Insights

On January 15, 2025, the FAR Council released a proposed rule (FAR CUI Rule) that would amend the FAR to implement federal government-wide Controlled Unclassified Information (CUI) cybersecurity, training, and incident reporting requirements for government contractors and subcontractors.  The rule’s key cybersecurity requirements closely mirror the Department of Defense’s Cyber Maturity Model Certification (CMMC) program (for example, compliance with National Institute of Standards and Technology Special Publication 800-171, Revision 2), but broaden the scope to include contractors and subcontractors working across all federal agencies.  The Rule is intended to standardize the handling of CUI by federal government contractors and subcontractors in accordance with Executive Order 13556, including by:

In Bitmanagement Software GMBH v. United States, Case No. 23-1506 (Fed. Cir. Jan. 7, 2025), the U.S. Court of Appeals for the Federal Circuit (Federal Circuit) denied the appeal of Bitmanagement Software Gmbh (Bitmanagement) challenging the Court of Federal Claims’ (COFC) $154,400 damages award, and denying its demand for $85 million in damages resulting from the Navy’s infringement of Bitmanagement’s software copyright.  The Federal Circuit affirmed the COFC’s (1) use of a hypothetical negotiation approach to compute damages; and (2) decision to award damages using a “per use” rather than a “per copy” approach.

Yesterday, less than an hour into the first day of confirmation hearings for attorney general nominee Pam Bondi, Senator Chuck Grassley (R-IA) questioned Bondi on her commitment to defending the constitutionality of the False Claims Act (FCA) if she is confirmed.  Bondi responded that she would “of course” defend the constitutionality of the FCA and that she understands the importance of whistleblowers, the FCA’s protections, and “the money it brings back to our country.”  Senator Grassley’s questioning indicated he was focused on the FCA’s qui tam provisions, as it comes on the heels of U.S. ex rel. Zafirov v. Florida Medical Associates, Inc., -- F.Supp.3d --, 2024 WL 4349242 (M.D. Fla. Sept. 30, 2024), a first-of-its-kind decision from Judge Kathryn Kimball Mizelle, who held that the FCA’s qui tam provisions improperly appoint a relator “an officer of the United States” in violation of the Appointments Clause in Article II of the Constitution, and are therefore unconstitutional.  Senator Grassley appeared to be seeking assurances about Bondi’s willingness to ensure the Department of Justice continues to defend the FCA’s qui tam provisions and commit the resources necessary to do so.

In a big change for defense contractors, Congress has amended 10 U.S.C. § 3372 to make clear that a Department of Defense (DoD) contracting officer’s unilateral definitization of an undefinitized contract action is directly appealable to the Armed Services Board of Contract Appeals (ASBCA) or the Court of Federal Claims. Congress’s change (made under Section 803 of the Servicemember Quality of Life Improvement and National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2025) (we report on the FY 2025 NDAA here) is contrary to recent ASBCA and Federal Circuit decisions.

On January 3, 2025, the FAR Council released a proposed rule titled Strengthening America’s Cybersecurity Workforce (the Proposed Rule).  The Proposed Rule would amend the Federal Acquisition Regulation (FAR) by standardizing workforce criteria for cybersecurity and information technology support services contracts.  The Proposed Rule implements a 2019 executive order, America’s Cybersecurity Workforce, which emphasized the strategic importance of a strong cybersecurity workforce.  Comments will be accepted until March 4, 2025, and the FAR Council specifically invites comments on the Proposed Rule’s impact on small entities.

Mandatory climate disclosures for US federal contractors are officially off the table—at least, for the foreseeable future.  On January 10, 2025, the Department of Defense, General Services Administration, and National Aeronautics and Space Administration announced that they are withdrawing a proposed rule, “Disclosure of Greenhouse Gas Emissions and Climate-Related Financial Risk,” which would have required thousands of federal contractors to inventory and publicly disclose their Scope 1 and Scope 2 greenhouse gas (GHG) emissions and would also have required  “major” contractors to also establish and validate GHG emission-reduction targets tailored to the goals of the Paris Agreement.  The proposed rule, discussed in further detail here, was introduced in November 2022 and resulted in thousands of public comments from the government contractor community and beyond. 

On January 2, 2025, the U.S. Department of Defense (DoD) updated the 1260H List of entities identified as “Chinese military companies” (CMC) operating in the United States, as required by section 1260H of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2021 (Section 1260H), adding new entities and removing others.  The updated 1260H List now includes 76 entities. 

As described in our prior client alert, on December 3, 2024, the U.S. District Court for the Eastern District of Texas issued an opinion and order  enjoining the federal government from enforcing the CTA and a rule implementing it.  The rule (BOI Rule) requires certain entities formed or registered to do business in the U.S. (Reporting Companies) to report information about themselves and their natural-person beneficial owners to the Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury that administers anti-money laundering laws.  Then, on December 13, 2024, DOJ filed an “Emergency Motion for Stay Pending Appeal” in the Fifth Circuit asking that court to stay the District Court’s injunction pending appeal, or, in the alternative, to narrow the District Court’s injunction to members of the National Federation of Independent Business.

On December 23, 2024, the Servicemember Quality of Life Improvement and National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2025 (FY 2025 NDAA) (P.L. 118-159) was signed into law.  The final FY 2025 NDAA takes a narrower approach to acquisition policy and supply chain changes than watchers expected, but it still makes some consequential changes for contractors.  Read on as Crowell & Moring’s Government Contracts group discusses the FY 2025 NDAA’s new supply chain restrictions and requirements, changes to bid protest jurisdiction, cybersecurity requirements, and more.

On October 31, 2024, the Armed Services Board of Contract Appeals (ASBCA or Board) published its FY 2024 Report of Transactions and Proceedings, which provides statistics regarding the “adjudication of appeals, petitions for contracting officer final decisions, applications for fees and costs under the Equal Access to Justice Act, and other matters” of the Army, Navy, Air Force, Corps of Engineers, Defense Logistics Agency, Defense Contract Management Agency, Central Intelligence Agency, National Aeronautics and Space Administration, or the Washington Metropolitan Area Transit Authority. 

The Civilian Board of Contract Appeals (CBCA or Board) recently published its Annual Report for FY 2024, providing statistics regarding the adjudication of appeals between contractors and civilian agencies. This year, the civilian agencies with the highest number of docketed claims at the Board were the Department of Veterans Affairs, the General Services Administration, the Department of State, the Department of Homeland Security, and the Department of Agriculture. These agencies accounted for 126, or 76%, of the 165 Contract Disputes Act (CDA) appeals docketed at the Board. 

On December 17, 2024, the Civilian Board of Contract Appeals (Board) announced its plan to launch a new Electronic Docketing System (EDS).  Once implemented, the Board will require use of the new EDS for most submissions. 

On November 22, 2024, the Federal Circuit granted the United States’ petition for panel rehearing en banc of its June 2024 decision in Percipient.ai, Inc. v. United States (litigation we have extensively discussed here, here, and here).  In its June decision, the Circuit held Percipient had standing to challenge a National Geospatial-Intelligence Agency (NGA) procurement action—whether NGA had complied with the Federal Acquisition Streamlining Act’s (FASA) commercial-item mandate at 10 U.S.C. § 3453—nested within the performance of a previously awarded NGA task order upon which Percipient had not bid.

Since its passage in 2022, the Inflation Reduction Act’s renewable energy tax credits have been in the crosshairs of Congressional Republicans. With many of the Tax Cuts and Jobs Act provisions expiring at the end of 2025, and a full plate of Trump and Congressional Republican Campaign promises for tax cuts in play, the Republicans have pointed to repeal of the IRA as a source of funding to pay for other tax breaks.

In Fortis Industries, Inc., CBCA 7967 (Sept. 18, 2024), the Civilian Board of Contract Appeals (CBCA) denied in part the government’s motion for partial summary judgment on the issue of whether the contractor released its claims by signing a modification terminating the contract for convenience. During contract performance, the General Services Administration (GSA) imposed monthly deductions to contract payments as a response to certain performance issues. GSA later proposed to terminate the contract for convenience and sent a contract modification stating that all obligations under the contract were concluded except payment for work performed in June 2022. The contractor signed the modification but stated in its transmittal email that it was owed payment for services in May 2022 as well. 

On November 15, 2024, the Department of Defense (DoD) issued a Proposed Rule implementing Section 1655 of the John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019 (P.L. 115-232), over six years after Congress enacted the requirement. 

On October 22, 2024, the Department of Justice (DOJ) announced that Pennsylvania State University (Penn State) will pay $1.25 million to resolve allegations that it violated the False Claims Act (FCA) by failing to comply with contractually mandated cybersecurity requirements by the Department of Defense (DoD) and National Aeronautics and Space Administration (NASA).  The announcement marks the most recent settlement under DOJ’s Civil Cyber-Fraud Initiative although, unlike prior settlements, there is no allegation of a cybersecurity incident or breach that was related to or caused by the contractor’s alleged noncompliance.

 On November 12, 2024, the Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA) will issue an interim rule amending FAR 52.204-7 to clarify that an offeror’s failure to maintain System for Award Management (SAM) registration during the period between proposal submission and contract award does not render the offeror ineligible for award.  Providing welcome relief to agencies and contractors alike, the interim rule requires only that an offeror be registered in SAM at the time of offer submission and at the time of contract award.

The term “bid protest” typically calls to mind challenges to an agency’s award of a contract.  But two recent GAO sustain decisions—Wilson 5 Service Company, Inc., B-422670, Sept. 25, 2024, 2024 CPD ¶ 230 and MAXIMUS Federal Services, Inc., B-422676, Sept. 16, 2024, 2024 CPD ¶ 222—highlight another impactful tool for protecting a contractor’s ability to compete fairly: pre-award challenges to ambiguous or unreasonably restrictive solicitation terms.

On September 24, 2024, the Office of Management and Budget (OMB) released Memorandum M-24-18, Advancing the Responsible Acquisition of Artificial Intelligence in Government (Memo).  The 36-page Memo builds on OMB’s March 2024 guidance governing federal agencies’ use of AI, Memorandum M-24-10, which we reported on here.  The Memo addresses requirements and guidance for agencies acquiring AI systems and services, focusing on three strategic goals: (i) ensuring collaboration across the federal government; (ii) managing AI risks and performance; and (iii) promoting a competitive AI market.