Public Urged to Use Encryption for Mobile Phone Messaging and Calls

On December 4, 2024, four of the five members of the Five Eyes intelligence-sharing group (the United States, Australia, Canada, and New Zealand) law enforcement and cyber security agencies (Agencies) published a joint guide for network engineers, defenders of communications infrastructure and organizations with on-premises enterprise equipment (the Guide). The Agencies strongly encourage applying the Guide’s best practices to strengthen visibility and strengthen network devices against exploitation by reported hackers, including those hackers affiliated with the People’s Republic of China (PRC). The fifth group member, the United Kingdom, released a statement supportive of the joint guide but stated it had alternate methods of mitigating cyber risks for its telecom providers.

In November 2024, the Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a joint statement to update the public on its investigation into the previously reported PRC-affiliated hacks on multiple telecommunications companies’ networks. The FBI and CISA reported that these hacks appeared to focus on cell phone activity of individuals involved in political or government activity and copies of law enforcement informational requests subject to court orders. However, at the time of the update, these U.S. agencies and members of Congress have underscored the broad and significant nature of this breach. At least one elected official stated that the hacks potentially expose unencrypted cell phone conversations with someone in America to the hackers.

In particular, the Guide recommends adopting actions that quickly identify anomalous behavior, vulnerabilities, and threats and respond to a cyber incident. It also guides telecoms and businesses to reduce existing vulnerabilities, improve secure configuration habits, and limit potential entry points. One of the Guide’s recommended best practices attracting media attention is ensuring that mobile phone messaging and call traffic is fully end-to-end encrypted to the maximum extent possible. Without fully end-to-end encrypted messaging and calls, the content of calls and messages always has the potential to be intercepted. Android to Android messaging and iPhone to iPhone messaging is fully end-to-end encrypted but messaging from an Android to an iPhone is not currently end-to-end encrypted. Google and Apple recommend using a fully encrypted messaging app to better protect the content of messages from hackers.

The FBI and CISA are continuing to investigate the hacks and will update the public as the investigation permits. In the interim, telecom providers and companies are encouraged to adopt the Guide’s best practices and to report any suspicious activity to their local FBI field office or the FBI’s Internet Crime Complaint Center. Cyber incidents may also be reported to CISA.

What U.S. Travelers to UK Need to Know About UK’s Electronic Travel Authorisation (ETA)

Americans traveling to the UK as tourists or business visitors are generally visa-exempt. Starting on Jan. 8, 2025, visa-exempt Americans traveling to the UK will need to use the new Electronic Travel Authorisation (ETA) scheme prior to travel. Americans will be able to apply for ETA starting on Nov. 27, 2024.

Like the U.S. ESTA (Electronic System for Travel Authorization), ETAs are digitally linked to the traveler’s passport, allowing smoother and more secure immigration processing.

Applying for an ETA costs ten pounds. The ETA expires either two years after issuance or when the individual’s passport expires – whichever is earlier. If an individual obtains a new passport, they must apply for new ETA.

The ETA allows:

  • Multiple entries
  • Stays for no longer than six months

The ETA is being rolled out in phases. It is already in effect for nationals from the Gulf States. On Jan. 8, 2025, approximately 50 other countries, including the United States, will be added to the list. ETA will be rolled out for European countries on April 2, 2025.

The application is online and through the UK ETA app. Every individual who is traveling will need a separate ETA application. It is best to apply early, although applications are usually processed within three working days.

The similar ETIAS program for travel to the European Union has been delayed, but it is expected to go into effect sometime in 2025.

Top Competition Enforcers in the US, EU, and UK Release Joint Statement on AI Competition – AI: The Washington Report


On July 23, the top competition enforcers at the US Federal Trade Commission (FTC) and Department of Justice (DOJ), the UK Competition and Markets Authority (CMA), and the European Commission (EC) released a Joint Statement on Competition in Generative AI Foundation Models and AI products. The statement outlines risks in the AI ecosystem and shared principles for protecting and fostering competition.

While the statement does not lay out specific enforcement actions, the statement’s release suggests that the top competition enforcers in all three jurisdictions are focusing on AI’s effects on competition in general and competition within the AI ecosystem—and are likely to take concrete action in the near future.

A Shared Focus on AI

The competition enforcers did not just discover AI. In recent years, the top competition enforcers in the US, UK, and EU have all been examining both the effects AI may have on competition in various sectors as well as competition within the AI ecosystem. In September 2023, the CMA released a report on AI Foundation Models, which described the “significant impact” that AI technologies may have on competition and consumers, followed by an updated April 2024 report on AI. In June 2024, French competition authorities released a report on Generative AI, which focused on competition issues related to AI. At its January 2024 Tech Summit, the FTC examined the “real-world impacts of AI on consumers and competition.”

AI as a Technological Inflection Point

In the new joint statement, the top enforcers described the recent evolution of AI technologies, including foundational models and generative AI, as “a technological inflection point.” As “one of the most significant technological developments of the past couple decades,” AI has the potential to increase innovation and economic growth and benefit the lives of citizens around the world.

But with any technological inflection point, which may create “new means of competing” and catalyze innovation and growth, the enforcers must act “to ensure the public reaps the full benefits” of the AI evolution. The enforcers are concerned that several risks, described below, could undermine competition in the AI ecosystem. According to the enforcers, they are “committed to using our available powers to address any such risks before they become entrenched or irreversible harms.”

Risks to Competition in the AI Ecosystem

The top enforcers highlight three main risks to competition in the AI ecosystem.

  1. Concentrated control of key inputs – Because AI technologies rely on a few specific “critical ingredients,” including specialized chips and technical expertise, a number of firms may be “in a position to exploit existing or emerging bottlenecks across the AI stack and to have outside influence over the future development of these tools.” This concentration may stifle competition, disrupt innovation, or be exploited by certain firms.
  2. Entrenching or extending market power in AI-related markets – The recent advancements in AI technologies come “at a time when large incumbent digital firms already enjoy strong accumulated advantages.” The regulators are concerned that these firms, due to their power, may have “the ability to protect against AI-driven disruption, or harness it to their particular advantage,” potentially to extend or strengthen their positions.
  3. Arrangements involving key players could amplify risks – While arrangements between firms, including investments and partnerships, related to the development of AI may not necessarily harm competition, major firms may use these partnerships and investments to “undermine or coopt competitive threats and steer market outcomes” to their advantage.

Beyond these three main risks, the statement also acknowledges that other competition and consumer risks are also associated with AI. Algorithms may “allow competitors to share competitively sensitive information” and engage in price discrimination and fixing. Consumers may be harmed, too, by AI. As the CMA, DOJ, and the FTC have consumer protection authority, these authorities will “also be vigilant of any consumer protection threats that may derive from the use and application of AI.”

Sovereign Jurisdictions but Shared Concerns

While the enforcers share areas of concern, the joint statement recognizes that the EU, UK, and US’s “legal powers and jurisdictions contexts differ, and ultimately, our decisions will always remain sovereign and independent.” Nonetheless, the competition enforcers assert that “if the risks described [in the statement] materialize, they will likely do so in a way that does not respect international boundaries,” making it necessary for the different jurisdictions to “share an understanding of the issues” and be “committed to using our respective powers where appropriate.”

Three Unifying Principles

With the goal of acting together, the enforcers outline three shared principles that will “serve to enable competition and foster innovation.”

  1. Fair Dealing – Firms that engage in fair dealing will make the AI ecosystem as a whole better off. Exclusionary tactics often “discourage investments and innovation” and undermine competition.
  2. Interoperability – Interoperability, the ability of different systems to communicate and work together seamlessly, will increase competition and innovation around AI. The enforcers note that “any claims that interoperability requires sacrifice to privacy and security will be closely scrutinized.”
  3. Choice – Everyone in the AI ecosystem, from businesses to consumers, will benefit from having “choices among the diverse products and business models resulting from a competitive process.” Regulators may scrutinize three activities in particular: (1) company lock-in mechanisms that could limit choices for companies and individuals, (2) partnerships between incumbents and newcomers that could “sidestep merger enforcement” or provide “incumbents undue influence or control in ways that undermine competition,” and (3) for content creators, “choice among buyers,” which could be used to limit the “free flow of information in the marketplace of ideas.”

Conclusion: Potential Future Activity

While the statement does not address specific enforcement tools and actions the enforcers may take, the statement’s release suggests that the enforcers may all be gearing up to take action related to AI competition in the near future. Interested stakeholders, especially international ones, should closely track potential activity from these enforcers. We will continue to closely monitor and analyze activity by the DOJ and FTC on AI competition issues.

Digging for Trouble: The Double-Edged Sword of Decisions to Report Misconduct

On May 10, 2024, Romy Andrianarisoa, former Chief of Staff to the President of Madagascar, was convicted for soliciting bribes from Gemfields Group Ltd (Gemfields), a UK-based mining company specializing in rubies and emeralds. Andrianarisoa, along with her associate Philippe Tabuteau, was charged after requesting significant sums of money and a five percent equity stake in a mining venture in exchange for facilitating exclusive mining rights in Madagascar.

The investigation, spearheaded by the UK’s National Crime Agency (NCA), began when Gemfields reported their suspicions of corruption. Using covert surveillance, the NCA recorded Andrianarisoa and Tabuteau requesting 250,000 Swiss Francs (approximately £215,000) and a five percent equity stake, potentially worth around £4 million, as payments for their services. Gemfields supported the investigation and prosecution throughout.

During the investigation, six covertly recorded audio clips were released, suggesting Andrianarisoa had significant influence over Madagascar’s leadership and her expectation of substantial financial rewards. The arrests in August 2023 and subsequent trial at Southwark Crown Court culminated in prison sentences of three and a half years for Andrianarisoa and two years and three months for Tabuteau.

Comment

Gemfields has, quite rightly, been praised for reporting this conduct to the NCA and supporting their investigation and prosecution. In doing so, they made a strong ethical decision and went above and beyond their legal obligations: there is no legal requirement on Gemfields to report solicitations of this kind.

Such a decision will also have been difficult. Reporting misconduct and supporting the investigation is likely to have exposed Gemfields to significant risk and costs:

  • First, in order to meet their obligations as prosecutors, put together the best case, and comply with disclosure requirements, the NCA likely required Gemfields employees to attend interviews and provide documents. These activities require significant legal support and can be very costly both in time and money.
  • Secondly, such disclosures and interviews might identify unrelated matters of interest to the NCA. It is not uncommon in these cases for corporates reporting misconduct to become the subject of unrelated allegations of misconduct and separate investigations themselves.
  • Furthermore, to the extent that Gemfields supported the covert surveillance aspects of the NCA’s investigation, there may have been significant safety risks to both the employees participating, and unrelated employees in Madagascar. Such risks can be extremely difficult to mitigate.
  • Finally, the willingness to publicly and voluntarily report Andrianarisoa is likely to have created a chilling effect on Gemfields’ ability to do legitimate business in Madagascar and elsewhere. Potential partners may be dissuaded from working with Gemfields for fear of being dragged into similar investigations whether warranted or not.

Organisations in these situations face difficult decisions. Many will, quite rightly, want to be good corporate citizens, but in doing so, must recognise the potential costs and risks to their business and, ultimately, their obligations to shareholders and owners. In circumstances where there is no obligation to report, the safest option may be to walk away and carefully record the decision to do so. No doubt, Gemfields carefully considered these risks prior to reporting Andrianarisoa’s misconduct.

Businesses facing similar challenges should:

  • Ensure they understand their legal obligations. Generally, there is no obligation to report a crime. However, particularly for companies and firms operating in the financial services or other regulated sectors, this is not universally the case.
  • Carefully consider the risks and benefits associated with any decision to report another’s misconduct, including not only financial costs, but time and safety costs too.
  • Develop a compliance programme that assists and educates teams on how to correctly identify misconduct, escalate appropriately, and decide whether to report.

Global Regulatory Update for April 2024

WEBINAR – Registration Is Open For “Harmonizing TSCA Consent Orders with OSHA HCS 2012”: Register now to join The Acta Group (Acta®) and Bergeson & Campbell, P.C. (B&C®) for “Harmonizing TSCA Consent Orders with OSHA HCS 2012,” a complimentary webinar covering case studies and practical applications of merging the requirements for consent order language on the Safety Data Sheet (SDS). In this webinar, Karin F. Baron, MSPH, Director of Hazard Communication and International Registration Strategy, Acta, will explore two hypothetical examples and provide guidance on practical approaches to compliance. An industry perspective will be presented by Sara Glazier Frojen, Senior Product Steward, Hexion Inc., who will discuss the realities of managing this process day-to-day.

SAVE THE DATE – “TSCA Reform — 8 Years Later” On June 26, 2024: Save the date to join Acta affiliate B&C, the Environmental Law Institute (ELI), and the George Washington University Milken Institute School of Public Health for a day-long conference reflecting on the challenges and accomplishments since the implementation of the 2016 Lautenberg Amendments and where the Toxic Substances Control Act (TSCA) stands today. This year, the conference will be held in person at the George Washington University Milken Institute School of Public Health (and will be livestreamed via YouTube). Continuing legal education (CLE) credit will be offered in select states for in-person attendees only. Please check ELI’s event page in the coming weeks for more information, including an agenda, CLE information, registration, and more. If you have questions in the meantime, please contact Madison Calhoun (calhoun@eli.org).

AUSTRALIA

Changes To Categorization, Reporting, And Recordkeeping Requirements For Industrial Chemicals Will Take Effect April 24, 2024: The Australian Industrial Chemicals Introduction Scheme (AICIS) announced regulatory changes to categorization, reporting, and recordkeeping requirements will start April 24, 2024. For the changes to take effect, the Industrial Chemicals (General) Rules 2019 (Rules) and Industrial Chemicals Categorisation Guidelines will be amended. According to AICIS, key changes to the Rules include:

  • Written undertakings replaced with records that will make compliance easier;
  • Greater acceptance of International Nomenclature of Cosmetic Ingredients (INCI) names for reporting and recordkeeping;
  • Changes to the categorization criteria to benefit:
    • Local soap makers;
    • Introducers of chemicals in flavor and fragrance blends; and
    • Introducers of hazardous chemicals where introduction and use are controlled; and
  • Strengthening criteria and/or reporting requirements for health and environmental protection.

AICIS announced final changes to the Industrial Chemicals Categorisation Guidelines that will take effect April 24, 2024. According to AICIS, the changes include:

  • Refinement of the requirement to check for hazardous esters and salts of chemicals on the “List of chemicals with high hazards for categorisation” (the List);
  • Provision to include highly hazardous chemicals to the List based on an AICIS assessment or evaluation;
  • Expanded options for introducers to demonstrate the absence of skin irritation and skin sensitization; and
  • More models for in silico predictions and an added test guideline for ready biodegradability.

AICIS states that it will publish a second update to the Guidelines in September 2024 due to industry stakeholders’ feedback that they need more time to prepare for some of the changes. It will include:

  • For the List: add chemicals based on current sources and add the European Commission (EC) Endocrine Disruptor List (List I) as a source; and
  • Refined requirements for introducers to show the absence of specific target organ toxicity after repeated exposure and bioaccumulation potential.

CANADA

Canada Provides Updates On Its Implementation Of The Modernized CEPA: As reported in our June 23, 2023, memorandum, Bill S-5, Strengthening Environmental Protection for a Healthier Canada Act, received Royal Assent on June 13, 2023. Canada is working to implement the bill through initiatives that include the development of various instruments, policies, strategies, regulations, and processes. In April 2024, Canada updated its list of public consultation opportunities:

  • Discussion document on the implementation framework for a right to a healthy environment under the Canadian Environmental Protection Act, 1999 (CEPA) (winter 2024);
  • Proposed Watch List approach (spring/summer 2024);
  • Proposed plan of chemicals management priorities (summer 2024);
  • Draft strategy to replace, reduce or refine vertebrate animal testing (summer/fall 2024);
  • Draft implementation framework for a right to a healthy environment under CEPA (summer/fall 2024);
  • Discussion document for toxic substances of highest risk regulations (winter 2025); and
  • Discussion document on the restriction and authorization of certain toxic substances regulations (winter/spring 2025).

EUROPEAN UNION (EU)

ECHA Checks More Than 20 Percent Of REACH Registration Dossiers For Compliance: The European Chemicals Agency (ECHA) announced on February 27, 2024, that between 2009 and 2023, it performed compliance checks of approximately 15,000 Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH) registrations, representing 21 percent of full registrations. ECHA states that it met its legal target for dossier evaluation, which increased from five percent to 20 percent in 2019. ECHA notes that for substances registered at quantities of 100 metric tons or more per year, it has checked compliance for around 30 percent of the dossiers.

According to ECHA, in 2023, it conducted 301 compliance checks, covering more than 1,750 registrations and addressing 274 individual substances. ECHA “focused on registration dossiers that may have data gaps and aim to enhance the safety data of these substances.” ECHA sent 251 adopted decisions to companies, “requesting additional data to clarify long-term effects of chemicals on human health or the environment.” ECHA states that during the follow-up evaluation process, it will assess the incoming information for compliance. ECHA will share the outcome of the incoming data with the EU member states and the EC to enable prioritization of substances. ECHA will work closely with the member states for enforcement of non-compliant dossiers. Compliance of registration dossiers will remain a priority for ECHA. In 2024, ECHA will review the impact of the Joint Evaluation Action Plan, aimed at improving REACH registration compliance, and, together with stakeholders, develop new priority areas on which to focus. More information is available in our March 29, 2024, blog item.

Council Of The EU And EP Reach Provisional Agreement On Proposed Regulation On Packaging And Packaging Waste: The Council of the EU announced on March 4, 2024, that its presidency and the European Parliament’s (EP) representatives reached a provisional political agreement on a proposal for a regulation on packaging and packaging waste. The press release states that the proposal considers the full life-cycle of packaging and establishes requirements to ensure that packaging is safe and sustainable by requiring that all packaging is recyclable and that the presence of substances of concern is minimized. It also includes labeling harmonization requirements to improve consumer information. In line with the waste hierarchy, the proposal aims to reduce significantly the generation of packaging waste by setting binding re-use targets, restricting certain types of single-use packaging, and requiring economic operators to minimize the packaging used. The proposal would introduce a restriction on the placing on the market of food contact packaging containing per- and polyfluoroalkyl substances (PFAS) above certain thresholds. The press release notes that to avoid any overlap with other pieces of legislation, the co-legislators tasked the EC to assess the need to amend that restriction within four years of the date of application of the regulation.

EP Adopts Position On Establishing System To Verify And Pre-Approve Environmental Marketing Claims: The EP announced on March 12, 2024, that it adopted its first reading position on establishing a verification and pre-approval system for environmental marketing claims to protect citizens from misleading ads. According to the EP’s press release, the green claims directive would require companies to submit evidence about their environmental marketing claims before advertising products as “biodegradable,” “less polluting,” “water saving,” or having “biobased content.” Micro enterprises would be exempt from the new rules, and small and medium-sized enterprises (SME) would have an extra year to comply compared to larger businesses. The press release notes that the EP also decided that green claims about products containing hazardous substances should remain possible for now, but that the EC “should assess in the near future whether they should be banned entirely.” The new EP will follow up on the file after the European elections that will take place in June 2024.

On April 3, 2024, a coalition of industry associations issued a “Joint statement in reference to ‘the ban of green claims for products containing hazardous substances’ in the Green Claims Substantiation Directive (GCD).” The associations “fully support the principle that consumers should not be misled by false or unsubstantiated environmental claims and share the EU’s objective to establish a clear, robust and credible framework to enable consumers to make an informed choice.” The associations express concern that the proposed prohibition of environmental claims for products containing certain hazardous substances “will run contrary to the objective of the Directive to enable consumers to make sustainable purchase decisions and ensure proper substantiation of claims.” According to the associations, for a number of consumer products, “the reference to ‘products containing’ would encompass substances that would have intrinsic hazardous properties,” implying that there would be a ban of making any environmental claim(s), “even if such trace amounts of unavoidable and unintentional impurities and contaminants are present in these products.” The signatories include the International Association for Soaps, Detergents and Maintenance Products; the European Brands Association; APPLiA; the Association of Manufacturers and Formulators of Enzyme Products; CosmeticsEurope; the European Power Tool Association; the Federation of the European Sporting Goods Industry; the International Fragrance Association; LightingEurope; the International Natural and Organic Cosmetics Association; Toy Industries of Europe; Verband der Elektro- und Digitalindustrie; and the World Federation of Advertisers.

ECHA Clarifies Next Steps For PFAS Restriction Proposal: ECHA issued a press release on March 13, 2024, to outline how the Scientific Committees for Risk Assessment (RAC) and for Socio-Economic Analysis (SEAC) will progress in evaluating the proposal to restrict PFAS in Europe. As reported in our February 13, 2023, memorandum, the national authorities of Denmark, Germany, the Netherlands, Norway, and Sweden submitted a proposal to restrict more than 10,000 PFAS under REACH. The proposal suggests two restriction options — a full ban and a ban with use-specific derogations — to address the identified risks. Following the screening of thousands of comments received during the consultation, ECHA states that it is clarifying the next steps for the proposal. According to ECHA, RAC and SEAC will evaluate the proposed restriction together with the comments from the consultation in batches, focusing on the different sectors that may be affected.

In tandem, the five national authorities who prepared the proposal are updating their initial report to address the consultation comments. This updated report will be assessed by the committees and will serve as the foundation for their opinions. The sectors and elements that will be discussed in the next three committee meetings are:

March 2024 Meetings

  • Consumer mixtures, cosmetics, and ski wax;
  • Hazards of PFAS (only by RAC); and
  • General approach (only by SEAC).

June 2024 Meetings

  • Metal plating and manufacture of metal products; and
  • Additional discussion on hazards (only by RAC).

September 2024 Meetings

  • Textiles, upholstery, leather, apparel, carpets (TULAC);
  • Food contact materials and packaging; and
  • Petroleum and mining.

More information is available in our March 18, 2024, blog item.

ECHA Adopts And Publishes CoRAP For 2024-2026: On March 19, 2024, ECHA adopted and published the Community rolling action plan (CoRAP) for 2024-2026. The CoRAP lists 28 substances suspected of posing a risk to human health or the environment for evaluation by 11 Member State Competent Authorities. The CoRAP includes 11 newly allocated substances and 17 substances already included in the previous CoRAP 2023-2025 update, published on March 21, 2023. For 11 out of these 17 substances, ECHA notes that the evaluation year has been postponed, mainly to await submission of new information requested under dossier evaluation. Of the 28 substances to be evaluated, ten are to be evaluated in 2024, 13 in 2025, and five in 2026. The remaining substance of the 24 substances listed in the previous CoRAP was withdrawn as its evaluation is currently considered to be a low priority. According to ECHA, for this substance, a compliance check is needed first. ECHA states that the substance can be placed in the CoRAP list again, if after the conclusion of the dossier evaluation process, concerns remain beyond what can be clarified through dossier evaluation. ECHA has posted a guide for registrants that need to update their dossiers with new relevant information such as hazard, tonnages, use, and exposure.

Comments On Proposals To Identify New SVHCs Due April 15, 2025: A public consultation on proposals to identify two new substances of very high concern (SVHC) will close on April 15, 2024. The substances and examples of their uses are:

  • Bis(α,α-dimethylbenzyl) peroxide: This substance is used in products such as pH-regulators, flocculants, precipitants, and neutralization agents; and
  • Triphenyl phosphate: This substance is used as a flame retardant and plasticizer in polymer formulations, adhesives, and sealants.

UNITED KINGDOM (UK)

HSE Publishes UK REACH Work Programme For 2023/24: In February 2024, the Health and Safety Executive (HSE) published its UK REACH Work Programme 2023/24. The Work Programme sets out how HSE, with the support of the Environment Agency, will deliver its regulatory activities to meet the objectives and timescales set out in UK REACH. Alongside these activities, HSE and the Environment Agency will engage with stakeholders. The Work Programme includes the following deliverables and target deadlines:

Topic Deliverable Target
Substance evaluation Evaluate substances in the Rolling Action Plan (RAP) Evaluate one
Authorization Complete the processing of received applications within the statutory deadline (this includes comments from public consultation and REACH Independent Scientific Expert Pool (RISEP) input) 100 percent
SVHC identification Undertake an initial assessment of substances submitted for SVHC identification under EU REACH during 2022/23 and consider if they are appropriate for SVHC identification under UK REACH Assess up to five
Regulatory management options analysis (RMOA) Complete RMOAs initiated in 22/23 

Initiate RMOAs for substances identified as priorities

Up to ten 

Up to five

Restriction Complete ongoing restriction opinions 

Begin Annex 15 restriction dossiers

Initiate scoping work for restrictions

Two

One 

Two

HSE Opens Call For Evidence On PFAS In FFFs: HSE is working with the Environment Agency to prepare a restriction dossier that will assess the risks of PFAS in firefighting foams (FFF). HSE will propose restrictions, if necessary, to manage any significant risks identified. To help compile the dossier, HSE opened a call for evidence. HSE states that it would like stakeholders to identify themselves as willing to engage in further dialogue throughout the restrictions process. In particular, it would like to hear from stakeholders with relevant information on PFAS (or alternatives) in FFFs, especially information specific to Great Britain (GB). Regarding relevant information, HSE is interested in all aspects of FFFs, including:

  • Manufacture of FFFs: Substances used, process, quantities;
  • Import of FFF products of all types: Quantities, suppliers;
  • Use: Quantities, sector of use, frequency, storage on site, products used;
  • Alternatives to PFAS in FFF: Availability, cost, performance in comparison to PFAS-containing foams, barriers to switching;
  • Hazardous properties: SDSs, new studies on intrinsic properties and exposure, recommended risk management measures;
  • Environmental fate: What happens to the FFF after it is used, where does it go;
  • Waste: Disposal requirements, recycling opportunities, remediation; and
  • Standards: Including product-specific legislation, performance, certification.

HSE states that the call for evidence targets companies (manufacturers, importers, distributors, and retailers) and professional users of FFFs, trade associations, environmental organizations, consumer organizations, and any other organizations and members of the public holding relevant information. HSE intends to publish the final dossier, including any restriction proposals, on its website in March 2025. Interested parties will also then be able to submit comments on any proposed restriction.

New GB BPR Data Requirements Will Apply To Applications Submitted In October 2025: The Biocidal Products (Health and Safety) (Amendment and Transitional Provision etc.) Regulations 2024, which update the data requirements in Annexes II and III of the GB Biocidal Products Regulation (BPR), were laid in Parliament on March 13, 2024, and came into force on April 6, 2024. The legislation updates some of the data requirements to reflect developments in science and technology. These include the use of alternative testing approaches to determine some hazardous properties that previously relied on animal testing. HSE held a public consultation on the proposed changes in 2023 and has posted a report on the outcome of the consultation. The new data requirements will apply to applications received 18 months after the legislation came into force (October 6, 2025) and do not apply to existing applications. HSE will provide further guidance on the changes in the future.

Bad Faith Games – Hasbro Rolls and Loses

For EU and UK trademarks, there is a five-year grace period following the issuance of a registration, during which the trademark owner must use the mark in connection with the goods and/or services covered by the registration before it can be challenged (and potentially ultimately revoked) for non-use with such goods and/or services. Some trademark owners have tried to take advantage of this by re-filing their previously registered trademarks for exactly the same goods and/or services just before the five-year grace period ends as a means of extending this grace period. This is commonly referred to as “evergreening.”

In Hasbro v EUIPO1, the General Court has upheld the EUIPO Board of Appeal’s decision that repeat filing of trademarks can result in bad faith applications. While it is true that evergreening doesn’t always mean bad faith, where it can be demonstrated that an applicant’s intention for filing a trademark application is to dodge showing genuine use of a mark more than five years old, then bad faith may be established.

Bad faith?

In legal terms, “bad faith” goes back in time and considers a trademark owner’s intention at the time it applied for the trademark. If the intention was to weaken the interests of third parties or obtain a trademark registration for reasons that are unrelated to the trademark itself, then this might result in bad faith. In Hasbro, the question of whether the board game conglomerate acted in bad faith hinged on whether Hasbro’s repeat filings of the MONOPOLY trademark, to avoid showing genuine use of the mark, amounted to bad faith.

Hasbro v EUIPO

When Hasbro filed its MONOPOLY trademark yet again, specifying goods and services near-identical to its earlier filing, the General Court said the application was made in bad faith, as Hasbro’s intention was to prolong the five-year grace period allowed for establishing use.

Although the case was initially rejected by the Cancellation Division of the EUIPO, the EUIPO Board of Appeal partially invalidated Hasbro’s EU Registration for the MONOPOLY mark. A key factor of the General Court’s decision supporting the EUIPO Board of Appeal’s verdict was Hasbro’s admission that its motivation for re-filing was to avoid potential costs that would be incurred to show genuine use of the MONOPOLY trademark.

Impact

The Hasbro case is setting precedent in both the European and UK courts. Although the Hasbro case came along post-Brexit, it is still considered “good law” in the English courts.

In a recent dispute between the two supermarket chains Tesco and Lidl2, Tesco argued that Lidl’s wordless version of its logo should be invalidated, as the mark had never been used and Lidl was periodically re-filing it to avoid having to prove genuine use. Tesco’s counterclaim was struck out in the High Court as Tesco had not made a clear-cut case for bad faith. However, the Court of Appeal allowed Tesco’s appeal and maintained that it was possible bad faith had occurred. This forced Lidl to explain its intentions when filing the mark, which is consistent with the Hasbro case. Tesco’s bad faith allegation will now be assessed at the substantive trial later this year. This will be watched closely by brand-owners and practitioners hoping for further guidance on evergreening and specifically where re-filings amount to bad faith.

In Sky v SkyKick3, the Court of Appeal said that a trademark applicant can have both good and bad reasons for applying to register trademarks. However, trademark filings that are submitted underhandedly, particularly where dishonesty is the main objective of filing the application in the first place, should be invalidated.

Bad faith beware!

The Hasbro v EUIPO decision has resulted in brand owners and trademark lawyers taking greater care when re-filing trademarks. It is important to highlight though, that re-filing a trademark is allowed. It is only when it can be established that an applicant’s intention at the point of re-filing the mark was to skirt use requirements, that bad faith can be found.

Brands looking to file new, or re-file existing, trademarks, should ensure they have a clear trademark strategy. Also consider retaining and recording: (1) evidence of genuine use of your marks; and (2) your reasons for re-filing any existing trademarks.


1 21/04/2021, Case T‑663/19, ECLI:EU:T:2021:211 (Hasbro, Inc. v European Union Intellectual Property Office)

Lidl Great Britain Limited v Tesco Stores Limited [2022] EWHC 1434 (Ch)

Sky Limited (formerly Sky Plc), Sky International AG, Sky UK Limited v SkyKick, UK Ltd, SkyKick, Inc [2021] EWCA Civ 1121, 2021 WL 03131604

Article By Sarah Simpson and Tegan Miller-McCormack of Katten. To read Kattison Avenue/Katten Kattwalk | Issue 2, please click here.

For more entertainment, art, and sports legal news, click here to visit the National Law Review.

©2023 Katten Muchin Rosenman LLP

UK Prohibits Certain Investment in Russia

From 19 July 2022,1 it is a violation of UK financial sanctions for any person who knows or has reasonable cause to suspect that they are carrying out, directly or indirectly, certain investment activity in Russia. These prohibitions follow the UK Government’s 6 April 2022 announcement of its intention to introduce an outright ban on all new outward investment in Russia.

The prohibitions are subject to exceptions and do not impact acts undertaken to satisfy obligations under a contract concluded before 19 July 2022, or an ancillary contract necessary for the satisfaction of that contract, subject to notifying Her Majesty’s Treasury at least five working days before the day on which any related act is carried out. There is also the option to apply for a specific Treasury licence, such as to enable humanitarian assistance activity or if connected with the provision of medical goods or services.

Furthermore, General Licence INT/2022/2002560 has been granted, taking effect from 19 July 2022 and expiring on 26 July 2022, allowing a seven-day wind-down period in respect of the prohibited activities.

What Is Prohibited?

The Regulations prohibit:

  • Directly or indirectly establishing any joint venture with a person connected with Russia;
  • Opening representative offices or establishing branches or subsidiaries in Russia;
  • Directly or indirectly acquiring any ownership interest in Russian land and persons connected with Russia for the purpose of making funds or economic resources available directly or indirectly to, or for the benefit of, persons connected with Russia;
  • Directly or indirectly acquiring any ownership interest in or control over a relevant entity or persons (other than an individual) with a place of business in Russia for the purpose of making funds or economic resources available, directly or indirectly, to, or for the benefit of, persons connected with Russia; and
  • The provision of investment services directly related to all the activities summarised above.

Definitions

A “person connected with Russia” means:

  • any individual or group of individuals who are ordinarily resident or located in Russia, or an entity which is incorporated or constituted under Russian law or domiciled in Russia;2

and is not:

  • A Schedule 2 Entity, as detailed in the Regulations;3 or
  • An entity domiciled outside of Russia or a branch, or subsidiary, of such a non-Russian entity.4

A “branch”5 means, in relation to a person other than an individual, a place of business which forms a legally dependent part of that person and which carries out all or some of the transactions inherent in the business of that person.

A “relevant entity”6 means a person, other than an individual, which has a place of busines located in Russia, but is not a person connected with Russia.

A person directly or indirectly “acquiring any ownership interest in or control over a person or entity”7 means:

  • Acquiring any share in the person or entity;
  • Acquiring any voting rights in the person or entity;
  • Acquiring any right to appoint or remove a majority of the board of directors of the person or entity; or
  • Acquiring any means of ensuring that the affairs of the person or entity are conducted in accordance with the wishes of the person.

Exceptions

The exceptions8 introduced enables a person to deal directly or indirectly with:

  • A transferable security otherwise prohibited by Regulation 16;
  • A relevant security issued by a person connected with Russia; or
  • A relevant security issued by a relevant entity.

Full definitions of the terms above are included within Regulation 60ZZA.

From 19 July 2022,1 it is a violation of UK financial sanctions for any person who knows or has reasonable cause to suspect that they are carrying out, directly or indirectly, certain investment activity in Russia. These prohibitions follow the UK Government’s 6 April 2022 announcement of its intention to introduce an outright ban on all new outward investment in Russia.

The prohibitions are subject to exceptions and do not impact acts undertaken to satisfy obligations under a contract concluded before 19 July 2022, or an ancillary contract necessary for the satisfaction of that contract, subject to notifying Her Majesty’s Treasury at least five working days before the day on which any related act is carried out. There is also the option to apply for a specific Treasury licence, such as to enable humanitarian assistance activity or if connected with the provision of medical goods or services.

Furthermore, General Licence INT/2022/2002560 has been granted, taking effect from 19 July 2022 and expiring on 26 July 2022, allowing a seven-day wind-down period in respect of the prohibited activities.

What Is Prohibited?

The Regulations prohibit:

  • Directly or indirectly establishing any joint venture with a person connected with Russia;
  • Opening representative offices or establishing branches or subsidiaries in Russia;
  • Directly or indirectly acquiring any ownership interest in Russian land and persons connected with Russia for the purpose of making funds or economic resources available directly or indirectly to, or for the benefit of, persons connected with Russia;
  • Directly or indirectly acquiring any ownership interest in or control over a relevant entity or persons (other than an individual) with a place of business in Russia for the purpose of making funds or economic resources available, directly or indirectly, to, or for the benefit of, persons connected with Russia; and
  • The provision of investment services directly related to all the activities summarised above.

Definitions

A “person connected with Russia” means:

  • any individual or group of individuals who are ordinarily resident or located in Russia, or an entity which is incorporated or constituted under Russian law or domiciled in Russia;2

and is not:

  • A Schedule 2 Entity, as detailed in the Regulations;3 or
  • An entity domiciled outside of Russia or a branch, or subsidiary, of such a non-Russian entity.4

A “branch”5 means, in relation to a person other than an individual, a place of business which forms a legally dependent part of that person and which carries out all or some of the transactions inherent in the business of that person.

A “relevant entity”6 means a person, other than an individual, which has a place of busines located in Russia, but is not a person connected with Russia.

A person directly or indirectly “acquiring any ownership interest in or control over a person or entity”7 means:

  • Acquiring any share in the person or entity;
  • Acquiring any voting rights in the person or entity;
  • Acquiring any right to appoint or remove a majority of the board of directors of the person or entity; or
  • Acquiring any means of ensuring that the affairs of the person or entity are conducted in accordance with the wishes of the person.

Exceptions

The exceptions8 introduced enables a person to deal directly or indirectly with:

  • A transferable security otherwise prohibited by Regulation 16;
  • A relevant security issued by a person connected with Russia; or
  • A relevant security issued by a relevant entity.

Full definitions of the terms above are included within Regulation 60ZZA.


FOOTNOTES

1 Regulation 18B introduced via The Russia (Sanctions) (EU Exit) (Amendment) (No. 12) Regulations 2022 [2022 No. 801], in force as of 19 July 2022.

2 Regulation 19A(2), The Russia (Sanctions) (EU Exit) Regulations 2019 [2019 No. 855] – as amended.

3 See pp. 123-124.

4 Regulation 16(4D), Ibid.

5 Regulation 18B(8), The Russia (Sanctions) (EU Exit) (Amendment) (No. 12) Regulations 2022 [2022 No. 801].

6 Regulation 18B(8), Ibid.

7 Regulation 18B(8), Ibid.

8 Regulation 60ZZA, Ibid.

©2022 Greenberg Traurig, LLP. All rights reserved.

Trade Mark Infringement – Muslim Dating App Meets its Match [.com]

A recent Intellectual Property Enterprise Court Decision (IPEC) on 20 April 2022 has decided that ‘Muzmatch’, an online matchmaking service to the Muslim Community has infringed Match.com’s registered trade marks.

The decision by Nicholas Caddick Q.C was that Muzmatch’s use of signs and its name amounted to trade mark infringement and/or passing off of Match.com’s trade marks. This case follows successful oppositions by Match.com to Muzmatch’s registration of its marks in 2018, and unsuccessful attempts by Match.com to purchase Muzmatch between 2017 and 2019.

Match.com is one of the largest and most recognisable dating platforms in the UK. It first registered a word mark ‘MATCH.COM’ in 1996 and also owns other dating-related brands including Tinder and Hinge with other marks including the word mark ‘TINDER’. Match.com used a 2012 TNS report to illustrate its goodwill and reputation and 70% of people surveyed would be able to recall Match.com if prompted, 44% unprompted and 31% of people would name Match.com as the first dating brand off the ‘top of their head.’

Muzmatch is a comparatively niche but growing dating platform, which aims to provide a halal (i.e. in compliance with Islamic law) way for single Muslim men and women to meet a partner. Muzmatch is comparatively much smaller and was founded in 2011 by Mr Shahzad Younas and now has had around 666,069 sign-ups in the UK alone.

The Court considered that the marks ‘Muzmatch’ and ‘MATCH.COM’ and each company’s graphical marks, had a high degree of similarity in the services provided. The marks were also similar in nature orally and conceptually and the addition of the prefix ‘Muz’ did not distinguish the two marks, nor could the lack of the suffix ‘.com’ or stylistic fonts/devices.

The key issue of the case relates to the idea of the term ‘Match’ which is used by both marks to describe the nature of the business: match[ing]. Muzmatch argued that as both marks share this descriptive common element, so it is difficult to conclude that there is a likelihood of confusion between the two marks as the term just describes what each business does.

 The Court found that finding that there is a likelihood of confusion for a common descriptive element is not impossible, as the descriptive element can be used distinctively. The average consumer would conclude that the portion ‘Match’ is the badge of origin for Match.com due to its reputation as a brand and the very substantial degree of distinctiveness in the dating industry. An average consumer would have seen the word ‘Match’ as the dominant element in the Match.com trade marks and Match.com is often referred to as just ‘Match’ in advertisements.

Aside from its marks, Muzmatch utilised a Search Engine Optimisation strategy from January 2012 whereby it utilised a list of around 5000 keywords which would take a user to a landing page on the its website. In the list of the keywords used, Muzmatch used the words ‘muslim-tinder’, ‘tinder’ and ‘halal-tinder’ which were accepted by Muzmatch during the litigation to have infringed Match’s trade marks of the Tinder brand including the word mark ‘TINDER’. Muzmatch’s SEO use was also found to cause confusion based on some of its keywords including ‘UK Muslim Match’, which again uses the term Match distinctively, therefore a consumer may confuse a link to ‘UK Muslim Match’ with ‘Match.com’.

Therefore, the Court found that there was likely to be confusion between Muzmatch and Match.com because of the distinctive nature of the term ‘Match’ in the world of dating platforms.  An average consumer would conclude that Muzmatch was connected in a material way with the Match.com marks, as if it was targeted at Muslim users as a sub-brand, so this confusion would be trade mark infringement under S10(2) of the Trade Marks Act 1994.

The Court also considered that Muzmatch had taken unfair advantage of Match.com’s trade marks and had therefore infringed those marks under S10(3) of the Trade Marks Act 1994. This was due to the reputation of Match.com’s trade marks and because a consumer would believe that Muzmatch was a sub-brand of Match.com.

The Court rejected Muzmatch’s defence of honest concurrent use and found that Match.com would also have an alternative claim in the tort of passing off.

Key Points:

  • The Court found that a common descriptive element can acquire distinctiveness in an area, solely because of a company’s reputation and influence in that market.
  • The use of Search Engine Optimisation strategies can also constitute a trade mark infringement.
  • The lack of the suffix ‘.com’ in a mark is not sufficient to distinguish use from a household brand such as Match.com, so care should be taken with brands such as ‘Match.com’, ‘Booking.com’[1]

Source:

[1] Match Group, LLC, Meetic SAS, Match.Com International Limited v Muzmatch Limited, Shahzad Younas [2022] EWHC 941 (IPEC)


[1] Note- Blog Post of July 6 2020 Relating to Booking.com- https://www.iptechblog.com/2020/07/us-supreme-court-opens-doors-to-generic-com-trademarks/

Better Late than Never, Just About – UK Government Issues Workplace Guidance on Living with COVID

So with Covid 19 now officially behind us for all purposes (except actual reality, obviously), we have now been graced by the Government’s new “Living with Covid” guidance.  This was due to come into force on 1 April and was released fashionably late in the afternoon on, well, 1st April.  You could say with some justification that this did not give employers much time to prepare, but that is OK because on close review of the guidance there is in fact very little to prepare for.  As a steer to businesses, this is little short of directionless.

First, it makes the obvious point that the abolition of the requirement to give covid express consideration in workplace risk assessments does not take away any of the employer’s obligations to continue to comply with its health & safety, employment and equality duties (in the latter two cases, although unsaid, presumably as they may be affected by the former).

From there, the Government moves to normalise covid through a long list of symptoms common to it, colds, flu and other respiratory diseases – fair enough so far – but also to other quite unrelated conditions such as hangovers, migraines, food poisoning, being unfit, malaria and frankly just getting old (“unexplained tiredness, lack of energy”).  The list is significantly expanded from the traditional trio of continuous cough, fever, loss of taste and smell and now also includes muscle pain, diarrhoea, headache, loss of appetite and “feeling sick” (what, really?). Some medical practitioners say that this is long overdue recognition of all the things covid can do to you. However, it is still a wincingly unhappy expansion for employers, since the published list now essentially includes something from pretty much every ailment known to man. The guidance notes that it will not usually be possible to tell whether you have covid or something else from the symptoms alone and of course the free testing by which that could have been determined in the past is now largely withdrawn.  Therefore the guidance to individuals is that “if you have symptoms of a respiratory infection such as covid and you have a high temperature or you do not feel well enough to go to work, you are advised to try to stay at home and avoid contact with other people” and then “Try to work from home if you can.  If you are unable to work from home you should talk to your employer about options available to you”.  Given the rich panoply of symptoms now available to the discerning malingerer, justifying taking yourself home for five days while you work out whether your headache is covid or just a headache has never been so easy.

As a result, the burden is shifted squarely to employers to keep up the anti-covid fight, and in particular to decide whether to maintain restrictions on entry to their premises for those who are unvaccinated and/or untested.  Both will be increasingly difficult to sustain in view of the obvious official indifference to the question evidenced by the guidance, which focuses instead on the traditional measures of ventilation, regular cleaning of high-touch surfaces, provision of sanitiser and hygiene advice, etc. The other big hole in the guidance is as to the employer’s rights (or is it obligation?) to send someone home if they have one or more of that long list of potentially relevant symptoms, and even if the employee himself feels able to work and/or cannot work from home.  Nor does it deal with the employees’ sick pay rights in those cases.

Taking a reasonably hawkish view of those two questions:-

  1. If you know that the employee has symptoms which could well indicate that he is suffering from covid, and even if it could equally be something less serious, are you complying with your Health & Safety at Work Act duty to take all reasonably practicable steps to maintain a safe system of work if you allow him in anyway?  If he works in a sparsely –occupied well-ventilated area, perhaps yes, but otherwise probably not.  Given the virulence of Omicron, it is unarguably foreseeable that allowing someone who may have it to breathe wantonly on other people may lead to their contracting it too.  It is also clearly foreseeable, if no longer as much so as with the earlier covid variants, that those other people may become properly ill or die as a result.  Put mathematically, breach of duty + foreseeable risk of injury + causation + actual injury = liability.

So in my view, despite the vacuum in the new guidance, an employer not just can, but really should send home immediately an employee with any material case of the symptoms listed, as a minimum until it becomes clear that the real issue is something else (though not malaria – best not let them in either).

A firm stance on this will also help combat reluctance to return to the office among those staff concerned about the health risk of doing so.  If they or their cohabitants are particularly vulnerable, the knowledge that basically no precautions are being taken to ensure that those present in the workplace are all covid-free will only feed those anxieties.

  1. If the employee is sent home on these grounds and cannot work there, will he be entitled to full salary (as it was not by his choice) or sick pay only?  In many cases he will be back within a week and the two may be the same.  Where they are not, however, I believe that it would strictly be sick pay only – though the employee may himself be physically able to work, he is practically unable to do so by reason of his own possible medical condition, the risk it may pose to others in the workplace and the duty of the employer to take reasonable steps to head off that risk.  That said, there are employment relations arguments both ways on this – on the one hand, that the symptoms listed are so varied and transient that they represent an easy avenue for abuse, and on the other that if reporting them means you get packed off home on reduced pay (perhaps none until SSP kicks in on day 4), you are much less likely to report them in the first place and will probably prefer to pass your day posing an undeclared but potentially quite serious risk to your colleagues.
© Copyright 2022 Squire Patton Boggs (US) LLP

New UK IDTA and Addendum Come Into Force

The new UK International Data Transfer Agreement (“IDTA”) and Addendum to the new 2021 EU Standard Contract Clauses (“New EU SCCs”) are now in force (as of the 21 March 2022), providing much needed certainty for UK organisations transferring personal data to service providers and group companies based outside of the UK/EEA.

The IDTA and Addendum replace the old EU Standard Contractual Clauses  (“Old EU SCCs”) for use as a UK GDPR-compliant transfer tool for restricted transfers from the UK, which also enables UK data exporters to comply with the European Court of Justice’s ‘Schrems II’ judgement.

For new UK data transfer arrangements or where UK organisations are in the process of reviewing their existing arrangements, use of the new ITDA or Addendum would be the best option to seek to future proof against the need to replace them in 2 years’ time.

Where the data flows involve transfers of personal data from both the UK and the EU, the use of the Addendum alongside the New EU SCCs, will enable organisations to implement a more harmonised solution.

To view copies of the documents please follow the links below:

To read our previous blog post on this topic, click here.


Article By Francesca Fellowes of Squire Patton Boggs (US) LLP. Hannah-Mei Grisley also contributed to this article.

© Copyright 2022 Squire Patton Boggs (US) LLP