Information Technology

Subscribe to Information Technology via RSS

Following a tumultuous start to fiscal year 2026, including a government shutdown that lasted 43 days, the National Defense Authorization Act for fiscal year 2026 (NDAA 2026), Pub. L. 119-60, was passed by Congress and signed into law on December 18, 2025. NDAA 2026 is a critical legislative act, setting acquisition reforms and policies and authorizing appropriations and funding levels for the Department of Defense (DoD). With $900.6 billion in funding for the DoD, NDAA 2026 contains a plethora of acquisition reform provisions and critical updates impacting defense contractors. Title XVIII of NDAA 2026 significantly increased certain acquisition thresholds, including triggers for the Truthful Cost or Pricing Data Act (formerly the Truth in Negotiations Act) and Cost Accounting Standards application, which you can read about here. Additionally, NDAA 2026 increases the thresholds for noncompetitive acquisitions and when information technology requirements qualify as a major system.Continue Reading FY2026 NDAA: Major Increases to Critical Acquisition Thresholds

July’s “Winning the Race: America’s AI Action Plan,” released by the White House, contains helpful recommendations for the energy sector as the use of AI becomes more prevalent and, with it, the need for more energy. The plan recommends the use of an existing consultation and coordination process for expediting the federal permitting and review of large infrastructure projects to cover all eligible data center and data center energy projects. It also recommends optimizing existing grid resources, prioritizing the interconnection of reliable power sources, ensuring sufficient generation exists to support data centers, and embracing new technology and sources of energy.Continue Reading Power Up: What the AI Action Plan Means for the Energy Sector

For those who grew up gripping a joystick and dodging alien fire in Defender, riding ostriches through floating platforms in Joust, or crossing a hectic freeway in Frogger, winning wasn’t about memorizing rules; it was about adapting fast, reading the patterns, and leveling up. That same urgency now applies to federal information and communication technology (ICT) contractors. A sweeping overhaul of FAR Part 39 has just been released, and while it may not blink and beep like a cabinet in a darkened arcade, it’s just as demanding. There’s no attract mode here. The game has already started.Continue Reading FAR 2.0 Part 39 in Arcade Mode—How Federal IT Acquisition Just Hit Reset

New Hart-Scott-Rodino premerger notification rules, which took effect in February, require that companies now provide more information than ever before about their prospective mergers. Meanwhile, both federal and state antitrust enforcers continue to step up scrutiny of data-related antitrust harms such as information sharing, monopolization, and price coordination, and private litigants are also filing claims. Data has long been used by companies to benchmark performance metrics, from pricing to inventory levels, and to manage revenue. But as data volume has increased, so too has the risk of violating antitrust laws through higher levels of interconnection. Big data could facilitate price coordination, potentially rising to the level of price fixing, and could thus entrench the market power of companies that have amassed data critical to the ability to compete.Continue Reading Mo’ Data, Mo’ Problems: Antitrust Risk in the Age of Big Data

Contractors interested in offering federal agencies artificial intelligence (AI) can now glean insight into how agencies are expected to conduct AI acquisitions. On September 24, 2024, the Office of Management and Budget (OMB) issued Memorandum M-24-18, Advancing the Responsible Acquisition of Artificial Intelligence in Government (the Memorandum), providing guidance and directing agencies “to improve their capacity for the responsible acquisition of AI” systems or services, including subcomponents. The Memorandum builds on the White House’s Executive Order 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, and OMB Memorandum M-24-10, Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence. Taking effect on March 23, 2025, M-24-18 will apply to all solicitations and contract option exercises for AI systems covered under the Memorandum.Continue Reading OMB Issues Guidance to Agencies on Responsible Artificial Intelligence Acquisitions

If you happen to be a government contractor and are contemplating additions to your Summer reading list, consider adding the FAR Council’s May 3, 2024 advanced notice of proposed rulemaking (“ANPR”) to the mix. The ANPR, which was issued in furtherance of implementing Section 5949 of the FY 2023 National Defense Authorization Act (“NDAA”), contemplates various forthcoming changes to the FAR, all of which focus on banning agencies from purchasing certain products or services that contain or otherwise utilize semiconductors that are produced, designed, or provided by three Chinese entities and their subsidiaries, affiliates, or successors: Semiconductor Manufacturing International Corporation (“SMIC”), ChangXin Memory Technologies (“CXMT”), and Yangtze Memory Technologies Corp. (“YMTC”). In addition, the FAR will likely be amended to prohibit the acquisition of semiconductor products or services from any entity that is owned, controlled by, or otherwise connected to China, North Korea, Iran, Russia and any other “foreign country of concern” – a designation to be determined by the Secretary of Defense or the Secretary of Commerce, in consultation with the Director of National Intelligence or the Director of the Federal Bureau of Investigation.Continue Reading Supply Chain Checkup: FAR Council Announces New Rulemaking Focused on Prohibiting Certain Semiconductor Acquisitions

On June 2, 2023, the FAR Council issued an Interim Rule to implement the prohibition on having or using TikTok or any successor application or service developed or provided by ByteDance Limited (covered application). Importantly, the prohibition applies not only to Government-issued devices but encompasses contractor and contractor employee-owned devices (e.g., employee devices used as part of a bring-your-own-device program) as well. The Interim Rule took immediate effect and requires new FAR clause FAR 52.204-27, Prohibition on a ByteDance Covered Application, to be included in solicitations issued on or after June 2, 2023. In addition, solicitations issued before the effective date were required to be amended by July 3, 2023, provided that award of the resulting contract(s) occurs on or after the effective date. Existing indefinite-delivery, indefinite-quantity contracts were required to be modified to include the new clause by July 3, 2023, to apply to future orders. Finally, if exercising an option or modifying an existing contract to extend the period of performance, contracting officers must include the clause. In short, this clause will soon be in most if not all Federal government contracts. Contractors should take action now to ensure that they are prepared to comply with these requirements and that employees are familiar with and trained regarding the prohibition.Continue Reading TikTok Dances Off of Contractor IT Devices—Interim Rule Prohibits ByteDance Limited Applications

For just shy of a decade, the Defense Industrial Base (DIB) has had to operate under rules dictating the safeguarding of Controlled Unclassified Information, along with a strict 72-hour notification requirement if/when/should a “cyber incident” occur. For the uninitiated, these are the requirements found in the Department of Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. And for a large swath of government contractors, these requirements have been more bane than benefit, as many have struggled to meet the DFARS’ stringent requirements.

Well, critical infrastructure industry, welcome to the party! Soon, companies involved in all sectors of critical infrastructure will need to comply with new federal reporting requirements for cybersecurity incidents and ransom payments after President Joe Biden signed The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the Act) into law on March 15, 2022. Tied to an omnibus appropriations package, the Act requires entities involved in critical infrastructure to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours and any paid ransom demands within 24 hours. While these new reporting obligations will not become effective until CISA promulgates rules to further define requirements, as the DIB’s effort has demonstrated, it would be wise to examine best practices in incident response plans to begin sooner rather than later.Continue Reading Critical Infrastructure Industry Drafted: Welcome to the Cyber War