The Department of Defense (DOD) recently released a Proposed Rule (Rule) that would expand federal contractors’ and subcontractors’ obligations regarding disclosure of beneficial ownership and foreign ownership, control, or influence (FOCI). FOCI obligations and related beneficial ownership disclosures have historically applied primarily to government contractors and subcontractors holding a facility security clearance and performing cleared government contracts or subcontracts. DOD is now proposing to broaden these often confusing and complex rules. Below, PilieroMazza attorneys outline the Rule, its implications for beneficial ownership disclosures, and steps government contractors can take to prepare.
The Rule, which would generally apply to DOD contracts and subcontracts exceeding $5 million, marks a substantial expansion of DOD’s oversight of contractor ownership structures, even for companies that do not handle classified information. Covered DOD contractors and subcontractors would be required to:
- disclose beneficial ownership to the Defense Counterintelligence and Security Agency (DCSA) and submit Standard Form 328 (SF 328), Certificate Pertaining to Foreign Interests, to disclose whether the contractor is under FOCI;
- provide updates to FOCI status, supporting documents, and beneficial owner disclosures to DCSA for the life of the contract or subcontract;
- disclose contact information for all foreign beneficial owners, if the contractor is determined to be under FOCI; and
- mitigate risks related to FOCI within 90 days of contract award, modification, exercise of an option, or identification of risks during contract performance.
Importantly, contracting officers would be prohibited from awarding contracts, issuing modifications, or exercising options unless the contractor is listed as “eligible” in the National Industrial Security System (NISS)—the database where disclosures and forms must be uploaded—effectively making timely and accurate submissions and disclosures a condition of doing business with DOD. During contract performance, contractors would also be required to update NISS whenever ownership or control changes. Commercial contracts would generally be exempt from these new requirements unless a contrary determination is made by a senior agency official.
A key aspect of the Rule (and FOCI generally) is understanding what constitutes a “beneficial owner.” A “beneficial owner” of a security (such as shares or units) in the disclosing entity is defined as any person who, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise, possesses or shares either of the following powers with respect to such security:
- voting power which includes the power to vote, or to direct the voting of, such security; or
- investment power which includes the power to dispose of, or to direct the disposition of, such security.
Currently, applicable contractors must complete SF 328, which requires disclosure of beneficial ownership information for foreign persons who, directly or indirectly, own 5% or more of the disclosing entity on a fully diluted basis. The Rule’s broader definition clearly covers additional owners and even considers persons who have the right to acquire beneficial ownership of an applicable security within 60 days to be beneficial owners. Under the Rule, every covered contractor or subcontractor will need to disclose contact information for all foreign beneficial owners, not just foreign owners who own 5% or more. This may not be as burdensome for a closely-held company, but for more widely-held companies, this could prove to be more than a headache and possibly even a barrier to entry into the marketplace, contrary to the Trump Administration’s overall directive to agencies to remove burdensome red tape and reduce barriers to entry into the Federal marketplace.
The Rule also establishes new risk mitigation obligations for contractors under FOCI. If DOD identifies a risk or potential risk, the contractor must implement a mitigation strategy within 90 days of award, modification, or identification of the risk. DOD estimates that more than 37,000 entities—including over 21,000 small businesses—could be affected by these requirements, reflecting the Rule’s broad reach across the defense industrial base. Contractors may face increased administrative burdens associated with preparing SF 328 filings, maintaining NISS records, and implementing mitigation measures both before and after award.
Although solicitations and contracts for commercial products and services are generally exempt from the new requirements, DOD intends to apply this Rule to certain commercial acquisitions when national security concerns are present, such as when sensitive data, systems, or processes are involved. Moreover, the Rule intends to extend these obligations throughout the supply chain. Prime contractors would be required to ensure all subcontractors and suppliers awarded subcontracts exceeding $5 million have an eligible status in NISS prior to subcontract award and maintain eligible status for the duration of subcontract performance.
This represents a notable expansion of FOCI-related oversight into areas of the market that have historically been insulated from these requirements.
Given this potential impact, contractors should begin assessing their ownership structures, internal processes for tracking changes in beneficial ownership, and readiness to implement mitigation measures if required. DOD is accepting comments on the Rule until July 6, 2026, giving industry stakeholders an opportunity to help shape the final requirements. Comments can be submitted here.
PilieroMazza attorneys are well-versed in helping clients navigate DCSA’s requirements for FOCI and beneficial ownership disclosures. If you need assistance or have questions, please contact Cy Alba, Daniel Figuenick, Cole Fox, or another member of the Firm’s Government Contracts and Corporate & Organizational Governance practice groups.
____________________
If you are seeking practical insights to gain a competitive edge by understanding the government’s compliance requirements, tune into PilieroMazza’s podcasts: GovCon Live!, Clocking in with PilieroMazza, and Ex Rel. Radio.
