws is far clearer.

On November 13, 2025, the European Parliament adopted its negotiating position on the Corporate Sustainability Reporting Directive (“CSRD”) and the Corporate Sustainability Due Diligence Directive (“CSDDD”) Omnibus simplification. This follows the European Commission’s Omnibus proposal in February (see more here)

Last week, the Third Circuit affirmed dismissal of a putative class action asserting that defendant Quest Diagnostics violated the California Invasion of Privacy Act (“CIPA”) and the Confidentiality of Medical Information Act (“CMIA”) by employing a website pixel to track and collect data about their website activity for advertising purposes.  See Cole v. Quest Diagnostics

Last week, the Third Circuit affirmed dismissal of a putative class action asserting that defendant Quest Diagnostics violated the California Invasion of Privacy Act (“CIPA”) and the Confidentiality of Medical Information Act (“CMIA”) by employing a website pixel to track and collect data about their website activity for advertising purposes.  See Cole v. Quest Diagnostics

Recently, a California federal court granted summary judgment for defendant Eating Recovery Center (“ERC”) on a plaintiff’s California Invasion of Privacy Act (“CIPA”) § 631(a) wiretapping claim, joining other California federal courts that have granted summary judgment on CIPA claims for a plaintiff’s failure to “satisfy [CIPA’s] ‘in transit’ requirement as a matter of law.” 

In Notice 2025-62, released on November 5, the IRS provided temporary relief to employers and payors for failing to comply with certain reporting requirements added to the Internal Revenue Code by the One, Big, Beautiful Bill Act (OBBBA) in conjunction with sections 224 and 225 of the Internal Revenue Code (see prior coverage).

On November 19, 2025, the Equal Employment Opportunity Commission (“EEOC”) released a technical assistance document, “Discrimination Against American Workers Is Against The Law,” and updated its landing page on national origin discrimination.  This development reflects EEOC Chair Lucas’s focus on national origin discrimination and Anti-American bias and follows comments she made in January

On November 20, 2025, the Securities and Exchange Commission (“SEC”) announced that it was voluntarily dismissing the case it brought against SolarWinds Corp. (“SolarWinds”) and its Chief Information Security Officer, Timothy Brown, regarding the company’s security practices and related statements in connection with the “Sunburst” cybersecurity incident. The SEC stated in a brief release that