Sponsors (7)
The bill tightens DoD software procurement to reduce foreign access risks to sensitive code and systems but does so at the cost of reduced competition, higher costs, potential harm to U.S. multinational firms and workers, and with vague standards and only temporary duration.
Federal agencies and taxpayers: the bill lets the Department of Defense block or exclude software suppliers with ownership, data-center, or AI R&D ties in covered countries, reducing the risk that foreign-linked companies can access sensitive source code or classified systems.
Defense acquisition officials and contractors: the bill preserves targeted national-security exceptions for urgent or critical procurements, allowing flexibility to approve otherwise-restricted suppliers when necessary.
Government contractors and taxpayers: barring companies with foreign ties from DoD software-source contracts for three years will likely reduce competition and increase acquisition costs.
U.S. firms with subsidiaries or affiliates operating in covered countries and their employees: the rule could exclude U.S.-linked subsidiaries or affiliates, harming business operations and jobs for multinational companies.
Government contractors and acquisition officials: vague standards (e.g., Secretary-determined "primary purpose" and "material interest") create legal uncertainty, raise compliance costs, and may spur disputes or litigation.
Based on analysis of 2 sections of legislative text.
Prevents the DoD from entering into, renewing, or extending software source-code contracts with entities that have specified ties to covered foreign countries for three years, unless waived for national security.
Prohibits the Secretary of Defense from entering into, renewing, or extending contracts that provide software source code with persons who have specified connections to a “covered country” (as defined in recent NDAA law). The ban targets entities tied to foreign AI research facilities, entities that have given a covered country access enabling reverse engineering, and entities that operate data centers in a covered country; the Secretary may grant a national-security waiver. The restriction applies to contracts entered into, renewed, or extended within three years after enactment.
Introduced June 12, 2025 by Pat Fallon · Last progress June 12, 2025