Header graphic for print

Focus on Regulation

FDA proposes new ways for prescription drugs to become available over-the-counter

On Tuesday, FDA’s Center for Drug Evaluation and Research (CDER) announced a draft guidance titled “Innovative Approaches for Nonprescription Drug Products” that could aid drug manufacturers who want to sell, without a prescription, drugs that are currently available only by prescription.  The draft guidance would facilitate these prescription (Rx) to Over-The-Counter (OTC) switches by allowing certain new conditions to ensure safe use.  To qualify for sale without a prescription, a drug must not meet the standard for a prescription drug in the Federal Food, Drug, and Cosmetic Act, and consumers must be able to self-diagnose, self-select, and self-medicate.  Historically, FDA expected consumers to make their OTC drug choices based solely on the conditions outlined in the products’ drug facts label (DFL).  This guidance, however, offers two new approaches for potentially switching Rx drugs to OTC in situations where the DFL alone is insufficient to ensure safety and efficacy in a nonprescription setting:

  1. FDA states that it could approve additional labeling beyond the DFL to ensure safety and efficacy via leaflets or digital platforms such as mobile applications, or
  2. FDA could add conditions of use to ensure consumers appropriately self-select and use the product, such as requiring that consumers to answer a questionnaire or affirm that they understand how to appropriately take the medication by viewing text or video images on appropriate use.

In a statement announcing the guidance, FDA Commissioner Scott Gottlieb, M.D., said this new framework could help lower healthcare costs, but he stressed that FDA is “not proposing a change in the evidentiary standard needed for a product to be approved by the FDA as nonprescription.”  The guidance maintains the importance of drug companies submitting data to the FDA showing consumers are capable of accurately assessing their need for a medication and their ability to use it correctly, citing its April 2013 guidance on the issue.

The draft guidance states that the approach described in this initiative could lead to approval of a wider range of OTC drug products, including those intended to treat chronic conditions, or other conditions for which it is difficult to ensure safe and effective use based solely on the DFL.  Dr. Gottlieb’s statement specifically identifies cholesterol lowering drugs and naloxone as possible drug candidates that could benefit from this approach.

A “first step” toward expanding OTC drug availability

This guidance continues a decade-long trend of FDA movement toward OTC drug review process reform.  FDA had considered the legality of creating a “behind-the-counter” (BTC) nonprescription designation for chronic disease drugs in 2007, and a 2009 GAO report assessed the idea, concluding it could raise out-of-pocket costs for those drugs but that it could also increase the availability of those drugs.  Then, in 2012, FDA announced the Nonprescription Drug Safe Use Regulatory Expansion (NSURE) idea to consider ways to help drugs switch from prescription-only to OTC availability.  Most recently, in 2014, FDA took steps to review the regulatory framework for OTC drug review, as we discussed here.

Dr. Gottlieb called Tuesday’s draft guidance a “first step” toward expanding which drug products could be considered nonprescription drugs, and he said FDA is planning to issue a proposed rule “in the near future” clarifying the requirements for marketing nonprescription drugs.  The Administration’s Spring 2018 Unified Agenda reflects FDA’s intention to issue the proposed rule by February of 2019.

US House passes OTC monograph reform act

The draft guidance comes on the heels of the US House of Representatives’ Monday passage of the Over-the-Counter Monograph Safety, Innovation, and Reform Act of 2018, which would streamline and modernize FDA’s OTC drug review process, with challenges and opportunities described in this White Paper.  Notably, the bill would grant 18 months of exclusivity to makers of innovative OTC drugs; a version of the bill pending in the US Senate would grant 24 months of exclusivity.

Access to documents held by EMA: access requests by non-EU applicants to cease

The EMA has announced that, from 15 June 2018. The Agency will cease to accept requests for access to documents by non-EU applicants. The EMA announced that the Agency’s decision was a result of the high volume of access requests and the related excessive administrative workload.

Continue Reading

RICO Complaint Settlement Highlights TCPA Abuse by Plaintiffs’ Law Firms; Serial Plaintiffs and Cy Pres Awards Continue to Flourish

As the number of frivolous Telephone Consumer Protection Act (“TCPA”) class actions continues to grow unabated, the potential rewards have even led to alleged criminal activity by plaintiff firms seeking to game the system.  A recently settled Racketeer Influenced and Corrupt Organizations Act (“RICO”) complaint showcases a particularly egregious series of allegations that several plaintiffs’ law firms conspired with other companies as well as borrowers to provide useless debt counseling that was merely a pretext to manufacture dubious TCPA lawsuits.

While the allegations in this recently settled RICO lawsuit may seem sensational, they reflect an all-too-common example of bad actors taking advantage of the ease of bringing TCPA claims and the urgent need for the Federal Communications Commission to reform its TCPA framework.  In the meantime, target companies can minimize their damage through greater awareness of potential problems and seeking expert counseling on avoiding these TCPA suits and handling filed complaints.

Continue Reading

Legislative and Regulatory Update on Federal Supply Chain Risk Management

The U.S. Government is renewing its focus on mitigating technological risks by regulating the supply chain for various goods and services. To achieve these goals, Congress and agencies have introduced, and in some cases enacted, legislation and regulations that direct agencies to identify, assess, and mitigate supply chain risks generally as well as prohibit agencies from purchasing goods and services from specific organizations.  The primary aim of these efforts is to make U.S. information technology (“IT”) infrastructure less vulnerable to attacks from state and non-state actors.  The most notable legislation and regulations thus far in 2018 are summarized below:

Prohibition on Procuring Chinese Telecommunications Services or Equipment

One of the most prominent legislative efforts addressing the U.S. Government’s supply chain would prohibit agencies from purchasing certain Chinese telecommunications equipment or services.  The prohibition was first proposed in The Defending U.S. Communications Act (H.R. 4747 / S. 2391).  If enacted, that legislation would prohibit all agencies from:

  1. Procuring or obtaining “any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system” or
  2. Entering into, extending, or renewing a contract “with an entity that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” H.R. 4747 § 3(a).

“Covered telecommunications equipment or services” means telecommunications equipment or services “produced” or “provided” by “an entity that the head of the relevant agency reasonably believes to be an entity owned or controlled by, or otherwise connected to” the government of the People’s Republic of China. Id. at § 3(b)(2), (3).

These prohibitions have largely been incorporated into the House of Representatives’ and Senate’s versions of the National Defense Authorization Act (“NDAA”) for Fiscal Year 2019, with some differences.  The House version would apply these prohibitions only to the Department of Defense (“DoD”).  See H.R. 5515 § 891.  However, section 6702 of the Senate version would apply these restrictions to all federal agencies.  S. 2987 § 6702(b).  It would also expand the restrictions to prohibit agencies from “obligat[ing] or expend[ing] loan or grant funds to procure or obtain, extend or renew a contract to procure or obtain, or enter into a contract (or extend or renew a contract) to procure or obtain” covered telecommunications equipment or services.  Id. § 6702(c).

Federal Acquisition Supply Chain Security Act of 2018 (S. 3085)

On June 19, 2018, Sens. Claire McCaskill (D-MO) and James Lankford (R-OK) introduced the Federal Acquisition Supply Chain Security Act of 2018 (“FASCSA”) to manage supply chain risk.  If passed, this bill would establish the Federal Acquisition Security Council (the “Council”), which will be charged primarily with the following tasks:

  1. Identifying and “assessing threats and vulnerabilities relating to supply chain risk posed by the acquisition of information technology to national security and the public interest” and sharing that information amongst federal agencies and, as appropriate, with the private sector.  S. 3085 § 1323(a).
  2. “Issuing guidance to executive agencies for incorporating information relating to supply chain risks and other relevant information into procurement decisions for the protection of national security and the public interest.”  Id. § 1323(a)(3).
  3. “Developing standards and measures for supply chain risk management, including assessments, evaluations, mitigation, and response that take into consideration national security and other factors relevant to the public interest.”  Id. § 1323(a)(4).
  4. “Consulting, as appropriate, with the private sector and other nongovernmental stakeholders on issues relating to the management of supply chain risks posed by the acquisition of information technology.”  Id. § 1323(a)(5).
  5. “Determining whether the exclusion of a source made by one executive agency should apply to all executive agencies upon receiving a notification under section 4713 and carrying out such other actions as are agreed upon by the Council.” Id. § 1323(a)(6).
  6. Developing “a strategic plan for addressing supply chain risks posed by the acquisition of information technology and for managing such risks.”  Id. § 1324(a).

The Council will comprise representatives from the Office of Management and Budget (“OMB”), the General Services Administration (“GSA”), the Department of Homeland Security (“DHS”), the Office of the Director of National Intelligence (“ODNI”), the Federal Bureau of Investigation (“FBI”), DoD, the National Institute of Standards and Technology (“NIST”), and any other agencies the Chair of the Council elects to include.  S. 3085 §§ 1322(a), (b)(1).

Enhance Cybersecurity for Small Manufacturers Act of 2018 (S. 2666)

The Enhance Cybersecurity for Small Manufacturers Act would require NIST to work with DoD and the Hollings Manufacturing Extension Partnership to help “small manufacturers in the defense industrial supply chain” understand and address cybersecurity threats.  S. 2666 § 3(b)(1).  These efforts would include helping “small manufacturers conduct voluntary self-assessments in order to understand operating environments, cybersecurity requirements, and existing vulnerabilities”; transferring NIST’s “technology and techniques” to small manufacturers “to protect covered defense information, including controlled unclassified information”; and creating “a cyber counseling certification program” (or using a similar existing program) “to certify small business professionals and other relevant acquisition staff within the [DoD] to provide cyber planning assistance to small manufacturers in the defense industrial supply chain.”  S. 2666 § 3(b)-(e).

Federal Network Protection Act (S. 2743)

Currently, DHS is authorized to “mitigat[e] . . . exigent risks to information systems” by issuing “binding operational directives.” 44 U.S.C. § 3553.  The Federal Network Protection Act would clarify that DHS is not required to notify contractors of any mitigation efforts related to goods or services provided by those contractors.

Foreign Source Code Reviews (S. 2978)

Source code reviews have received increased attention in the media in recent months. A source code review is the process of reviewing the code of software or applications to identify security flaws.  The U.S. Government has expressed concern that allowing foreign governments to review source codes of software and applications sold to the U.S. Government could create or increase cybersecurity threats.  To mitigate these risks with respect to DoD, the Senate version of the 2019 NDAA would prohibit DoD from “us[ing] a product, service, or system relating to information or operational technology, cybersecurity, an industrial control system, a weapons system, or computer antivirus provided by a person unless that person discloses” whether it has allowed, or is required to allow, a foreign government to review the source code of such a product, system, or service.  S. 2987 § 1639(a).  Additionally, all contracts for such products, systems, or services “shall include a clause requiring” contractors to disclose any actual or required foreign government source code reviews throughout the life of the contract. Id. at § 1639(b).  Any information disclosed in accordance with these requirements would be maintained in a “registry.”  Id. at § 1640.  Information contained in the registry would be exempt from disclosure under the Freedom of Information Act (“FOIA”).

Federal Acquisition Regulation Subpart 4.20 – Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab (83 Fed. Reg. 28,141)

On June 15, 2018, the Federal Acquisition Regulation (“FAR”) Council issued an interim rule that will prohibit U.S. Government agencies from using “any hardware, software, or services developed or provided, in whole or in part, by” Kaspersky Lab, a successor entity to Kaspersky Lab, a Kaspersky Lab corporate affiliate, or an “entity of which Kaspersky Lab has a majority ownership.”  83 Fed. Reg. 28,144.  This rule was issued in accordance with Section 1634 of the NDAA for 2018 and will take effect July 16, 2018. The prohibition arises from concerns over Kaspersky Lab’s alleged ties to the Russian Government and would purport to make U.S. Government IT systems less susceptible to hacking by foreign actors.  This rule follows DHS’s September 2017 directive instructing all agencies to identify and purge Kaspersky products from their systems.  See Binding Operational Directive 17-01, 82 Fed. Reg. 43,782 (Sept. 19, 2017).

Federal Communications Commission (“FCC”) Network and Supply Chain Security Proposed Rule (83 Fed. Reg. 19,196)

On May 2, 2018, the FCC issued a notice of proposed rulemaking titled Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs.  83 Fed. Reg. 19,196 (May 2, 2018).  This proposed rule would prohibit the FCC from using the Universal Service Fund “to purchase or obtain any equipment or services produced or provided by a company posing a national security threat to the integrity of communications networks or the communications supply chain.”  Id. at 19,198.

A new era unfolds as China unveils its new negative list approach for foreign investment nationwide

On 28 June 2018, the National Development and Reform Commission and the Ministry of Commerce released the Foreign Investment Market Access Special Administrative Measures (Negative List) (2018 Version), which will become effective from 28 July 2018. This Negative List is significant because it will replace the Guidance Catalogue for Foreign Investment Industries, the latest iteration of which became effective on 28 July 2017 (the “2017 Catalogue“), which has been the official policy statement on foreign investment for almost twenty years. Continue Reading

Digital competition policy on the move: Price algorithms in the German Monopolies Commission’s spotlight – European Commission launches consultation process

Price algorithms are clearly the “talk of the town” in the European competition law community these days. Just last week, the German Monopolies Commission published a report in which it discusses potential anti-competitive effects of price algorithms and proposes far-reaching amendments to the competition law enforcement framework. Meanwhile, the European Commission has announced a consultation process with a view towards shaping competition policy in the era of digitisation.

Price algorithms in the focus of European competition authorities

Across Europe, competition authorities are currently putting a focus on algorithms. In recent weeks, both the Federal Cartel Office and the Austrian Federal Competition Authority have addressed the question of whether the use of price algorithms can lead to excessive ticket prices in the airline industry. In addition, the Luxembourg Conseil de la Concurrence investigated whether the price algorithm used by a taxi app violated antitrust law. Finally, the French Autorité de la Concurrence and the Federal Cartel Office announced the launch of a joint research project to investigate algorithms and their implications on competition. Continue Reading

LawTech in London! New court – read the latest from our Global Products Law Team

In a move to cement London’s reputation as “the” global legal centre, on 4 July 2018 a new flagship court was announced by Lord Chancellor David Gauke.  The new court will specialise in (among other things) cybercrime, fraud and economic crime.  This is heavy investment to ensure that the UK remains the centre for tech-based litigation, and is known for its cutting-edge approach to technology and innovation in resolving disputes.

This is the product of the City of London Corporation partnering with the judiciary and will be located at Fleetbank House. Completion of the development is forecast for 2025. The new court will replace the civil court, Mayor’s and City of London County Court, and the City of London Magistrate’s Court.  A new City of London police station is also on the cards.  An “increasing focus on cyber security” has been cited as a motivator for the development, showing businesses both at home and abroad that London is equipped to deal with all their modern legal needs.

This is an exciting move to promote London’s expertise in cyber issues and innovation!  The new court will come complete with “bespoke” state-of-the-art facilities that 21st century businesses would expect from the justice system.

You can read more about it here, or contact a member of our Global Products Law: Valerie Kenyon (Partner) would be delighted to hear from you and get your views and questions.

Parent company liability – Court of Appeal upholds decision rejecting jurisdiction over claims brought against Unilever by victims of post-election violence in Kenya

On 4 July 2018, the Court of Appeal handed down judgment in AAA & Ors. v Unilever PLC and Unilever Tea Kenya Limited [2018] EWCA Civ 1532, dismissing an appeal by victims of the 2007 post-election violence in Kenya.  It is the latest in a series of recent judgments on jurisdiction over parent company liability for overseas human rights impacts (see our previous posts on Vedanta and Shell) and has important ramifications for UK domiciled multinationals, particularly those with operations in unstable or conflict affected states.

The Facts

Following the contested election of 2007, a wave of violence swept across Kenya. Over 1300 people were killed, many more were injured and there was widespread damage to property.  Amongst the victims were employees and former employees of Unilever Tea Kenya Ltd (“UKTL”) along with other people present on their plantation in Kericho.  213 of these victims brought a claim in the English courts against Kenyan domiciled UKTL and its English parent, Unilever Plc (“Unilever”), alleging that the companies failed to discharge a duty of care to take adequate steps to protect them from the violence.

The High Court Judgment

In February 2017, Laing J in the High Court found in favour of Unilever and UKTL.  Under English law, a duty of care arises where there is proximity, foreseeability and where it is fair, just and reasonable to impose such a duty.  She found that there was no arguable case that two of these ingredients (foreseeability and fairness, justice and reasonableness) could be made out against Unilever.  Absent a good arguable claim against Unilever, there was no UK domiciled defendant to anchor the claims in the English courts and jurisdiction over the claims against UKTL was rejected.  Obiter, she stated that there was sufficient evidence of proximity between the claims and Unilever and that, if a viable claim against it could be made out, England would be the appropriate forum.

The Claimants appealed the question of whether a duty of care arose while Unilever submitted a respondent’s notice on the question of proximity and cross-appealed a previous decision declining a stay on case management grounds.  Both Unilever and UKTL also challenged the judge’s finding on appropriate forum.

The Court of Appeal Judgment

On the basis that there was insufficient proximity between the Claimants and Unilever, the Court of Appeal (Sales, Gloster and Newey LLJ) dismissed the Claimants’ appeal stating that the Claimants were “nowhere near” being able to show that they had a good arguable claim against Unilever.  The Court declined to address issues of foreseeability and whether it was fair, just and reasonable to impose a duty of care, not only stating that this was unnecessary in light of its findings on proximity but that it would be inappropriate to do so.  They reasoned, “if there is to be a trial, it will have to take place in Kenya”.  In such circumstances, the Kenyan courts would be better placed to determine issues of foreseeability and what was fair, just and reasonable in a Kenyan context.  Permission to appeal to the Supreme Court has been granted.

The Court did not adopt the formulation for parent company liability adopted by a differently constituted bench of the same court in Vedanta and Shell.  Instead, it noted that there were two types of case in which a parent company duty of care might arise:

  1. where the parent has in substance taken over the management of the relevant activity of the subsidiary; and
  2. where the parent has given relevant advice to the subsidiary about how it should manage a particular risk.

After reviewing several UKTL and Unilever policies and hearing evidence from UKTL’s senior management, the Court held that: UKTL did not receive relevant advice from Unilever; and UKTL understood that it was responsible for devising its own risk management policy and handling the crisis in 2007 and did so.


A different formulation on parent company duty of care muddies the waters

The formulation adopted in Unilever is not necessarily inconsistent with the formulation adopted in Vedanta and Shell (which noted that a parent company duty of care might arise, inter alia, where the parent had devised a policy material to the harm or where it controlled the operations that gave rise to the harm).  However, it is regrettable that businesses seeking to understand a possible duty of care and manage risk accordingly must now reconcile these different formulations.

A parent company is in the same position as any other third party – what does this mean in the context of non-equity relationships?

Sales LJ stated that:

“There is no special doctrine in the law of tort of legal responsibility on the part of a parent company in relation to the activities of its subsidiary, vis-à-vis persons affected by those activities. Parent and subsidiary are separate legal persons, each with responsibility for their own separate activities. A parent company will only be found to be subject to a duty of care in relation to an activity of its subsidiary if ordinary, general principles of the law of tort regarding the imposition of a duty of care on the part of the parent in favour of a claimant are satisfied in the particular case.” [36]

This is relatively uncontroversial and consistent with well-established principles of English law, as articulated in a long line of previous cases, including Chandler v Cape, Lungowe v Vedanta and Okpabi v Shell.  Absent a radical departure from this position by the Supreme Court, we do not appear to be moving towards a doctrine of enterprise liability (whereby a company is automatically liable for the actions of its subsidiaries or other actors in its value chain).  Nevertheless, he went on to add:

“The legal principles are the same as would apply in relation to the question whether any third party (such as a consultant giving advice to the subsidiary) was subject to a duty of care in tort owed to a claimant dealing with the subsidiary.”

This brings into focus the question of which other third parties might owe a duty of care to people affected by the operations of a company with which it has a non-equity relationship.  Could the same principles be extended to, for example, a UK bank in circumstances where it finances and exercises some control over an overseas project which is associated with an adverse human rights impact?  What are the implications for a business’s supply chain management?  Could, for example, a purchaser which requires that its suppliers comply with a code of conduct owe a duty of care to someone harmed in that supplier’s operations?  In both instances, it would turn on whether the ingredients of foreseeability, proximity and “fair, just and reasonable” could be made out on the specific facts.  In many circumstances, it will be more difficult to establish this in the context of a relationship between bank and client or purchaser and supplier than in the context of a parent – subsidiary relationship, where there is likely to be greater scope to intervene in the operations of the subsidiary. However, there is no legal reason that such a duty could not arise.  In light of this risk, all businesses should be alive to human rights risk in their operations and supply chain and how this interacts with their legal risk profile.

Julianne Hughes-Jennett is a partner and Peter Hood is a consultant in the Hogan Lovells Business and Human Rights Group  

Updated EMA guidance on centrally authorised medicines raises new considerations for Brexit preparations

On 19 June 2018, the European Medicines Agency (EMA) published updates to its Brexit Q&A document for human and veterinary medicines authorised via the centralised procedure and to its practical procedural guidance on making Brexit related changes to the authorisations for those products.

The updated version (“Rev 03”) of the EMA Q&A document includes new paragraphs relating to the validity of inspections carried out by UK inspectors, multi-country packaging, back-up arrangements for pharmacovigilance, batch release certificates for human immunological and human blood and plasma medicinal products, and the procedure for assessment of ancillary medicinal substances.

In particular, the new information confirms:

  • the outcome of inspections carried out by the UK competent authority (the MHRA) before 30 March 2019 relating to good manufacturing practice, good clinical practice and pharmacovigilance obligations will continued to be recognised following Brexit;
  • it will only be possible to include UK labelling information on packaging for medicinal products intended for multiple EU markets if the UK information is fully compatible the summary of product characteristics as authorised in the EU;
  • back-up arrangements for situations in which the Qualified Person for Pharmacovigilance is absent will need to be transferred to another EU Member State if they are currently based in the UK;
  • human immunological medicinal products and medicinal products derived from human blood or plasma that have been tested and certified for batch release by an Official Medicines Control Laboratory (OMCL) or by a designated laboratory located in the UK will no longer be permitted to be placed on the EU market following Brexit. Marketing authorisation holders (MAHs) will need to appoint an OMCL located in the EEA or batch release will need to be carried out by a country with which the EU has a mutual recognition agreement; and
  • manufacturers of medical devices which incorporate ancillary medicinal substances will no longer be able to appoint a UK notified body for the purposes of obtaining a scientific opinion from the EMA or a competent national authority concerning the quality and safety of the ancillary medicine.

The updates to the procedural document include new guidance on:

  • changing a UK based applicant for an on-going marketing authorisation application to an applicant established in another EU Member State;
  • how the assignment of existing rapporteurs and co-rapporteurs from the UK to another EU member state will work in practice. This procedural guidance follows the redistribution of the UK’s portfolio of centrally authorised medicinal products and the reallocation of UK rapporteurs and co-rapporteurs, which has been agreed by the EMA and the national competent authorities in April 2018 (link);
  • timings for submitting Brexit-related type IA variations;
  • combining multiple transfers of orphan designations from the UK to another EU Member State; and
  • considerations when changing the pharmacovigilance system master file (PSMF) location from the UK to a remaining EU Member State.

The Q&A and procedural guidance supplement the EMA’s Notice to holders of centrally authorised marketing authorisations, last updated in January 2018. The Notice emphasises the need for MAHs to ensure the continuity of supply of medicines in the EU following Brexit and proactively review the marketing authorisations they hold to assess the need for any changes.

Both documents are based on the UK leaving the EU on 29 March 2019 without any transitional arrangements in place.