Compliance

Subscribe to Compliance via RSS

I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror and were suddenly silenced.

When Obi-Wan Kenobi says this in Star Wars: Episode IV – A New Hope, he senses that something profound just changed in the galaxy. A powerful presence has vanished. The balance of power shifting in ways that will ripple far beyond the immediate moment. As Yoda later describes the Force: “Life creates it, makes it grow. Its energy surrounds us, binds us.” In this way, artificial intelligence (AI) is beginning to play a role for the US Defense Industrial Base (DIB) not unlike the Force itself—quietly enhancing the capabilities of engineers, analysts, and compliance professionals across thousands of organizations supporting national defense programs.

So what could happen if a major AI player suddenly disappears from the board?Continue Reading Orbiting A.I.-deraan? A Disturbance in the Force for the Defense Industrial Base

The Department of Justice (DOJ) recently announced that False Claims Act (FCA) settlements and judgments exceeded $6.8 billion in fiscal year 2025. This massive haul is the largest annual recovery in the statute’s storied history. Although health care enforcement continues to account for the majority of recoveries, DOJ’s annual statistics confirm that procurement fraud, cybersecurity compliance, pandemic-program enforcement, and trade-related fraud remain core enforcement priorities that government contractors should not ignore. The FY 2025 numbers reinforce a familiar message: FCA enforcement remains one of DOJ’s most powerful tools for policing federal spending, and contractors should expect continued scrutiny of their certifications, representations, and contract compliance systems.Continue Reading Now That’s a Lot of Money: DOJ’s Record-Setting FCA Year Reflects Intensifying Enforcement Pressure on Government Contractors

California Attorney General (AG) Rob Bonta announced the largest settlement under the California Consumer Privacy Act (CCPA) against The Walt Disney Company (Disney) for failing to honor customers’ requests to opt out of the sale or sharing of their data across all devices and streaming services linked to their Disney accounts. Essentially, Disney made it too difficult for consumers.  Businesses should evaluate their internal structure for responding to consumer requests. California has put a hefty price tag to make sure that more than appearances matter. As discussed in prior alerts, this follows the joint investigative sweep announced in September 2025 among California, Connecticut, and Colorado to investigate businesses refusing to honor consumers’ right to opt out of the sale of their personal information.Continue Reading Opt Me Out! California Lessons on National Privacy Enforcement

The BIOSECURE Act in the FY 2026 NDAA is a quiet, sweeping shift in federal supply-chain enforcement that reaches beyond “biotech” and into the tools most companies barely think about like software, AI, data platforms, and third-party services used behind the scenes. As Alex Major and Franklin Turner write in The Government Contractor, BIOSECURE Act

Following a tumultuous start to fiscal year 2026, including a government shutdown that lasted 43 days, the National Defense Authorization Act for fiscal year 2026 (NDAA 2026), Pub. L. 119-60, was passed by Congress and signed into law on December 18, 2025. NDAA 2026 is a critical legislative act, setting acquisition reforms and policies and authorizing appropriations and funding levels for the Department of Defense (DoD). With $900.6 billion in funding for the DoD, NDAA 2026 contains a plethora of acquisition reform provisions and critical updates impacting defense contractors. Title XVIII of NDAA 2026 significantly increased certain acquisition thresholds, including triggers for the Truthful Cost or Pricing Data Act (formerly the Truth in Negotiations Act) and Cost Accounting Standards application, which you can read about here. Additionally, NDAA 2026 increases the thresholds for noncompetitive acquisitions and when information technology requirements qualify as a major system.Continue Reading FY2026 NDAA: Major Increases to Critical Acquisition Thresholds

The US Department of Justice’s (DOJ) new Data Security Program (DSP), designed to protect sensitive information and national security-related data from misuse by foreign actors, took full effect on October 6, 2025. The program introduces new restrictions on how companies handle and share sensitive US personal data and government-related data, especially when certain foreign entities are involved. With enforcement underway, companies should understand who is covered, what activities are restricted, and what compliance measures are required. Failure to comply with the rules can result in civil or criminal penalties.Continue Reading DOJ Launches New Data Security Program—What Your Company Needs to Know

The DoD has finally crossed the CMMC finish line, but for contractors, the race is just beginning. With the Final Rule effective Nov. 10, award eligibility will hinge on a “current” CMMC status in SPRS, backed by annual affirmations and strict compliance. The next two months are critical for getting race-ready. In this Featured Comment

Government procurement is essential to modern governance. But when firms rig bids, allocate markets, or otherwise collude, taxpayers pay more, honest competitors are shut out, and trust erodes. In recent months, US agencies have continued to emphasize the importance of fair competition in government procurement, scrutinizing regulations that may favor incumbents or unfairly limit competition and expanding whistleblower options.Continue Reading Rigging the Game? Antitrust Risks in the Public Contracting Arena

On July 31, 2025, the Court of Federal Claims (COFC) issued its decision in The DaVinci Company v. United States. The case is noteworthy for contractors grappling with geographical supply chain concerns because it elucidates the extent to which two cornerstone country-of-origin procurement statutes—the Buy American Act (BAA) and the Trade Agreements Act (TAA)—can be misunderstood and misapplied by the government.Continue Reading Making Hay of the Interplay Between the TAA and BAA—COFC Sustains Protest Against the VA’s Improper Sourcing of a Critical Pharmaceutical

Ding ding.” – Apollo Creed,
Rocky III

September 30. All (most?) federal years end the same way, at least on paper—like a prizefight, with the clock ticking down; an agitated, uncertain crowd; a lot of money on the table; and a ref capable of stopping the match at any moment. This year will be at once both no different and a completely different beast. With ever-recent uncertainty surrounding appropriations, continuing-resolution (CR) risk, evolving Federal Acquisition Regulation (FAR) language, the tightening screws of cyber attestations, industry supply-chain and acquisition changes, and grant closeouts that always take longer than you’d think, September is not a month for contractor improvisation. It’s a month when a dedicated corner team, a game plan, and crisp execution all are paramount.Continue Reading And in This Corner … the Sweet Science of Federal Contracting’s Year-End