Artificial Intelligence

Staying Compliant After Trump AI Executive Order Introduces Regulatory Uncertainty


President Donald Trump on December 11, 2025, issued executive order number 14365 (EO) proposing a reset of U.S. AI policy aimed at “promoting national and economic security and dominance.” The EO seeks to establish a national framework for AI policy that minimally burdens industry and promotes innovation.

With insights from several expert practitioners of AI law, this article examines various components of the EO and potential enforcement targets, and discusses how companies should proceed with compliance in view of sometimes conflicting federal and state policy.

See “Navigating Ever-Increasing State AI Laws and Regulations” (Jan. 15, 2025).

Seeking AI Dominance Through Minimal Burden

The EO announces that U.S. AI policy is to “sustain and enhance the United States’ global AI dominance through a minimally burdensome national policy framework for AI.” In furtherance of this policy, it commands the Department of Commerce (DOC), the FCC, the FTC and other agencies to take concerted action that the president says is necessary to “check the most onerous and excessive laws emerging from the States that threaten to stymie innovation.”

“The [EO] attempts by executive action what Congress has failed to do by legislation, which is to preempt or place a moratorium on state AI laws,” Matthew Ferraro, a partner at Crowell & Moring, told the Cybersecurity Law Report. It comports with the administration’s deregulatory philosophy, however, it is “likely not fit for purpose,” he said. “Presidencies typically don’t rely on executive orders to enact sweeping national policy because they are thin reeds on which to lean” and lack the force of law. Though much depends on how administrative agencies implement its directives, the EO will “most likely have limited efficacy” and be susceptible to “colorable” legal challenge, he predicted.

“The EO is more political signaling than legal implementation,” agreed Jason Loring, partner at Jones Walker. “Executive orders cannot preempt state law,” he explained. “The real goal may be creating uncertainty to deter future action rather than achieving actual preemption.”

Criticism of State Law “Patchwork”

The EO criticizes existing state AI laws as a regulatory “patchwork” that complicates compliance, especially for start-ups. It also accuses states of “impinging” on interstate commerce by regulating beyond their borders. It further faults state laws for causing companies to “embed ideological bias within models” and singles out Colorado’s AI law, which bans algorithmic discrimination, as particularly problematic.

The EO is at best an imperfect remedy for the alleged shortcomings of the state AI laws. “The EO doesn’t solve the problems that it identifies,” like replacing “fragmented” state regulation with a federal alternative, Loring said. Some of its criticisms of state law are not well-founded, he opined. Federal law already prohibits disparate impacts, with state laws merely extending those protections to algorithmic decision-making, he explained. Regulating beyond state borders is “generally how consumer protection laws work,” he added.

See “How to Address the Colorado AI Act’s ‘Complex Compliance Regime’” (Jun. 5, 2024).

Forthcoming Scrutiny of and Challenges to State AI Laws

In the absence of a national law governing AI standards, the EO takes a multi-pronged approach to setting a federal AI standard by directing the DOC, the DOJ and regulatory agencies to act.

New Litigation Task Force

The EO mandates that the DOJ create an AI Litigation Task Force dedicated to challenging state AI laws that are inconsistent with federal AI policy on the grounds existing federal regulations preempt them or they violate the dormant commerce clause by unconstitutionally regulating interstate commerce. The task force is to consult with, among others, David Sacks, the Special Advisor for AI and Crypto (Special Advisor), regarding which state laws to challenge.

The task force faces an “uphill battle,” according to Loring. There is no current federal AI statute on which to base preemption claims. A 2022 Supreme Court decision – National Pork Producers Council v. Ross – makes dormant commerce clause challenges more difficult, he explained.

It is difficult to say that the state AI laws discriminate against out-of-state AI companies, so it is not clear how a dormant commerce clause argument would work, said Ferraro.

DOC Evaluation of State AI Laws

The EO requires the secretary of commerce to publish within 90 days of the order – approximately March 11, 2026 – an evaluation of state AI laws that conflict with federal AI policy and to refer them to the litigation task force. The EO singles out laws that “require AI models to alter their truthful outputs” or that would “compel AI developers or deployers to disclose or report information in a manner that would violate the First Amendment or any other provision of the Constitution.

The administration takes a “very expansive” view of what constitutes an AI bill, reflected in an assertion in the EO fact sheet that states have introduced over 1,000 such bills, Ferraro pointed out. The EO tasks the secretary of commerce with drawing up a target list but does not define what constitutes an “onerous and excessive” law, which makes divining what laws could be targeted more difficult, he explained.

The one law singled out in the EO is Colorado SB 205, which aims to protect consumers from algorithmic discrimination. This focus indicates that the administration is likely to target state requirements for impact assessments, risk management and those for reasonable care to prevent algorithmic discrimination, Loring surmised. Illinois’ HB 3773 also addresses AI and disparate impacts in employment and could be a potential target.

The administration might challenge state laws’ consumer notice and opt-out requirements on the grounds that they are “overly burdensome,” Loring noted.

California’s SB 53 (Transparency in Frontier Artificial Intelligence Act), which concerns safety plans and critical incident reporting, might be another target. The administration may use a First Amendment theory that state laws directing the production of safety reports compel speech in violation of the Constitution, Ferraro noted.

The FCC’s Determination About AI Model Disclosures

The EO further requires the FCC chairman to initiate, within 90 days of the publication of the secretary of commerce’s evaluation, a proceeding to determine whether to adopt a federal reporting or disclosure standard for AI models that would preempt conflicting state laws.

If the FCC adopts a disclosure standard, it likely will reflect the administration’s focus on innovation and competitiveness, Jocelyn Aqua, a partner at HWG old the Cybersecurity Law Report. There is existing sentiment that too much transparency could be seen as beneficial to foreign competitors, said Aqua, who noted that a “big factor” in what the administration finds objectionable about the E.U. AI Act is that it may require U.S. companies to provide proprietary information to other governments.

Any argument for preempting state AI disclosure laws is complicated because the FCC regulates telecommunications services and has limited authority over information services. AI likely falls into the latter category where FCC authority is minimal, Loring explained.

The FCC’s attempts to regulate will be further constrained by the U.S. Supreme Court’s 2024 decision in Loper Bright Enterprises v. Raimondo, which overturned the long-held rule that courts must defer to executive agency interpretations, he continued.

Some laws that the administration might target on FCC preemption grounds are California’s SB 53 and AB 2013 (Generative Artificial Intelligence: Training Data Transparency law), Utah’s SB‑149 (Artificial Intelligence Policy Act) and Colorado’s SB 205, according to Loring.

See “Jarkesy and Loper: Bombshells or Busts?” (Aug. 7, 2024).

The FTC’s Preemption Assessment

Within 90 days, the FTC chairman must, in consultation with the Special Advisor, issue a policy statement on how the FTC Act’s prohibition on unfair and deceptive practices applies to AI models. The statement must address how the FTC Act preempts the state law provisions that require parties to alter “the truthful outputs” of AI models.

The FTC Act’s applicability seems predicated on a “right to be biased” theory holding that mitigating AI bias alters “truthful outputs,” and is thus a prohibited deceptive act, Loring observed. Weakening the argument is that AI outputs are not truth, but probabilistic predictions based on training data that might reflect historical discrimination, he pointed out.

Furthermore, the FTC Act addresses misleading commercial communications and is not designed to preempt state civil rights laws, Loring said. The EO’s characterizing of anti-discrimination law as “compelling deceptive acts inverts the actual purpose and effect” of those laws, he noted.

The FTC Act predates the advent of AI, making any preemption argument challenging, Ferraro said. “There are lots of court cases in which attempts by the executive to use regulatory power to preempt state law have failed because the courts have determined that Congress did not delegate authority in those circumstances to federal agencies,” he noted.

Laws that could be targeted under the FTC Act are California’s AI laws, Colorado’s SB 205 and Illinois HB 3733, Loring surmised. Another potential “major battleground” is state laws that restrict the processing of sensitive data inferred from non-sensitive inputs, such as inferring a health condition from spending patterns, he said. The administration’s emphasis on guaranteeing “truthful outputs” might result in the targeting of such restrictions on the grounds that they “limit a model’s unfiltered utility,” he noted.

Proposed Legislative Recommendations and Exemptions

In addition to the agency mandates, the EO requires the Special Advisor and the assistant to the president for science and technology to prepare a legislative recommendation for a uniform federal AI policy framework that preempts state laws. The mandate carves out state laws relating to child safety protections, AI compute and data center infrastructure, and state government procurement and use of AI.

The legislation directive is a “noticeable” step toward establishing a national framework that would be less susceptible to legal challenge, Ferraro emphasized. “Absent legislation, the contested state and federal landscape will continue to impose significant and shifting regulatory burdens,” he said.

However, debates would likely persist even after any national law is enacted. There will still be questions about the “metes and bounds” of the federal and state laws, Ferraro added.

There will be “hot debates” over whether Congress is able to enact a national AI law, Aqua said. “It’s not clear whether there is the right capacity at the federal government level to enforce,” she opined.

See our two-part series on how to manage AI procurement: “Leadership and Preparation” (Sep. 18, 2024), and “Five Steps” (Oct. 2, 2024).

Cybersecurity and Privacy Laws Under Scrutiny

Cybersecurity laws and privacy laws (such as the CCPA) that implicate AI may also be subject to challenge, but will be “secondary battlegrounds,” predicted Loring. “It’s more likely that the [DOC] will focus on how state AGs enforce privacy and cybersecurity provisions in AI contexts rather than challenging comprehensive privacy or cybersecurity statutes themselves,” he added. Specific provisions that may face “pressure or scrutiny” include those addressing opt-out rights for automated decision-making, disclosure requirements about profiling in privacy policies and data minimization applied to AI training, he said. However, challenging general privacy opt-out rights would be “politically difficult,” he added.

It is possible that the federal government might target some state privacy laws as unduly burdensome, suggested Aqua. Consent requirements, purpose limitations and data minimization requirements in the context of AI models have caused a lot of confusion for companies, she said. There could also be a reevaluation of state privacy laws with respect to the use of sensitive personal information in automated decision-making, she said.

See “Transforming Security and Privacy Workloads With Generative AI: A Comprehensive Framework” (Feb. 19, 2025).

Compliance Considerations

The EO’s goal of targeting state laws that violate federal AI policy raises the question of what companies should do to stay compliant while the federal government mounts its challenges.

Stay the Course but Remain Alert

Companies should continue to comply with state AI laws, Loring said. “The EO does not change current legal obligations and state AI laws remain legally enforceable until courts issue injunctions or Congress passes preemptive legislation,” he emphasized. “Courts are unlikely to grant injunctions without stronger findings than provided in the EO,” he opined.

The “complete invalidation of state AI laws is unlikely,” Loring stated. The DOJ has a greater chance to persuade courts to narrow some state law AI provisions, but the laws’ “most substantive protections, such as anti-discrimination, consumer notification and human oversight requirements, should survive,” he predicted.

For now, companies should “stay the course,” with the caveat that a company must monitor what happens with federal actions, Aqua agreed.

Watch for Conflicts Between Federal and State Laws

Where federal and state laws impose conflicting obligations, companies should document the conflict specifically, Loring advised. These reports should analyze the legal authorities seemingly at conflict, explain the company’s approach and rationale for its resolution, and “preserve evidence of good-faith decision-making,” he explained.

Consider Effects on E.U. Compliance

The different regulatory approaches of the U.S. and E.U. – with the U.S. focused on minimal regulation, rapid deployment and competitive advantage, and the E.U. emphasizing fundamental rights, risk management and transparency – may leave companies struggling to comply, Loring said. “The challenge is maintaining robust E.U. compliance while navigating U.S. federal policy,” he noted.

Companies may struggle to enact geographic segmentation in their operations, according to Loring. Instead, the “best approach” for most companies is “building to the highest standard,” he recommended. Since E.U. requirements generally exceed U.S. requirements, following the former will leave companies with the necessary compliance mechanisms if state laws survive, he said. “Companies cannot use U.S. policy changes to justify weakening E.U. compliance.”

Logistically, a company should record explanations of how it reconciled conflicts and decided which requirements apply to which deployments, Loring advised. Human oversight is “likely to be critical,” as well, he noted.

See our three-part series answering top questions about the E.U. AI Act: “Reach and Unique Requirements” (Apr. 24, 2024), “Risk Tiers and Big-Player Transparency” (May 1, 2024), and “Practical Steps and What’s Next” (May 8, 2024).

Maintain Good AI Governance

With the regulatory uncertainty created by the EO, companies should continue to build and maintain good AI governance frameworks, Aqua emphasized. “I don’t see a difference in how you run your day-to-day activities in this space,” she said. “Aligning your programs to NIST or ISO standards is not something that is going to go away,” she noted.

The first step that a company should take is to conduct an assessment to understand how it uses AI, especially including any high-impact uses, Aqua said. Since vendors increasingly embed AI in their toolkits, it is also important to review procurement practices and carry out due diligence on vendors, she advised. In addition, to foster innovation, a company should encourage strong and responsible use of AI by employees at all levels of the company, she stressed, noting that maintaining accountability and transparency with respect to AI use is also important. Finally, a company should ensure that it has a robust cybersecurity practice, and it should keep compliant with applicable privacy laws so that it only uses lawfully acquired data, she recommended.

See “AI Governance Strategies for Privacy Pros” (Apr. 17, 2024).

Ransomware

Considerations for Improving Defenses to AI-Enabled Ransomware Attacks


Criminals are using AI to conduct cyberattacks and organizations are using it to defend against those attacks. “It’s like machine versus machine, and it’s here. It’s now,” said John Reed Stark, president of John Reed Stark Consulting, who moderated a program on AI’s impact on ransomware at the 2025 Incident Response Forum Ransomware, held in December. The program examined how AI has exacerbated ransomware threats, what organizations can do to counter those threats and the importance of public-private cybersecurity partnerships. This article synthesizes the insights of Stark, Cooley partner Michael Egan, King & Spalding partner Robert Hudock and Freshfields partner Megan Kayo.

See “Defending Against Faster, Stealthier and More Sophisticated Cyber Adversaries” (Sep. 10, 2025).

AI Exacerbates Ransomware Threats

“You can’t overstate just how much the AI technology is going to transform cyberattacks, especially ransomware,” said Stark. In September 2025, China-backed hackers used Anthropic’s Claude chatbot to automate about 30 ransomware attacks on corporations and governments.

Neutral Technology, Lopsided Disruption

Most elements of the attacks with Claude were automated, including its reconnaissance, vulnerability scanning, exploitation, credential harvesting, data analysis and exfiltration, Anthropic revealed. Automated agents conducted the complex exploit at speeds no human could match. Critically, “the Anthropic attack occurred literally with the click of a button and with minimal human interaction,” added Stark.

AI is “changing everything, both for better and for worse,” Hudock said. Everyone, including the government, is leveraging AI. For example, regulators will use AI to analyze publicly available datasets to aid their enforcement. On the other extreme of the law, attackers can use it to mine the data they steal to determine how best to exploit their victims.

AI is a tool that is “neither good nor bad,” Egan noted. Yet, the benefits in cybersecurity may not balance out evenly. “The challenge here is companies have to be right 100 percent of the time. The attackers just have to be right once,” he said. For example, AI’s speed recently helped attackers to use a vulnerability in a popular firewall service to quickly hit a thousand companies. Before AI, they could not have completed an attack on so many victims before the vulnerability was fixed. “It feels like we’re at the tip of the iceberg and that these things are just going to get worse,” with AI giving cybercriminals more power and efficiency, lamented Stark.

Computer CPUs have become much more secure over time, Hudock pointed out. In the long run, AI could be a new type of processor that entities learn how to secure. Unfortunately, for now, many AI tools in use probably are not secure, he cautioned.

For planning, companies should recognize that risks are expanding internally as well as externally, Egan highlighted. Internally, a larger number of employees are using AI, in more ways and more often. These changes increase the surface area for possible attacks, he said.

The increasing enterprise use of AI and its rapid spread across organizations also likely are degrading the security that AI tools do have, Hudock commented. Thus, to limit the risks, organizations should map and manage where their employees use the AI, Hudock and Egan recommended.

See “Leading Attack Vectors and Other Key Findings From Verizon 2025 Data Breach Investigations Report” (Jun. 25, 2025).

Faster, Wider Attacks

Attackers use AI to automate and accelerate their efforts at each phase, Hudock detailed. They can use AI to more effectively leverage vulnerabilities that are published by the Cybersecurity and Infrastructure Security Agency. They can better gather data about targets’ weaknesses. Some are attacking 50 to 100 companies each week. AI automation particularly has sped up exploits involving zero-day vulnerabilities in VPNs and firewalls, Egan highlighted.

AI seems to also help cybercriminals navigate quicker and leave fewer tracks, making them harder to catch. Attackers use AI “to identify the vulnerability, launch the attack and exfiltrate data with minimal hand-on-keyboard time,” Egan said.

Ransomware perpetrators also use AI for better insights into the company for negotiating with them. Some attackers have managed to use AI to handle victim “customer service.” Egan is not aware of any fully automated attacks but warned that they are inevitable.

See “Unpacking the AI Risks Disclosed in 2025 SEC Filings” (Sep. 10, 2025).

Better Phishing

When attackers use AI for reconnaissance, they typically now also use AI tools to incorporate the gathered information into “very tailored and specific” phishing emails, Kayo noted.

Underground “phishing kits” include this very powerful social engineering component, Kayo reported.

See “Staying Ahead of Rising Identity-Based and Cloud Intrusions” (Mar. 19, 2025).

Better Deepfakes

Some attackers use deepfakes to enhance ransomware attacks. “The biggest lesson to be taught is you can’t trust what you see or hear anymore,” Hudock said. One way to help establish the authenticity of communications is by embedding code words into executive communications, he noted.

A technique that may make it harder for attackers to develop voice-based deepfakes of company executives is to have music playing in the background of a speech, Kayo shared.

See “How to Create a Program to Combat Deepfakes” (Oct. 22, 2025); and “Examining the Deepfake Landscape and Measures for Combatting Scams” (Sep. 3, 2025).

Anyone Can Do It

With AI, “the barriers to entry are incredibly low,” accelerating a historical trend in cybersecurity, Stark mused. Originally, only nation-states engaged in ransomware. Later, “ransomware as a service” let some less talented computer jockeys become cybercriminals. Now, using emerging AI tools, “a kid in a basement” on a different continent can manage what a squad of nation-state programmers once did, he cautioned.

Beyond AI helping a greater number of untrained amateurs to attack, AI’s “democratization” of cybercrime is evident in the increased scale of these efforts, Egan observed. Available tools are letting attackers craft and deploy wide-scale campaigns. “Jailbroken” versions of public AI models on the dark web have had guardrails removed, allowing almost anyone to create custom malware. Moreover, just a few years ago, defenders generally knew the threat actors they were talking to. “Now, we’re talking to another AI bot” without knowing who is behind the bot, Egan observed.

See “Examining the Cyber Threat Landscape Dominated by Stealth Attacks” (Mar. 20, 2024).

More Effective Demands

AI makes it easier for attackers to search for PI, Kayo noted, adding that this could trigger notification requirements. Attackers may also be able to accelerate their searches for cyber insurance policies, which could reveal how much the victim is likely to pay. Ransomware attackers are known to send ransom demands in the exact amount of the victim’s policy limit.

See “Tips for Working With Cyber Insurance Carriers Following a Ransomware Event” (Apr. 26, 2023).

Turning Victims’ AI Systems Against Them

Cyberattackers have long “lived off the land,” using existing tooling within the victim’s environment to aid their efforts. Now that many tools have had AI integrated into them, attackers can exploit these to, for example, more quickly generate a roadmap of the company’s environment.

Hudock has seen two novel attack vectors. First, some firms have Microsoft Copilot connected to their email systems. Attackers send target companies emails with hidden text “to reprogram Copilot” to display an incorrect organizational role for an employee. Then that may trick the staff of the help desk into resetting credentials, enabling further attack, he reported.

A second attack method is using Workday, an HR platform with substantial AI capabilities, to integrate with a Windows system’s Active Directory and manipulate an organization’s HR management system. Then the attackers create credentials that let them break into other parts of the organization, Hudock explained.

See “Cloud Attacks and Six Other Cybersecurity Dangers for 2023 and 2024” (Apr. 26, 2023).

AI-to-AI Interactions

Organizations must understand all the interconnections among systems because “it’s very hard to secure something that you don’t fully understand and appreciate,” said Hudock. Companies’ awareness sometimes falls short, for example, with the systems that use application programming interfaces, which facilitate data sharing, he noted.

New technologies that are deployed rapidly are more likely to contain serious vulnerabilities, Hudock continued. Model context protocol (MCP), which is used to integrate AI tools, is new and “extraordinarily insecure,” Hudock stated. MCP expands the attack surfaces of systems that already were very complicated. It also seems to make it harder to understand all the parties with which an organization has relationships and what data it is exchanging, he added.

Organizations should conduct a thorough analysis of the risks of AI-to-AI interactions, said Egan. Both IT and legal functions should participate because each is likely to identify different risks. They should address vulnerabilities at both ends of an AI-to-AI interaction.

Improving Defenses Against AI-Driven Attacks

Cybersecurity will remain a game of whack-a-mole, Egan said. Every time attackers develop a new ploy, organizations will have to counter it. Training and red teaming are critical. Organizations should seek to understand what tools are available to attackers and how they use them. They must also consider what internal defense tools they have, he urged.

The core cybersecurity elements have not changed, continued Egan. Organizations should develop effective response plans, practice their plans with red teaming, conduct appropriate training and deploy new tooling that matches the sophistication of the attackers. For example, rather than merely generating a notification, a more sophisticated defense tool might automatically shut down an affected device or system, Kayo noted.

Defense in depth is essential. Attackers are going to get in, so the goal is to “reduce that blast radius,” Egan cautioned. Although not codified yet, financial regulators now expect firms to use AI in their cyber defenses, he highlighted.

Moreover, companies must plan for AI but should not ignore efforts to implement basic controls like multi-factor authentication and inventorying systems, Kayo stressed. Attackers continue to exploit traditional vulnerabilities. Organizations should deploy endpoint detection and response tools (EDR) and leverage AI to search for and stop anomalous activity, like a link in a phishing email, she advised. EDR is designed to detect attacks and contain the damage to the employee’s device.

See “Gauging Uptake of AI in Cybersecurity” (Nov. 12, 2025).

Leveraging Public-Private Partnerships

Both the FBI and the Secret Service have jurisdiction to handle ransomware matters, Stark noted.

FBI and Secret Service Each Have Expertise

The Secret Service is often involved in payment misdirection scams, whereas the FBI is often involved in ransomware matters, Egan explained. The FBI has “centers of excellence” that focus on specific ransomware groups and attacks.

The FBI can offer ransomware victims substantial help, Kayo noted. The agency may be able to provide a decryptor key, valuable threat intelligence or guidance about whether its ransom payment might go to a sanctioned entity.

The FBI has advocated for public-private cybersecurity partnerships and wants them to continue as AI attack vectors evolve, according to Egan, who sits on an FBI cybersecurity advisory panel. This collaboration is particularly important for addressing attacks associated with nation-state actors, he added.

Some FBI agents “really understand the subject matter of the attacks and what is truly novel,” and can provide specialized knowledge, Hudock observed. Still, sometimes companies’ interests diverge from the FBI’s, so attorneys must watch for that and seek to minimize any friction, he advised.

See “Typhoon Threats and the Call From FBI and NSA for Public-Private Collaboration” (Aug. 20, 2025).

Key Concerns for Active Monitoring Collaborations

The FBI may seek to conduct surveillance on an organization’s systems, noted Stark. In those instances, the company should be prepared to address several concerns in an agreement with the bureau, including:

  • time limits;
  • supervision;
  • protection of collected data;
  • potential violation of customer agreements; and
  • privilege issues associated with sharing information.

Public Company Cyber Event Reporting

Having a relationship with the FBI or Secret Service may help a public company navigate the SEC’s cyber incident disclosure requirements, Egan explained. A relationship with the FBI could expedite the process of determining whether a company might qualify for a public safety or national security exception to the reporting timelines, for example. With the use of AI in attacks and in defense, some novel questions may arise around disclosure.

Companies have had limited success relying on the national security exception, Stark noted.

Determining whether a cyber incident is material for purposes of SEC reporting has been challenging, Stark said. Under the Trump administration, the SEC is likely to enforce the disclosure rules “a lot more loosely,” he predicted. However, companies must still comply with relevant state laws and the GDPR, so they “cannot really relax just because the SEC has decided to go to sleep for a few years,” Stark observed. Criminals’ adoption of AI will likely keep either companies or regulators from relaxing for very long.

See our two-part series on the SEC charging four companies for misleading cyber incident disclosures: “New Expectations?” (Nov. 20, 2024), and “Lessons on Contents and Procedures” (Dec. 4, 2024).

Privilege

FirstEnergy: Reaffirming Upjohn’s Approach to Privilege in Internal Investigations


Most white-collar lawyers practicing today are familiar with the seminal 1981 decision in Upjohn Co. v. United States and its explanations of how privilege works in investigations, but several lower court decisions in recent years have muddied the waters.

In October 2025, the U.S. Court of Appeals for the Sixth Circuit (Court) issued a decision in In re: FirstEnergy Corporation (Decision) clarifying the applicability of the attorney-client privilege and work product doctrine in corporate investigations, letting many practitioners breathe a sigh of relief.

The Decision addresses the applicability of the attorney-client privilege when a company has mixed legal and business motives for seeking advice and whether the production of certain arguably privileged information generated by investigations to enforcers and outside auditors waives privilege protection. This first article in a two-part series analyzes the Decision and offers insights on its implications for future corporate investigations. The second article will lay out current best practices for preserving privilege in internal investigations in light of the Decision.

See “Loose Lips Sink Ships: Maintaining Confidentiality in Investigations” (Jan. 8, 2025).

Procedural Background

In 2020, the federal government brought criminal charges against Ohio House of Representatives member Larry Householder, who allegedly agreed to support legislation giving public utility company FirstEnergy a taxpayer-funded $1.3‑billion bailout in exchange for contributions of millions of dollars to his campaign funds. In the wake of this revelation, FirstEnergy’s share prices fell 45 percent.

In response, FirstEnergy retained two separate teams of outside counsel to conduct an internal investigation and handle subpoenas relating to the allegations. Complicating matters, state and federal regulators subsequently commenced investigations of FirstEnergy, and several civil RICO and securities lawsuits were filed against the company.

In one of the federal actions, the claimants demanded that FirstEnergy produce all documents and answer questions related to its internal investigations. The federal district court overseeing the case granted the requests and denied certifying its order for interlocutory review. FirstEnergy then petitioned for mandamus relief to the Sixth Circuit. A three-judge panel granted the petition, finding that the requested information was varyingly protected by the attorney-client privilege and the work product doctrine and was thus not subject to production.

Privilege Applied

Referencing Upjohn as the “framework for this case,” the Sixth Circuit panel noted that “the [attorney-client] privilege applies when a company seeks legal advice to assess risks of criminal and civil liability.” Applying this rule to FirstEnergy’s documents, the Court found that the company had “clearly sought legal advice” about its potential criminal and civil liability when its board hired outside counsel. The Court found that the privilege applied to the directors’ discussions with counsel about investigative findings, legal analyses and liability assessments. Those communications, in addition to “analyses about what acts occurred, whether those acts were illegal, and what criminal and civil consequences might ensue – all involved requested legal advice,” the Court concluded.

The Court further found that the work product doctrine, which applies to documents created by counsel or the company in the reasonable “anticipation of litigation” also protected FirstEnergy’s internal investigations. The Court held that, in view of the criminal complaint and the resulting 45‑percent drop in FirstEnergy’s share price, it was reasonable for the company to anticipate government investigations, regulatory proceedings and civil actions. The claimants’ concession that, “but for” the DOJ investigation, FirstEnergy would not have conducted the internal investigations left “no question” about what motivated the investigations, said the Court.

A Reaffirmation of Upjohn

The general consensus is that the FirstEnergy Decision is a reaffirmation of existing principles, rather than a revolution. It clarifies the application of the attorney-client privilege and work product doctrine in the context of a complex internal investigation.

The Decision “does not change our understanding, but it further solidifies important jurisprudence that would otherwise chill an attorney’s ability to meaningfully communicate certain legal concepts to clients under certain circumstances,” Bill Semins, a partner at K&L Gates, told the Cybersecurity Law Report.

The Court’s Decision “roundly and soundly” reaffirmed the protections of the attorney-client privilege and the work product doctrine in the context of internal investigations, Kevin Abikoff, a partner at Proskauer Rose, agreed.

FirstEnergy is a “practical and pro-privilege application of Upjohn to the realities of corporate investigations,” at least with respect to the Sixth Circuit, Josh Gardner, a partner at DLA, told the Cybersecurity Law Report. “Ultimately, it affirms Upjohn’s central holding, that the attorney-client privilege protects confidential communications seeking legal advice not only between counsel and top management, but also company employees,” and applies Upjohn to a “contemporary context - large scale, crisis-driven internal investigations,” he said.

“The Decision proves that internal investigations remain a great tool for management because the attorney-client privilege and attorney work product doctrine has been reaffirmed to ensure a cone of silence around management’s crisis decisions,” Seth Taube, senior counsel at Baker Botts, told the Cybersecurity Law Report.

Setting the Record Straight

Over the past several years, there have been a number of lower court decisions that have called into question long-settled understandings about how privilege attaches to internal investigations.

For many years, “it was resolved that lawyers could do an internal investigation and maintain the privilege associated with that,” Abikoff recalled.

More recently, there has been a move to “chip away” at what protections attach to internal investigations, “either because of arguments of waiver or whether it was for a business purpose or how ultimately material is stored or used,” Taube explained.

In FirstEnergy, the Sixth Circuit recognized that, as a matter of public policy, internal investigations are a “critical tool” for encouraging companies to figure out and fix problems, Taube observed. “Efforts to minimize those protections discourage this critical policy goal and discourage companies from utilizing this vehicle to get to the bottom of problems,” he said. Upjohn needed to be refreshed, and the Sixth Circuit “stepped up,” he noted.

The FirstEnergy Decision makes it clear that “Upjohn is still viable and entirely valid law,” Abikoff affirmed.

As a result, “companies can receive privileged legal advice and guidance in the course of internal investigations to uncover potential areas of concern and take some remedial actions without the fear that the results of those investigations will later become public,” Gardner explained.

See “Looking Back on the Breach: Fundamentals of Preserving Privilege of Forensic Analyses in the Wake of a Data Breach” (Jul. 20, 2022).

Mixing Business and Legal Advice

The Sixth Circuit rejected the lower court’s conclusions that the information sought was not protected because the investigations had been initiated to secure primarily business advice. It found that the “adjacent business purposes” for which FirstEnergy sought legal advice did not change the fact that it had “primarily sought and received legal advice . . . throughout the investigations.” The Court stated that, given the legal threats faced by FirstEnergy, it would “be the rare company that will not also have business purposes for seeking essential legal advice.”

The Court said that this conclusion did not depend upon a declaration from one of FirstEnergy’s directors stating what prompted the investigations. Evidence of management’s insider knowledge was not necessary to determine that the investigations, regulatory actions and lawsuits caused FirstEnergy to expect litigation and seek legal advice.

See “Understanding the Fiduciary Exception to Attorney-Client Privilege” (Oct. 4, 2023).

Some Recent Confusion

Prior to FirstEnergy, lower courts sometimes found the attorney-client privilege inapplicable to investigations with “mixed” legal and business purposes, Gardner explained. The FirstEnergy Decision clarifies that the attorney-client privilege attaches to a company’s communications with its attorneys “as long as the company is seeking legal advice, even if there are parallel business reasons or the advice is later used for business decisions,” he explained. “The focus is on the purpose of the communications at the time they were made,” he added.

The conclusion that using legal advice for business decisions “does not pervert the character of the underlying advice as legal and subject to the privilege” was a “kind of resetting of the doctrines as they are meant to exist foundationally,” Abikoff suggested.

“I do not think this is groundbreaking,” Taube said. Clients are not interested in what to argue in court; they want to make business decisions, and lawyers give legal advice so they can make those decisions, he noted.

See our two-part series “Preserving the Privilege for In-House Counsel”: Communications and Common Issues (Feb. 24, 2021), Internal Investigations and Depositions (Mar. 2, 2021).

Not a Sliding Scale

The Sixth Circuit’s observation that FirstEnergy had “primarily” sought legal advice raises the question of whether a sliding scale applies to the attorney-client privilege when advice is sought for combined business and legal purposes.

However, the Court’s use of the term “primarily” was “descriptive, not prescriptive,” Gardner suggested. It reflects factual findings and does not create any sliding scale, he argued. “The bottom line is that there is no mathematical or percentage-based threshold,” he emphasized.

It is possible that lower courts might struggle with a fact pattern where a lawyer acts as both a legal and business advisor, Taube said, “but my view is it is like being a little bit pregnant: if there is a legal advice aspect to going to the lawyer, it is covered by privilege.”

Abikoff had a slightly different take, suggesting there may be situations where an investigation was primarily undertaken for business reasons and is therefore not covered by privilege. It goes to the “fundamental” nature of the advice, whether it is business or legal, he said.

Clarifying Work-Product Protections

The factual context in which FirstEnergy was decided clarifies the investigative situations in which the work product doctrine applies.

Whereas Upjohn focused on the applicability of the work product doctrine in the context of an internal investigation into potentially illegal payments, FirstEnergy concerned “investigations prompted by government subpoenas, criminal complaints and regulatory actions, confirming that work product can apply robustly in these high stakes scenarios,” Gardner suggested.

No Need to Quantify Legal Jeopardy

The Court observed that FirstEnergy was in a bet-the-company situation when determining that documents were protected work product. Would the outcome have been different if the legal threats were less dire?

The size of the potential litigation should not matter with respect to work product analysis, Abikoff suggested. The fact that no litigation is ultimately filed should not change anything, he posited, adding that “people love being Monday morning quarterbacks,” but the analysis should not be done retrospectively. The appropriate question is whether litigation was reasonably anticipated at the time that the documents were created, he said.

While the magnitude of possible litigation should not be a factor, there does need to be a factual scenario that supports the inference, Taube noted. He recommended that companies “set out in some written form why they believe litigation is likely.” Especially in situations where the likelihood of litigation is not 100%, the FirstEnergy Decision “is a reminder that hygiene is important.”

An Objective Standard

A contributing factor to the lower court’s decision is that it had refused to consider a declaration from one of FirstEnergy’s directors describing what prompted the investigation. The lower court found that the declaration had not been properly executed and excluded it from evidence.

While the Court disagreed with the lower court’s exclusion of the declaration, it also rejected the argument that the testimony was necessary to find that the attorney-client privilege or work product protection had been properly invoked.

The test is whether the anticipation of litigation is objectively reasonable, which is more of a legal analysis than a factual question, Abikoff observed, thus making declarations unnecessary.

Limiting Waiver

The Court found that even though FirstEnergy had produced portions of its internal investigation in negotiating a deferred prosecution agreement with the DOJ and in civil litigation, “most” of what was produced was non-privileged and “the rest tended to be bare conclusions from the investigation, not the substance of the attorney’s advice. Divulging those ultimate findings does not waive either protection,” the Court found.

Additionally, the Court failed to find that FirstEnergy had waived either privilege by sharing some of its investigation materials with its independent auditor, Price Waterhouse. It first noted that the disclosed information was non-privileged, and separately relied on the fact that Price Waterhouse was not in an adversarial relationship with FirstEnergy, in which case any disclosures to the auditor would remain protected work product “at a minimum.”

In holding that high-level disclosures do not “open the doors to all underlying privileged communications,” the Court rejected a broad subject matter waiver approach, Gardner noted. The Court found that there could be “legitimate reasons to disclose some high-level conclusions that may arguably be subject to privilege, but that is not going to open the door to the disclosure of the subject matter that is otherwise privileged,” he said. Rather, only the “voluntary disclosure of the substance of privileged communications to an adversary” waives privilege and work product protection.

This is a portion of the Decision where the Court may have been bending the law somewhat in favor of FirstEnergy. “Typically, waiver is binary,” Taube observed, so concluding that a company can produce high-level conclusions without complete subject matter waiver “is a bit of a broadening of the protection,” he said. Companies make decisions to disclose conclusions or underlying information to a third party with knowledge that they affect the privilege, and such disclosures should be worded carefully so as not to implicate the underlying privileged communications, he advised.

“What the ruling does is carefully note that legal advice does not exist in a vacuum but depends on facts that have to be analyzed and incorporated into that advice,” Semins explained. The “attorney-client privilege applies to legal advice, not business advice and not facts,” he noted. It certainly does not read a broad waiver into circumstances where facts are shared, but legal privileges are maintained,” he emphasized.

The opinion clarifies that when lawyers investigate, they “find facts and they come to legal conclusions” and that disclosing those underlying facts, even if they support legal conclusions, does not waive the privilege, Abikoff explained.

Facilitating Company-Auditor Relationships During Investigations

One “hugely important” aspect of the Decision was the Court’s finding that FirstEnergy’s sharing of information with its regular outside auditors “in no way” diminished the company’s ability to assert the attorney-client and work product protections, Abikoff commented. “Those of us who practice in this space worry about this a lot,” he emphasized.

On one hand, the company and its auditors are on the same team, but on the other they are potentially adverse if the auditors tell the company that it needs to make changes to how they record or report transactions or to the company’s controls, Abikoff explained. In an investigation the auditors need access to the company’s books and records, but at the same time, a company does not want to release documents that could waive privilege, he said.

The FirstEnergy Decision allows companies to maintain privilege and work product protection when disclosing certain “limited investigation-related facts and documents” to independent auditors, provided that the auditors are not adversaries and are professionally obligated to refrain from disclosing privileged materials unless the company consents, Gardner explained.

The Court’s ruling “will help lawyer-auditor relations,” Semins opined. “The question is fundamentally – who is an adversary? There has been a split on that in various courts,” he said. The FirstEnergy Decision “significantly eases the relationship between investigative counsel and outside auditors, where there is typically a lot of tension, especially in the early days of an investigation,” he noted. This is because the auditors want the lawyers to answer the “fundamental question” of whether an enforcement action is likely, which causes the auditors to probe for more information and “creates tension” with respect to the attorney-client privilege. The FirstEnergy Decision “goes a long way toward easing that tension,” he continued.

In addition, auditors are often “between a rock and a hard place” due to their obligations to share material information with investors and their ethical and contractual obligations to the company not to share such information, Semins observed. “There is a fundamental inherent conflict there,” and the FirstEnergy Decision makes it easier to have conversations with auditors, he said.

See our two-part series “Something’s Gotta Give: Navigating Auditor Inquiries in Investigations”: Part One (Jan. 4, 2023), and Part Two (Jan. 11, 2023).

Granting Mandamus

The Court held that FirstEnergy met the high bar for mandamus relief, finding that the company had no other adequate means to obtain relief, that the district court had committed clear error and that relief was appropriate under the circumstances. In a “bet the company setting,” it was a “customary expectation” that the attorney-client privilege and work product protections would protect conversations and documents. According to the Court, it would be impossible to affirm the lower court “without abandoning nearly a half-century (since Upjohn) of jurisprudence concerning the scope of the attorney-client privilege and work product doctrine” and “discouraging full and frank communication between companies and their attorneys when investigating their own wrongdoing”.

The fact that the Sixth Circuit reversed the trial court decision by issuing a writ of mandamus is significant. A “really important procedural point” from the Decision, Gardner emphasized, is that “mandamus remains an effective tool for challenging a district court’s privilege decisions where a party has no other adequate means to obtain relief, and where the district court’s order reflects clear and indisputable error.”

Will Other Circuits Follow Suit?

Although the FirstEnergy Decision binds only courts within the Sixth Circuit, its clear statements about protecting communications and work product in internal investigations may influence courts in other jurisdictions.

Outside of the Sixth Circuit, the FirstEnergy Decision is likely to have “persuasive effect,” and will be cited to support broader privilege claims, Semins predicted.

“While this Decision is only binding in the Sixth Circuit, the Decision is well-reasoned and I anticipate it will be cited by litigants and courts elsewhere, especially in cases involving internal investigations, privilege and work product,” Gardner said. “The Decision reinforces the modern, practical approach to privilege and work product, and I do think it could influence courts and circuits where the law is unsettled or where district courts have taken a narrower view.”

People Moves

Marks & Clerk Welcomes New Partner to Establish AI & Cybersecurity Practice in London


Marks & Clerk has announced that Fiona Phillips has joined as a partner and head of the firm’s newly established AI & cyber security legal advisory practice in London. She is the former head of legal – digital information and data at UBS.

Phillips advises clients on the full spectrum of legal issues arising from AI deployment and cybersecurity challenges. Her practice encompasses AI governance and ethics, responsible AI frameworks, regulatory compliance with AI-specific legislation, AI vendor contracts and liability matters, cyber incident response, cybersecurity governance, and compliance with data protection law and regulation. She leads the firm’s first legal and advisory team dedicated to AI and cybersecurity, which focuses on the legal, regulatory and ethical risks that accompany innovation, data and technology deployment.

Phillips previously spent 15 years as a senior in-house GC at major international banks, including HSBC and UBS. She has advised boards and senior executives across the U.K., Middle East and Asia on complex regulatory risk, cybersecurity, data and AI issues.