Government Contracts

With the end of the Biden Administration, the start of the Trump 2.0 Administration, and a change of power in the U.S. House, the steady churn of high-skill professionals moving in and out of government positions has reached an all-time high. Indeed, beyond the typical cadre of newly unemployed political

Continue Reading Don’t Get Stuck in the Revolving Door: A Primer on Federal Post-Government Employment Restrictions

Yesterday, the FAR Council issued a proposed rule that would update the U.S. Government’s approach to organizational conflicts of interest (OCIs).  While the proposed rule is not finalized and may change in response to forthcoming comments from interested parties, the proposed rule contemplates major changes to the FAR’s existing framework in this area.  In this post, we summarize the background leading up to the proposed rule and highlight key areas of proposed change.

Background

The proposed rule is the latest installment in a years-long effort by Congress, GAO, and the FAR Council to update the OCI guidance in the FAR.  Many years ago, in 2011, the FAR Council issued a proposed rule to amend the FAR’s guidance on OCIs with a particular focus on OCIs related to unequal access to nonpublic information.  The 2011 proposed rule was motivated in part by a GAO report recommending that the FAR Council provide additional protections for contractors accessing sensitive information.  

The 2011 proposed rule was never finalized and was ultimately withdrawn in 2021.  Many of the key changes in the most recent proposed rule, however, were foreshadowed by the 2011 proposed rule.  For example, the 2011 proposed rule would have moved OCI guidance to FAR Part 3, allowed agencies to determine that a risk is acceptable in the context of impaired objectivity OCIs (without requiring a formal waiver), and provided standard solicitation provisions and contract clauses.

As previously discussed on this blog, in December 2022 Congress passed the ‘‘Preventing Organizational Conflicts of Interest in Federal Acquisition Act” (the Act), which directed the FAR Council to issue new rules for OCIs.  The Act itself did not establish any new OCI standards but directed the FAR Council to: (1) provide definitions of the different types of OCIs; (2) provide illustrative examples of OCIs, including in situations where contractors’ other clients may have interests that potentially conflict with those of the contracting agency; and (3) provide solicitation provisions and contract clauses, but allow executive agencies to tailor them.  The proposed rule gives effect to each of these three mandates, and makes other significant changes as well.Continue Reading The Proposed FAR Rule on OCIs: Big Changes May Be Coming

Under a newly enacted law, beginning June 30, 2026, defense contractors risk losing all future contracts with the Defense Department if they engage outside consultants that lobby for certain Chinese companies. On December 23, 2024, President Biden signed the National Defense Authorization Act (“NDAA”) for Fiscal Year (“FY”) 2025

Continue Reading New Law Appears to Restrict Defense Contractors from Retaining Consultants Who Lobby for Chinese Military Companies

This is part of an ongoing series of Covington blogs on the implementation of Executive Order No. 14110 on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” (the “AI EO”), issued by President Biden on October 30, 2023.  The first blog summarized the AI EO’s key provisions and

Continue Reading October 2024 Developments Under President Biden’s AI Executive Order

As the 2024 elections approach and the window for Congress to consider bipartisan comprehensive artificial intelligence (AI) legislation shrinks, California officials are attempting to guard against a generative AI free-for-all—at least with respect to state government use of the rapidly advancing technology—by becoming the largest state to issue rules for

Continue Reading California establishes working guidance for AI procurement

This is the thirty-fourth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs describes described the actions taken by various government agencies to implement the Cyber EO from June 2021through January 2024.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during February 2024.  It also describes key actions taken during February 2024 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, secure software, and federal government contractors. 

NIST Publishes Cybersecurity Framework 2.0

            On February 26, 2024, the U.S. National Institute of Standards and Technology (“NIST”) published version 2.0 of its Cybersecurity Framework.  The NIST Cybersecurity Framework (“CSF” or “Framework”) provides a taxonomy of high-level cybersecurity outcomes that can be used by any organization, regardless of its size, sector, or relative maturity, to better understand, assess, prioritize, and communicate its cybersecurity efforts.  CSF 2.0 makes some significant changes to the Framework, particularly in the areas of Governance and Cybersecurity Supply Chain Risk Management (“C-SCRM”).  Covington’s Privacy and Cybersecurity group has posted a blog that discusses CSF 2.0 and those changes in greater detail.

NTIA Requests Comment Regarding “Open Weight”

Dual-Use Foundation AI Models

            Also on February 26, the National Telecommunications and Information Administration (“NTIA”) published a request for comments on the risks, benefits, and possible regulation of “dual-use foundation models for which the model weights are widely available.”  Among other questions raised by NTIA in the document are whether the availability of public model weights could pose risks to infrastructure or the defense sector.  NTIA is seeking comments in order to prepare a report that the AI EO requires by July 26, 2024 on the risks and benefits of private companies making the weights of their foundational AI models publicly available.  NTIA’s request for comments notes that “openness” or “wide availability” are terms without clear definition, and that “more information [is] needed to detail the relationship between openness and the wide availability of both model weights and open foundation models more generally.”  NTIA also requests comments on potential regulatory regimes for dual-use foundation models with widely available model weights, as well as the kinds of regulatory structures “that could deal with not only the large scale of these foundation models, but also the declining level of computing resources needed to fine-tune and retrain them.”Continue Reading February 2024 Developments Under President Biden’s Cybersecurity Executive Order, National Cybersecurity Strategy, and AI Executive Order

In August 2022, the Chips and Science Act—a massive, $280 billion bill to boost public and private sector investments in critical and emerging technologies—became law.  We followed the bill from the beginning and anticipated significant opportunities for industry to inform and influence the direction of the new law’s programs. 

One such opportunity is available now.  The U.S. Department of Commerce recently published a request for information (RFI) “to inform the planning and design of the Regional Technology and Innovation Hub (Tech Hubs) program.”  The public comment period ends March 16, 2023.

Background

The Chips and Science Act authorized $10 billion for the U.S. Department of Commerce to establish a Regional Technology and Innovation Hub (Tech Hubs) program.  Specifically, Commerce was charged with designating at least 20 Tech Hubs and awarding grants to consortia composed of one or more institutions of higher education, political subdivisions, state governments, and “industry or firms in relevant technology, innovation, or manufacturing sectors” to develop and deploy critical technologies in those hubs.  $500 million has already been made available for the program, and Commerce will administer the program through the Economic Development Administration (EDA).Continue Reading Commerce Seeks Comments on Regional Tech Hubs Program

This is the twenty-first in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the Cyber EO from June 2021 through December 2022.  This blog describes key actions taken to implement the Cyber EO during January 2023.

GSA Announces That It Will Require Software Vendors to Submit Letters of Attestation Beginning in June 2023.

            On January 11, 2023, the General Services Administration (“GSA”) Senior Procurement Executive and Chief Information Officer jointly issued Acquisition letter MV-23-02, “Ensuring Only Approved Software Is Acquired and Used at GSA” (the “GSA letter”).  The GSA letter establishes a June 12, 2023 effective date for implementing the secure software acquisition requirements of Office of Management and Budget (“OMB”) Memorandum M-22-18, issued pursuant to Section 4 of the Cyber EO.  That OMB memorandum directs that agencies must only use software that complies with Government-specified secure software development practices.  These practices include obtaining self-attestations of conformity with secure software development practices and in certain cases as determined by agencies, artifacts such as Software Bills of Materials (SBOMs) from software vendors to verify that the acquired software[1] was developed and produced according to NIST security guidelines and best practices.

            The GSA letter directs GSA’s IT officials to update GSA’s policies by June 12, 2023 to reflect the process for collecting, renewing, retaining, and monitoring the self-attestation information mandated by OMB M-22-18.  For existing contracts that include the use of software, the GSA letter directs GSA IT to provide an internally accessible list of the software used for each contract and to collect vendor attestations by June 12, 2023.  For new contracts that include the use of software, the GSA letter directs the relevant acquisition teams to modify the acquisition planning process to ensure that performance of such contracts begins only after the requisite attestations have been collected and considered.  Finally, with respect to GSA-administered Government-wide indefinite delivery vehicles (e.g., Federal Supply Schedule contracts, Government-Wide Acquisition Contracts, and Multi-Agency Contracts), the GSA letter directs GSA contracting activities to allow, but not require, contractors to provide attestations at the base contract level rather than the task or delivery order level, and to make those attestations available to ordering activities to the extent possible.  With this said, the GSA letter specifies that ordering agencies will ultimately be responsible for complying with OMB M-22-18.Continue Reading January 2023 Developments Under President Biden’s Cybersecurity Executive Order

President Biden recently signed bipartisan legislation reinforcing anti-human trafficking prohibitions. The End Human Trafficking in Government Contracts Act of 2022 builds on the existing anti-human trafficking framework at Federal Acquisition Regulation (“FAR”) § 52.222-50 (Combatting Trafficking in Persons) by requiring agencies to refer contractor reports of potential human trafficking activity directly to an agency suspension and debarment official (“SDO”).  Prior to this legislation, contractors have been required to notify their contracting officer and the agency inspector general upon receiving “[a]ny credible information” that a human trafficking violation had occurred.  See FAR § 52.222-50(d)(1).  Now agencies will be required to refer these reports to their SDOs, creating additional risk for contractors that disclose potential violations. 

This legislation – which passed Congress unanimously – demonstrates the federal government’s ongoing focus on anti-human trafficking matters – a focus that has been shared across presidential administrations.  For instance, in 2015, President Obama significantly expanded the FAR’s anti-human trafficking prohibitions, and in 2019, President Trump sought to undertake a comprehensive review of the government’s anti-trafficking efforts and released a list of “best practices” to guide contractors.  President Biden now joins this ongoing, bi-partisan effort to increase government contractors’ focus on human trafficking by signing the recently-passed legislation.

Despite the federal government’s longstanding efforts to prevent human trafficking in its supply chain, many questions remain concerning how to comply with the requirements.  Below are three of the most common questions we encounter in applying the FAR’s anti-human trafficking provision:Continue Reading New Law Increases Government Scrutiny of Contractor Compliance with Anti-Trafficking Provisions