ARTICLE
13 December 2024

Defense Contractors On Notice: Proposed Rule Will Require Disclosure Of Foreign Access To Source And Computer Code

On November 15, 2024, the U.S. Department of Defense (DoD) issued a proposed rule to implement section 1655(a) and (c) of the National Defense Authorization Act for fiscal year 2019 (Pub. L. 115-232)...
United States Government, Public Sector

Key takeaways

  • Proposed rule imposes disclosure conditions on defense contractors to address national security risks.
  • Offerors must disclose past and current foreign access to source and computer code and any export licenses for information technology products.
  • Contractors must maintain and update disclosures throughout the contract term.

Overview of the proposed rule

On November 15, 2024, the U.S. Department of Defense (DoD) issued a proposed rule to implement section 1655(a) and (c) of the National Defense Authorization Act for fiscal year 2019 (Pub. L. 115-232), aiming to enhance cybersecurity and mitigate national security risks. The rule would prohibit DoD from acquiring certain information technology (IT), cybersecurity or weapon systems products and services unless contractors disclose foreign access to their source and computer code. Under the proposed rule, contractors must affirm whether they have allowed, or are obligated to allow, foreign persons or governments to review noncommercial code developed for DoD use. Contractors must also disclose whether they have sought export licenses for custom-developed IT components or software related to DoD procurements. Post-award, contractors must maintain and update these disclosures for the duration of the contract. Viewed in the aggregate, the rule empowers DoD to implement risk mitigation measures and impose conditions on agreements to safeguard national security interests.

Impact of the proposed rule

The proposed rule introduces robust safeguards to protect national security by ensuring transparency in the acquisition of products, systems and services involving sensitive IT. By requiring contractors to disclose historical and ongoing foreign access obligations dating back to August 12, 2013, the rule demonstrates DoD's commitment to addressing both current and past risks. Post-award monitoring mechanisms further enhance oversight by mandating that contractors update disclosures throughout the contract term. This proactive measure aligns with broader federal initiatives to secure critical infrastructure and defense operations from cyber threats and foreign influence. By equipping DoD with comprehensive data and oversight tools, the rule strengthens supply chain integrity and reinforces the government's commitment to maintaining its technological and operational edge.

Conclusion

The proposed rule marks a significant step in safeguarding U.S. defense systems and technology from foreign exploitation, emphasizing rigorous disclosure and active risk mitigation to secure DoD's supply chain and operational technology. For contractors, it underscores the need for transparency, compliance and adaptability to meet heightened security expectations. As the rule progresses toward finalization, stakeholders should proactively assess their practices, including source code access policies, historical disclosures and export licensing procedures, to align with the proposed requirements. In doing so, contractors can ensure seamless compliance and avoid disruptions in their engagements with DoD. Interested parties must submit comments on or before January 14, 2025, to be considered in the formation of a final rule.

This article is presented for informational purposes only and is not intended to constitute legal advice.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More