The U.S. Department of Defense (DOD) published a proposed rule last month that would amend the Defense Federal Acquisition Regulation Supplement (DFARS) to partially implement sections 847 of the fiscal year 2020 National Defense Authorization Act and 819 of the fiscal year 2021 National Defense Authorization Act, as well as elements of DOD Instruction 5205.87 to mitigate risks related to beneficial ownership or foreign ownership, control, or influence (FOCI).

If finalized, the rule would extend FOCI disclosure and potential mitigation requirements beyond government contractors holding facility security clearances and performing classified work to a much broader population of DOD contractors and subcontractors. Comments on the proposed rule are due on or before July 6, 2026.

Expansion of FOCI Review

The proposed rule, published on May 7, 2026, would create a new DFARS Part 240, titled Information Security and Supply Chain Security, and would add a new solicitation provision and contract clause to implement the rule’s disclosure and mitigation requirements.

The rule would apply to DOD contracts and subcontracts at any tier valued above $5 million, and DOD estimates that approximately 37,740 contractors and subcontractors could be affected. According to DOD’s notice, the proposal is intended to reduce the risk of foreign adversaries gaining unauthorized access to DOD information and to reduce the risk of contract performance issues and theft of DOD intellectual property.

Historically, the most comprehensive FOCI review and mitigation requirements have applied primarily to contractors seeking or holding facility security clearances and performing classified work. This proposal would materially broaden that framework by requiring covered offerors and contractors on covered DOD contracts and subcontracts above the threshold to disclose beneficial ownership information and report whether they are under FOCI, including in circumstances that may involve work that does not require access to classified information. Commentary on the proposal has highlighted that this expansion could bring "tens of thousands of previously unregulated" or less-regulated contractors within the Defense Counterintelligence and Security Agency’s review process.

The proposed rule would exempt contracts for commercial products and commercial services, unless a designated senior DOD official determines that a particular contract involves a risk or potential risk to national security because of sensitive data, systems, or processes.

Compliance Considerations

If adopted substantially as proposed, the rule would create a number of new bidding, performance, and subcontract-management obligations for covered contractors. Among other things, the proposal would require:

• Submission of Standard Form 328, Certificate Pertaining to Foreign Interests (SF 328), and supporting documentation through the National Industrial Security System (NISS).
   
• A representation, by submission of an offer, that the contractor has submitted the required information in NISS and that the information is current, accurate, and complete.
   
• Implementation of DCSA risk mitigation measures within 90 days if DOD determines that FOCI or beneficial ownership poses a risk or potential risk that may be mitigated.
   
• Ongoing prompt reporting requirements, including updates to SF 328 and related supporting documents when changes occur (e.g., changes to ownership, control, or key management personnel), a 3 business day reporting requirement for changes that may place the contractor or subcontractor under FOCI, and a 10 business day requirement after DCSA notice of risk or potential risk to national security, for contractors to initiate a plan of action and confirm compliance with identified mitigation recommendations.
   
• Flowdown of the clause’s substance to covered subcontractors at any tier.
   
• Maintenance of an "eligible" status in NISS before award and before certain subsequent contract actions, because the proposed procedures direct contracting officers not to award, modify, or exercise an option unless the offeror or contractor has that status.

The proposed rule could therefore have practical implications beyond day-to-day contract administration. Commentators have noted that the proposal may increase diligence burdens in mergers and acquisitions, affect deal structures and timing, and create new pressure points for contractors with complex ownership arrangements, foreign investors, offshore funds, or other governance features that may draw scrutiny in a FOCI assessment.

Companies that pursue or support DOD work, particularly those with foreign investment, layered ownership structures, international financing relationships, or extensive covered subcontracting arrangements, may want to assess now what information would be required for an SF 328 submission, whether they have access to NISS and the documentation needed for a complete filing, and how potential ownership or governance issues could affect future awards, options, modifications, and transactions if the rule is finalized in its current form.

For more information, please contact us or your regular Parker Poe contact. Click here to subscribe to our latest alerts and insights.