Off the (Supply) Chain: Director of National Intelligence Issues First Exclusion and Removal Order Under the Federal Acquisition Supply Chain Security Act

Client Alert | 2 min read | 09.22.25

On September 18, 2025, the Director of National Intelligence (DNI) issued the first order under the authority conferred by the Federal Acquisition Supply Chain Security Act (FASCSA), requiring exclusion and removal of products and services by an identified source.^[1]

	Name	Excluding Agency	Additional Comments	Active Date	Termination Date	Creation Date	Update Date	Exclusion Type	FASCSA Order Flag
Firm	ACRONIS AG	ODNI	FASCA Order --Acronis and all subordinate, subsidiary, or affiliated organizations doing business under various names in support of the parent company, Acronis AG (Acronis), that the DNI has issued an order to exclude Acronis from all Intelligence Community (IC) executive agency procurement actions. It further orders the removal of covered articles provided by Acronis from information systems applicable to the IC and sensitive compartmented information systems. This order was issued pursuant to the Federal Acquisition Supply Chain Security Act of 2018, Pub. L. No.115-390, title II; codified at 41 U.S.C. §§ 1321-1328. The basis for this order pertains to information as was relayed to Acronis i the Notice to Source document. Additional information is available in an Announcement on the NRO JWICS Acquisition Research Center Dashboard, search Acronis.	7/11/2025	Indefinite	9/15/2025	9/15/2025	Prohibition/Restriction	Y

This first order comes almost two years after the FAR Council issued the FAR clauses that dictate contractor compliance with FASCSA exclusion or removal orders. (Read more about the contractor obligations here.)

FASCSA established the Federal Acquisition Security Council (FASC), which is an inter-agency body created to assess supply-chain risk and make removal and exclusion recommendations to three order-issuing agencies: DNI, with respect to the Intelligence Community (IC) agencies, the Department of Homeland Security (DHS), with respect to civilian agencies, and the Department of Defense (DOD), with respect to defense agencies. This specific order, issued by the DNI, is applicable to the IC agencies^[2] and contracts involving sensitive compartmented information (SCI) systems. It has two parts. First, Acronis, its parent Acronis AG, and its affiliate companies (collectively, Acronis), are excluded from IC procurement actions. Second, the order designates as “covered articles” all Acronis products or services and requires contractors to remove all such Acronis “covered articles” from information systems “applicable to” the IC and SCI systems.

To carry out a FASCSA order, impacted contractors must undertake a reasonable inquiry into their supply chains to identify any provision or use of the “covered articles” in the performance of an applicable contract, pursuant to FAR 52.204-30. If a contractor identifies covered articles, then FAR 52.204-30 requires the contractor to notify the contracting officer within three business days and update that report with mitigation actions within ten business days.

With the FASCSA gates now open, contractors should continue to monitor both for additional FASCSA orders and impacts to their supply chains.

^{[1] FASCSA orders can be located by navigating to SAM.gov at https://sam.gov/supplychainorders and downloading the FASCA supply chain orders list. This excerpt is the FASCSA supply chain order list as of September 19, 2025.
[2] On September 18, 2025, the GSA blog also stated all MSA contracts were being revised to remove Acronis products. Details of this effort have not yet been provided. Crowell will continue to monitor these changes.}

Contacts

Adelicia R. Cliffe
Partner
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2816
YWNsaWZmZUBjcm93ZWxsLmNvbQ==
Alexandra Barbee-Garrett
Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.508.8918
YWJhcmJlZS1nYXJyZXR0QGNyb3dlbGwuY29t
Stephanie L. Crawford
Counsel
- Washington, D.C.
  - D | +1.202.624.2811
c2NyYXdmb3JkQGNyb3dlbGwuY29t
M. Yuan Zhou
Partner
- Washington, D.C.
  - D | +1.202.624.2666
eXpob3VAY3Jvd2VsbC5jb20g

Insights

Client Alert | 4 min read | 06.25.26

Twin Executive Orders Seek to Spur Quantum Leap in Technology and Cybersecurity

On June 22, 2026, President Trump signed two executive orders, “Securing the Nation Against Advanced Cryptographic Attacks” (Quantum Security EO) and “Ushering in the Next Frontier of Quantum Innovation” (Quantum Innovation EO), marking the most significant federal action on quantum technology since the Quantum Computing Cybersecurity Preparedness Act of 2022, which directed agencies to harden their information systems against quantum-enabled hacking. The orders seek to speed the development of quantum computers, which are advanced processors that can calculate multiple possibilities simultaneously and thus solve problems exponentially faster than traditional computers. At the same time, the orders look to protect against the danger that quantum technology can “break” traditional encryption by easily decoding it. Of particular note for government contractors, the Quantum Security EO directs agencies to update federal acquisition regulations to require contractors by 2031 to adopt information processing standards that resist quantum-enabled codebreaking....

Client Alert | 7 min read | 06.24.26
DOJ’s National Security Division Announces First Declination Under New Corporate Enforcement Policy With Parallel BIS Settlement
Client Alert | 3 min read | 06.24.26
OhioHealth Settlement and White House Report Signal Broader Federal Focus on Restrictive Hospital Contracting
Client Alert | 4 min read | 06.23.26
EPA Hands Over AI Data Center Regulation to States and Communities to Develop Best Practices

View All Insights