Action Items for
U.S. Public Companies for 2025

Rapid rulemaking and aggressive enforcement by the SEC, combined with legislative, judicial, and regulatory developments, have created new requirements and expectations for U.S. public companies. As we begin 2025, U.S. public companies might consider taking the following actions:

1. Assess what a second Trump presidential administration may mean for your company. A second Trump administration will likely bring new risks and opportunities for U.S. public companies. Proposals announced by President-Elect Donald Trump and expected deregulation could affect a variety of areas such as trade and tariffs, capital-raising, dealmaking, and immigration. Certain industries, such as cryptocurrency, are more likely to be greatly affected than others. Companies can assess their priorities and determine whether and how to provide input as executive and legislative changes are made. Companies can also consider whether updates to Form 10-K risk factors are necessary or advisable to reflect any significant policy changes proposed or made by the new administration. Listen to the Sidley webinar “Post-Election Landscape: New Risks, New Opportunities” here, and see Sidley’s webpage here designed to help our clients prepare for anticipated changes.
2. Remember to comply with new SEC disclosure requirements in your 2025 annual filings. For example, file your insider trading policy and clawback policy with your Form 10-K, in each case, after making any advisable amendments and deletions. In addition, include disclosure in your proxy statement (or Form 10-K) regarding policies and practices on the timing of option grants in relation to the release of material non-public information (MNPI) and include tabular disclosure regarding any options granted to named executive officers in the period beginning four business days before and ending one business day after the disclosure of MNPI.
3. Establish robust disclosure and internal controls relating to cybersecurity incidents. This has been an area of increasing SEC focus, with the SEC commenting on a number of companies’ Form 8-K Item 1.05 cyber incident disclosures. In addition, in 2024, the SEC charged several companies with making materially misleading disclosures regarding cybersecurity risks and breaches and others with disclosure controls and procedures violations relating to cybersecurity incidents, with civil penalties to settle such charges ranging from $990,000 to $4 million.
4. Ensure that the board understands the impact of artificial intelligence (AI) on corporate strategy and risk. In light of rising AI enforcement in 2024, corporate boards need to understand and stay apprised of AI-related legislative and regulatory initiatives in the U.S. and abroad and oversee company compliance, as well as the development of relevant policies, information systems, and internal controls, to ensure that AI use is consistent with legal, regulatory, and ethical obligations, with appropriate safeguards to protect against risks. See the Sidley AI Monitor resource here and the Sidley articles here (key AI-related business and legal issues to consider), here (AI and the role of the board), and here (applicable to companies if the output of their AI system is intended for use in the EU). Companies may also consider disclosing board oversight of AI in response to a 2025 Glass Lewis proxy voting policy (discussed in the Sidley Update here).
5. Prepare for compliance with new Hart-Scott-Rodino (HSR) filing requirements. Amendments to the HSR form are scheduled to take effect on February 10, 2025 (although the effective date may be delayed until March 21, 2025 if the Trump administration decides to implement a 60-day freeze on pending regulations). These long-awaited amendments significantly expand the information and materials that filing parties will be required to disclose, so filings are expected to take two to four times longer than under the current rules. Outside the deal-making context, consider what is prepared for the CEO and the board of directors in the ordinary course, given that the new HSR rules require parties to produce all annual, semiannual, and quarterly high-level strategic plans provided to the CEO and all high-level strategic plans provided to the board of directors that (a) analyze market shares, competition, competitors, or markets, (b) were created within one year of the HSR filing date, and (c) pertain to any overlapping product or service of the acquiring person that is also produced, sold, or known to be under development by the acquired entity. See the Sidley Update here.
6. Assess director time commitments and relationships (including personal friendships) that may affect director independence. As discussed in the Sidley Update here, director overboarding continues to be a topic of great interest to investors, and boards should ensure that directors have the ability to devote sufficient time to board duties. In light of this, consider enhancing proxy statement disclosures describing how the board (or a board committee) evaluates director time commitments. Companies are also well advised to ensure that D&O questionnaires elicit information about personal relationships that could bear on director independence. In September 2025, the SEC settled charges with a former officer and director of Church & Dwight Co. Inc. (C&D) because he failed to inform the board of his close personal friendship with a C&D executive, causing C&D to include materially misleading statements in its proxy statement regarding his independence. The director had, among other things, frequently vacationed internationally with the C&D executive and paid more than $100,000 for the executive and his spouse to join him and his spouse on vacations.
7. Comply with climate- and sustainability-related directives and laws in California and the European Union (EU) (even if the SEC climate disclosure rules may not take effect anytime soon, if ever). The California Climate Corporate Data Accountability Act (SB 253) requires companies that are incorporated in the U.S., have more than $1 billion in annual revenues, and do business in California to report annually their scopes 1, 2, and 3 greenhouse gas emissions beginning in 2026 based on data from fiscal year 2025. The California Climate-Related Financial Risk Act (SB 261) requires companies that are incorporated in the U.S., have more than $500 million in annual revenues, and do business in California to report their climate-related financial risks and mitigation measures beginning in 2026. See the Sidley Updates here, here, here, and here for the latest on those reporting obligations. The EU requires broader sustainability disclosures and supply chain due diligence, which will apply to certain U.S. companies beginning in 2025. Companies with EU operations should assess whether and which group entities are within the scope of these EU laws and begin determining how and when to adapt their corporate sustainability policies and processes to comply. See the Sidley Updates here, here, here, and here for the latest on those reporting obligations. Additionally, the Sidley resource here summarizes climate-related disclosure regulations across jurisdictions.
8. Consider whether any evaluation or updates to corporate diversity, equity, and inclusion (DEI) programs, policies, or disclosures are advisable. In December 2024, the Fifth Circuit vacated the SEC-approved Nasdaq board diversity rules. In the wake of the Supreme Court’s 2023 ruling in SFFA – the affirmative action decision¹ – companies also may face heightened risk of challenges to their DEI policies and programs. Companies can consider steps to advance an inclusive and diverse workplace while addressing their legal risk, including by auditing and considering updates to any existing DEI programs, policies, and disclosures.
9. Refresh insider trading training. In response to the 2024 SEC v. Panuwat decision (in which an executive was found to have violated insider trading laws after using confidential information about the impending announcement of the acquisition of his then-employer to purchase call options on another comparable public company), companies should consider enhancing insider trading programs to ensure that insiders understand the extent to which legal prohibitions on trading on MNPI learned during the course of their employment or service to the company apply not only to trading in the company’s securities but also to trading in the securities of other companies (e.g., counterparties and competitors).
10. Make sure agreements do not impede whistleblowing. In 2024, the SEC continued to bring enforcement actions against companies alleging that they entered into agreements with employees or other parties (e.g., customers) that the SEC found impeded potential whistleblowers from reporting complaints to the SEC. Companies should review agreements with current and former employees and third parties and ensure that they do not purport to restrict the counterparties from communicating with government agencies.
11. Engage regularly with shareholders and proactively prepare for shareholder activism. Research demonstrates that shareholder engagement is associated with increased shareholder confidence in management and the board as well as a lower likelihood of activism (and that when companies do experience activism, those with greater engagement have less costly campaigns). Before any activist situation arises, companies should assess their vulnerabilities and ask experienced proxy contest counsel to review their corporate bylaws to ensure that they reflect current best practices. See the Sidley article here. Companies should also be mindful of how the Delaware courts will evaluate claims challenging an advance notice bylaw adopted or amended during a proxy contest. See the Sidley Update here. Furthermore, particularly given the current universal proxy rules, companies are well advised to review director biographies in proxy statements and on corporate websites to ensure they reflect the strengths, qualifications, and relevant experience of individual directors.
12. Promptly integrate newly acquired companies into your compliance programs. In September 2024, the SEC announced that it had charged a manufacturing company with violating the books and records and internal accounting controls provisions of the Foreign Corrupt Practices Act (FCPA) in connection with bribes paid by its wholly-owned subsidiary to Thai government officials and employees of a private construction company to win government contracts and sales. The company had acquired the Thai subsidiary in December 2017 as part of a $5.2 billion cash purchase of a German road construction company. The SEC Enforcement Division FCPA Unit alleged that the manufacturing company failed to timely integrate the Thai subsidiary into its existing compliance and controls environment, which allowed the bribes to go undetected. The manufacturing company agreed to pay nearly $10 million to resolve the charges.
13. Carefully evaluate outbound investments in Chinese-affiliated entities. A final rule issued by the U.S. Department of the Treasury took effect on January 2, 2025 prohibiting or requiring notification of U.S. outbound investments in certain Chinese-affiliated companies in the semiconductor and microelectronics, quantum information technology, and AI sectors. See the Sidley Update here.
14. Comply with Corporate Transparency Act (CTA) reporting obligations, if  and when applicable. While public companies are generally exempt due to existing reporting obligations, public company subsidiaries, joint ventures, or other affiliates may be required to file beneficial ownership information with the Financial Crimes Enforcement Network (FinCEN) if they do not meet the exemption criteria. Companies should monitor the status of the CTA in case the December 2024 nationwide preliminary injunction blocking FinCEN from enforcing the CTA is lifted and reporting deadlines are reimposed. See the Sidley Update here.