This act prohibits federal agencies from contracting for covered software systems with internationally owned software companies unless a national security waiver is granted.
Lauren Boebert
Representative
CO-4
The Contracting America First Act prohibits federal agencies from awarding contracts for certain software systems to companies majority-owned by non-U.S. citizens. This legislation mandates that contractors certify they are not internationally owned when dealing with systems that handle sensitive employee data. Waivers are permitted only if deemed necessary for national security, requiring congressional notification.
Contracting America First Act: New Bill Bans Foreign-Owned Software from Managing Federal Employee Data
The federal government is looking to change who builds the software that handles its most sensitive data. The 'Contracting America First Act' introduces a strict rule: if a software company is majority-owned by non-U.S. citizens, it can no longer win, renew, or extend contracts for systems that manage the personal information of 500 or more federal employees. This isn't just about office spreadsheets; we’re talking about software that touches Social Security numbers, medical records, and health data. To keep things honest, every company bidding for these jobs will have to sign a statement under penalty of perjury certifying they are American-owned. If they lie or the ownership shifts, the government can pull the plug on the contract immediately and potentially ban the company from future work.
The Digital Border Wall
This bill essentially draws a line in the sand for the tech industry. For a software developer in Silicon Valley or a contractor in D.C., the math is now very simple: if 51% or more of your company’s owners aren't U.S. citizens, you’re locked out of a massive slice of the federal market. This applies to any 'covered software system'—the digital vaults holding the private details of at least 500 government workers. While the goal is to keep sensitive data out of foreign hands, the real-world ripple effect could be messy. Many modern tech startups rely on global venture capital or have founders from all over the world. Under this bill, a high-performing software firm based in Austin could be disqualified simply because its primary investors are from abroad, potentially leaving federal agencies with fewer, and possibly more expensive, options for their IT needs.
The 'National Security' Escape Hatch
There is a significant caveat tucked into the text: the 'Waiver Authority.' An agency head can bypass these rules if they decide it’s necessary for national security. They just have to send a written explanation to Congress within 30 days. This creates a bit of a gray area. For example, if the Pentagon absolutely needs a specific cybersecurity tool that only a British-owned firm makes, they can still buy it. However, because 'national security' is a broad term, this could lead to inconsistent enforcement. One agency might be strict, while another uses the waiver as a regular workaround, leaving tech companies and federal employees in a state of 'wait and see' regarding how their data is actually being handled.
Implementation and the Paperwork Trail
If this moves forward, the rules of the game will change fast. The Federal Acquisition Regulation—the giant rulebook for government buying—must be updated within 180 days. This means companies have about six months to audit their cap tables and ensure their ownership structures meet the new requirements. For the average federal employee, like a postal worker or a TSA agent, the impact is invisible but high-stakes. Their medical history and SSN would be migrated away from internationally owned platforms. The challenge lies in the transition: moving massive databases from one provider to another is notorious for causing downtime and glitches. If the domestic alternatives aren't ready to scale, the very people the bill aims to protect might deal with system crashes or data delays in their own HR and health portals.