Insights

On October 16, 2025, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented their Defense Readiness Roadmap 2030 to the EU Member States. This comprehensive plan aims to strengthen European defense capabilities. It follows, and should be read together with, the Commission’s Defense Readiness Omnibus that was published in June 2025. The Omnibus contains a set of proposals to facilitate defense investments and boost EU Member States’ responsiveness to today’s security challenges.

The UK’s increased defence spending and zero-tariff trade on aircraft parts with the US is generating broad interest in the UK defence sector.

On September 30, 2025, the Department of Justice (DOJ) announced that Georgia Tech Research Corporation (GTRC) agreed to pay $875,000 to settle allegations that it violated the False Claims Act (FCA) and federal common law by failing to meet cybersecurity requirements under certain Air Force and Defense Advanced Research Projects Agency (DARPA) contracts.  The settlement adds to the growing list of recoveries under DOJ’s Civil Cyber-Fraud Initiative and is yet another example of DOJ’s ongoing enforcement focus on cybersecurity obligations for federal contractors handling sensitive government information.  The settlement also provides insight into how government contractors may challenge FCA liability when faced with allegations of cybersecurity noncompliance.

Congress has not passed crucial funding bills for the start of Fiscal Year 2026.  If Congress fails to act by September 30, the government may be forced to shut down for lack of funding.  In anticipation of that possibility, agencies government-wide are preparing for a shutdown, and contractors and companies that work with the government should do so as well.  Our team is ready and available to help advise companies through the shutdown process.

The Transportation Security Administration (TSA) recently proposed an expanded role regulating unmanned aircraft systems (UAS), or drones.  On August 7, 2025, the Federal Aviation Administration (FAA) and TSA published a joint Notice of Proposed Rulemaking (proposed rule), titled Normalizing Unmanned Aircraft Systems Beyond Visual Line of Sight Operations (BVLOS).  Through this landmark proposed rule, the FAA and TSA aim to provide industry with a clear path forward for streamlined UAS operations for a variety of purposes, including package delivery, agriculture, aerial surveying, civic interest (public safety), and flight testing.  Comments on the proposed rule are due October 6, 2025.

The Department of Education (DOE) announced on September 10, 2025, that it will end discretionary funding to several Minority-Serving Institution (MSI) grant programs that, it stated, “discriminate by conferring government benefits exclusively to institutions that meet racial or ethnic quotas.”[1] The agency stated that it would “us[e] its statutory authority to reprogram discretionary funds to programs that do not present such concerns.”[2] This announcement follows a July 2025 decision by the Department of Justice to no longer defend the constitutionality of a provision of the Higher Education Act of 1965 (HEA) that authorizes grant funding to Hispanic-Serving institutions, after determining that such programs “violate the equal-protection component of the Fifth Amendment’s Due Process Clause.”[3]

On September 18, 2025, the Director of National Intelligence (DNI) issued the first order under the authority conferred by the Federal Acquisition Supply Chain Security Act (FASCSA), requiring exclusion and removal of products and services by an identified source.[1]

On September 4, 2025, the Small Business Administration’s (SBA) Office of Hearings and Appeals (OHA) granted an appeal challenging SBA’s determination that a service-disabled veteran did not control an entity applying for Service-Disabled Veteran-Owned Small Business (SDVOSB) status based on a minority owner’s ability to block certain actions in the matter of VSBC Appeal of: Blue Skye Foods, LLC, SBA No. VSBC-442-A.

On September 9, 2025, GSA released version 1 of the FAR Companion, a living resource guide aimed primarily at assisting federal acquisition professionals. The FAR Companion is designed to provide guidance and recommendations to acquisition professionals to better understand the FAR and related procurement principles for planning, awarding, managing, and closing out contracts. It consolidates practitioner insights, innovation and vendor engagement strategies, handbooks, training materials, and problem-solving ideas into one source.

On September 10, 2025, the Department of Defense (DoD) published a final rule (CMMC Clause Rule) that will apply its much-anticipated Cybersecurity Maturity Model Certification program (CMMC) to DoD contractors and subcontractors. Under the CMMC Clause Rule, starting on November 10, 2025, DoD can include CMMC requirements—potentially including third-party cybersecurity assessments—in contracts that require the handling of Controlled Unclassified Information (CUI) or Federal Contract Information (FCI).

The System for Award Management (SAM, available at sam.gov) is set to incorporate Revolutionary FAR Overhaul (RFO) changes as early as the first quarter of 2026. The RFO process, which began earlier this year, will trigger matching changes to representations and certifications in SAM.gov.

On August 29, 2025, the Department of Justice (DOJ) and the Department of Homeland Security (DHS) launched a cross-agency Trade Fraud Task Force to expand efforts to target importers and other parties committing trade-related fraud. As stated in a press release issued on August 29, the Task Force will augment the existing coordination mechanisms within the DOJ and DHS, for instance through partnerships with CBP and Homeland Security Investigations, to “aggressively” take enforcement measures against parties that commit tariff evasion or attempt to smuggle prohibited goods into the U.S.

On August 22, 2025, the Small Business Administration (SBA) published a proposed rule that would raise the receipts-based small business size standards across 259 industries and the asset-based size standard across 4 industries. The proposed rule aims to provide greater opportunity for growing small businesses to retain their small business status longer and continue to benefit from SBA loan programs and federal contracting opportunities reserved for small businesses.

In our latest Bloomberg Law article about the growing range of antitrust concerns facing government contractors, Crowell lawyers Michelle D. Coleman and Lauren Fleming explore best practices for contractors who are navigating antitrust investigations involving classified information. 

On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included:

On August 25, 2025, the Department of Defense (DoD) issued the Final Rule implementing Section 812 of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2024 (P.L. 118-31).  The Final Rule will take effect on October 24, 2025 via a new solicitation provision, DFARS 252.209-7012 (Prohibition Relating to Conflicts of Interest in Consulting Services – Certification).

On August 14, 2025, the Office of Federal Procurement Policy (OFPP) and the Federal Acquisition Regulatory Council (FAR Council) issued draft revisions to FAR Part 8 and FAR Part 12 (as well as to FAR Parts 4 and 40). These are the latest rewrites under the Revolutionary FAR Overhaul (RFO) initiative pursuant to Executive Order 14275, “Restoring Common Sense to Federal Procurement,” which we previously reported on here.

On August 18, 2025, the Small Business Administration (SBA) published a notice of tribal consultation to be held in Michigan on September 17, 2025. In addition to seeking input from the Native American community on the management and operation of SBA’s Capital Access and Government Contracting and Business Development programs, SBA is focusing on the nonmanufacturer rule (NMR).

GAO’s recent sustain of the protest filed by emissary LLC provides valuable lessons for potential offerors with respect to organizational conflict of interest (OCI) mitigation plans (and their impact on technical approach), as well as their descriptions of key personnel qualifications.

Earlier this year, we highlighted a notable Court of Federal Claims (CFC) decision recognizing that an energy savings performance contract (ESPC) contractor may be able to recover proposal preparation costs under the CFC’s bid protest jurisdiction. Now, in Siemens Government Technologies, Inc. v. United States, another CFC decision has reaches a similar conclusion and goes even further — also highlighting the potential to recover under the Court’s Contract Disputes Act (CDA) jurisdiction.