As PilieroMazza blogged about here, Federal Acquisition Supply Chain Security Act (FASCSA) Orders prohibit agencies from procuring or obtaining—or extending or renewing a contract to procure or obtain—any covered article, or any good or service produced or provided by a source.[1] The first FASCSA Order (Order) published on SAM.gov was released in September 2025 by the Office of the Director of National Intelligence (ODNI) excluding Acronis AG (Acronis), a Swiss-based cybersecurity company, from all Intelligence Community (IC) executive agency procurement actions as well as ordering the removal of covered articles provided by Acronis from information systems applicable to the IC and sensitive compartmented information systems. Our discussion below summarizes what the Order means for federal contractors and what steps they should take to ensure compliance.
Background
Under FAR 52.204-30, a contractor may not provide or use as part of its performance of the contract, any covered article, or any products or services produced or provided by a source, that is prohibited by an applicable FASCSA Order. That clause also requires contractors, during contract performance, to review SAM.gov at least once every three months to check for covered articles or products or services produced by a source subject to FASCSA Orders. If a new FASCSA Order is identified that could impact a contractor’s supply chain, then the contractor shall conduct a “reasonable inquiry” to identify whether a covered article, or product or service produced or provided by a source, subject to a FASCSA Order was provided to the government or used during contract performance. If identified, reports must be submitted to the respective agency identifying various items including, but not limited to, the covered product or service provided, the contract it was provided under, and any information about mitigation actions undertaken or recommended.
Implications of the Order Targeting Acronis
According to the Order, moving forward Acronis is now excluded from all IC executive agency procurement actions and contractors must remove any covered articles provided by Acronis from information systems applicable to the IC and sensitive compartmented information systems. The Order goes one step further and imposes these broad prohibitions on not just Acronis, but also all subordinate, subsidiary, or affiliated organizations doing business under various names in support of the parent company, Acronis AG.
For preexisting solicitations or contracts, the FASCSA Order’s prohibitions will apply only if added via an amendment or modification. For contractors performing on a procurement instrument intended for use by multiple agencies (e.g., Federal Supply Schedules (FSS), Governmentwide Acquisition Contracts (GWACs), multi-agency contracts, etc.) that contains FAR 52.204-30, upon notification from the contracting officer, the contractor must promptly make the necessary changes or modifications to remove any product or service produced or provided by a source that is subject to an applicable FASCSA Order.
Shortly following the Order’s publication, a recent post on the GSA Interact Website explained that GSA identified and removed Acronis products and services from GSA Advantage, and that contract modifications are forthcoming to remove Acronis covered articles from MAS contracts. As a result, GSA contractors should be on the lookout for these modifications and be prepared to remove any covered articles promptly.
Next Steps for Federal Contractors
- Conduct a Reasonable Inquiry: Contractors whose preexisting IC contracts contain the relevant FAR clause should conduct reasonable inquiries of their supply chains to determine whether any Acronis service or product is being used or provided during performance. The FAR defines a “reasonable inquiry” to mean an inquiry designed to uncover any information in the entity’s possession about the identity of any covered articles, or any products or services produced or provided by a source. Note that contractors are not required to engage a third party to conduct this inquiry.
- Submit Required Reports and Remove (as necessary): To the extent a covered article or product or service from a source subject to a FASCSA Order is identified during an inquiry, the contractor must timely submit the required reports to the respective agency office. For those preexisting solicitations or contracts that the Order’s prohibitions apply to, contractors must promptly remove any Acronis product or service being provided or used during performance.
- Stay Abreast of New FASCSA Orders: Contractors should continue to monitor SAM.gov for any new FASCSA Orders that may be released. In addition, agencies have the right to identify additional FASCSA Orders not posted on SAM.gov in individual solicitations. Careful review of all future solicitations is imperative to ensure compliance.
- Ensure Representations in Offers Are Accurate: By submitting an offer in response to a solicitation containing FAR 52.204-29, an offeror represents that (i) it has conducted a reasonable inquiry into its supply chain for the prohibited source, and (ii) it does not propose to provide or use any covered articles from a prohibited source in its offer, unless the covered article or source is waived in the solicitation or is disclosed in the offer. This means offerors must affirmatively disclose the provision or use of covered articles or sources in their offers; remaining silent results in the offeror representing that no such article or source is proposed. If an offeror enters into a contract with this clause and any of its representations are inaccurate or false, it could face liability under the False Claims Act.
If you have questions about any goods or services subject to FASCSA Orders, and/or how to make sure you are correctly and timely submitting any relevant reports regarding them, please contact Jackie Unger, Daniel Figuenick, or another member of PilieroMazza’s Government Contracts or Cybersecurity & Data Privacy practice groups.
___________________
Looking for practical insights on gaining a competitive advantage through a deeper understanding of the government’s compliance requirements? Check out PilieroMazza’s podcasts “GovCon Live!” and “Clocking in with PilieroMazza.”
[1] FAR 52.204-30(a) (“Source means a non-Federal supplier, or potential supplier, of products or services, at any tier.”).
