Insights

On February 24, 2025, the Small Business Administration (SBA) issued a “Day One” memo outlining SBA Administrator Kelly Loeffler’s priorities. 

On December 17, 2024, the Small Business Administration (SBA) published a final rule amending multiple aspects of all of the SBA’s small business size and status programs.  Among other notable changes, SBA (1) introduced a new rule that changes the impact of a recertification as other than small or as other than the relevant small business status following a merger or acquisition, and (2) introduced a standardized set of permissible negative controls for minority shareholders in all types of small businesses, thereby significantly expanding the controls investors may have in service-disabled veteran-owned small businesses (SDVOSBs), women-owned small businesses (WOSBs), and participants in the SBA’s 8(a) Business Development Program. 

On January 15, 2025, the Federal Acquisition Regulatory Council issued a Proposed Rule that would implement changes to the Federal Acquisition Regulation (FAR) Organizational Conflict of Interest (OCI) rules as required by the 2022 Preventing Organizational Conflicts of Interest in Federal Acquisition Act (P.L. 117-324).  Comments on the Proposed Rule are due on March 17, 2025.  (Note that pursuant to President Trump’s January 20, 2025 “Regulatory Freeze Pending Review” Executive Order, the Proposed Rule is subject to further review, which may result in revisions and an extension of the 60-day comment period.)

In Bitmanagement Software GMBH v. United States, Case No. 23-1506 (Fed. Cir. Jan. 7, 2025), the U.S. Court of Appeals for the Federal Circuit (Federal Circuit) denied the appeal of Bitmanagement Software Gmbh (Bitmanagement) challenging the Court of Federal Claims’ (COFC) $154,400 damages award, and denying its demand for $85 million in damages resulting from the Navy’s infringement of Bitmanagement’s software copyright.  The Federal Circuit affirmed the COFC’s (1) use of a hypothetical negotiation approach to compute damages; and (2) decision to award damages using a “per use” rather than a “per copy” approach.

On December 17, 2024, the Department of Defense (DOD) published a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement the data rights portions of the Small Business Innovation Research Program (SBIR) and Small Business Technology Transfer (STTR) Program Policy Directive, which itself was most recently amended in May 2023.  The changes from this final rule will be effective as of January 17, 2025. 

Recently, there has been a significant increase in scams targeting users of the System for Award Management (SAM.gov).  Active SAM registrations are required for federal government contractors, including to receive contracts and payments.  The non-public portions of these registrations include bank account information, tax information, and other sensitive information about a company.  Recent phishing scams and efforts to gain access to registrations indicate sophisticated actors are attempting to manipulate SAM registrations, possibly for access to payments from the government, among other reasons.  Company SAM registration Administrators should protect the company’s SAM registration from unauthorized access to the greatest extent possible.

As Crowell covered in a recent alert, the Department of Defense (DoD) on October 11, 2024 released a final rule (the “Final Program Rule”) formalizing the requirements, assessment processes, and related governance for its Cyber Maturity Model Certification Program (CMMC).

On August 23, 2024, the Small Business Administration (SBA) posted a proposed rule to update and clarify aspects of various SBA small business programs, including but not limited to the HUBZone Program and 8(a) Business Development Program.  This proposed rule followed SBA’s July 22, 2024 notification of tribal consultation meeting and request for comments (which Crowell covered here). 

On July 22, 2024, the Small Business Administration (SBA) posted a notification of tribal consultation meeting and request for comments regarding updates to the HUBZone and 8(a) Business Development Programs.  Of critical importance for any contractors participating in the SBA’s Mentor-Protégé Program, SBA is also seeking comments on prospective policy changes addressing joint venture participation in SBA's programs.  SBA has identified perceptions that:

On May 13, 2024, the Department of Defense (DoD) issued an instruction implementing policies and procedures that DoD will use to identify contractors (including uncleared contractors) requiring foreign ownership, control, and influence (FOCI) determinations, review related information, and address FOCI concerns.  These policies and procedures were put in place pursuant to Section 847 of the 2020 National Defense Authorization Act[1] (Section 847).  These FOCI requirements will, for the first time, subject many uncleared DoD contractors to rigorous disclosure requirements, scrutiny, and potential mitigation by the Defense Counterintelligence and Security Agency (DCSA). 

The National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2024, signed into law on December 22, 2023, makes numerous changes to acquisition policy. Crowell & Moring’s Government Contracts Group discusses the most consequential changes for government contractors here. These include changes that impose a new conflict of interest regime for government contractors with a connection to China, impose new restrictions and requirements, require government reporting to Congress on acquisition authorities and programs, and alter other processes and procedures to which government contractors are subject. The FY 2024 NDAA also includes the Federal Data Center Enhancement Act, the American Security Drone Act, and the Intelligence Authorization Act for FY 2024.

On October 5, 2023, the Information Security Oversight Office issued Joint Notice 2024-01: Joint Ventures and Entity Eligibility Determinations (Joint Notice) with the Small Business Administration (SBA) and in coordination with the Department of Defense (DoD) to provide government contractors with additional guidance concerning joint ventures (JVs) seeking access to classified information (an Entity Eligibility Determination (EED) or Facility Clearance (FCL)).  Among other things, this Joint Notice clarifies that companies should not rely on the SBA’s regulations for the proposition that a small business JV will never need to hold an EED. 

On October 4, 2023, Deputy Attorney General (DAG) Lisa O. Monaco announced the Department of Justice’s (DOJ) new safe harbor policy for voluntary self-disclosures made in connection with mergers and acquisitions (Safe Harbor Policy).  Following other announcements from DOJ over the past two years aimed at encouraging voluntary self-disclosures, the Safe Harbor Policy was adopted because DOJ does not want to “discourage companies with effective compliance programs from lawfully acquiring companies with ineffective compliance programs.”  Through this new policy, DOJ is aiming to incentivize acquirers to timely disclose misconduct discovered during the M&A process (including pre-closing diligence and post-closing integration).

The Small Business Administration has begun outreach to current participants in its 8(a) Business Development Program regarding the impact of the U.S. District Court for the Eastern District of Tennessee’s July 19, 2023 decision enjoining SBA from applying a rebuttable presumption of social disadvantage to individuals of certain racial and ethnic groups.

On June 23, 2023, a coalition of companies, including venture capital firms like Kleiner Perkins, General Catalyst and Founders Fund, and start-up defense technology companies, published an open letter to the Department of Defense (DoD), addressed to Secretary Lloyd J. Austin, petitioning DoD to consider procurement reform to help “overcome barriers to innovation.”  The group asserts these barriers create “antiquated methods for developing requirements and selecting technologies that have drastically limited” DoD’s access to “the best commercial innovation.”  In particular, the coalition endorsed adopting four recommendations pulled from a report by The Atlantic Council, a non-partisan international affairs think tank.

On June 27, 2023, the Small Business Administration (SBA) Office of Inspector General (OIG) reported its estimate that SBA disbursed over $200 billion of potentially fraudulent COVID relief, including Economic Injury Disaster Loans (EIDL) and Paycheck Protection Program (PPP) loans.  These possibly fraudulent loans represent at least 17% of all EIDL and PPP funds—or 21% of all loans and grants--disbursed.  The SBA OIG estimates that the SBA disbursed $64 billion in potentially fraudulent PPP loans.

On January 23, 2023, in AttainX, the Government Accountability Office (GAO) sustained the protest of an award to an 8(a) joint venture based on, among other reasons, a finding that the agency’s evaluation of the joint venture’s experience was inconsistent with the Small Business Administration (SBA) regulations concerning joint ventures (JVs), citing 13 C.F.R. § 125.8(e) and 13 C.F.R. § 124.513(f).

On December 19, 2022, DoD issued a DFARS proposed rule that seeks to (1) implement the data-rights portions of the May 2, 2019 Small Business Innovation Research Program and Small Business Technology Transfer Program Policy Directive (SBIR/STTR Policy Directive), and (2) impose significant changes to technical data and computer software marking requirements.  The SBIR/STTR portion of the proposed rule follows DoD’s advance notice of proposed rulemaking issued on August 31, 2020 (see 85 FR 53758) and incorporates the eight written public comments that DoD received. The proposed changes to marking requirements go beyond the SBIR/STTR Policy Directive and respond to the Federal Circuit’s decision in The Boeing Co. v. Secretary of the Air Force, 983 F.3d 1321 (Fed. Cir. 2020).

On December 1, 2022, Department of Defense (DoD) Secretary Lloyd J. Austin III announced the establishment of the DoD Office of Strategic Capital (OSC).  The mission statement of the OSC is to build an “enduring technical advantage” for the United States by helping partner contractors with private investment to develop national security critical technologies, including those related to advanced materials, next-generation biotechnology, and quantum science.  OSC will coordinate with existing organizations such as the Defense Advanced Research Projects Agency (DARPA) and the Defense Innovation Unit (DIU), which promotes acceleration of the military use of commercial technologies.

On September 30, 2022, President Biden signed the SBIR and STTR Extension Act of 2022 (the Act), reauthorizing the Small Business Innovation Research (SBIR), Small Business Technology Transfer (STTR), and six pilot programs for three years, until September 30, 2025.  The Act includes new due diligence and reporting requirements, award restrictions, and clawback provisions related to national security risks—particularly regarding firms with ties to China, Russia, North Korea, and Iran—and increased minimum performance standards for multiple SBIR/STTR award winners.  The passage and signing of the Act averted a potential lapse of these programs, which were set to expire the day of the reauthorization.