Articles + Publications - Troutman Pepper Locke

This is our third year compiling and analyzing data as to the prevalence of women attorneys appearing before the International Trade Commission (ITC). This year’s data confirms our prior analyses – women remain underrepresented at the ITC. In 2024, women comprised only 29.6% of ITC advocates and had significantly fewer years of experience compared to men. We note that, compared with previous years, the number of first year associates has risen for both men and women, with the number of male first year associates more than doubled in 2024, One positive result of this year’s analysis is that the percentage of women designated as lead counsel in ITC investigations rose from 12% last year to 20% this year—approaching the percentage of women attorneys designated as lead counsel in the district courts—potentially indicating progress towards better representation of women before the ITC. This year’s statistics are examined in detail below and compared to the findings of our analyses in our 2023 and 2022 articles.

Read the full article on World IP Review.

Matt Cossu and Dani D’Annunzio, associates with Troutman Pepper Locke who are not licensed to practice law in any jurisdiction, also contributed to the article.

On September 29, the White House issued a proclamation (Proclamation) invoking Section 232 of the Trade Expansion Act (Act) to impose tariffs on certain imports of timber, lumber, and derivative wood products into the United States. This action is a response to a U.S. Commerce Department investigation, which found that rising import volumes, supported by foreign subsidies and unfair trade practices, are burdening the U.S. wood products industry.

The Tariff Rate

The Proclamation imposes a 10% ad valorem tariff on imports of softwood timber and lumber. Additionally, it imposes a 25% ad valorem tariff on kitchen cabinets and vanities, as well as upholstered furniture. These initial tariff rates will be effective starting October 14, 2025. The Proclamation also provides for an escalation of the 25% tariff on upholstered furniture to 30%, effective January 1, 2026, and an escalation of the 25% tariff on kitchen cabinets and vanities to 50%, also effective January 1, 2026. The specific products that are subject to these new tariffs can be found in Annex I of the Proclamation (covered products).

Exclusions

The following trading partners will benefit from capped tariff rates reflecting existing trade frameworks:

United Kingdom: Tariffs on covered products from the UK may not exceed 10%.
European Union and Japan: Tariffs on covered products from the EU and Japan may not exceed 15%.

Covered products are not subject to reciprocal tariff regimes.

Negotiations With Foreign Trade Partners

Trading partners who engage in negotiations with the U.S. to mitigate the national security risks posed by wood imports may have the opportunity to find alternatives to the impending tariff increases that are scheduled for January 1, 2026.

Additionally, the Proclamation mandates that the Commerce Secretary monitor wood product imports and deliver a report by October 1, 2026, assessing whether further actions, such as expanding duties to cover additional hardwoods and their derivative products, are warranted.

Conclusion

As with prior Section 232 actions, this Proclamation reflects the administration’s use of national security authorities to adjust imports, incentivize domestic production, and address supply chain vulnerabilities. Companies should assess their exposure to the new tariffs, plan for scheduled duty increases, and closely monitor ongoing trade negotiations and potential regulatory adjustments. Supply chain stakeholders may also face further disruption if additional wood products are brought within the scope of the duties.

For a lessee of commercial real property, a landlord’s Chapter 11 filing may raise questions about the status of the lease and the tenant’s rights in the bankruptcy. While the Bankruptcy Code provides the debtor landlord with powerful tools, it also affords tenants special rights designed to provide stability and predictability.

This article discusses the critical rights available to a tenant whose landlord has filed for bankruptcy. To access this article and read other insights from our Creditor’s Rights Toolkit, please click here.

State attorneys general increasingly impact businesses in all industries. Our nationally recognized state AG team has been trusted by clients for more than 20 years to navigate their most complicated state AG investigations and enforcement actions.

State Attorneys General Monitor analyzes regulatory actions by state AGs and other state administrative agencies throughout the nation. Contributors to this newsletter and related blog include attorneys experienced in regulatory enforcement, litigation, and compliance. Also visit our State Attorneys General Monitor microsite.

Contact our State AG Team at StateAG@troutman.com.

Troutman Pepper Locke Spotlight

New York’s FAIR Act: A Game-Changer for Regulatory Enforcement and Litigation

By Stephen C. Piepgrass, Joseph DeFazio, William D. Foley, Jr., Chris Willis, and Michael Yaghi

In this crossover episode of The Consumer Finance Podcast and Regulatory Oversight, Chris Willis is joined by Joseph DeFazio, Bill Foley, and Michael Yaghi to discuss the implications of New York’s FAIR Act, a significant amendment to the state’s UDAAP statute. The FAIR Act aims to broaden consumer protection by lowering the threshold for legal action against unfair and abusive business practices. With expanded enforcement powers for the state, this legislation could dramatically increase litigation risks for financial services companies operating in New York if the governor signs the bill. Tune in to understand how this legislative shift might affect the industry and what steps businesses can take to prepare.

Compliance and Enforcement in Consumer Financial Services: Navigating the Changing Landscape of Federal and State Oversight

By Troutman Pepper Locke State Attorneys General Team

Register Here
Wednesday, October 29 | 1:00 – 3:10 p.m. ET

Mike Yaghi and Lane Page, members of Troutman Pepper Locke’s State Attorneys General practice, along with Stefanie Jackman, Chris Willis, and Caleb Rosenberg from the Consumer Financial Services practice, will participate in an upcoming CLE webinar with myLawCLE. They will analyze the evolving roles and enforcement priorities of federal and state regulatory agencies, focusing on their impact on consumer financial services.

Illinois AG Settles Alleged Deceptive Practices, Banning Alternative Retail Electric Supplier From State and Securing $8.4M in Restitution

By Troutman Pepper Locke State Attorneys General Team

On September 5, Illinois Attorney General (AG) Kwame Raoul announced the resolution of ongoing litigation against Clearview Electric Inc., an alternative retail electric supplier accused of engaging in fraudulent, unfair, and deceptive business practices. Clearview Energy allegedly misled Illinois consumers into paying significantly higher rates for electricity compared to those who remained with their default public utility.

Dan Rayfield, Oregon

Dan Rayfield was elected as Oregon’s 18th attorney general (AG) in November 2024. He earned his undergraduate degree from Western Oregon University and his law degree from Willamette University College of Law, joining the Oregon State Bar in 2006. Rayfield spent 18 years in private practice, focusing on consumer protection cases, and served in the Oregon Legislature for a decade representing Corvallis.

During his legislative career, Rayfield served four years as co-chair of the Ways and Means Committee before being elected speaker of the House in 2022. As speaker, he oversaw the passage of measures related to public safety, education, health care, and economic development, including investments in Oregon’s semiconductor industry and housing. Rayfield’s priorities have included improving access to high-quality education, affordable health care, supporting small businesses, and enhancing public safety and accountability.

As AG, Rayfield continues to focus on public safety, consumer protection, election integrity, and legal advocacy for Oregon’s residents.

Oregon AG in the News:

Rayfield announced the launch of a new Economic Justice Section at the Oregon Department of Justice (DOJ). It will bring together Oregon DOJ’s antitrust, false claims, privacy, and consumer protection teams under one umbrella.
The Oregon DOJ, the Federal Trade Commission, and 18 other states reached a proposed settlement order with an allegedly deceptive charity fundraising scheme.
Rayfield warned Oregon residents about scammers stealing data from Electronic Benefit Transfer cards by placing skimmers on payment machines at stores across the state.

Upcoming AG Events

October: AGA | Human Trafficking Conference | Oxford, MS
October: RAGA | Senior Staff Retreat | Kiawah Island, SC
November: DAGA | Scottsdale Policy Conference | Scottsdale, AZ

For more on upcoming AG Events, click here.

Troutman Pepper Locke’s State Attorneys General team combines legal acumen and government experience to develop comprehensive, thoughtful strategies for clients. Our attorneys handle individual and multistate AG investigations, proactive counseling and litigation, and manage ancillary regulatory issues. Our successful approach has been recognized by Chambers USA, which ranked our practice as a leader in the industry.

Shutdown, again. This advisory helps contractors manage operations during this period.

First Step for Government Contractors and Companies Subject to US Export Controls.

Contractors should closely monitor their customer and regulatory agencies’ websites for shutdown guidance, as agencies like DoD, DOJ, and others have already issued instructions.[1] Each agency may have slightly different responses, so staying informed is crucial. Contractors should be particularly mindful of: (1) when contractors must halt work, (2) what work and costs are reimbursable during the shutdown, (3) cost-saving measures that comply with labor laws, and (4) the impact of future administrative delays on commercial operations.

What Stays Open? Essential Activities That Continue During a Government Shutdown.

During a government shutdown, contractors must decide whether to continue work or stop. A shutdown does not automatically suspend contractual obligations or government payments. According to DoD’s[2] recent September 2025 guidance, contracts are not terminated or paused unless new funding is needed, and the contract does not support an excepted activity.[3] Contractors should assess if their work requires new appropriations and whether they can access necessary government personnel and resources. If a contracting officer issues a stop work order, contractors must comply. Without such an order, contractors must determine if their contract supports excepted government activities and review how it is funded before proceeding.

Does Your Contract Qualify to Support Activities Excepted from the Anti-Deficiency Act?

Determining whether your contract supports activities excepted from the Anti-Deficiency Act (ADA) is crucial during a government shutdown. The ADA generally prohibits federal agencies from incurring obligations or making expenditures in excess of appropriations, but it allows for specific exceptions. The ADA permits four activities without appropriations in a shutdown scenario:

Contracts may continue if they support activities funded by multi-year or indefinite appropriations (e.g., a common indefinite appropriation is Social Security)
Statutorily authorized obligations that expressly permit obligations in advance of appropriations — such as those under the “Feed and Forage Act,”[4] which permits the DoD and Department of Homeland Security to contract for necessary clothing, fuel, quarters, transportation, subsistence, and, among others, medical supplies absent appropriation.
Activities authorized by “necessary implication” may proceed (e.g., emergency services, essential agency functions, distributing Social Security checks, etc.).
Obligations necessary to fulfill constitutional duties, including national security and foreign relations, are also excepted.[5]

If your contract is deemed necessary for these excepted activities, you may be required to continue performance, and new awards may be issued even during a shutdown. Contractors should consult agency-specific shutdown guidance and communicate with their contracting officers to confirm their contract’s status and ensure compliance with all legal requirements.

For work subject to the ADA, how is that contract funded?

If you haven’t received a stop work order and your contract isn’t for an excepted activity, the main issue is how your contract is funded. If it’s fully funded, you should keep working unless your contracting officer tells you otherwise. DoD Guidance states that contractors can continue work under contracts awarded before appropriations expired, up to the amount already obligated, regardless of whether the work supports excepted activities. This applies to other agencies as well. For contracts with multi-year or no-year appropriations, employees and contractors are generally expected to continue working.

Some contracts aren’t affected by federal funding gaps, such as those with Non-Appropriated Fund Instrumentalities, which use their own revenue, or contracts involving the sale of surplus government property, where payment comes from shared profits. Contracts funded by revolving or “no year” funds may also continue, but if they require federal deliveries or approvals, a shutdown could still halt work.

The greatest risk during a shutdown is for incrementally funded contracts subject to clauses like Availability of Funds or Limitation of Cost. If funding runs out or required notices can’t be given, contractors may end up working “at risk,” with no guarantee of payment.

A Shutdown’s Impact on Litigation and Administrative Deadlines.

Contractors and their counsel should not assume any deadline is waived or extended due to a shutdown. DoD Guidance states that “imminent or ongoing legal action” will continue, but actions depend on each court or tribunal’s approach. Contractors should monitor public announcements and consult the specific forum’s guidance.[6] Unless clear instructions state otherwise, assume all deadlines remain in effect.

Additional Shutdown Complications

The shutdown presents practical challenges that can disrupt contract performance, even for fully funded agreements. Many federal facilities will close, and employees will be furloughed, making it difficult to deliver contract items or obtain required government approvals. Contractors may find themselves unable to perform if no federal personnel are available to supervise, inspect, or accept deliverables. The ADA prohibits federal employees from working without pay, so contractors should not expect communication from furloughed staff. If your contract relies on access to federal facilities or personnel, you may face significant delays regardless of funding.

Additionally, many agencies face previously mounting administrative burdens and possible layoffs due to an announced potential reduction in force (RIF), which a prolonged shutdown could worsen. A recent OMB memo directs agencies to prepare for a RIF if funding lapses, programs lack alternative funding, and are not aligned with presidential priorities.[7] Companies should expect delays except for national security or foreign policy matters, and monitor for violations. A RIF may significantly impact agencies and industries during, and even after, the shutdown.

To manage these risks, maintain close contact with your contracting officer, as only they can provide authoritative guidance. If unavailable, consult the Office of Management & Budget’s shutdown guidance, which refers contractors to the agency-specific contingency plans available on each agency’s website for details on excepted activities and available services.[8]

Reimbursement for Work During the Shutdown

The ADA generally prevents government liability during a shutdown, but Congress often retroactively pays federal employees. Contractors, however, should not expect similar treatment, as outsourcing allows the government to shed liabilities quickly. Fully funded contracts or those supporting excepted activities can be reimbursed for work performed during a shutdown, but contractors may face increased costs or delays. These should be documented and discussed with the contracting officer, and claims or requests for equitable adjustment may be necessary.

Reimbursement is more complex for (1) contracts under stop work orders or (2) nearing their obligated funding limits (working “at risk). Both scenarios are addressed below.

Cost Recovery for Contracts Under A Stop Work Order

Once a stop work order is issued, contractors must immediately comply and take all reasonable steps to minimize costs, as outlined in FAR 52.242-15. This can be challenging, especially if all work is halted, leaving little room to reassign resources. Contractors may face tough choices between shutting down operations or maintaining capacity, each with risks for future performance and cost disputes. The contracting officer decides if cost minimization was sufficient, and contractors can file a claim if they disagree.

Thorough documentation and communication with the contracting officer are essential, though access may be limited during a shutdown. When the stop work order is lifted, the government must provide an equitable adjustment to the contract’s schedule or price if the order increased costs or time, provided the contractor requests it within 30 days. For cost reimbursement contracts, adjustments may also include estimated costs and fees.

To secure any adjustment, contractors should carefully track and document all costs, delays, and actions taken during the stop work period.

Working “At Risk” in Contracts Subject to Limitation of Funds or Similar Provisions

For contracts subject to a Limitation of Funds or similar provision, the government cannot pay for work performed or costs incurred beyond the amount already obligated. Any work done after reaching the funding limit is deemed “at risk,” thus, the government is not required to retroactively reimburse those costs. While the government may choose to pay for such work, it is not obligated to do so, providing it significant discretion and leverage. Unlike a stop work order, there is no contractual right to an equitable adjustment due to insufficient funding.

Contractors should generally avoid performing work at risk, but this may be unavoidable during a government shutdown. In such cases, contractors must decide whether to halt operations, risking future performance issues, or continue working with the possibility of nonpayment. If work at risk is necessary, contractors should document all actions and costs, and consult with their contracting officer and legal counsel to determine if reimbursement is possible.

If continuing work at risk, contractors should submit invoices and request written commitments from the contracting officer regarding payment. Depending on the situation, a formal request for equitable adjustment may also be needed.

Navigating Cost Savings and Employment Law Challenges

During a government shutdown, contractors often consider cost-saving measures to offset lost revenue, especially when contracts face stop work orders, funding lapses, or unavailable government personnel. Any action—such as furloughs, pay reductions, or layoffs—must comply with the Fair Labor Standards Act (FLSA), state law, and Department of Labor regulations. For non-exempt employees, employers may reduce hours or furlough staff without pay for time not worked. Exempt employees, however, should only be furloughed in full-week increments to preserve their exempt status. Employers must ensure no work is performed during furloughs, as any work triggers pay obligations. Furloughed employees may qualify for unemployment benefits, and extended furloughs can impact eligibility for health or retirement benefits. Pay reductions are allowed if they meet minimum wage and FLSA requirements, and advance notice may be required under state law. Employers may also require use of accrued paid leave or seek volunteers for unpaid leave. Temporary reassignment and layoffs are options, but layoffs must comply with the WARN Act[9] and state notice laws. Documentation and legal compliance are critical throughout.

National Security Enforcement, Licensing, and Administrative Processing Considerations

During a government shutdown, and except for urgent matters involving national security or foreign policy, companies should expect significant delays from agencies like the U.S. Department of Commerce’s Bureau of Industry and Security (BIS), the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC), the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), the Committee on Foreign Investment in the United States (CFIUS), and the U.S. Department of Justice (DOJ) National Security Division. Most routine licensing, classification, and advisory services will likely be suspended, though enforcement actions will most likely continue. For instance, excepted employees will keep working on export controls, sanctions, and urgent CFIUS matters. Further, criminal investigations will continue as a matter of course; as such, companies should stay attentive and report potential violations during the shutdown. Additionally, CFIUS review periods will be extended in limited circumstances, and new filings may not be processed. Agencies may operate minimally if funds are available, but federal contractor involvement could be impacted. Companies should continue to monitor internally for violations and check agency websites for updated guidance.

Conclusion

Federal contractors should maintain communication with contracting officers and regulators, monitor government decisions, document all actions, and seek legal counsel to ensure compliance and manage risks during a shutdown.

[1] E.g., DoD, Contingency Plan Guidance for Continuation of Operations in the Absence of Appropriations (Updated) (Sep. 2025); DOJ, U.S. Department of Justice FY 2026 Contingency Plan (Sep. 29, 2025).

[2] A.k.a., The Department of War under the current Trump Administration.

[3] DoD, Contingency Plan Guidance for Continuation of Operations in the Absence of Appropriations (Updated) (Sep. 2025).

[4] 41 U.S.C. § 11.

[5] See 43 Op. Att’y Gen. 293 (1981), at https://www.energy.gov/sites/prod/files/2013/10/f3/Shutdown.OLC_.1981.general.pdf; Supp. Att’y Gen. Memo. (Aug. 16, 1995), at https://www.justice.gov/sites/default/files/olc/opinions/attachments/2014/11/10/1995-08-16-lapse-in-appropriations.htm.

[6] For instance, as of October 1, 2025, the Government Accountability Office has notified the Bar of its closure, and across the board, a day for day tolling of protest-related filing deadlines. See Bid Protests | U.S. GAO (“NOTICE CONCERNING GOVERNMENT ACCOUNTABILITY OFFICE (GAO) BID PROTESTS 1. GAO is closed due to a lapse in appropriations. This includes the GAO bid protest office . . . .). Whereas, the Armed Services Board of Contract Appeals (ASBCA) and Civilian Board of Contract Appeals (CBCA) are open to receiving new appeals but litigation deadlines may be affected for already pending appeals. See ASBCA, https://www.asbca.mil/ (“In response to the Federal Government’s current shutdown, the ASBCA has furloughed all non-essential personnel. However, we are open to receive new appeal filings via email and we expect parties to continue to submit timely notices of appeal, regardless of the shutdown. Please continue to send all notices of appeal to asbca.recorder@mail.mil. If you are a party in an appeal that has already been submitted to the Board with a filing or other non-filings (i.e., discovery, reports, depositions, etc.) due during the government shutdown, please be advised that these due dates will be suspended for the duration of the government shutdown. All filing due dates and appeal schedules will be updated once the government returns to an open status . . . .), and CBCA, https://www.cbca.gov/ (“The Civilian Board of Contract Appeals (Board) will remain open for the purpose of accepting electronic, in-person, courier, and express mail submissions during the appropriations lapse. All hearings and conferences scheduled to occur during the lapse in appropriations are canceled. Any statutory limitations on the time within which a filing must be made will not be waived or tolled during the appropriations lapse. With the exception of statutory deadlines, each judge has the discretion to modify the deadlines established in a specific case that occur during and after the lapse in appropriations . . . .).

[7] OMB, Special Instructions for Agencies Affected by a Possible Lapse in Appropriations Starting on October 1, 2025 (Sep. 2025).

[8] White House, https://www.whitehouse.gov/omb/information-resources/guidance/miscellaneous/ (stating “[i]n accordance with Circular A-11, agency contingency plans for a lapse in appropriations are hosted solely on each agency’s website) (last accessed Sep. 30, 2025).

[9] 29 U.S.C. §§ 2101-2109.

On September 30, 2025, the new Texas Stock Exchange (TXSE) announced that the SEC approved its Form 1 registration statement, officially approving the exchange. Accordingly, the TXSE is now officially a recognized national securities exchange, similar to the Nasdaq Stock Market and the New York Stock Exchange, both of which the TXSE has expressly targeted as its main competitors in past public statements. In the TXSE’s own words, this makes it the “first fully integrated national securities exchange to receive SEC approval in decades” offering, within a single platform, a comprehensive suite of services, including listing standards, trading, clearing, settlement, and market data.

In its order approving the TXSE’s Form 1 registration statement, the SEC noted that it had received a number of comment letters that it considered in making its decision, citing letters from political officeholders like Senator Ted Cruz and Senator John Cornyn, as well as representatives of significant market participants, like Fortress Investment Group, Citadel Securities and Summit Financial Group, and scholars at academic institutions like the University of Texas at Austin and Northwestern University, in their individual capacity. Some of the commenters expressed hope that added competition would potentially cause existing exchanges to lower their fees and generally enhance capital formation and increase efficiency, while another asserted that a new exchange would simply add to market fragmentation and complicate infrastructure. The SEC approved the TXSE’s application stating that the TXSE’s rules are consistent with the Securities Exchange Act of 1934, which requires, among other things, fair representation of the TXSE’s exchange members on its board, that the rules be designed to prevent fraudulent and manipulative practices, and to perfect the mechanisms of a free and open market and a national market system.

Despite the much-publicized push by Texas to challenge Delaware’s primacy as a corporate home jurisdiction, the SEC order notes that the TXSE is organized as a Delaware limited liability company that is wholly owned by its sole member, TXSE Group Inc., a Delaware corporation. The SEC summarized the TXSE’s proposed governance structure and noted that, as a national securities exchange, it will be responsible for the operation and regulation of its trading system and the regulation of its members. Additionally, it noted that a condition to the TXSE’s approval is that it enter into a regulatory services agreement with FINRA under which FINRA will perform regulatory functions on behalf of the exchange, including the performance of investigation, disciplinary, and hearing services. As expected, the SEC order confirms that the TXSE will operate a fully automated order book, similar to Nasdaq, and will not maintain or operate a physical trading floor, as the NYSE does. Orders may be placed by TXSE members or users who have access agreements with TXSE members.

As we previously reported, the TXSE closely modeled its proposed rules on the rules of existing exchanges. This may have helped ease the path for the TXSE’s approval and, in fact, the SEC noted expressly in its order that “TXSE’s proposed initial and continuing listing standards for securities to be listed and traded on the Exchange are substantially similar to the current rules for the Nasdaq Global Select Market of Nasdaq, NYSE, or IEX.” The SEC also highlighted similarities with respect to the standards relating to the listing and delisting of companies and corporate governance. Because the SEC had previously found the rules of these other exchanges to be consistent with the securities laws, the SEC said that it was likewise finding the proposed TXSE rules to be similarly consistent with the law. Whether this substantial similarity in rulebooks is consistent with the TXSE’s public marketing, which boasts of reducing the burden on companies of going and staying public, is an open question.

In any event, the official regulatory approval of the TXSE marks an important and potentially significant event for the U.S. capital markets system and solidifies its timeline of launching in 2026.

* Brad Smutek, an associate with Troutman Pepper Locke who is not admitted to practice law in any jurisdiction, also contributed to this article.

The Pennsylvania Supreme Court recently confronted the issue of generative artificial intelligence (GenAI) in an order establishing policies for the use of GenAI by court personnel.[1] The new policies authorize court personnel to use GenAI within certain boundaries.[2] The policies, which take effect December 8, 2025, provide insight into how practitioners in Pennsylvania courts should approach the use of GenAI.

Background

The policies define GenAI as a catch-all term for “algorithms and/or computer processes that use artificial intelligence to generate text, audio, or images based on user prompts.”[3] We note this definition omits GenAI’s powerful capability to produce video content. It also makes no mention of burgeoning agentic AI tools that can act on the user’s behalf (including, theoretically, without the user’s express knowledge or approval).[4] The policies also distinguish “secured” AI systems, which do not retain data or documents, from “non-secured” AI systems, which do.[5] There are, however, AI systems that do retain data or documents while still keeping information confidential.

Regardless, when it comes to using GenAI in legal practice, confidentiality is paramount. Court personnel have access to a significant volume of non-public and sensitive information. The National Center for State Courts has emphasized that publicly available GenAI tools “may not offer sufficient privacy guarantees for court-related information.”[6] For example, OpenAI’s public ChatGPT does not provide adequate confidential protections: OpenAI collects personal data, and it may use that data (defined broadly to include user prompts and other uploaded content) to train its model or provide that data to third parties and government authorities.[7] On the other hand, GenAI tools built specifically for business or legal use may “provide appropriate safeguards for sensitive court data.”[8] For instance, OpenAI offers paid ChatGPT tools that claim to provide more robust confidentiality.[9] Similarly, Westlaw and Lexis each offer GenAI tools that promise to keep information secure and confidential.[10]

But confidentiality is not the only salient concern, GenAI tools also have a tendency to hallucinate, confidently providing responses—including case law citations—that prove to be inaccurate, misleading, or entirely fabricated. Earlier this year, for instance, Judge Kai N. Scott of the U.S. District Court for the Eastern District of Pennsylvania ordered sanctions against an attorney for citing hallucinated cases in motions to the court.[11] One database has counted hundreds of cases in which a party cited hallucinated cases.[12] A few judges across the U.S. have even released opinions relying on hallucinated caselaw.

Limitations aside, GenAI tools are becoming more commonly used by practitioners. But this ubiquity has not yet hit state judiciaries—a Thomson Reuters survey of state courts noted that “courts have generally been slow to adopt AI and generative AI.^[13] Seventy percent of survey respondents reported that their courts do not allow AI; even more said their courts provide no AI training at all.^[14] Courts are hesitant to adopt GenAI tools for a variety of reasons, including fears of technology overreliance, inaccuracies, job loss, and security breaches.^[15]

With this order, the Pennsylvania Supreme Court joins a growing list of high state courts issuing statewide guidance for court personnel. The supreme courts of Arizona, Connecticut, Delaware, Illinois, and Maryland have issued similar policies.[16] All emphasize the need to avoid entering confidential information into non-sequestered AI systems.[17] Some, like Maryland, list currently approved GenAI platforms. New Jersey took a different approach, declaring broad principles for GenAI use rather than specific policies.[18]

Some federal judges in Pennsylvania have already addressed the use of GenAI. For example, Judge Kelley B. Hodge allows parties to use GenAI as long as they comply with ethical rules and disclosure requirements.[19] Judge Michael M. Baylson requires parties to disclose their use of GenAI and certify their verification of each citation to the law.[20] But these judges are outliers: of the 31 district court and senior judges in the Eastern District of Pennsylvania, only three have addressed GenAI, according to Law360’s AI tracker;[21] only one district court judge in the Middle District of Pennsylvania has created a similar order;[22] none in the Western District of Pennsylvania have done so. It is worth noting that some in the legal community debate the true necessity of these orders, arguing that “individualized standing orders are unnecessary, create unintended confusion, impose unnecessary burden and cost, and deter the legitimate use of GenAI applications that could increase productivity and access to justice.”[23] Those practitioners feel existing ethical duties and rules of civil procedure create sufficient mechanisms for punishing lawyers who fail to take appropriate care and to oversee the accuracy of their court filings, regardless of how they are generated.[24]

The Guidelines

Turning to the new guidelines, court leadership must first approve the use of a particular GenAI tool within their court.[25] They must ensure, through vendor contracts and tool policies, that the GenAI tool will keep information “confidential and privileged.”[26] Court personnel should presume that information entered into non-secured systems will not be treated as confidential and privileged.[27] Before using GenAI, court personnel must become and remain knowledgeable about GenAI’s “capabilities and limitations,” like hallucinations, biases, and inaccuracies.[28]

So, how can court personnel leverage approved GenAI tools? They may use such GenAI tools to assist with a broad range of tasks, including summarizing documents, conducting preliminary legal research, and drafting and editing their own work. But the user remains ultimately responsible for the completeness and accuracy of their work product. Pennsylvania courts may also “provide interactive chatbots or similar services to the public and self-represented litigants.”[29]

Takeaways

Though the order applies to court personnel, it may signal new standards for practitioners in Pennsylvania courts moving forward. Attorneys may use suitable GenAI tools to help with preliminary research and drafting, but they should never take a backseat. The professional obligations to keep client confidences and to exercise candor toward the tribunal do not go away when using GenAI. One should always diligently review a GenAI tool’s output for accuracy. Practitioners should also pay close attention to their GenAI tool’s confidentiality policies to ensure protection of client information—assume that free, publicly available GenAI tools may not provide adequate confidentiality protections. As GenAI adoption grows, courts and firms will increasingly enact responsible AI use policies and procedures to help educate practitioners and promote compliance. Practitioners should expect that Pennsylvania courts will increase scrutiny of filings for any improper use of GenAI and react sternly to blatant violations.

[1] Order, In re: Interim Policy on the Use of Generative Artificial Intelligence by Judicial Officers and Court Personnel (No. 643) (Pa. Sept. 9, 2025), https://www.pacourts.us/assets/opinions/Supreme/out/Order%20Entered%20-%20106502825326189062.pdf?cb=1.

[2] Interim Policy on the Use of Generative Artificial Intelligence by Judicial Officers and Court Personnel, https://www.pacourts.us/assets/opinions/Supreme/out/Attachment%20-%20106502825326188944.pdf?cb=1 (“Interim Policy”).

[3] Id. at 1.

[4] See, e.g., The Rise—and Risks—of Agentic AI, PwC (July 17, 2025), https://www.pwc.com/us/en/industries/tmt/library/trust-and-safety-outlook/rise-and-risks-of-agentic-ai.html.

[5] Interim Policy at 1.

[6] Thomson Reuters Institute & Nat’l Ctr. for State Courts AI Pol’y Consortium for L. and Cts, Staffing, Operations, and Tech, Principles and Practices for Using AI Responsibly and Effectively in Courts: A Guide for Court Administrators, Judges, and Legal Professionals 3 (2025), https://nationalcenterforstatecourts.app.box.com/s/b9f0iesp1k6au4ab3qwop4m71jazywjy.

[7] Privacy Policy, OpenAI (July 27, 2025), https://openai.com/policies/row-privacy-policy/.

[8] Thomson Reuters Institute & Nat’l Ctr. for State Courts AI Pol’y Consortium for L. and Cts, Staffing, Operations, and Tech, Principles and Practices for Using AI Responsibly and Effectively in Courts: A Guide for Court Administrators, Judges, and Legal Professionals 3 (2025), https://nationalcenterforstatecourts.app.box.com/s/b9f0iesp1k6au4ab3qwop4m71jazywjy.

[9] Privacy Policy, OpenAI (July 27, 2025), https://openai.com/policies/row-privacy-policy/ (“This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings”).

[10] See Murphy Foss, Tess Felter, & Connor Catalano, Answers to Questions about Using Generative AI to Practice Law, N.D.N.Y. Federal Court Bar Association (Oct. 7, 2024), https://ndnyfcba.org/answers-to-questions-about-using-generative-ai-to-practice-law/; How In-House Lawyers Can Use the Power of AI on Westlaw Precision with CoCounsel, Thomson Reuters (Oct. 8, 2024), https://legal.thomsonreuters.com/blog/how-in-house-lawyers-can-use-the-power-of-ai-on-westlaw-precision-with-cocounsel/.

[11] Bunce v. Visual Tech. Innovations, Inc., No. 23-1740, 2025 U.S. Dist. LEXIS 36454 (E.D. Pa. Feb. 27, 2025); see also Daniel Wu, Lawyers Using AI Keep Citing Fake Cases in Court. Judges Aren’t Happy., The Washington Post (June 3, 2025), https://www.washingtonpost.com/nation/2025/06/03/attorneys-court-ai-hallucinations-judges/.

[12] See AI Hallucination Cases, Damien Charlotin, https://www.damiencharlotin.com/hallucinations/.

[13] Thomson Reuters Institute & Nat’l Ctr. for State Courts AI Pol’y Consortium for L. and Cts, Staffing, Operations, and Tech.: A 2025 Survey of State Courts 3 (2025), https://www.thomsonreuters.com/en-us/posts/wp-content/uploads/sites/20/2025/06/Staffing-Operations-and-Technology_2025-survey-of-State-Courts.pdf.

[14] Id. at 20.

[15] Id. at 21.

[16] See, e.g., Use of Generative Artificial Intelligence and Large Language Models (Ariz. Oct. 30, 2024), https://www.azcourts.gov/Portals/0/0/admcode/pdfcurrentcode/1-509%20Use%20of%20AI%20Tech%20and%20LLMs%2001_2025.pdf?ver=acMF-P2SER0dArzTQohBjQ%3D%3D; Artificial Intelligence Responsible Use Framework (Conn. Feb. 1, 2024), https://www.jud.ct.gov/faq/CTJBResponsibleAIPolicyFramework2.1.24.pdf; In re: Interim Policy on the Use of Generative AI by Judicial Officers and Court Personnel (Del. Oct. 21, 2024), https://courts.delaware.gov/forms/download.aspx?id=266848; Illinois Supreme Court Policy on Artificial Intelligence (Ill. Jan. 1, 2025), https://ilcourtsaudio.blob.core.windows.net/antilles-resources/resources/e43964ab-8874-4b7a-be4e-63af019cb6f7/Illinois%20Supreme%20Court%20AI%20Policy.pdf; Guidelines for the Acceptable Use of Artificial Intelligence (AI) Tools and Platforms (Md. Apr. 15, 2024), https://nationalcenterforstatecourts.app.box.com/s/bytljb1w4dxhdvmd23fv5bsnu94rmh3q (listing OpenAI’s ChatGPT, Anthropic’s Claude, Microsoft’s Copilot, and Google’s Gemini as approved GenAI platforms, subject to approved uses).

[17] A “non-sequestered AI system” is one “in which the vendor does not protect the confidentiality of user input or prompt data.” Use of Generative Artificial Intelligence and Large Language Models (Ariz. Oct. 30, 2024), https://www.azcourts.gov/Portals/0/0/admcode/pdfcurrentcode/1-509%20Use%20of%20AI%20Tech%20and%20LLMs%2001_2025.pdf?ver=acMF-P2SER0dArzTQohBjQ%3D%3D.

[18] Statement of Principles for the New Jersey Judiciary’s Ongoing Use of Artificial Intelligence, Including Generative Artificial Intelligence (N.J. Jan. 23, 2024), https://www.njcourts.gov/sites/default/files/courts/supreme/statement-ai.pdf.

[19] Judge Kelley B. Hodge, Judicial Policies and Procedures, https://www.documentcloud.org/documents/24747951-hodge_policy/.

[20] Judge Michael M. Baylson, Standing Order Re: Artificial Intelligence (“AI”) in Cases Assigned to Judge Baylson, (E.D. Pa. June 6, 2023), https://www.paed.uscourts.gov/sites/paed/files/documents/procedures/Standing%20Order%20Re%20Artificial%20Intelligence%206.6.pdf.

[21] Tracking Federal Judge Orders on Artificial Intelligence, Law360, https://www.law360.com/pulse/ai-tracker.

[22] See Judge Karoline Mehalchick, Civil Practice Order: Use of Generative Artificial Intelligence (M.D. Pa. Aug. 19, 2024), https://www.documentcloud.org/documents/25114516-judge-mehalchick-genai-order-81924/.

[23] Maura M. Grossman, Paul W. Grimm, & Daniel G. Brown, Is Disclosure and Certification of the Use of Generative AI Really Necessary?, 107 Judicature 69, 76 (2023), https://judicature.duke.edu/wp-content/uploads/sites/3/2023/10/AIOrders_Vol107No2.pdf.

[24] Id.

[25] “Court leadership” includes “the Chief Justice of Pennsylvania, the President Judge of each appellate court and judicial district, and the Court Administrator of Pennsylvania, or their designees.” Interim Policy at 1.

[26] Id. at 6.

[27] Id.

[28] Id. at 5.

[29] Id. at 4.

* Tony Pappas, an associate with Troutman Pepper Locke who is not admitted to practice law in any jurisdiction, also contributed to this article.

On September 10, the U.S. Department of Defense (DOD) posted its final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program for defense acquisitions.[1] This new rule (acquisition rule) updates the Defense Federal Acquisition Regulation Supplement (DFARS) and imposes new cybersecurity requirements on defense contractors who handle (store, process, or transmit) sensitive information during contract performance.

1. Key Takeaways for Defense Contractors

The CMMC program will begin its four-phase implementation for defense contracts and solicitations (except contracts exclusively for commercially available off-the-shelf items) on November 10.
Defense contractors and their subcontractors will need to verify their compliance with cybersecurity standards through the CMMC program’s new assessment and affirmation framework if their contracts or solicitations require them to store, process, or transmit federal contract information (FCI) or controlled unclassified information (CUI) on the contractors’ information systems.
Contractors who are not actively working toward CMMC compliance are at risk of losing future contract opportunities in the defense market.

2. The CMMC Program Under 32 C.F.R. 170

Industry stakeholders have been anticipating the acquisition rule since DOD codified the CMMC program under 32 C.F.R. Part 170, CMMC Program, on December 16, 2024 (program rule). This program is part of DOD’s initiative to strengthen the defense industrial base’s cybersecurity practices and protect FCI and CUI. By complying with CMMC requirements, defense contractors and vendors assure DOD that they are maintaining adequate standards for safeguarding sensitive information. The program rule accomplishes these goals by requiring contractors to assess and certify contractor information systems before contract award.

CMMC Levels and Assessment Requirements

Under the CMMC program, contractor information systems must pass a cybersecurity assessment to certify them for handling sensitive information. Each certification level (CMMC level) requires a different assessment and assessment method. DOD determines the CMMC level required for the contract and will include that information in the solicitation. There are three CMMC levels with escalating assessment requirements. Below are the general requirements[2] by CMMC level:

Level 1: Basic Safeguarding of FCI. A CMMC Level 1 is required to store, process, or transmit FCI. For CMMC Level 1, contractors must conduct an annual self-assessment to demonstrate compliance with all the security requirements set out in Federal Acquisition Regulation (FAR) 52.204-21, Basic Safeguarding of Covered Contractor Information Systems. After self-assessment, contractors must report the results by posting them on the Supplier Performance Risk System (SPRS).
Level 2: Protection of CUI. A CMMC Level 2 is required to store, process, or transmit CUI. A CMMC Level 2 requires compliance with the 110 security requirements set out in NIST SP 800-171 Rev. 2. Contractors may satisfy Level 2 requirements either by conducting an annual self-assessment (CMMC Level 2 (Self)) or through an outside assessment conducted by a certified third-party assessment organization (C3PAO). The solicitation will specify the required assessment method. C3PAO assessments must be conducted every three years.
Level 3: Higher-Level Protection of CUI Against Advanced Persistent Threats. A CMMC Level 3 is required when DOD determines the need for higher-level protection of CUI. To achieve CMMC Level 3, the contractor information system must first achieve a CMMC Level 2 status through a C3PAO assessment. After CMMC Level 2, the information system must undergo an additional assessment conducted by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) to ensure compliance with 24 requirements from NIST SP 800-172. DIBCAC assessments must be conducted every three years. Note that it is not clear what CUI will trigger CMMC Level 3 requirements, though it is likely related to the national security nature and sensitivity of the information.

Conditional CMMC Status and POAMs

If a contractor information system does not meet all the requirements during an assessment, a conditional CMMC status may be available in certain instances. For a conditional CMMC Level 2 or 3 status, the contractor may use a plan of action and milestones (POAM) to track remediation and cure the deficiency within 180 days. Importantly, under DFARS 204.7502, Procedures, a contract award can occur with a conditional CMMC level.

However, there are limitations to conditional CMMC statuses. A contractor must close out a POAM within 180 days to achieve a final CMMC status, or their conditional status will be lost. Further, POAMs are not available for CMMC Level 1. Contractors should also note that eligibility for a conditional CMMC status is based on achieving a minimum score and satisfying all “critical requirements” on the initial assessment.[3]

CMMC Unique Identifiers

Contractor information system assessments are reported in DOD’s SPRS. SPRS generates a CMMC unique identifier (UID) for each contractor CMMC assessment it receives. When a contract requires a CMMC level, an offeror must include a list of their applicable UIDs with their proposal. Contractors must also update their UID list when new codes are generated by SPRS.

Current Affirmation of Continuous Compliance

In addition to achieving a CMMC level, contractors must also “affirm” their continuing compliance with their assessment’s requirements.[4] The contractor’s affirming official (the contractor’s senior representative responsible for CMMC program compliance) must submit an affirmation electronically in SPRS upon achieving a CMMC level, and annually thereafter. In the event of a cybersecurity incident, contractors will continue to follow the reporting requirements found in DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.

Subcontractor Flowdown

Subcontractors must also adhere to CMMC requirements when they are required to handle FCI or CUI on their subcontractor information systems. However, as the subcontractor is not in privity with the government, the prime contractor is responsible for ensuring that subcontractors comply with the CMMC program before contract award and during performance. Unfortunately, SPRS does not allow contractors to view SPRS data other than their own. Therefore, prime contractors and subcontractors must develop the mechanisms to monitor CMMC compliance throughout their supply chain to prevent issues. For more information on subcontractor compliance, see 32 C.F.R. 170.23, Application to Subcontractors.

3. CMMC Implementation for Defense Acquisitions

Applicability of CMMC Requirements on Acquisitions

The acquisition rule, as a DFARS rule, only applies to DOD acquisitions. Contractors engaged in contracts with non-DOD agencies should refer to the acquisition procedures of those organizations to assess their cybersecurity requirements. Further, CMMC requirements only apply to contracts where the contractor will handle FCI or CUI on contractor information systems during contract performance. Note there is an exclusion for awards solely for the acquisition of commercially available off-the-shelf (COTS) items.[5] In those limited cases, CMMC requirements do not apply.

Phased Implementation of the CMMC Program Under the DFARS

To minimize the financial impacts and disruption to the industrial base, DOD is rolling out CMMC requirements in four phases. During the first three years after the acquisition rule becomes effective (November 10), the DOD will have discretion to add CMMC requirements to certain contracts. DOD’s four-phase implementation consists of the following:

Phase 1: Begins on November 10. DOD will begin requiring CMMC Level 1 and Level 2 self-assessments for applicable contracts and solicitations.
Phase 2: Begins one year after Phase 1. DOD will begin requiring CMMC Level 2 (C3PAO) for applicable contracts and solicitations.
Phase 3: Begins one year after Phase 2. DOD will begin requiring CMMC Level 3 (DIBCAC) for applicable contracts and solicitations.
Phase 4: Begins one year after Phase 3. DOD will fully implement the CMMC program on applicable contracts and solicitations.

Note that the DOD has retained discretion to delay or advance higher CMMC requirements at each phase of implementation. For more on the DOD’s phased plan for CMMC implementation, see 32 C.F.R. 170.3, Applicability.

CMMC DFARS Clauses.

The acquisition rule creates two new DFARS clauses that implement the CMMC in the DOD acquisition process:

DFARS 252.204-7025, Notice of Cybersecurity Maturity Model Certification Level Requirements. This is the CMMC solicitation provision that notifies offerors of a potential contract’s CMMC requirements. This provision will identify the CMMC level (CMMC Level 1 (Self); CMMC Level 2 (Self); CMMC Level 2 (C3PAO); or CMMC Level 3 (DIBCAC)) required for each contractor information system that will be handling sensitive information during contract performance. This provision also states that offerors who do not have both a current CMMC level assessment and an affirmation of continuous compliance in SPRS will not be eligible for contract award. This clause also contains POAM closeout requirements for contractors with a conditional CMMC status. Finally, this clause requires offerors to provide a list of their UIDs (generated by SPRS) with their proposal and to update that list as new UIDs are generated.
DFARS 252.204-7021, Contractor Compliance With the Cybersecurity Maturity Model Certification Level Requirements. This is the clause that will appear in the contract itself and will similarly specify the CMMC level requirement. In addition to requiring contractors to have and maintain the requisite CMMC level, this clause also requires contractors to flow down CMMC requirements to subcontractors who will handle sensitive information on subcontractor systems. This clause also restricts contractors to using information systems with the requisite CMMC level or higher for handling FCI or CUI.

4. Expected Impact and Takeaways.

The DOD estimates that CMMC program requirements will affect approximately 337,968 total contractors and subcontractors by the fourth year of the program’s implementation.[6] The DOD also anticipates the greatest concentration of CMMC level requirements will occur at CMMC Level 1 (62% of contractors) and Level 2 Certificate with a C3PAO assessment (35%). While the phased implementation of the CMMC program may soften its initial impact this November, preparation of full implementation is crucial. The CMMC program is on track to become an integral part of the DFARS, and contractors must be proactive with the new cybersecurity framework to remain competitive in the defense acquisition market.

Recommendations on Next Steps

Noncompliance with CMMC requirements will impact defense contract awards. To remain competitive, contractors should anticipate the CMMC level they will need for future contracts. Current contractors may look to past contract awards and the level of sensitive information they handled in those instances. Contractors should also develop a strategy for evaluating and remediating their information systems to pass the requisite assessment.
Contractors must not only achieve compliance to be eligible for contract award but also maintain compliance through the performance of the contract. Contractors should develop internal procedures for monitoring and reporting cybersecurity information to the affirming official. This will help ensure annual SPRS affirmations are both timely and accurate.
Depending on the nature of the contract, contractors must verify their subcontractors’ CMMC compliance prior to award and during performance. Discussions about CMMC level, compliance oversight, and reporting should begin early in the contractor-subcontractor relationship. Subcontractors should also be prepared to verify their compliance during negotiations.

[1] For the final rule, as well as the DOD’s responses to public comments, visit the Federal Register‘s website.

[2] See U.S. Dep’t of War Chief Info. Officer, About CMMC, https://dodcio.defense.gov/cmmc/About/ (last visited Sep. 16, 2025).

[3] See 32 C.F.R. 170.21, Plan of Action and Milestones requirements.

[4] See 32 C.F.R. 170.22, Affirmation.

[5] See Federal Acquisition Regulation 2.101, Definitions, for COTS definition.

[6] See Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements, 90 Fed. Reg. 43560, 43573 (Sep. 10, 2025) (to be codified in 48 C.F.R. pts. 204, 212,217, 252).

The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) has launched a Section 232 national security investigation into imports of personal protective equipment (PPE), medical consumables, and medical equipment, including devices.

The probe aims to assess whether these imports threaten U.S. national security, potentially paving the way for new tariffs or import restrictions. Public comments are being solicited until October 17, 2025, as the Trump administration accelerates its trade agenda.

President Trump has signaled the possibility of sweeping new tariffs across multiple sectors, from pharmaceuticals to furniture, trucks, and more, slated to begin October 1, albeit with potential carve-outs and trade partner exceptions (notably for the EU and Japan).

What Is Section 232 and Why Now?

Section 232 of the Trade Expansion Act of 1962 empowers the president to impose tariffs or other restrictions on imports to protect national security. The law has been a cornerstone of President Trump’s trade policy. The administration has revived and expanded this tool, initiating investigations into more than a dozen sectors, from semiconductors and pharmaceuticals to timber, automobiles, and automotive parts.

The medical supplies investigation, initiated by the commerce secretary on September 2, 2025, comes amid heightened concerns over supply chain vulnerabilities exposed during the COVID-19 pandemic. As detailed in the Federal Register notice, this probe excludes pharmaceuticals, such as prescription drugs and biologics, which are under a separate Section 232 review launched earlier this year. Instead, it focuses on critical health care items essential for patient care and pandemic response.

Scope of the Investigation: What’s Covered?

The investigation defines the categories broadly to capture a wide range of health care imports:

PPE: Items used in health care settings, including surgical masks, N95 respirators, gloves, gowns, and related components.
Medical Consumables: Single-use or short-term items for diagnosis, treatment, and prevention, such as syringes, needles, IV bags, catheters, sutures, diagnostic reagents, and anesthesia equipment. (Pharmaceuticals are explicitly excluded.)
Medical Equipment: Durable tools like wheelchairs, crutches, and hospital beds.
Medical Devices: Instruments for diagnosis, monitoring, or treatment, including pacemakers, insulin pumps, stents, hearing aids, prosthetics, blood glucose monitors, CT scanners, MRI machines, ventilators, and X-ray equipment.

BIS emphasizes that the probe will evaluate dependencies on foreign suppliers, particularly from major exporters, and risks like export restrictions or “weaponization” of supply chains by adversarial nations.

Key Issues for Public Comment

BIS is particularly interested in data and analyses addressing 12 specific criteria from the National Security Industrial Base Regulations (15 CFR Part 705), including:

Current and projected U.S. demand for these items.
Domestic production’s ability to meet that demand.
Role of foreign supply chains in fulfilling U.S. needs.
Concentration of imports from a few suppliers or countries and associated risks.
Impact of foreign subsidies and predatory practices on U.S. competitiveness.
Economic effects of artificially low prices from unfair trade.
Potential for foreign export bans or supply manipulation.
Feasibility of boosting domestic capacity to reduce import reliance.
Effects of existing trade policies and the need for new measures like tariffs or quotas.
Risks of foreign control over supply chains.
Ability of foreign entities to exploit attributes of imported goods.
Any other relevant factors.

This investigation could lead to tariffs on goods like surgical masks, blood glucose monitors, and wheelchairs, potentially by spring 2026. While Section 232 probes have a 270-day timeline, the Trump administration has expedited recent ones, such as copper tariffs implemented in just 144 days.

How to Submit Comments

Stakeholders, including manufacturers, importers, health care providers, and trade groups, can submit comments via Regulations.gov under docket BIS-2025-0258 (RIN 0694-XC134). Submissions must be received by October 17, 2025. Business confidential information should be marked accordingly, with a public version provided. No public hearing is planned, consistent with recent Section 232 processes.

An Illinois district court found that an Arkansas state law requiring Employee Retirement Income Security Act (ERISA) plans to report certain prescription drug compensation-related information regarding their pharmacy benefit managers (PBMs) was not preempted by ERISA. See Central States, Southeast and Southwest Areas Health and Welfare Fund et al. v. McClain. Arkansas Insurance Department Rule 128 (Rule 128) provides state-level regulation of PBMs and mandates that health benefit plans and health care payors disclose certain information regarding the compensation programs of PBMs (the reporting requirement). Information obtained from the reporting requirement is used to determine if the pharmacy compensation programs are “fair and reasonable.” If a pharmacy compensation program is deemed unfair or unreasonable, the commissioner may require the health benefit plan to pay an additional pharmacy dispensing fee (the dispensing fee requirement). Rule 128 prohibits health benefit plans from requiring subscribers (participants in self-funded ERISA health plans) to pay dispensing costs beyond the designated copay, coinsurance, and deductible amounts. A health care payor is defined to include health insurers, health maintenance organizations, and any other entity that provides or administers a self-funded benefit plan.

Despite Rule 128’s express reference to self-funded plans and imposition of a reporting requirement similar to one the Supreme Court found to be preempted by ERISA in Gobeille, the district court found that neither the reporting requirement nor the dispensing fee requirement were preempted by ERISA.

Court’s Analysis on ERISA Preemption

Central States, Southeast and Southwest Areas Health and Welfare Fund is a self-funded multiemployer welfare benefit plan governed by ERISA. The plaintiff argued that Rule 128 is preempted by ERISA because the rule: (i) imposes requirements directly on ERISA plans rather than simply regulating PBMs; (ii) governs a central matter of plan administration; and (iii) dictates plan design by prohibiting ERISA plans from requiring their Arkansas participants pay a higher amount for their prescription drugs to offset the higher dispensing fees.

In considering the plaintiff’s arguments, the court indicated that there are two categories of state laws that ERISA preempts — those that have a “reference to” ERISA plans and those that have an “impermissible connection with” ERISA plans. With respect to the argument that the reporting requirement refers to ERISA plans, the court found that the plaintiffs failed to state a claim because Rule 128 does not exclusively target ERISA plans. Instead, it applies to all health care payors, which includes health benefit plans, whether or not those plans fall within ERISA’s coverage, and other payors.

The court also rejected the argument that both the reporting requirement and the dispensing fee requirement have an impermissible connection with ERISA. With respect to the reporting requirement, the court held that because the reporting requirement’s purpose is incidental to Rule 128’s stated purpose of ensuring fair reimbursement for pharmacist and pharmacy services, the reporting requirement was not preempted by ERISA because it does not impede ERISA plan administration.

With respect to the dispensing fee requirement, the court determined that state laws affecting costs or incentives, but not mandating substantive coverage schemes, are not preempted by ERISA. The court characterized Rule 128 as a cost regulation statute, not a mandate on plan design, and held that its provisions do not compel plans into a specific coverage scheme. Additionally, the court noted that while Rule 128 prevents health benefit plans from requiring subscribers to pay dispensing costs outside of copays, coinsurance, and deductibles, it does not prohibit plans from increasing these amounts to offset any increased dispensing fees they must pay.

Analysis and Best Practices Going Forward

The court’s analysis of ERISA preemption of the reporting rule in particular seems to take Supreme Court precedent a step further than expected. For instance, the court cited Gobeille to support its finding that a state law must “exclusively” apply to ERISA plans in order to be preempted by ERISA. However, the state reporting requirement analyzed in Gobeille, which the Supreme Court found to be preempted, also applied to other payors and was not “exclusive” in the way this district court seemed to require for ERISA preemption. State laws are very rarely written to apply “exclusively” to ERISA plans, but they have still been found to relate to ERISA plans.

Similarly, the court analyzed whether the reporting requirement was “incidental to” the purpose of Rule 128, but the well-established standard is generally whether a state law is incidental to plan administration. Specifically, the standard states, “ERISA pre-empts a state law that has an impermissible “connection with” ERISA plans, meaning a state law that “governs . . . a central matter of plan administration” or “interferes with nationally uniform plan administration.” Gobeille v. Liberty Mut. Ins. Co., 577 U.S. 312, 320, 136 S. Ct. 936, 943 (2016). As a result, the court’s ruling lacks analysis regarding whether the reporting requirement interferes with nationally uniform plan administration or governs a central matter of administration.

We anticipate group health plans with participants in Arkansas will be tracking the costs incurred under the dispensing fee requirement and considering passing through the costs to the participants in Arkansas using a geographic differentiation in the plan for annual copays, coinsurance, and deductibles. Ultimately, we would expect the cost of health care coverage to increase due to the dispensing fee requirement.

If the court’s holding in this case is upheld and adopted by other jurisdictions, ERISA self-funded group health plans could be subject to a patchwork of state reporting schemes that would make plan administration increasingly difficult and complex, which is the exact opposite of the purpose of ERISA — to enable plan sponsors to have a uniform set of rules to follow to administer their plans across the U.S. and keep costs of administration down (thereby encouraging employers to offer plans in the first place). As we have seen since the state law PBM cases started, states are increasingly trying to enact laws targeting ERISA plans by careful drafting of state laws to include references to “all” health plans and “all” payors and imposing additional costs on operation. Protectionist laws such as this one lose sight of the objective of PBMs — to work to negotiate the best reimbursement rates with a view toward driving down the costs of prescription drug coverage — and pose the risk of inserting the government into the role of pricing health care, instead of allowing market forces to establish pricing.

Plan sponsors should continue to monitor developments in this case, including a potential appeal. In the meantime, plan sponsors who initially chose to forgo reporting under Rule 128 based on the reasonable assumption that the reporting component of the law would be held to be preempted by ERISA should consider whether to wait for an appeal (and with any luck, a Supreme Court decision of preemption) or to conservatively comply with the reporting requirement now unless and until there are future developments in this area.

Energy

Financial Services

Health Care + Life Sciences

Insurance + Reinsurance

Private Equity

Real Estate

Innovation

plus

Pro Bono

Alumni Network

Emerge

The Pepper Center

Learn + Connect

BLOG, Microsite + Podcast HUB

ACHIEVEMENTS