On January 8, 2025, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published finalized Security Requirements for Restricted Transactions as designated by the Department of Justice in the DOJ’s final rulemaking, each pursuant to Executive Order 14117 (Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern). The Requirements and DOJ rule will go into effect on April 8, 2025.
The FDA has announced a proposal to require a new nutrition label on the front of packages for most packaged foods. The label design, shown below, would give consumers readily visible information about a food’s saturated fat, sodium, and added sugars content—three nutrients the FDA states are directly linked with chronic diseases when consumed in excess.
The Extended Producer Responsibility (“EPR”) movement for packaging is growing in the U.S., marking a shift in how some states are approaching waste management and recycling. Rather than leaving municipalities to bear the full cost of waste management and recycling programs, states with EPR programs are poised to shift costs associated with building out recycling infrastructure to producers of products covered by EPR requirements. In 2024, there were significant legislative, regulatory, and programmatic developments in several states. We expect these trends to accelerate in 2025, as several programs reach the initial implementation phase of their EPR programs.
On January 8, 2025, the General Court of the Court of Justice of the European Union issued its judgment in the case of Bindl v Commission (Case T-354/22), ruling that the European Commission must pay damages to a German citizen whose personal data was transferred to the U.S. without adequate safeguards.
During the week of January 6, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into resolution agreements and corrective action plans with Elgon Information Systems, Virtual Private Network Solutions, LLC and USR Holdings, LLC for violations of the Health Insurance Portability and Accountability Act of 1996 Security Rule.
