New Defense Bill Forces Competitive Bidding for AI Contracts, Blocks Vendors from Using Government Data for Commercial Gain

The Protecting AI and Cloud Competition in Defense Act of 2025 is the government’s attempt to modernize how the Department of Defense (DoD) buys cutting-edge technology—specifically Artificial Intelligence (AI), cloud computing, and massive “foundation models.” The core idea is simple: stop relying on one or two tech giants and make sure the procurement process promotes security and competition.

What’s Actually Changing in DoD Shopping Habits

This bill sets up some strict new ground rules for any company that wants to sell AI or cloud services to the military. First, it mandates competitive bidding for every single purchase. No more handshake deals or sole-source contracts unless absolutely necessary. For a small tech startup, this is a huge deal, as the bill explicitly requires the DoD to lower the barriers for small businesses and newer contractors to get their foot in the door. The goal is to break up the current concentration of power and get fresh ideas into the defense sector.

Second, the bill pushes for “multi-cloud technology.” Think of it like this: your data and applications shouldn't be locked into one vendor’s system, like being stuck with only one phone carrier. Multi-cloud means the DoD can easily move data between different providers, increasing resilience and making it harder for any single company to hold the government hostage. The DoD can only skip this if it poses a “major national security risk,” which is a broad standard that might need tighter definition down the road.

The Data Protection Firewall: No Free Training

Perhaps the biggest change involves government data. The bill creates a firm firewall: if the government gives a vendor data to train or run an AI product, that vendor absolutely cannot use that same data to train or improve their own commercial AI products without explicit permission from the DoD. The government must retain exclusive rights to access and use all its data.

This is a critical provision. Right now, a major concern is that tech companies could use massive, taxpayer-funded datasets—like sensitive military logistics information—to make their commercial products better, essentially getting a free, priceless training boost courtesy of the American public. This bill slams the door on that practice. Any government data stored on a vendor’s system must be kept separate and adhere to strict DoD rules. If a vendor violates this, they face penalties, including contract cancellation.

The National Security Loophole

Here’s where the policy gets tricky. While the data protection rules sound ironclad, the bill includes a significant escape hatch. Component acquisition executives—the people who sign the contracts—can grant exemptions to these data protection rules if they determine it is “necessary for national security.”

This is a massive amount of discretion handed to individual officials. If a vendor argues that they must use government data to quickly develop a critical AI tool for the military, an executive can wave the rule, allowing that data to be used commercially. While the executive must report the exemption to the Chief Digital and Artificial Intelligence Officer, this broad, subjective standard of “necessary for national security” could become a common loophole, potentially undermining the bill’s entire purpose of preventing commercial gain from public data.

To keep tabs on this, the Chairman of the Joint Chiefs of Staff must send an annual report to Congress detailing the state of the AI market, barriers to entry, and, crucially, a list of every single exemption granted. This mandatory reporting is the public’s main tool for ensuring that the national security exception isn't abused to give large contractors an unfair advantage.