Protecting AI and Cloud Competition in Defense Act of 2025

Summary

Requires the Department of Defense to adopt procurement and data-protection rules for cloud computing, data infrastructure, and large AI models to increase competition, security, resiliency, and interoperability. It defines covered providers and foundation models, prioritizes multi‑cloud and modular open systems, forbids unauthorized use or training on government data, creates penalties for violations, allows narrowly scoped national‑security exemptions, and mandates regular public reporting on market concentration and competition barriers.

• Requires DoD to adopt procurement and data‑protection rules for cloud, data infrastructure, and large AI models to boost competition, security, resiliency, and interoperability.
• Defines “covered provider” (≥$50M in DoD contracts in any prior five fiscal years) and “foundation model” (≥1,000,000,000 parameters or high‑risk capability).
• Prioritizes multi‑cloud solutions and modular open systems to reduce vendor lock‑in and improve interoperability, with national‑security exceptions allowed.
• Prohibits unauthorized use of government‑furnished data—including using it to train commercial models—and requires vendors to segregate and protect such data.
• Directs DFARS updates to implement contractual protections, penalties (fines and termination), and acquisition rules; allows component executives to grant security exemptions with notification.
• Requires DoD to mitigate small‑business barriers in procurement where feasible.
• Mandates a report (first due Jan 15, 2027, then annually for four years) on competition, innovation, barriers to entry, market concentration, and exemptions, with a releasable version posted online.
• Enforcement tools include contractual clauses, civil penalties, and contract termination; implementation will affect contracting processes and vendor technical controls.