The public comment period for the long-awaited Defense Federal Acquisition Regulation Supplement (“DFARS”) proposed rule, “Mitigating Risks Related to Foreign Ownership, Control, or Influence” (the “proposed DFARS FOCI rule”), closed on July 6, 2026. But recent activity in Congress suggests that the Department of War (“DoW”)’s proposed rule may be only one part of a broader effort to expand the government’s visibility into and mitigation of foreign ownership, control, or influence (“FOCI”) risks across the defense industrial base. Taken together, the proposed DFARS FOCI rule and pending provisions in the House and Senate versions of the Fiscal Year (“FY”) 2027 National Defense Authorization Act (“NDAA”) could substantially extend FOCI-related scrutiny beyond the traditional universe of cleared contractors performing classified work.
DoW Proposes to Extend FOCI Requirements Beyond Classified Contracts
FOCI requirements historically have been associated most closely with the National Industrial Security Program and contractors that hold a facility security clearance to access classified information. Over time, however, policymakers increasingly viewed that framework as leaving a potential gap in the government’s ability to assess and mitigate FOCI risks presented by contractors performing unclassified but sensitive work—including work involving controlled unclassified information (“CUI”), cybersecurity systems, and national security systems.
As Covington previously reported, DoW sought to address this perceived gap in May 2026 by issuing proposed DFARS amendments that would significantly broaden the scope of existing FOCI requirements. The proposed DFARS FOCI rule is intended to implement statutory language enacted in the FY 2020 and FY 2021 NDAAs and, if finalized, would require prime contractors and subcontractors performing certain DoW contracts valued above $5 million to comply with FOCI disclosure and mitigation obligations as part of the procurement process, regardless of whether they hold a facility clearance or perform classified work. The DoW estimates that the proposed rule’s new requirements would affect nearly 40,000 entities acting as offerors or subcontractors.
Although the proposed DFARS FOCI rule generally exempts contracts for the acquisition of commercial products or commercial services, that exemption would not apply if a designated—though not yet named—senior DoW official determines that a contract presents a “risk or potential risk to national security or potential compromise because of sensitive data, systems, or processes.” The proposed DFARS FOCI rule provides limited guidance regarding how DoW would make that determination, leaving open questions about when ostensibly commercial work could nevertheless trigger FOCI scrutiny.
The public comment period on the proposed DFARS FOCI rule closed on July 6, 2026.
Congress Considers Additional FOCI-Related Reforms in the FY 2027 NDAA
Recent congressional activity indicates that the proposed DFARS FOCI rule is unlikely to be the final word on FOCI-related reform for defense contractors.
Senate NDAA
On June 1, 2026, Senators Elizabeth Warren (D‑MA) and Chuck Grassley (R‑IA) introduced bipartisan legislation that would further expand FOCI disclosure requirements. The bill included two principal components:
- It would lower the contract-value threshold for FOCI disclosure and mitigation requirements established in the FY 2020 NDAA, and reflected in the proposed DFARS FOCI rule, from contracts valued above $5 million to contracts valued above $500,000.
- It would align the definition of “beneficial owner” with an existing definition in Title 10, rather than defining the term by reference to 17 C.F.R. § 240.13d-3.
Senators Warren and Grassley described the legislation as closing a gap in current law that permits contractors with less than $5 million in contracts to avoid ownership disclosure and FOCI mitigation requirements. The provision lowering the threshold for disclosure from $5 million to $500,000 was subsequently incorporated as Section 820 of the Senate Armed Services Committee (“SASC”) version of the FY 2027 NDAA.
The SASC bill does not include the Warren-Grassley bill’s proposed change to the definition of “beneficial owner,” though identifying beneficial ownership of defense industrial base companies remains a focus elsewhere in the SASC-version of the NDAA. Section 842 of the SASC bill requires the Secretary of War to designate an office under the Assistant Secretary of War for Industrial Base Policy with “primary responsibility for identifying, assessing, monitoring, and mitigating risks related to adversarial capital in the defense industrial base” including the “analysis of entities to determine when tactics are used to obfuscate the ownership relationships to hide adversarial capital flows….” The SASC bill has been reported out of committee and awaits action on the Senate floor.
House NDAA
Interest in FOCI-related risks within the defense industrial base is not limited to the Senate. The House report accompanying the FY 2027 NDAA notes the House Armed Services Committee (“HASC”)’s concern regarding “ongoing efforts by foreign adversaries to exploit” trusted supplier networks in the United States and emphasizes that safeguarding the defense industrial base remains “essential to maintaining the technological advantage” of the Department of War. Section 1810 of the HASC version of the FY 2027 NDAA would establish a Defense Supply Chain Intelligence and Risk Response Program designed to improve visibility into risks across the defense industrial base, including risks arising from foreign ownership, control, or influence. The program would emphasize the use of advanced data analytics and artificial intelligence to identify and link entities across public records, corporate registries, trade data, and commercial datasets, thereby giving DoW a more proactive capability to detect supply chain vulnerabilities and foreign influence risks. The provision reflects Congress’s broader interest in moving beyond contractor self-disclosures toward government-led monitoring of ownership, control, and supply chain risk in the defense sector. The HASC bill also has been reported out of committee and is expected to be considered on the House floor during the week of July 13-17.
Key Takeaways
Defense contractors should continue to monitor the pending DFARS rulemaking, as well as congressional consideration of FOCI-related provisions in the FY 2027 NDAA. If adopted in their current form, these initiatives could:
- Expand FOCI disclosure and mitigation requirements to many DoW contractors that do not perform classified work;
- Subject certain commercial contractors to FOCI scrutiny based on national security risk considerations;
- Increase disclosure and mitigation compliance obligations for contractors with foreign investors, foreign affiliates, or complex ownership structures; and
- Continue a broader trend toward greater transparency into ownership and control within the defense industrial base, through both affirmative contractor disclosures and enhanced DoW monitoring capabilities.
Companies that have historically viewed FOCI as a concern relevant primarily to cleared contractors should reassess that assumption—and prepare for enhanced disclosure obligations during the procurement process—as DoW and Congress continue to expand the government’s visibility into, and mitigation of, FOCI risks across the defense supply chain.
Recent Comments