DoD Proposes Rule Expanding FOCI Review and Mitigation to Unclassified Contracts

On May 7, 2026, the Department of Defense (DoD) issued a proposed rule implementing Section 847 of the National Defense Authorization Act for Fiscal Year 2020 that would expand Foreign Ownership, Control, or Influence (FOCI) requirements to unclassified DoD contracts. Historically, FOCI disclosures and possible mitigation measures have applied only to classified contracts.

A contractor is considered to be under FOCI when:

[a] foreign interest has the power, direct or indirect, whether or not exercised, and whether or not exercisable through the ownership of the U.S. company’s securities, to direct or decide matters affecting the management or operations of that company in a manner which may result in a risk or potential risk to national security or potential compromise of sensitive data, systems, or processes, such as personally identifiable information, or national security systems, or could otherwise control or influence the business or management of the contractor in a manner that could adversely affect its ability to perform on the contract or subcontract.

If adopted, the rule will expand disclosure and mitigation requirements to unclassified DoD contracts and subcontracts, at any tier, in excess of $5 million. All told, the impact of the proposed rule could be felt by an estimated 37,740 contractors and subcontractors – 51% of which are estimated to be small businesses. The proposed rule exempts contracts for commercial services and commercial products unless a designated senior DoD official determines that coverage is appropriate because the contract involves a risk or potential risk to national security or involves sensitive data, systems or processes that may be compromised.

For contracts covered by the proposed requirement, offerors must submit a completed SF-328, Certificate Pertaining to Foreign Interests, to the Defense Counterintelligence and Security Agency (DCSA) in the National Industrial Security System (NISS), as well as supporting documentation. By submitting an offer, offerors are representing that they have submitted the SF-328 and contact information of each beneficial owner, and that its disclosures are current, accurate and complete.

Following submission of this information, DCSA will assess the information for potential FOCI risks and suggest mitigation measures. If such risks are identified, the contractor must agree to any required risk mitigation strategies and implement those measures within 90 days following the applicable contract action (award, option exercise, modification or identification of post-award risk). If it is determined that the risk cannot be mitigated, then the contract may not be awarded or modified, and no options can be exercised. Contractors will be required to flow the new clause to covered subcontractors at any tier and must ensure their subcontractors maintain a status of “eligible” in their NISS accounts both at award of the subcontract and during performance.

Reporting obligations will be ongoing during contract performance. For example, contractors must report changes in FOCI or beneficial ownership during contract performance with an updated SF-328 in NISS within three business days and initiate a plan of action to implement DCSA’s mitigation recommendations within ten business days following notification of a risk of compromise to national security based on the reported changes.

Comments on the proposed rule are due by July 6, 2026.

Key Takeaways

• Contractors not accustomed to dealing with FOCI reporting and mitigation measures should begin familiarizing themselves with the SF-328 requirements.
• Gather ownership and corporate governance documents, including those of any parent entities.
• Familiarize yourself with the NISS portal.
• Perform a FOCI self-assessment.

If you have any questions regarding the impact of the proposed rule or any other matters relating to contracting with the federal government, please reach out to your Cohen Seglias contact or contact any member of the Government Contracting Group.