Search Results

On 9 March 2026, the Landgericht München I (Munich Regional Court I) held the first oral hearing in proceedings brought by GEMA, the German music rights management organization, against Suno Inc., the developer of the Suno AI music generation service. GEMA filed the lawsuit in 2025 alleging that Suno used GEMA-administered musical works without authorisation to train its AI model. The hearing is at an early procedural stage; the court has not issued a judgment. The court has indicated a decision date of 12 June 2026. The claim rests on the Urheberrechtsgesetz (UrhG) — the German Copyright Act — and in particular on the exclusive reproduction right under section 16 UrhG and the right of communication to the public under section 15 UrhG, as well as on the text and data mining provisions of sections 44b and 60d UrhG. Sections 44b and 60d UrhG permit text and data mining of lawfully accessible content under specific conditions, including a reservation of rights by rights holders. GEMA contends that rights holders reserved their rights and that Suno's training activities therefore do not fall within the statutory text and data mining exceptions. Music publishers, labels, and rights management organisations whose catalogues are accessible online should review whether they have issued an explicit reservation of rights under section 44b(3) UrhG, which enables rights holders to opt out of the text and data mining exception. AI developers and deployers that use musical works in training data for generative models operating in Germany or within the European Union must assess whether applicable text and data mining exceptions under Directive (EU) 2019/790 (the Digital Single Market Directive) and its national implementing legislation cover their specific activities. The GEMA action is the first German court proceeding to examine the copyright status of AI music training. The case raises unresolved questions under German and EU law about the scope of the text and data mining exceptions and the applicable standard for establishing infringement where AI-generated output cannot be directly traced to a specific training sample. The court's reasoning on 12 June 2026, whether a judgment or a further procedural order, will be the first German judicial statement on AI music copyright. Source: GEMA, Press Release, "GEMA klagt gegen Suno: Landgericht München verhandelt erstes Verfahren im Bereich Audio-KI," 9 March 2026, https://www.gema.de/de/w/gema-klagt-gegen-suno-2026 (confirmed 18 March 2026). The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

On 18 February 2026, the Spanish Data Protection Authority (Agencia Española de Protección de Datos, AEPD) published a guidance document titled "Inteligencia artificial agéntica desde la perspectiva de la protección de datos" (Agentic artificial intelligence from the perspective of data protection). The document addresses AI systems that operate autonomously to complete tasks, use tools, and process personal data without continuous human intervention. It applies the General Data Protection Regulation (GDPR) and the Spanish Organic Law 3/2018 of 5 December 2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD) to agentic AI deployments. The AEPD guidance identifies the relevant GDPR provisions applicable to agentic AI systems. It addresses Article 5 (principles of processing), Article 6 (lawfulness of processing), Article 13 and 14 (transparency obligations), Article 22 (automated decision-making), Article 25 (data protection by design and by default), and Article 35 (data protection impact assessments). The guidance states that organisations deploying agentic AI must determine the role of each actor in the AI pipeline — whether as controller, joint controller, or processor under Articles 4(7), 4(8), and 26 GDPR — and that the autonomous character of the system does not dissolve these legal obligations. Organisations that deploy or integrate agentic AI systems to process personal data of European Union residents must conduct a lawful basis analysis under Article 6 GDPR before deployment. Where the system makes decisions that produce legal or similarly significant effects, Article 22 GDPR applies and restricts fully automated processing unless an exception under Article 22(2) is met. Developers and deployers must implement data protection by design and by default under Article 25 GDPR, which includes minimising the personal data accessible to the AI agent. A data protection impact assessment under Article 35 GDPR is required where processing is likely to result in high risk, and the AEPD guidance indicates that agentic AI systems will ordinarily meet that threshold. The guidance is non-binding but reflects the AEPD's supervisory position and signals how the authority will approach complaints and investigations involving agentic AI. The AEPD did not set a compliance deadline, but organisations already operating agentic AI systems that process personal data should treat the document as an immediate reference point for internal reviews. The guidance is published in Spanish; the operative framework remains the GDPR and LOPDGDD in their official texts. Source: Agencia Española de Protección de Datos (AEPD), "Inteligencia artificial agéntica desde la perspectiva de la protección de datos," 18 February 2026, https://www.aepd.es/guias/orientaciones-ia-agentica.pdf (confirmed 18 March 2026). The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

On 10 February 2026, the Financial Conduct Authority announced that it has begun civil legal proceedings in the High Court of England and Wales against HTX (formerly Huobi), a global cryptocurrency exchange headquartered outside the United Kingdom. The FCA filed those proceedings on 21 October 2025. This is the FCA's first enforcement action against an offshore cryptoasset exchange for breach of the UK financial promotion regime. The proceedings are at the pre-trial stage; no judgment has been issued. Section 21(1) of the Financial Services and Markets Act 2000 (FSMA) prohibits any person from communicating, in the course of business, a financial promotion unless an FCA-authorised person has approved it or an exemption applies. The Financial Services and Markets Act 2000 (Financial Promotions) Order 2005 (SI 2005/1529), as amended by the Financial Services and Markets Act 2000 (Financial Promotion) (Amendment) Order 2023 (SI 2023/936), extended this prohibition to qualifying cryptoasset promotions with effect from 8 October 2023. A person who contravenes section 21(1) commits a criminal offence under section 25 FSMA and may face an unlimited fine or up to two years' imprisonment. The FCA alleges that HTX published financial promotions on its website and on social media platforms including TikTok, X, Facebook, Instagram, and YouTube, targeting UK consumers without FCA authorisation or an approved promoter. The FCA seeks a declaration that HTX breached section 21(1) FSMA and injunctive relief to stop further unlawful promotions. HTX has been listed on the FCA's Warning List since 2020. Offshore cryptoasset exchanges that communicate any promotion capable of having effect in the United Kingdom must either obtain FCA authorisation, have each promotion approved by an FCA-authorised firm, or satisfy an applicable exemption under SI 2005/1529. This action marks the first time the FCA has used civil court proceedings to enforce the cryptoasset financial promotions regime against an offshore exchange. The FCA stated that it will pursue firms regardless of where they are incorporated. Exchanges and token issuers that direct marketing at UK users through digital channels should treat this filing as a concrete enforcement benchmark, not a compliance aspiration. Source: Financial Conduct Authority, Press Release, "FCA takes action against HTX to stop illegal financial promotions," 10 February 2026, https://www.fca.org.uk/news/press-releases/fca-action-against-htx-illegal-financial-promotions (confirmed 18 March 2026). The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

On 13 March 2026, the Council of the European Union adopted its negotiating position (general approach) on a proposal to amend the EU Artificial Intelligence Act (Regulation (EU) 2024/1689) as part of the "Omnibus VII" simplification package. The position is a mandate for the Council presidency to begin inter-institutional negotiations (trialogue) with the European Parliament and the European Commission. It is not a final legislative text; the AI Act itself remains fully operative. The underlying Commission proposal sought to adjust the timeline for applying rules on high-risk AI systems by up to 16 months, so that those rules enter force once the Commission confirms that the necessary standards and technical tools are available. The Commission also proposed targeted amendments: extending certain regulatory exemptions granted to SMEs to small mid-cap companies (SMCs); expanding the possibility of processing special categories of personal data for bias detection and mitigation; reinforcing the powers of the AI Office; and reducing governance fragmentation across Member States. The Council mandate retains the thrust of the Commission proposal but adds several distinct modifications. First, it introduces a new prohibition on AI systems that generate non-consensual sexual and intimate content or child sexual abuse material, inserted as a new prohibited practice under Article 5 of the AI Act. Second, it fixes concrete application dates for high-risk rules: 2 December 2027 for stand-alone high-risk AI systems and 2 August 2028 for high-risk AI systems embedded in products — replacing the Commission's sliding trigger tied to standards availability. Third, the mandate reinstates the obligation for providers to register AI systems in the EU database even where those providers consider their systems exempt from high-risk classification, and reinstates the "strict necessity" standard for processing special categories of personal data for bias detection and correction. Fourth, it postpones the deadline for national competent authorities to establish AI regulatory sandboxes to 2 December 2027. Fifth, the text clarifies the supervisory competence of the AI Office over general-purpose AI model-based systems where the model and that system share the same provider, while listing domains in which national authorities remain competent: law enforcement, border management, judicial authorities, and financial institutions. Sixth, the mandate adds an obligation for the Commission to issue guidance assisting operators of high-risk AI systems covered by sectoral harmonisation legislation in complying with the AI Act while minimising compliance burden. AI developers, deployers, and importers of high-risk AI systems currently preparing for the August 2026 application date under the existing AI Act should treat the proposed revised dates as a likely planning baseline, subject to formal confirmation after trialogue. The reinstated registration obligation means providers cannot rely on a self-assessed exemption from high-risk classification to avoid EU database registration. The new Article 5 prohibition on AI-generated non-consensual intimate content applies to providers of general-purpose AI models and any deployer who deploys such systems in the EU market. No final Digital Omnibus text on AI has been agreed. The European Parliament is expected to set its own position; trialogue negotiations will follow. Businesses should continue monitoring the progression of the full Omnibus VII package and note that the proposed revised high-risk application dates and reinstated safeguards remain subject to change in trialogue. Source: Council of the European Union, Press Release, "Council agrees position to streamline rules on Artificial Intelligence," 13 March 2026, https://www.consilium.europa.eu/en/press/press-releases/2026/03/13/council-agrees-position-to-streamline-rules-on-artificial-intelligence/ (confirmed 18 March 2026). The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

On March 16, 2026, three minor plaintiffs filed a class action complaint against X.AI Corp. and X.AI LLC in the U.S. District Court for the Northern District of California (San Jose Division), captioned Doe 1 v. X.AI Corp., Case No. 5:26-cv-02246. The case is at the initial pleading stage. The complaint was filed by attorney Vanessa Ann Baehr-Jones on behalf of Jane Doe 1, Jane Doe 2 (a minor), and Jane Doe 3. Plaintiffs simultaneously filed a Motion to Relate Case, requesting the court to relate it to an earlier-filed matter. The complaint invokes federal question jurisdiction under 28 U.S.C. § 1331. The filing fee was $405. The nature of suit is coded as 360 P.I.: Other. The specific causes of action and statutory predicates alleged against X.AI Corp. and X.AI LLC — including any claims under 18 U.S.C. § 2255 (the civil remedy for victims of child sexual exploitation), California state law, or other provisions — are set out in the 44-page complaint (Docket No. 1, filed March 16, 2026). The complaint was accompanied by a Proposed Summons and a Motion to Relate Case. The practical effect for AI developers is direct. The lawsuit targets X.AI Corp. and X.AI LLC — the corporate entities behind the Grok AI model — alleging that the AI system produced child sexual abuse material (CSAM) or deepfake images of minors and that xAI knowingly profited from those images. AI companies deploying generative image or text models face potential civil liability under federal child exploitation statutes and California law if their systems produce or facilitate the production of CSAM. The class action structure means plaintiffs seek to represent all similarly situated minors. The case puts pressure on AI developers to implement technical controls sufficient to prevent the generation of CSAM, or face class-wide damages exposure. The case is in its earliest stage. No answer or motion to dismiss has been filed by xAI as of the date of this report. The Motion to Relate Case (Docket No. 3) seeks to connect this action to a prior related case, which, if granted, would assign it to the same judge. Whether the court certifies a class, and the scope of any class definition, remain open questions pending the adversarial process. The lawsuit is a civil action, distinct from any potential criminal investigation. Its outcome will depend on the specific factual allegations in the complaint, the applicable legal standards under both federal and California law, and xAI's defenses. Source: Doe 1 v. X.AI Corp., Case No. 5:26-cv-02246 (N.D. Cal.), Complaint (Docket No. 1, 44 pages), filed March 16, 2026. Docket confirmed via CourtListener.com and U.S. District Court, Northern District of California (San Jose Division). Filing fee receipt: ACANDC-21757506. CourtListener URL: https://www.courtlistener.com/?q=%22X.AI+Corp%22+%22CSAM%22+OR+%22deepfake%22&type=r&filed_after=2026-03-01. Confirmed March 17, 2026. The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

On March 17, 2026, the Commodity Futures Trading Commission's Market Participants Division (MPD) issued CFTC Staff Letter 26-09, a no-action position addressed to Phantom Technologies Inc., a developer of self-custodial crypto asset wallet software. The letter is at the pre-enforcement, staff-guidance stage: it is not a Commission order or rulemaking, and it binds only MPD staff with respect to the specific facts described. The position is effective immediately upon issuance and subject to withdrawal or modification by staff at any time. The controlling authority is the Commodity Exchange Act (CEA) and CFTC regulations. Staff Letter 26-09 covers regulation parts 4d, 4k, 3.10, and 3.12 — the introducing broker (IB) and associated person (AP) registration provisions under the CEA. MPD stated that it will not recommend the Commission take enforcement action against Phantom or its relevant personnel for failure to register as an introducing broker or associated person of an introducing broker solely in relation to the proposed activities, subject to certain specified conditions set out in the letter. Third parties may not rely on the position. The practical effect for the crypto wallet sector is meaningful. Phantom proposes to provide and market software enabling its users to trade with registered futures commission merchants (FCMs), introducing brokers, and designated contract markets (DCMs). Without relief, that software distribution and marketing activity could trigger IB and AP registration obligations under the CEA, imposing capital requirements, recordkeeping, and compliance costs on a non-intermediary software developer. Staff Letter 26-09 removes that registration risk for Phantom, provided the company remains within the factual parameters described. Other self-custodial wallet providers seeking similar relief must submit their own requests; they may not rely on this letter. The no-action position is fact-specific and carries no precedential weight. The conditions attached to the letter — which are detailed in the full text — govern the permissible scope of Phantom's activities. MPD can withdraw the position if facts change or if Phantom deviates from those conditions. The letter does not address other potential registration categories (e.g., commodity trading advisor, commodity pool operator) or any securities-law obligations under SEC jurisdiction. Any wallet software provider whose business model differs from Phantom's described activities faces unresolved registration questions until it obtains its own staff guidance. Source: CFTC Staff Letter 26-09, "No-Action Position for Phantom Technologies Inc.," CFTC Market Participants Division, issued March 17, 2026. See also CFTC Press Release 9197-26. Official URL: https://www.cftc.gov/LawRegulation/CFTCStaffLetters/letters.htm (Letter 26-09); https://www.cftc.gov/PressRoom/PressReleases/9197-26. Confirmed March 17, 2026. The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

The House of Lords Communications and Digital Committee published "AI and copyright and the creative industries" (HL Paper 267) on March 6, 2026. The report is the output of the Committee's inquiry into the legal treatment of copyright-protected works used to train AI models and the rights of creators whose works are used without licence. The report makes recommendations to the UK Government directed at Parliament and HM Government and is not itself binding law. The Committee examined the Copyright, Designs and Patents Act 1988, in particular the text and data mining exception at section 29A, inserted by the Enterprise and Regulatory Reform Act 2013. The report finds that section 29A's scope is insufficient to address large-scale AI training on copyright-protected material and that current law does not require AI developers to obtain licences before ingesting protected works. The Committee recommends that HM Government introduce legislation requiring AI developers to disclose the training datasets they use and to establish a licensing or remuneration mechanism that compensates rights holders whose works are ingested for AI training. AI developers that train models on UK-hosted or UK-sourced copyrighted content face potential legislative change if the Government accepts the Committee's recommendations. Rights holders — including music publishers, literary publishers, news organisations, and visual artists — gain a formal parliamentary endorsement of their position that unlicensed AI training constitutes a rights violation. Any legislative change implementing the recommendations would affect the terms on which AI companies can train on UK copyright works and may require them to audit and disclose existing training datasets. The report's recommendations require Government action to become law. HM Government has not yet formally responded to the report as of March 17, 2026. The Government's response will determine whether legislation follows and on what timeline. Practitioners and AI developers should monitor the Government's formal response, which parliamentary convention requires within 60 days of the report's publication. Source: House of Lords Communications and Digital Committee, AI, copyright and the creative industries, HL Paper 267, published March 6, 2026. Available at: https://committees.parliament.uk/committee/170/communications-and-digital-committee/publications/. Confirmed March 17, 2026. The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

The UK Competition and Markets Authority published "Agentic AI and consumers" on March 9, 2026. This research and guidance document sets out the CMA's view of how existing consumer protection law applies to businesses that deploy agentic AI systems — AI that acts autonomously on a consumer's behalf, such as AI that books services, makes purchases, or manages subscriptions without requiring step-by-step human input. The guidance is not a new regulation; it applies existing statutory obligations to a new technological context. The CMA grounds its guidance in the Digital Markets, Competition and Consumers Act 2024 and the Consumer Rights Act 2015. Under those statutes, a business must not engage in unfair commercial practices, must provide clear information to consumers, and must not use terms or conditions that disadvantage consumers in a way that courts or the CMA may find unfair. The guidance states that these obligations apply equally when the business deploys an AI agent to interact with consumers on its behalf. The CMA identifies specific risk areas: AI agents that steer consumers toward choices that benefit the deploying business rather than the consumer, agents that withhold material information, and agents that operate in ways consumers cannot understand or override. AI businesses, platform operators, and any firm deploying AI agents that interact with UK consumers must review their agent system design and terms of service against the consumer protection standards the CMA describes. Firms whose AI agents make purchasing decisions on behalf of consumers face particular scrutiny over transparency obligations — consumers must be told when an AI agent is acting for them and must be able to override or cancel agent actions. Businesses whose agents operate in digital markets subject to the Digital Markets, Competition and Consumers Act 2024 designation regime face additional obligations under that Act's pro-competition interventions. The guidance does not carry the force of binding rules, but the CMA may use it as the basis for enforcement action under the Digital Markets, Competition and Consumers Act 2024 or refer firms to the courts. Businesses should treat the guidance as an accurate statement of the CMA's enforcement priorities in the agentic AI space. Source: Competition and Markets Authority, Agentic AI and consumers, published March 9, 2026. Available at: https://www.gov.uk/government/publications/agentic-ai-and-consumers. Confirmed March 17, 2026. The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

In Ping Fai Yuen v Fun Yung Li & Anor [2026] EWHC 532 (KB), handed down March 10, 2026, the King's Bench Division of the High Court of England and Wales struck out the claimant's conversion claim in relation to stolen cryptocurrency. The case arose from an alleged theft of digital assets. The court held that conversion is a tort that protects possessory rights in tangible personal property and cannot extend to cryptocurrency. The court applied the ratio of OBG Ltd v Allan [2007] UKHL 21, which confines conversion to tangible chattels capable of physical possession. At paragraph 79 of the judgment, the court held that cryptocurrency does not satisfy this requirement. The court also considered the Property (Digital Assets etc) Act 2025, which recognises digital assets as a third category of personal property in English law but does not alter or create possessory rights of the kind required to sustain a conversion claim. The Act's recognition of a novel property category does not, of itself, make conversion available for digital assets. Crypto businesses, custodians, and individual holders who suffer theft of digital assets in England and Wales cannot rely on conversion as a cause of action to recover those assets or their value from a wrongdoer. Claimants must instead pursue alternative proprietary or restitutionary remedies. Relevant options include a proprietary claim based on unjust enrichment, a constructive trust claim where the defendant holds identifiable assets on trust, or claims under any applicable contractual arrangement. The decision leaves open the question of which specific causes of action will reliably succeed for digital asset theft under English law following the Property (Digital Assets etc) Act 2025. Practitioners advising clients on asset recovery should assess available remedies on a case-by-case basis given the developing state of the law. Source: Ping Fai Yuen v Fun Yung Li & Anor [2026] EWHC 532 (KB), handed down March 10, 2026. Available at: https://caselaw.nationalarchives.gov.uk/ewhc/kb/2026/532. Confirmed March 17, 2026. The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

The United Kingdom Parliament received The Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025 ("the Cryptoassets Order") on December 15, 2025, when HM Treasury laid it before Parliament. The Order is final legislation — not a consultation or proposal — and its provisions come into force in stages beginning in 2027. The Cryptoassets Order extends the Financial Services and Markets Act 2000 regulated-activities regime to a defined set of cryptoasset activities for the first time. The Cryptoassets Order brings the following activities within the FSMA 2000 regulated-activities regime: operating a cryptoasset trading platform, dealing in cryptoassets as principal or agent, arranging deals in cryptoassets, making arrangements with a view to transactions in cryptoassets, providing cryptoasset custody services, and communicating financial promotions related to cryptoassets. Any person carrying on a regulated cryptoasset activity in or from the United Kingdom must hold FCA authorisation unless an exemption applies. The FCA will set conduct-of-business rules for each regulated activity through separate consultations. Crypto exchanges operating in or from the United Kingdom, custody providers, broker-dealers, and firms issuing financial promotions for cryptoassets must obtain FCA authorisation before the relevant provisions take effect in 2027. Firms currently registered with the FCA only under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 regime do not hold FSMA authorisation and must apply separately. Firms that fail to obtain authorisation before the relevant commencement date will commit a criminal offence under section 23 of FSMA 2000. The Cryptoassets Order sets a staged commencement schedule, with individual provisions entering into force on dates to be specified by further statutory instrument or on a date set in the Order itself. HM Treasury has indicated that the FCA will issue conduct rules via consultation papers ahead of each commencement date, giving firms a defined window to seek authorisation. Firms should monitor FCA consultation papers issued after December 15, 2025 to track the specific dates and requirements for each regulated activity. Source: HM Treasury, The Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025, laid before Parliament December 15, 2025. Policy note and draft Statutory Instrument: https://www.gov.uk/government/publications/regulatory-regime-for-cryptoassets-regulated-activities-draft-si-and-policy-note. Confirmed March 17, 2026. The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

On March 12, 2026, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) designated six individuals and two entities for their roles in Democratic People's Republic of Korea (DPRK) government-orchestrated information technology worker schemes. The targets included individuals and entities based in North Korea, Vietnam, Laos, and Spain. The designations are immediately effective and result in full asset blocking. Treasury stated that the schemes generated approximately $800 million in revenue in 2024 to fund DPRK weapons of mass destruction programs. OFAC designated the targets under Executive Order 13810 ("Imposing Additional Sanctions With Respect to North Korea") and Executive Order 13382 ("Blocking Property of Weapons of Mass Destruction Proliferators and Their Supporters"). E.O. 13810 authorizes designations of entities operating in specified sectors of the North Korean economy, including the information technology sector. E.O. 13382 authorizes designations of entities that have provided support to WMD proliferators. The designated entities include Amnokgang Technology Development Company (designated under E.O. 13810 for operating in the DPRK IT sector) and Quangvietdnbg International Services Company Limited (designated under E.O. 13810 for being owned or controlled by designee Nguyen Quang Viet). The designated individuals include Nguyen Quang Viet, Do Phi Khanh, Hoang Van Nguyen, Yun Song Guk, Hoang Minh Quang, and York Louis Celestino Herrera. U.S. persons — including crypto exchanges, wallet providers, financial institutions, and businesses that hire remote IT contractors — must immediately screen their counterparties and employees against the updated Specially Designated Nationals and Blocked Persons (SDN) List. All property and interests in property of the designated persons that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Transactions involving cryptocurrency — including the conversion of fiat into crypto or the receipt of crypto from designated parties — are prohibited. U.S. businesses that unknowingly employed DPRK IT workers must terminate those relationships immediately and report any blocked property to OFAC. Non-U.S. persons are also prohibited from causing or conspiring to cause U.S. persons to wittingly or unwittingly violate U.S. sanctions. Foreign financial institutions that knowingly conduct or facilitate significant transactions on behalf of designated persons risk exposure to secondary sanctions, including the potential prohibition or strict conditions on maintaining correspondent accounts in the United States. OFAC may impose civil penalties for sanctions violations on a strict liability basis. Persons with information about DPRK sanctions violations may be eligible for awards through FinCEN's whistleblower incentive program if their information leads to monetary penalties exceeding $1,000,000. Source: U.S. Department of the Treasury, OFAC, "Treasury Sanctions Facilitators of DPRK IT Worker Fraud Targeting U.S. Businesses," Press Release (Mar. 12, 2026). Available at: https://home.treasury.gov/news/press-releases/sb0416. Confirmed: March 16, 2026. The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.

On March 11, 2026, the U.S. Commodity Futures Trading Commission and the U.S. Securities and Exchange Commission jointly announced the execution of a Memorandum of Understanding (MOU) establishing a framework for coordination and collaboration between the two agencies. The MOU is effective upon execution and immediately operative. Concurrent with the MOU, the agencies created a Joint Harmonization Initiative to advance coordinated oversight and regulatory clarity in areas of common regulatory interest. The MOU is an inter-agency agreement executed pursuant to each agency's statutory authority — the CFTC under the Commodity Exchange Act and the SEC under the Securities Exchange Act of 1934 and the Securities Act of 1933. The document commits both agencies to: (1) clarifying product definitions through joint interpretations and rulemakings; (2) modernizing clearing, margin, and collateral frameworks; (3) reducing registration frictions for dually registered exchanges, trading venues, and intermediaries; (4) providing a fit-for-purpose regulatory approach for crypto assets and other emerging technologies; (5) streamlining regulatory reporting for trade data, funds, and intermediaries; and (6) coordinating cross-market examinations, economic analyses, risk monitoring, surveillance, and enforcement. The Joint Harmonization Initiative will be co-led by Meghan Tente (CFTC) and Robert Teply (SEC). Entities that are dually registered with both the CFTC and SEC — including futures commission merchants that are also registered as broker-dealers, swap dealers with securities activities, and operators of trading venues subject to both agencies' jurisdiction — stand to benefit most directly from the MOU's commitment to reduce duplicative registrations and burdensome rules. Crypto asset issuers, exchanges, and DeFi protocol operators should pay close attention to the commitment to develop a "fit-for-purpose regulatory framework for crypto assets and other emerging technologies," as this is the area most likely to produce new joint interpretive guidance or coordinated rulemakings in the near term. The MOU does not itself change any existing rule, regulation, or legal requirement. Its commitments are aspirational and operational, not binding in the statutory or regulatory sense. Actual changes will require separate notice-and-comment rulemakings, joint interpretations, or formal agency orders. The CFTC and SEC have invited public input on areas of harmonization through a written input form and meeting request mechanism. Market participants wishing to flag priority areas for harmonization — particularly in crypto asset regulation — should submit input promptly. Source: Commodity Futures Trading Commission and Securities and Exchange Commission, Joint Press Release, "CFTC and SEC Announce Historic Memorandum of Understanding Between Agencies," CFTC Press Release No. 9192-26 (Mar. 11, 2026). Available at: https://www.cftc.gov/PressRoom/PressReleases/9192-26. Confirmed: March 16, 2026. The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.