Regulatory & Statutory Developments

On February 26, 2025, the White House issued another Executive Order (EO) that will have major implications for Federal government contractors across numerous industries and agencies. The new EO, entitled Implementing the President’s “Department of Government Efficiency” Cost Efficiency Initiative, requires every agency to work with that agency’s DOGE Team Lead (i.e., the leader of the DOGE Team at each agency, as defined in Executive Order 14158) to, among other things, conduct a review of covered contracts and grants, set up guidance for new contracts aimed at promoting efficiency and the Trump administration’s priorities, and build a system to track and justify payments made to contractors. What does that mean for you? Consider the below.

Continue Reading New EO Demands Agencies Conduct Review of All Covered Contracts and Grants, Terminate or Modify To Reduce Spending, and Set Up System To Track and Justify All Future Payments

Amid a flurry of executive orders starting his second administration, President Donald Trump issued an order entitled “Ending Illegal Discrimination and Restoring Merit-Based Opportunity” (the “Order”) on January 21, 2025. The Order will have an immediate impact on federal contractors and subcontractors currently subject to the affirmative action obligations concerning women and minorities under now-revoked Executive Order 11246 dated September 24, 1965 (and the subsequent executive orders that refined these obligations). It also signals a significant change in the focus of federal enforcement of equal opportunity laws. The Order does NOT, however, change any of the substantive federal law regarding employment discrimination. Under Title VII of the Civil Rights Act of 1964, it remains illegal for employers to make employment decisions on the basis of race, color, religion, sex, or national origin. Other federal and state statutes prohibit making employment decisions on various other bases, including age, disability, genetic make-up, etc.; none of these substantive laws have been changed. So what has changed?

Continue Reading DEI, Discrimination, Affirmative Action and More: How the Recent Executive Order Impacts Private Employers

The U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) Program will become operational at some point in fiscal year 2025. In October, the DOD issued a Final Rule to address evolving cybersecurity requirements and cyber threats while defining the security controls that DOD intends defense contractors and subcontractors to implement. The program will require

Alex Major, Franklin Turner, and Philip Lee co-authored the article “Surviving And Thriving In The Small Business Administration’s 8(a) Program: Maximizing Opportunities For NHOs, ANCs, And Tribes” for Briefing Papers. The article provides an overview of the Small Business Administration’s 8(a) Business Development Program, which provides socially and economically disadvantaged small business owners with federal

Contractors interested in offering federal agencies artificial intelligence (AI) can now glean insight into how agencies are expected to conduct AI acquisitions. On September 24, 2024, the Office of Management and Budget (OMB) issued Memorandum M-24-18, Advancing the Responsible Acquisition of Artificial Intelligence in Government (the Memorandum), providing guidance and directing agencies “to improve their capacity for the responsible acquisition of AI” systems or services, including subcomponents. The Memorandum builds on the White House’s Executive Order 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, and OMB Memorandum M-24-10, Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence. Taking effect on March 23, 2025, M-24-18 will apply to all solicitations and contract option exercises for AI systems covered under the Memorandum.

Continue Reading OMB Issues Guidance to Agencies on Responsible Artificial Intelligence Acquisitions

Just how broad is the scope of the False Claims Act (FCA)? That is the basic question posed in Wisconsin Bell, Inc. v. U.S. ex rel. Heath, No. 23-1127. Put more directly, the case addresses whether reimbursement requests under the Schools and Libraries Universal Service Support program—better known as the E-Rate program—are actionable “claims” exposed to liability under the FCA. But when the US Supreme Court hears oral argument next month, the justices will grapple with broader questions with implications far beyond this case: (1) when does the government “provide” money in any transaction or program so that FCA liability attaches; (2) when is an independent government-sponsored enterprise (e.g., Fannie Mae/Freddie Mac) acting as an “agent” of the United States for FCA purposes; and (3) to what extent do those who deal with private entities established or chartered pursuant to federal law need to watch this case to determine their potential exposure under the FCA and its panoply of enforcement mechanisms?

Continue Reading Wisconsin Bell: Testing the Elasticity of False Claims Act’s Scope

Over the course of the past few years, gallons of ink have been spilled addressing the seemingly ever-pending US Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) Program. After keeping us waiting for years, it finally arrived when, on October 15, 2024, DoD published its Final Rule to establish the CMMC Program. See 89 Fed. Reg. 83092 (Oct. 15, 2024). Effective December 16, 2024, the Rule will require certain defense contractors to have implemented security measures to achieve a particular CMMC level necessary to safeguard Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) as a condition of contract award. Codified at 34 C.F.R. Part 170, the CMMC Program will be augmented by a separate proposed acquisition rule to add a new 48 C.F.R. Part 204, amending the Defense Federal Acquisition Regulation Supplement (DFARS) to address procurement considerations related to the CMMC Program, including allowing DoD to require a specific CMMC level in a solicitation or contract. See 89 Fed. Reg. 66327 (Aug. 15, 2024) or our analyses here and here. The date when that DFARS clause will become final is still unclear, but most suspect it will be soon.

Continue Reading A Standard on Many Levels: A Look at CMMC 2.0 in Final

Sequels are rarely better than the films that precede them, and yet, sometimes a story is just too compelling to be limited to just one film. At the tail end of a summer full of Hollywood sequels, the Department of Defense (DoD) released a long-gestating sequel of its own. On August 15, 2024, DoD published a Proposed Rule that would revise the DoD Federal Acquisition Regulation Supplement (DFARS) to implement Cybersecurity Maturity Model Certification (CMMC) 2.0 into DoD contracts in the near(ish) future. This follows a December 2023 Proposed Rule, discussed here, establishing the CMMC 2.0 requirements in broad strokes. In this latest Proposed Rule, DoD proposes several changes to the DFARS that would do the following:

Continue Reading CMMC and DFARS 252.204-7021—Is the Sequel Better than the Original?