Insights

On March 26, 2026, President Trump issued an executive order (EO) titled Addressing DEI Discrimination by Federal Contractors. The EO declares diversity, equity, and inclusion (DEI) “activities” “unethical and often illegal,” and imposes new obligations on federal contractors and subcontractors related to DEI programming. Contractors that do business with the federal government — or that work as subcontractors for companies that do — should review the EO closely to determine the extent to which they are compliant with the new requirements.

False Claims Act (FCA) settlements and judgments hit record highs yet again in FY 2025, surpassing the previous record by over $1 billion and setting a new high-water mark for the number of new FCA cases filed.  These records were built both on existing enforcement priorities such as pandemic-related fraud and healthcare enforcement actions and new guidance from the Executive Branch instructing the Department of Justice to enforce its 2025 priorities including Diversity, Equity, and Inclusion (DEI), civil rights, and customs issues.  Procurement fraud, cybersecurity issues, and small business fraud also remained focal points, with significant settlements in each of those areas.  In the courts, an Eleventh Circuit decision expanded relators’ ability to use discovery to avoid dismissal under Rule 9(b), and a Ninth Circuit ruling clarified a number of customs fraud issues while applying the Supreme Court’s Schutte scienter test.  Debate over the qui tam provisions’ constitutionality continued to grow, with arguments made in multiple circuits, including an Eleventh Circuit oral argument in the appeal of the Middle District of Florida’s Zafirov decision that helped to spark the recent wave of challenges.  Crowell FCA attorneys explain these developments, trends, and what’s next for the FCA in a “Feature Comment” published in The Government Contractor.

On March 6, 2026, the General Services Administration (GSA) issued a significant proposed contract clause, GSAR 552.239-7001, Basic Safeguarding of Artificial Intelligence Systems (“Clause”), for inclusion in GSA Schedule solicitations and contracts for AI capabilities.  The proposed clause would impose substantial new requirements related to AI sources, intellectual property rights, data use, change management, and performance standards.  The Clause would also take precedence over any other contract terms (including commercial licensing terms) related to AI, including a Seller’s terms of sale and service to which the Government had previously agreed.  GSA requests comments by March 20, 2026.

On March 10, 2026, the Department of Justice released the first-ever Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy (the “Department-wide CEP” or “Policy”), which applies to all non-antitrust corporate criminal cases across the Department. The new policy has been anticipated since December 2025, when Deputy Attorney General Todd Blanche announced the Department’s plans to release a new, single corporate enforcement policy for all criminal matters. According to the Department, the new policy is designed to “help ensure consistency across the Department” and “transparently describe the Department’s policies and decisionmaking.”

On February 17, 2026, the Federal Acquisition Regulatory Council (FAR Council) released a Proposed Rule (Proposed Rule) to implement Section 5949(a) of the James M. Inhofe National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2023 (Section 5949), following the FAR Council’s May 3, 2024 Advanced Notice of Proposed Rulemaking (ANPR).  Comments on the proposed rule are due by April 20, 2026.

On February 13, 2026, the U.S. Department of Homeland Security (DHS) announced upcoming virtual town hall meetings scheduled for March 2026 regarding the implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).  The meetings will allow industry stakeholders to provide input to DHS to refine the “scope and burden” of the forthcoming CIRCIA final rule.

Last week, the Federal Circuit heard oral argument in Global K9 Protection Group, LLC v. United States, a bid protest appeal concerning, in part, whether an awardee who chose not to intervene at the outset of the protest should have been allowed to do so after its award was enjoined.

Congress has not passed funding bills to keep key parts of the government funded for the remainder of Fiscal Year 2026—including the Departments of Defense, State, Treasury, Labor, Health and Human Services, Transportation, Housing and Urban Development, and Homeland Security, as well as independent agencies, the judiciary, and national security and foreign operations functions. As Congress continues to negotiate a deal in advance of the expiration of funds on January 30, parts of the government may still face a short shutdown, given the time needed for both the Senate and the House to consider and approve legislation. In anticipation of that possibility, agencies whose funding is uncertain are preparing for a shutdown; contractors, grant recipients, and companies that work with those agencies should do the same. Our team is ready and available to advise through the shutdown process.

As we previously reported, on January 16, 2026, the Department of War (DoW) announced an audit of 8(a) sole source awards over $20 million, joining the previously-announced audits by the Small Business Administration (SBA) and U.S. Treasury Department (discussed here and here).  A DoW memorandum also dated January 16, 2026 but only recently made public reveals that this audit is much broader in than originally announced.  Any active 8(a) sole source contract, 8(a) set-aside contract, or small business set-aside contract over $20 million is under scrutiny. 

On January 23, 2026, Office of Management and Budget (OMB) Director Russell T. Vought issued OMB Memorandum M-26-05 (Memo). The Memo rescinds prior OMB memoranda (M-22-18 and M-23-16) that required federal agencies to collect the Secure Software Development Attestation Form from entities selling software or products containing software to the U.S. government. The Trump administration previously retracted a Biden administration directive that called for formalization of the Attestation Form collection process in the Federal Acquisition Regulation (FAR). Many in industry saw this as a sign that the Trump administration disfavored the Attestation Form. Now, the Memo has gone one step further to officially terminate agencies’ obligation to collect the Form from their software suppliers.

The Small Business Administration (SBA) has rolled out changes to its 8(a) Program even as it suspends 8(a) participants for failure to respond to the SBA’s December 5, 2025 8(a) audit letters.

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide initiative established to standardize the security assessment, authorization, and continuous monitoring of cloud products and services used by federal agencies. FedRAMP’s primary objective is to ensure that cloud service providers (CSPs) implement robust security controls to protect federal information in cloud environments. By leveraging a consistent framework for security assessment and authorization, FedRAMP is intended to reduce duplication of effort, cost, and time for both agencies and vendors.

On January 16, 2026, U.S. Secretary of War Pete Hegseth posted a video on social media outlining the U.S. Department of War’s (DoW) plan to combat fraud, waste, and abuse in the Small Business Administration’s (SBA) 8(a) Business Development Program. 

On January 14, 2026, the United States filed a lawsuit against the State of Minnesota in federal district court, challenging the state's affirmative action requirements for civil service employment as violations of Title VII of the Civil Rights Act of 1964 (“Title VII”). This action comes almost a year after President Trump issued Executive Order 14173, which rescinded federal affirmative action requirements for federal government contractors and set up a potential conflict between federal requirements and certain state contracting requirements. The United States has designated this case as a matter of general public importance. This entitles the federal government to an expedited review by a three-judge panel at the district court with direct appeal to the United States Supreme Court—setting the path for a show-down on affirmative action in employment at the highest court.

On January 8, 2026, the Trump Administration announced the creation of a new Division for National Fraud Enforcement within the Department of Justice (DOJ). The division will be led by a newly appointed Assistant Attorney General (AAG), pending Senate confirmation, who will report directly to both the President and Vice President and operate out of the White House. Such a reporting structure is unprecedented in the history of the DOJ.

On December 17, 2025, the U.S. Food and Drug Administration (FDA) issued a request for information (RFI) on a proposal designed to help the FDA engage more directly with innovative, venture-backed companies focused on biotechnology, medical devices, AI, and regulatory technology.[i]The RFI includes 19 questions, with responses due by 2:00 p.m. ET on January 18, 2026.

In an important first, the yearly defense policy law, the National Defense Authorization Act (NDAA) for Fiscal Year 2026, directs the Department of Defense (DoD)  to develop and implement a framework addressing the cybersecurity and physical security of artificial intelligence and machine learning technologies (AI/ML) acquired by the Pentagon.

GAO’s key personnel rule is well-known—and often a source of frustration— amongst government contractors.  Proposed key personnel who become “unavailable” prior to contract award—especially where they have accepted employment with a different company—may doom an offeror’s proposal by rendering it noncompliant with solicitation requirements.  But GAO’s recent decision in FYI – For Your Information, Inc., B-423774, B-423774.2 (Dec. 19, 2025) provides some potential relief from that rule. 

Earlier this month, the Department of Justice (DOJ) announced that Swiss Automation Inc., an Illinois-based precision machining company, agreed to pay $421,234 to resolve allegations that it violated the False Claims Act (FCA) by inadequately protecting technical drawings for parts delivered to Department of Defense (DoD) prime contractors.  This settlement reflects DOJ's persistent emphasis on cybersecurity compliance across all levels of the defense industrial base, reaching beyond prime contractors to encompass subcontractors and smaller suppliers.  The settlement is also a reminder to all contractors not to overlook the often confusing relationship between Controlled Unclassified Information (CUI) and export-controlled information.

On December 19, 2025, the Department of Justice (DOJ) announced a $54.4 million settlement with Ceratizit USA, LLC, a distributor of tungsten carbide products, resolving allegations that the company violated the False Claims Act (FCA) by evading customs duties on products imported from China. This settlement is believed to be the largest ever customs-related FCA resolution, and this high-water mark underscores the government’s heightened enforcement focus on tariff evasion.