On 1 December 2024 the 2025-2029 College of Commissioners took office, led by President Ursula von der Leyen in her second term.

This blog explores what companies can expect from the new European Commission in the field of EU State aid.

Key takeaways

  • The Commission will establish a new State aid framework to allow EU Member States to grant State aid for (i) accelerating the roll-out of renewable energy, (ii) deploying industrial decarbonisation, and (iii) ensuring sufficient manufacturing capacity for clean tech “made in Europe” while preserving cohesion objectives.
  • Approval of State aid for Important Projects of Common European Interest (“IPCEIs”) will be made simpler and faster. The Commission may further expand the scope of IPCEIs to include innovations more broadly and possibly manufacturing projects.
  • The Commission will create a ‘European Competitiveness Fund’, aimed at supporting the development of strategic technologies and their manufacturing in the EU. Depending on its design, this fund may help level the playing field among EU Member States.
  • State aid rules will be revised to enable wider housing support measures, notably for energy efficiency and social housing. Other State aid rules will also undergo a revision during the 2025-2029 mandate, such as aid to the transport sector or for companies in difficulty.

With the 119th Congress now assembled, Republicans control both the House and Senate, and will control the White House starting on January 20th.  If history is any guide, this change in party control of the White House, plus unified control of Congress by the president’s party, will pave the way for Republicans to deploy the Congressional Review Act (CRA) to overturn a number of regulations issued by the Biden Administration.  When President Trump first took office in 2017, congressional Republicans used the CRA to overturn more than a dozen rules promulgated by the Obama Administration.   

The CRA mandates federal agencies to submit all final rules to Congress before the rule takes effect.  Then, Congress has 60 days to overturn a rule by enacting a joint resolution of disapproval that withdraws the rule and prohibits the agency from issuing a rule that is “substantially the same.”  However, if a rule is submitted to Congress within 60 days before adjournment, the CRA’s “lookback period” allows additional time—a new 60-day period—for the new Congress to review the rule and introduce a resolution of disapproval.  If a rule has already taken effect when a CRA resolution is signed into law, the rule “shall be treated as though such rule had never taken effect.” 5 U.S.C. § 801(f). 

Although the House and Senate parliamentarians make the official determination of whether a particular rule falls within the lookback period when a disapproval resolution is introduced, the Congressional Research Service estimates that rules submitted to Congress on or after August 1, 2024 are likely subject to possible nullification. The CRA allows members of Congress to introduce resolutions of disapproval starting on the 15th day of the new session. Under the current congressional schedules, Senators may introduce CRA resolutions starting around January 23, 2025, and Representatives may introduce CRA resolutions starting around February 5, 2025.

Many federal agencies operated under an earlier deadline and thus prioritized finalizing and submitting high-priority rules this spring—including those “significant rules” defined in Executive Order 12866, as amended by Executive Order 14094, that are predicted to have an annual impact of $200 million or more on the economy.  Because these rules were submitted earlier, they will likely fall outside the CRS’s estimated CRA lookback window.  The George Washington University Regulatory Study Center estimates approximately 100 of these significant rules may fall into the CRA window, which is likely fewer than in prior changes in administrations, in part due to early agency action.  However, there are more than 1,000 rules that could ultimately be subject to disapproval under the CRA in the new Congress.    

On 18 December 2024, the European Commission published a proposed implementing regulation relating to pharmacovigilance (“PV”) requirements for human medicines marketed in the EU (“Proposal”), which will update European Commission Implementing Regulation (EU) 520/2012 (“Implementing Regulation”).  While the core PV requirements, including the obligation to establish and operate a PV system and the key reporting requirements, are set out in Regulation (EC) No 726/2004 and Directive 2001/83/EC, the Implementing Regulation provides detailed requirements on the performance of PV activities, including the need for a PV system master file (“PSMF”), more comprehensive requirements for the PV quality system, and detailed provisions relating to periodic safety update reports (“PSURs”). 

The proposed changes aim to harmonize the performance of PV activities by marketing authorization holders (“MAHs”), national competent authorities and the European Medicines Agency (“EMA”), and in some cases widen the scope of the Implementing Regulation’s PV requirements.  Other changes are clarificatory in nature.

On December 12, 2024, the U.S. Federal Trade Commission (FTC) authorized its staff to file a complaint against alcohol distributor Southern Glazer’s Wine and Spirits, LLC (“Southern Glazer’s”). The complaint alleges that the company engaged in price discrimination—charging higher prices to independent businesses and lower prices to large national and regional chains—in violation of Section 2(a) of the Robinson-Patman Act (“RPA”). The Commission voted 3-2 along party lines to file the lawsuit in federal district court, with the two Republican-appointed Commissioners—Commissioners Melissa Holyoak and Andrew Ferguson—issuing strongly worded dissenting statements (see here and here, respectively). Prior to this case, the federal antitrust agencies—the FTC and the Antitrust Division of the U.S. Department of Justice (the “Antitrust Division”)—had not brought an enforcement action under the RPA in more than two decades.

On December 27, 2024,  the National Telecommunications and Information Administration (NTIA) issued a Request for Comment (“RFC”)that seeks public input on the potential impacts on the Global Positioning Satellite (GPS) L1 signal by the growth of satellite-based direct-to-device (D2D) operations that use frequencies between 1610-1660.5 MHz (the “L-band”).   As the lead spectrum advisor to the Executive Branch on spectrum issues, NTIA serves as the advocate for other agencies including the Department of Transportation (DOT) before the FCC.  NTIA issued its Request for Comment (RFC) in response to analysis prepared by DOT and states that its interest in D2D usage stems from the increasing deployment of services in which mobile devices like smartphones and Internet of Things (IoT) devices connect directly to satellite systems in the L-band, a portion of which is located near spectrum allocated to GPS.  NTIA invited comments to be filed by February 10, 2025. 

On December 31, 2024, the FCC issued a Report and Order (Third R&O) formally allocating additional spectrum for commercial space launch applications, fulfilling a provision of the Launch Communications Act (LCA) of 2024.  The LCA, which President Biden signed on September 26, 2024, directed the FCC to make the 2025–2110 MHz, 2200–2290 MHz, and 2360–2395 MHz bands (LCA Bands) available for use in commercial launches and reentries, and to finalize such allocations within 90 days of enactment of the bill.  In a statement on December 19, 2024, FCC Chairwoman Rosenworcel stated that the new rules are intended to “build upon Commission action in 2023 that will enable companies to conduct launch activities without needing to request temporary authority from the FCC for each space launch,” making the commercial space launch process more predictable.

The FCC states that the rule changes, which are part of the agency’s new Space Innovation agenda, allocating new spectrum in the 2360–2395 MHz band generally are intended to satisfy the Congressional mandate of the LCA, provide regulatory certainty to licensees, minimize administrative burdens by leveraging efficiencies of scale and scope that will spur innovation, investment, and rapid deployment of space launch operations, and protect incumbents from harmful interference.

A Colorado federal judge recently granted a motion to dismiss a putative class action against two healthcare software companies arising from a 2022 data breach in which a threat actor allegedly accessed personally identifiable information (“PII”) and protected health information (“PHI”) in “over 250,000 patient records.”  See Henderson v. Reventics, LLC, 2024 WL 5241386 (D. Colo. Sept. 30, 2024).

Introduction

On December 27, 2024, the U.S. Department of Justice (“DOJ”) issued the Final Rule implementing President Biden’s February 28, 2024 Executive Order on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “EO”). The Final Rule solidifies a new national security regulatory regime focused on protecting bulk U.S. sensitive personal data and government-related data from countries of concern, including the People’s Republic of China (“PRC” or “China”), and represents the latest step in the U.S. government’s whole-of-government effort to “de-risk” with respect to China. The Final Rule marks the first time that U.S. persons will be categorically prohibited from engaging in certain transactions that may result in foreign access to bulk U.S. sensitive personal data and government-related data. It also provides that certain other transactions will be “restricted,” meaning they are prohibited unless the U.S. business first implements a range of security requirements, which in some cases will be onerous or costly. The Final Rule accordingly could have wide-ranging implications for U.S. companies across various industries. The Final Rule takes effect 90 days after publication in the Federal Register, which is set for January 8, 2025, although certain compliance requirements will not take effect until 270 days following publication.

In parallel with the release of the Final Rule, on January 3, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”), which is part of the U.S. Department of Homeland Security (“DHS”), released the final security requirements (the “Security Requirements”). The Security Requirements set forth the measures that U.S. persons must satisfy in order to engage in restricted transactions, and are incorporated by reference into the Final Rule.

Importantly, as we discussed in our analysis of the Advance Notice of Proposed Rulemaking (“ANPRM”) and our analysis of the Notice of Proposed Rulemaking (“NPRM”), the Final Rule is a national security regulation designed to address identified risks to U.S. national security—not a privacy regulation designed to protect privacy or other individual interests. Consequently, while the Final Rule regulates transactions involving personal data, many of the concepts and definitions diverge materially from those in existing privacy regimes. The Final Rule stems from the U.S. government’s increasing unwillingness to tolerate foreign adversary access to U.S. personal data. As DOJ explained in the preamble to the Final Rule, “[t]his rule will prevent . . . foreign adversaries from legally obtaining [bulk U.S. sensitive personal data or government-related data] through commercial transactions with U.S. persons, thereby stemming data flows and directly addressing the national security risks identified in the [EO].” DOJ cited examples such as (1) the ability of journalists to track the movements of U.S. President Joe Biden, U.S. Vice President Kamala Harris, and now President-Elect Donald Trump through their bodyguards’ use of a fitness app; and (2) the ability to track U.S. government personnel movement through the purchase of location information and digital advertising data—that demonstrate the U.S. national security risks associated with foreign adversary access to commercially available data. Finally, DOJ made a particular point of explaining that certain data that is anonymized or depersonalized presents U.S. national security risks, especially with respect to the ability of adversaries to use “bulk human genomic data[] to enhance military capabilities that include facilitating the development of bioweapons.”

On January 6, 2025, the U.S. Food and Drug Administration (FDA) issued its Draft Guidance on the Labeling of Plant-Based Alternatives to Animal-Derived Foods. The draft guidance outlines FDA’s recommendations for naming plant-based egg, seafood, poultry, meat, and dairy products (other than milk[1]) in compliance with FDA’s naming requirements for non-standardized foods. The draft guidance expressly “excludes animal proteins produced by microflora,” such as those produced using precision fermentation. Interested stakeholders should provide comments on the draft guidance by May 7, 2025, after which point FDA will begin work on the final guidance.

I. FDA’s Naming Requirements for Non-Standardized Foods

The Federal Food, Drug, and Cosmetic Act (FDCA) and FDA’s implementing regulations require that the labels of non-standardized foods (i.e., foods for which FDA has not issued a standard of identity) bear the common or usual name of the food or, if there is no such name, an accurate description of the food or a fanciful name commonly used by the public.[2] The draft guidance notes that while many plant-based alternatives are foods for which no common or usual name has been established, manufacturers should look to FDA’s general principles for identifying common or usual names when selecting names for these foods.[3] For example, appropriate names should describe the basic nature of the food, should be uniform among identical or similar products, and should adequately distinguish between classes or subclasses of a product. Against this backdrop, the draft guidance provides specific recommendations for naming plant-based alternatives.

II. FDA’s Recommendations

The draft guidance’s primary recommendation—and one that could pose implications for many currently-marketed plant-based products—is that the statement of identity for plant-based alternatives should identify the specific plant source(s) from which the food is derived (e.g., “soy chicken,” “black bean mushroom veggie patties,” “chickpea and lentil-based fish sticks). The draft guidance notes that, while general terms like “plant-based” can help convey that a product is not animal-derived, such terms do not, by themselves, adequately distinguish a food from other plant-based alternatives and therefore do not provide consumers with sufficient information to make purchasing decisions. Thus, while terms like “plant-based” can be used as part of a product’s name, the draft guidance recommends that such terms be accompanied by language that identifies the specific plant source(s) in the product (e.g., using “plant-based soy-bacon” instead of just “plant-based bacon”).

Under a newly enacted law, beginning June 30, 2026, defense contractors risk losing all future contracts with the Defense Department if they engage outside consultants that lobby for certain Chinese companies. On December 23, 2024, President Biden signed the National Defense Authorization Act (“NDAA”) for Fiscal Year (“FY”) 2025, which sets annual spending and