.svg?rev=a492cc1069df46bdab38f8cb66573f1c&hash=2617C9FE8A7B0BD1C43269B5D5ED9AE2)
At a Glance
- Federal agencies continued to issue mass modifications to contracts and to implement model deviation texts as the “Revolutionary FAR Overhaul” initiative continued with additional revisions.
- The FY 2026 National Defense Authorization Act and the Department of Defense’s Acquisition Transformation Strategy emphasized more commercial and competitive acquisitions, raising new risks and opportunities for contractors.
- Federal agencies continued to increase compliance enforcement efforts associated with cybersecurity and data protection, while also opening investigations into contractors and other federal funding recipients based on alleged antidiscrimination law violations resulting from diversity, equity, and inclusion (DEI) policies.
During the final quarter of 2025, federal agencies engaged in a range of policy and enforcement initiatives affecting federal contractors, grantees, and other recipients of federal funding. Specifically, federal agencies began implementing the “Revolutionary FAR Overhaul” (RFO) initiative in earnest by adopting mass modifications to contracts, even though the Federal Acquisition Regulatory Council (FAR Council) has yet to undertake its formal notice-and-comment rulemaking process to implement the proposed changes. Further, the FY 2026 National Defense Authorization Act (NDAA) codified a number of new policies that will affect defense contractors in the coming year, both in terms of funding priorities and bid protests. The Department of Defense (DoD) also announced major structural reforms regarding its acquisition process. Separately, DOJ initiated several cybersecurity and DEI-related False Claims Act investigations, raising compliance risks for contractors. We summarize several of these updates below.
Revolutionary FAR Overhaul Initiative: Implementation Updates
The RFO initiative entered a more active implementation phase during the final quarter of 2025. Agencies began issuing mass modifications to their contracts; and the FAR Council completed its model deviation texts, which capture the FAR Council’s revisions to all “overhauled” FAR parts. Although the model deviation texts are not directly binding on government contractors on their own, many of the deviation texts have been incorporated in recent months into existing and future contracts through agency mass modifications. For instance, on October 17, 2025, GSA announced that it would issue a mass modification to all Multiple Award Schedule (MAS) contracts to align Schedule terms with the RFO. The modification, ultimately released in November 2025, updated a range of clauses and provisions associated with acquisition requirements, removed certain nonstatutory requirements, and incorporated other “overhauled” provisions consistent with the FAR Council’s model deviation texts. A full list of clauses and provisions updated as part of the MAS “Refresh” are linked here and on GSA’s acquisition policy library. GSA also signaled that additional refreshes would follow as the FAR Council moves from deviations to formal rulemaking, while other agencies have also continued to issue class deviations to implement the RFO.
We previously covered several of the most significant proposed changes to the FAR as part of our last quarterly update, including changes to FAR Part 19 (Small Business Programs), which affect an agency’s discretion to implement the “Rule of Two.” More recently, as part of its revisions to FAR Part 2 (Definitions) and Part 23 (Environment, Sustainable Acquisition, and Material Safety), the FAR Council also narrowed the definition of “sustainable products” to now exclude specific references to EPA purchasing programs (e.g., WaterSense-labeled products, Safer Choice-certified products, products and services meeting EPA Ecolabel recommendations). Although the change itself reflects a relatively minor shift in regulatory and compliance obligations for federal contractors, it also signals the FAR Council’s intent to make meaningful revisions prior to effectuating final changes to the FAR through a formal notice-and-comment rulemaking process.
The Office of Federal Procurement Policy (OFPP) also solicited feedback through a public comment process that ended on January 7, 2026, seeking industry input on the clarity of the deviation text, the structure and content of the FAR Companion Guide, the proposed removal of various nonstatutory requirements, and the formal rulemaking process more generally. Federal contractors should continue to monitor class deviations issued by their respective contracting officers and coordinate with counsel to clarify their compliance obligations, as needed. Submission of comments to OFPP can be critical, particularly if changes are proposed during the formal rulemaking process that may affect existing contracts and business opportunities for federal contractors.
Publication of the FAR Companion Guide and Supplemental Materials
In October 2025, the FAR Council released a revised FAR Companion Guide, a nonregulatory document intended to accompany the rewritten FAR and support the transition to the RFO. The Companion Guide consolidates federal acquisition policies, practices, and explanatory material to be utilized by both contracting entities and federal agencies in managing federal awards. Key features in the Companion Guide include plain-language explanations of statutory requirements, cross-references to agency buying guides and supplemental policies, and implementation notes for contracting officers transitioning from the previous FAR text. To the extent the Companion Guide includes language previously incorporated in a corresponding FAR provision, the reference in the Companion Guide is not legally binding and agencies are not bound by any relevant requirements.
Most importantly for current contractors, each RFO subpart is also accompanied by a “practitioner album,” summarizing key changes made by the deviation (including a rough “line-out” document to reflect edits) and additional resources regarding implementation practices. Notably, neither the “practitioner albums” nor the Companion Guide constitute mandatory compliance requirements or carry legal authority. Still, the Companion Guide is expected to serve as the primary vehicle for policy interpretation from the FAR Council going forward (or at least until the FAR Council issues its formal notice-and-comment rulemaking to revise the FAR text itself).
Implications for Contractors in 2026
Looking ahead, federal contractors should expect the FAR Council to undertake a formal notice and rulemaking to codify the deviation text and restructure the FAR. However, we anticipate that the comment period will be significantly truncated, so it will be important to review and file comments on an expedited basis. Additionally, federal contractors should anticipate additional updates to the FAR Companion Guide (including potential agency-specific supplements), further class deviations, and integration with the Department of Defense’s new Acquisition Transformation Strategy, discussed below.
Defense Industry Updates
Department of Defense Acquisition Updates
In November 2025, Department of Defense (DoD) Secretary Pete Hegseth announced a series of acquisition reforms through the issuance of several strategic documents and memoranda, which, taken together, are intended to implement Executive Order (EO) 14265, “Modernizing Defense Acquisitions and Spurring Innovation in the Defense Industrial Base.”) The reforms are intended to “prioritiz[e] speed, flexibility, and rigorous execution” of acquisitions across the Defense Industrial Base.
The first reform was the new DoD Acquisition Transformation Strategy (the Strategy), issued on November 10, 2025. At a high level, the Strategy identifies five pillars to advance EO 14265: (1) rebuild the defense industrial base; (2) elevate and empower the acquisition workforce; (3) maximize acquisition flexibility through reduced regulations and processes; (4) develop high-performance systems through technical and execution excellence; and (5) improve lifecycle risk management. Of particular relevance for defense contractors, the Strategy aims to expand the industrial base and prioritize nontraditional contractors, while also prioritizing a “commercial first” buying process by relying on direct-to-supplier relationships instead of solely relying on prime contractors. The Strategy also aims to award “bigger, longer deals” to contractors to incentivize long-term capital investments and production capacity. Accelerating and leveraging private capital investment is also cited as a strategy for rebuilding and expanding the industrial base and to “accelerate the creation of new companies, expand current factory production rates, and improve innovation.” Although each of these strategies may present new opportunities for defense contractors in the coming year, DoD’s emphasis on commercial acquisition strategies signals to contractors to highlight their most innovative and efficient commercial offerings in proposals to align with the administration’s priorities.
As part of efforts to “maximize acquisition flexibility,” DoD also outlined a range of priorities related to “removing unnecessary process and reducing regulations” associated with defense procurement. Many of these changes may be internal facing to the DoD (e.g., establishing portfolio scorecards, modernizing testing infrastructure) or serve as precursors to policies articulated in the FY 2026 NDAA (e.g., transitioning a greater number of contracts from Cost Accounting Standards (CAS) requirements to Generally Acceptance Accounting Principles (GAAP)). Other changes, like the stated priority to “slash rules down to only what is absolutely vital and remove anything that slows down government contracts” in the FAR and Defense Federal Acquisition Regulation Supplement (DFARS), must be implemented over time — particularly where formal notice-and-comment rulemaking is required or where DoD must continue to abide by existing statutory requirements (e.g., the Truth in Negotiations Act). Contractors should anticipate additional DFARS revisions relating to procurement reform in the coming year.
In addition to the Acquisition Transformation Strategy, DoD issued two companion memoranda designed to align departmental requirements and acquisition procedures with the Strategy’s focus on speed and flexibility. The first memo, “Transforming the Defense Acquisition System into the Warfighting Acquisition System to Accelerate Fielding of Urgently Needed Capabilities to Our Warriors,” redesignates the acquisition enterprise as the Warfighting Acquisition System (WAS) and establishes Portfolio Acquisition Executives (PAEs) with consolidated authority over program outcomes, budget execution flexibility, and direct reporting chains. The memorandum sets strict implementation timelines (e.g., 30 days for developing guidance, 60 days for implementation plans) and mandates structural reforms such as aligning contracting officers under PAEs, maximizing use of “commercial-first” and alternative procurement methods, and reducing regulatory guidance (e.g., updating 5000-series instructions). The second memo, “Reforming the Joint Requirements Process to Accelerate Fielding of Warfighting Capabilities,” is more narrowly focused on directing revisions to the joint requirements process at DoD with the goal of “streamlining and accelerating acquisition.”
Even in light of these reforms, defense contractors remain subject to a wide range of existing contractual and regulatory requirements, particularly those relevant to cybersecurity standards and export controls. Federal contractors should prepare for additional policy announcements and rulemakings from DoD that will both affect key compliance obligations and present new procurement opportunities.
FY 2026 NDAA Updates
The FY 2026 NDAA, signed into law on December 18, 2025, not only authorizes significant funding for DoD and related national security programs, but also includes various acquisition reform provisions and other clauses impacting existing and prospective defense contractors.
Bid Protest Reforms
Perhaps most significantly, Section 875 of the NDAA is intended to deter incumbent defense contractors from filing unsubstantiated bid protests at the Government Accountability Office (GAO) simply to secure an automatic stay of performance — thereby obtaining a desired contract extension or bridge contract. Section 875 directs DoD to revise the DFARS to permit limited withholding of payments from an incumbent contractor that files a GAO bid protest that is later dismissed as lacking any reasonable legal or factual basis. The provision applies only in circumstances where the protest delays award and necessitates continued performance by the incumbent through a bridge or extension contract, and caps the withholding of payments at 5% of the total amount to be paid to an incumbent contractor. Although the provision does not apply to agency-level protests or protests filed at the U.S. Court of Federal Claims, it nonetheless shifts the risk calculus for incumbent defense contractors at GAO. The NDAA directs DoD to implement these new procedures within 180 days of enactment — i.e., by June 16, 2026.
Defense Acquisition Reforms
Various sections of the NDAA also focus on defense acquisition reforms, several of which were previously articulated in EO 14265, issued on April 9, 2025. For example, Section 1801 directs the Secretary of Defense to issue guidance that requires resource decisions for the defense acquisition system to “prioritize best value” and pursue “innovative solutions” to enhance the effectiveness of the armed forces, “including the acquisition and integration of commercial products and commercial services.” This focus on commercial products and commercial services is present throughout the NDAA. For instance, Section 1822 of the NDAA requires DoD to establish a new process for determinations regarding the nonavailability of commercial products or services before utilizing noncommercial items to fulfill procurement needs under 10 U.S.C. § 3453 (“Preference for commercial products and commercial services”). Additionally, Section 1828 of the NDAA similarly directs the Secretary of Defense to conduct a comprehensive review of DoD’s approach to acquiring commercial products and commercial services, while Section 1823 provides greater flexibility for DoD to utilize Commercial Solutions Openings — intended to make it easier for the agency to acquire commercial products and services as part of follow-on production agreements.
Separately, Section 1804 increases the dollar threshold for requiring submission of certified cost or pricing data from approximately $2 million to $10 million for prime contracts awarded after June 30, 2026, potentially reducing administrative burdens and intensive cost scrutiny for a greater number of contractors going forward. Section 1826 further aims to eliminate administrative barriers for nontraditional defense contractors by directing DoD to exempt such contractors (including all small businesses) from being bound by FAR Part 31 cost principles and from other certified cost and pricing data requirements. At a higher level, Section 824, titled “Increasing Competition in Defense Contracting,” directs DoD to issue guidance expanding how past performance is evaluated in defense procurements. Under this provision, DoD must clarify when it should accept commercial contract past performance and other nongovernment references as relevant for source selection, provide methods to validate those references, and identify circumstances in which alternative evaluation methods — such as technology demonstrations or testing — are appropriate for requirements without significant precedent. The provision is generally aimed at making past performance evaluation more inclusive of nontraditional and commercial experience to attract a broader set of suppliers into the defense industrial base.
Cybersecurity Initiatives
The NDAA also reflects the federal government’s increased focus on cybersecurity enforcement and policy development, as well as a focus on enforcement of requirements relating to the protection of covered data. Section 866 directs DoD to “harmonize the cybersecurity requirements applicable to the defense industrial base across the Department of Defense,” while also reducing duplicative or inconsistent cyber obligations and aligning DoD’s cyber compliance framework with broader federal initiatives. These provisions may influence future DFARS rulemakings and may intersect with the Department of Justice’s (DOJ) expanding cyber-related False Claims Act (FCA) enforcement actions. Similarly, Section 1512 directs DoD to develop and implement a comprehensive Department-wide cybersecurity and governance policy for artificial intelligence (AI) and machine learning (ML) systems used by the Department. Section 1513 further requires DoD to establish a risk-based framework for cybersecurity and physical security procurement requirements specifically for covered AI/ML systems. The framework must incorporate recognized standards (e.g., NIST SP-800, Cybersecurity Maturity Model Certification (CMMC) requirements) and address supply-chain risks, adversarial tampering, data theft, workforce vulnerabilities, and elevated protections for systems of greatest national security concern. DoD may amend the DFARS or use similar mechanisms to mandate compliance by contractors that develop, deploy, host, or store these technologies, and it must provide an implementation timeline and reporting plan to Congress. For defense contractors, these provisions foreshadow new contractual cybersecurity obligations for AI/ML systems and integration of these requirements into DFARS and the emerging CMMC regime, raising compliance standards for advanced technologies provided to DoD.
Drone Procurement Security Framework
On November 21, 2025, the Office of Management and Budget (OMB) issued Memorandum M-26-02, “Ensuring Government Use of Secure Unmanned Aircraft Systems and Supporting United States Producers,” establishing a government-wide policy framework governing the procurement and use of unmanned aircraft systems (UAS or drones). The guidance responds to statutory direction under the American Security Drone Act and broader national security concerns including reliance on foreign-manufactured drones, supply-chain risks, and embedded cybersecurity vulnerabilities (particularly from adversarial sources). The memorandum mandates that federal agencies prioritize the acquisition and use of secure, U.S.-made or allied-aligned UAS technologies and reduce dependency on drones or components that could pose strategic, supply chain, or data security risks.
Under the new framework, federal agencies must adopt procurement policies that emphasize security assurances, supply-chain risk management, and domestic industrial base support, with a focus on minimizing exposure to adversarial technology that could undermine mission integrity or introduce hidden vulnerabilities. For government contractors, the new framework introduces compliance risks and competitive considerations across federal solicitations involving UAS systems or related components, particularly as contractors may be required to provide certification or documentation regarding origin, supply-chain controls, and security practices associated with new procurements. Contractors performing federally-funded projects — even at the state level — may be required to cease operations, maintenance, or data processing where those activities involve UAS manufactured by (or subject to the control of) covered foreign entities.
Contractors providing UAS-related products should consider reviewing their cybersecurity practices and establishing traceable supply-chain assurances for onboard software, firmware, and other UAS elements. Contractors should also monitor new agency-specific guidance to implement the M-26-02 framework and any related FAR Council actions.
Enforcement and Protest Updates
Increased Focus on False Claims Act Enforcement
The final quarter of 2025 saw a marked expansion in DOJ’s use of the FCA against federal contractors, particularly in the areas of cybersecurity compliance and DEI policy initiatives. While DOJ has historically utilized the FCA to combat fraud against the government in the defense and health care sectors, its expanded use in cybersecurity enforcement actions and separately under the “Civil Rights Fraud Initiative“ represent a shift in FCA risk exposure for federal contractors and grant recipients.
Although DOJ’s Civil Cyber-Fraud Initiative was originally launched under the Biden administration in October 2021, recent DOJ enforcement actions and settlements make clear that FCA liability will continue to extend beyond traditional billing and price reporting misconduct into broader cybersecurity obligations and representations. Several major FCA settlements, such as the one described in a December 5, 2025, DOJ press release, have resolved allegations that contractors falsely certified compliance with contractual cybersecurity requirements, including vulnerability scanning and security control obligations under federal contracts. In particular, key risk points for federal contractors include inaccurate self-attestations and representations regarding compliance with NIST standards and agency-specific cybersecurity frameworks; failure to comply with incident reporting obligations; and insufficient subcontractor oversight. Given the language in the FY 2026 NDAA requiring agencies to “harmonize” cybersecurity requirements across the defense industrial base, contractors should expect continued FCA actions focused on cybersecurity compliance.
Starting in the fourth quarter of 2025, DOJ also began initiating investigations into the DEI practices and policies of federal funding recipients and contractors to identify potential FCA liability based on alleged violations of civil rights and antidiscrimination laws. These investigations are consistent with DOJ’s May 2025 memorandum establishing the Civil Rights Fraud Initiative, which set forth a coordinated enforcement framework expressly authorizing use of the FCA to pursue claims against recipients of federal funds who “knowingly violate federal civil rights laws” and falsely certify compliance with those laws in funding applications and claims. Although these investigations have thus far relied primarily on an unusual (and largely untested) application of the FCA by asserting that companies knowingly misled the government regarding allegedly discriminatory hiring or promotion practices, the investigations themselves can impose significant burdens on federal contractors regardless of outcome.
Combined with ongoing cyber-related FCA cases, DOJ’s recent investigations signal a broader enforcement posture associated with all certifications or representations submitted to a federal agency tied to any federal funding. Relatedly, the White House’s announcement that it would be launching its own efforts to investigate fraud — despite potential issues of jurisdiction and legality associated with those efforts — further underscores the unprecedented nature of the current enforcement environment. As such, federal contractors should be especially diligent and confirm accuracy of any certifications and representations, including those made in connection with cybersecurity protocols and antidiscrimination laws, and consider regular compliance reviews and remediation actions in advance of potential government inquiries.
SBA 8(a) Program Audit and Financial Document Request
In December 2025, the Small Business Administration (SBA) issued letters to all active 8(a) Business Development Program (the 8(a) Program) participants, directing participants to produce extensive financial documentation as part of an expanded eligibility review process. Among other items, SBA requested that each 8(a) entity provide — for the last three fiscal years — general ledgers and bank statements, payroll registers, lists of all employees and vendors, copies of all 8(a) contracts and subcontract agreements related to 8(a) contracts, and financial statements (i.e., balance sheets, cash flow statements, etc.).
In its announcement of the initiative, SBA described the directive as part of a broader effort to “expose fraud, waste, and abuse” across the 8(a) Program, and specifically referenced recent DOJ investigations into evidence of misconduct within the 8(a) Program. Document submissions were due to SBA on Monday, January 19. Accordingly, 8(a) entities should anticipate increased scrutiny from SBA as a result of the initiative and ensure that internal financial controls and documentation practices are aligned with all SBA requirements and applicable laws and regulations. 8(a) entities should also prepare for potential follow-up inquiries from SBA resulting from the program review, particularly for entities with complex ownership structures or those nearing economic disadvantage thresholds. In addition, small businesses, particularly women-owned small businesses (WOSBs) and minority-owned small businesses, should expect to be a focus of enforcement going forward.
GAO Bid Protest Annual Report
Finally, GAO released its FY 2025 Bid Protest Annual Report to Congress on December 12, 2025. The report reflects continued stability in protest activity, with a total of 1,617 protests, 24 cost claims, and 47 requests for reconsideration. In total, 1,688 protests were filed in FY 2025, down 6% compared to 1,803 in FY 2024. GAO issued 380 merit decisions, with 53 sustains, which reflected a modest decline in the sustain rate from 16% in FY 2024 to 14% in FY 2025.
The three most prevalent reasons for sustaining protests included: (1) unreasonable technical evaluations (e.g., crediting offerors for capabilities not expressly proposed); (2) unreasonable cost or price evaluations (e.g., attempts by agencies to cure missing cost-information post-award); and (3) unreasonable rejections of proposals (e.g., reliance on unstated evaluation criteria).The Annual Report also reflected a 52% “effectiveness rate,” indicating how often a protester obtained some form of relief from the agency, whether it be from voluntary agency corrective action or through GAO sustaining a protest. GAO only conducted hearings in three cases, continuing a multiyear trend of minimal usage of formal hearings in the federal bid protest context. Additionally, although usage of alternative dispute resolution remains rare (i.e., only used in 53 cases in FY 2025, down from 76 in FY 2024), the percentage of cases resolved without a formal GAO decision after ADR remained especially high (i.e., 91%). There was only one instance in which an agency declined to fully implement GAO’s recommendation, with the agency citing security and delay concerns.
What’s Next?
The federal government is positioned to continue developing new contracting policies and practices in 2026 and has already been active in the first few weeks of the new year. For instance, on January 7, 2026, President Trump issued an executive order titled “Prioritizing the Warfighter in Defense Contracting,” directing the Secretary of Defense to identify “underperforming” contractors within 30 days and restrict those contractors’ ability to engage in stock buybacks, advocacy efforts, and certain executive compensation practices “during a period of underperformance, non-compliance with the contractor’s contract, insufficient prioritization of the contract, insufficient investment, or insufficient production speed as determined by the Secretary of Defense.” Within 60 days, DoD is directed to incorporate new mandatory clauses into all future defense contracts to formalize these restrictions, raising potential compliance and performance risks for contractors. Given the complicated accounting systems and practices required of federal defense contractors, it remains unclear how DoD will define and identify “underperformance” or “insufficient prioritization,” and how it will enforce the EO’s requirements. The EO is nonetheless consistent with the administration’s efforts to exercise greater oversight of federal contractors and other recipients of federal funding, particularly in the defense contracting space.
Federal contractors should expect continued movement in 2026, including a formal rulemaking to codify the RFO, additional agency-level FAR deviations, and early implementation steps under the FY 2026 NDAA and the DoD’s Acquisition Transformation Strategy. Federal contractors may also see additional developments reflecting President Trump’s revised National Security Strategy, published by the White House in November 2025. Further, internal restructuring within federal agencies — particularly within DoD, the Department of Energy (DOE), and the Department of Veterans Affairs (VA) — may result in new funding opportunities and revised federal acquisition policies. Contractors and federal grant recipients should also remain apprised of DOJ’s FCA enforcement actions, particularly where such actions signal heightened scrutiny of contractor representations and policies.
We will continue to monitor these developments and encourage federal contractors and grant recipients with concerns to contact counsel to engage in compliance risk assessments and contract reviews as needed, particularly as agencies contemplate pursuing enforcement actions with greater frequency going forward.
For More Information
Faegre Drinker’s government contracts team will continue to monitor additional regulatory and legislative developments in the coming months. For further information you may contact the authors.
