Why a clean name-match screen is no longer enough, and why the diligence meant to find hidden China exposure can create risk on the other side of the Pacific.

Picture the boardwalk version of supply-chain compliance. It’s August. Fingers are that odd combination of french fry-greasy and ice cream-sticky The arcade is humming. Someone hands you the mallet. The first mole pops up with a familiar name: Huawei. Easy. Then SMIC. Fine. Then a listed Chinese military company. Also easy. You swing, you hit the obvious targets, and for a moment the game looks like it’s under control.

Then the real game starts.

An affiliate pops up under a different name. A covered chip appears four tiers down on the bill of materials (BOM). An “Assembled in Vietnam” label peeks out from behind a Chinese foundry. A commodity laptop turns out to contain memory nobody thought to diligence. A lobbyist retained by a parent-company consultant suddenly matters. And just when you reach for a bigger mallet, China-side countermeasures pop up too, because the act of mapping the supply chain may create its own risk if the request touches sensitive information, is framed as implementing a foreign restriction, or collides with Chinese law.

That is the 2026 China supply-chain compliance landscape. The problem isn’t just that more moles are popping up; it also is that they are popping up from different boards, under different rules, and sometimes from the other side of the arcade.

The three games now running at once

Section 1260H, the Chinese Military Companies list.

The list created under Section 1260H of the FY2021 National Defense Authorization Act (NDAA) is an identification mechanism. Standing alone, it doesn’t impose a procurement prohibition. The teeth come from later legislation.

Effective June 30, 2026, Section 805 of the FY2024 NDAA bars the Department of Defense (DoD) from entering into, renewing, or extending contracts with entities on the 1260H list and entities subject to their control. A separate goods-and-services prohibition takes effect June 30, 2027, and bars the DoD from procuring goods or services that include those produced or developed by listed entities or entities subject to their control, including when sourced indirectly through third parties. That prohibition includes important exceptions, among them an exception for components supplied as part of an end item or another component.

Section 851 of the FY2025 NDAA adds a separate June 30, 2026 readiness issue involving covered lobbyists. It is generally understood as restricting DoD contracting with companies or those whose parent or subsidiary contract with lobbyists for 1260H companies. Commentators have flagged drafting ambiguity, so contractors should watch for implementing guidance. But the practical takeaway is clear: defense contractors should make and document reasonable inquiries about relevant lobbying relationships.

Section 1346 of the FY2025 NDAA also adds a mechanism for the DoD to identify entities based on ownership and control relationships. That doesn’t mean every affiliate is automatically listed the moment ownership exists. It means ownership and control are now central to how future 1260H determinations may be made and justified.

Section 5949, Chinese semiconductors.

On or after December 23, 2027, Section 5949 of the FY2023 NDAA will prohibit federal agencies from procuring or obtaining covered semiconductor products or services, or electronic products or services that include covered semiconductor products or services, subject to statutory exceptions and implementing rules.

The named Chinese semiconductor companies are SMIC, CXMT, and YMTC together with their subsidiaries, affiliates, and successors. The Federal Acquisition Regulation (FAR) Council published a proposed rule on February 17, 2026. The comment period closed April 20, 2026. As of June 3, 2026, the FAR rule isn’t final.

That matters. The statutory effective date and covered-company framework are settled. The final FAR mechanics, certifications, reporting timelines, and treatment of some acquisition categories may still shift. But contractors shouldn’t treat Section 5949 as a niche chipmaker problem.

China’s Decrees 834 and 835.

China’s State Council has also moved. Decree No. 834—the industrial and supply-chain security regulation—and Decree No. 835—the regulation addressing improper foreign extraterritorial jurisdiction—were issued in spring 2026 and took effect immediately.

The decrees elevate tools China has been building for years, including blocking-rule concepts, counter-sanctions measures, and mechanisms aimed at foreign measures China views as improper extraterritorial jurisdiction. They shouldn’t be described as a blanket ban on ordinary supply-chain diligence. They are better understood as creating a higher-risk environment for certain diligence, especially where information is collected in China in violation of Chinese laws or rules, where sensitive industrial or supply-chain data is involved, or where the request can be characterized as assisting a foreign measure China has identified as improper.

And the framework isn’t theoretical. In May 2026, China’s Ministry of Justice, together with the Ministry of Commerce and other authorities, determined that the EU’s cross-border information demands in the Nuctech foreign-subsidies investigation constituted improper extraterritorial jurisdiction, and it ordered that the identified measures not be implemented or assisted. That was an EU fact pattern, not a U.S. contractor BOM request. But it shows the mechanism is live and has teeth.

The common mistake is treating these as list-screening problems, when they are really ownership, traceability, and jurisdiction-conflict problems. In other words, this isn’t one boardwalk game—it’s three games running at once.

Mole #1: “It’s an affiliate, not the listed entity.”

The first miss happens when companies treat restricted-party lists as lists of names rather than maps of corporate families.

Both the 1260H framework and Section 5949 require attention to ownership, control, subsidiaries, affiliates, and successors, though they do so in different ways. A foundry can spin a product line into a differently named joint venture. A listed or covered company can sit above or beside the entity that appears in the procurement file. A screen that looks only for “SMIC” or only for the exact 1260H list entry can sail right past the issue.

For international companies and primes with foreign sub-tiers, restricted-party screening has to follow beneficial ownership and control, not just trade names.

Mole #2: “It’s a sub-tier supplier, not my direct supplier.”

The June 2026 1260H contracting prohibition is the one most teams are preparing for. The harder operational issue comes later, with the June 2027 1260H goods-and-services prohibition and the December 2027 Section 5949 semiconductor prohibition. Those rules force contractors to look beyond the top tier, but they don’t do so in identical ways.

For 1260H, the June 2027 goods-and-services prohibition includes an important component exception. A component made by a 1260H entity and incorporated into a higher-level end item isn’t necessarily within the 1260H prohibition by virtue of that fact alone.

Section 5949 is different. It is aimed at covered semiconductor products and services, and at electronic products and services that include or use them. So if the hidden item is a covered semiconductor, Section 5949 may be the more important hook.

The right question isn’t simply “How far down the BOM does 1260H go?” The better question is “Which rule is doing the work?”

Mole #3: “It’s assembled in Mexico, Vietnam, or Malaysia, so it’s not Chinese.”

Final assembly is the boardwalk prize label of supply-chain compliance. It looks official. It feels reassuring. It may not answer the question.

None of these regimes can be cleared simply by pointing to final assembly in a third country. A server assembled in Malaysia may still include a covered semiconductor. A module assembled in Mexico may still raise ownership or control questions if the relevant entity sits under a restricted corporate family. Country-of-origin labels and substantial-transformation analyses may matter for Customs, but they don’t by themselves answer the questions these statutes ask.

Mole #4: “It’s a commercial commodity, surely COTS products are exempt.”

This is where the Section 5949 proposed rule really starts throwing sand in the gears. The proposed rule would apply broadly to electronic products and services provided to the government, including acquisitions of commercial products and commercial IT and telecommunications services. The FAR Council also stated that Section 5949 doesn’t exempt micro-purchases and that the Council intends to apply the rule to acquisitions at or below the simplified acquisition threshold. The proposed rule also indicates that the Council doesn’t intend to exempt commercial products or commercial IT and telecommunications services.

That means contractors should not assume ordinary catalog items are outside the frame. Memory and storage are the classic trap. NAND and DRAM from covered Chinese makers can appear in laptops, solid-state drives (SSDs), servers, networking gear, and Internet of Things (IoT) devices that a contractor buys from a catalog and never thinks of as “semiconductors.”

“I don’t make chips, so 5949 isn’t my problem” is exactly the kind of sentence that becomes a finding.

Mole #5: “It’s just our outside consultant.”

Section 851 is the boardwalk side game nobody noticed until it started taking quarters.

It isn’t about what the contractor buys. It’s about relationships with covered lobbyists. The provision is generally understood to create a June 30, 2026 prohibition affecting DoD contractors or their parents or subsidiaries that contract with an entity engaged in lobbying activities for a 1260H company. Because commentators have flagged drafting ambiguity, contractors should be careful in describing the precise legal mechanics until the DoD issues implementing guidance.

The practical step, however, is not ambiguous. Contractors should ask and document whether relevant outside lobbyists, lobbying firms, law firms, consultants, and similar service providers lobby for companies on the 1260H list. That inquiry should cover not only the contractor but also relevant parent and subsidiary relationships.

The bonus round nobody budgeted for: the map itself may be risky

Here is where the game just gets weird. To prepare for 1260H and Section 5949, contractors may need to map suppliers, collect BOMs, trace components, and document the absence of restricted or covered content. That is ordinary compliance work. But when the data sits in China, the request needs more care. Article 13 of Decree 834 does not make every supply-chain survey unlawful, but it does create risk around supply-chain information gathering that violates Chinese laws or rules, especially where sensitive industrial data or foreign sanctions-related diligence is involved.

So a routine BOM request is not automatically prohibited. But if it is sent into China to support a U.S. certification, seeks sensitive supply-chain information, or is framed as helping implement a foreign restriction against China, it may move into higher-risk territory.

Decree 835 adds another layer by allowing China to identify foreign measures it views as improper extraterritorial jurisdiction and restrict implementation of or assistance with those measures. The Nuctech action does not prove ordinary U.S. contractor diligence will be treated the same way, but it shows the mechanism is live.

The practical point is narrow but important: China-facing supply-chain mapping should be structured deliberately, reviewed locally where needed, and documented without gratuitously describing the work as helping implement foreign sanctions or discriminatory measures.

How to play without just swinging harder

The answer is not a bigger mallet, it’s a better game plan.

  • Screen beyond names: Re-baseline restricted-party screening to capture ownership, control, subsidiaries, affiliates, and successors where the relevant regime makes those relationships material. Require vendors to identify beneficial owners, parent companies, controlled subsidiaries, manufacturing affiliates, and relevant successors, and refresh that information on a defined schedule.
  • Separate the regimes: Build the review around the rule doing the work. For 1260H, focus on listed entities, entities subject to their control, end items, services, and the component exception. For Section 5949, focus on covered semiconductors and electronic products or services that include or use them. Do not collapse the two into one generic “China component” rule.
  • Push diligence down, and paper it: Use supplier representations and flow-downs that reach relevant sub-tiers. Ask for the specific information the rule requires, preserve the request and the response, track non-responses and red flags, and document why the company accepted, rejected, or escalated the supplier’s answer.
  • Treat commodity hardware as potentially in scope: Inventory the COTS products, commercial IT, networking equipment, storage, and memory products you resell, integrate, or provide to federal customers. Prioritize laptops, servers, SSDs, networking equipment, IoT devices, and other products likely to contain NAND, DRAM, or covered semiconductor content.
  • Run jurisdiction-sensitive diligence: Where data must come from China, structure the request carefully. Decide who should ask, what data is actually needed, whether the local supplier should collect it under its own obligations, whether China counsel should review the request, and whether Chinese data, national-security, trade, or counter-sanctions rules are implicated.
  • Sequence and document deliberately: Treat mapping, notice, supplier exit, substitution, and certification as separate steps. Capture the business and compliance rationale in real time and avoid gratuitous language suggesting the company is implementing sanctions or discriminatory measures against China when more accurate language is available.
  • Do not forget the lobbyist screen: Add the Section 851 inquiry to the June 2026 readiness checklist. Identify relevant lobbying firms, law firms, consultants, trade associations, and government-affairs vendors used by the contractor, parent, and subsidiaries, and document the reasonable inquiry.

What is nailed down, and what is still popping up

Some parts of the game board are fixed. The 1260H contracting prohibition takes effect June 30, 2026. The 1260H goods-and-services prohibition takes effect June 30, 2027, with an important component exception. Section 5949’s statutory framework covers SMIC, CXMT, YMTC, and their subsidiaries, affiliates, and successors, with the relevant prohibition taking effect on or after December 23, 2027. The FAR Council published the Section 5949 proposed rule on February 17, 2026, and the comment period closed April 20, 2026. China’s Decrees 834 and 835 are in force, and China has already invoked the improper-extraterritorial-jurisdiction framework in the Nuctech matter.

But not every mole is fully visible yet. The Section 5949 FAR rule is still proposed. The DoD’s implementing guidance for the 1260H and Section 851 prohibitions remains important. And the China-side rules are still developing in practice, especially when ordinary commercial diligence begins to look like assistance with a foreign measure China considers improper.

That is why the right posture is not panic, and it is not complacency. The dates are close enough to plan against. The rules are clear enough to start mapping. But the board is still moving. The companies that do best will not be the ones swinging hardest. They will be the ones watching the whole board.

What Federal Contractors Should Be Watching This Summer

Summer 2026 has arrived with a new wave of artificial intelligence (“AI”) policy from the White House. On June 2, 2026, President Trump signed an Executive Order titled “Promoting Advanced Artificial Intelligence Innovation and Security” (the “Order”). The Order directs federal agencies—on aggressive 30‑ and 60‑day timelines, with key deliverables due by July 2, 2026 and August 1, 2026—to harden federal information systems with AI‑enabled defenses, establish a voluntary framework for pre‑release federal access to so‑called “covered frontier models,” and prioritize criminal enforcement against malicious AI‑enabled cyber activity. Although the Order is framed as innovation‑and‑security policy and expressly disclaims any “mandatory governmental licensing, preclearance, or permitting requirement” for new AI models, it will have immediate operational consequences for federal information‑technology and cyber contractors, AI developers, critical‑infrastructure operators, and their service providers.

Key Provisions

Accelerated Federal Cyber Defense (Section 2)

Within 30 days (i.e., by July 2, 2026), the Committee on National Security Systems must prioritize cyber defense of National Security Systems (as defined in 44 U.S.C. § 3552(b)(6)(A)), and the Secretary of War must do the same for Department of War (“DoW”) information systems. On the civilian side, also by July 2, 2026, the Secretary of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (“CISA”)—and in consultation with the Office of Management and Budget (“OMB”), the National Security Advisor, and the National Cyber Director—must issue Binding Operational Directives (“BODs”) and other guidance to expedite cyber defense of civilian federal information systems, expand programs that enhance AI‑enabled defensive tools, and facilitate access to cybersecurity tools and services (including, where appropriate, “covered frontier models”) for federal agencies, state and local authorities, and operators of critical infrastructure such as “rural hospitals, community banks, and local utilities.”

AI Cybersecurity Clearinghouse (Section 2(d))

By July 2, 2026, the Secretary of the Treasury—with the National Cyber Director, the National Security Agency (“NSA”), and CISA—must form a voluntary clearinghouse with industry and critical‑infrastructure operators to coordinate vulnerability scanning, validate findings, and prioritize patch distribution.

Workforce and Funding (Sections 2(e)–(f))

Also by July 2, 2026, OMB must canvass federal grant programs for funds that can be directed to developers of “advanced AI vulnerability detection.” By August 1, 2026 (60 days from the Order), the Office of Personnel Management (“OPM”) must expand the United States Tech Force Information Cybersecurity Specialist hiring and placement pathways.

Secure Frontier Model Deployment (Section 3)

By August 1, 2026, Treasury, NSA, and CISA—coordinating with the National Cyber Director, the Assistant to the President for Science and Technology, and the National Institute of Standards and Technology—must (a) develop a classified benchmarking process to designate “covered frontier models” based on advanced cyber capabilities, with the NSA Director making the designation; and (b) design a voluntary framework allowing developers to engage the federal government to determine model status, to provide access for up to 30 days before release “subject to appropriate confidentiality, cybersecurity, insider‑risk, and intellectual‑property protection, use, and nondisclosure requirements,” and to collaborate on selecting “trusted partners” for early access. Section 3(c) expressly disclaims any mandatory licensing, preclearance, or permitting requirement.

Criminal Enforcement (Section 4)

The Attorney General must prioritize enforcement of 18 U.S.C. §§ 1028 (identification fraud), 1030 (the Computer Fraud and Abuse Act (“CFAA”)), and 1343 (wire fraud), along with other federal criminal laws, against anyone using AI to access or damage a computer without authorization—including “employing AI agents to unlawfully access data or information that is subsequently used for a criminal or unlawful purpose.”

Implications for Contractors

Federal IT and cybersecurity contractors

Expect rapid downstream contracting activity through July 2, 2026 and into the weeks that follow. Contractors should anticipate quick‑turn task orders, expedient acquisition vehicles (Other Transaction Authorities, Broad Agency Announcements (“BAAs”), urgent‑and‑compelling actions), and updated cybersecurity flow‑downs on existing indefinite‑delivery, indefinite‑quantity contracts—particularly under the Department of Homeland Security, DoD/DoW, and Treasury. Vendors offering AI‑enabled defensive tooling, vulnerability detection, and incident response are positioned to capture new work through CISA’s expanded “cybersecurity tools and services” channel and the Treasury‑led clearinghouse.

DoD/DoW contractors

The July 2, 2026 directive to harden Department information systems will translate into accelerated Chief Information Officer and component‑level requirements. Anticipate renewed scrutiny of System Security Plan and Plan of Action and Milestones (SSP/POA&M) artifacts, compressed patch service‑level agreements, and pressure to integrate AI‑based monitoring. Cybersecurity Maturity Model Certification (CMMC)‑relevant subcontractors should expect flow‑downs that exceed current baseline expectations.

Critical‑infrastructure operators and their vendors

The Order specifically names rural hospitals, community banks, and local utilities as eligible beneficiaries of federally‑facilitated tools and services, potentially including covered frontier models. Managed security providers, regional integrators, and operational‑technology and industrial‑control‑system (OT/ICS) vendors should track CISA guidance closely and prepare to participate in clearinghouse and trusted‑partner programs.

Frontier‑model developers

The Order disclaims mandatory licensing, but practical participation in the pre‑release access framework—and selection as a “trusted partner”—is likely to become a meaningful differentiator in federal acquisitions once the framework is finalized by August 1, 2026. Developers should negotiate carefully regarding: scope and duration of government access (capped at 30 pre‑release days under Section 3(b)(ii)); insider‑risk and personnel‑vetting parameters; intellectual property (“IP”) protection, use limitations, and non‑disclosure agreement (“NDA”) terms; treatment of derivative artifacts generated during federal evaluation; and clear off‑ramps.

AI‑agent vendors and integrators

Section 4’s emphasis on agentic AI used to access computers “without authorization” places CFAA risk at the center of agent design. Vendors should re‑examine authorization documentation, terms‑of‑service flow‑throughs, scraping and browsing behaviors, and customer indemnification posture. Enterprise customers will increasingly demand stronger contractual representations that agents act only within authorized scopes.

Key Takeaways for Contractors

  • Mark July 2 and August 1 on the calendar. By July 2, 2026, contractors should expect cyber‑prioritization actions across the Committee on National Security Systems and DoW components, the first wave of CISA BODs, the Treasury‑led AI cybersecurity clearinghouse to stand up, and OMB’s grant‑funding sweep to conclude. By August 1, 2026, the OPM Tech Force expansion and the NSA‑led “covered frontier model” framework are due. Pre‑position teaming agreements, capture plans, and quick‑turn task‑order responses now.
  • “Voluntary” on paper, table stakes in practice. Section 3(c) expressly disclaims any mandatory licensing, preclearance, or permitting requirement. But early engagement—and especially designation as a “trusted partner”—is likely to translate into preferred placement in federal acquisitions and first‑look access to government‑facing deployments. Frontier‑model developers should weigh the strategic upside of opting in against the IP, insider‑risk, and disclosure costs before the August 1, 2026 framework hardens.
  • Frontier‑model engagement needs counsel up front—not at the term sheet. Pre‑release government access (capped at 30 days under Section 3(b)(ii)) raises hard questions around IP ownership of derivative artifacts generated during federal evaluation, personnel vetting, NDA scope, and clear off‑ramps. Because the NSA‑led benchmarking criteria will be classified, developers will not see the goalposts; counsel should negotiate use limitations and information barriers before any weights, system prompts, or fine‑tuning data cross the threshold. Further complicating things and underscoring the need for counsel engagement upfront is that the Order does not define what qualifies as a “covered frontier model.” Given that frontier models are generally understood to mean the most advanced AI models available at a given time, developed benchmarks will likely continuously evolve once the voluntary framework is stood up. For frontier-model developers, the classified nature of the benchmarking criteria will limit their visibility in determining whether participating in pre-release government access provides the most bang for their buck.
  • CFAA exposure for AI agents just got hotter. Section 4 directs the Attorney General to prioritize enforcement of 18 U.S.C. §§ 1028, 1030, and 1343 against AI used to access computers “without authorization”—and against downstream criminal use of data so accessed, including via AI agents. Agentic‑system vendors and integrators should audit authorization flows, terms‑of‑service inheritance, scraping and browsing behaviors, customer indemnity posture, and contractual representations that agents act only within authorized scope. Expect enterprise customers to demand harder reps and warranties on these points.
  • Flow‑downs are coming—to defense and civilian vehicles alike. DoD/DoW contractors should anticipate tightened SSP/POA&M scrutiny, compressed patch SLAs, and AI‑monitoring integration; CMMC‑relevant subcontractors should expect requirements that exceed current baseline expectations. Civilian agency contractors should track CISA’s July 2 BODs for “cybersecurity tools and services” obligations that may land in existing IDIQ, BPA, and OASIS+ task orders without a separate solicitation.
  • A new federal channel into named critical‑infrastructure sectors. The Order names rural hospitals, community banks, and local utilities as eligible beneficiaries of federally‑facilitated tools and services, potentially including covered frontier models. For managed‑security providers, regional integrators, OT/ICS vendors, and AI‑defense startups, this is not just a compliance signal—it is a new federal sales channel. Engage the Treasury clearinghouse early and watch for the criteria that will govern trusted‑partner selection.
  • Hunt for grant dollars; brace for the talent crunch. OMB’s July 2 canvass of grant programs for “advanced AI vulnerability detection” funding may surface near‑term BAA opportunities for companies with relevant research and development (“R&D”) portfolios. Meanwhile, OPM’s August 1 Tech Force expansion will draw from the same cyber talent pool contractors recruit from during peak summer hiring—revisit retention bonuses, non‑compete and non‑solicit terms, training‑reimbursement clauses, and clearance‑sponsorship economics now.
  • Brief executives, then brief the contract files. Contractors should circulate this Order to GovCon counsel, Chief Information Security Officers, and capture teams in parallel. Update bid/no‑bid templates to capture AI‑defensive‑tool questions, refresh subcontractor flow‑down libraries, and confirm that ongoing AI‑adjacent task orders contemplate the new BOD and clearinghouse landscape.

In a sharply worded order issued May 18, 2026, the Office of Hearings and Appeals (OHA) of the U.S. Small Business Administration (SBA) remanded the agency’s suspension of ATI Government Solutions, LLC, from the 8(a) Business Development (BD) Program, finding the administrative record so deficient that it could not meaningfully review whether the suspension rested on adequate evidence. The case is Matter of ATI Government Solutions, LLC, SBA No. BDPT-728 (2026), and the decision is a forceful reaffirmation of two bedrock principles of administrative law in the 8(a) suspension context: An agency must articulate its reasoning at the time it acts, and the record it submits on appeal must actually contain the materials the decision-maker relied on. It also arrives at a uniquely fraught moment for 8(a) firms—and ATI, a tribally owned participant suspended on the strength of a hidden-camera video, illustrates exactly the kind of fast, thinly supported enforcement action that seems to have become business as usual for the SBA in recent months.

Continue Reading OHA Remands 8(a) Suspension Built on Hidden-Camera Video

Given the slew of Executive Orders (EOs) last year focusing on diversity, equity, and inclusion (DEI) and roiling the funding and operations of recipients of federal financial assistance such as universities and nonprofits, recipients may be forgiven for passing over EO 14398, dated March 26, 2026. As we’ve been covering (here and here), EO 14398 marks a second phase of the administration’s focus on “racially discriminatory DEI activities.” Where EOs from 2025 focused on broad policy shifts and internal agency operations, 2026 EOs seek prospective operationalization of the administration’s policy preferences by baking restrictions on DEI activities into federal contracts.

Continue Reading Recipients of Federal Financial Assistance Can Look to the New DEI Clause to Prepare for Potential Increased Scrutiny of Their Own Awards

The Department of Defense’s proposed rule implementing Section 847 of the FY 2020 NDAA could fundamentally reshape how foreign ownership, control, or influence (FOCI) is monitored across the defense industrial base. Through proposed DFARS Part 240, the rule would extend recurring FOCI disclosure, National Industrial Security System (NISS) reporting, and Defense Counterintelligence and Security Agency (DCSA) oversight far beyond the traditional facility-clearance context and into ordinary government contracting. For foreign-owned contractors, allied-country suppliers, private equity sponsors, and federal subcontractors, the proposal signals the emergence of a permanent compliance regime built around continuous visibility rather than one-time vetting.

Friends, Romans, contractors, lend me your ears;
I come to disclose your owners, not to debar them.
The FOCI that contractors do is oft assessed;
The clearances are oft interred with their bones.
So let it be with allies. The honorable rule
Hath told you that we treat all foreigners alike;
If it be so, it is a grievous form,
And grievously hath the SF-328 answered it.

The speech may be a little ridiculous, but in its way, it’s also a little accurate. The proposed DFARS rule implementing Section 847 of the FY 2020 NDAA is not unkind to allies. It is, as was Mark Antony, scrupulously polite to them, right up to the moment it asks them to register as suspects.

Continue Reading Section 847 and the New Era of DOD Continuous FOCI Monitoring

Half an inch determined the outcome of a $260 million Department of Veterans Affairs (VA) procurement in Joerns Healthcare, LLC v. United States, a bid protest in which the US Court of Federal Claims (COFC) enforced strict compliance with solicitation specifications. The court rejected the contractor’s reliance on industry standards, holding that unambiguous solicitation terms control evaluation outcomes when agencies verify compliance through stated measurement methods. For contractors competing in FAR Part 12 commercial item acquisitions and FAR Part 15 procurements, the decision reinforces that even minimal deviations from express requirements can render a proposal unacceptable.

Continue Reading Half an Inch from a Quarter-Billion: COFC Tells Contractors to Read the Spec, Not the Industry

A 2026 federal executive order reshapes federal procurement policy by directing agencies to use fixed-price contracts as the default under FAR Part 16, while requiring written justification and higher-level approval for cost-reimbursement, time-and-material, and labor-hour contracts. The order also establishes agency approval thresholds, carve-outs for R&D and contingency work, and a phased implementation schedule through OMB guidance and FAR Council rulemaking. For government contractors, the change affects how agencies structure acquisitions, allocate risk, and modify existing and future contracts, with significant implications for federal procurement strategy and compliance in 2026.

Continue Reading Cost-Plus Out. Fixed-Price In.

If your supply chain crosses a border, your FAR 52.222-90 flowdown is probably already wrong. Either it overpromises in ways an EU, UK, or South African supplier cannot sign without violating local law, or it underpromises and creates False Claims Act (FCA) exposure on the US side. Both versions of the problem land on the same desk, and they land on a clock.

As we covered in a prior post, FAR 52.222-90 is not a routine flowdown. It reaches subcontract administration, records access, reporting obligations, bilateral modifications, suspension and debarment, and FCA materiality. In cross-border scenarios, those same hooks meet a thicket of foreign equality, pay-transparency, sustainability, human-rights, privacy, and disclosure-blocking regimes. The result is predictable confusion, and confusion in this clause is expensive.

Continue Reading FAR 52.222-90 Goes Global: Cross-Border Supply Chains and the Limits of a US Flowdown

Federal contractors looking for the “DEI issue” in FAR 52.222-90 may be looking in the wrong place. Yes, the clause is about what Executive Order 14398 calls “racially discriminatory DEI activities.” But that’s only the starting point. The new clause also reaches subcontract flowdowns, records access, reporting obligations, bilateral modifications, suspension and debarment, and False Claims Act (FCA) risk. This isn’t just an HR issue, and it isn’t just a DEI issue. It is a contract-administration issue, a supply-chain issue, and an invoice issue all at once.

Continue Reading Everything Everywhere All at Once: The Contractor DEI Clause Hits HR, Supply Chains, Invoices, and Subcontracts

On April 7, 2026, Acting Attorney General Todd Blanche issued a memorandum establishing the National Fraud Enforcement Division (“NFED”) within the U.S. Department of Justice (“DOJ”). Announced in a corresponding DOJ press release, the NFED is the Department’s first unified litigating division dedicated exclusively to investigating and prosecuting fraud against taxpayer dollars. For the government contractor community, the creation of the NFED represents a meaningful escalation in federal fraud enforcement.

Continue Reading DOJ Stands Up a New Fraud-Fighting Division: What Government Contractors Need to Know About the National Fraud Enforcement Division