Fighting Overcriminalization in Federal Regulations: Analysis of May 2025 Executive Order

On May 9, 2025, the White House issued a new Executive Order titled “Fighting Overcriminalization in Federal Regulations.” This order is aimed at curbing the overuse of criminal penalties in federal regulatory laws (such as those promulgated by the SEC and FDA, amongst others). The executive order seeks to ensure that ordinary people and businesses aren’t turned into felons for violating obscure regulations they never knew about.

Below is a summary of the order’s contents and purpose, discuss the types of regulations it targets (such as in healthcare, cryptocurrency, and securities), and analyzes how it may affect defendants (and potential future defendants) in enforcement actions.

Summary of the Executive Order

“Fighting Overcriminalization in Federal Regulations” responds to concerns that federal regulations have created crimes that people can accidentally commit.

The Purpose section of the order notes that the Code of Federal Regulations (CFR) contains over 175,000 pages across more than 48,000 sections, “far more than any citizen can possibly read, let alone fully understand,” as the order makes clear, and that many of these rules carry criminal penalties. The order refers to this status quo as “absurd and unjust,” noting it allows the executive branch to ‘write’ criminal law through regulations and gives an advantage to large companies (who can hire teams of lawyers) over average Americans. The stated purpose of the order is to “ease the regulatory burden on everyday Americans and ensure no American is transformed into a criminal for violating a regulation they have no reason to know exists.” A worthy goal.

Key provisions of the “Overcriminalization” Executive Order include:

• Criminal enforcement of regulatory offenses is now disfavored: The order makes it policy that agencies and prosecutors should avoid criminally enforcing regulatory violations except in serious cases. Put differently, not every technical violation of a regulation should result in criminal charges. Instead, prosecutions should be reserved for situations where a person knew (or should have known) what the regulation required and willfully chose not to comply, causing or risking substantial harm. The order explicitly says enforcement should focus on defendants alleged to have known their conduct was unlawful.

• Discouraging strict liability crimes: Some regulatory offenses (such as misbranding) are so-called “strict liability” crimes, meaning the government doesn’t have to prove the person had any criminal intent or guilty mind (mens rea) – a person can be convicted even if they had no idea they were violating a rule. The Executive Order notes that strict liability offenses are “generally disfavored” in criminal law. It instructs agencies that when enforcement is appropriate for a strict-liability regulation, they should favor civil penalties instead of criminal charges, or use administrative enforcement if consistent with due process and jury trial rights. (Notably, the order cites the Supreme Court’s decision in Jarkesy v. SEC (2024) to remind agencies that enforcement may require a jury trial.)

• Transparency: Each agency must catalog its criminal regulations. Within one year, every federal agency (in consultation with the Justice Department) must produce a public report listing all regulatory offenses it can enforce criminally, along with the potential penalties and the required mental state (mens rea) for each. Agencies have to post this list on their website and update it at least annually. The idea is to let everyone see, in one place, exactly which regulations could land them in criminal trouble. If a regulatory crime isn’t on the public list, the order states that criminal enforcement of it is “strongly discouraged.” In fact, agency heads are directed to consider whether an offense is on the published list before referring a matter for prosecution, and the Attorney General must consider that as well before bringing charges. This effectively warns agencies and DOJ against “surprise” prosecutions based on obscure rules that haven’t been clearly identified to the public.

• Ensuring new regulations come with clear notice of any criminal aspect: Going forward, agencies are told to be very explicit whenever they create or modify existing regulations that carry criminal penalties. Any new proposed or final rule published in the Federal Register must include a statement if violating the rule could be a criminal offense, citing the law that authorizes that criminal enforcement. Similarly, the text of the regulation itself should clearly state the required mens rea (intent level) for any criminal violation. If an agency proposes a new criminal rule that imposes strict liability (no intent required), that rule will be treated as a “significant regulatory action” automatically triggering a high-level review under Executive Order 12866. This added hurdle is meant to deter agencies from creating new strict-liability crimes unless absolutely necessary.

• Evaluating and standardizing mens rea requirements: The order directs agencies, together with the Attorney General, to review their existing regulatory criminal offenses and consider adopting a consistent default mens rea standard. Within 30 days after agencies submit their offense lists (the reports mentioned above), each agency head must also report on whether the current intent requirements for their crimes are appropriate and propose any changes. If the agency has authority, it should consider establishing a default culpability standard that applies to all its regulations (for example, saying that, unless stated otherwise, a person must act “knowingly” to be criminally liable). Agencies would need to justify any offenses that deviate from that default standard.

• Guidance on when to refer violations for criminal prosecution: Within 45 days, each agency must publish guidance outlining how it will decide whether to refer a regulatory violation to the Justice Department for criminal enforcement. The Executive Order suggests factors to weigh, such as: the harm or risk of harm caused by the violation, any financial gain or benefit the violator obtained, whether the violator had specialized knowledge or licensing in the regulated area (and thus could be expected to know the rules), and any evidence of the person’s awareness that their conduct was illegal. Essentially, agencies are told to use common sense and focus on intentional violations – not honest mistakes or technical slip-ups.

• Exceptions: The order carves out certain areas – it does not apply to immigration law enforcement or to national security and defense-related regulations. Those areas of law remain under their own strict frameworks.

In short, the Executive Order’s intent is to scale back “overcriminalization” of regulatory violations by favoring civil/administrative remedies for minor infractions, demanding clarity and transparency about what regulations can trigger criminal charges, and requiring that criminal prosecutions target only those who intentionally or willfully break important rules. This is a significant policy shift that could benefit individuals and businesses who operate in heavily regulated arenas.

Regulatory Areas Likely Affected by Overcriminalization

The issue of overcriminalization in federal regulations spans many industries. Complex regulatory regimes – especially in fields like healthcare, finance, and environmental law – often include criminal penalties for violations. These are the types of regulations the executive order is concerned with. Below are a few key areas and examples of how regulatory crimes arise:

• Healthcare and FDA-Regulated Industries: The healthcare sector is governed by intricate rules (Medicare/Medicaid regulations, health privacy rules, FDA regulations for drugs and devices, etc.), and missteps can sometimes lead to criminal charges. For instance, under the Food, Drug, and Cosmetic Act (FDCA), it is a crime to distribute adulterated or misbranded drugs or medical devices. The FDCA allows criminal liability even without intent. Under the so-called “Park Doctrine,” executives of a company can be convicted of a misdemeanor FDCA violation even if they had no knowledge of the violation. This means a responsible corporate officer can be criminally liable “even without proof of negligence, intent, involvement, or even knowledge” of the wrongdoing, solely because of their position of authority. In the healthcare arena, there are also laws like the federal Anti-Kickback Statute and False Claims Act, which do require intent but are so broad that ordinary billing mistakes can sometimes be painted as criminal fraud. The Executive Order’s mandate to clarify mens rea and avoid strict liability is critical here – it suggests, for example, that prosecutors should not pursue criminal charges for an innocent record-keeping error or a technical regulatory violation in healthcare absent willful misconduct. Healthcare companies and pharmaceutical firms, which traditionally invest heavily in compliance, may welcome this stance as it could mean fewer criminal investigations for inadvertent compliance lapses.

• Cryptocurrency and Financial Technology: The crypto-sphere is another area where regulatory complexity meets potential criminal enforcement. Companies dealing in cryptocurrency often find themselves navigating unclear or rapidly evolving regulations issued by agencies like the Treasury Department (Financial Crimes Enforcement Network), the Securities and Exchange Commission (SEC), and others. For example, there are regulations on money transmission (18 USC 1960), anti-money-laundering (AML) requirements, and securities registration that may apply to crypto transactions – violation of some of these rules can lead to criminal charges if deemed “willful.” A crypto startup may unknowingly violate a financial regulation (perhaps by failing to implement an AML program), and regulators could refer the case for criminal prosecution. The new Executive Order signals that if a company in the crypto/fintech space unintentionally falls afoul of a vague rule, it should not be reflexively treated as criminal. Only serious, knowing violations (for example, a company deliberately flouting known rules concerning anti-money laundering) would merit criminal prosecution under the order’s policy.

• Securities and Corporate Regulation: The securities industry has long been subject to dual enforcement: regulatory agencies (like the SEC) handle most violations civilly, but the Justice Department can prosecute egregious securities law violations criminally (such as willful fraud, insider trading, etc.). There are numerous SEC regulations governing filings, disclosures, broker-dealer practices, and more. Many of these regulations carry potential criminal penalties if someone “willfully” violates them (often under statutes like the Securities Exchange Act). A classic example is the requirement to file certain disclosure statements once a person accumulates more than 5% of a company’s shares. Another example: failing to register securities or to adhere to trading regulations can, in some cases, lead to criminal securities fraud charges. The line between a civil enforcement action and a criminal case in securities is murky, and often comes down to intent and magnitude of harm. The Executive Order reinforces that line by instructing that criminal prosecution is “most appropriate” for those who knew what the rules forbade and deliberately chose to violate them, causing substantial harm. Minor or technical violations, such as violations of disclosure rules that often arise in criminal microcap cases, would be less likely to be referred as criminal matters under the new policy. This doesn’t decriminalize securities laws, but it does aim to reserve the “criminal” label for the clearest bad actors, not every compliance violation.

• Environmental and Wildlife Regulations: Environmental law is an area thick with regulations that carry criminal penalties, some of which have been criticized as overreaching. Agencies like the EPA and NOAA enforce laws (Clean Water Act, Clean Air Act, wildlife protection laws such as the Lacey Act and Migratory Bird Treaty Act) that can impose criminal liability for certain. FUnder certain wildlife regulations, importing or exporting species in violation of technical rules can be a felony. One xample involved a group of seafood importers who were prosecuted under the Lacey Act (a law aimed at wildlife trafficking) for improperly packaging lobster tails – they used plastic bags instead of cardboard boxes, which U.S. officials claimed violated obscure Honduran fishing regulations. The defendants faced up to eight years in prison for this packaging violation, even though Honduran authorities themselves argued no law had been broken on their end. The new Executive Order’s philosophy directly addresses such concerns. Under the EO, one would expect agencies like the EPA or Fish & Wildlife Service to use criminal charges only when a polluter or violator clearly knew they were breaking the law or regulations and caused significant environmental harm, rather than when someone violates a little-known rule by mistake. Regulated businesses in this sector (e.g. manufacturing, agriculture, import/export) might see a slight easing of the fear of criminal liability for accidental regulatory breaches, though they will still face civil liability for environmental violations.

In all these sectors – healthcare, crypto, securities, environment, and others – the Executive Order targets regulatory schemes so complex that even those well-intentioned can be on the hook for criminal violations. It encourages a shift in enforcement culture to give those people the benefit of the doubt (via civil or administrative remedies) and save the heavy hammer of criminal prosecution for truly culpable actors.

Impact on Enforcement Process and Mens Rea Standards

This Executive Order could significantly change the federal enforcement process for regulatory offenses. Here are a few key impacts on enforcement and the required proof of intent (mens rea):

• More selective referrals and prosecutions:

  • Agencies are now instructed to think twice before referring a regulatory violation for criminal prosecution, and the DOJ is instructed to be more discerning in bringing charges. Practically, this means we will see fewer borderline cases resulting in criminal investigations. For example, if an agency discovers a violation that caused no harm and where the person appears to have been genuinely unaware of the rule, the agency’s default response under this policy might be to handle it with a warning, a compliance order, or a civil fine, rather than calling in the DOJ. The written guidance on referral factors that each agency must publish will shed light on this process. Those factors (harm caused, benefit gained, industry knowledge, and awareness of wrongdoing) essentially codify a common-sense filter: Is this violation serious enough, and the violator blameworthy enough, to warrant criminal prosecution? Enforcement personnel will be expected to document how a case meets those factors if they decide to pursue it criminally. For defendants, this could mean that charges for trivial or technical violations become less common.

• Emphasis on mens rea (intent):

  • Perhaps the biggest substantive change is the emphasis on mens rea standards. Going forward, if a regulation does result in a criminal case, it’s more likely that there will be a clearly stated mens rea element that prosecutors must prove. The EO contemplates agencies adopting a uniform default mental state for their rules. For defendants, this is important. It means that lack of criminal intent will be a stronger shield than before. A defendant who truly didn’t realize their conduct was illegal (and reasonably couldn’t have known) stands a better chance of avoiding criminal charges, because the policy is to target those who “knew or can be presumed to know what is prohibited” and “willingly” violated the rule. DOJ attorneys will more carefully evaluate evidence of a defendant’s knowledge and intent before signing off on charges. In short, proving intent (or at least culpable mindset) will become an even more central part of regulatory criminal cases.

• Increased transparency and “fair notice”:

  • The requirement that agencies publicly list all criminal regulatory offenses and their mens rea will aid enforcement fairness. Defendants have always used “fair notice” as a defense to “rare” charges, but such a defense has rarely worked. No, the defense will have a new tool: if a charge is brought under a regulation not listed in an agency’s public catalog, the EO says such enforcement is “strongly discouraged”. While this doesn’t legally bar the prosecution, it gives defense counsel a policy argument to make to the DOJ prior to charge or the court that the charge is outside of published policy. At the very least, it’s an extra layer of accountability for prosecutors, who may have to explain why they are bringing an action that the agency itself hasn’t flagged as a known criminal offense. Moreover, having all these offenses listed publicly improves the “fair notice” to the public of what is criminal. Lack of fair notice can be a constitutional defense in extreme cases; by proactively listing offenses, the government strengthens its hand in arguing a defendant should have known of the rule. But conversely, if something was truly not easily known or listed, it undercuts the case for prosecution.

• Procedural changes in rule-making and review:

  • The enforcement process is also affected upstream, at the regulation drafting stage. Agencies must now denote in new rules if there are criminal consequences and cite the authorizing statute. This means proposed rules will likely invite more scrutiny during the notice-and-comment period on whether the criminal aspect is appropriate. Stakeholders (including industry groups and lawyers) may file comments objecting to any criminal provisions that lack clarity or sufficient intent standards – and the EO gives them footing to do so by establishing that strict liability rules are disfavored. Additionally, any new strict-liability offenses will face OMB’s Office of Information and Regulatory Affairs (OIRA) review as “significant” regulations, adding an extra checkpoint where cost-benefit and necessity are evaluated. This bureaucratic check may slow down or discourage the creation of new regulatory crimes. This is a positive development for defendants because it attempts to prevent overly broad or ill-defined criminal regulations from being enacted in the first place. In essence, enforcement fairness is being baked into the rulemaking process, not just left for the courts to sort out after the fact.

• No change to underlying statutes (for now):

  • It’s important to note what the Executive Order does not do: it does not repeal any existing law or remove any existing criminal offense from the books. Agencies cannot outright ignore a congressionally mandated criminal penalty. What this means is that if Congress has written a statute that says “violation of X regulation shall be a crime,” that remains a crime. The EO is about how enforcement is prioritized and handled. So, defendants cannot claim that an EO “decriminalized” their conduct. However, the EO’s policies might indirectly spur agencies to ask Congress to amend problematic laws in the future, or to use their discretion to, for example, issue regulations interpreting a statute in a way that includes a mens rea requirement if the statute was silent. In the short term, the impact is mainly on enforcement discretion.

Overall, the Executive Order should lead to more judicious use of criminal enforcement in the regulatory arena. Is this truly criminal behavior or just a compliance issue? If it’s the latter, the preference will be to handle it without involving the criminal justice system. And if it is potentially criminal, the case will be built around demonstrating the defendant’s wrongful intent or knowledge, rather than relying on technical violations.

Implications for Defendants and Compliance Strategies

For individuals and companies who are subject to federal regulations, this policy shift is largely positive news, but it comes with some practical considerations. Both defendants (or potential defendants) in enforcement actions and compliance officers or counsel advising regulated entities should understand how this Executive Order might play out in day-to-day practice.

• Defendants in ongoing or future enforcement actions:

  • If you or your company is a target of a federal enforcement action for a regulatory violation, the EO provides some helpful avenues for your defense (though it is not a legal get-out-of-jail-free card). Defense attorneys can point to the official policy of the U.S. government as now being more lenient towards unintended regulatory violations. In negotiations with prosecutors, counsel could argue, for example, “Our client made an honest mistake and didn’t willfully violate this complex regulation. The Executive Order on overcriminalization urges restraint in exactly these circumstances – a civil penalty or compliance agreement would be more appropriate than a criminal charge.” While an executive order doesn’t generally create enforceable rights for a defendant, prosecutors are internalizing these priorities. We may see more cases resolved through non-criminal means (like deferred prosecution agreements or civil settlements) when the violation was not egregious or intentional. For defendants, this means the threat of criminal indictment for regulatory missteps may be less immediate. If a case does proceed, the focus will be on intent – so defendants who genuinely tried to follow the law and lacked awareness of the rule have a stronger story to tell under this policy framework.

• Compliance strategies for businesses:

  • Companies in regulated industries should view this development as both an opportunity and a cautionary tale. One the one hand, there is less risk of imminent prosecution. On the other hand the transparency about criminal provisions raises the bar for companies to know exactly what is expected. Once agencies publish their lists of criminal offenses, compliance officers must obtain those lists and ensure every item on them is covered in the company’s compliance program. These lists will basically serve as a checklist of “things that could land us in criminal court.” There may be items on the list that surprise some businesses – obscure rules that carry criminal penalties. Now that they’re flagged, companies have no excuse not to address them through training, updated internal policies, or monitoring. Paradoxically, whereas before a company might not have educated employees about a highly obscure regulation (since even the agency might not emphasize it), now if it’s on the published list, that very act of publication could be used to argue the company “should have known.”

• Adjustment of compliance focus:

  • The EO’s intent focus suggests that regulators will be looking at evidence of a company’s good faith. This means that robust compliance efforts could pay off doubly: first, by preventing violations, and second, if a violation occurs, by demonstrating that the company was not willfully flouting the law. For example, if a violation comes to light, a company that can show it had a proper training program and compliance checks in place (and that the violation was an outlier mistake) will fit the mold of an unintentional violator who should benefit from leniency. By contrast, if a company ignored compliance and treated violations as “cost of doing business,” that speaks to willfulness or at least negligence, and enforcement officials may feel justified in pursuing harsher action.

• Revisiting risk assessments:

  • The new policy may influence how companies conduct risk assessments. Previously, if a regulatory violation carried even a small chance of criminal enforcement, companies might treat it as a high-risk item. Going forward, companies can assess risk with a bit more nuance. They might identify which obligations are most likely to trigger a criminal referral under the new paradigm – typically those where non-compliance would cause significant harm or seems clearly deliberate (for instance, discharging toxins illegally to save money, or committing fraud to gain funds). Those high-risk areas will still deserve the most attention and resources. Other areas that are highly technical and where violations would likely be viewed as mistakes (for example, a minor labeling error that doesn’t harm anyone) might be re-classified as lower criminal risk (though still a compliance concern).

• Limits of the EO – counsel’s caution:

  • This Executive Order, while helpful, is not a law. It’s an expression of current executive branch policy. Policies can change with a new administration or even be amended by the same administration. Additionally, individual prosecutors might not always perfectly adhere to the policy. Therefore, no client should rely on the EO as insulation from prosecution. The safest course is full compliance with all regulations, since the underlying laws remain on the books. Companies should also be aware that courts will still apply the statutes and regulations as written, regardless of the EO. A judge won’t dismiss a case simply because the EO said enforcement is disfavored (especially since the EO explicitly states it creates no legal rights for private parties). The EO is about preventing charges, and generally not a defense once charges are filed (apart from its persuasive value to the charging authority).

• Potential increase in administrative enforcement:

  • One side-effect for defendants to consider is that even if criminal enforcement wanes, agencies might ramp up civil and administrative enforcement. The EO encourages using civil fines or administrative penalties as an alternative to criminal prosecution for regulatory offenses. Clients might therefore face more civil penalty actions or administrative proceedings. While certainly preferable to criminal charges, these can still carry significant fines and operational impacts. For example, an environmental violation might more often be handled with a hefty EPA administrative fine rather than a DOJ indictment – the company avoids a criminal record, but it will still pay.

The Limits of the Executive Order

What do federal regulations actually criminalize? Is it unintentional conduct or conduct committed willfully? In other words, are there numerous regulations out there that a person can inadvertently violate, thus triggering criminal liability. The answer is probably no - most regulations require some form of mens rea. As examples:

Transportation - Most of the Regulations Require Some Form of “Willful” Conduct

§ 10.81 Improper disclosure.

Any officer or employee of the Department who by virtue of his or her employment or official position, has possession of, or access to, agency records which contain individually identifiable information the disclosure of which is prohibited by this part and who knowing that disclosure of the specific material is so prohibited, willfully discloses the material in any manner to any person or agency not entitled to receive it, is guilty of a misdemeanor and fined not more than $5,000 in accordance with 5 U.S.C. 552a(i)(1).

§ 10.83 Improper maintenance of records.

Any officer or employee of the Department who willfully maintains a system of records without meeting the notice requirements of § 10.21(d) of this part is guilty of a misdemeanor and fined not more than $5,000 in accordance with 5 U.S.C. 552a(i)(2).

§ 10.85 Wrongfully obtaining records.

Any person who knowingly and willfully requests or obtains any record concerning an individual from the Department under false pretenses is guilty of a misdemeanor and fined not more than $5,000 in accordance with 5 U.S.C. 552a(i)(3).

Export Control Laws - Most of the Regulations Require Some Form of “Willful” Conduct

§ 127.3 Penalties for violations.

Any person who willfully:

(a) Violates any provision of § 38 or § 39 of the Arms Export Control Act (22 U.S.C. 2778 and 2779) or any rule or regulation issued under either § 38 or § 39 of the Act, or any undertaking specifically required by part 124 of this subchapter; or

(b) In a registration, license application, or report required by § 38 or § 39 of the Arms Export Control Act (22 U.S.C. 2778 and 2779) or by any rule or regulation issued under either section, makes any untrue statement of a material fact or omits a material fact required to be stated therein or necessary to make the statements therein not misleading, shall upon conviction be subject to a fine or imprisonment, or both, as prescribed by 22 U.S.C. 2778(c).

In short, it is unclear exactly what the reach of this Executive Order will be. Is it addressing a non-existent problem, in that statutes already require willful conduct to be broken? Or, does it actually make prosecution easier because by publishing a list of regulations people will be deemed to be “on notice” of what can land them in jail. Only time will tell.

Conclusion

The “Fighting Overcriminalization in Federal Regulations” Executive Order represents a significant policy shift in how federal regulatory offenses will be enforced. The order aims to ensure that criminal prosecution is the exception, not the rule, for regulatory violations – reserving it for willful, harmful misconduct rather than inadvertent mistakes. It accomplishes this by instructing agencies to be transparent and restrained in wielding the criminal law, by emphasizing the need for clear intent requirements, and by formalizing a more commonsense, fair approach to enforcement.

For clients and attorneys in regulated industries, this development is largely welcome. It promises a bit more clarity and predictability: you will know what rules carry criminal risk, and you can have greater confidence that an accidental compliance slip-up won’t suddenly escalate into a criminal indictment. In practical terms, we will be watching over the next year as agencies compile their lists of criminal regulatory offenses and issue their referral guidance. Those materials will be important resources for those charged with complying with the vast trove of federal regulations. We’ll also see how DOJ implements these policies in cases going forward – whether charging decisions reflect the “discouraged” status of certain prosecutions.