Insights

On May 7, 2026, the Department of War issued the long-awaited Proposed Rule to implement Section 847 of the FY 2020 National Defense Authorization Act (NDAA) regarding Foreign Ownership, Control or Influence (FOCI) requirements for contractors. The proposed rule would expand the applicability of FOCI reviews, requiring contractors and subcontractors on unclassified “covered contracts” — defense contracts and subcontracts valued in excess of $5 million that are not for commercial products and services — to submit FOCI disclosures to the Defense Counterintelligence and Security Agency (DCSA) for FOCI risk assessment (and as applicable, mitigation) as part of contract award. This would effectively require DCSA assessment and adjudication of FOCI considerations prior to contract award. Thus, both cleared and uncleared defense contractors would be subject to the rigorous DCSA disclosure requirements, scrutiny, and FOCI mitigation. Crowell discussed the Section 847 requirements in a prior alert.

On April 13, 2026, President Trump signed into law the Small Business Innovation and Economic Security Act, which reauthorized the Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) programs.  These programs are Small Business Administration-sponsored initiatives intended to encourage small business contractors to conduct early-stage research and development (R&D) and help foster technological innovation related to U.S. government needs across several federal agencies, including the Department of War, Department of Energy, National Aeronautics and Space Administration, and National Institutes of Health.  SBIR/STTR are sometimes referred to as “America’s Seed Fund.”  Consistent with that characterization, SBIR contractors performing in the defense and technology space are often the focus of venture capital and private equity interest and investment.

A recent Illinois appellate decision has narrowed a key protection that state and local government contractors have long been able to rely on under Illinois’ Biometric Information Privacy Act (BIPA). In Thomas v. Cornerstone Services, Inc., the Illinois Appellate Court held that BIPA’s government contractor exemption does not provide blanket immunity to contractors simply because they hold a contract or subcontract with a state agency or local unit of government. The ruling carries important compliance implications for contractors and subcontractors operating across both government and private-sector markets.

On April 30, 2026, the DOJ announced the launch of the Fraud Oversight through Careful Use of Statistics initiative (FOCUS) to increase coordination between the Department and the growing host of data miners who sift through publicly available government data to identify patterns of alleged fraud. The launch of FOCUS highlights a growing trend in False Claims Act (FCA) enforcement: civilian data miners with access to public data — but no other connection to the alleged defendants — are filing almost as many qui tam complaints as company insiders.

On April 30, 2026, President Trump issued an executive order (EO) titled Promoting Efficiency, Accountability, and Performance in Federal Contracting, requiring agencies to “default” to fixed-price contracting to “protect taxpayer dollars, hold contractors accountable, and achieve demonstrable returns on investment.” The EO directs new approval processes for contract awards going forward, modification of certain existing contracts, and amendments to the Federal Acquisition Regulation (FAR).

As discussed in our March 30, 2026, client alert, Déjà Vu: New Executive Order Outlines Restrictions on Contractor and Subcontractor DEI Activity, President Trump issued Executive Order 14398 (EO 14398), Addressing DEI Discrimination by Federal Contractors, on March 26, 2026. The EO declared DEI activities “unethical and often illegal,” required a new mandatory contract clause for federal contracts and subcontracts, and directed the Federal Acquisition Regulatory (FAR) Council to issue an implementing deviation. That deviation has now arrived. At the same time, a coalition of higher education and government contractor associations has filed suit seeking to block the underlying executive order.

In Danziger et al. v. U.S., No. 25-cv-1241 (Fed. Cl. Apr. 10, 2026) (a Crowell & Moring case), the Court of Federal Claims (COFC) denied the government’s motion to dismiss a complaint seeking breach of contract damages for improper terminations in bad faith and/or abuse of discretion. The case involves hundreds of contractors for the U.S. Agency for International Development (USAID), who were terminated in 2025 in connection with the dismantling of USAID. The government sought to dismiss the case for failure to state a claim, arguing that the complaint failed to sufficiently plead bad faith or abuse of discretion. The court rejected these arguments, noting that the complaint was “replete with allegations implicating bad faith,” and specifically rejected the “peculiar notion” “that governmental misconduct is immunized when a contracting officer acts pursuant to directives from higher-ranking officials.” The court also held that the government’s payment of certain termination costs was no defense to the contractors’ breach claim and confirmed that an improper termination for convenience entitles contractors to termination costs as well as breach damages.

In a significant decision for government contractors, on April 15, 2026, in Life Science Logistics, LLC v. United States, the U.S. Court of Appeals for the Federal Circuit held that bid protesters challenging an agency’s override of an automatic stay of contract performance under the Competition in Contracting Act (CICA) need not satisfy the demanding four-factor test traditionally required for preliminary injunctive relief.  In so doing, the Federal Circuit clarified that CICA stay override challenges need only demonstrate that the override decision was arbitrary and capricious—nothing more.

On Friday, April 10, 2026, the U.S. Department of Justice (DOJ) announced that International Business Machines Corporation (IBM) has agreed to pay just over $17 million to resolve allegations that it violated the False Claims Act (FCA) by failing to comply with federal anti-discrimination requirements incorporated into its federal contracts due to allegedly discriminatory diversity, equity, and inclusion (DEI) employment practices. This resolution marks the first FCA settlement secured by the DOJ under its Civil Rights Fraud Initiative, created in May 2025, and announced by then-Deputy Attorney General Todd Blanche as part of the administration’s coordinated efforts to target allegedly unlawful DEI practices. Per the agreement, the settlement is neither an admission of liability by IBM nor a concession by the United States that its claims are not well founded.

The Federal Risk and Authorization Management Program (FedRAMP) continues to advance its modernization agenda. On April 8, 2026, FedRAMP released RFC-0031, Updated Incident Communications Procedures for public comment. This RFC proposes replacing the current FedRAMP Incident Communications Procedures (ICP) with what FedRAMP calls “a clear set of reporting requirements … established using a modern rules-based format.” 

On April 13, 2026, President Trump signed the Small Business Innovation and Economic Security Act of 2026 (S. 3971) (the Act), extending the Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) programs through September 30, 2031. The legislation cleared the U.S. Senate on March 3, 2026 and then was passed by the U.S. House of Representatives on March 17, 2026 after a six-month interruption in program authority that halted the issuance of new awards across federal agencies. The programs’ previous authorization expired on September 30, 2025.

On April 7, 2026, Acting Attorney General Todd Blanche issued a memorandum establishing the National Fraud Enforcement Division (NFED) within the U.S. Department of Justice (DOJ). This new division will be dedicated to the centralized, coordinated investigation and prosecution of fraud against taxpayer dollars and taxpayer-funded programs. AAG Blanche acknowledged that, while DOJ has a “storied history of combatting fraud,” DOJ has “never adopted a comprehensive and coordinated approach to investigating and prosecuting fraud against taxpayer dollars and tax-payer funded programs.” The NFED was created to close that gap with its core mission being to “zealously investigate and prosecute those who steal or fraudulently misuse taxpayer dollars.”

On March 31, 2026, the Executive Office of the President, Office of Management and Budget (OMB), issued Memorandum M-26-10 titled, “Reinforcing Transparency, Accountability, and Oversight of Federal Technology,” (Memorandum) containing a new policy designed to reinforce oversight, transparency, and accountability across federal technology programs, increase accountability for agency chief information officers (CIOs), and enhance information sharing among government agencies.  OMB issued the policy in furtherance of several executive orders (EOs) issued by President Trump, including: EO 13833, “Enhancing the Effectiveness of Agency Chief Information Officers,” EO 14240, “Eliminating Waste and Saving Taxpayer Dollars by Consolidating Procurement,” and EO 14243, “Stopping Waste, Fraud, and Abuse by Eliminating Information Silos.”  

On March 26, 2026, President Trump issued an executive order (EO) titled Addressing DEI Discrimination by Federal Contractors. The EO declares diversity, equity, and inclusion (DEI) “activities” “unethical and often illegal,” and imposes new obligations on federal contractors and subcontractors related to DEI programming. Contractors that do business with the federal government — or that work as subcontractors for companies that do — should review the EO closely to determine the extent to which they are compliant with the new requirements.

False Claims Act (FCA) settlements and judgments hit record highs yet again in FY 2025, surpassing the previous record by over $1 billion and setting a new high-water mark for the number of new FCA cases filed.  These records were built both on existing enforcement priorities such as pandemic-related fraud and healthcare enforcement actions and new guidance from the Executive Branch instructing the Department of Justice to enforce its 2025 priorities including Diversity, Equity, and Inclusion (DEI), civil rights, and customs issues.  Procurement fraud, cybersecurity issues, and small business fraud also remained focal points, with significant settlements in each of those areas.  In the courts, an Eleventh Circuit decision expanded relators’ ability to use discovery to avoid dismissal under Rule 9(b), and a Ninth Circuit ruling clarified a number of customs fraud issues while applying the Supreme Court’s Schutte scienter test.  Debate over the qui tam provisions’ constitutionality continued to grow, with arguments made in multiple circuits, including an Eleventh Circuit oral argument in the appeal of the Middle District of Florida’s Zafirov decision that helped to spark the recent wave of challenges.  Crowell FCA attorneys explain these developments, trends, and what’s next for the FCA in a “Feature Comment” published in The Government Contractor.

On March 6, 2026, the General Services Administration (GSA) issued a significant proposed contract clause, GSAR 552.239-7001, Basic Safeguarding of Artificial Intelligence Systems (“Clause”), for inclusion in GSA Schedule solicitations and contracts for AI capabilities.  The proposed clause would impose substantial new requirements related to AI sources, intellectual property rights, data use, change management, and performance standards.  The Clause would also take precedence over any other contract terms (including commercial licensing terms) related to AI, including a Seller’s terms of sale and service to which the Government had previously agreed.  GSA requests comments by March 20, 2026.

On March 10, 2026, the Department of Justice released the first-ever Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy (the “Department-wide CEP” or “Policy”), which applies to all non-antitrust corporate criminal cases across the Department. The new policy has been anticipated since December 2025, when Deputy Attorney General Todd Blanche announced the Department’s plans to release a new, single corporate enforcement policy for all criminal matters. According to the Department, the new policy is designed to “help ensure consistency across the Department” and “transparently describe the Department’s policies and decisionmaking.”

On February 17, 2026, the Federal Acquisition Regulatory Council (FAR Council) released a Proposed Rule (Proposed Rule) to implement Section 5949(a) of the James M. Inhofe National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2023 (Section 5949), following the FAR Council’s May 3, 2024 Advanced Notice of Proposed Rulemaking (ANPR).  Comments on the proposed rule are due by April 20, 2026.

On February 13, 2026, the U.S. Department of Homeland Security (DHS) announced upcoming virtual town hall meetings scheduled for March 2026 regarding the implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).  The meetings will allow industry stakeholders to provide input to DHS to refine the “scope and burden” of the forthcoming CIRCIA final rule.

Last week, the Federal Circuit heard oral argument in Global K9 Protection Group, LLC v. United States, a bid protest appeal concerning, in part, whether an awardee who chose not to intervene at the outset of the protest should have been allowed to do so after its award was enjoined.