As many readers will be aware, the EU’s new cybersecurity directive, NIS2, imposes security, incident notification, and governance obligations on entities in a range of critical sectors, including energy, transport, finance, health, and digital infrastructure (for an overview of NIS2, see our previous post here). One of the main reasons the Commission proposed these new rules was the inconsistent ways in which Member States had implemented requirements under the prior directive, NIS. To help improve harmonization further, the Commission has now issued two guidance documents to help assess when NIS2 or sector-specific requirements apply, and to ensure that registration requirements are consistent across the Union.

On 12 September 2023, the UK Information Commissioner, John Edwards, and the Chief Executive of the National Cyber Security Centre (“NCSC”), Lindy Cameron, signed a joint memorandum of understanding (“MoU”) detailing how the Information Commissioner’s Office (“ICO”) and NCSC will work together moving forward.

The MoU does not create legally binding obligations between the ICO and NCSC, but provides a strong signal of intent for areas of cooperation.  The statements about information sharing and engaging with NCSC leading to potentially reduced fines under the UK GDPR are likely to be of particular interest to commercial organizations.

A pair of malic acid decisions recently issued by Judge Coleman in the Northern District Court of Illinois reaffirmed that the statements “natural flavors with other natural flavors” and “no artificial flavors” receive different treatment under state false advertising laws, at least in that district.

US-Flag-Columns

Domestic sourcing requirements are not new, but the Government is always developing new tools for increasing the sourcing of goods from the U.S. and allied countries.  Both sides of the political aisle have marched to a drumbeat of increased domestic sourcing for the past several years.  Most recently, the Biden Administration implemented Executive Order 14005

We’ve seen this movie before. Conservatives, eager to bend the curve on federal outlays, are preparing to use the only leverage they have (their votes) while Senate Majority Leader Charles Schumer is talking about “House Republican extremists” causing a government shutdown. In most people’s eyes, Republicans have “lost” every shutdown fight since 1995. So why are conservatives back at it again?

Beyond their preference for a smaller government, conservatives are not alone in seeing runaway spending as a dire threat and will admit that their own party shares the blame. Our political system is structurally ill-equipped to turn off spending once it begins. A new estimate that the deficit will double to $2 trillion this year and Fitch Ratings’ recent downgrade of government credit are the most recent reminders that the problem is real. Efforts to rein in the deficit date back at least to the Gramm-Rudman-Hollings agreement in 1985 and include proposed Constitutional amendments, the Budget Enforcement Act of 1990 (PAYGO), the Line Item Veto Act of 1996, the Balanced Budget Act of 1997, a “sustainable growth rate” for Medicare reimbursements, George W. Bush’s plan to make Social Security sustainable, the 2010 Simpson-Bowles Commission, the 2011 ‘Supercommittee,’ sequestration, the discretionary spending caps in the Budget Control Act of 2011, revenue-producing tax increases, and growth-generating tax cuts.

None of it worked and the government is $32 trillion in debt. Congress rarely makes tough decisions without an action-forcing mechanism and conservatives want to be that mechanism. The House’s two conservative caucuses, the Freedom Caucus and the larger Republican Study Committee have identified similar priorities. Most broadly, they do not want the Covid-era surge in spending to serve as the baseline for future spending. The FY 2023 omnibus, which was called a “monstrosity” by Speaker Kevin McCarthy, passed the House with almost no GOP support in the very last days of the Democrats’ majority. Conservatives want to return to pre-Covid levels or lower. With $115 billion in rescissions, House appropriators have offered budgetary authority at pre-pandemic (FY 2022) levels, but conservatives say this is a gimmick that won’t reduce actual outlays. On this point, the Heritage Foundation says, ‘This represents an unprecedented expansion of rescissions as a budgetary tool to add spending within appropriations caps.’ Many conservatives also see the President’s emergency supplemental request as an end-run around the debt-limit agreement and have a longstanding position that supplementals should be offset.

Last week, the California Legislature passed two bills as part of the state’s landmark “Climate Accountability Package.”  If signed by Governor Newsom as anticipated, the two laws—Senate Bill 253 (SB 253) and Senate Bill 261 (SB 261)—will usher in significant climate-related disclosure requirements for thousands of U.S. public and private companies that do business in California.

SB 253 and SB 261 mark the most extensive emissions- and climate-disclosure laws enacted in the United States to date.  SB 253 requires companies with greater than $1 billion in annual revenues to file annual reports publicly disclosing their direct, indirect, and supply chain greenhouse gas (GHG) emissions, verified by an independent and experienced third-party provider.  SB 261 requires companies with $500 million in annual revenues to prepare biennial reports disclosing climate-related financial risk and measures they have adopted to reduce and adapt to that risk, with the first report due by January 1, 2026.

This post focuses on SB 261’s climate-related financial risk disclosure requirements. You can find our post on SB 253’s GHG emissions reporting requirements here.

Last week, the California Legislature passed two bills comprising the core of a landmark “Climate Accountability Package.”  Together, the two bills will impose extensive new climate-related disclosure obligations on thousands of U.S. public and private companies with operations in California.  Senate Bill 253 (SB 253) would require companies with greater than $1 billion in annual revenues to file annual reports publicly disclosing their Scope 1, 2 and 3 greenhouse gas (GHG) emissions.  Senate Bill 261 (SB 261) would require companies with greater than $500 million in annual revenues to prepare biennial reports disclosing climate-related financial risk and describing measures adopted to mitigate and adapt to that risk.

Yesterday afternoon during an appearance at Climate Week NYC, Governor Newsom told the audience emphatically, “of course I will sign those bills.”  When he does, many more companies will be required to improve the accuracy, completeness and rigor of their GHG reporting and climate risk disclosures. Because of the complexity of GHG reporting, we have focused the remainder of this post on SB 253.  Please see our separate post on SB 261 here.

Recently, there has been a proliferation of putative class actions targeting allegedly misleading statements (or omissions) on the FDA-approved labels for over-the-counter (“OTC”) drugs.  Last year, we explained how these types of claims are vulnerable to a strong federal preemption defense.  In short, because the Federal Food, Drug, and Cosmetic Act (“FDCA”) explicitly forbids states from imposing OTC labeling requirements that are “different from,” “in addition to,” or “otherwise not identical” with those provided under federal law, 21 U.S.C. § 379r(a), state-law claims that directly challenge or conflict with the FDA’s decision-making for OTC drug labels are expressly preempted.

Last week, Ethiopia hosted the 2nd regional African Forum on Business and Human Rights. This year’s Forum focused on local perspectives and solutions to implementing the UN Guiding Principles on Business and Human Rights (UNGPs), including in the context of operationalising the African Continental Free Trade Area (AfCFTA). Participants included a range of stakeholders including business enterprises and associations, governments, civil society, Indigenous Peoples groups, labour organisations, international and regional organizations and national human rights institutions. Dialogue touched on critical issues including the intersection between environmental and social impacts and the importance of developing and implementing business and human rights (BHR) frameworks that are appropriate for Africa.

In this post, we distil several considerations for businesses operating in Africa:

  • Stakeholders are committed to establishing BHR frameworks tailored to Africa

    • An underlying theme of the Forum — “For Africa, From Africa” — was the implementation of the UNGPs through African perspectives. Participants discussed the extra-territorial reach of the EU’s proposed Corporate Sustainability Due Diligence Directive (CSDDD), through which the EU seeks to play a critical role in global standard setting on human rights due diligence. There was a clear recognition that the CSDDD and a plethora of other EU ESG laws are likely to apply directly or indirectly to businesses and significantly impact many businesses in the region. The EU is currently piloting projects in several African states to develop frameworks to assist states and businesses in preparing for CSDDD implementation and mitigate the risk of the law negatively impacting value chains. Despite this, there was some criticism regarding a perceived limited engagement with stakeholders in the Global South in the CSDDD drafting process and the potential risks and implications that could flow from that, including for example, a concern that costs of meeting due diligence standards could ultimately be pushed down to small-holding farmers and SMEs within the value chain.

    On September 8, 2023, Senators Richard Blumenthal (D-CT) and Josh Hawley (R-MO), Chair and Ranking Member of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law, announced a new bipartisan framework for artificial intelligence (“AI”) legislation.  Senator Blumenthal said, “This bipartisan framework is a milestone – the first tough, comprehensive legislative blueprint for real, enforceable AI protections. It should put us on a path to addressing the promise and peril AI portends.” He also told CTInsider that he hopes to have a “detailed legislative proposal” ready for Congress by the end of this year.