Kathryn J. Carlson

Government contractors and grant recipients should heed the warning bell represented by the record haul of recoveries in 2025 under the federal False Claims Act (FCA). Although more than $6.8 billion was collected, according to the Department of Justice (DOJ), more troubling is the record number of 1,297 qui tam suits filed. This growth of whistleblower lawsuits comes just as DOJ has voiced its intent to use the FCA to combat diversity, equity and inclusion (DEI) initiatives. DOJ Investigations The DOJ is

On Dec. 18, 2025, the Department of Defense (DoD) issued deviations to over half of the Defense Federal Acquisition Regulation Supplement (DFARS) Parts, all of which became effective Feb. 1, 2026. Two days later, DoD issued a deviation for DFARS Part 204, which became effective Feb. 17. These deviations reorganize and streamline some of the DFARS regulations and contract clauses that define contractors’ cybersecurity requirements. Technically, they are “temporary” exceptions to the DFARS that were issued on an emergency basis in

The Department of Commerce’s Bureau of Industry and Security (BIS) has issued an interim final rule (IFR) that extends end-user restrictions to entities owned 50% or more by parties identified on the Entity List and the Military End-User (MEU) List. This new “Affiliates Rule” substantially expands the reach of Entity List and MEU List restrictions by prohibiting unlicensed exports to a large number of new unlisted companies based on their ownership chains, particularly the subsidiaries of listed Chinese entities. It further

The U.S. Departments of Commerce and the Treasury took steps this September to further ease restrictions on Syria following the fall of the Assad regime. In early September, the Commerce Department’s Bureau of Industry and Security (BIS) revised the Export Administration Regulations (EAR) to relax certain export controls on Syria. On September 25, the Treasury Department’s Office of Foreign Assets Control (OFAC) renamed the “Syria-Related Sanctions Regulations” the “Promoting Accountability for Assad and Regional Stabilization Sanctions Regulations,” further clarifying the

On September 10, 2025, the Department of Defense (DoD) issued a Final Rule officially incorporating the Cybersecurity Maturity Model Certification (CMMC) Program into the Defense Federal Acquisition Regulation Supplement (DFARS). The Final Rule establishes the processes for integrating the CMMC requirements into DoD Contracts and Subcontracts and creates two new contract clauses that make CMMC compliance a condition for award. The Final Rule is effective November 10, 2025, which gives entities a brief window of time to familiarize themselves with

On July 8, 2025, President Trump issued an order to unwind the acquisition of Jupiter Systems, Inc., a U.S. company, by Hong Kong-based Suirui International Co., Ltd., a subsidiary of China’s Suirui Group (collectively Suirui), five years after the transaction closed. According to the Treasury Department’s July 11 statement, the Committee on Foreign Investment in the United States (CFIUS) had “identified a national security risk arising from Suirui’s ownership of Jupiter relating to the potential compromise of Jupiter’s products used

The Department of Justice (DOJ) recently issued its annual Health Care Fraud Takedown results, announcing a record-breaking 324 defendants, including 96 doctors and licensed professionals, as well as more than $14.6 billion in intended loss. While the large figures grab attention, an analysis of the DOJ’s statements offers important insight for American health care professionals and companies: Despite various executive orders and policy changes with the new administration, the DOJ and other government agencies continue to focus significant resources on

Less than two weeks after President Donald Trump announced that his administration would lift U.S. sanctions on Syria, the U.S. Departments of the Treasury and State took significant first steps to provide the anticipated sanctions relief. On May 23, the Treasury Department’s Office of Foreign Assets Control (OFAC) issued General License 25 (GL 25), authorizing a broad range of transactions that had previously been prohibited under the Syrian Sanctions Regulations. In parallel, the State Department exercised its authority under the Caesar

Government agencies may be eager to exercise their enhanced authority to investigate and pursue contractors under provisions in the newly enacted Administrative False Claims Act (AFCA). The two key changes discussed below could increase the number of claims that agencies may find appealing to investigate. Although these changes affect contractors of any size, small business contractors are likely to find investigations more disruptive if they lack a robust compliance program. But there are ways they can protect themselves by preparing for

President Joe Biden signed into law last week the Servicemember Quality of Life Improvement and National Defense Authorization Act for Fiscal Year 2025 (NDAA). This defense policy and budget bill contains a discretionary topline of $895.2 billion to be split between the Department of Defense (DoD), Department of Energy (DOE) and other agencies for national defense related spending. The NDAA is a critical piece of legislation that guides the creation of many federal procurement regulations, and this year is no different.

The Small Business Administration (SBA) published earlier this month one of the most significant rule changes in recent history. We previously addressed the new M&A and long-term recertification rules. Now, we’ll examine the homogenization of the negative control rules across the SBA’s small business and socioeconomic programs, as well as the approval of rights of first refusal (ROFRs) for all these programs. These rule changes could materially improve access to capital for 8(a) program participants, woman-owned small businesses (WOSBs) and

The Small Business Administration published a gargantuan new rule Tuesday that will significantly change small business contracting for years to come. The rule was styled “HUBZone Program Updates and Clarifications, and Clarifications to Other Small Business Programs,” and while a large swath of the rule is directed at the HUBZone program, the most consequential changes affecting the largest number of contractors are the “Other Small Business Programs” updates. These changes affect how small businesses calculate their size, permit minority investment, leverage past performance

The Federal Acquisition Regulatory (FAR) Council issued an interim rule earlier this month revising FAR 52.204-7 to require offerors to be registered in System for Award Management (SAM) at two points in time: “[1] when submitting an offer or quotation and [2] at time of award.” The interim rule clarifies that offerors are not required to be continuously registered in SAM between those two dates, which is how decisions by the Government Accountability Office (GAO) and the Court of Federal

The Department of Defense (DoD) published a Final Rule earlier this month formally implementing the Cybersecurity Maturity Model Certification (CMMC) Program. This Final Rule is the culmination of five years of work to standardize the safeguards that government contractors must implement to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) while also bolstering compliance with these requirements. (For more background on the road to the Final Rule, please read our earlier blog posts on what we’ve called “CMMC Program