DOD demands contractors spill on foreign ownership to protect secrets
Published Date: 5/7/2026
Proposed Rule
Summary
The Department of Defense is updating rules to make sure companies working with them reveal if they’re owned or controlled by foreign folks. This helps keep our defense projects safe from hidden foreign influence. If you’re a contractor or subcontractor, get ready to share ownership info by July 6, 2026, or risk delays in your contracts.
Analyzed Economic Effects
7 provisions identified: 0 benefits, 7 costs, 0 mixed.
Mandatory SF‑328 Ownership Disclosures
If you are a DoD offeror or contractor on contracts valued above $5,000,000, you must submit the SF‑328 (Certificate Pertaining to Foreign Interests) and supporting documents into the National Industrial Security System (NISS) for DCSA review and represent in your offer that the information is current, accurate, and complete.
NISS Eligibility for Award or Option
Contracting officers must not award, modify, or exercise an option on any contract valued above $5,000,000 unless the contractor or prospective contractor has an eligible status in the National Industrial Security System (NISS).
90‑Day Risk Mitigation Requirement
If DCSA or the requiring activity determines that FOCI or beneficial ownership poses a risk that can be mitigated, the offeror/contractor must agree at award and implement identified risk mitigation strategies within 90 calendar days of contract award, option exercise, modification, or identification of post‑award risks.
Rapid Reporting Timelines for Ownership Changes
During contract performance, contractors must update SF‑328 and supporting documents in NISS when changes occur; if changes may place the contractor under FOCI they must report foreign/beneficial owner details within 3 business days, and within 10 business days of DCSA notification must initiate a plan and submit additional information.
Subcontractor Eligibility and Flow‑Downs
Prime contractors must ensure subcontractors awarded subcontracts that exceed $5,000,000 have an eligible status in NISS prior to subcontract award and maintain eligible status for the duration of performance; the clause must be flowed down into subcontracts over $5,000,000.
Possible Coverage of Commercial Contracts
Although the rule generally excludes commercial products and services, the designated senior DoD official may require the disclosure and mitigation requirements for commercial acquisitions if the contract involves a risk to national security because of sensitive data, systems, or processes; DoD states it intends to apply the statute to commercial products and services when that determination is made.
Estimated Number and Paperwork Burden
DoD estimates an average 3,774 unique awardees (FY2022–2024) for awards over $5,000,000, 37,740 potentially impacted entities (assuming two offerors per award and five subcontractors per award), of which about 21,511 (57%) are estimated to be small businesses; OMB burdens cited include SF‑328 at $7,352,560 and NISS at $712,281, and DoD estimates an annual verification cost of $168,534 for offeror verification activity.
Your PRIA Score
Personalized for You
How does this regulation affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this federal register document and every other regulation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Key Dates
Department and Agencies
Related Federal Register Documents
2026-09038 — Defense Federal Acquisition Regulation Supplement: Disclosure of Greenhouse Gas Emissions (DFARS Case 2024-D021)
Starting May 7, 2026, the Department of Defense won’t make most new defense contractors share their greenhouse gas emissions unless it’s really needed for the contract. This change helps nontraditional contractors avoid extra paperwork, but DoD can still ask for info if it’s directly tied to the job. It’s a smart move to keep things fair and focused without slowing down important defense work.
2026-08610 — Acquisition of Items for Which Federal Prison Industries Has a Significant Market Share
The Department of Defense updated its list of product categories where Federal Prison Industries (FPI) holds more than 5% of the market share, effective May 16, 2026. This means DoD buyers must include FPI in the bidding process for items like office furniture and men's underwear, making sure competition stays fair. These changes affect contractors and government buyers, keeping the buying game transparent and competitive.
2026-08611 — Information Collection Requirement; Defense Federal Acquisition Regulation Supplement (DFARS) Performance-Based Payments-Representation
The Department of Defense is bringing back a form that businesses must fill out when bidding on contracts with performance-based payments. This form asks companies to confirm if their financial statements follow standard accounting rules. About 483 businesses will respond once a year, and comments on this update are open until June 3, 2026.
2026-05935 — Information Collection Requirement; Defense Federal Acquisition Regulation Supplement; Rights in Technical Data and Computer Software
The Department of Defense is renewing its paperwork rules about who owns technical data and software rights in defense contracts. This affects over 46,000 businesses that work with the DoD, requiring them to provide info about their software and data rights. Comments on these rules are open until April 27, 2026, and the paperwork takes about 1.6 hours per response.
2026-03870 — Information Collection Requirement; Defense Federal Acquisition Regulation Supplement; Performance-Based Payments-Representation (OMB Control Number 0750-0001)
The Department of Defense wants to keep collecting info from businesses about performance-based payments to make sure everything runs smoothly. This info collection, affecting about 438 companies, is up for a three-year extension with no big changes or extra costs. Comments on this plan are open until April 27, 2026, so now’s the time to speak up!
2025-17359 — Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)
The Department of Defense is updating its rules to make sure contractors follow new cybersecurity standards called the Cybersecurity Maturity Model Certification (CMMC). This change affects companies working with the DoD and helps protect important defense information. Contractors should get ready to meet these new rules soon, which could impact how they do business and spend money on cybersecurity.
Previous / Next Documents
Previous: 2026-09059 — Atlantic Highly Migratory Species; North Atlantic Swordfish, South Atlantic Swordfish, North Atlantic Albacore, and Atlantic Bluefin Tuna Quotas
NOAA is updating fishing limits for swordfish, albacore, and bluefin tuna to follow international rules and protect these fish. They’re keeping most quotas the same but increasing the bluefin tuna quota and adjusting how it’s shared among fishermen. If you fish these species or care about ocean life, you can comment by June 8, 2026, and join a webinar on May 28 to learn more.
Next: 2026-09077 — Airworthiness Directives; Airbus SAS Airplanes
The FAA wants all Airbus A330-841 and A330-941 planes checked regularly for rusty lavatory floor parts to keep flights safe. Airlines will need to inspect these parts often and fix or replace them if needed. Comments on this plan are open until June 22, 2026, and fixing these issues might cost some time and money but will keep passengers safe and sound.