DOD Extends Foreign Ownership, Control, or Influence Disclosure Requirements to Unclassified Contracts and Subcontracts Greater Than $5 Million

On May 6, 2026, the U.S. Department of Defense (DOD) published a proposed rule that would extend the current prohibition on awarding classified contracts to a company subject to foreign ownership, control, or influence (FOCI), absent satisfactory FOCI-mitigation measures, to awards of noncommercial defense contracts valued at $5 million or more, regardless of whether the work requires access to classified information.¹ To effectuate this new prohibition, the proposed rule would require all contractors bidding on and performing such defense contracts — and subcontractors whose subcontracts are valued at $5 million or more — to submit to the Defense Counterintelligence and Security Agency (DCSA) information regarding any relationships maintained by the contractor with foreign persons, which DOD may use in its evaluation of bids submitted to competitive procurements.

Companies interested in working with the DOD should carefully review the proposed rule and consider what the proposed disclosure obligations mean for their business.

Background

This proposed rule implements Section 847 of the National Defense Authorization Act for Fiscal Year 2020 (FY20 NDAA), which instructed the Secretary of Defense to “improve the process and procedures for the assessment and mitigation of risks related to foreign ownership, control, or influence (FOCI) of contractors and subcontractors doing business with the Department of Defense.” The Joint Explanatory Statement that accompanied the FY20 NDAA explains Section 847’s purpose as follows:

The conferees are concerned by the growing threat to the integrity of the defense industrial base from strategic competitors, like the Russian Federation, the People’s Republic of China, and their proxies, seeking to gain access to sensitive defense information or technology through contractors or subcontractors. The conferees recognize that there are existing efforts underway to understand and mitigate some of these risks as directed by several pilot programs …. However, the acquisition community must have greater visibility into all cleared and uncleared potential contractors and subcontractors seeking to do business with the Department. The Department must ensure that contractors and subcontractors do not pose a risk to the security of sensitive data, systems, or processes such as personally identifiable information, cybersecurity, or national security systems.

To operationalize the above mandates, Section 847 specifically requires the DOD to promulgate new clauses in the Defense Federal Acquisition Regulation Supplement (DFARS) to extend FOCI disclosure and mitigation requirements to nonclassified, noncommercial defense contracts valued at $5 million or more. (Contractors working on classified contracts are already subject to restrictions on beneficial ownership and FOCI disclosure and mitigation procedures.)

Disclosure Requirements

Consistent with Congress’ direction, the proposed rule would establish a new DFARS section 240.27X, Mitigation of Risks Related to Beneficial Ownership or Foreign Ownership, Control, or Influence, that imposes requirements on contractors bidding on DOD applicable contracts, those awarded such contracts, and subcontractors performing similarly valued subcontracts under such contracts.

First, the rule would require solicitations for noncommercial DOD contracts valued at $5 million or more to require offerors to submit Standard Form 328 (SF-328) — the Certificate Pertaining to Foreign Interests — and all required associated documents to DCSA. The SF-328 requires the offeror to report all FOCI that may exist with respect to the company. For example, the SF-328 asks, among other things:

• Does any foreign person(s), directly or indirectly, own, beneficially own, or subscribe to 5 percent or more of the outstanding shares of any class of stock, participation interest, units, or total capital commitment for your organization?
• Do any foreign persons serve as a member of your organization’s governing body, or hold a management position?
• Does your organization have any contracts, agreements, understandings, grants, side letters, or arrangements with a foreign person(s)?
• During your organization’s last fiscal year, did it derive 5 percent or more of its total revenue, net income, tuition, gifts, or endowments from any single foreign person?

For any question to which an offeror responds “Yes,” the offeror must submit additional documentation, as outlined in the SF-328.

In addition to submitting the SF-328, the proposed rule requires offerors to provide contact information for each “beneficial owner” of the business in the National Industrial Security System (NISS). A “beneficial owner” is any individual or entity who, directly or indirectly, ultimately owns or controls the business. By submitting an offer under solicitations containing this new clause, offerors will represent that they have submitted the SF-328 to DCSA and beneficial owner contact information to NISS and that the information is current, accurate, and complete.

Second, the disclosure obligation does not end at bid submission — the proposed DFARS clause also requires contractors to provide updates to their FOCI and beneficial ownership disclosures to DCSA throughout the life of the contract whenever a change to such information occurs. Furthermore, in relation to subcontracts exceeding $5 million, prime contractors must flow down the reporting obligation and ensure the subcontractor is listed as “eligible” in the NISS prior to award and for the duration of performance. If a change renders the subcontractor subject to FOCI during contract performance, the contractor is responsible for ensuring that the change is reported and any mitigation is effectuated.

Impact on Evaluations and Mitigation Requirements

Based on information provided in the SF-328 and associated documentation or any update furnished to DCSA, DCSA will determine whether the offeror or contractor is under FOCI by considering whether a “foreign interest” has the power, directly or indirectly, to:

• Direct or decide matters affecting the management or operations of that company in a manner that may result in a risk or potential risk to national security or potential compromise of sensitive data, systems, or processes
• Otherwise control or influence the business or management of the contractor in a manner that could adversely affect its ability to perform the contract or subcontract

“Foreign interest” is defined broadly to include: any foreign government, agency of a foreign government, or representative of a foreign government; any form of business enterprise or legal entity organized, chartered, or incorporated under the laws of another country; and any person who is not a citizen or national of the United States.

The proposed DFARS clause requires the DOD contracting entity to, before making award and based on input from DCSA, determine whether the offeror “poses a risk or potential risk of compromise to national security … related to FOCI or beneficial ownership,” and if so, determine whether such risk may be mitigated. To be eligible for contract award, the offeror must agree at the time of award to implement any risk mitigation strategy prescribed by the DOD contracting entity within 90 days of award. Relatedly, if the DOD’s contracting entity determines an already-performing contractor is under FOCI based on an update provided to DCSA, the contractor must similarly implement a risk mitigation strategy within 90 days of DOD identifying the risk. Only by implementing such a mitigation strategy — or being found to have no FOCI or beneficial ownership risks — can an offeror receive or maintain “eligible” status in the NISS.

A contracting officer may not award, modify, or exercise an option or otherwise extend a contract, task order, or delivery order unless the offeror or contractor has an “eligible” status in NISS. Neither may a prime contractor award or maintain a subcontract in excess of $5 million without ensuring the subcontractor maintains “eligible” status in NISS.

Conclusion

The proposed rule’s expansion of beneficial ownership and FOCI information disclosure and mitigation requirements are designed to protect sensitive DOD information from foreign influence. By requiring detailed assessments of beneficial ownership information to detect FOCI early in the contracting process, DOD will be better equipped to establish mitigation measures that help reduce the risk of foreign adversaries gaining access to sensitive defense-related information and intellectual property. But these changes also have broad implications for federal defense contractors.

First, defense contractors that have not already been subject to DCSA’s FOCI screening for classified contracts should prepare and have ready for disclosure detailed information about their beneficial ownership and foreign operations. Second, mitigation strategies will not be optional when they are required by DOD. Offerors and contractors must be prepared to work with the DOD contracting entity to mitigate the risk of FOCI or risk losing contracts (and even subcontracts). Third, obligations will not end upon submission of an offer. Contractors will need to stay vigilant throughout the life of a contract, keep DOD informed of pertinent changes to beneficial ownership and FOCI information, and monitor compliance of their subcontractors. Fourth, defense contractors may reasonably conclude that a high risk of FOCI may reduce their competitiveness for future contracts with DOD (even in the commercial sphere). As such, companies may wish to consider the potential follow-on effects of any future foreign ventures or partnerships.

Comments on the proposed rule are due on or before July 6, 2026. Please contact any author of this Advisory or your Arnold & Porter relationship attorney if you would like to submit comments, have questions about the proposed rule, or to seek further guidance or advice.

© Arnold & Porter Kaye Scholer LLP 2026 All Rights Reserved. This Advisory is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.