This bill expands the authority, modifies the structure, and clarifies the functions of the Federal Acquisition Security Council to enhance the security of government procurement against risks posed by foreign adversaries.
William Timmons
Representative
SC-4
This bill significantly reforms the Federal Acquisition Security Council (FASC) by expanding its authority and moving it to the Executive Office of the President. It establishes new definitions and processes for addressing national security risks posed by certain suppliers, allowing the Council to issue binding "recommended" and "designated" exclusion orders against sources of concern. The legislation also creates a dedicated Program Office to support the Council's expanded functions in securing the federal supply chain.
New Federal Security Bill Targets Foreign Tech in Government Contracts: 2026 Procurement Overhaul Explained
The Federal Acquisition Security Council Improvement Act of 2026 is essentially a high-stakes background check for the government’s entire supply chain. It moves the Federal Acquisition Security Council (FASC) directly into the Executive Office of the President and packs it with heavy hitters from the FBI, NSA, and Homeland Security. The goal is to create a unified 'no-fly list' for tech and hardware. If a company is deemed a 'source of concern'—meaning it’s owned by or collaborating with a foreign adversary—this bill gives the government the teeth to not only ban their products but to physically remove them from federal systems. For the average person, this is about making sure the software processing your taxes or the hardware protecting power grids isn't vulnerable to foreign interference.
The New 'No-Buy' List
Under this bill, the government is creating two tiers of risk. First, there are 'covered sources of concern'—companies specifically named by law as national security threats. For these, the Council has 270 days to either kick them out of the federal marketplace or explain to Congress why they haven't (Section 1323). Then there are general 'sources of concern' that the Council can investigate on its own. This doesn't just hit the big names; it trickles down to 'second-order' products. If you’re a small software developer or a construction firm bidding on a federal contract, you’ll need to be hyper-aware of your own vendors. If your sub-contractor uses parts from a banned source, your entire contract could be at risk of an 'exclusion order.'
The Red Tape and the Reality
While the bill aims to lock the digital doors, it includes a 'national security waiver' that allows officials to keep using risky tech for up to a year if it's deemed vital (Section 1323). This creates a bit of a gray area: a department could technically keep a 'source of concern' on the payroll if they argue that switching would hurt operations more than the security risk itself. For tech workers and government contractors, this means the rules of the game could change quickly. The bill gives the Council two years to update all regulations, so businesses have a small window to scrub their supply chains before the new 'designated orders' start hitting the books.
Who Pays and Who Plays?
The bill is a win for domestic manufacturers and 'trusted' tech firms who have been competing against cheaper, state-subsidized foreign alternatives. However, the cost of this security isn't zero. If a mid-sized IT firm has to rip out and replace their entire server stack because a component was blacklisted, those costs will likely be passed back to the taxpayer or result in higher bid prices for government work. By centralizing power in the White House, the bill cuts through bureaucratic noise, but it also means procurement decisions—usually a matter of price and quality—are now permanently tied to the shifting sands of international diplomacy.