Recommended Alerts

Sign Up For Alerts

A Question of Intent: FDA Amends Intended Use Regulations with Goal to Provide More Clarity, but Significant Questions Remain

On August 2, 2021, FDA issued a final rule amending its drug and medical device regulations describing the types of evidence that FDA considers relevant to determining a product’s “intended use.” The concept of intended use is a cornerstone of FDA’s regulatory scheme that determines whether and how the Agency regulates a product as a drug or device. This final rule represents the culmination of a nearly six-years-long rulemaking process that generated extensive comments from stakeholders. Most significantly, the final rule clarifies that a firm will not be regarded as intending an unapproved new, or off-label, use for a drug or device based solely on that firm’s knowledge that the product was prescribed or used by health care providers for the use. More generally, FDA has made clear that it will continue to take a broad view of what evidence, including manufacturer communications and other information about the product, may be considered when determining intended use. The amended regulations also will expressly state for the first time that the “design or composition” of an article may be relevant to determining intended use.

Read More

Cyber-Attacks (Asset-Freezing) Regulations 2019

Time to Read: 1 minutes Practices: Government Enforcement / White Collar Criminal Defense

Printer-Friendly Version

On 11 June 2019, the Cyber-Attacks (Asset-Freezing) Regulations 2019 (SI 2019/956) (the “U.K. Regulations”) come into force in the United Kingdom. The U.K. Regulations implement the domestic requirements of EU Regulation (2019/796), which sets out restrictive measures against cyber-attacks (i.e., malicious cyber activities) threatening the European Union or its Member States.

The U.K. Regulations apply to U.K. nationals or any body incorporated in the United Kingdom but also have extra-territorial effect for conduct (which includes acts and omissions) committed wholly or partly outside the U.K. by a U.K. national or body incorporated in the United Kingdom.

Interactions with funds or resources belonging to a “designated person” can trigger liability under the U.K. Regulations. The definition of a “designated person” is taken from EU Regulation (2019/796) and includes those who:

  1. are responsible for cyber-attacks or attempted cyber-attacks;
  2. provide financial, technical or material support for or are otherwise involved in cyber-attacks or attempted cyber-attacks, including by planning, preparing, participating in, directing, assisting or encouraging such attacks, or facilitating them whether by action or omission; or
  3. are associated with the natural or legal persons, entities or bodies covered by points (a) and (b) of this paragraph.

The nature of the cyber-attack must be significant and originate or be carried out from outside the EU in order to fall within scope.

The U.K Regulations prohibit:

  1. dealing with funds or economic resources owned, held or controlled by a designated person;
  2. making funds available to, or for the benefit of, a designated person; and
  3. making economic resources available (directly or indirectly) to a designated person.

Suspicion or having reasonable cause to suspect that any of the above will occur is enough to constitute an offence. Conviction of an offence under the U.K. Regulations can lead to a term of imprisonment or an unlimited fine.

It is possible to protect against liability by obtaining a licence from HM Treasury granting permission to deal with funds or resources linked with a designated person.

It is important to note that, as yet, no one is listed as a “designated person” under Annex 1 of EU Regulation (2019/796). This means that firms will need to monitor developments in this area to ensure they are not dealing with such persons. Firms should also review the situation following the U.K. leaving the EU as the U.K. may still seek to agree a position with the EU on this issue.

Printer-Friendly Version

Cookie Settings