Client Alert Archives

The Guidelines include some shifts from prior Agency guidance, although in practice they reflect many developments already seen at the Agencies under the Biden Administration’s leadership.

On December 18, 2023, the U.S. Federal Trade Commission (FTC) and Department of Justice (DOJ) (collectively, the Agencies) jointly released the final version of the 2023 Merger Guidelines following a public comment period on an earlier draft version released in July 2023. The Guidelines reflect the Biden Administration’s competition policy and provide guidance on the Agencies’ enforcement priorities. The Guidelines are now effective, and although they include some shifts from prior Agency guidance, in practice the Guidelines reflect many developments already seen at the Agencies under the Biden Administration’s leadership.

The final revised Guidelines include several notable changes from the July draft, including:

An expanded discussion of a transaction’s potential to harm competition by eliminating potential entrants or nascent competitive threats, making clear that the Agencies view their burden to prove the loss of potential competition is materially lower than that of parties to prove that third-party potential entrants will preserve competition;
A modified discussion of vertical merger enforcement that softens the prior draft’s presumption of harm, but expands the discussion of potential foreclosure risks associated with vertical deals; and
A reframing of “trends toward consolidation” as a framework for analyzing mergers in the broader context of developments in their industry rather than as an independent theory of harm.

Overall, the final Guidelines continue to reflect the Agencies’ increased skepticism of merger and acquisition activity, especially in concentrated markets, and attempt to revive seldom-used and novel theories of competitive harm, including some based on case law from many decades ago. While they reflect current enforcement guidance, the new Guidelines are not binding on the federal courts, and it remains to be seen whether courts in the future will find them persuasive as courts have done with the 2010 Merger Guidelines. Likewise, if there is an Administration change in 2025, we expect that there will be a significant, if not wholesale, “dialing back” of these revised Guidelines.

Potential Future Competition

The final Guidelines signal Agency intent to challenge more acquisitions where no immediate competitive overlaps exist between the merging parties under the theory that parties may nevertheless be potential future competitors or important partial constraints as part of a broader “ecosystem” of competitive industry participants. While courts have historically required the Agencies to show, at least by reasonable probability (noticeably greater than 50%), that merging parties will be future competitors,[1] the 2023 Guidelines generally articulate a lower burden for the Agencies to show harm to future competition.

The theme of preventing mergers from eliminating potential and nascent competitive threats reaches across multiple sections of the final Guidelines. In addressing vertical mergers, the Guidelines focus on mergers’ potential to prevent the entry of competitors in the relevant markets under investigation as well as related markets. And in addressing horizontal mergers, the Guidelines carefully distinguish between harm to competition from a merger’s elimination of a potential entrant and rebuttal claims by merging parties that likely or potential entry of new competitors will offset competitive effects. Notably, the Guidelines articulate two different standards for establishing the likelihood of potential entry: a lower standard for Agency claims that effects on a merging party’s potential entry can harm competition because the Agencies “seek to prevent threats at their incipiency,” and a higher standard for merging parties to show that potential entry by a third party can offset competitive harms because potential entrants only offer an attenuated effect on competition compared to active participants. It remains to be seen how courts will address the inconsistency in standards (and the Guidelines cite no case law to support the bifurcated proposition).

The final Guidelines also add new language addressing the effects of “ecosystem” competition in mergers where one or both parties offer a “wide array of products or services.” The Guidelines state that large incumbent firms who acquire small niche players offering non-competing services to the acquirer may nevertheless harm competition by reducing the “ecosystem” of services and products offered by multiple competitors that in concert may constrain larger incumbent firms. The final Guidelines single out markets undergoing “technological transitions” where new technological developments can create competitive threats to incumbent firms. Under this framework, the Agencies may recontextualize smaller acquired parties as “nascent threats” who offer “partial constraints” to large incumbent acquirers.

Vertical Mergers

The final Guidelines’ treatment of vertical mergers is markedly different from the July 2023 draft, reducing the draft version’s focus on categorical presumptions but expanding the discussion of potential harms.

While the draft Guidelines articulated a presumption of illegality when a merged firm has a “foreclosure share” above 50 percent, the final version notes in a footnote that this threshold is sufficient for a general inference of harm “in the absence of countervailing evidence.” In most regards, however, the Guidelines expand categories of potential harms resulting from vertical consolidation. For example, the Guidelines contain an expanded discussion of foreclosure concerns stemming from a vertical merger, including foreclosure of “routes to market,” referring to limiting market participants’ means of access to trading partners, distribution channels, or customers. The final Guidelines also expand on vertical mergers’ potential creation of barriers to entry by requiring potential entrants to invest in related products as well as the relevant product at issue in an investigation. Finally, the Guidelines expound on foreclosure incentives, articulating a low Agency burden of proof that the existence of close competition between merging parties alone signifies an incentive to foreclose rivals through direct or indirect downstream means.

Trends Toward Consolidation

The final Guidelines significantly alter and expand Guideline 7 (formerly Guideline 8 in the draft Guidelines) regarding industry trends towards consolidation. The draft Guidelines appeared to articulate an independent theory of harm that mergers could lessen competition by “contribut[ing] to a trend towards consolidation,” relying on language from the Supreme Court in General Dynamics “allow[ing] the Government to rest its case on a showing of even small increases of market share or market concentration in those industries or markets where concentration is already great or has been recently increasing.”[2]

By contrast, the final Guidelines now note that a trend towards consolidation is a “highly relevant factor” that may “heighten the competition concerns identified in Guidelines 1-6.” Rather than serve as an independent theory of harm on which the Agencies may challenge a merger, however, the Guidelines now articulate that mergers will be reviewed in the context of other industry consolidation activity, and the Agencies will analyze proposed transactions’ potential effect on potential future consolidation activity. The Guidelines discuss an “arms race” concern that consolidation can create leverage against participants in upstream, downstream, or other related markets that encourage further consolidation and generally reduce competition. Vertical mergers, while generally considered inherently procompetitive by courts due to synergies such as elimination of double-marginalization, are particularly susceptible to scrutiny where other market participants may move to vertically integrate to achieve similar efficiencies. Additionally, the Guidelines note that multiple mergers by different players in the same industry may be examined in context of one another, though the Guidelines do not expound further on how this may affect concentration calculations and to what extent trends towards consolidation could serve as a factor in enforcement action claims. The final Guidelines make clear, however, that merging parties must remain cognizant of wider industry merger and acquisition trends in analyzing risk of investigation in planned transactions.

Conclusions and Takeaways

The 2023 Merger Guidelines provide a window into the expanded and more aggressive antitrust enforcement characterizing Agency review of mergers under the Biden Administration.[3] Importantly, as noted, the Guidelines neither reflect nor create binding authority on merging parties. Rather, the Guidelines provide guidance on how and under what circumstances the Agencies will consider enforcement actions and the theories under which they may bring such actions. Actions brought under the enforcement policies articulated and expanded upon in the final Guidelines are subject to review by federal courts, assuming the parties decide to litigate. To prevail on the novel and expanded theories of harm in the Guidelines, the Agencies will ultimately need to persuade federal courts that these theories are supported by legal precedent. Nevertheless, merging parties should expect aggressive enforcement action by the Agencies that seek abandonment of mergers through lengthy investigations, procedural delay, and more frequent court challenges.

Firms considering transactions should continue to proactively consult with antitrust counsel early in the transaction consideration process to identify and mitigate risk. Gibson Dunn attorneys are closely monitoring these developments and are available to discuss these issues as applied to your particular business.

__________

[1] See, e.g., FTC v. Meta Platforms Inc., ___ F.3d __, 2023 WL 2346238, at *22 (N.D. Cal. 2023) (requiring a probability of entry “noticeably greater than fifty percent”). Other courts have imposed an even stricter standard, requiring the government to establish the likelihood of future entry with “clear proof.” FTC v. Atl. Richfield Co., 549 F.2d 289, 295 (4th Cir. 1977).

[2] United States v. General Dynamics Corp., 415 U.S. 486 (1974).

[3] See Gibson Dunn Client Alerts: U.S. Antitrust Agencies Release Updated Merger Guidelines (July 20, 2023); DOJ Signals Increased Scrutiny on Information Sharing (Feb. 10, 2023); FTC Proposes Rule to Ban Non-Compete Clauses (Jan. 5, 2023); FTC Announces Broader Vision of Its Section 5 Authority to Address Unfair Methods of Competition (Nov. 14, 2023); DOJ Antitrust Secures Conviction for Criminal Monopolization (Nov. 9, 2022); DOJ Antitrust Division Head Promises Litigation to Break Up Director Interlocks (May 2, 2022).

The following Gibson Dunn attorneys prepared this update: Kristen Limarzi, Stephen Weissman, Chris Wilson, Jamie France, Zoë Hutchinson, Logan Billman, and Kyla Osburn*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Antitrust and Competition, Mergers and Acquisitions, or Private Equity practice groups, or the following practice leaders:

Antitrust and Competition:
Rachel S. Brass – San Francisco (+1 415.393.8293, [email protected])
Kristen C. Limarzi – Washington, D.C. (+1 202.887.3518, [email protected])
Ali Nikpay – London (+44 20 7071 4273, [email protected])
Cynthia Richman – Washington, D.C. (+1 202.955.8234, [email protected])
Christian Riis-Madsen – Brussels (+32 2 554 72 05, [email protected])
Stephen Weissman – Washington, D.C. (+1 202.955.8678, [email protected])
Chris Wilson – Washington, D.C. (+1 202.955.8520, [email protected])
Jamie E. France – Washington, D.C. (+1 202.955.8218, [email protected])

Mergers and Acquisitions:
Robert B. Little – Dallas (+1 214.698.3260, [email protected])
Saee Muzumdar – New York (+1 212.351.3966, [email protected])

Private Equity:
Richard J. Birns – New York (+1 212.351.4032, [email protected])
Wim De Vlieger – London (+44 20 7071 4279, [email protected])
Federico Fruhbeck – London (+44 20 7071 4230, [email protected])
Scott Jalowayski – Hong Kong (+852 2214 3727, [email protected])
Ari Lanin – Los Angeles (+1 310.552.8581, [email protected])
Michael Piazza – Houston (+1 346.718.6670, [email protected])
John M. Pollack – New York (+1 212.351.3903, [email protected])

*Kyla Osburn is an associate working in the firm’s Palo Alto office who is not yet admitted to practice law.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

The case is particularly significant for limited partners in private equity and hedge fund managers organized as limited partnerships.

On November 28, 2023, the U.S. Tax Court (the “Tax Court” or the “Court”) issued its opinion in Soroban Capital Partners LP v. Commissioner,[1] holding that a “functional analysis test” must be applied in determining whether the “limited partner exception” to the imposition of Self-Employed Contributions Act (“SECA”) tax under section 1402(a)(13)[2] applies to limited partners in a limited partnership.[3] The case is particularly significant for limited partners in private equity and hedge fund managers organized as limited partnerships. Since the launch of its SECA tax compliance campaign in 2018,[4] the Internal Revenue Service (the “IRS”) has been pursuing self-employment tax audits of limited partnerships, limited liability companies, and limited liability limited partnerships. The campaign seeks to address the IRS’s contention that certain taxpayers have been improperly claiming to be “limited partners” for purposes of the “limited partner exception” from SECA tax.

The decision in Soroban Capital Partners LP (“Soroban”), amidst the IRS’s SECA tax compliance campaign, represents a meaningful victory for the IRS that, if sustained on appeal, could significantly limit the ability of many limited partners to assert that they are not subject to self-employment tax.

I. Background

SECA, enacted into law in 1954,[5] requires self-employed individuals to contribute to Social Security and Medicare by imposing a tax on their net earnings from self-employment. The SECA tax applies to “self-employment income,” defined – somewhat tautologically – in section 1402(b) as “net earnings from self-employment” (“NESE”). The SECA tax currently comprises two component parts: a 12.4 percent Social Security tax on the first $160,200 (for 2023) of NESE and 3.8 percent Medicare tax on all NESE.[6] The SECA tax applies to a partner’s distributive share of the partnership’s business income, unless an exception applies, and also applies to a partner’s guaranteed payments for services.

Section 1402(a)(13), enacted as part of the Social Security Amendments of 1977,[7] carves out an exception from NESE (the “Limited Partner Exception”) for “limited partners” that excludes “the distributive share of any item of income or loss of a limited partner, as such, other than guaranteed payments described in section 707(c) to that partner for services actually rendered to or on behalf of the partnership to the extent that those payments are established to be in the nature of remuneration for those services.” (Emphasis added). In enacting this exception, Congress was concerned that individuals were investing as limited partners in investment-related business ventures, paying a small amount of SECA tax, and thereby qualifying for future Social Security benefits. The Limited Partner Exception was intended to curb this perceived abuse.[8]

The scope of the Limited Partner Exception has been subject to some debate because the term “limited partner” is not defined in section 1402 or in the Treasury regulations and, in general, is not a term elsewhere defined in the U.S. federal tax law or commonly understood to have a particular meaning for U.S. federal tax purposes.[9] The emergence – in the 1990s and the first decade of this century – of so-called “hybrid entities,” such as limited liability companies (“LLCs”), limited liability partnerships (“LLPs”), and limited liability limited partnerships (“LLLPs”), which often are classified as partnerships for U.S. federal income tax law purposes, has given rise to questions as to the scope of interpreting and applying the Limited Partner Exception.

In 1994, the Treasury Department and the IRS issued proposed regulations defining “limited partner” for purposes of the Limited Partner Exception.[10] Those regulations were re-proposed in 1997.[11] The proposed regulations also applied to owners of entities other than limited partnerships, such as LLCs. These proposed regulations would have disqualified individuals from being considered limited partners if they bore personal liability for partnership debts, had authority to contract for the partnership, or participated in the partnership’s trade or business for over 500 hours during the partnership’s taxable year.[12] In response to negative reaction from parts of the U.S. media, Congress subsequently enacted a one-year moratorium preventing the finalization of the proposed regulations, due to a concern that the proposed change in the treatment of individuals who are limited partners under applicable state law would have exceeded Treasury’s regulatory authority.[13] In the twenty-five years that have passed since the expiration of the moratorium, neither the IRS nor Congress has clarified the definition of a “limited partner.”[14]

Although several cases have interpreted the Limited Partner Exception in the context of LLPs and LLCs,[15] until Soroban no case had interpreted the Limited Partner Exception in the context of a limited partner who owns a limited partner interest in a limited partnership. Somewhat ironically, Judge Buch wrote the only opinion in this area of the law holding that a member of an LLC classified as a partnership for tax purposes should be treated as a limited partner for purposes of the Limited Partnership Exception.[16]

II. Background to Soroban Capital Partners LP

Soroban, a Delaware limited partnership, is a hedge fund manager located in New York City. During 2016 and 2017, Soroban had four partners: three individual limited partners, each of whom was a limited partner, and Soroban Capital Partners GP LLC, a Delaware limited liability company, as the general partner. The general partner was owned indirectly by the three individual limited partners.

According to the limited partnership agreement, the general partner was to carry on the business and affairs of the limited partnership and had the ultimate authority to make decisions on behalf of the limited partnership. One of the limited partners served as the Managing Partner and Chief Investment Officer, another limited partner served as the Co-Managing Partner, and the third limited partner served as the Head of Trading and Risk Management of Soroban. Two of the limited partners had negative consent rights over certain enumerated actions of a fundamental nature. Each of the three individual limited partners devoted his full-time efforts to the activities of Soroban and its affiliates.

During the years at issue, Soroban made guaranteed payments for services to each of the three individual limited partners and allocated the remaining ordinary business income among all of its partners. Soroban reported the guaranteed payments, as well as the general partner’s share of ordinary business income, but not the limited partners’ shares of ordinary business income, as subject to SECA tax.

The IRS challenged Soroban’s position that the limited partners’ shares of ordinary business income were not subject to SECA tax and issued Notices of Final Partnership Administrative Adjustment (“FPAAs”) making adjustments to Soroban’s NESE for the years in issue. Soroban’s tax matters partner filed a petition in Tax Court challenging the FPAAs and then filed a motion for summary judgment requesting that the Court find as a matter of law that the Limited Partner Exception precludes the limited partners’ shares of ordinary business income from being subject to SECA tax.

III. The Court’s Analysis

Addressing the merits of the case,[17] the Court held that the “limited partner exception does not apply to a partner who, is limited in name only,”[18] even when that person is a limited partner in a limited partnership. The Court turned to principles of statutory construction to ascertain Congress’s intent, as neither section 1402(a)(13) nor applicable regulations define the term “limited partner.” The Court focused on the phrase “limited partner, as such.” In the Court’s view, if Congress had intended for limited partners to be per se excluded from the SECA tax, Congress could have simply used the term “limited partner” without “as such.” In support of its interpretation, the Court reviewed legislative history, stating that “Congress enacted section 1402(a)(13) to exclude earnings from a mere investment. It [Congress] intended for the phrase ‘limited partners, as such’ used in section 1402(a)(13) to refer to passive investors.”[19] The Court held that it must apply a “functional analysis test” to determine whether a limited partner in a limited partnership is a “limited partner, as such.”

In other words, the Court effectively concluded that there is no legally relevant distinction between limited partners in a limited partnership and the partners or members of the other entities (e.g., LLCs and LLPs) addressed under the Court’s prior precedent. This is a surprising expansion of the prior precedent given the very clear language of the Code and the much more obvious meaning of the words “as such,” reflecting a distinction between the distributive share of income received by an individual who is both a limited partner and a general partner in the limited partnership. As stated in the legislative history, “if a person is both a limited partner and a general partner in the same partnership, the distributive share received as a general partner would continue to be covered ….”[20] Thus, “as such” was a necessary clarification that only the distributive share of income attributable to the limited partnership interest is excepted from NESE.

IV. Implications

Because the Soroban opinion addressed only the legal question on summary judgment of whether a partner in a limited partnership is per se excluded from SECA tax, the Tax Court has not yet addressed whether the limited partners in Soroban satisfy the “functional analysis test,” which will depend on the specific facts and circumstances. Resolution of that issue will require further proceedings, including potentially a trial, for the Tax Court to hear evidence on and apply the functional analysis test.

We expect that, if, in applying that test, the Soroban limited partners are found not to be “limited partner[s], as such,” Soroban will appeal the Tax Court’s decision to the U.S. Court of Appeals for the Second Circuit. It is also possible that, to avoid a potentially unnecessary trial, Soroban could pursue an interlocutory appeal of the Tax Court’s summary judgment order, which would require approval of both the Tax Court and the Second Circuit to proceed. There has yet to be a circuit court review of section 1402(a)(13), and now appears to be an opportune time for such a review given both the legal history of this provision and the broad effects on taxpayers. A decision by the Second Circuit in the Soroban case, however, would only control Tax Court cases appealable to the Second Circuit. As a result, in cases appealable to other circuits, taxpayers or the IRS could be expected to continue to litigate the issue.

Currently, there are two other pending Tax Court cases relating to fund managers which raise the same arguments as Soroban, and the IRS is still actively auditing numerous partnerships as part of its SECA tax compliance campaign.

Please reach out to your Gibson Dunn lawyers for assistance with any IRS examinations on this topic or to determine how this case may influence your compliance with SECA tax obligations going forward.

__________

[1] 161 T.C. No. 12 (2023).

[2] Unless indicated otherwise, all “section” references are to the Internal Revenue Code of 1986, as amended (the “Code”), and all “Treas. Reg. §” references are to the Treasury regulations promulgated under the Code.

[3] Judge Buch authored the Soroban opinion, which is the second opinion he has written for the Tax Court applying section 1402(a)(13). See Hardy v. Commissioner, 113 T.C.M (CCH) 1070 (2017) (holding that a plastic surgeon’s distributive share of income from a surgical center organized as an LLC (classified as a partnership) was exempt from SECA tax under section 1402(a)(13) because he was a mere investor in the LLC).

[4] IRS Announces Rollout of Five Large Business and International Compliance Campaigns (March 13, 2018), available at https://www.irs.gov/businesses/irs-lbi-compliance-campaigns-mar-13-2018.

[5] Self Employment Contributions Act of 1954, c. 736, 68A Stat. 353.

[6] Section 1401(a), (b). The base Medicare tax is 2.9 percent, but it increases to 3.8 percent on NESE in excess of certain thresholds.

[7] Pub. L. No. 95-216, Title III, § 313(b), 91 Stat. 1536.

[8] H.R. Rep. No. 95-702, pt. 1, at 40-41 (1977).

[9] In 2011, the IRS issued proposed regulations under section 892 defining a “limited partner interest” as an interest held by a partner who does not have rights to participate in the management and conduct of the partnership’s business at any time during the partnership’s taxable year under the law of the jurisdiction in which the partnership is organized or under the governing agreement. REG-146537–06, 76 Fed. Reg. 68119 (Nov. 3, 2011). In addition, in 2011, the IRS proposed regulations under section 469(h)(2) that was intended to clarify the definition and tax treatment of “limited partners” for purposes of defining material participation in partnership activities. REG-109369-10, 76 Fed. Reg. 72367 (Nov. 23, 2011). Neither of these proposed regulations addressed the definition of a limited partner for purposes of section 1402.

[10] 59 Fed. Reg. 67253 (Dec. 29, 1994).

[11] REG-209824096, 62 Fed. Reg. 1701 (Jan. 13, 1997).

[12] Id., Prop. Treas. Reg. § 1.1402(a)-2(h)(2)(i)-(iii).

[13] Taxpayer Relief Act of 1997, Pub. L. No. 105-34, Title IX, § 935, 111 Stat. 882.

[14] Just weeks before issuance of the Tax Court’s decision in Soroban, the IRS and Treasury Department released the 2023-2024 Priority Guidance Plan, adding “[g]uidance under section 1402(a)(13)” and indicating a renewed interest in addressing the Limited Partner Exception through regulations or other published guidance. 2023-2024 Priority Guidance Plan, available at https://www.irs.gov/pub/irs-utl/2023-2024-priority-guidance-plan-initial-version.pdf.

[15] See, e.g., Renkemeyer, Campbell & Weaver LLP v. Commissioner, 136 T.C. No. 137 (2011). In Renkemeyer, the Court analyzed the legislative history of section 1402(a)(13) and concluded that its intent “was to ensure that individuals who merely invested in a partnership and who were not actively participating in the partnership’s business operations … would not receive credits towards Social Security coverage.” Id. at 150. The Court held that partners in a law firm organized as a limited liability partnership were not limited partners for purposes of section 1402(a)(13) because their “distributive shares arose from legal services … performed on behalf of the law firm” and not “as a return on the partners’ investments.” Id.

[16] See Hardy v. Commissioner, 113 T.C.M (CCH) 1070 (2017).

[17] The Court also held that, under the now-repealed TEFRA partnership audit rules, SECA tax adjustments constituted “partnership items” within the meaning of former section 6231(a)(3), giving it jurisdiction to decide the case. Soroban, 161 T.C. No. 12, slip. op. at 13-15. Under partnership audit rules enacted by the Bipartisan Budget Act (the “BBA”), which generally are effective beginning with the 2018 tax year, the treatment would be different as the BBA is limited to Subtitle A, Chapter I Income Tax and does not include the SECA tax under Subtitle A, Chapter 2.

[18] Soroban, 161 T.C. No. 12, slip. op at 11.

[19] Id.

[20] H.R. Rep. No. 95-702, pt. 1, at 40 (1977).

The following Gibson Dunn attorneys prepared this update: Michael Benison, Michael Desmond, Evan Gusler, Galya Savir, and Terrell Ussing.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Tax and Global Tax Controversy and Litigation practice groups:

Tax:
Dora Arash – Los Angeles (+1 213.229.7134, [email protected])
Sandy Bhogal – Co-Chair, London (+44 20 7071 4266, [email protected])
Michael Q. Cannon – Dallas (+1 214.698.3232, [email protected])
Jérôme Delaurière – Paris (+33 (0) 1 56 43 13 00, [email protected])
Michael J. Desmond – Los Angeles/Washington, D.C. (+1 213.229.7531, [email protected])
Anne Devereaux* – Los Angeles (+1 213.229.7616, [email protected])
Matt Donnelly – Washington, D.C. (+1 202.887.3567, [email protected])
Pamela Lawrence Endreny – New York (+1 212.351.2474, [email protected])
Benjamin Fryer – London (+44 (0) 20 7071 4232, [email protected])
Kathryn A. Kelly – New York (+1 212.351.3876, [email protected])
Brian W. Kniesly – New York (+1 212.351.2379, [email protected])
Loren Lembo – New York (+1 212.351.3986, [email protected])
Jennifer Sabin – New York (+1 212.351.5208, [email protected])
Eric B. Sloan – Co-Chair, New York/Washington, D.C. (+1 212.351.2340, [email protected])
Jeffrey M. Trinklein – London/New York (+44 (0) 20 7071 4224), [email protected])
Edward S. Wei – New York (+1 212.351.3925, [email protected])
Lorna Wilson – Los Angeles (+1 213.229.7547, [email protected])
Daniel A. Zygielbaum – Washington, D.C. (+1 202.887.3768, [email protected])

Global Tax Controversy and Litigation:
Michael J. Desmond – Co-Chair, Los Angeles/Washington, D.C. (+1 213.229.7531, [email protected])
Saul Mezei – Washington, D.C. (+1 202.955.8693, [email protected])
Sanford W. Stark – Co-Chair, Washington, D.C. (+1 202.887.3650, [email protected])
C. Terrell Ussing – Washington, D.C. (+1 202.887.3612, [email protected])

*Anne Devereaux is of counsel working in the firm’s Los Angeles office who is admitted to practice in Washington, D.C.

In this article, originally published by Law360, we distill the array of major global AI developments to spotlight a narrow but vitally important area — practical insights for employers using AI in the workplace.

We have been witnessing an absolute whirlwind of artificial intelligence policy developments around the globe.

On Dec. 8, European Union policymakers reached a historic agreement on the AI Act — the world’s most comprehensive risk-based framework governing AI systems. Although details will be finalized in the coming weeks, the AI Act’s full set of requirements is expected to go into effect in approximately the next two years.

This is just the latest significant development in AI regulation and governance — following the release of the risk-based AI international code of conduct by G7 leaders, 18 countries signing onto international guidelines on safe AI development and deployment, and the UK’s AI Safety Summit.

Additionally, in the U.S., the White House recently issued its AI executive order. At the same time, AI-related developments have been continuing at the state level, including the California Privacy Protection Agency, or CPPA, publishing discussion draft regulations relating to automated decision-making technology.

Each of these developments shows keen interest in AI regulation and is a road map to the potential requirements and guardrails for those developing and deploying AI tools.

There is a recognition that AI has the potential to transform a range of industries, and that we are merely at the beginning of this technological journey.

In this article, we will seek to move past AI buzzwords and amorphous definitions to distill the array of major AI developments to spotlight a narrow — but vitally important area — practical insights for employers using AI in the workplace.

In particular, we will address how:

- The now officially forthcoming EU AI Act may impose compliance obligations on U.S. employers deploying AI systems;
- The U.S. Department of Labor’s new role as articulated under the AI executive order and recent coordinating efforts with two federal agencies is likely to result in increased AI enforcement actions and influence how AI in the workplace is regulated;
- The recently released draft AI guidance from the White House’s Office of Management and Budget — while not directly applicable to most companies, other than government contractors — is likely to be an instructive guide as to expectations at the federal level; and
- California’s recently published automated decision-making prerulemaking efforts might shape regulation at the state level.

Read More

Reproduced with permission. Originally published by Law360, New York (December 14, 2023).

The following Gibson Dunn attorneys prepared this article: Vivek Mohan and Emily M. Lamm.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Artificial Intelligence or Labor and Employment practice groups, or the authors:

Vivek Mohan – Palo Alto (+1 650.849.5345, [email protected])

Emily Maxim Lamm – Washington, D.C. (+1 202.955.8255, [email protected])

On November 1, 2023, the New York Department of Financial Services (“NYDFS” or “the Department”) finalized the amendments to its Part 500 Cybersecurity Regulation (the “Second Amended Cybersecurity Regulation”) and cemented its status as a proactive regulatory leader in the effort to protect consumer data, promote cybersecurity governance best practices, and keep pace with new cybersecurity threats and emerging technology.

In line with NYDFS’s risk-based approach to cybersecurity, and as previewed in its previous drafts, the Second Amended Cybersecurity Regulation introduces several notable changes, including expanded responsibility for senior governing bodies, obligations to implement additional safeguards, new requirements for larger companies, new and increased obligations related to written policies and procedures, heightened requirements around audits and risk assessments, and additional reporting requirements for cybersecurity incidents.

NYDFS’s cybersecurity regulation, 23 NYCRR Part 500 (the “Cybersecurity Regulation”), was first released in March 2017 and went into full effect in March 2019. A minor, ministerial amendment changing the date of the required annual certification was made in 2020 (the “First Amended Cybersecurity Regulation”). In July of 2022, NYDFS began the process of a thorough review and update to the regulation. Since then, NYDFS has issued three draft amendments—the initial Draft Proposed Second Amendment (published July 29, 2022), the Proposed Second Amendment (published November 9, 2022), and the Revised Proposed Second Amendment (published June 28, 2023)—and held two notice and comment periods with active stakeholder participation.

Key updates to the Cybersecurity Regulation, as reflected in the Second Amended Cybersecurity Regulation, are highlighted below:

Heightened Obligations for Senior Leadership and Governing Bodies

Under the Second Amended Cybersecurity Regulation, the “senior governing body” of a covered entity joins the Chief Information Security Officer (“CISO”) at the helm of the company’s cybersecurity apparatus. “Senior governing body” is broadly defined to account for the varied sizes, corporate structures, business models, and industries under NYDFS’s purview. A covered entity’s board of directors or equivalent governing body, a board committee, or senior officer(s) responsible for the entity’s cybersecurity program would all qualify as senior governing bodies under the updated regulation.

The senior governing body of a covered entity is required to exercise oversight of the covered entity’s cybersecurity risk management. At a minimum, this entails (i) having a sufficient understanding of cybersecurity-related matters; (ii) requiring management to develop, implement, and maintain the covered entity’s cybersecurity program; (iii) regularly receiving and reviewing management reports on cybersecurity; and (iv) confirming that sufficient resources are allocated in order to implement and maintain the cybersecurity program. Previously, a covered entity’s CISO was charged with ensuring sufficient allocation of resources to develop and maintain an effective cybersecurity system; in recognition of the fact that senior governing bodies, not CISOs, tend to make enterprise-wide resource allocation decisions, NYDFS shifted that responsibility to the senior governing body.

The Second Amended Cybersecurity Regulation also expands reporting obligations on the CISO, requiring the timely reporting of material cybersecurity issues to the senior governing body or senior officer(s), such as significant cybersecurity events and significant changes to the cybersecurity program.

Increased Investment in Cybersecurity Programs

The Second Amended Cybersecurity Regulation requires covered entities assess the adequacy of their governance practices and their investments in technology and personnel. In addition to significantly expanding the breadth of covered entities’ cybersecurity efforts by including “nonpublic information stored on the covered entity’s information systems” in its definition of “cybersecurity program,” NYDFS established additional requirements related to written policies and procedures.

Companies must have written incident response plans, business continuity and disaster recovery plans, and plans for investigating and mitigating cybersecurity events. As it did in the original Cybersecurity Regulation in 2017 for the then-novel incident response plans, NYDFS took care to enumerate a number of proactive measures intended to help covered entities formulate effective business continuity plans. The draft amendments related to business continuity and incident response plans remained largely the same throughout the process of reviewing and updating the regulation, though the Department did make a few practical and logistical changes.

Each covered entity must also implement written policies and procedures that are designed to produce and maintain a complete, accurate, and documented asset inventory of its information systems. NYDFS made a subtle adjustment to this provision from the June 2023 Revised Proposed Second Amendment, requiring covered entities to “produce and maintain” an asset inventory rather than “ensure” it exists—this is one of many instances where the Department made revisions geared toward providing covered entities with concrete guidance on how to navigate the cybersecurity landscape.

Separate Requirements for Larger “Class A” Companies

NYDFS codified heightened cybersecurity requirements for a newly defined class of larger entities, termed “Class A” companies. Throughout its drafting process, NYDFS iterated upon the scope and scale of Class A companies, and ultimately chose a relatively limited definition. Class A companies are those with an in-state gross annual revenue over $20 million in each of the last two fiscal years, and have had either (i) an average of more than 2,000 employees, or (ii) over $1 billion in gross annual revenue in each of the last two fiscal years. When calculating these figures, entities should include any affiliates that it shares information systems, cybersecurity resources, or a cybersecurity program with.

The Department has imposed several obligations on Class A companies, including to design and conduct independent audits of their cybersecurity programs based upon their respective risk assessments; monitor privileged access activity and implement privileged use management solutions; and implement security precautions such as centralized logging and notifications for security alerts, automatic rejection of common or simple passwords, and endpoint detection and response solutions for anomalous activity.

While the Revised Proposed Second Amendment published on June 28, 2023 would have required audits of Class A cybersecurity programs on an annual basis, the final Second Amended Cybersecurity Regulation introduces some flexibility by requiring audits at a frequency determined by the results of the entity’s risk assessments. This change reflects the Department’s understanding that designing and conducting annual audits may be a particularly burdensome, time-consuming, and resource-heavy endeavor given the size of Class A companies and the complexity of their cybersecurity programs. NYDFS did, however, add that Class A companies should design their audits, in addition to conducting them, which demonstrates NYDFS’s desire for covered entities to be engaged, comprehensive, and diligent about their cybersecurity efforts.

Additional Requirements for Audits and Risk Assessments

In earlier draft amendments, NYDFS had proposed strict requirements related to audits, risk assessments, and penetration tests, such as prohibiting the use of internal auditors and requiring covered entities retain external auditors. Many public commenters took issue with these proposals; in response, the Department expanded the pool of eligible auditors and experts to include internal personnel and reduced the rigidity of timetables for certain obligations. Under the Second Amended Cybersecurity Regulation:

An “independent” audit is one conducted by internal or external auditors, who are free to make their own decisions and are not influenced by the covered entity or its owners, managers, or employees;
Class A companies must re-review and update their risk assessments at least annually, and whenever changes to their business or technology result in a “material change” to the cyber risk they face;[1] and
Penetration testing of information systems must be performed annually by qualified internal or external “parties” (not necessarily by “experts,” as contemplated in the Proposed Second Amendment).

In addition, the Second Amended Cybersecurity Regulation includes a new requirement that risk assessments must “inform the design” of the cybersecurity program and enable adjustments in controls to address evolving cybersecurity and privacy risks. This includes general risks and those particular to the covered entity’s business operations.

Incident Notification Obligations

Covered entities should take note of the growing number and increased sophistication of cybersecurity events in recent years. In an effort to combat these threats, NYDFS established a new 24-hour notification obligation in the event a covered entity makes a ransom payment, and a 30-day window for covered entities to provide a written description of why the payment was necessary, alternatives to payment that were considered, and all diligence conducted to ensure compliance with applicable rules and regulations.

NYDFS narrowed the circumstances for which covered entities would have to provide NYDFS with notice by differentiating between “cybersecurity events” and “cybersecurity incidents.” Under the Second Amended Cybersecurity Regulation, entities must notify NYDFS only where the covered entity has determined that there is an incident at the covered entity, its affiliate, or a third-party service provider that: (i) impacts the covered entity and has triggered the notification requirement of another governmental body, self-regulatory agency, or other supervisory body; (ii) has a reasonable likelihood of materially harming normal operations of the covered entity; or (iii) results in the deployment of ransomware within a material part of the covered entity’s information systems.

NYDFS considered, but did not adopt, a requirement that entities notify the Department of any incident involving unauthorized access to a “privileged account,”[2] acknowledging that such an overbroad requirement would likely lead to overreporting and the inefficient use of resources.

Compliance Timeline

In general, entities have 180 days, or until April 29, 2024, to comply with the Second Amended Cybersecurity Regulation. However, several provisions have different specified transitional periods that override this general timeline:

Incident reporting requirements take effect 30 days after the effective date of the Second Amended Cybersecurity Regulation, or December 1, 2023.
Governance, encryption, incident response plan and business continuity management, and the limited exemption provisions take effect one year after the effective date of the Second Amended Cybersecurity Regulation, or November 1, 2024.
Vulnerability scanning, access privileges and management, and monitoring and training provisions take effect 18 months after the effective date of the Second Amended Cybersecurity Regulation, or May 1, 2025.
Multifactor authentication and asset management and data retention provisions take effect two years after the effective date of the Second Amended Cybersecurity Regulation, or November 1, 2025.

Looking Ahead

The proliferation of artificial intelligence (“AI”), generative AI, and large language models is on NYDFS’s radar[3] and may receive attention in a forthcoming round of amendments. Although NYDFS declined to dedicate a section of the Cybersecurity Regulation to these rapidly expanding technologies, it cautioned covered entities that cybersecurity risks associated with AI are “concerning” and should be taken into account in risk assessments and addressed in cybersecurity programs.[4]

The Second Amended Cybersecurity Regulation signals a significant shift in the cybersecurity regulatory landscape, reflecting NYDFS’s proactive efforts to empower covered entities to protect themselves against escalating threats of sophisticated and frequent cyber events. Organizations should assess their cybersecurity policies and practices to ensure that adequate controls, resources, and personnel are in place to comply with NYDFS’s regulatory changes.

__________

[1] NYDFS did not adopt its proposed requirement that external experts conduct risk assessments at least once every three years.

[2] Privileged account means “any authorized user account or service account that can be used to perform security-relevant functions that ordinary users are not authorized to perform, including but not limited to the ability to add, change or remove other accounts, or make configuration changes to information systems.” Section 500.1(n).

[3] Assessment of Public Comments on the Revised Proposed Second Amendment to 23 NYCRR Part 500, here.

[4] Assessment of Public Comments on the Revised Proposed Second Amendment to 23 NYCRR Part 500, here.

The following Gibson Dunn lawyers assisted in preparing this alert: Alexander Southwell, Stephenie Gosnell Handler, Vivek Mohan, Sara Weed, Cassarah Chu, Anne Lonowski, and Ruby Lang.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any member of the firm’s Privacy, Cybersecurity & Data Innovation practice group:

United States
S. Ashlie Beringer – Co-Chair, Palo Alto (+1 650.849.5327, [email protected])
Jane C. Horvath – Co-Chair, Washington, D.C. (+1 202.955.8505, [email protected])
Alexander H. Southwell – Co-Chair, New York (+1 212.351.3981, [email protected])
Matthew Benjamin – New York (+1 212.351.4079, [email protected])
Ryan T. Bergsieker – Denver (+1 303.298.5774, [email protected])
David P. Burns – Washington, D.C. (+1 202.887.3786, [email protected])
Gustav W. Eyler – Washington, D.C. (+1 202.955.8610, [email protected])
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, [email protected])
Svetlana S. Gans – Washington, D.C. (+1 202.955.8657, [email protected])
Lauren R. Goldman – New York (+1 212.351.2375, [email protected])
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, [email protected])
Nicola T. Hanna – Los Angeles (+1 213.229.7269, [email protected])
Howard S. Hogan – Washington, D.C. (+1 202.887.3640, [email protected])
Kristin A. Linsley – San Francisco (+1 415.393.8395, [email protected])
Vivek Mohan – Palo Alto (+1 650.849.5345, [email protected])
Karl G. Nelson – Dallas (+1 214.698.3203, [email protected])
Rosemarie T. Ring – San Francisco (+1 415.393.8247, [email protected])
Ashley Rogers – Dallas (+1 214.698.3316, [email protected])
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, [email protected])
Benjamin B. Wagner – Palo Alto (+1 650.849.5395, [email protected])
Sara K. Weed – Washington, D.C. (+1 202.955.8507, [email protected])
Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415.393.8333, [email protected])
Debra Wong Yang – Los Angeles (+1 213.229.7472, [email protected])

Europe
Ahmed Baladi – Co-Chair, Paris (+33 (0) 1 56 43 13 00, [email protected])
Kai Gesing – Munich (+49 89 189 33-180, [email protected])
Joel Harrison – London (+44 20 7071 4289, [email protected])
Vera Lukic – Paris (+33 (0) 1 56 43 13 00, [email protected])

Asia
Connell O’Neill – Hong Kong (+852 2214 3812, [email protected])
Jai S. Pathak – Singapore (+65 6507 3683, [email protected])

We are pleased to provide you with the next edition of Gibson Dunn’s digital assets regular update. This update covers recent legal news regarding all types of digital assets, including cryptocurrencies, stablecoins, CBDCs, and NFTs, as well as other blockchain and Web3 technologies. Thank you for your interest.

ENFORCEMENT ACTIONS

UNITED STATES

DOJ, CFTC, Treasury, and Binance, CZ Reach Settlement
On November 21, Binance, the largest cryptocurrency exchange in the world, reached a settlement with the U.S. Department of Justice (DOJ), the Commodity Futures Trading Commission (CFTC), the U.S. Department of Treasury’s Office of Foreign Asset Control (OFAC) and Financial Crimes Enforcement Network (FinCEN), to resolve a multi-year investigation by the agencies and a civil suit brought by the CFTC. Attorney General Merrick Garland, Treasury Secretary Janet Yellen, and CFTC Commissioner Rostin Benham announced the multi-agency resolutions in a press conference. As part of the settlement, Binance agreed to pay $4.3 billion across the four agencies and pleaded guilty to conspiracy to conduct an unlicensed money transmitting business and violation of the International Emergency Economic Powers Act. The plea agreement requires Binance to engage in remedial compliance measures over a three-year probationary term and imposes an Independent Compliance Monitor, in addition to requiring the payment of fines and forfeitures. Concurrent with the company’s settlement, Binance’s founder Changpeng Zhao also pleaded guilty to one count of failing to maintain an effective AML program. NBC; CNN; ABC; Law360; CNBC; C-SPAN.
SEC Sues Kraken Cryptocurrency Exchange
On November 20, the SEC sued Kraken, the world’s third-largest crypto asset exchange, alleging that it operates as an unregistered securities exchange, broker, dealer, and clearing agency. The complaint’s allegations track those made in complaints against other crypto exchanges. The SEC’s complaint, filed in federal district court in San Francisco, seeks injunctive relief, disgorgement of ill-gotten gains plus interest, and penalties. SEC; Reuters; Fortune.
DOJ Seizes Millions of Dollars of Tether
On November 21, the Department of Justice seized $9 million worth of Tether (USDT), a U.S. dollar stablecoin, from accounts associated with “pig butchering” scams. These schemes involve scammers developing fake romantic relationships with victims, convincing them to transfer digital assets into fake exchanges before stealing the assets. Tether Limited, which manages Tether, had earlier frozen $225 million worth of USDT in accounts connected to these scams, from which the $9 million was seized. The operation was a collaboration between the Department of Justice, the U.S. Secret Service, and Tether Limited. CryptoNews; DOJ; Law360; CNBC.
SEC’s Crypto Enforcement Increases in 2023
The SEC announced their enforcement results for fiscal year 2023 which marked the third consecutive year that enforcement activity had increased since Chair Gary Gensler became head of the agency. While investment adviser cases, insider trading, and individual accountability cases saw a decrease in the 2023 fiscal year, cryptocurrency cases increased from 18 in fiscal year 2022 to 44 in fiscal year 2023. The SEC said it will continue to prioritize violations involving crypto in 2024. Law360.

INTERNATIONAL

Feds Seize and Sanction Sinbad, a North Korean-Linked Crypto Mixer
On November 29, Sinbad, a company that makes crypto transactions anonymous, was sanctioned by the U.S. Department of Treasury. Authorities have alleged that Sinbad washed millions of dollars of stolen cryptocurrency for North Korean state-backed hackers the Lazarus Group following high-profile digital heists. Sinbad is the third crypto mixer to face U.S. sanctions since 2022. Last month, the Financial Crimes Enforcement Network proposed rules to reclassify companies like Sinbad to bring them under its jurisdiction, which could require mixers to report some transactions to the federal government. Law360.
Montenegro Court Approves Extradition of “Cryptocurrency King” Do Kwon
On November 24, 2023, the High Court in Podgorica, Montenegro approved the extradition of Terraform Labs co-founder Do Hyeong Kwon to the United States or South Korea to face charges related to the collapse of stablecoin Terra USD. In February of this year, the U.S. Securities and Exchange Commission charged Kwon with orchestrating a multi-billion dollar crypto asset securities fraud. This followed South Korea’s issuance of a warrant for Kwon’s arrest in September of last year. Kwon agreed to be extradited to South Korea after serving a four-month sentence in Montenegro for document forgery. Montenegro’s justice minister will issue a final decision approving or denying extradition at the expiration of Kwon’s sentence. Reuters; Financial Times.

REGULATION AND LEGISLATION

UNITED STATES

New York State Announces New Crypto Regulations
On November 15, the New York State Department of Financial Services (NYDFS) unveiled new restrictions on crypto companies under the New York Financial Services Law. The restrictions require companies to submit for pre-approval policies regarding the listing and delisting of cryptocurrency coins. The submitted policies must include provisions on governance, risk assessment, monitoring, de-listing process, and execution. The new restrictions apply to digital currency businesses licensed under New York law and to limited purpose trusts under New York banking law. Covered businesses must meet with NYDFS by December 8 to discuss draft policies, and must submit final policies by January 31, 2024. Cointelegraph; N.Y. Dep’t Fin. Servs.
CFPB Proposes Rule to Supervise Nonbank Companies Offering Digital Wallets and Payment Apps
On November 7, the Consumer Financial Protection Bureau (CFPB) issued a proposed rule to supervise certain nonbank companies that offer services such as digital wallets and payment apps. The proposed rule would apply to nonbank payments companies providing general-use digital consumer payment applications that process more than five million consumer payment transactions per year and are not a “small business concern” as defined under the Small Business Act. The proposed rule defines “consumer payment transactions” as “the transfer of funds by or on behalf of a consumer physically located in a State to another person primarily for personal, family, or household purposes,” though it excludes certain transactions (including international money transfers). And it further asserts that “funds” include cryptocurrencies. The comment period for the proposed rule closes on January 8, 2024. CFPB.
Officials’ Questions at Hearing Suggest Further Tax Proposal Revisions to Come Following Crypto Industry’s Criticism
The IRS held a hearing on November 13 regarding its proposed crypto tax reporting rule, which has been heavily criticized by the crypto industry. The proposed rule would set forth reporting requirements and applicable definitions for digital asset brokers. At the hearing, IRS officials asked questions to clarify the criticism regarding the proposal’s wide definition of “brokers,” which as of now includes decentralized finance (DeFi) projects and wallet software. Industry representatives explained that there is no specific person that controls software used in DeFi and that it is therefore impractical to collect the information that would be required to be reported under the IRS’s proposal. In addition, the IRS asked questions relating to potentially excluding the stablecoin-reporting requirement. The industry has argued that the government should not track these transactions as taxable exchanges of assets. Furthermore, the IRS inquired about data privacy risks for consumers as a result of the proposed regulations. CoinDesk; Reuters.
Key Cryptocurrency Legislation Likely Delayed to 2024, Lawmakers Say
In recent months, legislators in Congress have introduced a series of bills to modernize the legal framework governing cryptocurrencies. These include the Financial Innovation and Technology for the 21st Century Act, introduced by Congressman French Hill (R-Ark.), Congressman Dusty Johnson (R-S.D.) and Congressman Glenn G.T. Thompson (R-Pa.) and the Clarity for Payment Stablecoins Act of 2023, introduced by Congressman Patrick McHenry (R-N.C.). Efforts to advance those bills had been sidelined as a leadership dispute roiled the House of Representatives following the ouster of Congressman Kevin McCarthy (R-CA) as Speaker of the House. Key proponents of the legislation have indicated that further progress on the bills is unlikely until at least early-2024. CoinDesk; CNBC.
FASB Says Cryptocurrencies to Be Measured at Fair Value
On December 13, 2023, the Financial Accounting Standards Board (FASB) promulgated new standards governing accounting for digital assets. Under the new standards, companies that hold bitcoin or ether will be required to record their holdings at fair value. The standards do not cover non-fungible tokens, stablecoins, and issuer-created tokens. Previous rules had required companies to record assets at their low values, which some had criticized as artificially depressing the reported value of cryptocurrency holdings due to temporary downturns in price. The FASB accounting standards will take effect after December 15, 2024, but companies may voluntarily adopt them sooner. Bloomberg; CoinDesk.

INTERNATIONAL

Hong Kong’s SFC Updates Guidance on Tokenized Securities-Related ActivitiesOn November 2, Hong Kong’s Securities and Futures Commission (SFC) published two circulars providing updated guidance to intermediaries engaging in tokenized securities-related activities and on the tokenization of SFC-authorized investment products. The SFC now considers tokenized securities to be traditional financial instruments that are securities which utilize blockchain (or similar) technology in their security lifecycle. This updated characterization supersedes the SFC’s previous March 2019 statement characterizing tokenized securities as complex products requiring extra investment protection measures and restricting their offering to professional investors. A detailed breakdown of the circulars is available in Gibson Dunn’s November 10, 2023 Client Alert. Gibson Dunn.
European Banking Authority Launches Public Consultation on Crypto Money Laundering
On November 24, the European Banking Authority initiated a public consultation program to gather opinions on “new Guidelines on preventing the abuse of funds and certain crypto-assets transfers for money laundering and terrorist financing purposes.” The proposed Guidelines set out procedures that payment service providers and crypto asset service provides must follow to “detect missing or incomplete information that accompanies a transfer of funds or crypto-assets” and to manage transfers ordered with less than complete information. The Authority will take comments on its published consultation paper until February 26, 2024, and will hold a virtual public hearing on the Guidelines on January 17, 2024. EBA 1; EBA 2.
Monetary Authority of Singapore Finalizes New Crypto Regulations
On November 23, the Monetary Authority of Singapore (MAS) issued a response to feedback on its proposed regulation of crypto service providers. In an effort to combat the encouragement of crypto speculation, with regard to retail persons, the regulation prohibits crypto service providers from financing crypto transactions, permitting margin transactions, or providing incentives to trade. Providers are barred from accepting locally issued credit card payments, and must assess customers’ risk awareness before permitting trading. The regulation also relaxes requirements for qualifying as an accredited investor by allowing a certain quantity of crypto assets to count toward the net-worth calculation. The MAS previously issued responses to feedback in July when it promulgated regulations requiring providers to deposit customer assets in a statutory trust for safekeeping and restricting providers from lending and staking cryptocurrency to retail investors. The rules will take effect in phases, beginning in mid-2024. CoinDesk; MAS 1; MAS 2; MAS 3.
Countries Announce Intent to Implement the OECD’s Crypto Reporting Framework
The Organization for Economic Cooperation and Development (OECD) released the Crypto-Asset Reporting Framework (CARF) in October 2022, which focused on ensuring crypto-assets are not used for illicit purposes such as tax evasion. This month, 48 jurisdictions, including the U.S., U.K., France, Spain, Germany, Canada, and Japan, announced their intent to implement the CARF by 2027. Erika Nijenhuis, a U.S. Department of Treasury official, said earlier that regulations to implement the CARF were in process and that the Treasury can require reporting for much of what the CARF covers. Law360.
U.K.’s Financial Conduct Authority Licenses Crypto.com As Electronic Money Institution
On December 4, the U.K.’s Financial Conduct Authority granted crypto exchange Crypto.com a license to operate in the country as an Electronic Money Institution. Crypto.com plans to use the license to “offer a suite of UK-localised e-money products,” according to a press release. Since August 2022, the firm has held the status of a registered crypto-asset business in the U.K., but the new license will enable it to provide cash placements and withdrawals from payment accounts; to execute payment transactions; to issue payment instruments; to remit money; and to issue electronic money. Conversely, the license restricts Crypto.com from hiring agents or using distributors and from providing payment services unrelated to those licensed. Other crypto exchanges hold similar licenses in the U.K. CoinDesk; Crypto.com; Financial Conduct Authority; Crypto.news.
South Korea Proposes New Consumer Protection Rules for Cryptocurrency
In June of this year, South Korea’s lawmakers approved the Virtual Asset User Protection Act, which defined digital assets and imposes penalties for trading such assets on nonpublic information, manipulating markets, or otherwise engaging in unfair trading practices. The legislation also gave South Korea’s Financial Services Commission power to oversee cryptocurrency firms and asset custodians. On December 11, 2023, the country’s Financial Services Commission promulgated comprehensive regulations to effectuate the new law. The proposed rules (a) broaden the range of covered tokens, (b) prescribe standards for custodying digital assets, (c) require virtual asset service providers (VASPs) to store 80% or more of customer assets in cold wallets, (d) mandate certain insurance and reserve baselines to prevent catastrophic losses in the event of hacking or technological failures, (e) specify when nonpublic information becomes public, (f) limit when VASPs may block customer deposits and withdrawals, and (g) require VASPs to monitor abnormal transaction activity. Bloomberg; CoinDesk; S.K. Financial Services Commission.
Regulators Approve El Salvador’s “Bitcoin Bonds”
In January 2023, El Salvador’s lawmakers approved a bill authorizing the issuance of sovereign “Bitcoin bonds.” El Salvador’s National Bitcoin Office (ONBTC) announced on Monday that the country’s Digital Assets Commission had approved issuing the bonds, known colloquially as the “Volcano Bond” – a reference to geo-thermal energy sources used to support the country’s mining operations. According to ONBTC, the bonds are expected to issue in the first quarter of 2024 on the Bitfinex Securities Platform, a registered trading site for blockchain-based assets in El Salvador. Cointelegraph; Yahoo.

CIVIL LITIGATION

UNITED STATES

Celsius Network Faces Roadblock in Pivot to Bitcoin Mining After Winning Initial Ch. 11 Plan Approval
On November 30, Chief Judge Martin Glenn of the U.S. Bankruptcy Court for the Southern District of New York said that Celsius Network, the bankrupt cryptocurrency investment platform, may have to seek a new creditor vote on its proposed transformation into a bitcoin mining business. This development comes just days after Judge Glenn signed an order confirming the initial Chapter 11 plan of Celsius. Under that plan, crypto consortium Fahrenheit LLC would acquire Celsius’ assets and focus on mining new bitcoin and on earning “staking” fees by validating blockchain transactions. Customers who had Celsius accounts at the time of the bankruptcy would receive pro rata distributions of the company’s remaining cryptocurrency and preserve their right to pursue claims against parties accused of manipulating the price of Celsius’ tokens prior to the bankruptcy.However, Celsius scaled back its post-bankruptcy business plans to focus only on bitcoin mining after receiving feedback from the SEC. Although the SEC did not explicitly oppose Celsius’ bankruptcy plan before it was approved, Celsius claims that the SEC is unwilling to approve crypto lending and staking activity. Judge Glenn expressed frustration with the late pivot, saying that he had been a “broken record” about Celsius’ need to reach agreement with the SEC. Law360; Reuters.
Genesis, Digital Currency Group Reach Agreement on New Settlement Plan
A recent bankruptcy filing revealed that Genesis Global and its parent company, Digital Currency Group (DCG), have agreed on a repayment plan to settle their lawsuit. In September 2023, Genesis sued DCG seeking repayment of over $600 million in loans. The settlement plan shows that DCG has already settled roughly $227.3 million of its debt to Genesis and lays out a plan for an additional $275 million to be paid by April 2024 using a combination of U.S. dollars and bitcoin. The settlement also includes other consideration. CryptoSlate.
Genesis Sues Gemini to Recover ‘Preferential Transfers’ Worth $689M
On November 21, Genesis Global, a crypto lender, sued cryptocurrency exchange Gemini Trust Co, for allegedly making preferential transfers of approximately $689 million. Genesis filed for bankruptcy in January 2023. Genesis alleges that, before the bankruptcy filing, Gemini made “unprecedented withdrawals” that contributed to a “run on the bank.” Gemini has stated that the claims are “baseless and inflammatory.” Reuters; CoinDesk.
FTX Says IRS Tax Estimate Is $24 Billion Too High
On November 29, FTX asked a Delaware bankruptcy judge to set its tax bill at $0 claiming that the IRS is estimating $24 billion in claims without evidence. Given its collapse in November 2022, FTX is arguing that it has no tax liability. FTX expects to seek votes for its Chapter 11 plan in March and asked for a hearing with the IRS in February to resolve this issue beforehand as it has the potential to derail these Chapter 11 cases. After the IRS began an audit of FTX’s taxes, it had originally estimated claims at $44 billion before being revised in November to $24 billion. FTX is concerned that these claims could halt plan confirmation and indefinitely delay distributions on allowed claims to customers and creditors. Law360.

INTERNATIONAL

FTX Investors Sue MLB, F1 Team Over Crypto Promotions
On November 27, FTX investors filed three class action suits in Florida federal court against Major League Baseball, Mercedes-Benz’s Formula One race team, and media companies Wasserman Media Group LLC and Dentsu McGarry Bowen LLC for promoting FTX. The investors claim that all the organizations failed to conduct adequate due diligence on FTX and “aided and abetted FTX’s deceptive marketing practices.” Further, the suits allege that the organizations had a pivotal role in deceiving the public through their promotion of FTX. Law360.

SPEAKER’S CORNER

UNITED STATES

Presidential Candidate Vivek Ramaswamy Shares Crypto Plan
On November 16, Republican presidential candidate Vivek Ramaswamy shared his plan for regulating digital assets. Ramaswamy advocated for classifying most cryptocurrencies as commodities rather than securities, and has been critical of SEC Chair Gary Gensler’s unwillingness to share how he thinks ether should be classified. Ramaswamy also shared that his administration would not target software developers just for writing code and would leave unhosted wallets unregulated. Fellow GOP candidate Ron DeSantis also has pledged to “defend the right of Americans to hold digital assets without government interference.” CoinDesk; Washington Examiner.

INTERNATIONAL

Singapore to Pilot Use of Wholesale Central Bank Digital Currencies in 2024
On November 16, Ravi Menon, Managing Director of the Monetary Authority of Singapore (MAS), announced Singapore’s plan to pilot the live issuance and use of wholesale central bank digital currencies (CBDCs) in 2024. Previously, the MAS had only simulated the issuance of wholesale CBDCs within test environments. The MAS will soon partner with local banks to pilot the use of wholesale CBDCs as a common settlement asset in domestic payments. Banks will have the ability to issue tokenized bank liabilities that represent claims on their balance sheets. Retail customers can utilize these tokenized bank liabilities in transactions with merchants who, in turn, can credit these liabilities with their respective banks. MAS; CNBC.
IMF Says Central Bank Digital Currencies Can Replace Cash
On November 15, Kristalina Georgieva, Managing Director of the International Monetary Fund (IMF), said that central bank digital currencies (CBDCs) have the potential to replace cash in island economies where the distribution of physical currency is costly. Georgieva encouraged the public sector to prepare for the deployment of CBDCs and related payment platforms in the future, noting that such technologies could potentially improve financial inclusion and financial literacy. Georgieva noted that the success of CBDCs will ultimately rely on policy decisions, how technologies evolve, personal privacy and data security, and how the private sector responds. The IMF has said that more than 100 countries are exploring CBDCs, with countries such as Jamaica, Nigeria, and the Bahamas having already issued retail CBDCs. CNBC.

OTHER NOTABLE NEWS

Gibson Dunn Debuts Fintech and Digital Assets Practice
On November 13, Gibson, Dunn & Crutcher LLP announced its fintech and digital assets practice group. The practice group consists of 40 attorneys and is co-chaired by three Washington, D.C. partners, M. Kendall Day, Jeffrey Steiner, and Sara Weed. These attorneys will “advise traditional and emerging companies on the most complex investigations and enforcement actions brought by regulators in critical markets in the United States, Europe, and Asia.” Working alongside their colleagues in other practice areas like artificial intelligence, financial institutions, data innovation, public policy, privacy and cybersecurity and many others, the fintech and digital assets practice group aims to handle a broad range of “regulatory, policy and supervision and enforcement situations involving fintech, digital assets and blockchain technology” that will enable their clients to seamlessly accelerate their growth worldwide. Gibson Dunn.
Argentina Elects Pro-Bitcoin President Javier Milei
On November 19, Argentina elected Javier Milei as its new president. Milei is known for his anti-central banking stance, criticizing the central bank for “cheating” Argentinians through inflationary tax and even proposing the elimination of the Central Bank of Argentina. As Argentina struggles with triple-digit rates of inflation, Milei sees bitcoin as “the natural reaction against central bank scammers; to make money private again.” While Milei has not proposed making bitcoin legal tender in Argentina, as it is in El Salvador, he plans to dollarize the Argentine economy to combat the country’s inflation issues. Despite his strong views on bitcoin and cryptocurrency, it remains unclear how Milei’s administration will integrate crypto into national economic policies. Blockworks

The following Gibson Dunn attorneys contributed to this issue: Jason Cabral, M. Kendall Day, Chris Jones, Jay Minga, Nick Harper, Grace Feitshans, Justin Fishman, Kameron Mitchell, Michelle Lou, and Edward Ferguson.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s FinTech and Digital Assets practice group, or the following:

FinTech and Digital Assets Group:

Ashlie Beringer, Palo Alto (650.849.5327, [email protected])

Michael D. Bopp, Washington, D.C. (202.955.8256, [email protected]

Stephanie L. Brooker, Washington, D.C. (202.887.3502, [email protected])

Jason J. Cabral, New York (212.351.6267, [email protected])

Ella Alves Capone, Washington, D.C. (202.887.3511, [email protected])

Grace Chong, Singapore (+65 6507 3608, [email protected])

M. Kendall Day, Washington, D.C. (202.955.8220, [email protected])

Michael J. Desmond, Los Angeles/Washington, D.C. (213.229.7531, [email protected])

Sébastien Evrard, Hong Kong (+852 2214 3798, [email protected])

William R. Hallatt, Hong Kong (+852 2214 3836, [email protected])

Martin A. Hewett, Washington, D.C. (202.955.8207, [email protected])

Michelle M. Kirschner, London (+44 (0)20 7071.4212, [email protected])

Stewart McDowell, San Francisco (415.393.8322, [email protected])

Mark K. Schonfeld, New York (212.351.2433, [email protected])

Orin Snyder, New York (212.351.2400, [email protected])

Jeffrey L. Steiner, Washington, D.C. (202.887.3632, [email protected])

Eric D. Vandevelde, Los Angeles (213.229.7186, [email protected])

Benjamin Wagner, Palo Alto (650.849.5395, [email protected])

Sara K. Weed, Washington, D.C. (202.955.8507, [email protected])

The agreement marks a watershed moment for AI regulation and is the most significant endorsement of so-called “comprehensive” AI regulation from a major political actor on the world stage.

I. Introduction

After almost 6 months of negotiations, in the late night and early morning hours of December 8-9, 2023, the European Commission, the Council and the Parliament reached political agreement on the provisional rules that will comprise the European Union’s Artificial Intelligence Act (the “AI Act”).[1] This agreement marks a watershed moment for AI regulation, and is the most significant endorsement of so-called “comprehensive” AI regulation from a major political actor on the world stage. The provisional agreement on the AI Act would:

Establish a broad and extraterritorial scope of application,
Prohibit certain uses of AI entirely, and
Define a broad range of other uses as “high-risk” and subject to stringent requirements.

A number of procedural steps remain before the AI Act is finalized (as summarized in more detail in Section III); however, the staggered – and relatively rapid – planned enforcement of certain provisions bears note. Provisions related to prohibited AI systems are set to become enforceable six months after the Act is finalized; and provisions related to so-called General Purpose AI (“GPAI”) become enforceable 12 months after this date. The rest of the AI Act is expected to become enforceable in 2026.

The “long arm” of the AI Act will impact a broad range of business – including, but not limited to, those that intend to provide or deploy AI systems within the EU.[2] The distinct posture of the AI Act – based in part on fundamental and human rights jurisprudence – requires companies to think differently when preparing compliance strategies:

Proactive engagement with novel regulatory measures, such as a fundamental rights impact assessment for certain AI systems, and
Reimagining and documenting strategic decision-making related to internal governance and compliance in the face of unpredictable and uncertain go-forward risks.

This alert builds on our previous alerts which analyzed the European Commission’s 2021 proposal on the AI Act, the European Council’s common position (December 2022) and European Parliament’s negotiating position (June 2023). This alert takes a closer look at some of the key areas of debate in the trilogue procedure and the political agreement that was reached.

Negotiations on the final text of the AI Act remain underway, and the final wording of the provisional agreement is not yet public. The analysis below is based on public reports and our understanding of the substance of the agreement, but this may change based on a variety of factors. Keen followers of artificial intelligence would no doubt agree a lack of forward-looking certainty is the one guarantee in this area, and that applies equally to the AI Act’s journey from initial gestation to “political agreement.”

II. From negotiation to agreement: Outcome of the trilogue procedure

a) Scope of Application

The AI Act will provide for an extra-territorial scope of application that includes obligations for providers and deployers of AI systems. This has significant consequences for businesses not established in the EU, if they place an AI system on the market or put it into service in the EU. Furthermore, the regulations apply when “outputs” produced by an AI system are (or are intended to be) used in the EU. A key issue yet to be determined relates to the scope of the “output” provisions and the extent to which the AI Act regulates activities across the AI supply chain. One example could be AI-assisted R&D that is outsourced outside Europe such that only the final product (e.g., products designed using AI that do not themselves fall within the definition of an AI system and are not, technically, “outputs” of an AI system) are marketed in the EU.

b) Definition of AI

The definition of AI, a key threshold for applicability of the AI Act, has been subject to significant change throughout the legislative process. As noted in our previous alert, what started out as an overly broad definition has been reportedly narrowed over time with the goal of ensuring that traditional computational processes and software are not inadvertently captured. While the final text of the AI Act has not yet been released, the language reportedly aligns with the definition of AI recently adopted by the OECD[3] and reflects the need to preserve the ability to adjust the definition as necessary to account for future developments in the fast-moving AI landscape. While the definition in the final text does not reflect the OECD’s definition verbatim, it reflects its main elements, i.e., objective-based output generation that is able to influence its environment with varying degrees of autonomy.[4]

c) Prohibited AI systems

The AI Act classifies AI systems by risk level (unacceptable, high, limited, and minimal or no risk). AI systems that carry “unacceptable risk” are per se prohibited. In other words, the Act adopts bright line rules as to some uses of AI systems, based on fundamental rights concerns, differently from some other flagship regulations in the EU which usually allow for exceptions based on general rules. This framework will require particular diligence on behalf of businesses when classifying their AI systems for the purposes of the Act’s risk-based approach.

While the European Commission and Council advocated for a narrower list of prohibited AI systems, the Parliament’s mandate included a longer list of prohibited AI systems, banning certain use cases entirely. The agreed AI Act prohibits, inter alia:[5]

Manipulation of human behavior to circumvent end-users’ free will;
Social scoring;
Certain applications of predictive policing;
Emotion recognition systems used in the workplace; and
Real time remote biometric identification for law enforcement purposes in publicly accessible spaces (with narrow exceptions).

The European Council resisted the full ban on real-time remote biometric identification in publicly accessible spaces proposed by the European Parliament. Instead, real-time remote biometric identification for law enforcement purposes is prohibited unless it fits within narrow exceptions, such as for uses tied to the prevention of terrorist attacks or to locate victims or suspects in connection with serious offences, such as terrorism. Under the agreed version of the AI Act, other forms of biometric identification that fall outside the scope of the prohibition (i.e., ex-post biometric identification) are considered “High-Risk” (for which, see below).

d) High-risk AI systems

High-risk AI systems, while permitted, are subject to the most stringent obligations. AI systems may fall into this category if they pose a “significant risk” to an individual’s health, safety, or fundamental rights, and are used, or intended to be used, for inter alia education, employment, critical infrastructure, public services, law enforcement, border control, and administration of justice. One new obligation for companies imposed by the AI Act will be to prepare fundamental rights impact assessments (‘FRIAs’). Determining when and how to conduct an FRIA will raise many strategic and compliance-focused questions, taking account of the nature and scope of the AI system in question. Businesses will need to take steps to engage with this obligation as soon as possible.

In response to concerns that the high-risk category may be over-inclusive, the agreed version of the AI Act adds the concept of a filter system, which provides a series of exemptions that would allow providers of AI systems to avoid the high-risk category based on self-assessments.

The European Commission is expected to develop guidelines on the application of these filters. Currently, it has been reported that the filters exempt AI systems that are (i) intended to perform a narrow procedural task; (ii) intended to review or improve the result of a previously completed human activity; (iii) purely intended to detect decision-making patterns or deviations from prior decision-making patterns to flag potential inconsistencies; or (iv) used to perform preparatory tasks for an assessment relevant to critical use cases. It is not unlikely that the operation of this filter system may cause some problems in practice and lack of legal certainty as to the scope of the exemptions.

Providers that make an assessment that their systems fall outside of the high-risk category may be obliged to provide, upon request, the results of their prior assessment as to classification to the respective national market surveillance authorities. The agreed AI Act also contemplates allowing these market surveillance authorities to carry out evaluations of AI systems where they have sufficient reason to believe they should be considered high-risk, and to impose fines where they have sufficient evidence that the AI system provider misclassified their system to avoid a high-risk classification.[6]

e) General Purpose AI (Foundation Models)

As explained in our previous alert, the Parliament’s negotiating position introduced a regime for regulating GPAI models – or foundation models – consisting of models that “are trained on broad data at scale, are designed for generality of output, and can be adapted to a wide range of distinctive tasks”.[7] Parliament also introduced certain separate testing and transparency requirements, with most of the obligations falling on any deployer that substantially modifies a GPAI system for a specific use case.

The regulation of GPAI models was heavily debated during the trilogue procedure. The final text features a tiered approach (initially proposed by the European Commission) which places more onerous obligations on GPAI models that could pose “systemic” risks. The AI Act contains a presumption categorizing models as carrying a “systemic risk” where the model was trained using computing power greater than 10^25 floating point operations (FLOPs), indicating their capabilities and amount of underlying data. The European Commission has commented that “these new obligations will be operationalized through codes of practices developed by industry, the scientific community, civil society and other stakeholders together with the Commission.”[8] The tiered approach represents a compromise between the stark opposition to any regulation of foundation models in the AI Act by some Member States, including France, Germany and Italy, and the European Parliament’s preferred approach of establishing horizontal obligations which would apply equally to all foundation models.[9]

While certain obligations will apply to GPAI models, e.g., transparency obligations relating to the training data as well as copyright safeguards or making AI-generated content recognizable, providers of foundation models that meet the “systemic risks” threshold will need to notify the Commission of their status and comply with the relevant obligations in the AI Act (similar to the notification mechanism in the EU Digital Services Act). The regime places onerous obligations on providers of foundation models that are similar to those that apply to high-risk AI systems, e.g., requirements to assess and mitigate the risks their models entail, comply with certain design, information and environmental requirements and register such models in an EU database.

f) Enforcement

The AI Act envisions a strict enforcement regime set to be overseen by national authorities designated by each EU Member State to supervise compliance within its territory as well as a centralized European Artificial Intelligence Office tasked with coordinating enforcement efforts. Notably, the AI Act does not contemplate a de-centralized system of enforcement or a “one-stop shop” as under the GDPR. However, the competent national authorities will be gathered in the European Artificial Intelligence Board to ensure consistent application of the law. The maximum fines for non-compliance with the AI Act can reach up to EUR 35 million or, if the offender is a company, up to 7% of its total worldwide annual turnover for the preceding financial year, whichever is higher.[10] Certain proportionate caps on fines will apply for small and medium-sized enterprises (SMEs) and start-ups.

III. Next Steps

The AI Act is an extensive and complicated piece of legislation, and its impact will be far-reaching. After the conclusion of the trilogue process, the AI Act is now subject to formal adoption by the European Parliament and the Council. Once adopted, the AI Act will be published in the Official Journal and will enter into force 20 days following publication. However, the AI Act will not become fully enforceable until two years after its entry into force—likely in 2026—with some exceptions for specific provisions such as prohibited AI systems and AI systems classified as GPAI, which will be applicable after 6 and 12 months, respectively.

Now that political agreement has been reached, companies should be proactively engaging with the provisions of the AI Act and making preparations to ensure compliance by the applicable deadlines.

__________

[1] Council of the EU, Artificial intelligence act: Council and Parliament strike a deal on the first rules for AI in the world, press release of 9 December 2023, available here.

[2] The scope of some of the broadest jurisdictional hooks, including governing companies that are responsible for generating output from AI tools that have effect in the Union, remains to be seen.

[3] See, Luca Bertuzzi, Euractiv, OECD updates definition of Artificial Intelligence ‘to inform EU’s AI Act’, Article of 9 November 2023, available here.

[4] See, Luca Bertuzzi, Euractiv, AI Act: EU policymakers nail down rules on AI models, butt heads on law enforcement, Article of 9 December 2023, available here.

[5] European Commission, Commission welcomes political agreement on Artificial Intelligence Act, Article of 9 December 2023, available here.

[6] See, Luca Bertuzzi, Euractiv, AI Act: Leading MEPs revise high-risk classification, ignoring negative legal opinion, Article of 10 November 2023, available here.

[7] European Parliament’s compromise proposal, Art. 3(1c), available here.

[8] European Commission, Commission welcomes political agreement on Artificial Intelligence Act, Article of 9 December 2023, available here.

[9] See, Luca Bertuzzi, Euractiv, EU’s AI Act negotiations hit the brakes over foundation models, Article of 10 November 2023, available here.

[10] European Commission, Commission welcomes political agreement on Artificial Intelligence Act, Article of 9 December 2023, available here.

The following Gibson Dunn attorneys assisted in preparing this update: Vivek Mohan, Robert Spano, Kai Gesing, Joel Harrison, Christian Riis-Madsen, Nicholas Banasevic, Stéphane Frank, Frances Waldmann, Leon Freyermuth, Christoph Jacob, Jonas Jousma, Yannick Oberacker, Ciara O’Gara, Tine Rasmussen, and Hayley Smith.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any of the leaders and members of the firm’s Artificial Intelligence or Privacy, Cybersecurity & Data Innovation practice groups, or the following authors:

Stéphane Frank – Brussels (+32 2 554 72 07, [email protected])
Kai Gesing – Munich (+49 89 189 33 180, [email protected])
Joel Harrison – London (+44 20 7071 4289, [email protected])
Vivek Mohan – Palo Alto (+1 650.849.5345, [email protected])
Christian Riis-Madsen – Brussels (+32 2 554 72 05, [email protected])
Robert Spano – London/Paris (+44 20 7071 4902, [email protected])
Frances A. Waldmann – Los Angeles (+1 213.229.7914, [email protected])

Artificial Intelligence:
Cassandra L. Gaedt-Sheckter – Co-Chair, Palo Alto (+1 650.849.5203, [email protected])
Vivek Mohan – Co-Chair, Palo Alto (+1 650.849.5345, [email protected])
Robert Spano – Co-Chair, London/Paris (+44 20 7071 4902, [email protected])
Eric D. Vandevelde – Co-Chair, Los Angeles (+1 213.229.7186, [email protected])

Privacy, Cybersecurity and Data Innovation:
Ahmed Baladi – Co-Chair, Paris (+33 (0) 1 56 43 13 00, [email protected])
S. Ashlie Beringer – Co-Chair, Palo Alto (+1 650.849.5327, [email protected])
Jane C. Horvath – Co-Chair, Washington, D.C. (+1 202.955.8505, [email protected])
Alexander H. Southwell – Co-Chair, New York (+1 212.351.3981, [email protected])

Gibson Dunn has formed a Workplace DEI Task Force, bringing to bear the Firm’s experience in employment, appellate and Constitutional law, DEI programs, securities and corporate governance, and government contracts to help our clients develop creative, practical, and lawful approaches to accomplish their DEI objectives following the Supreme Court’s decision in SFFA v. Harvard. Prior issues of our DEI Task Force Update can be found in our DEI Resource Center. Should you have questions about developments in this space or about your own DEI programs, please do not hesitate to reach out to any member of our DEI Task Force or the authors of this Update (listed below).

Key Developments:

On December 6, 2023, Fearless Fund (represented by Gibson Dunn) filed its merits brief in Am. Alliance for Equal Rights v. Fearless Fund Mgmt., LLC, No. 23-13138 (11th Cir. 2023). The brief is available here. Fearless Fund is a Black women-owned venture capital firm with a “Fearless Strivers” charitable grant program that provides $20,000 grants to Black female entrepreneurs as part of its mission to raise awareness about inequities in access to capital. AAER sued Fearless Fund in August 2023, claiming the program violates Section 1981 and seeking a preliminary injunction preventing Fearless Fund from awarding the grants. The district court denied the plaintiff’s motion for a preliminary injunction, but on September 30, 2023, the Eleventh Circuit temporarily enjoined the program pending appeal. AAER filed its merits brief on November 6, 2023. Its reply brief is due on January 3, 2024. Oral argument is scheduled for January 31, 2024.

On December 6, 2023, the U.S. Supreme Court heard oral arguments in Muldrow v. City of St. Louis, a case that presents potentially sweeping implications for workplace discrimination claims. The question before the Court is whether Title VII prohibits discrimination in transfer decisions if the transfer did not create a significant disadvantage for the employee, such as diminished earnings, benefits, or future career prospects. The plaintiff argued that all job-transfer decisions based on a protected characteristic violate Title VII regardless of whether an employee suffers any additional harm, an argument to which a number of Justices appeared sympathetic. The defendant argued that an employee must experience a materially adverse employment action—beyond the transfer decision itself—for the action to be cognizable under Title VII. Depending on its scope, a finding by the Court that the lateral transfer in this case was an actionable change in the “terms, conditions and privileges of employment” could significantly expand the range of employment actions subject to Title VII. An expanded definition of “terms, conditions and privileges of employment” could raise questions, for example, about whether workplace DEI programs that do not constitute tangible employment actions like promotions could nevertheless be actionable under Title VII if they provide differential treatment based on race or gender.

On November 28, 2023, America First Legal (“AFL”), on behalf of Target shareholders, filed an amended complaint in its lawsuit against Target Corporation and certain of its officers. Plaintiffs allege that the Target board depressed Target’s stock price by falsely representing that it was monitoring social and political risks to the company, when it was, in fact, only focused on risks associated with not achieving ESG and DEI goals. The original complaint alleged violations of Sections 10(b) and 14(a) of the Securities Exchange Act of 1934. The amended complaint adds a claim under Section 20(a) of the Exchange Act based on the company’s 2023 Pride Month collection. The amended complaint also adds four new plaintiffs. Responsive pleadings are due on January 26, 2024.

On December 4, 2023, the Sixth Circuit issued a decision in Ames v. Ohio Department of Youth Services, No. 23-3341 (6th Cir. Dec. 4, 2023), calling attention to a circuit split relating to a plaintiff’s burden of proof in Title VII “reverse-discrimination” cases. In affirming the district court’s decision granting summary judgment for the Department, the court relied on Sixth Circuit precedent that requires plaintiffs in reverse-discrimination cases to make an additional showing that “background circumstances . . . support the suspicion that the defendant is that unusual employer who discriminates against the majority.” In a concurring opinion, Judge Raymond M. Kethledge took issue with the background circumstances rule, noting that the rule goes against the express language of Title VII because it imposes different burdens on different plaintiffs based on their membership in different demographic groups. The Sixth, Seventh, Eighth, Tenth, and D.C. Circuits have adopted the background circumstances rule, while the Third and Eleventh Circuits have expressly rejected it. Judge Kethledge predicted that the Supreme Court will resolve the circuit split and review the validity of the background circumstances rule.

With the 2024 proxy season approaching for many publicly traded companies, special interest investors with viewpoints that span the political spectrum continue to use the shareholder proposal process set forth in Securities and Exchange Commission (SEC) Rule 14a-8 to advance their particular pro- or anti-DEI agendas. As we reported on here, shareholder proposals focused on nondiscrimination and diversity issues were the fourth most popular proposals submitted during the 2023 proxy season. These proposals largely focused on requesting racial equity or civil rights audits, reports on DEI efforts, and analyses of gender and racial pay equity. Companies also received shareholder proposals from ESG skeptics like the National Legal and Policy Center and the National Center for Public Policy Research. These proposals asked that companies roll back plans to undertake a racial equity audit, conduct a cost/benefit analysis of DEI programs and conduct a “return to merit” audit where the supporting statements focused on concerns about potential discrimination against “non-diverse” employees or discrimination based on religious and political views. DEI-related shareholder proposals submitted for 2024 annual meetings to date are similar, including shareholder proposals requesting reports on corporate DEI programs and on any risks associated with potential discrimination against conservative viewpoints or ideologies.

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

The Washington Post, “Conservatives are suing law firms over diversity efforts. It’s working.” (December 9): The Post’s Julian Mark and Taylor Telford summarize the efforts of Edward Blum’s conservative advocacy group American Alliance for Equal Rights, which has sued or sent threat letters to at least seven law firms challenging their diversity recruitment programs. At least three of these firms changed their diversity fellowship eligibility criteria. Blum noted that “it is likely that other corporate entities with similar racially discriminatory policies will be sued in the coming weeks.” Professor Kenji Yoshino was quoted extensively and offered alternative paths to achieving DEI goals in this new legal landscape.
Bloomberg Law, “Blum Says He’s Done Suing Law Firms as Winston Yields on DEI.” (December 6, 2023): Bloomberg Law’s Tatyana Monnay reports that AAER has no further plans to sue law firms, however, Edward Blum noted that his team still “combs websites of hundreds of firms looking for any evidence of programs he views as illegal.”
Law360, “Commerce Dept. Wants Feedback on Draft DEI Principles” (November 27): Law360’s Sarah Jarvis reports on a recent request by the U.S. Department of Commerce for comments on a proposed set of DEIA principles that set out best practices for DEI in the private sector. According to the Department’s Federal Register notice, the Initiative is intended to be the first step in a long-term effort to “convene private sector business diversity leaders, amplify existing efforts, and inspire additional, voluntary business diversity efforts.” The draft principles are focused on executive leadership, organizational strategy, workforce development, human resources, business opportunities, and community investment. Comments are due January 5, 2024.
Bloomberg Law, “Nasdaq’s Board Diversity Court Win Draws New Conservative Appeal” (November 28): Bloomberg Law’s Andrew Ramonas reports that the National Center for Public Policy Research (“NCPPR”) has filed a petition for en banc review of the Fifth Circuit’s October decision in Alliance for Fair Board Recruitment v. SEC, upholding Nasdaq’s Board Diversity Rules. The Alliance for Fair Board Recruitment, the other petitioner in the case, previously filed a petition for rehearing in October. Among other things, NCPPR contends that the rules exceed the scope of the Exchange Act. Gibson Dunn represents Nasdaq as an intervenor in the case.
Law360 California Pulse, “Diversity In Management Linked To Higher Long-Term Growth” (November 30): Law360’s Aaron West summarizes a new study by corporate social responsibility and workplace equity nonprofit As You Sow, which found that, in certain industries, companies with more racial diversity in management are more likely to demonstrate increases in average long-term financial growth, income after tax, and other financial metrics. According to the report, these positive correlations were evident in the “communication services, consumer discretionary, consumer staples, financials, health care, and information technology sectors.” West notes that the study also identified that the most statistically significant positive financial gains occurred among companies with the largest market capitalization.
Law360, “4th Circ. Reluctant To Reverse White Exec’s Race Bias Verdict” (December 7): Law360’s Hayley Fowler reports on the oral argument before a panel of the Fourth Circuit in Duvall v. Novant Health Inc., a case in which a white executive was awarded nearly $4.6 million after a jury trial on his claim that he was fired as a result of a North Carolina hospital’s diversity initiative, in violation of Title VII. Oral argument on Novant Health’s appeal included an extended discussion of the efforts white collar workers must make to find new employment, in order to mitigate damages. According to Fowler, the panel “seemed dubious” overall of undoing the jury verdict in favor of the plaintiff.

Current Litigation:

Below is a list of updates in new and pending cases:

1. Contracting claims under Section 1981, the U.S. Constitution, and other statutes:

Am. Alliance for Equal Rights v. Winston & Strawn LLP, No. 4:23-cv-04113 (S.D. Tex. 2023): AAER sued law firm Winston & Strawn, challenging its 1L diversity fellowship program as racially discriminatory in violation of Section 1981.
- Latest update: On December 6, 2023, AAER dismissed the case after Winston & Strawn changed its fellowship program eligibility language to be race-neutral.
Phillips v. Starbucks Corp., No. 19-cv-19432 (D.N.J. 2019): On October 28, 2019, a white former Starbucks regional director sued the company for firing her based on her race, allegedly to protect its image after the company suffered bad press when two Black men were arrested in a store for which the plaintiff oversaw operations. The plaintiff alleged discrimination and retaliation in violation of Title VII, Section 1981, and New Jersey state law. On June 12, 2023, a New Jersey federal jury awarded $25.6 million in compensatory and punitive damages to the plaintiff. On July 13, 2023, Starbucks filed a number of post-trial motions, including a motion to vacate and a motion for judgment as a matter of law.
- Latest update: The court heard oral argument on the post-trial motions on November 30, 2023.
Correll v. Amazon.com, Inc., No. 3:21-cv-1833 (S.D. Cal. 2022): On October 28, 2021, a white male businessman sued Amazon, alleging that by having a feature within its website that allows consumers to identify products sold by non-white, non-male sellers, the company violated Section 1981 and separately California Civil Code §§ 51 and 51.5, which prohibit racial discrimination by businesses.
- Latest update: On November 28, 2023, the parties filed a joint motion to dismiss, stipulating to the plaintiff’s dismissal of the action against Amazon with prejudice. The court granted the motion on November 30, 2023.
Bradley, et al. v. Gannett Co. Inc., 1:23-cv-01100 (E.D.V.A. 2023): On August 18, 2023, white plaintiffs sued Gannett over its alleged “Reverse Race Discrimination Policy,” in response to Gannett’s expressed commitment to having its staff demographics reflect the communities it covers, alleging violations of Section 1981.
- Latest update: On November 24, Gannett moved to dismiss, arguing that the plaintiffs failed to state Section 1981 claims because they did not plead specific facts connecting the allegedly discriminatory policy with their own differential treatment on the basis of race. Gannett also argued that many of the actions that the plaintiffs challenged, including performance evaluations and reassignments, did not rise to actionable adverse employment actions. A hearing on the motion to dismiss has been scheduled for January 10, 2024.

2. Challenges to agency rules, laws, and regulatory decisions:

Alliance for Fair Board Recruitment v. SEC, No. 21-60626 (5th Cir. 2021): On October 18, 2023, a unanimous Fifth Circuit panel rejected challenges to Nasdaq’s Board Diversity Rules and the SEC’s approval of those rules. Petitioners Alliance for Fair Board Recruitment and National Center for Public Policy Research sought review of the SEC’s approval of Nasdaq’s Board Diversity Rules, which require companies that have contracted to list their shares on Nasdaq’s exchange to (1) disclose aggregated information about their board members’ voluntarily self-identified diversity characteristics (including race, gender, and sexual orientation), and (2) provide an explanation if fewer than two board members are diverse. The SEC approved the rules after determining that they were consistent with the Exchange Act. Petitioners challenged the rules on constitutional and statutory grounds. Gibson Dunn represents Nasdaq, which intervened to defend its rules.
- Latest update: On October 25, 2023, AFBR petitioned for a rehearing en banc. On November 27, 2023, NCPPR also petitioned for rehearing en banc, and the court ordered the SEC and Nasdaq to respond to the petitions. On November 28, Republican Attorneys General from Utah and 18 other states filed an amicus brief in support of the petitions. Responses to these petitions are due December 18, 2023.
Johnson v. Watkin, No. 1:23-cv-00848-ADA-CDB (E.D. Cal. 2023): On June 1, 2023, a community college professor in California sued to challenge new “Diversity, Equity and Inclusion Competencies and Criteria Recommendations” enacted by the California Community Colleges Chancellor’s Office, claiming the regulations violated the First and Fourteenth Amendments. The plaintiff alleged that the adoption of the new competency standards, which require professors to be evaluated in part on their success in integrating DEI-related concepts in the classroom, will require him to espouse DEI principles with which he disagrees, or be punished. The plaintiff moved to enjoin the policy.
- Latest update: On November 29, 2023, both plaintiff and defendant filed objections to the magistrate judge’s recommendation and proposed order granting a preliminary injunction to prevent the college from disciplining or investigating the plaintiff based on his political speech. The plaintiff argued that the court should enjoin the new DEI rules in their entirety. The defendants argued that the proposed injunction is overbroad and forecloses all DEI policies (including those not yet written), and is factually inaccurate as to how disciplinary procedures work. The defendants further argued that the plaintiff lacks standing and that the rules are constitutionally permissible standards for job-related conduct rather than restrictions of the plaintiff’s personal views.

3. Educational Institutions and Admissions (Fifth Amendment, Fourteenth Amendment, Title VI, Title IX):

Students for Fair Admissions, Inc. v. University of Texas at Austin, 1:20-cv-00763-RP (W.D. Tex. 2020): On July 20, 2020, SFFA sued the University of Texas, alleging that UT Austin’s methods of considering race in undergraduate admissions violated the Equal Protection Clause of the Fourteenth Amendment, Sections 1981, Title VII, the Texas Constitution, and Texas state law.
- Latest update: On October 27, 2023, the defendants moved to dismiss the action as moot, claiming UT Austin made its admissions process race-neutral following the Supreme Court’s decision in SFFA v. Harvard. On November 27, SFFA opposed dismissal, arguing the case is still live because UT Austin has allegedly failed to implement safeguards to ensure its admissions officers comply with the new policy and because SFFA is still seeking an injunction to prohibit UT from reinstituting its prior policy. The defendants’ reply is due on January 11, 2024.
Students for Fair Admissions v. United States Naval Academy, No. 1:23-cv-02699-ABA (D. Md. 2023): On October 5, 2023, SFFA sued the U.S. Naval Academy, arguing that consideration of race in its admissions process violates the Fifth Amendment.
- Latest update: On November 27, 2023, the court set a hearing on the plaintiffs’ motion for a preliminary injunction for December 14, 2023. On December 1, 2023, the Naval Academy and other federal defendants filed their response to the preliminary injunction motion, arguing that SFFA did not demonstrate that it had standing because it submitted only anonymous declarations on behalf of its members, and that it did not demonstrate irreparable harm because there had been a substantial delay in bringing the action. On the merits, the Academy argued that the military has a compelling national security interest in a diverse officer corps, and that its admissions process was narrowly tailored.
Students for Fair Admissions v. U.S. Military Academy at West Point, No. 7:23-cv-08262 (S.D.N.Y. 2023): On September 19, 2023, SFFA sued West Point, arguing that affirmative action in its admissions process, including alleged racial “benchmarks” of “desired percentages” of minority representation, violates the Fifth Amendment of the U.S. Constitution by taking applicants’ race into account.
- Latest update: On November 22, 2023, West Point and other federal officials filed their opposition to the motion for a preliminary injunction. They argued that SFFA has not demonstrated it has standing because it has not pled facts to show its members, who are described anonymously in the complaint, have a stake in the controversy. They also argued that SFFA did not demonstrate irreparable harm, in part because its members have not actually applied for admission to West Point. On the merits, West Point argued that its admissions process is constitutional because the military has a compelling national security interest in a diverse officer corps distinct from academic interests in student diversity, and its admissions process is narrowly tailored.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Elizabeth Ising, Blaine Evanson, Molly Senger, Zakiyyah Salim-Williams, Matt Gregory, Zoë Klein, Mollie Reiss, Teddy Rube*, Alana Bevan, Janice Jiang*, and Marquan Robertson*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following practice leaders and authors:

Jason C. Schwartz – Partner & Co-Chair, Labor & Employment Group
Washington, D.C. (+1 202-955-8242, [email protected])

Katherine V.A. Smith – Partner & Co-Chair, Labor & Employment Group
Los Angeles (+1 213-229-7107, [email protected])

Mylan L. Denerstein – Partner & Co-Chair, Public Policy Group
New York (+1 212-351-3850, [email protected])

Elizabeth A. Ising – Partner & Co-Chair, Securities Regulation and Corporate Governance
Washington, D.C. (+1 202-955-8287, [email protected])

Zakiyyah T. Salim-Williams – Partner & Chief Diversity Officer
Washington, D.C. (+1 202-955-8503, [email protected])

Molly T. Senger – Partner, Labor & Employment Group
Washington, D.C. (+1 202-955-8571, [email protected])

Blaine H. Evanson – Partner, Appellate & Constitutional Law Group
Orange County (+1 949-451-3805, [email protected])

*Teddy Rube, Janice Jiang, and Marquan Robertson are associates working in the firm’s Washington, D.C. office who are not yet admitted to practice law.

This edition of Gibson Dunn’s Federal Circuit Update summarizes the current status of several petitions pending before the Supreme Court, and recent Federal Circuit decisions concerning attorneys’ fees under 35 U.S.C. § 285, Article III standing, and the Board’s authority to issue a final written decision past the statutory deadline.

Federal Circuit News

Noteworthy Petitions for a Writ of Certiorari:

As we summarized in our October 2023 update, there are a few petitions pending before the Supreme Court. We provide an update below:

In VirnetX Inc. v. Mangrove Partners Master Fund, Ltd. (US No. 23-315), the Court granted an extension for the response, which is now due December 27, 2023. An amicus curiae brief has been filed by the Cato Institute.
In Intel Corp. v. Vidal (US No. 23-135), a response was filed on November 9, 2023. Three amici curiae briefs have been filed. The petition will be considered during the Court’s January 5, 2024 conference.
The Court denied the petition in HIP, Inc. v. Hormel Foods Corp. (US No. 23-185).

Other Federal Circuit News:

New Federal Circuit Rules. The December 1, 2023 amendments to the Federal Circuit Rules are now in effect. The Federal Circuit has also approved increases to its local fees effective December 1, 2023. Details can be found here.

Upcoming Oral Argument Calendar

The list of upcoming arguments at the Federal Circuit is available on the court’s website.

Key Case Summaries (November 2023)

In re PersonalWeb Technologies LLC, Nos. 21-1858, 21-1859, 21-1860 (Fed. Cir. Nov. 3, 2023): This was the third appeal from a multidistrict litigation involving PersonalWeb. In 2011, PersonalWeb sued Amazon for patent infringement. After claim construction, PersonalWeb dismissed with prejudice its claims against Amazon. Then, in 2018, PersonalWeb brought claims against Amazon’s customers on the same patents. Amazon intervened and filed a motion for declaratory judgment barring PersonalWeb’s infringement actions against Amazon and its customers. The cases were consolidated. The district court ultimately entered judgment of non-infringement in favor of Amazon. Amazon then moved for attorneys’ fees and costs under 35 U.S.C. § 285. The district court granted that motion and awarded over $5 million in fees and costs.

The majority (Reyna, J., joined by Lourie, J.) affirmed, holding that the district court did not abuse its discretion in awarding fees and costs. In particular, the majority concluded that the district court did not abuse its discretion when it determined that PersonalWeb’s claims were objectively baseless because it required only a “straightforward application of Kessler,” which precludes follow-up suits against a company’s customers over the same allegedly infringing products that had already been adjudicated. The majority reasoned that a dismissal with prejudice operates as an adverse adjudication on the merits.

Judge Dyk dissented, reasoning that PersonalWeb’s claims against Amazon’s customers were not objectively baseless in light of unsettled case law surrounding the Kessler doctrine, and specifically whether the Kessler doctrine applies to a stipulated dismissal with prejudice or only to a litigated determination of non-infringement. Indeed, PersonalWeb sought certiorari on that very issue from its 2018 litigation, and the Solicitor General filed an amicus brief agreeing with PersonalWeb that its claims should not have been barred under Kessler. Thus, Judge Dyk would have remanded because, in his view, the district court abused its discretion in awarding fees based on PersonalWeb’s Kessler argument.

Actelion Pharmaceuticals Ltd. v. Mylan Pharmaceuticals Inc., No. 22-1889 (Fed. Cir. Nov. 6, 2023): Actelion sued Mylan for infringing two of Actelion’s patents directed to epoprostenol formulations. The parties disputed the meaning of a limitation in the patents requiring “a pH of 13 or higher.” The district court construed the phrase to encompass “values that round up or down to 13, 12.5 and 13.4,” relying exclusively on the intrinsic evidence. Mylan stipulated to infringement of Actelion’s patents under the district court’s construction, and appealed.

The Federal Circuit (Stoll, J., joined by Reyna and Stark, J.J.) vacated and remanded. The Court concluded that the intrinsic evidence was not sufficiently clear as to the level of precision required by a “pH of 13 or higher” and that the district court should have considered the extrinsic evidence the parties presented to ascertain the ordinary meaning of the phrase. Accordingly, the Court vacated the district court’s construction and remanded for the district court to consider the extrinsic evidence in the first instance.

Allgenesis Biotherapeutics Inc. v. Cloudbreak Therapeutics, LLC, No. 22-1706 (Fed. Cir. Nov. 7, 2023): Allgenesis filed a petition for inter partes review (“IPR”) challenging Cloudbreak’s patent directed to the use of multikinase inhibitors, including nintedanib, for treating pterygium, an eye condition involving tumorous growths. During the proceeding, Cloudbreak disclaimed the genus claims, leaving only the claims that more narrowly claimed the use of nintedanib. The Board issued a final written decision finding that Allgenesis failed to show that the remaining nintedanib claims were unpatentable. Specifically, the Board found that the nintedanbi claims were sufficiently described by the specification of a provisional application from which the Cloudbreak patent claimed priority and therefore predated the alleged prior art reference.

The Federal Circuit (Moore, C.J., joined by Stoll and Cunningham, JJ.) dismissed the appeal because it determined that Allgenesis lacked Article III standing. The Court determined that Allgenesis failed to establish an injury-in-fact from potential infringement liability or that the Board’s priority analysis would have a preclusive effect, impacting Allgenesis’s patent rights in issued or still-pending continuation applications. Specifically, the Court held that collateral estoppel would not attach to the Board’s non-appealable priority determination. Instead, if an examiner were to reach the same priority determination during prosecution of Allgenesis’s pending application, “Allgenesis can challenge that determination in a separate appeal.”

Purdue Pharma L.P. v. Collegium Pharmaceutical, Inc., No. 22-1482 (Fed. Cir. Nov. 21, 2023): Purdue sued Collegium for infringement of Purdue’s patent directed to a formulation containing a gelling agent that “prevent[s] or deter[s] the abuse of opioid analgesics by the inclusion of at least one aversive agent in the dosage form.” Collegium filed a petition for post-grant review (“PGR”) of the patent. Purdue subsequently filed for bankruptcy and requested a stay of all proceedings, including the PGR. After the statutory deadline for the Board to issue a final written decision had passed, Purdue asked for the stay to be lifted for the district court proceedings only, but the bankruptcy court lifted the stay for both the district court and PGR proceedings. Purdue then moved to terminate the PGR proceeding, arguing that the Board no longer had the authority to issue a final written decision. The Board denied the motion and issued its final written decision, finding the challenged claims unpatentable for lack of written description and anticipation.

The Federal Circuit (Dyk, J., joined by Hughes and Stoll, JJ.) affirmed. The Court determined that the Board’s failure to meet the statutory deadline did not deprive the Board of authority to issue a final written decision. The Court noted that the statutory language required that the Board issue a final written decision by a certain deadline, but found no congressional intent to “deprive the agency of power” to act after the deadline passed.

The following Gibson Dunn attorneys assisted in preparing this update: Blaine Evanson, Jaysen Chung, Audrey Yang, Al Suarez, Julia Tabat*, and Vivian Lu.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups, or the following authors:

Blaine H. Evanson – Orange County (+1 949.451.3805, [email protected])
Audrey Yang – Dallas (+1 214.698.3215, [email protected])

Appellate and Constitutional Law:
Thomas H. Dupree Jr. – Washington, D.C. (+1 202.955.8547, [email protected])
Allyson N. Ho – Dallas (+1 214.698.3233, [email protected])
Julian W. Poon – Los Angeles (+ 213.229.7758, [email protected])

Intellectual Property:
Kate Dominguez – New York (+1 212.351.2338, [email protected])
Y. Ernest Hsin – San Francisco (+1 415.393.8224, [email protected])
Josh Krevitt – New York (+1 212.351.4000, [email protected])
Jane M. Love, Ph.D. – New York (+1 212.351.3922, [email protected])

*Julia Tabat is an associate working in the firm’s Dallas office who currently is admitted to practice in Illinois.

An Expert Analysis of FCPA Liability and Avoiding the Third Party Pitfall

Gibson, Dunn & Crutcher LLP is pleased to announce with Global Legal Group the release of Global Legal Insights – Bribery & Corruption 2024. Gibson Dunn partner Michael Diamant and partner-elect Melissa Farrar, with assistance from associates Allison Lewis and Kelly Skowera, were contributing editors to the publication’s Expert Analysis chapter, “Bribery & Corruption Laws and Regulations 2024 | FCPA liability: avoiding the thirdparty pitfall,” which addresses FCPA liability for actions of third parties and related compliance strategies. The Guide, comprising 21 jurisdictions, is live and FREE to access.

Please view this informative and comprehensive chapter via the links below:

CLICK HERE to view “Bribery & Corruption Laws and Regulations 2024 | FCPA liability: avoiding the thirdparty pitfall.”

CLICK HERE to view, download or print a PDF version.

The following Gibson Dunn lawyers prepared this publication: Michael Diamant and Melissa Farrar, with assistance from Allison Lewis and Kelly Skowera.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Anti-Corruption & FCPA practice group, or the following authors:

Michael S. Diamant – Washington, D.C. (+1 202.887.3604, [email protected])

Melissa Farrar – Washington, D.C. (+1 202.887.3579, [email protected])

The Proposed Guidelines set out for the first time the specific regulatory requirements and the SFC’s regulatory expectations in respect of market soundings in Hong Kong.

On October 11, 2023, Hong Kong’s Securities and Futures Commission (“SFC”) published a consultation paper (the “Consultation Paper”) on the proposed guidelines for market soundings (the “Proposed Guidelines”).[1] The Proposed Guidelines are noteworthy since it sets out for the first time the specific regulatory requirements and the SFC’s regulatory expectations in respect of market soundings in Hong Kong. This client alert will explore the SFC’s proposals in greater detail.

I. Why introduce the Proposed Guidelines?

To understand the rationale of the requirements in the Proposed Guidelines, it is helpful to understand why the SFC has decided that it is the appropriate time to introduce the Proposed Guidelines.

Firstly, the SFC observed an increasing number of persons trading ahead of placings and block trades, which suggested that some intermediaries may have unfairly taken advantage of non-public information received during market soundings to make unjustified profits. This led the SFC’s thematic review of market sounding practices and controls adopted by intermediaries in 2022, where the SFC noted a divergence of practices among intermediaries in designing their risk controls over market soundings, which suggested that more clarity on the SFC’s regulatory expectations was required to deter substandard conduct and to assist intermediaries in upholding market integrity during market soundings.

Secondly, in light of the determination of the Securities and Futures Appeals Tribunal (“SFAT”) on September 27, 2022 (the “SFAT Determination”) in the Aarons case,[2] the SFC considered it appropriate to provide both sell-side and buy-side market participants with additional clarity on complying with the general principles in the Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission (the “Code of Conduct”) during market soundings. In summary, the case involved a hedge fund manager who entered into short swaps (which can be used for short selling) after the manager received non-public information about an intended block sale (a large, privately negotiated sale of securities) of shares in a listed Korean company from one of the underwriters of the block sale. The communication was made by the underwriter (a sell-side broker) to the hedge fund manager (a buy-side participant) as part of a market sounding to see if the manager would be interested in participating as a buyer on the block sale. After news of the block sale became public, there was a material drop in the share price of the listed Korean company, and the short swaps entered into by the hedge fund manager generated a profit for the fund he managed.

The SFAT upheld the finding by the SFC that the hedge fund manager’s conduct was such that he was not a fit and proper person to continue to be licensed, having regard to General Principles 1 (Honesty and fairness) and 7 (Compliance) of the Code of Conduct. In doing so, the SFAT determined that a two years suspension of the hedge fund manager’s licence was the most appropriate sanction.

It is relevant to note that the hedge fund manager was not charged with the offence of insider dealing under the Securities and Futures Ordinance (Cap. 571) (“SFO”). The reason is likely because the civil and criminal insider dealing regimes[3] under the SFO have a regulatory lacuna with respect to insider dealing committed in Hong Kong with respect to overseas listed securities. This regulatory lacuna will be addressed when amendments to the insider dealing provisions under the SFO are introduced (please see our earlier client alert [4] for further details). As such, in hearing the appeal, it was not necessary for the SFAT to determine whether or not the communication made to the hedge fund manager constituted “inside information” as defined in the SFO. Rather, the issue to be determined by the SFAT was whether the hedge fund manager’s conduct breached the Code of Conduct (namely, General Principles 1 and 7).[5] The SFAT ultimately agreed with the SFC’s findings that the hedge fund manager’s deceitful conduct after receiving “material non-public information” about an impending block sale meant that he failed to adhere to principles of honest and fair conduct, and hence failed to act with the integrity that the market required, and in conclusion failed to comply with General Principles 1 and 7 of the Code of Conduct.

II. What communications are subject to the Proposed Guidelines?

The Proposed Guidelines would apply to the communication of non-public information – irrespective of whether or not it is price-sensitive “inside information”[6] – with potential investors prior to the announcement of a securities transaction, to gauge their interest in a potential transaction or assist in determining the specifications related to a potential transaction (such as private placements and large block trades) (“Market Sounding”), by intermediaries who:

Disclose non-public information during the course of a Market Sounding (“Disclosing Person”), such as a sell-side broker acting on behalf of an issuer or an existing shareholder selling in the secondary market (“Market Sounding Beneficiary”) in a potential securities transaction; and
Receive non-public information during the course of a Market Sounding, such as a buy-side firm that is sounded out by a Disclosing Person as a potential investor in a potential securities transaction(collectively, a “Market Sounding Intermediary”).[7]

It is important to highlight that the Proposed Guidelines apply to communications on all “non-public information”, irrespective of whether the same information constitutes “inside information” under the SFO. It is also noticeable that, despite referring to the SFAT Determination, the Proposed Guidelines do not use the potentially narrower term “material” non-public information, as found in the SFAT Determination, and instead adopt the much broader term “non-public information”. This appears to be intentional, as the Consultation Paper explains that one of the SFC’s concerns was that intermediaries may run the risk of potential misconduct from an inaccurate determination of what constitutes “inside information”, as it often involved complex judgment and interpretations and that it was not uncommon for parties to arrive at different conclusions)[8] – and presumably similar concerns apply to the determination of whether or not non-public information is “material” or not. Adopting the broader term “non-public information” therefore reduces the risk of inaccurate determinations.

III. What communications are not subject to the Proposed Guidelines?

According to the Consultation Paper, the Proposed Guidelines will not apply to communications regarding:

Speculative transactions or trade ideas shared by a Disclosing Person without consulting with the potential Market Sounding Beneficiary or without any “level of certainty” of such transactions materialising. The Proposed Guidelines provides guidance on the factors to consider in determining whether there is some “level of certainty”, such as the extent to which the Market Sounding Beneficiary has expressed an interest with the Disclosing Person in proceeding with a possible transaction, among other factors[9];
Transaction in such size, value, structure or selling method, that are commensurate with “ordinary day-to-day trade execution”, such as a sell-side broker sourcing potential buy-side participants to execute an ordinary size trade (in relation to the average trading volume or market capitalisation) after receiving an actual order instruction placed by the sell-side broker’s client with a genuine intention for execution; and
Public offering of securities.

The above carve-outs will be important in light of the wide range of Market Sounding communications that are likely to contain some form of “non-public information”. However, internal procedures and controls will need to be carefully designed and implemented, or else intermediaries run the risk of potential misconduct from an inaccurate determination of whether a particular communication falls within the above carve-outs, and therefore failing to comply with the regulatory requirements in the Proposed Guidelines.

The Proposed Guidelines also make clear that they may apply even before a formal mandate from the Market Sounding Beneficiary is received, i.e. as soon as the Disclosing Person starts to conduct any form of market sounding (soft or otherwise) on behalf of a Market Sounding Beneficiary.

IV. Core Principles of Market Sounding

The Proposed Guidelines contain a set of Core Principles (“CP”), which all Market Sounding Intermediaries should comply with in conducting Market Soundings. The CPs are briefly summarised below[10]:

CP 1. Market Integrity: Market Sounding Intermediaries should maintain confidentiality and not trade on or use non-public information passed or received during Market Soundings for the benefit of themselves or others until the information ceases to be non-public.
CP 2. Governance: Market Sounding Intermediaries should implement robust governance and oversight arrangements over its Market Sounding activities. This includes: (i) senior management are responsible for oversight of Market Soundings; (ii) establish governance arrangements for Marketing Soundings; (iii) designate a committee or person(s) independent from the “front-office” to monitor Market Soundings in support of senior management oversight; and (iv) develop and implement appropriate reporting lines and escalation processes to ensure any Market Sounding issues are promptly reported to senior management and the designated committee or person(s) for review and follow-up action.
CP 3. Policies and Procedures: Market Sounding Intermediaries should establish and maintain effective policies and procedures specifying the manner and expectations in which its Market Soundings should be conducted. The written polices and procedures should cover, among other matters: (i) when they become applicable and the timing and procedures of Market Soundings; (ii) allocation of roles and responsibilities among staff involved in Market Soundings, taking into account the “three lines of defence” and ensuring proper staff training; (iii) personal dealing restrictions; (iv) escalation protocols; (v) consequences for non-compliance with the Market Sounding requirements; (vi) categorisation, identification and handling of information during the course of Market Soundings; and (vii) record-keeping requirements.
CP 4. Information Barrier Controls: Market Sounding Intermediaries should implement adequate and effective physical and electronic information barrier controls to prevent inappropriate disclosure, misuse or leakage of non-public information during the course of Market Soundings. This includes, but is not limited to: (i) physical segregation; (ii) system user access controls; (iii) information sharing policies and procedures (e.g. Market Sounding information should be restricted to authorised personnel on a “need-to-know” basis and disclosed only through authorised communication channels); and (iv) maintaining a list of internal and external recipients of non-public information as well as “Restricted List” to prohibit trading on non-public information.
CP 5. Review and Monitoring Controls: Market Sounding Intermediaries should establish effective procedures and controls to monitor and detect suspicious behaviour, unauthorised disclosure, or misuse of information from Market Soundings. This includes periodic reviews of trading and communication surveillance controls, voice and electronic communications, and unauthorised access to information.
CP 6. Authorised Communication Channels: Market Sounding Intermediaries should only use recorded and firm-authorised communication channels to conduct Market Soundings, until the information ceases to be non-public.

Market Sounding Intermediaries are expected to periodically review and update their governance and oversight arrangements, policies and procedures, and internal systems and controls, to ensure that they remain robust and effective.

V. Specific requirements for Disclosing Persons

As the party that initiates Market Soundings, Disclosing Persons bear the initial responsibility to ensure that any non-public information associated with Market Soundings is properly safeguarded and disclosed in accordance with the standards of conduct set out in the Proposed Guidelines. To this end, the specific requirements applicable to the Disclosing Persons are more extensive than for the Recipient Persons, and are summarised below.[11]

Stage of Market Sounding	Specific Requirements
Pre-Market Sounding procedures	Before the initial contact with Recipient Persons or other potential investors to conduct a Market Sounding, a Disclosing Person should: Conduct assessments to determine whether the information disclosed during the Market Sounding would constitute non-public information; Obtain consent from the Market Sounding Beneficiary to engage in the Market Sounding; and Determine in advance, on a case-by-case basis taking into account the requirements in the Proposed Guidelines: (i) a standard set of information to be disclosed to Recipient Persons, (ii) an appropriate timing to conduct the Market Soundings, and (iii) a suitable number of Recipient Persons to contact for the Market Sounding.
During the Market Sounding communications process	A Disclosing Persons should adopt a standardised pre-approved script that is reviewed by senior management or independent functions, such as Legal and Compliance, during initial and subsequent Marketing Sounding communications. In summary, the script should at a minimum include: A statement that the communication is for the purpose of a Market Sounding and that the Recipient Person shall keep confidential the non-public information, and not trade or use such information for its own or others’ benefit until the information ceases to be non-public; A statement that the conversation is recorded and to request the Recipient Person’s consent for recording; Confirm that the individual is the person designated by the Recipient Person to receive Market Soundings; A statement that the Recipient Person will receive information which the Disclosing Person considers to non-public and a request for their consent to receive such information; and An estimate of when the information will cease to be non-public, where possible. After obtaining the above consents, a Disclosing Person should provide a written confirmation to the Recipient Person as soon as possible, summarising the contents covered in its Market Sounding communications. Prior to receiving the Recipient Person’s consent (as explained above), a Disclosing Person should ensure that any preliminary information shared with the Recipient Person is sufficiently broad, limited, vague and anonymised to minimise the change of the Recipient Person guessing the name of the security involved. Greater caution should be exercised in determining the amount of non-public information to be shared where the subject security may be identified even with the provision of only limited information (e.g. for narrow industry sectors) – for example the situation in the SFAT Determination as discussed above.
Cleansing	After non-public information has been disclosed during a Market Sounding, a Disclosing Person should: (i) conduct assessments to determine whether the information has ceased to be non-public (e.g. following the announcement of the transaction, or if the transaction was called off); and (ii) inform the Recipient Person(s) as soon as possible in writing when the information ceases to be non-public according to the Disclosing Person’s assessment.
Record keeping	A Disclosing Person should keep the records in relation to its Market Soundings for a period of not less than seven years. These records must include: Consents obtained from Market Sounding Beneficiaries to engage in Market Soundings; A list of Recipient Persons who informed the Disclosing Person that they do not wish to receive any Market Soundings; Audio, video or text recordings of Market Soundings conducted; The Disclosing Person’s assessment considerations, rationales, and discussions with the Market Sounding Beneficiary (if any), in determining whether the information disclosed would constitute non-public information, and whether non-public information disclosed during Market Soundings has ceased to be non-public; A list of all internal and external persons(s) who possess non-public information as a result of Market Soundings, including details such as the date and time of the Marketing Sounds, information and materials disclosed, etc.; Notifications to inform Recipient Persons when the information ceases to be non-public.

VI. Specific requirements for Recipient Persons

The specific requirements for Recipient Persons are relatively lighter when compared with the Disclosing Person, and are summarised below.[12]

Stages of Market Sounding

Requirements

Handling of Market Sounding requests

A Recipient Person should:

Designate a properly trained specified person(s) to receive Market Soundings, and inform the Disclosing Persons of such arrangement upon being contacted by the Disclosing Persons for Market Soundings; and
Inform the Disclosing persons whether it wishes to, or not to, receive Market Soundings from the Disclosing Persons.

Record keeping

A Recipient Person should keep the records in relation to its Market Soundings for a period of not less than seven years. These records must include:

Any notifications given to the Disclosing Person of its wish to, or not to, receive Market Soundings;
Audio, video or text recordings of Market Sounding received; and
A list of all internal and external persons(s) who possess non-public information as a result of Market Soundings, including details such as the date and time of the Marketing Sounds, information and materials disclosed, etc.

VII. Conclusion

The Consultation Paper containing the Proposed Guidelines is currently undergoing a public consultation. The SFC has indicated that it currently plans to provide a six-month transition period for the industry to update their internal procedures and controls after the Proposed Guidelines are finalised. Even prior to the finalisation of the Proposed Guidelines, intermediaries may still find it helpful to compare their existing internal procedures and controls with the requirements in the Proposed Guidelines, as it provides useful guidance on the SFC’s regulatory expectations and areas which an intermediary may wish to consider updating. As demonstrated by the SFAT Determination, the SFC can still find an intermediary to be in breach of the General Principles in the existing Code of Conduct if the intermediary engages in substandard conduct in respect of market soundings.

__________

[1] “Consultation Paper on the Proposed Guidelines for Market Soundings”, published by the SFC on October 11, 2023, available at: https://apps.sfc.hk/edistributionWeb/api/consultation/openFile?lang=EN&refNo=23CP6

[2] Christopher James Aarons v. Securities and Futures Commission, SFAT Application No. 1 of 2021, Determination, September 27, 2022, available at: https://www.sfat.gov.hk/files/SFAT%202021-1%20determination.pdf

[3] SFO, sections 270 and 291.

[4] “Hong Kong SFC Places Key Reforms to SFO Enforcement Provisions on Hold Following Industry Feedback”, published by Gibson Dunn on August 11, 2023, available at: https://www.gibsondunn.com/hong-kong-sfc-places-key-reforms-to-sfo-enforcement-provisions-on-hold-following-industry-feedback/.

[5] SFAT Determination, paragraph 192.

[6] “Inside information” is defined in sections 245 and 285 of the Securities and Futures Ordinance as “specific information that (a) is about (i) the corporation; (ii) a shareholder or officer of the corporation; or (iii) the listed securities of the corporation or their derivatives; and (b) is not generally known to the persons who are accustomed or would be likely to deal in the listed securities of the corporation but would if generally known to them be likely to materially affect the price of the listed securities.

[7] The Consultation Paper, paragraph 24; and the Proposed Guidelines, paragraph 1.2.

[8] The Consultation Paper, paragraphs 20 to 21.

[9] According to the Proposed Guidelines, a case-by-case consideration of the facts and circumstances is needed to determine whether there is some “level of certainty” of a corresponding potential transaction materialising. The examples of factors to take into account when making such determination include the extent to which the Market Sounding Beneficiary has orally or in writing: (i) expressed an interested with the Disclosing Person in proceeding with a possible transaction; (ii) shared any particulars with the Disclosing Person in relation to the possible transaction (such as the timing, size, pricing or structure of the transaction); or (iii) mandated, requested or consented to the gauging of investor appetite by the Disclosing Person. It is important to note that these are only examples of some factors to take into account, and are not intended to be exhaustive.

[10] The Consultation Paper, paragraphs 27 to 41; the Proposed Guidelines, paragraph 2.

[11] The Proposed Guidelines, paragraph 3.

[12] The Proposed Guidelines, paragraph 4.

The following Gibson Dunn lawyers prepared this client alert: William Hallatt, Arnold Pun, and Jane Lu*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact any member of Gibson Dunn’s Global Financial Regulatory team, including the following members in Hong Kong:

William R. Hallatt – Hong Kong (+852 2214 3836, [email protected])
Emily Rumble – Hong Kong (+852 2214 3839, [email protected])
Arnold Pun – Hong Kong (+852 2214 3838, [email protected])
Becky Chung – Hong Kong (+852 2214 3837, [email protected])

*Jane Lu is a paralegal (pending admission) working in the firm’s Hong Kong office who is not yet admitted to practice law.

An overview of key technical provisions and practical takeaways for regulated parties from EPA’s final methane rule.

On December 2, 2023, the U.S. Environmental Protection Agency (EPA) announced its finalized rule targeting methane emissions from the oil and gas sector. In this regulatory action, EPA enacted (i) new source performance standards (NSPS) for methane and volatile organic compounds (VOCs) from new or modified oil and gas sources and (ii) emissions guidelines for states to follow in designing and executing implementation plans to cover existing sources.

This final rule is one of the Biden Administration’s signature actions to address climate change. In finalizing the rule, EPA included measures designed to decrease flaring and fugitive emissions from oil and gas production facilities and also moved forward with its novel “Super Emitter” program that allows third parties to track large emissions events. But the final rule also included additional flexibility for industry and states compared to EPA’s proposal, such as more time for states to submit compliance plans for existing facilities, more time for certain requirements, and flexibility for industry to use advanced monitoring technologies to detect methane leaks.

This client alert summarizes the key technical provisions for oil and gas production and practical takeaways for regulated parties.[1]

Who is subject to the rule? The rulemaking applies to new and existing oil and gas facilities involved in (i) production and processing, including equipment and processes at well sites, storage tank batteries, gathering and boosting compressor stations, and natural gas processing plants, and (ii) natural gas transmission and storage, including compressor stations and storage tank batteries.

What are the key takeaways? Leveraging EPA’s existing VOC rules governing oil and gas production, EPA’s new rule requires frequent monitoring and repair of methane leaks at well sites, centralized production facilities, and compressor stations using established inspection technologies or, at an operator’s election, novel advanced detection technologies. Similarly, storage vessels at production facilities are regulated in largely the same manner under this final rule as existing VOC requirements. However, storage vessels that previously were unaffected by regulation, including both new and existing facilities, may now be subject to NSPS based upon updated definitions and the addition of a new applicability trigger. Finally, the rule aims to phase out venting and flaring of gas coming from oil wells. Agency officials said the most significant emissions reductions created by the final rule come from this directive for new oil wells to eliminate routine gas flaring as well as requiring continuous operation of flares on storage tanks.

Unique to this rule is EPA’s creation of the “Super Emitter” program for identifying and addressing significant methane leaks from production facilities, including an avenue for qualified third parties to alert EPA of owners and operators exceeding the emissions standards and for EPA, in turn, to require owners/operators to investigate such alerts.

In addition, the rule imposes a number of new requirements on reciprocating compressors, centrifugal compressors, pneumatic pumps and controllers (even prohibiting using natural gas in all but a few circumstances) and sweetening units, as well as the completion process and liquids unloading process.

How has EPA structured the legal framework?[2] The new rule establishes a role for both federal and state standards. First, new federal NSPS, added at 40 C.F.R. part 60, subpart OOOOb, apply to sources that commenced construction, modification, or reconstruction after December 6, 2022.

Second, existing sources will be regulated by emissions guidelines implemented as part of state programs that are equivalent to federal NSPS. These emissions guidelines – which essentially serve as model rules for states to implement – are set forth in a new subpart, OOOOc. States can either adopt presumptive standards set forth in the OOOOc emissions guidelines for existing sources or develop their own standards that are as strict as the federal standards, and they must conduct meaningful public engagement during their development of these standards.

EPA must approve all state emissions standards, and if a state’s standards are not as strict as the federal standards, EPA can then promulgate a rule for that state.[3]

What is the applicability date? The final rule’s “applicability date” is December 6, 2022. Sources constructed, modified or reconstructed after December 6, 2022 will need to comply with the new source performance standards in OOOOb.

Sources constructed prior to December 6, 2022 will be considered existing sources and will have later compliance dates under state plans. For this category of existing sources, states have two years to propose these standards, and operators have three years after that submission deadline to comply. For that reason, the deadline for compliance for existing sources will vary based on location, but could be up to five years.

What are the key differences in obligations for new and existing sources? Both subpart OOOOb and subpart OOOOc include new requirements to address methane emissions from oil and gas operations using the “best system of emission reduction” (BSER) as summarized below. With the exception of requirements governing new wells and well completions (and particularly the flaring requirements), the final NSPS subpart OOOOb requirements for new affected facilities and the presumptive standards for existing facilities under subpart OOOOc are largely the same as it relates to methane. The key differences between the two programs are (i) the timeframe for compliance, (ii) the additional requirements for new wells, particularly as it relates to flaring, and well completions, and (iii) the additional requirements for VOC control for new sources.[4]

What are the key elements of the new requirements?

Eliminating Routine Flaring From Oil Wells. EPA’s new rule phases out flaring of gas coming from new oil wells under subpart OOOOb. It phases in flaring restrictions by dividing wells into three categories based on construction date. For new wells constructed after future dates set by the rule, routine flaring will be prohibited after the phase-in period; ultimately, absent a safety concern or defined malfunctions, gas from these wells must be routed to a sales line, used as an onsite fuel source or another useful purpose that a purchased fuel, chemical feedstock, or raw material would serve, or reinjected into the well or into another well upon start-up.

Under subpart OOOOc, for preexisting wells with documented methane emissions of 40 tons per year or less, flaring is permitted provided that the gas is routed to a flare or control device that achieves 95.0 percent reduction in methane. For existing wells with documented methane emissions of 40 tons per year or more, flaring is prohibited absent a showing of technical infeasibility with alternative options. These alternatives include routing the gas to a sales line, using it as an onsite fuel source or for another useful purpose, or injecting it back into the same well or another well. If all of these options are technically infeasible, then these existing wells (producing associated gas with more than 40 tpy of methane) can route associated gas to a flare or control device that achieves 95.0 percent reduction in methane.

Third-Party Monitoring of Super Emitters. EPA’s rule establishes the Super Emitter Program. Under this program, certain third-parties can seek agency authorization to detect “super emitter” events at operators’ sites and report those events to EPA. A super emitter event is defined by the rule as emissions of 100 kilograms (220.5 pounds) of methane per hour or larger.

To qualify, these third parties must be credentialed by EPA. Third parties must submit any super emitter detections to EPA, which then verifies them and notifies the operator. Upon receiving such a notification, an operator is required to investigate the alleged super emitter event within five days and report the results of the investigation to EPA within 15 days of the notification. Additionally, incidents that trigger this program may also trigger the Department of Transportation’s upcoming Pipeline and Hazardous Materials Safety Administration rule, which will likely impose reporting and remediation requirements in the event of a major leak (a term that has yet to be defined).

In response to industry comments, the final rule takes a different approach from the proposed rule in that EPA, and not third parties, will notify an identified owner or operator after reviewing third-party notifications of the presence of a super emitter event at or near its oil and gas. Also, in response to comments, the final rule provides that certified third parties only will be authorized to use remote sensing technologies such as satellites or aerial surveys—the program does not authorize third parties to enter well sites or other oil and gas facilities.

Storage Vessel Applicability Changes. In the regulation, EPA has retained the preexisting control and operational requirements governing storage tanks used in oil and gas production under NSPS Subparts OOOO and OOOOa, including the requirement to reduce emissions by 95 percent, but it has added methane into the VOC framework, changed the trigger governing when the federal requirements apply, and added requirements for determining when state permit limits are legally and practicably enforceable limits. These applicability changes potentially impact both new and existing operations.

For purposes of the NSPS applicability trigger governing new or modified facilities, EPA’s rule adds storage tank batteries (i.e. groups of tanks that are adjacent and receive fluids from the same source) to the existing definition of storage vessel. A tank battery is an affected facility under the rule if the aggregate potential methane emissions from the group of storage vessels is greater than or equal to 20 tons per year. This is a change from EPA’s preexisting approach under NSPS Subpart OOOO and OOOOa, which evaluates applicability based on emissions from individual storage tanks (as opposed to batteries). If owners or operators of new or modified facilities trigger NSPS Subpart OOOOb applicability under this new criteria, then the owners/operators of tanks or batteries qualifying as affected facilities must reduce VOC and methane emissions by 95 percent (as previously required by NSPS Subpart OOOO and OOOOa).

The NSPS rule also updates the definition of “modification” to cover the occurrence of an increase in potential emissions of a tank battery such that its potential to emit (PTE) exceeds the 6 tons of VOC per year or 20 tons of methane per year thresholds following any of these four specified physical or operational changes: (i) adding a storage vessel to an existing battery; (ii) increasing the cumulative storage capacity of the battery by replacing one or more storage vessels; (iii) for well sites or centralized production facilities: an existing battery receives additional crude oil, condensate, intermediate hydrocarbons, or produced water throughput (e.g. as a result of hydraulic fracturing or hydraulic refracturing); (iv) for compressor stations or onshore natural gas processing plants: an existing battery receives additional fluids which cumulatively exceed the throughput used in the most recent determination of the potential for VOC or methane emissions.

Owners/operators of existing tanks or tank batteries also will need to evaluate a new applicability trigger under the emissions guidelines set forth in Subpart OOOOc (as incorporated into state plans). Under the presumptive standard, for existing storage tanks or tank batteries with a PTE of 20 tons of methane per year or greater, owners/operators will have to reduce their emissions by 95 percent. In other words, under the rule, existing tank systems can now trigger NSPS requirements if their potential methane emissions exceed 20 tons per year.

Finally, EPA finalized criteria that must be met for a permit limit or other requirement to qualify as a legally and practicably enforceable limit for purposes of determining whether a tank battery is an affected facility or designated facility under NSPS OOOOb. A legally and practicably enforceable limit must include a quantitative production limit and quantitative operational limit(s) for the equipment, or quantitative operational limits for the equipment; an averaging time period for the production limit, if a production-based limit is used, that is equal to or less than 30 days; established parametric limits for the production and/or operational limit(s), and where a control device is used to achieve an operational limit, an initial compliance demonstration (i.e., performance test) for the control device that establishes the parametric limits; ongoing monitoring of the parametric limits that demonstrates continuous compliance with the production and/or operational limit(s); recordkeeping by the owner or operator that demonstrates continuous compliance with the limit(s) in; and periodic reporting that demonstrates continuous compliance.

New Methane Leaks Requirements. EPA’s new rule restructures leak detection and repair (LDAR) requirements based upon the type of facility involved in order to address methane and VOC leaks. In general, affected facilities are well sites, centralized production facilities, and compressor stations where components with the potential to emit fugitive emissions of methane or VOC are present.

Well sites are broken into several regulatory categories.

Single wellhead only well sites require quarterly audible, visual, and olfactory (AVO) inspections. Owners and operators have 15 days from detecting a leak to initiate repairs and must complete those repairs within 15 days after the first repair.
Multi-wellhead only well sites require semiannual optical gas imaging (OGI) inspections (or optional EPA Method 21 inspections) and quarterly AVO inspections. Repairs of any leaks must commence within 30 days of detection and be completed 30 days after the first repair attempt.
Well sites with major production and processing equipment, including one or more controlled storage vessels or tank batteries, control devices, or natural gas-driven process controllers or pumps, and centralized production facilities require quarterly OGI inspections (or optional EPA Method 21 alternative inspections) and bimonthly AVO inspections. Leak repairs must commence within 30 days and be completed 30 days after the first repair attempt.

At compressor stations, the rule requires quarterly OGI inspections (or EPA Method 21 alternative inspections) and monthly AVO inspections. Leaks detected using AVO inspections must be repaired within 15 days after detection and concluded within 15 days after that, while leaks detected using OGI or EPA Method 21 inspections must be repaired beginning 30 days after detection and finalized 30 days later.

The rule provides the opportunity for regulated parties to replace traditional leak detection programs (i.e. using Method 21 and OGI) with advanced measurement technologies such as on-site sensor networks and aerial flyovers using remote sensing technology. These technologies need to be approved by EPA in advance when an owner or operator submits a monitoring plan. The frequency at which these alternative technologies must be used in order to satisfy the traditional OGI/Method 21 requirements varies depending upon the capabilities of the technology itself. For example, if the technology has an aggregate detection threshold of 15 kilograms per hour, periodic screenings must be conducted monthly.

Well Closure. The rule requires that fugitive emissions monitoring continue until the closure of any well pursuant to a well closure plan. Once a well is closed, a final OGI survey must be performed. If any emissions are detected in this final survey, they must be eliminated. Then, the results of the OGI survey, along with other details of the well closure, must be submitted to EPA.

Pneumatic Pump And Controller Requirements. The new rule requires that all pneumatic pump affected facilities in the oil and gas industry have zero emissions. In other words, the rule prohibits natural gas-driven pumps except at facilities with fewer than three natural gas-driven diaphragm pumps in areas where other power sources are inaccessible. EPA’s new rule also requires pneumatic controllers (now called process controllers) outside of Alaska to have zero methane and VOC emissions. The rule provides a one-year period for operators and owners to come into compliance.

Well Liquids Unloading. The rule requires that affected gas wells that unload liquids minimize or eliminate venting of emissions during liquids unloading events to the maximum extent possible using best management practices. Alternatively, such wells can comply by reducing methane and VOC emissions from gas well liquids unloading events by 95 percent using a closed vent system (CVS) to route emissions to a control device.

Well Completions. The rule also regulates well completion of hydraulically fractured or refractured wells. During completion of most non-wildcat and non-delineation wells, owners or operators must route all flowback to a storage or completion vessel and separator. They must then utilize any salable gas (for example, as fuel on-site) and route all liquid to a storage or well completion vessel, a collection system, or another well. During completion of wildcat and delineation wells (and non-wildcat and non-delineation low pressure wells), owners or operators must either route all flowback to a completion combustion device or well completion vessels and use a separator.

Centrifugal Compressors. Centrifugal compressors with wet seals at new affected facilities other than well sites must reduce methane and VOC emissions from their fluid degassing systems by 95 percent by routing emissions to a control device or process. Some new centrifugal compressors such as centrifugal compressors with dry seals must instead meet work practice performance-based volumetric flow rate standards. At existing facilities located at non-well sites, the requirement will be monitoring and repair to maintain volumetric flow rate at or below 3 standard cubic feet per minute per seal.

Reciprocating Compressors. Reciprocating compressors must meet a performance-based emissions standard of 2 standard cubic feet per minute per cylinder.

Covers, Closed Vent Systems and Combustion Control Devices. Similar to the existing VOC rules, covers and CVSs must demonstrate their ability to comply with the no identifiable emissions standard through OGI or EPA Method 21 monitoring and AVO inspections conducted at the same frequency as the fugitive emissions monitoring for the type of site where the cover and CVS are located. Combustion control devices being used to meet a 95 percent emission reduction standard must demonstrate a continuous level of control of emissions through performance tests every 5 years.

Equipment Leaks at Natural Gas Processing Plants. Equipment located at onshore natural gas processing plants, defined as pumps, pressure relief devices, open-ended valves, and flanges and other connectors, must be inspected either (i) bimonthly using OGI monitoring or (ii) according to EPA Method 21 monitoring at the corresponding frequencies of each type of equipment. The rule also includes specific requirements for each piece of equipment. For example, open-ended valves must all be equipped with closure devices.

Sweetening Units. Affected facilities with a sulfur production rate of at least 5 long tons per day must reduce sulfur dioxide emissions by 99.9 percent. For affected facilities with a design capacity of less than 2 long tons per day of hydrogen sulfide in acid gas, recordkeeping and reporting are required but emissions controls are not. These rules only apply to new and modified sources.

How Does the Rule Intersect with Other Climate Change Laws and Programs? EPA’s final methane rule is part of a larger effort by the Biden Administration to address climate change. Related laws and proposals include:

In August 2022, Congress passed the Inflation Reduction Act (IRA) creating a phase-in schedule for a methane fee that commences in 2024. In 2024, the fee will be levied on methane emissions in excess of the allowance at a rate of $900 per metric ton. That rate will rise to $1200 in 2025, and it will remain at $1500 from 2026 on. Importantly, this fee applies only to facilities that are out of compliance with EPA’s methane emissions requirements and do not fall under another exemption.
In July 2023, EPA proposed key changes to the greenhouse gas emissions reporting requirements for the oil and gas sector. If finalized, most of the proposed changes would be reflected in reports for Reporting Year 2025, due by March 31, 2026.This proposed regulatory action would (i) newly require reporting for emissions from maintenance or other abnormal emission events (including planned releases from maintenance activities), (ii) revise existing calculation methodologies, (iii) expand reporting requirements for certain emissions sources, and (iv) clarify ownership transfer rules and reporting responsibility for assets sold or purchased during the reporting year.

__________

[1] To see a chart explaining how the 2023 rule compares to the 2012 and 2016 emissions rules with regard to specific facilities, go to https://www.epa.gov/system/files/documents/2023-12/epas-oil-and-natural-gas-final-rule-.table-of-covered-sources.pdf.

[2] In order to buoy the rule against potential legal challenges by states and other actors, the rule is self-described as severable with regard to each of its categories of actions and with regard to each emissions source it regulates.

[3] Two additional categories in the regulatory framework are edits to reconcile inconsistencies created by Congress’s repeal of 2020 methane rules and an appendix, appendix K, that establishes a protocol for the use of optical gas imaging inspections.

[4] A table summarizing the translation of BSER into concrete requirements for new and existing regulated sources can be found at https://www.epa.gov/system/files/documents/2023-12/summary-of-key-requirements-table.pdf.

The following Gibson Dunn attorneys assisted in preparing this update: Stacie Fletcher, Rachel Levick, Veronica J.T. Goodson, Monica Murphy, Samantha Yi*, and Dominic Solari.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders and members of the firm’s Environmental Litigation and Mass Tort, Environmental, Social and Governance, Oil and Gas or Cleantech practice groups:

Environmental Litigation and Mass Tort:
Stacie B. Fletcher – Washington, D.C. (+1 202.887.3627, [email protected])
David Fotouhi – Washington, D.C. (+1 202.955.8502, [email protected])
Rachel Levick – Washington, D.C. (+1 202.887.3574, [email protected])
Veronica J.T. Goodson – Washington, D.C. (+1 202.887.3719, [email protected])

Environmental, Social and Governance (ESG):
Hillary H. Holmes – Houston (+1 346.718.6602, [email protected])
Elizabeth Ising – Washington, D.C. (+1 202.955.8287, [email protected])
Perlette M. Jura – Los Angeles (+1 213.229.7121, [email protected])
Ronald Kirk – Dallas (+1 214.698.3295, [email protected])
Michael K. Murphy – Washington, D.C. (+1 202.955.8238, [email protected])

Oil and Gas:
Michael P. Darden – Houston (+1 346.718.6789, [email protected])
Anna P. Howell – London (+44 20 7071 4241, [email protected])
Rahul D. Vashi – Houston (+1 346.718.6659, [email protected])

Cleantech:
John T. Gaffney – New York (+1 212.351.2626, [email protected])

*Samantha Yi is an associate working in the firm’s Washington, D.C. office who currently is admitted to practice in Maryland.

The steps will further strengthen London’s position as a leading centre for resolution of cross-border commercial disputes.

The UK Government has recently taken two steps that will further strengthen London’s position as a leading centre for the resolution of cross-border commercial disputes: (1) introducing legislation updating the UK Arbitration Act 1996 (the “1996 Act”); and (2) confirming that the UK will join the Hague Convention on the Recognition and Enforcement of Foreign Judgments in Civil or Commercial Matters (the “Hague Convention”) as soon as practicable. This client alert highlights some key takeaways from each development.

I. Updates to the 1996 Act

(a) Status

Arbitration in England and Wales is regulated by the 1996 Act – a framework that has helped contribute to London’s global ranking as the most preferred seat for international commercial arbitration.[1] In 2021, the UK Government asked the Law Commission to review the 1996 Act, to determine “whether there might be any amendments to be made in order to ensure that it is fit for purpose…”.[2]

The results of this consultation process were published in September 2023, together with proposed draft legislation to implement the reforms proposed (the “Arbitration Bill”). The consultation concluded that wholesale reform was not needed or wanted; and the list of recommendations were confined to “a few major initiatives”, and “a very small number of minor corrections”.[3]

On 21 November 2023, the Arbitration Bill began its progress through the UK Parliament.[4] It is expected that the legislative process will be straightforward, and that the amended act will become law in 2024.

(b) What are the key changes?

Although the Arbitration Bill does not seek to reform the 1996 Act wholesale, there are some important changes:

A new express provision for summary disposal. The Arbitration Bill provides that a party will be able to apply for a claim, defence or issue to be dismissed “on a summary basis” if it has “no real prospect of succeeding” (thus aligning the test with that of summary judgment in the English courts). Whilst the power to dismiss summarily exists implicitly under the 1996 Act, the lack of express provision has meant that arbitral tribunals have been reluctant to exercise this power in practice. The proposed standard for dismissal is lower than most arbitral institutional rules provide (“manifestly without merit”).[5] Parties may nevertheless agree to those higher standards, however, as the new provision of the 1996 Act will be ‘opt out’.

The law governing an arbitration agreement is the law of the seat of the arbitration, absent express party agreement otherwise. This reverses the UK Supreme Court’s decision in Enka v Chubb [2020] UKSC 38,[6] where the court held, in short, that where parties have not expressly chosen a law to govern an agreement to arbitrate, but they have made an express choice of law to govern the wider (or “matrix”) contract in which the arbitration agreement sits, the law governing the matrix contract is likely to be considered the implied choice of law of the arbitration agreement. This is an important change for parties negotiating arbitration agreements: the law that governs that arbitration agreement should be express if different to the law of the seat, otherwise it will be deemed to be the law of the seat.

The process for challenging an award for lack of substantive jurisdiction has changed. Under s. 67 of the 1996 Act, a party may challenge an award as to its substantive jurisdiction, and this will involve a full re-hearing before court. The Arbitration Bill expressly limits the new arguments that may be heard in that context as follows:
- a ground for objection that was not raised before the arbitral tribunal must not be raised before the court unless the applicant shows that, at the time of the arbitration proceedings, the applicant did not know and could not with reasonable diligence have discovered the ground;
- evidence that was not heard by the tribunal must not be heard by the court unless the applicant shows that, at the time of the arbitration proceedings, the applicant could not with reasonable diligence have put the evidence before the tribunal; and
- evidence that was heard by the tribunal must not be re-heard by the court, unless the court considers it necessary “in the interests of justice”.

The court’s supportive powers of arbitration proceedings have been clarified. The Arbitration Bill: (i) clarifies that orders under s. 44 of the 1996 Act (including in relation to the preservation of evidence, and for injunctive relief) can be made against third parties;[7] and (ii) provides for the enforcement of emergency arbitrator decisions.[8]

Codifies an arbitrator’s duty of disclosure, introducing a statutory duty on an arbitrator to disclose “circumstances that might reasonably give rise to justifiable doubts as to [their] impartiality”.[9]

II. UK to join the Hague Convention

The second notable development is the UK Government’s confirmation that the UK will join the Hague Convention “as soon as practicable”, following a consultation period.[10]

The Hague Convention is a multilateral convention, which entered into force on 1 September 2023. The Hague Convention provides a set of common rules for the recognition and enforcement of judgments given in civil and commercial matters, between Contracting Parties. The merits of a judgment cannot be reviewed, and recognition and enforcement can only be refused on the grounds specified therein. While most national laws provide for the enforcement of foreign judgments (subject to certain conditions), such laws differ as between jurisdictions. This can make the enforcement of foreign judgments unpredictable, lengthy and costly. By establishing common rules, however, the Hague Convention provides greater certainty and reduces complexity (and cost) of that process.

The UK Government is expected to sign and ratify the Hague Convention without delay, and it will enter into force 12 months from the date on which the UK deposits its instrument of ratification.

__________

[1] Queen Mary University of London, 2021 International Arbitration Survey: Adapting arbitration to a changing world, available here: https://arbitration.qmul.ac.uk/research/2021-international-arbitration-survey/.

[2] Law Commission, Review of the Arbitration Act 1996, Current project status, available here: https://lawcom.gov.uk/project/review-of-the-arbitration-act-1996/.

[3] Law Commission, Review of the Arbitration Act 1996: Final report and Bill, paragraph 1.22, available here: https://lawcom.gov.uk/project/review-of-the-arbitration-act-1996/.

[4] https://bills.parliament.uk/publications/53038/documents/4022.

[5] See, for example, LCIA Arbitration Rules 2020, Article 22.1(viii); ICSID Convention Arbitration Rules 2022, Article 41; ICC Rules of Arbitration, Article 22 and Note to Parties and Arbitral Tribunals on the Conduct of the Arbitration under the ICC Rules of Arbitration, Section C.

[6] Enka v Chubb [2020] UKSC 38, available here: https://www.supremecourt.uk/cases/docs/uksc-2020-0091-judgment.pdf.

[7] Section 9 of the Arbitration Bill.

[8] Section 8 of the Arbitration Bill.

[9] Section 2(2) of the Arbitration Bill.

[10] Government response to the Hague Convention of July 2019 on the Recognition and Enforcement of Foreign Judgements in Civil or Commercial Matters (Hague 2019), 23 November 2023, available here: https://www.gov.uk/government/consultations/hague-convention-of-2-july-2019-on-the-recognition-and-enforcement-of-foreign-judgments-in-civil-or-commercial-matters-hague-2019/outcome/government-response-to-the-hague-convention-of-july-2019-on-the-recognition-and-enforcement-of-foreign-judgements-in-civil-or-commercial-matters-hagu.

The following Gibson Dunn attorneys assisted in preparing this update: Piers Plumptre, Stephanie Collins, Theo Tyrrell and Harriet Codd.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s International Arbitration, Judgment and Arbitral Award Enforcement, or Transnational Litigation practice groups, or any of the following in London:

Penny Madden KC (+44 20 7071 4226, [email protected])
Piers Plumptre (+44 20 7071 4271, [email protected])
Stephanie Collins (+44 20 7071 4216, [email protected])
Theo Tyrrell (+44 20 7071 4016, [email protected])
Harriet Codd (+44 20 7071 4057, [email protected])

The proposed regulations address, on a comprehensive basis for the first time in over 40 years, the determination of the investment tax credit for energy property under section 48.

On November 17, 2023, the IRS and Treasury issued proposed regulations (the “Proposed Regulations”) addressing, on a comprehensive basis for the first time in more than 40 years, the determination of the investment tax credit for energy property under section 48 (the “ITC”).[1] The Proposed Regulations also revisit more recent guidance on the prevailing wage and apprenticeship requirements (the “PWA Requirements”)[2] and provide guidance on other changes resulting from the Inflation Reduction Act of 2022 (the “IRA”), which made substantial adjustments to the ITC.[3] Taxpayers are permitted to rely on the Proposed Regulations until final regulations are published.

This alert briefly provides background on the ITC, summarizes the primary substantive content of the Proposed Regulations, and concludes with some observations regarding key implications for taxpayers.

Background

ITC-eligible property includes certain solar energy property, qualified biogas property, energy storage technology, and certain other properties. Although an ITC has been available for the placement in service of qualifying energy property since 1978, the IRS and Treasury have not issued comprehensive guidance relating to the determination of energy property ITC since 1981, despite significant technological developments and material changes to section 48 in the interim. Most recently, the IRA significantly increased the types of property that are eligible for the ITC, introduced the PWA Requirements, and added ITC “adder” or “bonus” amounts for projects that meet additional requirements (e.g., “energy community” siting and domestic content).[4] As a result, the ITC provisions are among the more frequently revised provisions in the Code, and the IRS and Treasury staff faced a heavy task in attempting to capture a lifetime (literally) of legal developments.

The Proposed Regulations provide long-sought updates to the ITC regulations and additional guidance with respect to critical IRA provisions.

Requirements for Energy Property

The Proposed Regulations touch nearly every aspect of ITC determination and computation; in some instances, the Proposed Regulations appear to represent a significant departure from existing law.

Units of Energy Property and Integral Parts

The Proposed Regulations provide that ITC-eligible property includes both (1) energy property (defined to “include” a “unit of energy property,” which is further defined as “all functionally interdependent components”) and (2) integral parts.[5] A component of energy property is “functionally interdependent” if placing the component in service, along with the other components, is necessary to generate or store electricity, thermal energy, or hydrogen, or otherwise perform a required function. “Integral part” is defined using long-standing ITC principles (and notably would include subsea export cables to an onshore substation).

Retrofitted Property

Generally speaking, under the IRS’s “80/20 rule” (which has appeared in various forms of IRS guidance), property may be treated as originally placed in service even if it contains some items of used property as long as the fair market value of the used property is not more than 20 percent of the total value of the relevant property. The Proposed Regulations make explicit the application of the 80/20 rule to ITC property, but compute the 80/20 rule by reference to the “unit of energy property” under the definition described above and take into account costs paid or incurred with respect to “integral parts” for ITC purposes only if the 80/20 rule is satisfied with respect to the “unit of energy property.” Importantly, subject to limited exceptions, the Proposed Regulations make clear that modifications or improvements to existing energy property are not eligible for the ITC unless the 80/20 rule is satisfied.

Fractional Interest / Multiple Owners Rule

The Proposed Regulations introduce a new rule providing that a taxpayer must own at least a fractional interest in an entire “unit of energy property” to claim the ITC in respect of any component of that energy property. Put differently, the ITC is disallowed if, for example, a taxpayer owns only one or more components (but less than all) of a “unit of energy property.” For purposes of this rule, “related taxpayers” (i.e., members of a group of trades or businesses that are under common control under Treas. Reg. § 1.52–1(b)) are treated as a single taxpayer.[6]

Dual Use Property

Under the existing regulations, if property uses energy from both qualifying sources and nonqualifying sources, the eligibility of the property for the ITC depends on the annual percentage of energy used from qualifying sources. Above a threshold percentage (computed with respect to each applicable year), the ITC is determined on a proportionate basis; below the cliff threshold percentage, the ITC is disallowed. In response to numerous taxpayer requests, the Proposed Regulations lower the cliff threshold percentage for ITC eligibility from 75 percent to 50 percent. Before the IRA, the dual use property rule was particularly onerous for determining the ITC eligibility of energy storage technologies, but the Proposed Regulations confirm that the IRA effectively overrode the dual use property rule for energy storage technologies.

Categories of Energy Property

In addition to simply updating the existing regulations for changes to the Code, the Proposed Regulations provide new guidance defining both new and existing categories of energy property. Certain of these categories are discussed below.

Energy storage technology. The Proposed Regulations would provide several critical clarifications regarding ITC-eligible energy storage technology:

Ammonia, methanol, and other hydrogen carriers: The preamble indicates that ITC-eligible hydrogen energy storage property includes storage via a “material based” medium (which may include forms of ammonia and methanol) or a “physical based” storage medium, provided that the storage is used solely for the production of energy (including the production of heat, the generation of electricity, or the use in a fuel cell vehicle) and not for the production of end products, such as fertilizer

Rechargeable electrochemical batteries and “second life” batteries: Rechargeable electrochemical batteries of all types would be ITC eligible. “Second life” battery components would be counted in determining whether an improvement to energy storage technology is ITC eligible, but, as is required by the Code, only if the modifications to the energy storage technology satisfy the statutory threshold applicable to that modified energy storage technology.[7] The IRS and Treasury separately are continuing to consider whether “second life” batteries should be considered new components for purposes of the 80/20 rule (discussed above).

Qualified biogas property. ITC-eligible qualified biogas property is defined in the Code as property comprising a system that converts biomass into a gas that is not less than 52 percent methane and captures the gas for sale or productive use (rather than for disposal by combustion), including any cleaning and conditioning property that is part of such a system. Notwithstanding the statutory reference to cleaning and conditioning property, however, the definition in the Proposed Regulations expressly excludes gas upgrading equipment, which generally concentrates the biogas (through removal of other gases such as carbon dioxide, nitrogen, or oxygen) into a mixture for injection into a pipeline.[8]

Geothermal property. The Proposed Regulations would clarify that ITC-eligible geothermal energy property includes production wells, injection wells, monitoring wells, and certain electricity generating equipment (for those projects that convert geothermal energy to electricity).[9] Consistent with the existing ITC regulations, distribution equipment also would be included as geothermal property under the Proposed Regulations.[10]

Electrochromic glass. The Proposed Regulations confirm statements in the legislative record that ITC-eligible electrochromic glass includes the full controls package, the electrochromic glass coating, as well as window and installation components (including glass, flashing, framing, and sealants). The Proposed Regulations add that windows incorporating electrochromic glass must be rated in accordance with the National Fenestration Rating Council (NFRC) and that secondary glazing systems must be rated in accordance with the Attachments Energy Rating Council (AERC) Rating and Certification Process.

Co-located property. The Proposed Regulations, like the Code, make clear that no ITC may be claimed in respect of any property that is part of a qualified facility generating section 45 production tax credits (“PTCs”). This prohibition makes delineating between an energy property (on which ITC is claimed) and a qualified facility (on which PTCs are claimed) of critical importance. Nevertheless, the Proposed Regulations provide that property that is shared by a PTC facility and an ITC property and that is an integral part of the ITC property will not be excluded from ITC qualification under this rule. An example in the Proposed Regulations illustrates the rule (or, perhaps, the exception to the rule) in the case of a PTC-eligible wind generation facility and an ITC-eligible energy storage property that share power conditioning and transfer equipment (which is integral to the energy storage property). The example explains how to allocate the cost of the power conditioning and transfer equipment between the wind generation facility and the energy storage property (for purposes of determining eligible ITC basis) and concludes that the shared integral equipment is ITC eligible (to the extent of the eligible basis) and that, because the shared equipment is not considered part of the PTC facility, the wind facility is eligible for PTCs.

Apprenticeship Requirements for Alteration and Repair

The Proposed Regulations would withdraw and re-propose portions of the proposed regulations issued with respect to the PWA Requirements in August 2023.

Under the IRA, other than certain grandfathered and statutorily excepted projects, a taxpayer seeking to claim the full (i.e., 30 percent, before adders) ITC generally must satisfy the PWA Requirements, including with respect to any alteration or repair of the ITC property during the five-year period beginning after the property is placed in service. Statutory cure provisions are available in the case of certain PWA Requirement failures, and if a taxpayer fails to cure a prevailing wage requirement failure during the recapture period, the unvested portion of the ITC would be subject to recapture. (Generally, 20 percent of the ITC fully vests every year, including the ITC “increase” for satisfying the PWA Requirements.) The Proposed Regulations would eliminate the recapture requirements for failing to satisfy the apprenticeship rules with respect to alteration and repair during the recapture period.[11]

“Energy Project” for PWA Requirements, Domestic Content, and Energy Community Rules

The PWA Requirements, the “domestic content” adder, and the “energy community” adder are applied with respect to an “energy project,” which is defined by the IRA as one or more energy properties that are operated as part of a single energy project. The Proposed Regulation would provide that multiple energy properties will be treated as an “energy project” if, at any time during the construction of the multiple energy properties, they are owned by a single taxpayer (together with any “related taxpayers”) and any two or more of the following factors are present:

The energy properties are constructed on contiguous pieces of land;
The energy properties are described in a common power purchase, thermal energy, or other off-take agreement or agreements;
The energy properties have a common intertie;
The energy properties share a common substation or thermal energy offtake point;
The energy properties are described in one or more common environmental or other regulatory permits;
The energy properties are constructed pursuant to a single master construction contract; or
The construction of the energy properties are financed pursuant to the same loan agreement.[12]

The Proposed Regulations also provide that, if multiple energy properties are treated as a single energy project under the begun construction rules (described in the preceding footnote), the multiple energy properties also will be treated as a single energy project for purposes of the PWA Requirements, the “domestic content” adder, and the “energy community” adder.

Commentary

The Proposed Regulations are a welcome development, but the guidance they provide is incomplete, especially without corresponding, fulsome recapture guidance (which, in its current form, is even more outdated than the existing ITC regulations). For example, the Proposed Regulations’ definition of a “unit of energy property” applies for purposes of (1) defining ITC-eligible property that does not need to separately satisfy the “integral” requirement, (2) applying the 80/20 rule, and (3) applying the new “fractional interest” rule. However, unlike the Code’s other “unit of property” rules (g., under sections 168 and 263A), this “unit of energy property” confusingly may not be the same unit of property with respect to which the ITC is actually determined or, critically, subjected to recapture.[13] Recapture guidance for circumstances in which damaged property is replaced is especially needed (in particular, in light of revisions to the 80/20 rule discussed below).

The Proposed Regulations state that “buildings (also referred to as structures) are generally not integral parts of an energy property because they are not integral to the activity of the energy property,” and then import part of a pre-1986 regular investment tax credit rule to define potentially “integral” buildings that are ITC-eligible.[14] However, any generalization against energy ITC-eligibility for buildings is not supported by the Code; buildings (and structural components) have been explicitly eligible (without qualification) for the energy ITC since it was enacted in 1978 (a point reiterated in the regulations since 1981), an effort by Congress to save taxpayers seeking the energy credit for building components from having to satisfy the exact rules to which the Proposed Regulations would subject them.[15] Indeed, several ITC-eligible properties are themselves building components.

Applying the 80/20 rule with respect to the ITC on a “unit of energy property” basis may represent a potentially significant change from present law, although its full effect is unclear without additional recapture guidance.[16] For example, although not as well developed as guidance under sections 168 or 263A, existing ITC guidance and rulings generally have analyzed the ITC qualification (and recapture) of replacement parts and improvements on a separate property-by-property basis.

The Proposed Regulations include welcome clarification that has been sought for several years by the offshore wind industry, making clear that ITC eligible property includes all property from the turbine downstream to onshore transformer and switchgear, including clarification that subsea export cables would qualify for the ITC.

The new fractional interest / multiple owners rule creates a massive new cliff-effect trap that will require taxpayers to be certain they own at least a fractional interest in the entire “unit of energy property” or otherwise risk total disallowance. The rule directly conflicts with the Tax Court’s decision in Cooper v. Commissioner;[17] it may be that the “unit of energy property” rules (described above) are intended to overrule that decision, although there is no mention of this intent in the preamble. This rule is likely to have an outsized impact on certain types of projects, including landfill gas projects, that are more likely to have different components of the project owned by different owners.

Although an example in the Proposed Regulations shows the ITC being claimed in respect of a battery that is co-located with a PTC facility, given the high stakes, further clarification would be helpful. For example, is a battery that is co-located with a PTC facility eligible for ITC even where the battery is not connected to the grid and is charged solely from the PTC facility (e., is arguably “integral” to the PTC facility)? Given the “integral part” framework of the Proposed Regulations and that a battery and a co-located PTC facility may represent separate projects, we believe it would be appropriate to adopt a bright-line rule specifying that energy storage property is eligible for the ITC even where the “unit of energy property” is integral to a co-located PTC facility.

Under the revised definition of “energy project,” which expressly excludes a facility on which PTC is claimed, it is curious that the decision about whether to claim PTC or ITC on a generation facility could have a material impact on the availability of certain credit adders, such as the domestic content adder, even for identical project configurations. (In particular, if PTC is claimed on the generation facility, then the generation facility and battery are independently tested. If, on the other hand, ITC is claimed on the generation facility, then the generation and battery are jointly tested.) A rule allowing for independent assessment of whether each particularly type of energy property is eligible for an adder would provide a more cohesive set of rules.

Application of the expansive “energy project” rules to the PWA Requirements, the “domestic content” adder, and the “energy community” adder (and, in particular, the “related taxpayer” rule) will make satisfaction of these requirements more challenging and will introduce new diligence and documentation hurdles.

The exclusion of gas upgrading equipment from the definition of qualified biogas property surprised many market participants (as it is arguably at odds with both the text of section 48 and analogous guidance) and is uncertain in scope. The preamble states that gas upgrading equipment is not a “functionally interdependent” component of qualified biogas property (and, therefore, implicitly not a “unit of [qualified biogas] energy property”). Unfortunately, the Proposed Regulations do not address whether gas upgrading equipment could be an “integral part” of qualified biogas property, e. whether gas upgrading equipment is used directly in the intended function of qualified biogas property and is essential to the completeness of the intended function.[18] Under this framework, gas upgrading equipment would seem to be an integral part of a single process to prepare biogas for sale or productive use; if the IRS and Treasury intended to signal that gas upgrading equipment needed to satisfy the “integral part” analysis (as it did with other equipment), would be helpful if they make that intent clearer.

Effective Date

The Proposed Regulations generally apply with respect to property placed in service during a taxable year beginning after the regulations are final, although (1) taxpayers may rely on these Proposed Regulations for taxable years beginning after December 31, 2022 and (2) the Proposed Regulations relating to the PWA Requirements apply to projects that begin construction after the date final regulations are published (except that the “energy project” rule applies to projects on which construction begins after November 22, 2023).

__________

[1] Unless indicated otherwise, all section references are references to the Internal Revenue Code of 1986, as amended (the “Code”), and references to “regulations” are references to those regulations promulgated under the Code.

[2] Please see our previous alert on the proposed regulations addressing the PWA Requirements, which is found here.

[3] As was the case with the so-called Tax Cuts and Jobs Act, the Senate’s reconciliation rules prevented Senators from changing the Act’s name, and the formal name of the so-called Inflation Reduction Act is actually “An Act to provide for reconciliation pursuant to title II of S. Con. Res. 14.”

[4] Please see our previous client alerts on these adders, which can be found here and here.

[5] “Integral parts” of energy property have been ITC-eligible since the energy credit was enacted in 1978, although the “integral part” language was not included in section 48 when the ITC statute was amended in 1990 for the gradual elimination of the regular investment tax credit that began in 1986. A reference to “integral parts” was included in section 48(a)(5) (election to claim the ITC for PTC facilities) when it was later enacted, and the statutory gap will be filled entirely when the ITC transitions to the technology neutral tax credit under section 48E in 2025.

[6] The preamble observes that “related taxpayer” is neither defined in section 48 nor did the IRS or Treasury receive comments regarding the “related taxpayer” rule in response to Notice 2015–70. Some further explanation may help clear up the confusion (and give an indication of the drafting task facing the IRS and Treasury): “Related taxpayer” is not defined in section 48 because it is not used in section 48; the language was removed, along with the rule to which it related, in 1990. The IRS and Treasury did not receive comments regarding the “related taxpayer” rule in response to Notice 2015–70 for that reason (and also because the IRS and Treasury did not ask for any such comments).

[7] Although improvements are generally not ITC eligible unless the modified property satisfies the 80/20 rule under the Proposed Regulations, modifications to energy storage technologies are subject to special statutory rules.

[8] In addition, the Proposed Regulations state that methane measurement would occur at the point at which gas exits the biogas production system, but likely before the biogas enters the gas upgrading equipment.

[9] Under the Proposed Regulations production equipment does not include equipment used for exploration and development of geothermal deposits.

[10] Distribution equipment generally is defined as equipment that transports geothermal energy from a geothermal deposit to the site of ultimate use. As is the case with the existing ITC regulations, however, geothermal property would not include any electrical transmission equipment.

[11] The cross-references in Prop. Treas. Reg. § 1.6418-5(f)(2) and Prop. Treas. Reg. § 1.6418-5(f)(3) to Prop. Treas. Reg. § 1.48-13(c)(3)(D) and to Prop. Treas. Reg. § 1.48-13(c)(3)(B), respectively, appear to have been intended as cross-references to Prop. Treas. Reg. § 1.48-13(c)(4) and to Prop. Treas. Reg. § 1.48-13(c)(3)(ii), respectively.

[12] Notice 2018-59 included a similar list of “single project” factors for purposes of determining whether construction had begun on a project, but did not contain the same numerical, two-factor threshold.

[13] Perhaps the single most persistent complaint we hear from clients involved in energy transition activities is the Code’s and Regulations’ inconsistent use of the critical IRA terms “project,” “facility,” “property,” and “component.” The Proposed Regulations may add “unit” to the list.

[14] Like the “unit of energy property” rule, this aspect of the Proposed Regulations appears to have its origins in Notice 2018-59, which is taxpayer-friendly guidance that addresses when construction began on ITC-eligible property but does not provide guidance as to what constitutes ITC-eligible property.

[15] This rule changes beginning in 2025, when buildings and their structural components become ineligible for the ITC under section 48E.

[16] Once again, this aspect of the Proposed Regulations appears to have been based on Notice 2018-59, which did not provide guidance for ITC eligibility.

[17] 88 T.C. 84 (1987).

[18] In contrast, the Proposed Regulations regarding electricity-generating property would treat analogous “power conditioning” and “transfer equipment” as integral.

The following Gibson Dunn attorneys prepared this update: Mike Cannon, Matt Donnelly, Josiah Bethards, Blake Hoerster, Alissa Fromkin Freltz, Duncan Hamilton, and Austin Morris.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Tax or Power and Renewables practice groups, or the following authors:

Tax:
Michael Q. Cannon – Dallas (+1 214.698.3232, [email protected])
Matt Donnelly – Washington, D.C. (+1 202.887.3567, [email protected])
Josiah Bethards – Dallas (+1 214.698.3354, [email protected])
Alissa Fromkin Freltz – Washington, D.C. (+1 202.777.9572, [email protected])
Duncan Hamilton– Dallas (+1 214.698.3135, [email protected])
Blake Hoerster – Dallas (+1 214.698.3180, [email protected])

Power and Renewables:
Peter J. Hanlon – New York (+1 212.351.2425, [email protected])
Nicholas H. Politan, Jr. – New York (+1 212.351.2616, [email protected])

An annual update of observations on new developments and highlights of considerations for calendar-year filers preparing Annual Reports on Form 10-K.

Each year we offer our observations on new developments and highlight select considerations for calendar-year filers as they prepare their Annual Reports on Form 10-K. This alert touches upon recent rulemaking from the U.S. Securities and Exchange Commission (“SEC”), comment letters issued by the staff of the SEC’s Division of Corporation Finance (the “Staff”), and trends among reporting companies that have emerged throughout the last year.

An index of the topics described in this alert is provided below.

I. New Disclosure Requirements for 2023
A. Update on Repurchase Rule
B. Cybersecurity Risk Management, Strategy, and Governance Disclosures
1. Risk Management and Strategy
2. Governance
C. Rule 10b5-1 Plan Disclosures for Section 16 Officers and Directors
D. Compensation Clawback Disclosures
II. Disclosure Trends and Considerations
A. Climate Change
B. Human Capital
C. Generative Artificial Intelligence
D. Geopolitical Conflict
E. Potential Government Shutdown
F. Inflation and Interest Rate Concerns
III. SEC Comment Letter Trends
IV. Other Reminders and Considerations
A. Disclosure Controls and Procedures
B. Characterization of Legal Proceedings
C. EDGAR Next
D. Filing Requirement for “Glossy” Annual Report
E. Cover Page XBRL Disclosures

I. New Disclosure Requirements for 2023

Throughout 2023, the SEC has maintained the rapid pace of rulemaking we have seen since Chair Gary Gensler took office in 2021. New disclosure requirements that, for calendar year-end companies, will begin to apply for the first time with the 2023 Form 10-K consist of:

Cybersecurity risk management, strategy, and governance disclosures, which will be included under “Item 1C. Cybersecurity,” a new caption under Part I; and
Compensation clawback-related disclosures, which involve a new Exhibit 97, two new checkbox disclosures on the Form 10-K cover page, and disclosure in Part III, “Item 11. Executive Compensation,” which most companies will forward-incorporate by reference to their upcoming proxy statements.

Beginning with the 2024 Form 10-K next year, all of the new cybersecurity disclosure requirements will need to be tagged in Inline XBRL (“iXBRL”).

Rules that would have required new disclosures around company share repurchases and company Rule 10b5-1 plans were challenged in litigation and therefore appear unlikely to apply to companies’ 2023 Forms 10-K.

Set forth below are discussions of each of the new disclosure requirements.

A. Update on Repurchase Rule

On November 22, 2023, the SEC announced [1] that it had issued an order indefinitely postponing the effectiveness of the Share Repurchase Disclosure Modernization rule (the “Repurchase Rule”), pending further SEC action. At the same time, the SEC asked the Fifth Circuit for additional time to respond to the court’s order, discussed below, requiring the SEC to correct deficiencies in the Repurchase Rule by November 30, 2023. The petitioners in the lawsuit that had challenged the Repurchase Rule opposed the SEC’s motion and requested instead vacatur of the Repurchase Rule. The court denied the SEC’s motion on November 26, 2023. We will provide further updates on the Repurchase Rule in the Gibson Dunn Securities Regulation Monitor.[2]

The Repurchase Rule, discussed in our client alert here[3], requires companies to: (i) disclose daily company share repurchase data in a new table filed as an exhibit to reports on Form 10-Q and Form 10-K, (ii) provide narrative disclosure in those filings about the company’s share repurchase program, including its objectives and rationale, and referencing the particular repurchases that correspond to that narrative, (iii) indicate by a checkbox whether any executives or directors traded in the company’s equity securities within four business days before or after the public announcement of the repurchase plan or program or the announcement of an increase of an existing share repurchase plan or program, and (iv) provide quarterly disclosure regarding the company’s adoption or termination of any Rule 10b5-1 trading arrangements. The Repurchase Rule was scheduled to go into effect beginning with the Form 10‑K or Form 10-Q filed for the first full fiscal quarter beginning on or after October 1, 2023, meaning that for calendar year-end companies, these disclosure requirements would have applied to the 2023 Form 10-K. While the Repurchase Rule is stayed, the pre-existing share repurchase disclosure rules, requiring information on share repurchase programs and quarterly repurchase disclosures presented on an aggregated, monthly basis, remain in effect. In addition, as discussed in Section I.C below, companies must continue to satisfy the Rule 10b5-1 plan disclosure requirements for Section 16 officers and directors.

B. Cybersecurity Risk Management, Strategy, and Governance Disclosures

On July 26, 2023, the SEC adopted a suite of new cybersecurity disclosure requirements, which we discussed in our client alert available here.[4] In addition to the incident disclosure requirements on Form 8-K, the final rule includes a number of new disclosure items on Form 10-K regarding cybersecurity risk management, strategy, and governance under new Item 106 of Regulation S-K. Companies are required to comply with these disclosure requirements beginning with the Form 10-K for the first fiscal year ending on or after December 15, 2023, which for calendar year-end companies is the 2023 Form 10-K.

1. Risk Management and Strategy

Under new Item 106, companies are required to describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats in sufficient detail for a reasonable investor to understand those processes. The definitions of cybersecurity incident and cybersecurity threat extend to all information systems a company uses, not just those the company itself owns. In providing such disclosure, a company should address, as applicable, the following non-exclusive list of disclosure items:

Whether and how any such processes have been integrated into the company’s overall risk management system or processes;
Whether the company engages assessors, consultants, auditors, or other third parties in connection with any such processes; and
Whether the company has processes to oversee and identify such risks from cybersecurity threats associated with its use of any third-party service provider.

Companies must also describe whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the company, including its business strategy, results of operations, or financial condition and if so, how.

While discussing the board’s role in company-wide risk oversight is familiar for public companies, this new requirement goes further and requires that companies delve more deeply into the company’s efforts to assess, identify and manage this one particular area of risk. As such, compliance with the rules will require coordination with personnel responsible for day-to-day cybersecurity risk management.

2. Governance

Companies must describe the board of directors’ oversight of risks from cybersecurity threats. If applicable, companies must identify any board committee or subcommittee responsible for the oversight of risks from cybersecurity threats and describe the processes by which the board or such committee is informed about such risks. In addition, companies must describe management’s role in assessing and managing the company’s material risks from cybersecurity threats, with such disclosure addressing, as applicable, the following non-exclusive list of disclosure items:

Whether and which management positions or committees are responsible for assessing and managing such risks, and the relevant expertise of such persons or members in such detail as necessary to fully describe the nature of the expertise;
The processes by which such persons or committees are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents; and
Whether such persons or committees report information about such risks to the board of directors or a committee or subcommittee of the board of directors.

With respect to management’s expertise, the instructions to Item 106 provide that it may include “[p]rior work experience in cybersecurity; any relevant degrees or certifications; any knowledge, skills, or other background in cybersecurity.” Interestingly, with this requirement, the SEC is seeking a level of detail regarding cybersecurity executives’ backgrounds that is not even required for chief executive officers or chief financial officers. Companies will need to think through how much detail is “necessary to fully describe the nature of the expertise” of its chief information security officer or other cybersecurity personnel.

As noted by the SEC, many companies currently address cybersecurity risks and incidents in the risk factor sections of their filings, and risk oversight and governance are often addressed in companies’ proxy statements. However, the new rule requires disclosures to appear in a newly designated Item 1C in Part I of the Form 10-K and does not allow the disclosures to be incorporated from the proxy statement. Companies should review their risk factor and proxy statement disclosures when drafting the new discussions of cybersecurity risk management, strategy, and governance in order to maintain consistency with the company’s past public statements regarding its cybersecurity risks governance and processes and to assess how those disclosures may be conformed or enhanced going forward. We expect companies will continue to include disclosure of cybersecurity governance in their proxy statements, and therefore should confirm that they are using terminology consistently across the documents and should consider whether any details disclosed under the new requirements should be repeated in the proxy statement disclosure.

Companies should note that, beginning with the Form 10-K next year (2024 for calendar year-end companies), all of the new disclosure requirements will need to be tagged in iXBRL (block text tagging for narrative disclosures and detail tagging for quantitative amounts).

C. Rule 10b5-1 Plan Disclosures for Section 16 Officers and Directors

On December 14, 2022, the SEC adopted a final rule introducing disclosure requirements with respect to the adoption or termination of Rule 10b5-1 plans by Section 16 officers and directors, which we discussed in more detail in our client alert available here.[6] In Form 10-K and Form 10-Q, companies must disclose whether any Section 16 officer or director adopted or terminated a Rule 10b5-1 plan or a “non-Rule 10b5-1 trading arrangement” during the prior quarter. Amended Rule 10b5-1 now specifically states that any modification or amendment to an existing trading plan to change the amount, price, or timing of the purchase or sale of the securities underlying the plan would be deemed termination of a plan and entry into a new plan, and would therefore trigger disclosure in the Form 10-K or Form 10-Q covering the quarter in which the plan was modified or amended. For all companies but smaller reporting companies (“SRCs”), the requirement became effective with the filing covering the first full fiscal quarter that began on or after April 1, 2023. SRCs are required to comply with the requirement beginning with the filing covering the first full fiscal quarter beginning on or after October 1, 2023, which for calendar year-end SRCs is the 2023 Form 10‑K. As noted above, the Repurchase Rule would have required disclosure of the same type of information regarding companies’ adoption or termination of Rule 10b5-1 plans, but the requirement has not taken effect.

For each trading arrangement that is adopted or terminated, the disclosure must identify whether the trading arrangement is a Rule 10b5-1 plan or a non-Rule 10b5-1 trading arrangement, and provide a brief description of the material terms (other than price), including (i) the name and title of the director or officer; (ii) the date of adoption or termination of the trading arrangement; (iii) the duration of the trading arrangement; and (iv) the aggregate number of securities to be sold or purchased under the trading arrangement (including pursuant to the exercise of any options).

As discussed in our previous post, the form of this disclosure is not prescribed by the final rule.[7] While the vast majority of companies we surveyed have provided narrative disclosure in response to the requirement, a minority have provided tabular disclosure instead. For an example of this narrative disclosure, please see our prior post regarding the new insider trading rules.[8]

While companies have taken a varied approach to this disclosure when no Section 16 officers or directors have adopted or terminated Rule 10b5-1 plans during the quarter, we note that the majority of companies we surveyed have chosen to include narrative disclosure that states there have been no such adoptions or terminations (e.g., “During the quarter ended [date], no director or officer (as defined in Rule 16a-1(f) under the Exchange Act) of the Company adopted or terminated any Rule 10b5-1 trading arrangements or non-Rule 10b5-1 trading arrangements (in each case, as defined in Item 408(a) of Regulation S-K).”). Another approach some companies have taken is to simply state “None” under the applicable Item, and a small minority of the companies elected to make no disclosure and to omit the relevant Item from the periodic filing altogether (which is permissible under the instructions to Part II of Form 10-Q, but not permissible in the Form 10-K).

D. Compensation Clawback Disclosures

On October 26, 2022, the SEC adopted final rules that require listed companies to implement policies for recovery (i.e., “clawback”) of erroneously awarded incentive compensation.[9] In addition to disclosures related to the application of the clawback policies, which for most companies will be included in the proxy statement,[10] there are two disclosure components specific to the Form 10-K that companies must comply with beginning with any Form 10-K filed on or after December 1, 2023, the date by which companies must have adopted the clawback policies. The first component is the addition of two new checkboxes to the Form 10-K cover page, which requires companies to indicate whether (i) the financial statements included in the filing reflect the correction of an error to previously issued financial statements and (ii) any such corrections are restatements that required a recovery analysis pursuant to Rule 10D-1(b). We expect a number of interpretive questions to arise with respect to the applicability of the checkboxes in various contexts. For example, the Staff has informally confirmed that the first checkbox would not need to be checked if the annual financial statements included in the Form 10-K reflect the correction of a material error to interim financial statements and where that error only affected the interim periods (but not any annual periods).[11]However, the first box may need to be checked if the 10-K reflects even an immaterial correction to previously issued annual financial statements. The second checkbox only needs to be checked for material error corrections (i.e., a “little r” restatement or “Big R” restatement) that triggered a clawback recovery analysis. The second component is the requirement for companies to file their clawback policy as Exhibit 97 to the Form 10-K.

II. Disclosure Trends and Considerations

A. Climate Change

The landscape of climate change disclosure requirements continues to evolve with the adoption of the Corporate Sustainability Reporting Directive (“CSRD”) by the European Council in November 2022, which impacts both EU and U.S. companies, and three new laws in California, which impact both public and private companies doing business or operating in California.[12] Final SEC rules on climate-related disclosure are still pending,[13] but the SEC has continued to issue Form 10-K comment letters regarding companies’ climate-related disclosures under existing requirements.

For companies reviewing their existing climate-related disclosures in their Form 10-K, a few items to consider in light of Staff comments made since the issuance of the SEC’s sample comment letter related to climate change disclosure that it issued in 2021[14] include:

Tailor climate-related disclosures to the company’s business and financial condition, rather than generic discussions on climate change. For example, the Staff may ask a company to provide specific disclosure, if material, as to the impact on the company’s business of climate change risks disclosed in the risk factor section. Overly broad statements may also inadvertently create future reporting obligations as legislation, such as California’s Assembly Bill No. 1305, begins to tie disclosure requirements to the making of certain sustainability-related claims.
Consider whether certain climate-related matters should be disclosed not only qualitatively, but also quantitatively. For example, if climate-related capital projects have become a significant portion of overall capital expenditures spending, the comment letters indicate that quantitative disclosure may be warranted.
For any climate-related disclosure included in the Form 10-K, take steps to adequately substantiate those disclosures. This involves, among other things, assessing the methodology and assumptions underlying climate-related disclosures. Companies should be mindful that disclosures made today can carry liability for years to come and give sufficient attention to these disclosures now to avoid liability down the road. Frameworks such as COSO’s “Achieving Effective Internal Control Over Sustainability Reporting” and related guidance can be helpful when building or expanding ESG-related internal controls.
As part of the disclosure controls and procedures for the 2023 Form 10-K filing, review the company’s publicly disclosed ESG materials, such as the company’s sustainability report, to determine whether any of the information is or may become material under federal securities laws. Based on Staff comments, the Staff has gone outside a company’s SEC filings to review ESG-related statements made elsewhere and ask what consideration was given to including such disclosures in the Form 10-K. To the extent information disclosed in sustainability reports is not material for purposes of SEC rules (often, it is not), appropriate disclaimers to that effect should be provided as we previously advised in our prior client alert, “Considerations for Climate Change Disclosures in SEC Reports.”[15]

B. Human Capital

Since 2021, companies have been required to include in their Form 10-K[16] a description of the company’s human capital resources, to the extent material to an understanding of the business taken as a whole, including the number of persons employed by the company and any human capital measures or objectives that the company focuses on in managing the business (such as, depending on the nature of the company’s business and workforce, measures or objectives that address the development, attraction and retention of personnel).

The rule adopted by the SEC did not define “human capital” or elaborate on the expected content of the disclosures beyond the few examples provided in the rule text. This principles-based approach has resulted in significant variation among companies’ disclosures. With three years of human capital disclosure now available, we recently conducted a survey of the substance and form of human capital disclosures made by the S&P 100 in their Forms 10-K for their three most recently completed fiscal years. While company disclosures continued to vary widely, we saw companies continuing to tailor the length of their disclosure and the range of topics covered and also noted a slight increase in the amount of quantitative information provided in some areas. For a more detailed summary of our findings from this survey, which looked at eight primary categories of human capital disclosure, please see our prior client alert, “Form 10-K Human Capital Disclosures Continue to Evolve.”[17]

While we anticipate that human capital disclosure will continue to evolve under the existing principles-based requirements, the SEC is expected to propose more prescriptive rules that could significantly change the landscape. At its meeting on September 21, 2023, the SEC’s Investor Advisory Committee approved subcommittee recommendations to expand required human capital management disclosures, which include prescriptive disclosure requirements (such as headcount of full-time versus part-time and contingent workers, turnover metrics, the total cost of the issuer’s workforce broken down into components of compensation, and demographic data of diversity across gender, race/ethnicity, age, disability, and/or other categories) as well as narrative disclosure in management’s discussion and analysis of how the company’s “labor practices, compensation incentives, and staffing fit within the broader firm strategy.”[18]

C. Generative Artificial Intelligence

Recent developments in artificial intelligence (“AI”), including generative AI, may accelerate or exacerbate potential risks related to technological developments. Companies should consider ways in which the company’s strategy, productivity, market competition and demand for the company’s products, investments and the company’s reputation, as well as legal and regulatory risks could be affected by AI. Companies should also consider any impacts related to cybersecurity and social or ethical challenges. These updates may affect existing risk factors or merit a new standalone risk factor or mention in the forward-looking statement disclaimer, depending on the importance of AI to the company’s business. Further consideration should be given to discussing AI in the business section and trends section of the MD&A, as applicable.

D. Geopolitical Conflict

Public companies need to consider the recent and evolving developments in the Middle East in their Form 10-K, including as to whether risks associated with these developments are adequately discussed in the risk factors, as well as their direct and indirect impacts on their operations and financial condition. While the SEC has not published specific disclosure guidance related to the Middle East, the Staff’s “Sample Comment Letter Regarding Disclosures Pertaining to Russia’s Invasion of Ukraine and Related Supply Chain Issues”[19] may provide guidance as to the types of disclosure that may be necessary. Companies should consider whether disclosure should be provided, to the extent material, regarding any material impacts or risks related to (i) direct or indirect exposure due to operations or investments in affected countries, securities trading in affected countries, sanctions imposed or legal or regulatory uncertainty associated with operating in or existing in the Middle East, (ii) direct or indirect reliance on goods or services sourced in the Middle East, (iii) actual or potential disruptions in the company’s supply chain, or (iv) business relationships, connections to, or assets in the Middle East.

Companies should undertake similar disclosure analyses to determine whether direct or indirect impacts of or material risks from the continued conflict between Russia and Ukraine or emerging geopolitical conflicts, such as rising tensions between China and Taiwan and China and the United States, should be discussed in any sections of the upcoming Form 10-K. Companies with operations in the People’s Republic of China should review the Division of Corporation Finance’s recent sample comment letter[20] highlighting three focus areas for periodic disclosures related to China-specific matters, including those arising from the Holding Foreign Companies Accountable Act (the “HFCAA”), the Uyghur Forced Labor Prevention Act, and specific government-related operational risks. In addition to posing questions regarding HFCAA disclosures, the sample letter includes comments directed at risk factors and MD&A disclosure.

E. Potential Government Shutdown

Companies should continue to monitor the potential for a shutdown of the U.S. federal government and consider whether any looming prospect of a shutdown poses new risks for the business. In particular, companies trading in U.S. government securities or other securities with values derived from U.S. government securities should revisit any risk factors or other disclosures related to potential default by the federal government, including discussing any material losses in MD&A or elsewhere. As noted in the SEC Division of Corporation Finance’s announcement in September regarding the anticipated impacts of a potential government shutdown, EDGAR will continue to accept filings during a shutdown, so filing Forms 10-K should not be affected.[21]

F. Inflation and Interest Rate Concerns

With the rise of inflation and relatively high interest rates, companies should consider whether their disclosures regarding inflation impacts and risks as well as recent rate increases and uncertainty regarding future rate changes are adequately discussed. Depending on the effect on a company’s operations and financial condition, additional disclosure of risk factors, MD&A, or the financial statements may be necessary.

In recent comment letters relating to inflation, the Staff has focused on how current inflationary pressures have materially impacted a company’s operations, including by pointing to statements regarding inflation made in a company’s earnings materials, and sought disclosure on any mitigation efforts implemented with respect to inflation. If inflation is identified as a significant risk, the Staff asked companies to quantify, where possible, the principal factors contributing to inflationary pressures and the extent to which revenues, expenses, profits, and capital resources were impacted by inflation.

In recent comment letters relating to interest rates, the Staff has asked companies to expand their discussion of rising interest rates in the Risk Factors and MD&A sections to specifically identify the actual impact of recent rate increases on the business’s operations and how the business has been affected.

It is also critical that companies confirm that their disclosures in “Item 7A. Quantitative and Qualitative Disclosures About Market Risk” are up-to-date and responsive to the requirements of Item 305 of Regulation S-K.

III. SEC Comment Letter Trends

In 2023, comment letters from the SEC Staff continued an emphasis on addressing disclosures in management’s discussion and analysis (“MD&A”) as well as the use of non-GAAP measures. In addition, although the SEC’s proposed climate change rules are still in flux, in 2023, the Staff continued to issue comment letters regarding companies’ climate-related disclosures under the current disclosure regime, continuing the trend that started in the fall of 2021.

A. Management’s Discussion and Analysis

Many of the comment letters addressing MD&A focused on disclosures relating to results of operations, with the Staff often requesting that registrants explain related disclosures with more specificity. The Staff has focused on disclosures regarding material period-to-period changes in quantitative and qualitative terms as prescribed by Item 303(b) of Regulation S-K. For example, the Staff has commented on disclosures about factors contributing to gross profit and revenue, to request that registrants provide both quantitative detail regarding the extent to which certain factors have impacted gross profit, as well as qualitative factors like which factors contribute to certain business sectors having a greater effect on gross product. The Staff has also requested that registrants make disclosures about known trends and uncertainties affecting their results of operations. Another area that the Staff has focused on is ensuring that key performance indicators (“KPIs”) are properly contextualized so that they are not misleading. The Staff has, in certain circumstances, requested that registrants provide additional disclosures about why KPIs are useful to investors, how they are used by management, and if there are any estimates or assumptions being used to calculate the various metrics. The Staff has also often asked registrants to quantify and provide additional disclosure regarding significant components of financial condition and results of operations that have affected segment results. Two other key areas of MD&A that the Staff focused on were critical accounting estimates and liquidity and capital resources. The Staff frequently noted that registrants’ disclosures regarding critical accounting estimates were too general, and requested that registrants provide a more robust analysis, consistent with the requirement now set forth in Item 303(b)(3) of Reg S-K. The Staff indicated that these disclosures should supplement, not duplicate, the disclosures in footnotes to financial statements.

B. Non-GAAP Financial Measures

The Staff expressed concerns regarding the improper use of non-GAAP measures in filings and issued several comments aligned with the Compliance and Disclosure Interpretations (“C&DIs”) released last December. Comments related to the latest C&DIs included a focus on whether operating expenses are “normal” or “recurring” (and therefore, whether exclusion from non-GAAP financial measures might be misleading). The Staff has also asked registrants about whether certain non-GAAP adjustments to revenue or expenses have made the adjustments “individually tailored.” In addition to a focus on the topics covered under the C&DIs, the Staff focused on a number of other matters relating to compliance with Item 10(e) of Regulation S-K, including prominence of non-GAAP measures, reconciliations, usefulness and purpose of particular measures, the exclusion of normal, recurring cash operating expenses (Non-GAAP C&DI 100.01), and the use of individually tailored accounting principles (Non-GAAP C&DI 100.04).

C. Segment Reporting

The Staff has also commented on a number of segment reporting disclosures. Examples of common comments include whether a registrant’s operating segments are properly categorized and the reasoning behind the aggregation of similar segments (and the factors used to identify different segments). Of particular note, the SEC has taken issue with registrations disclosing multiple measures of segment profit or loss in the notes to the financial statements and has indicated that registrants should not attempt to circumvent non-GAAP requirements when taking this approach.

D. Climate-Related Disclosures

As discussed in Part II.A above, climate-related disclosures continue to be a focus of the Staff. The Staff has often issued multiple rounds of letters on these types of disclosures, particularly when the initial response asserts that a category of climate-related disclosures is not material to its business (with the Staff frequently requesting the registrant to quantify the effects or costs or provide a materiality analysis).

IV. Other Reminders and Considerations

A. Disclosure Controls and Procedures

In light of the new cybersecurity disclosure rules and the end of the year for calendar companies, now is a good time for companies to take an opportunity to review their disclosure controls and procedures, which are intended to help companies collect pertinent information for review for purposes of their public disclosure obligations. The SEC has demonstrated a willingness to bring enforcement action on disclosure controls as they relate to issues it sees as priorities, including recent hot-button topics such as cybersecurity and workplace misconduct.

SolarWinds (Cybersecurity)

In October 2023, the SEC brought charges against SolarWinds Corporation, a software company, and its Chief Information Security Officer (the “CISO”) in connection with the cyberattack more commonly known as “SUNBURST,” which occurred in December 2020. Notably, this is the first time the SEC has brought a cybersecurity enforcement action against an individual. The SEC alleged that SolarWinds and the CISO made materially misleading statements and omissions about the company’s cybersecurity practices and risks in disclosures made on the company’s website and in public filings, which the SEC claims ultimately led to a drop in the company’s stock price following the subsequent disclosure of the SUNBURST cyberattack. Specifically, the complaint alleges that SolarWinds made a number of false statements relating to: (1) compliance with the National Institute of Standards and Technology (NIST) Cybersecurity Framework; (2) using a secure development lifecycle when creating software for customers; (3) having strong password protection; and (4) maintaining good access controls.

The SEC’s complaint also states that SolarWinds had deficient disclosure controls, alleging that at the time the company was touting its cybersecurity practices in its public disclosures, the CISO and other employees knew that the company had serious cybersecurity deficiencies, with internal documents “describ[ing] numerous known material cybersecurity risks, control issues, and vulnerabilities.” In doing so, the company was concealing from the public known poor cybersecurity practices that were ultimately exploited during the SUNBURST cyberattack. The complaint seeks permanent injunctive relief, disgorgement of profits, civil penalties, and an officer and director bar against the CISO.

The SEC’s actions in SolarWinds should be viewed in light of the new incident disclosure requirements on Form 8-K and recent prior enforcement cases (Pearson PLC 2021 and First American Financial Corporation in 2019). In these recent enforcement cases, the SEC focused on the importance of carefully assessing the materiality of a cyber incident and found incidents to be material even when there was not an adverse impact on the companies’ businesses.

Activision Blizzard (Workplace Misconduct)

Early in 2023, the SEC charged Activision Blizzard Inc., a video game development and publishing company (recently acquired by Microsoft Corporation) (“Activision Blizzard”), with a failure to maintain disclosure controls. Specifically, the SEC alleged that Activision Blizzard “lacked controls and procedures designed to ensure that information related to employee complaints of workplace misconduct would be communicated to [company] disclosure personnel to allow for timely assessment on its disclosures.” The SEC’s order stated that management “lack[ed] sufficient information to understand the volume and substance of employee complaints of workplace misconduct,” and therefore “management was unable to assess related risks to the company’s business, whether material issues existed that warranted disclosure to investors, or whether the disclosures it made to investors in connection with these risks were fulsome and accurate.” Activision Blizzard agreed to a cease-and-desist order and to pay a $35 million penalty to settle the charges.

DXC Technology (Non-GAAP Financial Measures)

In March 2023, the SEC settled charges against DXC Technology Company, an IT services company, for making misleading disclosures about its non-GAAP financial performance in multiple reporting periods from 2018 until 2020. Specifically, the SEC alleged that the company materially increased its non-GAAP earnings by negligently misclassifying tens of millions of dollars of expenses as transaction, separation and integration-related (“TSI”) costs and improperly excluding these expenses as non-GAAP adjustments. The SEC noted that “[t]he absence of a non-GAAP policy and specific disclosure controls and procedures caused employees within the [company] to make subjective determinations about whether expenses were related to an actual or contemplated transaction, regardless of whether the costs were actually consistent with the description of the adjustment included in the company’s public disclosures.” The order went on to explain that the company’s controller group and disclosure committee “negligently failed to evaluate the company’s non-GAAP disclosures adequately” and even failed to recognize that for years the company did not have a non-GAAP policy and adequate disclosure controls and procedures in place. Ultimately, the company’s negligence led to misstating the nature and scope of its TSI costs resulting in materially misleading statements. The company agreed to pay an $8 million penalty and to undertake to develop and implement appropriate non-GAAP policies and disclosure controls and procedures.

Charter Communications Inc. (Internal Accounting Controls)

In November 2023, the SEC charged Charter Communications Inc., a telecommunications company, for failure to establish internal accounting controls to provide reasonable assurances that its trading plans were conducted in accordance with the board of directors’ authorization, which required the use of trading plans in conformity with Rule 10b5-1. Under Rule 10b5-1, a trading plan intended to satisfy the rule may not permit the person who entered into the plan to exercise any subsequent influence over how, when, or whether to effect transactions under the plan. According to the SEC order in Charter Communications, many of the company’s trading plans contained “accordion” provisions allowing for increases to the amount of share repurchases if the company opted to conduct certain debt offerings. The SEC asserted that, since these debt offerings were available at the company’s discretion, this feature effectively gave the company the ability to increase trading activity after adoption of its trading plans—in violation of Rule 10b5-1 and, as a result, inconsistent with the board’s authorization. The SEC order explained that “the company did not have reasonably designed controls to analyze whether the discretionary element of the accordion provisions was consistent with the [b]oard’s authorizations” and Charter ultimately paid $25 million to settle the claims.[22]

In light of these recent enforcement actions, it is important for companies to regularly review their disclosure controls and procedures to identify and stay apprised of key risks that are relevant to the company.

B. Characterization of Legal Proceedings

Public companies often characterize legal proceedings in their securities filings as “without merit.” However, companies may want to reconsider relying on this boilerplate phrase in their legal proceedings disclosures following a decision in the fall of 2023 from the United States District Court for the District of Massachusetts.

In City of Fort Lauderdale Police and Firefighters’ Retirement System v. Pegasystems Inc.,[23] plaintiff shareholders initiated a class action against Pegasystems Inc. (“Pegasystems”) after it was ordered to pay over $2 billion in damages in a prior lawsuit regarding trade secret misappropriation. Although it did not initially disclose the trade secret matter in its securities filings when the lawsuit was first initiated in May 2020, Pegasystems eventually disclosed the matter in its Form 10-K in February 2022 stating its belief that “the claims brought against the defendants are without merit,” it had “strong defenses to these claims,” and “any alleged damages claimed by Appian are not supported by the necessary legal standard.” Pegasystems’ stock price dropped by about 16% the following day and, in May 2022, the jury returned a unanimous verdict in favor of the plaintiff in the trade secret matter.

In the subsequent class action, plaintiff shareholders alleged that Pegasystems made a number of false statements and falsely reassured investors that the claims in the trade secret matter were “without merit,” in light of the fact that its CEO was allegedly aware of the corporate espionage campaign. The court found that this was an actionable opinion statement explaining that “a reasonable investor could justifiably have understood [the CEO]’s message that [the trade secret] claims were ‘without merit’ as a denial of the facts underlying [the] claims—as opposed to a mere statement that Pega[systems] had legal defenses against those claims.” The court went on to say that Pegasystems was not required to admit any wrongdoing in its disclosure and that “[a]n issuer may legitimately oppose a claim against it, even when it possesses subjective knowledge that the facts underlying the claims against it are true. When it decides to do so, however, it must do so with exceptional care, so as not to mislead investors. For example, an issuer may validly assert its intention to oppose the lawsuit. . . . It also may state that it has ‘substantial defenses’ against it, if it reasonably believes that to be true. . . . An issuer may not, however, ‘make misleading substantive declarations regarding its beliefs about the merits of the litigation.’”

The court’s decision provides a cautionary tale against using boilerplate disclosure language when describing a company’s litigation matters, particularly where those disclosures are contradictory to the actual prospect of an adverse result. Going forward, companies should avoid relying on boilerplate language such as “without merit” to describe claims in a lawsuit; often times, there is at least some merit to litigation even if a defendant has a strong legal defense. Instead, statements like “we intend to contest this matter vigorously” or “we have substantial defenses” (if supportable) might be appropriate alternatives. Counsel for companies should carefully evaluate their legal proceedings disclosures—even for those matters that have previously been disclosed—and consider seeking input from management in assessing any allegations asserted against the company.

C. EDGAR Next

On September 13, 2023, the SEC proposed amendments to Rules 10 and 11 of Regulation S-T and Form ID regarding potential technical changes to EDGAR filer access and account management (referred to by the SEC as “EDGAR Next”). EDGAR Next would require filers to authorize designated account administrators to manage the filers’ accounts and make filings on the filers’ behalf and would require these account administrators and any other authorized users to have their own individual account credentials to access EDGAR Next. For details on the proposed amendments, see our prior post on this topic.[24]

In connection with the proposed amendments, the SEC opened a public beta environment that is available until March 15, 2024 for filers to test and provide feedback on the technical functionality of the changes contemplated by EDGAR Next. Details regarding how to access the EDGAR Next beta environment and related resources are available at the SEC’s dedicated EDGAR Next website.[25]

D. Filing Requirement for “Glossy” Annual Report

As discussed in last year’s alert, in June 2022 the SEC adopted amendments requiring that annual reports sent to shareholders pursuant to Exchange Act Rule 14a-3(c), otherwise known as “glossy” annual reports, must also be submitted to the SEC in the electronic format in accordance with the EDGAR Filer Manual. These annual reports will be in PDF format, and filed using EDGAR Form Type ARS. In its final rule, the SEC noted that electronic submissions in PDF format of the glossy annual report should capture the graphics, styles of presentation, and prominence of disclosures (including text size, placement, color, and offset, as applicable) contained in the reports. As noted in our report last year, this may cause technical concerns with file sizes when filing through EDGAR, and companies should be mindful of the file size of their glossy annual report and conduct test runs in advance of filing.

E. Cover Page XBRL Disclosures

On September 7, 2023, the SEC published a sample comment letter regarding XBRL disclosures.[26] Contained in this sample comment letter was a comment regarding how common shares outstanding are reported on the cover page as compared to on the company’s balance sheet. The sample comment addresses instances in which companies “present the same data using different scales (presenting the whole amount in one instance and the same amount in thousands in the second).” Companies thus should consider presenting their outstanding share data consistently throughout their Form 10-K.

* * * * *

The 2023 Form 10-K will require a number of new disclosures for the first time. Companies should start drafting their disclosures earlier rather than later, particularly where disclosures will require coordination with a number of teams, such as with the new cybersecurity disclosure requirements.

Looking ahead, there are several rules the SEC is expected to enact that have the potential to significantly impact future filings, including the highly anticipated climate disclosure rules, which have been pending since March 2022 and may require public companies to disclose their greenhouse gas emissions, those of their suppliers, and their downstream emissions. The latest Reg Flex agenda suggested that these rules would be finalized in October 2023, though this target has moved several times.

Additionally, the Financial Accounting Standards Board (FASB) has finalized rules related to enhanced tax disclosures and segment reporting that apply starting with the 2024 10-K[27],[28] and is considering rules regarding the disaggregation of expenses[29], each of which may require a significant amount of preparation.

__________

[1] See “Announcement Regarding Share Repurchase Disclosure Modernization Rule” (Nov. 22, 2023), available at https://www.sec.gov/corpfin/announcement/announcement-repurchase-disclosure-modernization-112223

[2] Gibson Dunn’s Securities Regulation Monitor is a blog site that provides frequent updates on securities law and corporate governance developments and is available at https://securitiesregulationmonitor.com/default.aspx

[3] For a further discussion on the share repurchase requirements, please see our prior client alert “SEC Adopts Amendments to Enhance Company Stock Repurchase Disclosure Requirements” (May 5, 2023), available at https://www.gibsondunn.com/sec-adopts-amendments-to-enhance-company-stock-repurchase-disclosure-requirements/.

[4] See “SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies” (July 26, 2023), available at https://www.sec.gov/news/press-release/2023-139.

[6] See “SEC Adopts Amendments to Modernize Rule 10b5-1 Insider Trading Plans and Related Disclosures” (Dec. 14, 2023), available at https://www.sec.gov/news/press-release/2022-222.

[7] Available at https://www.securitiesregulationmonitor.com/Lists/Posts/Post.aspx?ID=480.

[8] Available at https://www.securitiesregulationmonitor.com/Lists/Posts/Post.aspx?ID=480.

[9] See “SEC Adopts Compensation Recovery Listing Standards and Disclosure Rules” (Oct. 26, 2022), available at https://www.sec.gov/news/press-release/2022-192.

[10] Item 402 of Regulation S-K now requires companies to disclose how they have applied their recovery policies. If, during its last completed fiscal year, the company either completed a restatement that required recovery or there was an outstanding balance of excess incentive-based compensation relating to a prior restatement, the company must disclose (i) the date which the company was required to prepare each accounting restatement, the aggregate dollar amount of excess, and an analysis of how it was calculated; (ii) if the compensation is related to a stock price or TSR metric, the estimates used to determine the amount of erroneously awarded compensation; (iii) the aggregate dollar amount of excess incentive-based compensation that remained outstanding at the end of the company’s last completed fiscal year; (iv) the amount of recovery foregone under any impracticability exception used; and (v) for each current and former named executive officer, the amounts of incentive-based compensation that are subject to a clawback but remain outstanding for more than 180 days since the date the company determined the amount owed.

[11] Center for Audit Quality SEC Regulations Committee Highlights, Joint Meeting with SEC Staff (June 15, 2023), available at https://www.thecaq.org/wp-content/uploads/2023/09/June-15-2023-Joint-Meeting-HLs-FINAL-for-Posting-9-5-23.pdf (Section III.D.).

[12] For background on the CSRD, see “European Union’s Corporate Sustainability Reporting Directive—What Non-EU Companies with Operations in the EU Need to Know,” Gibson Dunn (Nov. 2022), available at https://www.gibsondunn.com/european-union-corporate-sustainability-reporting-directive-what-non-eu-companies-with-operations-in-the-eu-need-to-know/, and “European Corporate Sustainability Reporting Directive (CSRD): Key Takeaways from Adoption of the European Sustainability Reporting Standards,” Gibson Dunn (Aug. 2023), available at https://www.gibsondunn.com/european-corporate-sustainability-reporting-directive-key-takeaways-from-adoption-of-european-sustainability-reporting-standards/.

For background on California’s recently enacted climate disclosure laws, see “California Passes Climate Disclosure Legislation,” Gibson Dunn (Sept. 2023), available at https://www.gibsondunn.com/california-passes-climate-disclosure-legislation/, and “UPDATE: California Governor Signs Climate Legislation Into Law, Bug Signals Changes to Come,” Gibson Dunn (Oct. 2023), available at https://www.securitiesregulationmonitor.com/Lists/Posts/Post.aspx?ID=487.

[13] For more information on the SEC’s proposed rules on climate-related disclosure, see “The Enhancement and Standardization of Climate-Related Disclosures for Investors,” SEC (Apr. 2022), available at https://www.sec.gov/files/rules/proposed/2022/33-11042.pdf, and “Summary of and Considerations Regarding the SEC’s Proposed Rules on Climate Change Disclosure,” Gibson Dunn (Apr. 2022), available at https://www.gibsondunn.com/summary-of-and-considerations-regarding-the-sec-proposed-rules-on-climate-change-disclosure/.

[14] For a discussion of the 2021 and 2022 comment letters, see “SEC Staff Scrutiny of Climate Change Disclosures Has Arrived: What to Expect And How to Respond,” Gibson Dunn (Sept. 2021), available at https://www.securitiesregulationmonitor.com/Lists/Posts/Post.aspx?ID=446 and “Considerations for Preparing Your 2022 Form 10-K,” Gibson Dunn (Jan. 2023), available at https://www.gibsondunn.com/wp-content/uploads/2023/01/considerations-for-preparing-your-2022-form-10-k.pdf.

[15] Available at https://www.gibsondunn.com/considerations-for-climate-change-disclosures-in-sec-reports/.

[16] See “Modernization of Regulation S-K Items 101, 103, and 105, Release No. 33-10825” (Aug. 26, 2020), available at https://www.sec.gov/rules/final/2020/33-10825.pdf.

[17] Available at https://www.gibsondunn.com/form-10-k-human-capital-disclosures-continue-to-evolve/.

[18] Available at https://www.sec.gov/files/spotlight/iac/20230921-recommendation-regarding-hcm.pdf.

[19] See “Sample Letter to Companies Regarding Disclosures Pertaining to Russia’s Invasion of Ukraine and Related Supply Chain Issues” (May 3, 2021), available at https://www.sec.gov/corpfin/sample-letter-companies-pertaining-to-ukraine.

[20] Available at https://www.sec.gov/corpfin/sample-letter-companies-regarding-china-specific-disclosures.

[21] Available at https://www.sec.gov/corpfin/announcement/announcement-cf-pre-shutdown-communication-092723.

[22] SEC Commissioners Hester Peirce and Mark Uyeda dissented from this decision. Commissioners Peirce and Uyeda argued that this application of the rule went too far by using Section 13(b)(2)(B)(i)’s requirement that companies “devise and maintain a system of internal accounting tools” to require that Charter Communications had sufficient systems in place to answer the legal question of whether its trading plans were in compliance with Rule 10b5-1.

[23] No. CV 22-11220-WGY, 2023 WL 4706741 (D. Mass. July 24, 2023).

[24] Available at https://securitiesregulationmonitor.com/Lists/Posts/Post.aspx?ID=483.

[25] Available at https://www.sec.gov/edgar/filer-information/edgar-next.

[26] Available at https://www.sec.gov/corpfin/sample-letter-companies-regarding-their-xbrl-disclosures.

[27] Available at https://www.fasb.org/Page/ProjectPage?metadata=fasb-Targeted%20Improvements%20to%20Income%20Tax%20Disclosures

[28] Available at https://www.fasb.org/page/getarticle?uid=fasb_Media_Advisory_11-27-23.

[29] Available at https://www.fasb.org/Page/ShowPdf?path=Proposed+ASU%E2%80%94Income+Statement%E2%80%94Reporting+Comprehensive+Income%E2%80%94Expense+Disaggregation+Disclosures+%28Subtopic+220-40%29%E2%80%94Disaggregation+of+Income+Statement+Expenses.pdf&title=Proposed+Accounting+Standards+Update%E2%80%94Income+Statement%E2%80%94Reporting+Comprehensive+Income%E2%80%94Expense+Disaggregation+Disclosures+%28Subtopic+220-40%29%E2%80%94Disaggregation+of+Income+Statement+Expenses&acceptedDisclaimer=true&IsIOS=false&Submit.

The following Gibson Dunn attorneys assisted in preparing this update: Ron Mueller, Elizabeth Ising, Mike Scanlon, Mike Titera, Julia Lapitskaya, Matthew Dolloff, David Korvin, Meghan Sherley, Victor Twu, Maggie Valachovic, and Nathan Marak.

Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Securities Regulation and Corporate Governance or Capital Markets practice groups, or any of the following practice leaders and members:

Securities Regulation and Corporate Governance:
Elizabeth Ising – Co-Chair, Washington, D.C. (+1 202.955.8287, [email protected])
James J. Moloney – Co-Chair, Orange County (+1 949.451.4343, [email protected])
Lori Zyskowski – Co-Chair, New York (+1 212.351.2309, [email protected])
Brian J. Lane – Washington, D.C. (+1 202.887.3646, [email protected])
Ronald O. Mueller – Washington, D.C. (+1 202.955.8671, [email protected])
Thomas J. Kim – Washington, D.C. (+1 202.887.3550, [email protected])
Michael A. Titera – Orange County (+1 949.451.4365, [email protected])
Aaron Briggs – San Francisco (+1 415.393.8297, [email protected])
Julia Lapitskaya – New York (+1 212.351.2354, [email protected])

Capital Markets:
Andrew L. Fabens – New York, NY (+1 212.351.4034, [email protected])
Hillary H. Holmes – Houston, TX (+1 346.718.6602, [email protected])
Stewart L. McDowell – San Francisco, CA (+1 415.393.8322, [email protected])
Peter W. Wardle – Los Angeles, CA (+1 213.229.7242, [email protected])

Key Developments:

In California, new challenges have emerged to DEI-related programs in the state’s community college system. In April 2023, the California Community College system adopted new regulations, requiring faculty to “employ teaching, learning, and professional practices that incorporate DEIA . . . principles” and directing community colleges to “consider[] an employee’s demonstrated, or progress toward, proficiency in diversity, equity, inclusion, and accessibility [ ] competencies” in employee evaluations. Cal. Code Regs. tit. 5, §§ 53602, 53605. Two groups of professors, represented by the nonprofit organization Foundation for Individual Rights and Expression (FIRE), sued the California Community College system in June and August 2023 in the Eastern District of California. Both suits seek to enjoin the application of the new evaluation standards. The professors argue that the system’s new regulations compel speech in violation of the First and Fourteenth Amendments by requiring faculty to either parrot the state’s stance on DEI or be punished. On November 14, 2023, a magistrate judge in the June lawsuit (Johnson v. Watkin) recommended granting an injunction, writing that “California’s goal of promoting diversity, equity, inclusion, and accessibility in public universities does not give it the authority to invalidate protected expressions of speech.” The district court has not yet ruled on this recommendation. More details on these cases can be found in the case updates section below.

On November 21, 2023, America First Legal Foundation (“AFL”) sent a letter to the EEOC, calling for the Commission to initiate an investigation into Macy’s, Inc.’s DEI initiatives. The letter to the Commission, as well as a letter AFL sent to Macy’s Board of Directors, alleges violations of Title VII and Section 1981 based on the company’s 2022 Diversity & Inclusion Annual Report. The stated goals of the Report include achieving ethnic and gender diversity of 50% for the company’s models, 30% for its senior-level management, and 5% for its supplier relationships.

On November 8, 2023, United States Senator Eric Schmitt (R – Missouri) introduced Senate Bill 3252, proposing to terminate the authorities of certain DEI offices and officers of the Federal Government. The Bill, short-titled the “Abolish Government DEI Act,” lists a total of 40 executive offices and officer positions that would be terminated on the date of the Bill’s enactment. The Bill targets the DEI and Civil Rights offices of numerous executive departments and agencies, including—among others—the Department of State, the Department of the Interior, the Department of the Treasury, the Department of Energy, the Department of Health and Human Services, and the Equal Employment Opportunity Commission. The Bill, if enacted, would abolish a number of DEI officer positions in these agencies and would prohibit the head of a covered agency from carrying out “any plan relating to diversity, equity, and inclusion.” The Administrator of the United States Agency for International Development would also lose the ability to implement the agency’s Diversity, Equity, Inclusion, and Accessibility strategy. The Bill has been read twice and referred to the Committee on Homeland Security and Governmental Affairs.

Media Coverage and Commentary:

Below is a selection of recent media coverage and commentary on these issues:

New York Law Journal, “‘Affirmative Recruiting’ Under Title VII” (November 15): New York University School of Law Professor Samuel Estreicher and employment attorneys Erin Connell and Alexandria Elliott explore courts’ historical treatment of race- and diversity-conscious recruiting under Title VII. The authors survey EEOC guidance and decisions from federal courts of appeals and find that, although Title VII does not explicitly prohibit consideration of race or other protected characteristics in recruiting, diversity-focused recruiting violates Title VII when it results in a disparate impact in hiring. Estreicher, Connell, and Elliott advise that employers should focus on diversifying talent pools while maintaining merits-focused hiring practices to mitigate risk in the current landscape.
Law360, “10th Cir. Keeps Cards Close To Vest In DEI Bias Suit” (November 17): Law 360’s Grace Elleston reports on the recent oral argument heard by a three-judge panel of the Tenth Circuit in Young v. Colorado Department of Corrections. Joshua Young, a white ex-corrections officer, is appealing the dismissal of his Title VII suit that claims a Colorado Department of Corrections DEI training session created a hostile work environment by implying that white people are inherently racist. Elleston notes that Judge Timothy M. Tymkovich seemed skeptical that a single training session could meet the severe and pervasive standard necessary to create a hostile work environment for white employees, and queried whether a training session perceived by the plaintiff to cause offense based on his race could alter the conditions of his employment. Elleston concludes that the panel’s questioning shed little light on how it will rule.
Inc., “How Firms Are Winning Anti-DEI Lawsuits” (November 22): According to Brit Morse, Associate Editor at Inc., the recent wave of litigation challenging law firm diversity programs has only strengthened those firms’ commitment to promoting diversity in the legal profession. Those firms’ strategy of adjusting diversity program criteria seems to be working, writes Morse, and may also work for companies in other industries seeking to mitigate risk while maintaining a strong commitment to diversity. But Morse emphasizes that those hardest hit by recent litigation may be nonprofits and minority business owners reliant on diversity-focused funding, which is increasingly becoming the target of advocacy groups challenging diversity initiatives in court.
Paradigm, “New Data: 2023 DEI Trends & 2024 Opportunities” (November 19): Paradigm Co-Founder and CEO (and former civil rights attorney) Joelle Emerson highlights Paradigm’s new report on corporate DEI trends. The report aggregates data from 148 companies using Paradigm’s strategy and analytics platform. Emerson identifies four areas of opportunity for DEI in 2024, recommending that companies increase reliance on data to identify areas for improvement and to track progress, use DEI training to “reset the narrative” about diversity goals, focus on increasing (and measuring) inclusion, and assess hiring plans to ensure access to a wider pool of diverse candidates.
Bloomberg News, “Corporate America Is Rethinking Diversity Hiring” (November 22): Bloomberg’s Jeff Green and Kelsey Butler report on the corporate response to the recent wave of lawsuits targeting diversity programs. Interviews with employment lawyers, consultants, and diversity executives suggest that “[t]he biggest companies that were already committed to diversity initiatives prior to 2020 are more likely to be sticking with their programs,” while “[e]mployers that are newer to DEI or haven’t really started are more likely to pull back.” But the authors indicate that, despite these different approaches, the majority of private employers are changing the language they use to discuss diversity initiatives and reducing public communications about DEI efforts.
The Charlotte Post, “Affirmative action backlash hits maternal health program” (November 26): Freelance journalist Ronnie Cohen reports on the lawsuit filed in May 2023 by the Californians for Equal Rights Foundation—represented by the American Civil Rights Project—against the city of San Francisco and the state of California over the “Abundant Birth Project,” which provides monthly stipends to pregnant San Franciscans who are Black or of Pacific Island heritage. According to its website, the Project aims to address higher-than-average rates of maternal mortality and preterm births among members of these communities. But the plaintiffs argue that the Project, along with other city programs providing financial support to Black and transgender residents, violates Title VI and the equal protection clauses of the Fourteenth Amendment and the California Constitution.

Current Litigation:

Below is a list of updates in new and pending cases.

1. Contracting claims under Section 1981, the U.S. Constitution, and other statutes:

Am. Alliance for Equal Rights v. Fearless Fund Mgmt., LLC, No. 1:23-cv-03424-TWT (N.D. Ga. 2023), on appeal at No. 23-13138 (11th Cir. 2023): Advocacy group American Alliance for Equal Rights (“AAER”) sued a Black women-owned venture capital firm with a charitable grant program that provides $20,000 grants to Black female entrepreneurs; AAER alleged that the program violates Section 1981 and sought a preliminary injunction. Fearless Fund is represented by Gibson Dunn.
- Latest update: On November 13, 2023, the Eleventh Circuit granted the parties’ motion to expedite oral argument and tentatively scheduled argument for the week of January 29, 2024.
Landscape Consultants of Texas, Inc. v. City of Houston, No. 4:23-cv-3516 (S.D. Tex. 2023): Plaintiff landscaping companies owned by white individuals challenged Houston’s government contracting set-aside program for “minority business enterprises” that are owned by members of racial and ethnic minority groups. The companies claim the program violates the Fourteenth Amendment and Section 1981.
- Latest update: On November 13, 2023, the City of Houston filed its motion to dismiss, arguing that the plaintiffs failed to state claims for disparate treatment under the Equal Protection clause and contracting discrimination under Section 1981. In particular, the City argued that one plaintiff, as a company owned 51% by a woman, might have been treated identically to a minority business enterprise, and that all plaintiffs failed to allege that they were “actually prevented, and not merely deterred” from contracting with the City. The City also argued that since the plaintiffs never actually submitted a bid to contract with Houston, they could not make out a Section 1981 claim.
Am. Alliance for Equal Rights v. Winston & Strawn LLP, No. 4:23-cv-04113 (S.D. Tex. 2023): AAER sued law firm Winston & Strawn, challenging its 1L diversity fellowship program as racially discriminatory in violation of Section 1981. The firm had previously announced that it would continue the program in response to a threat letter from AAER.
- Latest update: On October 30, 2023, AAER moved for a preliminary injunction seeking to bar the firm from considering race as a factor for its diversity fellowship program, to require it to use race-neutral language for program eligibility, and if necessary, to require the firm to restructure its hiring process. On November 14, 2023, the district court entered a briefing schedule; Winston & Strawn’s response is due on December 11, 2023.

2. Employment discrimination under Title VII and other statutory law:

Netzel v. American Express Company, No. 2:22-cv-01423 (D. Ariz. 2022), on appeal at No. 23-16083 (9th Cir. 2023): On August 23, 2022, a group of former American Express employees alleged that the company’s diversity initiatives discriminated against white workers and that the company retaliated against the same workers after they complained, in violation of Title VII and Section 1981.
- Latest update: After the district court granted American Express’s motion to compel arbitration, the plaintiffs appealed to the Ninth Circuit, filing their opening brief on November 9, 2023. The plaintiffs argue in part that they should not be compelled to arbitrate because they seek “public injunctive relief” against alleged “racial discrimination . . . that specifically harms the general public,” a right they claim is not waivable under California law. American Express’s response is due January 10, 2024.

3. Challenges to agency rules, laws, and regulatory decisions:

Johnson v. Watkin, No. 1:23-cv-00848-ADA-CDB (E.D. Cal. 2023): On June 1, 2023, a community college professor in California sued to challenge new “Diversity, Equity and Inclusion Competencies and Criteria Recommendations” enacted by the California Community Colleges Chancellor’s Office, claiming the regulations violated the First and Fourteenth Amendments. The plaintiff alleged that the adoption of the new competency standards, which require professors to be evaluated in part on their success in integrating DEI-related concepts in the classroom, will require him to espouse DEI principles with which he disagrees, or be punished. The plaintiff moved to enjoin the policy.
- Latest update: On November 14, 2023, a magistrate judge issued a recommendation and proposed order to grant a preliminary injunction. The judge recommended enjoining the colleges from investigating or disciplining the plaintiff based on his proposed political speech in the classroom. The judge also recommended denying the defendant’s motion to dismiss. The parties have until November 29, 2023 to file their objections to the magistrate judge’s findings.
Palsgaard v. Christian, No. 1:23-cv-01228-SAB (E.D. Cal. 2023): On August 17, 2023, community college professors in California filed suit, challenging the adoption of the state’s new DEI-related evaluation competencies and corresponding language in their faculty union contract, which they allege requires them to endorse the state’s views on DEI concepts. The plaintiffs challenge the regulations and contract language as compelled speech in violation of the First and Fourteenth Amendments.
- Latest update: On August 23, 2023, the plaintiffs moved for a preliminary injunction, which is fully briefed. The court has not yet ruled on the motion. The defendants’ current deadline to respond to the initial complaint is December 15, 2023.

The following Gibson Dunn attorneys assisted in preparing this client update: Jason Schwartz, Mylan Denerstein, Blaine H. Evanson, Molly Senger, Zakiyyah Salim-Williams, Matt Gregory, Zoë Klein, Mollie Reiss, Teddy Rube*, Alana Bevan, Janice Jiang*, and Marquan Robertson*.