Shortly before adjourning for 2025, the Senate passed two bills to broaden disclosure and registration requirements related to the regulation of foreign agents under the Foreign Agents Registration Act (“FARA”) and the Lobbying Disclosure Act (“LDA”): the Disclosing Foreign Influence in Lobbying Act (S. 856 / H.R. 1883) and the Lobbying Disclosure Improvement

On December 22, the Federal Trade Commission (“FTC”) issued an order setting aside its 2024 final consent order against Rytr, LLC (“Rytr”) on the grounds that the facts alleged in the Rytr complaint did not violate Section 5.  The Commission further found that the Rytr order did not provide any benefit to consumers and thus

In 2024, the Federal Communications Commission (FCC) issued fines to four major telecommunications carriers—Verizon, AT&T, Sprint, and T-Mobile—for allegedly failing to protect the geolocation data of their subscribers, which the FCC claimed violated its Customer Proprietary Network Information (“CPNI”) rules. To challenge the action, all four carriers had to first pay the fines, which they did.  They then petitioned for review of the FCC’s decision in various U.S. courts of appeals, arguing that the FCC’s procedure for adjudicating monetary fines violated their right to a jury trial as guaranteed by the Seventh Amendment. Verizon sought relief in the Second Circuit, T-Mobile (which had merged with Sprint) sought relief in the D.C. Circuit, and AT&T sought relief in the Fifth Circuit.

The Second Circuit and the D.C. Circuit held in favor of the FCC, rejecting the carriers’ argument that the FCC violated their Seventh Amendment rights. But the Fifth Circuit reached a different conclusion, holding that the FCC’s procedure did in fact violate AT&T’s right to a jury trial. The FCC (which lost in the Fifth Circuit) and Verizon (which lost in the Second Circuit) each has filed a petition for certiorari at the Supreme Court.

With a 2-1 federal circuit split and two certiorari petitions pending, some are predicting that there is a good chance that the Supreme Court will decide to consider the appeals. The dispute raises a fundamental question about the FCC’s authority to impose monetary penalties through its in-house administrative enforcement procedures. If the Supreme Court grants certiorari, it will be called upon to determine whether the Communications Act violates the Seventh Amendment by authorizing the FCC to order the payment of monetary penalties for violations of the Act, without guaranteeing the right to a jury trial. The resolution of this dispute thus could have significant implications for how the FCC enforces the law against telecommunications carriers and other entities subject to its jurisdiction.

Both petitions for certiorari have been distributed for a January 9, 2026 conference.

Among a wave of noteworthy results in this fall’s off-year elections, Zohran Mamdani’s selection as the next Mayor of New York City was perhaps the most closely watched and widely discussed. Though much of that commentary has focused on the new Mayor himself, the New York City Council appears poised to exert its own power

On January 7, 2026, China’s National Medical Products Administration (“NMPA”) released an Announcement on Further Optimizing the Review and Approval of Drugs Marketed Overseas That Are Urgently Needed in Clinical Practice (“Announcement”).[1]  NMPA published the draft announcement for comment in June 2024.[2]  The Announcement is part of series of measures that

On December 4, 2025, the German Federal Government published its Federal Modernization Agenda, setting out a series of suggested amendments to the GDPR and the Federal Data Protection Act (Bundesdatenschutzgesetz). Among the key measures, Germany seeks to shift certain responsibilities from users to manufacturers and providers of standard IT products—following the model of the Cyber Resilience Act (CRA) and the AI Act—so that organizations can deploy standard solutions more easily and in compliance with the law.

The German Data Protection Conference (Datenschutzkonferenz, DSK)—the body of federal and state data protection authorities—has adopted a resolution strongly supporting this approach. The resolution builds on recommendations the DSK first made in its 2019 evaluation of the GDPR.

The Federal Trade Commission (FTC) recently announced that it agreed to proposed consent orders with two companies that experienced recent cybersecurity incidents, Illuminate Education (“Illuminate”) and Illusory Systems, which does business as Nomad (“Illusory”), to resolve allegations that both companies’ information security practices had violated Section 5 of the FTC Act.  Both consent orders include

The Federal Trade Commission (FTC) sent letters to 10 companies—whose identities were not publicly disclosed—on December 22, 2025, warning them about potential violations of the Consumer Reviews Rule. The Rule, which took effect in October 2024, targets deceptive online review and testimonial practices. These warning letters mark the FTC’s first public enforcement action under the

On December 16, 2025, the U.S. National Institute of Standards and Technology (“NIST”) published a preliminary draft of the Cybersecurity Framework Profile for Artificial Intelligence (“Cyber AI Profile” or “Profile”).  According to the draft, the Cyber AI Profile is intended to “provide guidelines for managing cybersecurity risk related to AI systems [and] identify[] opportunities for

On December 19, New York Governor Kathy Hochul (D) signed the Responsible AI Safety & Education (“RAISE”) Act into law, making New York the second state in the nation to codify public safety disclosure and reporting requirements for developers of frontier AI models.  Prior to signing, Governor Hochul secured several commitments from the legislature to