Header graphic for print

Focus on Regulation

U.S. Treasury Secretary Mnuchin Urges Amending CFIUS Reviews

On Thursday, May 18, U.S. Treasury Secretary Steven Mnuchin waded further publicly into efforts on Capitol Hill to amend the authorizing statute underlying the Committee on Foreign Investment in the U.S. (CFIUS), a U.S. Government interagency committee that conducts national security reviews.  Munchin reportedly told a gathering of business executives at the U.S. Chamber of Commerce: “There are some parts of CFIUS we probably do need to amend,” adding that officials “should be looking at” joint ventures and acquisitions in particular.  In congressional testimony earlier this month, Mnuchin also noted that he reviews CFIUS cases on a weekly basis.  Consistent with an interview in early May that he gave to Bloomberg, though, he signaled that he did not expect an expansive modification to the CFIUS review process, which is fundamentally driven by national security concerns.  Mnuchin reiterated that the focus of the U.S. Government is on “promoting” the “opportunity for foreign direct investment.”

As we have previously noted here and here, lawmakers in both the U.S. House of Representatives and Senate are examining ways to restrict Chinese and other foreign investment in the United States by reforming national security reviews conducted by CFIUS.  At this time, the effort most likely to bear fruit appears to be that of Senator John Cornyn (R-TX), the second-ranking Republican in the Senate, and Rep. Rob Pittenger (R-NC), one of the leading voices on CFIUS matters in the House of Representatives.  They are drafting CFIUS reform legislation with input from the Trump Administration, which was earlier rumored to be considering taking executive action on tightening CFIUS reviews.  It is not clear whether the White House will ultimately pursue an executive order or rely on the significant breadth of the existing CFIUS statute.

The legislation is evolving, but, according to congressional sources, is centered on the following aspects:

  • Heightened scrutiny of transactions involving advanced technologies, steel, and transportation, as well as transactions involving bankruptcy scenarios;
  • Tiered treatment of transactions involving mitigation agreements, with greater scrutiny after the fact to transactions with such agreements; and
  • Possible tiered treatment of transactions emanating from specific countries of concern, e.g. China.

Another possible area of focus may be real estate transactions by foreign investors that result in foreign ownership of real estate in proximity to sensitive government facilities, including U.S. military bases.  Last week, three leading Senate Democrats—the Ranking Members of the Finance, Homeland Security and Government Affairs, and Banking, Housing, and Urban Affairs Committees—requested that the Government Accountability Office review the approach taken by CFIUS to examine real estate transactions in order to “assess whether and how CFIUS addresses the full range of national security challenges such transactions may pose.”  CFIUS has long considered proximity issues in its reviews and has effectively blocked certain transactions that raised national security concerns due to the specific foreign investor and the proximity of the U.S. target to U.S. military installations.

While the breadth of the existing statute clearly allows CFIUS to undertake reviews of transactions in sensitive industries, in the real estate sector, and from countries of concern to policymakers, Congress feels the need to make these points explicit in the law.  The backers of the Cornyn-Pittenger legislation see this effort as a modest change to the statute.  Indeed, equally significant from their perspective is what is not included in the currently proposed text.  For example, they do not anticipate including agricultural transactions, greenfield projects, or net-economic benefit tests as a statutory focus of CFIUS.

Other lawmakers, however, are seeking more scrutiny over transactions involving food and agriculture. The Food Security is National Security Act would (i) give federal agriculture and food officials permanent representation on CFIUS and (ii) amend the statute to allow the Committee to consider agriculture and food-related criteria when reviewing transactions that could result in control of a U.S. business by a foreign person.  Under the current statute, the Committee has the discretion to consider the national security impact of foreign investments on U.S. food and agricultural systems, but the proposed legislation would amend the statute to make food and agricultural criteria explicit.

Excessive pricing in pharmaceutical products attracts the European Commission’s attention

scan medicineIn recent years competition authorities in a number of EU Member States have stepped up in their pursuit against companies active in the Life Sciences sector for excessive pricing. Last week, the European Commission issued a press release signalling that it will not be left behind on the action when it launched a probe into a pharmaceutical supplier of cancer drugs. This could be one of the very first examples of intervention at the European Commission level in a pure excessive pricing case, let alone in the Life Sciences sector.

Should companies in the Life Sciences sector be concerned?

Excessive pricing can be a potential antitrust concern if a company enjoys a dominant position on the market. A company is dominant if it company enjoys a level of market power such that they can act independently from customers and competitors on the market.

Recent cases have suggested a lowering of the threshold for assessing and finding dominance. The trend is pointing towards markets being defined more narrowly. The European Commission and other national EU Member State authorities have used the anatomical therapeutic classification (“ATC”) as a reference tool for market definition for some years now, but in recent cases, pharmaceuticals at ATC level 5 have been considered as forming a separate market on their own. The consequence of this is that it would be easier to hold a company operating in that narrow space as dominant.

Once dominance is established, the long-held test for whether a price is excessive is a two part test that compares the price of the product to the cost of the product and then considers whether the price is in itself excessive compared to other products. The complexity in applying this test should not be underestimated: there is little guidance available, not least on how one should interpret “cost”, and on how one determines “excessive”.

Competition authorities have typically shied away from direct price regulation and there are good reasons for this. In the Life Sciences sector, pricing is often already regulated by separate bodies set up specifically for this purpose. The increased spotlight on these excessive pricing Life Sciences cases, not least measured by column inches in the press, and the perceived direct consumer impact has, however, appeared to have incentivised intervention from a competition law perspective. Ultimately there are cases where a competition authority has to act. And there are cases where they have to be seen to act.

CJEU upholds principle of free movement of goods for food supplements

The Court of Justice of the European Union (“CJEU“) has issued a ruling on the interpretation of Directive 2002/46/EC on food supplements, finding that a French law prohibiting the sale of food supplements from other EU Member States containing vitamins and minerals above French national limits is contrary to EU law.

The CJEU held that while individual Member States can set their own maximum vitamin and mineral levels for food supplements, the absence of a procedure for evaluating and authorising food supplements lawfully marketed in other Member States that exceed those national limits means that the French law contravenes the EU principles of free movement of goods and mutual recognition.

The CJEU also confirmed that where an individual Member States sets its own national maximum vitamin and mineral levels for food supplements, those levels must be set on a case-by-case basis following a comprehensive risk assessment based on generally accepted scientific data, including international and not only national data.

The ruling is significant for food supplement companies in confirming that even where national limits are allowed to be set, these must be based on robust scientific evidence and cannot be used to automatically prevent products sold legally elsewhere in the EU from being sold in that national market. In the longer term, the ruling also highlights the need for harmonised EU maximum vitamin and mineral levels to be developed.

Read the full judgment here.





BREAKING: U.S. Court of Appeals for the DC Circuit Strikes Down FAA Drone Registration Rule for Hobbyist

In a ruling issued today, the the U.S. Court of Appeals for the District of Columbia Circuit vacated the FAA’s Registration Rule for small unmanned aircraft systems (UAS or drones) that are operated for recreational purposes, otherwise known as “model aircraft.” If the ruling stands, hobbyist and recreational drone enthusiasts will no longer be required to register their drones with the FAA.  The ruling does not affect existing requirements for commercial operators to register their UAS with the FAA.

In response to news events involving careless operators misusing drones, including crashes at stadium sporting events and hundreds of alleged incidents involving close-encounters between UAS and manned aircraft, shortly before Christmas 2015, the FAA rushed to promulgate a new registration rule that required model aircraft to be registered with the FAA.  Since the rule went into effect, more than 800,000 operators have registered their drones with the FAA.  To put that in perspective, there are only around 320,000 manned aircraft registered with the FAA.

The Court sided with Plaintiff hobbyist John Taylor who argued that the FAA’s Registration Rule, as it applies to model aircraft, directly violates Section 336(a) of the FAA Modernization and Reform Act of 2012, which states that the FAA “may not promulgate any rule or regulation regarding a model aircraft.”

In an effort to sidestep Section 336(a)’s prohibition on promulgating rules regarding model aircraft, the FAA argued that the new Registration Rule, was not actually a new rule. Through a bit of legal gymnastics, the FAA tried to argue that under existing statutes requiring aircraft to be registered, the agency already had the authority to require model aircraft to be registered, and that they had previously exercised discretion not to enforce aircraft registration requirements with respect to model aircraft.  Using this theory, the FAA claimed that the Registration Rule was not a new requirement at all, but merely a “decision to cease its exercise of enforcement discretion.”

The Court rejected the FAA’s argument, stating:

“The Registration Rule does not merely announce an intent to enforce a pre-existing statutory requirement. The Registration Rule is a rule that creates a new regulatory regime for model aircraft. The new regulatory regime includes a “new registration process” for online registration of model aircraft. The new regulatory regime imposes new requirements – to register, to pay fees, to provide information, and to display identification – on people who previously had no obligation to engage with the FAA. And the new regulatory regime imposes new penalties – civil and criminal, including prison time – on model aircraft owners who do not comply. In short, the Registration Rule is a rule regarding model aircraft.” (Internal citation omitted.)

In addition to challenging the FAA’s registration rule, the Plaintiff also challenged the FAA’s prohibition contained in Advisory Circular 91-57A on the operation of model aircraft in various restricted areas, including the Flight Restricted Zone around Washington, D.C. The Court dismissed the challenge to the Advisory Circular on procedural grounds, finding that Plaintiff missed the 60-day deadline for challenging the Advisory Circular.

Shortly after the Court’s ruling, the FAA released the following statement:

We are carefully reviewing the U.S. Court of Appeals decision as it relates to drone registrations. The FAA put registration and operational regulations in place to ensure that drones are operated in a way that is safe and does not pose security and privacy threats.  We are in the process of considering our options and response to the decision.

Should the FAA wish to challenge the Court’s decision (and they almost surely will), there are two potential avenues for doing so. The first is to seek an en banc review by all of the judges sitting on the U.S. Court of Appeals for the District of Columbia.  The second option, which the Court hinted at in its ruling, would be to seek a legislative fix from Congress, most likely in the FAA Reauthorization Bill that Congress will need to pass later this year to continue FAA funding.  The Court wrote: “Congress is of course always free to repeal or amend its 2012 prohibition on FAA rules regarding model aircraft. Perhaps Congress should do so. Perhaps not. In any event, we must follow the statute as written.”







NISPOM Change 2 Deadlines Coming for Cleared Contractors

As industry comes up on the one-year anniversary of the publication of Change 2 to the National Industrial Security Program Operating Manual (NISPOM)1, a number of implementation deadlines are drawing near. This blog post briefly highlights key industrial security program requirements for cleared contractors to focus on.

1. Insider Threat Program Training Implementation Deadlines

Change 2 requires cleared contractors to appoint an Insider Threat Program Senior Official (ITPSO)2 and implement an “insider threat” program3 that will gather, integrate, and report relevant and available information indicative of a potential or actual insider threat.4  Insider threat employee awareness training is now required for all cleared employees before being granted access to classified information and annually thereafter.

  • The suspense for the completion of training for those cleared employees currently accessing classified information is May 31, 2017.
  • After May 31, 2017, all cleared contractor employees must complete the employee awareness training prior to having access to classified information, and thereafter annually.5

2. Transition to New RMF Assessment Process for Classified Information Systems

Change 2 added specific cybersecurity language to the NISPOM and completely overhauled Chapter 8 on Information System security to bring the NISPOM in line with other unclassified federal information system security requirements.

  • A senior management official at the cleared facility must certify annually to DSS in writing that a self-inspection of classified information systems has been completed.6 These self-inspection reports must be available to DSS during the company’s next security vulnerability assessment following the self-inspection.
  • Contractors must implement certain DSS-provided information system security controls on classified information systems in order to detect activity indicative of insider threat behavior.7
  • The former DSS Office of the Designated Approving Authority (ODAA) been renamed the National Industrial Security Program Authorization Office (NAO). The ODAA Process Manual for the Certification and Accreditation of Classified Systems has been renamed the DSS Assessment and Authorization Process Manual (DAAPM) and revised to reflect the updated NISPOM Change 2 language  on “authorizing” classified information systems.
    • An authorizing official8 is responsible for issuing an operational authorization decision (an “Authorization to Operate” (ATO)) for cleared contractor information systems based on the results of security assessment activities and the implementation of security controls provided in the DAAPM.
  • Both the NISPOM and the DAAPM have replaced the legacy Certification and Accreditation (C&A) processes applied to information systems with the approach embodied in the NIST Risk Management Framework (RMF).9
    • Contractor classified information systems with a security authorization package submitted before August 2016 continue using the C&A process in the ODAA Process Manual.10
    • Going forward, all expiring authorizations and submissions of new security authorization packages for contractor classified information systems must transition to the RMF and follow the DAAPM.

3. Use of New Version of Standard Form (SF) 328 Certificate Pertaining to Foreign Interests

OPM has issued a new version of the Standard Form (SF) 328,11 which is used to gauge whether a company is under Foreign Ownership, Control, or Influence (FOCI).12  Revisions to the form include:

  • the removal of the prior requirement for application of a corporate seal;
  • a single witness to the contractor representative signing the SF 328 is now required; and
  • the government representative that is accepting the SF 328 may not act as the witness.

However, the ten (10) FOCI questions on the front of the form have not changed at all.  A notice on the DSS website provides the following guidance to contractors for completing the new SF 328 in the Electronic Facility Clearance System (e-FCL):

ATTENTION e-FCL USERS: e-FCL system updated with revised SF 328

On April 5, 2017, DSS announced that the SF 328, “Certificate Pertaining to Foreign Interests,” supporting the National Industrial Security Program was revised with a new issuance date of March 2017, under

In the e-FCL system, the previous version of the SF 328 remains available to complete via digital form. Contractors should:

  1. Continue completing the digital form in e-FCL as the questions on the form have not changed, and
  2. Complete and upload a signed copy of the revised SF 328 as part of the Initial or Change Condition Package.

Note: The print button for the digital form has been temporarily disabled.

A link to the revised SF 328 will be available in the system in the coming weeks. In June 2017, the e-FCL’s digital SF 328 will be updated to the revised version, and the print button will be re-enabled.

If you have any questions, please contact your assigned ISR.

Although the changes to the form do not affect any existing SF 328s on file in e-FCL, going forward a company should be signing and submitting the new version of the SF 328 for any “Initial” or “Changed Conditions” submission.

1 Department of Defense (DoD) 5220.22-M  February 2006 (Incorporating Change 2, May 18, 2016).

2 The ITPSO must be identified as Key Management Personnel (KMP) and must have a Personnel Security Clearance (PCL) at the level of the company’s Facility Security Clearance (FCL). NISPOM §1-202; §2-104.

3  Insider threat is defined as “the likelihood, risk, or potential that an insider will use his or her authorized access, wittingly or unwittingly, to do harm to the national security of the United States. Insider threats may include harm to contractor or program information, to the extent that the information impacts the contractor or agency’s obligations to protect classified national security information.” (NISPOM Appendix C)

4 NISPOM §1-202.

5 NISPOM §3-103b; DSS Industrial Security Letter (ISL) 2016-02 at page 4.

6 NISPOM §1-207b.

7 NISPOM §8-100d.

8 The term “authorizing official” (AO) has replaced the legacy term “designated approving authority” (DAA) in the NISPOM.  This change is consistent with other RMF changes to DoD cybersecurity publications.

9 National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37, Risk Management Framework.

10 However, the resulting ATO shall be no greater than 18 months and the contractor must develop a Plan of Action and Milestones (POA&M) for transitioning to the RMF.

11 Issued under OMB Control Number 0704-0194 and expires on Sept. 30, 2019, unless the form is renewed prior to that date. Previous blank SF 328s are obsolete.

12 Available from the GSA forms website here.

New EASA Consultation: Are Drone Pilots Heading for a Period of Regulatory Turbulence?

On 12 May 2017 the European Aviation Safety Agency (“EASA“) opened a consultation into sweeping new regulations on the operation of unmanned aircraft systems (“UAS” or drones) in European airspace. Individuals and companies that are interested in the future of UAS operations in the European Union (“EU”) should carefully review the Notice of Proposed Amendment and consider participating in the review process by submitting comments and letting EASA know their views on all aspects of the proposed regulations.

Under the current regulations, EASA only regulates large UAS with a maximum take-off weight of 150kg or more and the regulation of UAS with a maximum take-off weight of less than 150 kg is reserved to Member States. The European Commission and European Parliament are currently trying to extend the EU’s regulatory competences (jurisdiction) to include authority over all UAS weighing more than 250g. EASA’s new proposal will likely spur debate among industry stakeholders over whether this new and innovative technology should be regulated more broadly by EASA or by the individual Member States.    Continue Reading

UK Government Given Additional Powers to Control NHS Medicine Prices

The new Health Service Medical Supplies (Costs) Act 2017 came into force on 27 April 2017, giving the Department of Health greater powers to control the cost of medicines supplied to the National Health Service (NHS).

The cost of branded medicines supplied to the NHS is regulated through two mechanisms – the Pharmaceutical Price Regulation Scheme (PPRS), which is a voluntary scheme agreed between government and industry, and a statutory scheme. Manufacturers and suppliers can choose whether to sign up to the PPRS or be subject to the statutory scheme, with the majority choosing to participate in the PPRS. The cost of unbranded generic medicines is not controlled other than through competition in the market.

The savings delivered by the statutory scheme have been significantly lower than the PPRS in recent years, resulting in a move by some companies to take their branded medicines out of the PPRS. To address this, the Act amends the NHS Act 2006 to allow the cost of medicines under the statutory scheme to be controlled in a similar way to under the PPRS.

Previously, unbranded generic medicines manufactured by companies that participate in the PPRS in relation to their branded medicines fell outside the statutory scheme. Over recent years, the prices of a number of unbranded generic medicines with no market competitors have been increased significantly. The Act extends the scope of the statutory scheme to all unbranded generic products, enabling such price increases to be controlled.

The amendments are intended to increase savings for the NHS and to provide a more level playing field for companies participating in either the PPRS or statutory scheme. Before such new controls are introduced, the Department of Health must consult on the economic consequences for patients, the UK life sciences industry and the UK economy generally, and must take into account the need to make medicines available to the NHS on reasonable terms and the costs of research and development.

The Act also includes new powers allowing the Department of Health to request various pricing related information from manufacturers, distributors and suppliers of medicines used by the NHS. Details of these new powers will be set out in a separate regulation and subject to consultation.

Further information on the Act is available in the Department of Health’s Health Service Medical Supplies (Costs) Bill factsheet.

“Double Dip” Effectively Approved by Center for Medicare and Medicaid Services

*Associates Ryan Harrigan and Samantha Marshall also contributed to this post

Last week the Centers for Medicare and Medicaid Services (CMS) issued Release No. 104 to Manufacturers and Release No. 180, which invalidated earlier agency releases addressing the treatment under the Medicaid drug rebate program of Federal Supply Schedule (FSS) purchases by Indian Health Service (IHS) facilities. Continue Reading

TCPA for the Boardroom – An Executive Focus

How do you protect your business from costly Telephone Consumer Protection Act (TCPA) lawsuits and regulatory enforcement actions? In this webinar, we will focus on the key decisions facing company executives as they navigate TCPA risks and assess compliance strategies.

Businesses must stay in touch with their customers and their partners in order to succeed. But as technology has advanced, the risks of TCPA enforcement and class action litigation have grown exponentially. Lawsuits filed by plaintiffs pursuing millions in damages have surged over the past few years, making TCPA one of the most sued-under federal consumer protection statutes.

Continue Reading

Stuck in the middle without EU: UK courts grapple with Brexit uncertainty

The UK Government has made clear that it intends to end the jurisdiction of the Court of Justice of the EU (“CJEU“) in the UK post-Brexit.  This will, unless agreed otherwise in the negotiations, result in litigants losing the ability to make references to the CJEU on questions of EU law.  In the meantime, the lack of clarity from the UK Government about the extent of the CJEU’s jurisdiction post-Brexit also gives rise to legal uncertainty for citizens and businesses in the UK whose legal proceedings will be outstanding during the Brexit negotiation period, which the courts are beginning to have to grapple with.  Read the full blog here.