Section 847 of the National Defense Authorization Act (NDAA) for Fiscal Year 2020 marks a pivotal evolution in how the Department of Defense (DoD) approaches the risks of foreign ownership, control, or influence (FOCI) across the defense supply chain. Historically, FOCI evaluations were reserved for defense contractors and subcontractors who required access to classified information, with compliance obligations largely tied to the clearance requirements set forth by the National Industrial Security Program Operating Manual (NISPOM).
However, with Section 847, Congress has significantly broadened the reach of these regulations. In response, the DoD is finalizing a new Defense Federal Acquisition Regulation Supplement (DFARS) rule that will operationalize these changes—potentially affecting tens of thousands of contractors who never previously faced such scrutiny.
A Major Shift: Applying FOCI to a Much Wider Universe
One of the most significant aspects of Section 847 is its application well beyond the classified contracting world. Now, any company seeking to do business with the DoD on contracts or subcontracts exceeding $5 million—regardless of whether the work is classified—may be required to disclose its ultimate beneficial ownership and expose its organizational structure to FOCI evaluation. The intent is clear: adversarial foreign influence cannot be allowed to gain even indirect access to sensitive DoD activities, systems, or information by way of unexamined partnerships or investments.
DoD estimates suggest the practical result will be nothing short of transformative. The Defense Counterintelligence and Security Agency (DCSA), which oversees FOCI reviews, expects the annual number of required assessments to explode from approximately 2,000 (restricted to cleared facilities) to more than 41,000 companies, representing a massive expansion in oversight and compliance.
How the New Process Will Work
Section 847 would require FOCI reviews much earlier in the acquisition process—before contract award rather than after—and these requirements apply even to "uncleared" contractors working on unclassified efforts above the $5 million threshold. While contracts for commercial off-the-shelf products and services may be excluded, the DoD retains the authority to require FOCI reviews if there are specific risk factors, such as the potential compromise of sensitive data or technology.
Contractors will need to meet detailed pre-award disclosure obligations, including mapping out their beneficial ownership structures and identifying any foreign entities or individuals who could exercise significant influence over management or operations. These requirements will not be static. Instead, they will be triggered not only initially but also whenever there is a material change in ownership or potential foreign influence—meaning companies must keep compliance programs and reporting mechanisms continuously up to date.
Practical Ramifications for Contractors
This dramatic expansion brings with it a host of challenges. Contractors new to FOCI reviews will need to undertake time-consuming due diligence, possibly for the first time, and prepare to respond to DCSA inquiries with comprehensive documentation about ownership and control. The more complex a contractor's ownership structure, the higher the burden. DCSA's increased workload could, in turn, introduce additional delays in contract awards, and contractors may experience the need for enhanced internal capabilities to monitor and report FOCI-related changes promptly.
When a FOCI concern is identified, companies should be prepared for the DoD to require mitigation steps ranging from simple board resolutions to, in some cases, fundamental restructuring of the ownership chain or corporate governance.
Positioning for Compliance: Strategic Recommendations
Defense contractors seeking to remain competitive under Section 847 will need to implement proactive strategies, including:
- Conducting thorough reviews of their beneficial ownership and potential foreign influence prior to bidding on DoD contracts.
- Updating internal compliance policies and reporting protocols to address the new Section 847 and forthcoming DFARS requirements.
- Training relevant personnel, especially in contracts, compliance, and mergers and acquisitions, about the new definitions, triggers, and reporting thresholds related to FOCI.
- Importantly, in cases where foreign buyers or investors will acquire defense companies or companies with dual use or sensitive technologies, it will be important to also consider potential jurisdiction and filing requirements mandated by the Committee on Foreign Investment in the United States as well as notification requirements that could be triggered for defense companies under the International Traffic in Arms Regulations.
Looking Ahead
Section 847 signals a fundamental shift in the DoD's approach to supply chain security, reflecting concern over the potential for adversarial foreign actors to access U.S. defense innovations and data through even the most indirect means. For those who wish to continue doing business with the DoD, compliance with the expanded FOCI regime will soon be a baseline requirement even for uncleared contractors.
As the DFARS rule is finalized in the coming months, all organizations in the defense ecosystem should review their current readiness, identify potential vulnerabilities, and begin making the structural and policy changes needed to meet the new expectations. Failing to do so not only risks compliance violations and contract delays but could ultimately preclude companies from accessing the U.S. government marketplace altogether.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
