2025

The U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) plans to delay the publication of its much-anticipated cybersecurity incident reporting rule implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”).  According to an entry on the Spring 2025 Unified Agenda of Regulatory and Deregulatory Actions, released on September 4, 2025, CISA currently plans

Though the 2nd Trump Administration has dramatically turned away from the energy and industrial policies of the Biden Administration, private-sector proponents of advanced energy projects may still find opportunities to partner with the federal government on certain Research and Development (R&D) or commercialization projects in the energy sector. 

Since January 2025, nearly all corners of

On September 4, 2025, the Court of Justice of the EU (“Court”) handed down its judgment in case EDPS v SRB C-413/23 P, setting aside the General Court of the European Union’s (“General Court”) judgment of April 26, 2023 in case SRB v EDPS T‑557/20.  In particular, the Court clarified that whether pseudonymized data can

Federal contractors, grantees, borrowers, and others receiving federal funds face a variety of restrictions on their use of those funds for political purposes, including for lobbying. A new presidential memorandum issued last week by President Trump highlights one of those restrictions, 31 U.S.C. § 1352, also known as the Byrd Amendment, and singles out

On June 25, 2025, the European Commission adopted the Clean Industrial Deal State Aid Framework (CISAF) to promote the EU’s goals for decarbonization and competitiveness. CISAF makes permanent the relaxed State aid compatibility rules adopted under the Temporary Crisis and Transition Framework (TCTF). It will be in effect from June 25, 2025 until December 31,

The Spanish Ministry for Ecologic Transition and Demographic Challenge (“MITECO”) has launched a public consultation on a Draft Royal Decree (“Draft Royal Decree”) that would impose strict energy efficiency and sustainability requirements on data centers in Spain.  The proposed requirements of the Draft Royal Decree are broader and stricter than the requirements on data centers

Recently, a California federal judge dismissed a suit challenging the use of third-party email marketing pixels by clothing retailer Gap, Inc., concluding plaintiff’s “scattershot and vague assertions” were insufficient to state a plausible claim under the California Invasion of Privacy Act (“CIPA”). Ramos v. Gap, Inc., 2025 WL 2144837 (N.D. Cal. July 29, 2025).

On August 7, 2025, the Federal Trade Commission (“FTC”) announced a $45 million settlement with online lead generator MediaAlpha, Inc. and its subsidiary QuoteLab, LLC (collectively, “MediaAlpha”), resolving allegations that the companies misled consumers seeking health insurance products. According to the FTC, MediaAlpha tricked consumers into sharing sensitive personal information under the guise of offering