Regulatory & Statutory Developments

Ding ding.” – Apollo Creed,
Rocky III

September 30. All (most?) federal years end the same way, at least on paper—like a prizefight, with the clock ticking down; an agitated, uncertain crowd; a lot of money on the table; and a ref capable of stopping the match at any moment. This year will be at once both no different and a completely different beast. With ever-recent uncertainty surrounding appropriations, continuing-resolution (CR) risk, evolving Federal Acquisition Regulation (FAR) language, the tightening screws of cyber attestations, industry supply-chain and acquisition changes, and grant closeouts that always take longer than you’d think, September is not a month for contractor improvisation. It’s a month when a dedicated corner team, a game plan, and crisp execution all are paramount.

Continue Reading And in This Corner … the Sweet Science of Federal Contracting’s Year-End

Earlier this year, we addressed a growing sense of confusion and unease among federal contractors relating to shifting diversity, equity, and inclusion (DEI) standards. Specifically, awardees had to take stock of the Department of Justice’s (DOJ) newly launched Civil Rights Fraud Initiative. DOJ explained that it intended to pursue False Claims Act (FCA) cases against “any recipient of federal funds that knowingly violates federal civil rights law,” with an emphasis on unlawful DEI workplace programs. But given this year’s abrupt shift regarding DEI standards, contractors were left to guess which conduct could put them in DOJ’s crosshairs. On July 29, DOJ elaborated on what it considers “unlawful discrimination,” issuing Guidance for Recipients of Federal Funding Regarding Unlawful Discrimination (“Guidance”) to all federal agencies. The Guidance outlines what DOJ deems “best practices” so that any organization that receives federal financial assistance—e.g., universities, local governments, and nonprofit organizations—can take practical steps “to minimize the risk of violations.”

Continue Reading New “Unlawful Discrimination” Guidance from DOJ Underscores Risks to Federal Grant Recipients

For those who grew up gripping a joystick and dodging alien fire in Defender, riding ostriches through floating platforms in Joust, or crossing a hectic freeway in Frogger, winning wasn’t about memorizing rules; it was about adapting fast, reading the patterns, and leveling up. That same urgency now applies to federal information and communication technology (ICT) contractors. A sweeping overhaul of FAR Part 39 has just been released, and while it may not blink and beep like a cabinet in a darkened arcade, it’s just as demanding. There’s no attract mode here. The game has already started.

Continue Reading FAR 2.0 Part 39 in Arcade Mode—How Federal IT Acquisition Just Hit Reset

On June 6, 2025, President Trump issued a new executive order, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144” (EO), signaling the construction of a fortified cyber defense across federal operations. This directive updates the nation’s digital stronghold, modernizing risk management, defending against quantum and artificial intelligence (AI) threats, and drawing sharper lines in the battle against foreign cyber adversaries. For technology companies and federal suppliers, this is a clarion call to reinforce their digital walls and sharpen their defenses. Agencies will soon build these secure-by-design principles into every contract and procurement decision. In this era of fortress-building, failing to meet these standards not only will leave your gates unguarded but also could bar you from the entire federal marketplace. The EO may read like ordinary policy, but don’t be misled: It’s a direct command for companies to strengthen their cyber defenses or be locked out of federal opportunities altogether.

Continue Reading Building the Cyber Fortress: New Cybersecurity Executive Order Targets Quantum, AI, and Supply Chain Security

The Department of Defense (DoD) is revving its engines again—this time to rocket past its own software acquisition drag. Launched via an April 24 memo from Acting DoD CIO Katie Arrington, the DoD’s Software Fast Track (SWFT) Initiative entered a 90‑day sprint to redefine Accelerating the Authority to Operate (ATOs), aiming to replace the outdated Risk Management Framework (RMF) with AI‑enabled, continuous compliance workflows. Officially live on June 1, 2025, SWFT isn’t a fully cleared runway—it’s a mission in motion, with Requests for Information (RFIs) out and industry poised to respond. But the real turbulence won’t be technical—it’ll be cultural: Can Pentagon policy and personnel move at Top Gun pace?

Continue Reading The Need for Speed: DoD’s “Software Fast Track” Targets Bureaucracy at Mach 2

Beware the Jabberwock, my son! The jaws that bite! The claws that catch!”

– Lewis Carroll: “Jabberwocky,” Through the Looking-Glass, and What Alice Found There (1872)

There is a growing sense of confusion and unease among many federal contractors and grant recipients in these early days of the second Trump administration. In a time when some agencies face dislocation and downsizing (or, as with USAID, effective disbandment), contractors may feel like Alice stepping through the Looking Glass into a world strangely inverted from the one they knew. This shift is especially evident in the administration’s rejection of seemingly all diversity, equity, and inclusion (DEI) policies—long used to prevent discrimination, comply with civil rights laws, and foster inclusive environments in the American workforce.

Continue Reading Through the Looking Glass: Shifting DEI Standards Expose Contractors to False Claims Act Risk

The California Privacy Protection Agency (CPPA) recently fined clothing retailer Todd Snyder almost $350,000 for two types of consumer privacy errors. Due to technical errors during a 40-day period, it was impossible for Todd Snyder website users to request to opt out of having their information sold or shared. When users clicked the button for the Cookie Preferences Center, the consent banner would appear but instantly disappear, thus making it impossible for anyone to actually opt out. For those who were able to actually access the preferences center, Todd Snyder over-collected information from its users who wanted to opt out of having their information sold or shared. Todd Snyder’s data request form required users to verify their identity by submitting a photograph of themselves holding their identity document, even when they wanted to opt out.

Continue Reading Check Your Process or Pay Your Fine: Recent 6-Figure Fines from the California Privacy Protection Agency

On April 15, 2025, President Trump issued a sweeping executive order (EO), “Restoring Common Sense to Federal Procurement.” As reflected in its accompanying Fact Sheet, the EO promises to rewrite the Federal Acquisition Regulation (FAR), eliminate most non-statutory provisions, and usher in the “most agile, effective, and efficient procurement system possible.” As the first comprehensive overhaul of the FAR in its nearly 40-year history, the forthcoming changes may dramatically reshape how businesses of all stripes engage with the federal government. But beyond its big promises and patriotic flair, the proposed overhaul raises critical questions: Can it really be done in six months? What happens to the thousands of existing regulations around which contractors have built compliance programs?

Continue Reading Hold My Beer: The Trump Administration’s Bold Plan to Rewrite the FAR

On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed that contractors must continue complying with Revision 2 thanks to a previously issued class deviation. What does this mean in plain terms? The DoD is slowly pulling back the curtain on the next major shift in cybersecurity compliance. Still, the full prestige hasn’t happened yet.

Continue Reading The “Prestige”: DoD Unveils NIST SP 800-171 Revision 3, Organizationally Defined Parameters

New Hart-Scott-Rodino premerger notification rules, which took effect in February, require that companies now provide more information than ever before about their prospective mergers. Meanwhile, both federal and state antitrust enforcers continue to step up scrutiny of data-related antitrust harms such as information sharing, monopolization, and price coordination, and private litigants are also filing claims. Data has long been used by companies to benchmark performance metrics, from pricing to inventory levels, and to manage revenue. But as data volume has increased, so too has the risk of violating antitrust laws through higher levels of interconnection. Big data could facilitate price coordination, potentially rising to the level of price fixing, and could thus entrench the market power of companies that have amassed data critical to the ability to compete.

Continue Reading Mo’ Data, Mo’ Problems: Antitrust Risk in the Age of Big Data