The FY 2024 National Defense Authorization Act: Key Provisions Government Contractors Should Know

The National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2024, signed into law on December 22, 2023, makes numerous changes to acquisition policy. Crowell & Moring’s Government Contracts Group discusses the most consequential changes for government contractors here. These include changes that impose a new conflict of interest regime for government contractors with a connection to China, impose new restrictions and requirements, require government reporting to Congress on acquisition authorities and programs, and alter other processes and procedures to which government contractors are subject. The FY 2024 NDAA also includes the Federal Data Center Enhancement Act, the American Security Drone Act, and the Intelligence Authorization Act for FY 2024.

Acquisition-Related Matters

Conflicts of Interest for Consultants

Section 812 prohibits the Department of Defense (DoD) from entering into contracts for consulting services under NAICS Code 5416 with contractors that are also performing active work for foreign adversaries, particularly Chinese or Russian government entities and companies under the control of the government of the People’s Republic of China. Essentially, if a contractor or any affiliate cannot certify that it does not have any contracts for consulting services (defined as “advisory and assistance services” under Federal Acquisition Regulation (FAR) 2.101) with a covered foreign entity, the company must maintain a Conflict of Interest Mitigation Plan. Among other things, a Conflict of Interest Mitigation Plan requires identification of any covered contracts with a covered foreign entity and a written analysis of the plans and procedures to avoid, neutralize, or mitigate actual or potential conflicts.

If a contractor cannot make the required certification, DoD cannot award new contracts for consulting services. The provision requires DoD contracting officers to give an offeror notice and an opportunity to respond to a determination that award must be withheld due to a conflict. DoD contracting officers may also request a waiver, but waivers require congressional notification.

DoD must issue a Defense Federal Acquisition Regulation Supplement (DFARS) amendment enacting the provision within 180 days, at which time the provision will become effective.

Commercial Contracting

Section 801 amends 10 U.S.C. § 3456(b), to require contracting officers to provide, upon a contractor’s or subcontractor’s request, a copy of any memorandum summarizing the commerciality determination for a product or service.

Section 813 requires the Secretary of Defense to exercise at least four times per fiscal year the statutory authority at 10 U.S.C. § 3458 to acquire innovative commercial products and commercial services using general solicitation competitive procedures.

Section 875 requires DoD to conduct a study within 180 days of enactment on the feasibility and advisability of (1) establishing a default determination that acquired products and services are commercial and do not need a commerciality determination, (2) a requirement for a product or service to be determined not commercial before procedures other than those in FARPart 12 are used, and (3) mandating the use of commercial procedures under FAR Part 12 unless a product or service to is determined to not be commercial.

Acquisition Policy and Management

Several provisions in the NDAA require modifications to DoD’s internal processes. In particular, Section 806 directs each military department to designate a Principle Technology Transition Advisor to advise the Secretary of the military department, identify technologies to meet identified and potential warfighter requirements, consult with DoD innovation programs, make recommendations regarding technology acquisition, inform program managers of relevant technology, promote opportunities for small and non-traditional defense contractors to license technology, and develop metrics to track the outcomes of technology development activities.

Section 807 establishes a senior contracting official under the Director of the Strategic Capabilities Office, to execute and administer contracts, grants, cooperative agreements, and other transactions for that office’s programs. The section also requires the Secretary of Defense to submit a plan for implementation including an assessment of the acquisition workforce needed to support this authority.

Section 811 requires development and implementation of a streamlined requirements development process, to improve alignment with modern technologies and reduce time to deliver capabilities, by October 1, 2025. The streamlined process is to include an iterative and collaborative requirements-management approach to maximize the use of commercial products and services, allow the incorporation of new technological opportunities without revalidation of requirements, and establish a process to rapidly validate the ability of commercial products and services to meet capability needs.  

Cost Accounting

Section 802 amends 10 U.S.C. § 3705, which requires offerors to submit data other than certified cost or pricing data so that contracting officers may determine the price reasonableness of a contract, subcontract, or modification. The provision amends the reporting requirement under 10 U.S.C. § 3705 such that from the annual report identifying offerors that received contract awards despite denying multiple requests for uncertified cost or pricing data over the preceding three-year period, appropriate portions must be made available to the offerors named in the report. Section 802 also requires the Under Secretary to clarify what constitutes a denial of uncertified cost or pricing data, including: (1) identifying situations under which denials occur; (2) identifying whether the denial is from the prime contractor or subcontractor; and (3) establishing the timeframe for when failing to comply with the request for uncertified cost or pricing data is considered a denial.

Section 827 requires that the DFARS be revised to: (1) exempt all DoD software contracts and subcontracts from earned value management system (EVMS) requirements; (2) impose EVMS requirements for cost or incentive contracts with a value between $20M and $50M; and (3) require contractors to use an EVMS for all awarded contracts with a value between $50M and $100M.

Inflation

Section 824 amends Section 822 of the FY 2023 NDAA, which permitted contractors and subcontractors impacted by inflation to file claims for relief under Public Law 85-804 once DoD issued the relevant regulation. This provision clarifies that DoD may use appropriated funds to pay for claims for relief for contractors and subcontractors impacted by inflation, and it extends the authority for such relief to December 31, 2024.

Section 826 permits DoD to use appropriated funds to modify the terms and conditions of a fixed-price contract with economic price adjustment, consistent with FAR 16.203-1 and 16.203-2, if funds are specifically appropriated to do so. Section 826 also requires the Under Secretary of Defense for Acquisition and Sustainment to issue implementing guidance no later than thirty days after the NDAA’s enactment.

Industrial Base

Section 857 requires that the parties to a proposed merger or acquisition that are required to provide a pre-transaction filing to the Federal Trade Commission (FTC) and Department of Justice (DOJ) disclosing certain basic information about the contemplated transaction and the parties involved (i.e., Hart-Scott-Rodino Antitrust Improvements Act of 1976 (HSR) filings) must also “concurrently provide such information to DoD during the waiting period,” prescribed under HSR (typically 30 days) when such transaction “will require a review” by DoD. In addition to the standard FTC/DOJ antitrust review, DoD’s Industrial Base Policy mergers and acquisitions (M&A) office is charged with reviewing M&A deals affecting or related to the defense industrial base (DIB) and considering whether a proposed transaction would overly limit competition, have a negative impact on national security, costs, or innovation, or otherwise adversely impact the DoD’s mission. As a result of such review, the FTC or DOJ could take legal action to block transactions that the government determines might substantially lessen competition.

Although consolidation of the DIB has been an area of increased regulatory focus in recent years, the Government Accountability Office (GAO) released a report in October 2023 finding that DoD lacked sufficient resources and insight to perform its M&A monitoring and assessment function. GAO found that DoD reviewed an average of only 40 M&A transactions per year from FY 2018-2022, while it was estimated that approximately 400 such transactions occur annually. Notably, from FY 2018-2022 GAO found “numerous examples of defense-related M&A that potentially presented risks” to DoD but for which DoD did not participate in antitrust review, in many cases because it appears that the FTC and DOJ may not have reached out to DoD for input and DoD was otherwise unaware of the transaction. This provision of the NDAA seems targeted at bridging the communication gap between the agencies by requiring that the parties to a proposed transaction over the HSR threshold provide a copy of their HSR filing directly to DoD.

Parties considering defense-related M&A transactions in the coming year should monitor for further developments on how the mechanics of this required concurrent notice to DoD are implemented. In particular, it is unclear what Congress intended in referring to mergers or acquisitions “that will require a review” by DoD, as there is currently no mandatory trigger for DoD review of transactions. Instead, the Industrial Base Policy M&A office merely has broad discretion to assess “covered transactions” involving “major defense suppliers” as defined in DoD’s M&A policy under Directive 5000.62. It remains to be seen whether, in implementing this provision of the NDAA, DoD requires all transactions involving “major defense suppliers” to provide the HSR filing to DoD or whether the trigger for providing such information will be defined in a different way.

Small Business

Section 853 modifies the Procurement Technical Assistance Program—a cooperative agreement between DoD and nonprofit entities under which those nonprofits provide procurement technical assistance to other businesses—to permit the Secretary of Defense to waive the government’s maximum cost share percentage when it is in the best interest of the Program. The provision also authorizes procurement technical assistance providers to provide education to small businesses on the requirements of DFARS 252.204-7012, Safeguarding Covered Defense Information, and the requirements for mitigating risks related to foreign ownership, control, or influence of DoD contractors under section 847 of the FY 2020 NDAA.

Section 862 amends the Small Business Act, specifically 15 U.S.C. 637(d)(13) to shorten the time period that must pass to trigger a notice from a prime contractor on a covered contract (i.e., one for which the prime contractor must have a small business subcontracting plan) to the contracting officer of the contract. Previously, such notice was required if the payment to a subcontractor was more than 90 days past due for goods or services provided for the covered contract for which the Federal agency had paid the prime contractor. Section 862 shortens this period from 90 to 30 days. Section 862 also provides authority for the contracting officer to enter or modify past performance information regarding the prime’s unjustified failure to make a full or timely payment to a subcontractor before or after close-out of the covered contract. The SBA must update its regulations in order to carry out these amendments not later than 180 days from the NDAA’s enactment.

The FY 2024 NDAA has two material amendments regarding service-disabled veteran-owned small businesses (SDVOSBs). Section 863 amends the Small Business Act, specifically 15 U.S.C. § 644(g)(1)(A)(ii), to increase the governmentwide participation goal for SDVOSBs to not less than 5% of the total value of all prime contract and subcontract awards for each fiscal year—up from 3%. Section 864 phases out the ability of small businesses to self-certify as SDVOSBs. Currently, contractors are still able to self-certify as SDVOSBs for non-SDVOSB set-aside prime contracts as well as for subcontracts. Section 864 provides that each prime contract award and subcontract award that is counted for the purpose of meeting SDVOSB goals must be certified by the SBA as a SDVOSB. Within 180 days of the NDAA’s enactment, the SBA must issue regulations to implement this change. The requirement for SBA-certification as a SDVOSB is to take effect on October 1 of the fiscal year beginning after SBA promulgates the required regulations. Section 864 contemplates a phased approach to eliminating self-certification, providing that if a small business seeks SBA certification as a SDVOSB before the end of the 1-year period measured from the NDAA’s enactment, that small business will be able to maintain its self-certification until the SBA rules on its SDVOSB certification application.

Section 865 requires the Secretary of Defense to amend DFARS 215.305 to require DoD agencies to consider affiliate companies’ past performance information, if relevant, when small businesses bid on DoD contracts.

Miscellaneous

Section 872 provides a three-year extension of DoD’s authority for a pilot program that permits it to award sole source follow-on contracts to businesses that are wholly-owned through an Employee Stock Ownership Plan (ESOP). This section also requires DoD to prescribe regulations for the pilot program and relaxes the restrictions on subcontracting when subcontracting to another qualified business wholly-owned through an ESOP.  

Section 874 provides that the Under Secretary of Defense for Acquisition and Sustainment is to establish and implement a pilot program to incentivize contractor performance by paying covered contractors a progress payment rate that is up to 10 percent higher than the customary progress payment rate on a contract-by-contract basis. Participation in such program is to be on a voluntary basis. DoD must implement this pilot program via rulemaking and establish clear and measurable criteria for payment of higher progress payments. The authority for this pilot program will sunset on January 1, 2029.

Sections 1022 and 1023 respectively authorize the Navy to use certain authorized funds to incrementally fund contracts for the advance procurement and construction of a San Antonio-class amphibious ship and a submarine tender. Contracts for both the San Antonio-class ship and the submarine tender must include provisions stating that the total liability to the Government for the termination of the contracts is limited to the total amount of funding obligated at time of termination.

Cyber-Related Sections of Note

Section 1502 tasks the Secretary of Defense with developing a Strategic Cybersecurity Program (Program). The members of the Program will identify all systems, infrastructure, kill chains, and processes that comprise (1) nuclear deterrence and strike, (2) select long-range strike missions, (3) offensive cyber operations, and (4) homeland missile defense. The National Security Agency (NSA) will support the Program by identifying threats to, vulnerabilities in, and remediations for these mission elements. The NSA will also select the Program Manager, who will be responsible for conducting vulnerability assessments, prioritizing remediation efforts, reviewing systems and infrastructure, advising Secretaries of military departments, and ensuring the Program builds upon other DoD cybersecurity efforts.

Section 1507 requires DoD cyber officials to review the status of the implementation of cyber red team requirements from the NDAA for FY 2020. The officials must develop a plan to identify the funding and resources required to develop cyber red team capabilities, as well as the standards and metrics necessary to ensure sufficient training and staffing. The Secretary of Defense must then issue regulations and guidance to implement the developed plan.

Section 1512 tasks the Secretary of Defense with establishing a cross-functional team to develop a threat-driven defense construct for the systems and networks that support the nuclear command, control, and communications (N3) mission. The team will also develop associated plans and milestones. The construct will be based on zero trust architecture, comprehensive endpoint and network telemetry data, and control capabilities that enable rapid investigation and remediation of threats.

Section 1521 allows the Chief Digital and Artificial Intelligence Officer to access and control any data collected, acquired, accessed or used by any component of the DoD. Section 1521 also requires that the Secretary establishes the Chief Digital and Artificial Intelligence Officer Governing Council to provide policy oversight that ensures responsible, coordinated, and ethical employment of data and AI capabilities across the DoD.

Section 1522 requires the executive agent of the DoD-wide cyber data products and services procurement program to evaluate emerging cyber technologies, specifically AI-enabled security tools, for efficacy and applicability to the requirements of DoD.

Section 1523 tasks the Chief Digital and Artificial Intelligence Officer with providing the digital infrastructure and procurement vehicles necessary to manage data assets and analytics capabilities. These capabilities should enable an understanding of foreign key terrain and relational frameworks to support cyber operation plans, military operation warnings, and strategic competition actions and reactions.

Section 1535 creates a pilot program to contract for services relevant to the Cyber Mission. The pilot program will seek to enter into one or more contracts under which skilled personnel will provide support for critical work within the Cyber Mission Force to enhance readiness and effectiveness of the Cyber Mission Force. Over a three-year period, the Commander of the United States Cyber Command will determine whether to extend the pilot program, transition the program to a permanent program, or terminate the program.

Section 1552 requires that, within one year of enactment, DoD must review and implement the recommendations from the February 2023 DoD Inspector General report on managing mobile applications titled “Management Advisory: The DoD’s Use of Mobile Applications” (Report No. DODIG–2023–041). This section also requires that, within 120 days of enactment, DoD must brief the congressional defense committees on compliance efforts relating to existing DoD policy that prohibits (1) the installation and use of “covered applications” (i.e., TikTok, or other apps developed by ByteDance Limited or its affiliates) on federal government devices; and (2) the use of such covered applications on the DoD Information Network on personal devices.

AI-Related Sections of Note

Section 1541 requires the Under Secretary of Defense for Acquisition and Sustainment, within thirty days of enactment, to prepare a plan regarding the exercise of the acquisition authority provided to the Joint Artificial Intelligence Center in the FY 2021 NDAA. In addition, within 90 days of enactment, the Chief Digital and Artificial Intelligence Officer (CDAIO) must provide a demonstration of operational capability under the acquisition authority. This demonstration must include how the CDAIO may use the acquisition authorities of DoD and other federal entities to further DoD’s data and artificial intelligence objectives.

Section 1542 requires the CDAIO, within 180 days after enactment of the NDAA, to develop a bug bounty (ethical hacking) program for “foundational artificial intelligence models”—defined as adaptive generative models that are trained on a broad set of unlabeled data sets that may be used for different tasks with limited fine-tuning—that are integrated into DoD’s missions and operations. Notably, the section states that neither the use of foundational artificial intelligence models nor the implementation of the bug bounty program is required in DoD’s missions and operations.  

Section 1543 requires DoD to establish a Generative AI Detection and Watermark Prize Competition, open to federally funded research and development centers, the private sector, the defense industrial base, institutions of higher education, federal departments and agencies, and others. The competition will be designed to evaluate technology, tools, and models for generative AI detection and generative AI watermarking to facilitate the research, development, testing, evaluation, and competition of the technologies to support military warfighting requirements and to transition these types of technologies, including technologies developed under pilot programs, prototype projects, or other research and development programs, from prototype to production. The prize competition must be established within 270 days of enactment, and expires on December 31, 2025.

Section 1544 requires the Secretary of Defense within 120 days of the NDAA’s enactment to establish policies and guidance for the adoption and use of AI, including plans for identifying commercially available large language models and make them available on classified networks, where appropriate. This section also requires creation of a policy for contracting officials to protect the intellectual property of commercial entities that provide artificial intelligence algorithms.

Section 1545 requires the Secretary of Defense to complete a study within one year of enactment to assess the functionality, research and development needs, and vulnerabilities to privacy, security, and accuracy of AI enabled military applications.

Supply Chain-Related Matters of Note

Section 804 prohibits DoD from entering into a contract with any person or entity that has fossil fuel business operations with an entity that is greater than 50% owned by either an authority of the government of the Russian Federation or a fossil fuel company that operates in the Russian Federation.

Section 805 prohibits DoD from entering into a contract for the procurement of goods and services from an entity on the 1260H list (Entity Prohibition) or contracting for goods and services that include goods or services produced or developed by an entity on the 1260H list or any entity subject to the control of an entity on the 1260H list (Goods and Services Prohibition). The prohibitions do not extend to purchases of goods, services, or technology that connect goods or services to third party services (e.g., interconnection) or to components, defined broadly as an item supplied to the federal government as part of an end item or of another component. The provision requires DoD to issue rules implementing the provision within 180 days of enactment for the Entity Prohibition and 545 days of enactment for the Goods and Services Prohibition. Section 805 becomes effective on June 30, 2026 for the Entity Prohibition and June 30, 2027 for the Goods and Services Prohibition.

Section 825 contains two prohibitions designed to curb the use of the LOGINK logistics software used in the People’s Republic of China. The provision prohibits DoD from entering into contracts with entities that provide data to “covered logistics software,” defined as LOGINK or any national transportation logistics information platform provided or sponsored by a foreign adversary or a commercial entity controlled by the government of an adversary. The provision also prohibits the Department of Transportation from providing federal grant funding to port authorities that use covered logistics software.

Section 833 amends 10 U.S.C. § 4863 to narrow the qualifying country exception for specialty metals. Under the provision, any specialty metal that is procured as a mill product or incorporated into a component must be melted or produced in the United States, the country where mill product or procurement is procured, or another qualifying country. In addition, the supplier of components or systems made of aerospace-grade metals—those that require provenance-tracking to comply with flight safety regulations—must inform DoD if any of the materials were known to be manufactured or processed in China, Iran, North Korea, or Russia.

Section 834 amends 10 U.S.C. § 4872(c) to narrow the non-availability exemption for specialized materials to require DoD to identify a specific end item for which a specific covered material cannot be procured as- and when-needed at a reasonable price. The provision also limits non-availability waivers to 36 months.

Section 856 requires DoD to establish and carry out a pilot program to analyze, map, and monitor key U.S. Indo-Pacific Command system supply chains for up to five covered weapons platforms identified in FY 2021 NDAA § 1251(d)(1), to identify impediments to production and opportunities to expand production of components, identify potential risks and vulnerabilities, and identify critical suppliers. The pilot program must be established within 90 days of enactment. To carry out the pilot program, the provision allows DoD to use a combination of commercial tools and other tools available to it, including AI and machine learning tools.

Trade-Related Sections of Note

Matters Relating to the AUKUS Partnership

Sections 1331 through 1352 relate to the AUKUS Partnership. Section 1352 authorizes the President to transfer up to three Virginia Class submarines to the government of Australia on a sale basis and enables the President, with certain requirements, to determine what shipyard in the United States, Australia, or the United Kingdom can perform any repair or refurbishment of a United States submarine involved in AUKUS.

In addition to the submarine transfer, Section 1331 requires the Secretary of State to designate a senior advisor to coordinate the department’s internal and diplomatic efforts related to the AUKUS initiative. Section 1331 also requires the Department of State (DoS) to establish an AUKUS Industry Forum and to provide reports to Congress on, among other topics: (1) processing times for Direct Commercial Sales (DCS) and Foreign Military Sales (FMS) authorizations to Australian and UK persons; (2) the number of applications for transfers to Australian and UK persons that were denied or approved with provisos; (3) voluntary disclosures resulting in a violation of the International Traffic in Arms Regulations (ITAR), or involving U.S. arms embargoed countries, by Australian or the UK persons; (4) the adoption of a U.S. classification category relating to any anticipatory disclosure policy for Australia and the United Kingdom; and (5) whether regulatory changes to exemptions under the Arms Export Control Act are likely or necessary within the next year.

Section 1333 mandates that the President submit to Congress the text of any non-binding instruments relating to the AUKUS partnership and a report that includes information regarding, but not limited to: (1) progress made on achieving the Optimal Pathway established for Australia’s development of conventionally armed, nuclear-powered submarines and (2) progress made on Pillar Two of the AUKUS partnership.

Section 1341 mandates that the President institute policies to expedite the review of Letters of Request related to AUKUS and to create an anticipatory release policy and an expedited decision-making process for the transfers of technologies associated with AUKUS to Australia, the United Kingdom, and Canada through FMS and DCS that are not covered by an exemption under the ITAR.

Section 1343 requires, within 120 days of the NDAA’s enactment, the President to determine and certify in writing to Congress whether Australia or the United Kingdom has implemented: (1) a system of export controls comparable to those of the United States and (2) a comparable exemption from its export controls for the United States. If there is a determination that the comparability standards have been met, the President is required to exempt transfers of defense articles and defense services between the United States and that country or countries from the approval requirements. If the comparability standards are not met, the President must reassess the requirements every 120 days. Any of the three countries can exclude transfers from eligibility for the exemption, and certain items—largely nuclear, missile, or chemical proliferation related—are also excluded, as well as transfers involving persons not approved by three countries. The President also has the power to suspend an exemption under specified circumstances. Any exemption specified under this provision has a sunset of 15 years which can be renewed by the Secretary of State for five years.

Section 1344 mandates that the Secretary of State initiate a rulemaking to establish an expedited decision-making process, classified or unclassified, for applications to export between and among Australia, the United Kingdom, and Canada defense articles and defense services that are not covered by an exemption under the ITAR.

Section 1345 amends Arms Export Control Act Section 38(f)(3) to waive the congressional notice requirements for establishing a country exemption for Australia or the United Kingdom, and it mandates that the Department of State carry out reviews of the United States Munitions List not less frequently than every 3 years.

Exportability

Section 810 directs the Under Secretary of Defense for Acquisition and Sustainment to update guidance on planning for exportability for certain defense programs. Specifically, within one year of the NDAA’s enactment, guidance should require (1) major defense acquisition programs and (2) programs carried out using the rapid fielding or rapid prototyping acquisition pathway that transition to a major capability acquisition program to review their exportability. Additionally, within 3 years of enactment, the Under Secretary is to update guidance for program protection plans to determine exportability needs for such programs.

Section 873 requires the Under Secretary to annually compile a list of systems that would benefit from investment in exportability features to support the security cooperation objectives of the regional theaters.

Combating Global Corruption Act

Section 5405 specifies that the executive branch should evaluate, for the purposes of potential imposition of sanctions, whether there are foreign persons engaged in significant corruption in: (1) specific countries that do not meet minimum standards for the elimination of corruption and (2) relation to the planning, construction, or operation of the Nord Stream 2 pipeline.

Foreign Military Sales Updates

Section 873 introduces new requirements related to visibility of foreign acquisition programs. Among other requirements, it instructs the Under Secretary for Defense Acquisition and Sustainment and each military department to appoint an individual to serve as a single point of contact for foreign military sales (FMS) inquiries from the defense industrial base and partner countries. Additionally, it requires the Secretary of Defense to host an annual industry day to raise awareness about FMS—enabling U.S. companies to learn about foreign demand for U.S. weapons systems and foreign governments to learn about U.S. solutions. The section also requires the Secretary of Defense to create an advisory group made up of senior defense industrial base employees to advise on DoD’s role in the FMS process.      

Human Rights and Sourcing Critical Minerals

Section 5411 directs the Secretary of State to convene a meeting of foreign leaders to establish a multilateral framework to end human rights abuses, including forced labor and child labor that is related to mining and sourcing critical minerals. The Secretary is also required to lead the development of an annual global report on the implementation of this multilateral framework, which should discuss progress and recommendations to end such human rights abuses.

Other Department of Defense Organization and Management Matters

Section 918 requires the Secretary of Defense to improve the policies, processes, and procedures applicable to technology release and foreign disclosure decisions by DoD.

American Security Drone Act

The “American Security Drone Act of 2023” prohibits executive agencies from procuring unmanned aircraft systems that are manufactured or assembled by a “covered foreign entity,” with limited exceptions. Covered foreign entities are those (1) included on the Consolidated Screening List, (2) subject to a foreign government’s extrajudicial direction, (3) domiciled in or subject to control by the People’s Republic of China, or (4) deemed to pose a national security risk. The Act also requires agencies to account for any existing inventory of unmanned aircraft manufactured or assembled by covered foreign entities.

The Act further requires the Office of Management and Budget—in connection with the Department of Homeland Security, DOJ, and National Institute of Standards and Technology—to establish a government-wide policy for any unmanned aircraft system procurements that meet the narrow set of exceptions to the Act’s general rule, given that they serve non-DoD or intelligence community operations through non-federal grants or cooperative agreements.

Finally, the Act obligates the Under Secretary of Defense for Acquisition and Sustainment to provide to Congress a report on the supply chain for covered unmanned aircraft systems, including a discussion of current and projected future demand for covered unmanned aircraft systems.

Federal Data Center Enhancement Act

Sections 5301 and 5302, titled the Federal Data Center Enhancement Act of 2023, revise the recently expired Federal Data Center Optimization Initiative to address the government’s evolving need for secure, reliable, and protected data centers, while continuing to consolidate data centers and prioritize cost savings. The Act establishes three requirements to address these objectives.

First, the Act amends 44 U.S.C. § 3601 to include minimum operating requirements that relate to availability, use, overhead costs, uptime percentages, and various safety and security protections for new data centers. The General Services Administration (GSA) must establish these requirements within 180 days of the NDAA’s enactment and incorporate the same requirements for existing data centers within 90 days of establishment.

Second, the Act requires guidelines for covered agencies to operate their existing data centers. These guidelines must require the head of a covered agency to (1) regularly assess and update its application portfolio to properly utilize modern technologies, and (2) leverage commercial data center solutions, like hybrid cloud, multi-cloud, co-location, interconnection, or cloud computing.

Third, the Act requires the GSA Administrator to maintain a public facing website with information, data, and explanatory statements regarding agencies’ compliance with the above requirements. Website content must be updated biannually and be maintained as open government data assets.