NDAA Will Impact Government Contractors, Supply Chains, and Federal Acquisition Process
On December 15, 2022, Congress passed the James M. Inhofe National Defense Authorization Act for Fiscal Year (FY) 2023 (NDAA or Act), which President Biden is expected to sign into law soon. The NDAA contains numerous provisions that impact government contractors, either directly or indirectly. Below are highlights of the important government contracts-related provisions, as well as some important provisions that were not included in the final version of the NDAA but may be later revisited by Congress. Some of these provisions will take effect immediately upon enactment of the NDAA, but others will require implementing regulations before contractors see any changes in acquisition policies and procedures.
Inflation relief and continued focus on supply chain readiness (Sections 822, 836, 858, 860, 861, 862). As with last year, the NDAA reflects Congress’s efforts to tackle difficulties arising from the COVID-19 pandemic—namely, impacts on the increased costs of contract performance and tightening supply chains. The NDAA recognizes the significant ways in which the high inflation rate is affecting government contractors and the overall supply chain, and grants the U.S. Department of Defense (DOD) additional authority in FY 2023 to modify fixed-price contracts for which costs to the contractor exceed the overall contract price, due solely to economic inflation. Although this authorization clears a path for contractor relief, it is important to note that the contracting officer retains discretion to implement any contract modifications, and they are also subject to funding availability. To that end, the NDAA authorizes additional funds above the President’s requested amount specifically to address the effects of inflation.
The NDAA also builds upon the supply chain readiness provisions included in the FY 2022 NDAA, demonstrating a continued emphasis on mitigating supply chain shortages and delays. DOD is required to analyze procurement activities to determine the defense industrial base’s capabilities to source all necessary goods either from suppliers in the United States or approved nations. These efforts must specifically include risk management analyses of DOD supply chains for pharmaceutical materials. DOD will also evaluate and further develop current innovative workforce training programs to reduce the shortage of skilled industrial workers in the defense industrial base and address the manufacturing requirements unique to critical sectors of the defense industrial base, including critical technologies for major weapon systems and other programs of record. In a potentially welcome shift, the NDAA also requires DOD to increase transparency of its needs and existing and potential requirements (known as procurement acquisition lead time, or PALT) related to key development areas so the private sector can better and more quickly respond to those needs.
Restrictions on certain foreign purchases (Sections 817, 855, 857, 1102A, 5949). In line with the NDAA’s emphasis on strengthening supply chains, the NDAA also places continued emphasis on “Made in America” laws and avoiding procurements involving certain countries or regions, particularly the People’s Republic of China, the Russian Federation, the Islamic Republic of Iran, and the Democratic People’s Republic of Korea. Semiconductors are singled out, with the NDAA prohibiting purchases of products originating from certain Chinese companies. The ban will take effect in five years, and the Federal Acquisition Regulatory Council will issue implementing regulations in three years. Wiley covered these restrictions in detail here. And the NDAA specifically requires contractors providing systems with permanent magnets containing rare earth elements and critical materials to disclose the provenance of the magnets to ensure, among other things, that the magnets have no connection to Chinese companies. The NDAA also authorizes the Director of National Intelligence to prohibit the intelligence community from acquiring foreign commercial spyware and from contracting with a company that has acquired foreign commercial spyware, subject to certain waiver provisions.
The NDAA also continues and expands procurement restrictions from previous NDAAs. First, continuing the prohibition in Section 848 of the FY 2022 NDAA, DOD is prohibited in FY 2023 from knowingly procuring products mined, produced, or manufactured either wholly or in part by forced labor from the Xinjiang Uyghur autonomous region, which potentially places a heavy burden on offerors to prove that products or their components did not originate from the prohibited areas. Second, the NDAA expands restrictions on DOD procurement of foreign-made unmanned aircraft systems (UAS) that were initially implemented in Section 848 of the FY 2020 NDAA. Here, in addition to the current restriction on acquisition of UAS from China, beginning on October 1, 2024, DOD will be expressly prohibited from procuring UAS from specific companies identified in the NDAA or by the U.S. Department of Commerce, as well as companies based in or controlled by entities in China, Russia, Iran, and North Korea.
Continued focus on small businesses (Sections 856, 871, 872, 875, 876). Congress continues to use the NDAA as a vehicle for supporting small businesses interested in providing goods and services to the Government. The DOD Mentor-Protégé, Small Business Innovation Research (SBIR), and Small Business Technology Transfer Research (STTR) programs will continue to serve as a means for small businesses with unique skills and capabilities to gain insight and exclusive opportunities to expand their reach in the Federal marketplace. Wiley discussed the SBIR/STTR programs’ recent renewal in the SBIR and STTR Extension Act of 2022 here. Building on that extension to the programs, the NDAA calls on DOD to develop objective metrics to assess the effectiveness of the SBIR/STTR programs in meeting the DOD’s mission needs.
The NDAA also requires DOD to establish a program to support small businesses in identifying attempts by malicious foreign actors to establish foreign ownership, control, or influence over the company or to gain access to vital technology the company is developing for DOD. This new commercial due diligence program will allow DOD to lend a hand to small businesses that may not otherwise have the resources to protect against such interference.
Streamlining procurement for innovative technologies and intellectual property (Sections 804, 841, 842, 882). The NDAA revises the authority and procedures for the rapid acquisition and deployment of services and goods in response to urgent operational needs and vital national security interests. Specifically, the NDAA codifies a streamlined communications process between the Chairman of the Joint Chiefs of Staff, the acquisition community, and the research and development community; procedures for rapidly acquiring and deploying newly developed capabilities; and procedures for determining the disposition of developed capabilities, including termination, continued sustainment, or transition to traditional procurement programs. It also creates a five-year pilot program allowing the Defense Counterintelligence and Security Agency to sponsor personal security clearances of “non-traditional” or small business contractors, particularly innovative technology companies, so the employees can quickly begin work under the contract while the Government completes the adjudication of the company’s facility clearance application. This should expand the pool of companies that are able to compete for contracts that involve classified work and speed performance of contracts for innovative technologies and research.
The NDAA expanded DOD’s authority for prototype projects resulting from “other transactions” to cover follow-on production contracts and transactions expected to cost more than $100 million. The NDAA also requires DOD to create guidelines and resources for the eventual implementation of unique intellectual property strategies DOD-wide supporting the use of modular open system approaches.
Increased burden on offerors to establish commerciality for major defense acquisitions (Section 803). For major weapon systems, the NDAA imposes additional requirements on the offeror to establish the commercial nature of any of the subsystems, components, and spare parts. To justify a commerciality determination for such items, offerors must now identify the specific comparable product that serves as the basis for an “of a type” assertion, as well as a comparative analysis between the products.
Investment and standards for technology (Sections 221, 234, 861, 1554). The NDAA also includes several provisions that seek to improve or standardize the technology DOD relies on. Two of those provisions aim to accelerate DOD’s implementation of 5G wireless broadband throughout DOD and its facilities. By July 30, 2023, DOD must set a target date for deploying 5G at all military installations and establish metrics for measuring progress. DOD will submit annual reports to Congress for the next five years on progress toward those metrics. DOD Assistant Secretaries also must develop and submit to Congress in 2023 their plans for implementing 5G in their respective departments within 3 years, including whether and to what extent they intend to use an open radio access network approach and any reasons for not doing so.
An additional provision directs DOD to develop a comprehensive strategy to increase competitive opportunities for U.S. companies to transition certain critical technologies—including artificial intelligence (AI) and machine learning, microelectronics, space technology, autonomous systems, and unmanned systems—into major weapons systems. A separate provision directs DOD to develop an implementation plan for rapidly adopting and acquiring AI systems and applications for certain DOD cyberspace operations.
Cybersecurity testing of certain commercial products acquired by DOD (Sections 1514, 1553). The NDAA includes several provisions addressing cybersecurity testing of certain products procured by DOD. One provision requires DOD to implement a policy for testing and evaluating the cybersecurity of the commercial cloud service providers that contract with DOD for storage or computing of classified DOD data. Another provision directs DOD to develop plans to test and evaluate commercial products that DOD acquires to meet its internal cybersecurity requirements, to ensure the products are effective and survivable prior to operation on a DOD network.
FedRAMP codification (Section 5921). The NDAA includes a provision codifying the General Services Administration’s Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that involves security assessments, authorization, and continuous monitoring for cloud products and services procured by the federal government. In an attempt to harmonize the required security assessments, the Act creates a presumption of adequacy with respect to agency authorization for products and services that have already received FedRAMP authorization.
Key provisions left out. Earlier versions of the NDAA included a Progress Payment Incentive Pilot program that outlined specific metrics that would allow DOD to issue progress payments to contractors, such as when the contractor is meeting milestone delivery dates or does not have open corrective action notices. This provision was not included in the final version of the NDAA. Additionally, the version that initially passed the House included a preference for offerors with labor union workforces. This labor union provision generated substantial controversy and was ultimately removed from the final version of the bill.
The version that passed the House also included a provision that would have codified the concept of Systemically Important Entities (SIEs). This provision would have both imposed regulatory obligations and conferred Intelligence Community support on companies designated as SIEs by the U.S. Department of Homeland Security. The final version of the NDAA does not address SIEs. Further, both the version that passed the House and the version that the Senate Armed Services Committee released in July included provisions related to Software Bill of Materials (SBOM) requirements for certain government contracts. The final version of the NDAA does not address SBOM requirements.
NDAA provisions that will result in changes to standard government contracts must be implemented through the agency rulemaking process, but contractors should begin considering how these changes might affect their business and the compliance obligations that may result. Wiley’s Government Contracts, Telecom, Media & Technology, and National Security practices closely track implementation of the NDAA and are prepared to update and help clients navigate any of the issues addressed by the law.