Photo of Robert Huffman

Robert Huffman

Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing information security and the reporting of cyber incidents, the Cybersecurity Maturity Model Certification (CMMC) program, the requirements for secure software development self-attestations and bills of materials (SBOMs) emanating from the May 2021 Executive Order on Cybersecurity, and the various requirements for responsible AI procurement, safety, and testing currently being implemented under the October 2023 AI Executive Order. 

Bob also represents contractors in False Claims Act (FCA) litigation and investigations involving cybersecurity and other technology compliance issues, as well more traditional government contracting costs, quality, and regulatory compliance issues. These investigations include significant parallel civil/criminal proceedings growing out of the Department of Justice's Cyber Fraud Initiative. They also include investigations resulting from False Claims Act qui tam lawsuits and other enforcement proceedings. Bob has represented clients in over a dozen FCA qui tam suits.

Bob also regularly counsels clients on government contracting supply chain compliance issues, including those arising under the Buy American Act/Trade Agreements Act and Section 889 of the FY2019 National Defense Authorization Act. In addition, Bob advises government contractors on rules relating to IP, including government patent rights, technical data rights, rights in computer software, and the rules applicable to IP in the acquisition of commercial products, services, and software. He focuses this aspect of his practice on the overlap of these traditional government contracts IP rules with the IP issues associated with the acquisition of AI services and the data needed to train the large learning models on which those services are based. 

Bob is ranked by Chambers USA for his work in government contracts and he writes extensively in the areas of procurement-related AI, cybersecurity, software security, and supply chain regulation. He also teaches a course at Georgetown Law School that focuses on the technology, supply chain, and national security issues associated with energy and climate change.

Small Person Using Calculator

The Government Accountability Office (“GAO”) released a report on the Defense Contract Audit Agency’s (“DCAA”) past and future use of private-sector, independent public accountants to augment its auditor workforce. The initiative—approved under Section 803 of the Fiscal Year (“FY”) 2018 National Defense Authorization Act (“NDAA”)—began in fiscal year 2020 and

Continue Reading GAO: DCAA Built a Valuable Bench of Independent Public Accountants, Now What?

This is the third blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in April 2025. 

NIST Publishes Initial Draft of Guidance for High Performance Computing Systems

U.S. National

Continue Reading April 2025 Cybersecurity Developments Under the Trump Administration

This is part of an ongoing series of Covington blogs on the AI policies, executive orders, and other actions of the Trump Administration.  This blog describes AI actions taken by the Trump Administration in April 2025, and prior articles in this series are available here.

White House OMB Issues AI Use & Procurement Requirements for Federal Agencies

On April 3, the White House Office of Management & Budget (“OMB”) issued two memoranda on the use and procurement of AI by federal agencies: Memorandum M-25-21 on Accelerating Federal Use of AI through Innovation, Governance, and Public Trust (“OMB AI Use Memo“) and Memorandum M-25-22 on Driving Efficient Acquisition of Artificial Intelligence in Government (“OMB AI Procurement Memo”).  The two memos partially implement President Trump’s January 23 Executive Order 14179 on “Removing Barriers to American Leadership in Artificial Intelligence,” which, among other things, directs OMB to revise the Biden OMB AI Memos to align with the AI EO’s policy of “sustain[ing] and enhance[ing] America’s global AI dominance.”  The OMB AI Use Memo outlines agency governance and risk management requirements for the use of AI, including AI use case inventories and generative AI policies, and establishes “minimum risk management practices” for “high-impact AI use cases.”  The OMB AI Procurement Memo establishes requirements for agency AI procurement, including preferences for AI “developed and produced in the United States” and contract terms to protect government data and prevent vendor lock-in.  According to the White House’s fact sheet, the OMB Memos, which rescind and replace AI use and procurement memos issued under President Biden’s Executive Order 14110, shift U.S. AI policy to a “forward-leaning, pro-innovation, and pro-competition mindset” that will make agencies “more agile, cost-effective, and efficient.”

Department of Energy Announces Federal Sites for AI Data Center Construction

On April 3, the Department of Energy (“DOE”) issued a Request for Information (“RFI”) on AI Infrastructure on federal lands owned or managed by DOE.  The RFI seeks comment from “entities with experience in the development, operation, and management of AI infrastructure,” along with other stakeholders, on a range of topics, including potential data center designs, technologies, and operational models, potential power needs and timelines for data centers, and related financial or contractual considerations.  As part of the RFI, DOE announced 16 potential DOE sites for “rapid [AI] data center construction,” with the goal of initiating data center construction by the end of 2025 and commencing data center operation by the end of 2027 through public-private partnerships.  The comment period for the RFI closed on May 7, 2025.

President Trump Issues Executive Order on Coal-Powered AI Infrastructure

On April 8, President Trump issued Executive Order 14261, titled “Reinvigorating America’s Beautiful Clean Coal Industry,” directing the Departments of Agriculture, Energy, and the Interior to identify coal resources and reserves on Federal lands for mining by public or private actors, prioritize and expedite leases for coal mining on Federal lands, and rescind regulations that discourage investments in coal production, among other things.  The Executive Order also directs the Departments of Commerce, Energy, and the Interior to identify regions with suitable coal-powered infrastructure for AI data centers, assess the potential for expanding coal-powered infrastructure to meet AI data center electricity needs, and submit a report of findings and proposals to the White House National Energy Dominance Council, Assistant to the President for Science & Technology, and Special Advisor for AI and Crypto by June 7, 2025.

House CCP Committee Releases Report on DeepSeek Concerns

On April 16, the House Select Committee on the Chinese Communist Party released its report on DeepSeek and its AI platform, titled DeepSeek Unmasked: Exposing the CCP’s Latest Tool for Spying, Stealing, and Subverting U.S. Export Control Restrictions.  Stating that DeepSeek “represents a profound threat to our nation’s security,” the report found that DeepSeek sends U.S. data to the Chinese government and manipulates chatbot outputs to “align with the CCP’s ideological and political objectives.”  The report also found that it was “highly likely” that DeepSeek used model distillation techniques to extract reasoning outputs and copy leading U.S. AI model capabilities in order to expedite development.  The report further found that DeepSeek violated U.S. semiconductor export controls.  The report called on the U.S. to expand export controls and improve enforcement, in addition to preparing for “strategic surprise” arising from rapid advancements in Chinese AI.  Ultimately, the report may help to accelerate possible U.S. Government bans on DeepSeek along the lines of the Kansas ban discussed below.Continue Reading April 2025 AI Developments Under the Trump Administration

This is part of an ongoing series of Covington blogs on the AI policies, executive orders, and other actions of the Trump Administration.  This blog describes AI actions taken by the Trump Administration in March 2025, and prior articles in this series are available here.

White House Receives Public Comments on AI Action Plan

On March 15, the White House Office of Science & Technology Policy and the Networking and Information Technology Research and Development National Coordination Office within the National Science Foundation closed the comment period for public input on the White House’s AI Action Plan, following their issuance of a Request for Information (“RFI”) on the AI Action Plan on February 6.  As required by President Trump’s AI EO, the RFI called on stakeholders to submit comments on the highest priority policy actions that should be in the new AI Action Plan, centered around 20 broad and non-exclusive topics for potential input, including data centers, data privacy and security, technical and safety standards, intellectual property, and procurement, to inform an AI Action Plan to achieve the AI EO’s policy of “sustain[ing] and enhance[ing] America’s global AI dominance.”

The RFI resulted in 8,755 submitted comments, including submissions from nonprofit organizations, think tanks, trade associations, industry groups, academia, and AI companies.  The final AI Action Plan is expected by July of 2025.

NIST Launches New AI Standards Initiatives

The National Institute of Standards & Technology (“NIST”) announced several AI initiatives in March to advance AI research and the development of AI standards.  On March 19, NIST launched its GenAI Image Challenge, an initiative to evaluate generative AI “image generators” and “image discriminators,” i.e., AI models designed to detect if images are AI-generated.  NIST called on academia and industry research labs to participate in the challenge by submitting generators and discriminators to NIST’s GenAI platform.

On March 24, NIST released its final report on Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, NIST AI 100-2e2025, with voluntary guidance for securing AI systems against adversarial manipulations and attacks.  Noting that adversarial attacks on AI systems “have been demonstrated under real-world conditions, and their sophistication and impacts have been increasing steadily,” the report provides a taxonomy of AI system attacks on predictive and generative AI systems at various stages of the “machine learning lifecycle.” 

On March 25, NIST announced the launch of an “AI Standards Zero Drafts project” that will pilot a new process for creating AI standards.  The new standards process will involve the creation of preliminary “zero drafts” of AI standards drafted by NIST and informed by rounds of stakeholder input, which will be submitted to standards developing organizations (“SDOs”) for formal standardization.  NIST outlined four AI topics for the pilot of the Zero Drafts project: (1) AI transparency and documentation about AI systems and data; (2) methods and metrics for AI testing, evaluation, verification, and validation (“TEVV”); (3) concepts and terminology for AI system designs, architectures, processes, and actors; and (4) technical measures for reducing synthetic content risks.  NIST called for stakeholder input on the topics, scope, and priorities of the Zero Drafts process, with no set deadline for submitting responses.Continue Reading March 2025 AI Developments Under the Trump Administration

On April 3, the White House Office of Management and Budget (“OMB”) released two memoranda with AI guidance and requirements for federal agencies, Memorandum M-25-21 on Accelerating Federal Use of AI through Innovation, Governance, and Public Trust (“OMB AI Use Memo“) and Memorandum M-25-22 on Driving Efficient Acquisition of Artificial Intelligence in Government (“OMB AI Procurement Memo”).  According to the White House’s fact sheet, the OMB AI Use and AI Procurement Memos (collectively, the “new OMB AI Memos”), which rescind and replace OMB memos on AI use and procurement issued under President Biden’s Executive Order 14110 (“Biden OMB AI Memos”), shift U.S. AI policy to a “forward-leaning, pro-innovation, and pro-competition mindset” that will make agencies “more agile, cost-effective, and efficient.”  The new OMB AI Memos implement President Trump’s January 23 Executive Order 14179 on “Removing Barriers to American Leadership in Artificial Intelligence” (the “AI EO”), which directs the OMB to revise the Biden OMB AI Memos to make them consistent with the AI EO’s policy of “sustain[ing] and enhance[ing] America’s global AI dominance.” 

Overall, the new OMB AI Memos build on the frameworks established under President Trump’s 2020 Executive Order 13960 on “Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government” and the Biden OMB AI Memos.  This is consistent with the AI EO, which noted that the Administration would “revise” the Biden AI Memos “as necessary.”  At the same time, the new OMB AI Memos include some significant differences from the Biden OMB’s approach in the areas discussed below (as well as other areas).

  • Scope & Definitions.  The OMB AI Use Memo applies to “new and existing AI that is developed, used, or acquired by or on behalf of covered agencies,” with certain exclusions for the Intelligence Community and the Department of Defense.  The memo defines “AI” by reference to Section 238(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019.  Like the Biden OMB AI Memos, the OMB AI Use Memo states that “no system should be considered too simple to qualify as covered AI due to a lack of technical complexity.”

    The OMB AI Procurement Memo applies to “AI systems or services that are acquired by or on behalf of covered agencies,” excluding the Intelligence Community, and includes “data systems, software, applications, tools, or utilities” that are “established primarily” for researching, developing, or implementing AI or where an “AI capability” is integrated into another process, operational activity, or technology system.  The memo excludes AI that is “embedded” in “common commercial products” that are widely available for commercial use and have “substantial non-AI purposes or functionalities,” along with AI “used incidentally by a contractor” during contract performance.  In other words, the policies are targeted at software that is primarily used for its AI capabilities, rather than on software that happens to incorporate AI.

Continue Reading OMB Issues First Trump 2.0-Era Requirements for AI Use and Procurement by Federal Agencies

This is part of an ongoing series of Covington blogs on the AI policies, executive orders, and other actions of the Trump Administration.  The first blog summarized key actions taken in the first weeks of the Trump Administration, including the revocation of President Biden’s 2023 Executive Order 14110 on the “Safe, Secure, and Trustworthy Development and Use of AI” and the release of President Trump’s Executive Order 14179 on “Removing Barriers to American Leadership in Artificial Intelligence” (“AI EO”).  This blog describes actions on AI taken by the Trump Administration in February 2025.

White House Issues Request for Information on AI Action Plan

On February 6, the White House Office of Science & Technology Policy (“OSTP”) issued a Request for Information (“RFI”) seeking public input on the content that should be in the White House’s yet-to-be-issued AI Action Plan.  The RFI marks the Trump Administration’s first significant step in implementing the very broad goals in the January 2025 AI EO, which requires Assistant to the President for Science & Technology Michael Kratsios, White House AI & Crypto Czar David Sacks, and National Security Advisor Michael Waltz to develop an “action plan” to achieve the AI EO’s policy of “sustain[ing] and enhance[ing] America’s global AI dominance in order to promote human flourishing, economic competitiveness, and national security.”  The RFI states that the AI Action Plan will “define the priority policy actions needed to sustain and enhance America’s AI dominance, and to ensure that unnecessarily burdensome requirements do not hamper private sector AI innovation.”

Specifically, the RFI seeks public comment on the “highest priority policy actions” that should be included in the AI Action Plan and encourages respondents to recommend “concrete” actions needed to address AI policy issues.  While noting that responses may “address any relevant AI policy topic,” the RFI provides 20 topics for potential input.  These topics are general and do not include specific questions or areas where particular input is needed.  The topics include: hardware and chips, data centers, energy consumption and efficiency, model and open-source development, data privacy and security, technical and safety standards, national security and defense, intellectual property, procurement, and export controls.  As of March 13, over 325 comments on the AI Action Plan have been submitted.  The public comment period ends on March 15, 2025.  Under the EO, the finalized AI Action Plan must be submitted to the President by mid-October of 2025.Continue Reading February 2025 AI Developments Under the Trump Administration

Last month, DeepSeek, an AI start-up based in China, grabbed headlines with claims that its latest large language AI model, DeepSeek-R1, could perform on par with more expensive and market-leading AI models despite allegedly requiring less than $6 million dollars’ worth of computing power from older and less-powerful chips.  Although some industry observers have raised doubts about the validity of DeepSeek’s claims, its AI model and AI-powered application piqued the curiosity of many, leading the DeepSeek application to become the most downloaded in the United States in late January.  DeepSeek was founded in July 2023 and is owned by High-Flyer, a hedge fund based in Hangzhou, Zhejiang.

The explosive popularity of DeepSeek coupled with its Chinese ownership has unsurprisingly raised data security concerns from U.S. Federal and State officials.  These concerns echo many of the same considerations that led to a FAR rule that prohibits telecommunications equipment and services from Huawei and certain other Chinese manufacturers.  What is remarkable here is the pace at which officials at different levels of government—including the White House, Congress, federal agencies, and state governments, have taken action in response to DeepSeek and its perceived risks to national security.  

Federal Government-Wide Responses

  • Bi-Partisan Bill to Ban DeepSeek from Government Devices:  On February 7,Representatives Gottheimer (D-NJ-5) and LaHood (R-IL-16) introduced the No DeepSeek on Government Devices Act (HR 1121).  Reps. Gottheimer and LaHood, who both serve on the House Permanent Select Committee on Intelligence, each issued public statements pointing to grave and deeply held national security concerns regarding DeepSeek.  Rep. Gottheimer has stated that “we have deeply disturbing evidence that [the Chinese Communist Party (“CCP”) is] using DeepSeek to steal the sensitive data of U.S. citizens,” calling DeepSeek “a five-alarm national security fire.”  Representative LaHood stated that “[u]nder no circumstances can we allow a CCP company to obtain sensitive government or personal data.”

While the details of the bill have not yet been unveiled, any future DeepSeek prohibition could be extended by the FAR Council to all federal contractors and may not exempt commercial item contracts under FAR Part 12 or contracts below the simplified acquisition (or even the micro-purchase) threshold, similar to other bans in this sector.  Notably, such a prohibition may leave contractors with questions about the expected scope of implementation, including the particular devices that are covered.Continue Reading U.S. Federal and State Governments Moving Quickly to Restrict Use of DeepSeek

This is the first in a new series of Covington blogs on the AI policies, executive orders, and other actions of the new Trump Administration.  This blog describes key actions on AI taken by the Trump Administration in January 2025.

Outgoing President Biden Issues Executive Order and Data Center Guidance for AI Infrastructure

Before turning to the Trump Administration, we note one key AI development from the final weeks of the Biden Administration.  On January 14, in one of his final acts in office, President Biden issued Executive Order 14141 on “Advancing United States Leadership in AI Infrastructure.”  This EO, which remains in force, sets out requirements and deadlines for the construction and operation of “frontier AI infrastructure,” including data centers and clean energy facilities, by private-sector entities on federal land.  Specifically, EO 14141 directs the Departments of Defense (“DOD”) and Energy (“DOE”) to lease federal lands for the construction and operation of AI data centers and clean energy facilities by the end of 2027, establishes solicitation and lease application processes for private sector applicants, directs federal agencies to take various steps to streamline and consolidate environmental permitting for AI infrastructure, and directs the DOE to take steps to update the U.S. electricity grid to meet the growing energy demands of AI. 

On January 14, and in tandem with the release of EO 14141, the Office of Management and Budget (“OMB”) issued Memorandum M-25-03 on “Implementation Guidance for the Federal Data Center Enhancement Act,” directing federal agencies to implement requirements related to the operation of data centers by federal agencies or government contractors.  Specifically, the memorandum requires federal agencies to regularly monitor and optimize data center electrical consumption, including through the use of automated tools, and to arrange for assessments by certified specialists of data center energy and water usage and efficiency, among other requirements.  Like EO 14141, Memorandum M-25-03 has yet to be rescinded by the Trump Administration.

Trump White House Revokes President Biden’s 2023 AI Executive Order

On January 20, President Trump issued Executive Order 14148 on “Initial Recissions of Harmful Executive Orders and Actions,” revoking dozens of Biden Administration executive actions, including the October 2023 Executive Order 14110 on the “Safe, Secure, and Trustworthy Development and Use of AI” (“2023 AI EO”).  To implement these revocations, Section 3 of EO 14148 directs the White House Domestic Policy Council (“DPC”) and National Economic Council (“NEC”) to “review all Federal Government actions” taken pursuant to the revoked executive orders and “take all necessary steps to rescind, replace, or amend such actions as appropriate.”  EO 14148 further directs the DPC and NEC to submit, within 45 days of the EO, lists of additional Biden Administration orders, memoranda, and proclamations that should be rescinded and “replacement orders, memoranda, or proclamations” to “increase American prosperity.”  Finally, EO 14148 directs National Security Advisor Michael Waltz to initiate a “complete and thorough review” of all National Security Memoranda (“NSMs”) issued by the Biden Administration and recommend NSMs for recission within 45 days of the EO. Continue Reading January 2025 AI Developments – Transitioning to the Trump Administration

On February 6, the White House Office of Science & Technology Policy (“OSTP”) and National Science Foundation (“NSF”) issued a Request for Information (“RFI”) seeking public input on the “Development of an Artificial Intelligence Action Plan.”  The RFI marks a first step toward the implementation of the Trump Administration’s January

Continue Reading Trump Administration Seeks Public Comment on AI Action Plan

On January 14, 2025, the Biden Administration issued an Executive Order on “Advancing United States Leadership in Artificial Intelligence Infrastructure” (the “EO”), with the goals of preserving U.S. economic competitiveness and access to powerful AI models, preventing U.S. dependence on foreign infrastructure, and promoting U.S. clean energy production to power the development and operation of AI.  Pursuant to these goals, the EO outlines criteria and timeframes for the construction and operation of “frontier AI infrastructure,” including data centers and clean energy resources, by private-sector entities on federal land.  The EO builds upon a series of actions on AI issued by the Biden Administration, including the October 2023 Executive Order on Safe, Secure, and Trustworthy AI and an October 2024 AI National Security Memorandum.

I. Federal Sites for AI Data Centers & Clean Energy Facilities

The EO contains various requirements for soliciting and leasing federal sites for AI infrastructure, including:

The EO directs the Departments of Defense (“DOD”) and Energy (“DOE”) to each identify and lease, by the end of 2027, at least three federal sites to private-sector entities for the construction and operation of “frontier AI data centers” and “clean energy facilities” to power them (“frontier AI infrastructure”).  Additionally, the EO directs the Department of the Interior (“DOI”) to identify (1) federal sites suitable for additional private-sector clean energy facilities as components of frontier AI infrastructure, and (2) at least five “Priority Geothermal Zones” suitable for geothermal power generation.  Finally, the EO directs the DOD and DOE to publish a joint list of ten high-priority federal sites that are most conducive for nuclear power capacities that can be readily available to serve AI data centers by December 31, 2035.

  • Public Solicitations.  By March 31, 2025, the DOD and DOE must launch competitive, 30-day public solicitations for private-sector proposals to lease federal land for frontier AI infrastructure construction.  In addition to identifying proposed sides for AI infrastructure construction, solicitations will require applicants to submit detailed plans regarding:
  • Timelines, financing methods, and technical construction plans for the site;
  • Proposed frontier AI training work to occur on the site once operational;
  • Use of high labor and construction standards at the site; and
  • Proposed lab-security measures, including personnel and material access requirements, associated with the operation of frontier AI infrastructure.

The DOD and DOE must select winning proposals by June 30, 2025, taking into account effects on competition in the broader AI ecosystem and other selection criteria, including an applicant’s proposed financing and funding sources; plans for high-quality AI training, resource efficiency, labor standards, and commercialization of IP developed at the site; safety and security measures and capabilities; AI workforce capabilities; and prior experience with comparable construction projects.  Continue Reading Biden Administration Releases Executive Order on AI Infrastructure