Congress enacted the False Claims Act (FCA) in 1863 in response to procurement fraud committed against the Union Army during the Civil War. As Fred Albert Shannon’s history of the Union Army recounts:
For sugar, [the government] often got sand; for coffee, rye; for leather, something no better than brown paper; for sound horses and mules, spavined beasts and dying donkeys; and for serviceable muskets and pistols, the experimental failures of sanguine inventors, or the refuse of shops and foreign armories.
163 years later, the statute’s core framework remains intact, but the conduct it targets would be unrecognizable to its drafters.
The FCA has recovered more than $85 billion since the 1986 amendments. The qui tam mechanism, which allows private citizens to file FCA lawsuits on the government’s behalf and collect a share of the recovery, is one of the most effective fraud-detection tools in federal law. The FCA has evolved well beyond “dying donkeys” and now reaches myriad contract compliance obligations, including cybersecurity and labor law. None of what follows is an argument against the FCA or the qui tam provisions.
In January 2025, Executive Order 14173, “Ending Illegal Discrimination and Restoring Merit-Based Opportunity,” directed agencies to include contract and grant terms requiring counterparties to agree that compliance with federal anti-discrimination laws is material to payment decisions for FCA purposes and to certify that they do not operate programs violating those laws. Last month, the administration took an extra step by requiring a mandatory clause in federal contracts and “contract-like instruments,” positioning the FCA as the enforcement mechanism for determining, among other things, whether a contractor’s mentorship program constitutes disparate treatment under a contractual requirement with no established meaning.
What distinguishes this application is that the government has aimed the FCA at an underlying compliance obligation too vague to support the weight the statute places on it, extending the statute beyond its intended scope in ways that should concern anyone seeking to protect this important tool.
The Executive Order
On March 26, 2026, the President issued Executive Order 14398, “Addressing DEI Discrimination by Federal Contractors.” It directs executive branch agencies and independent establishments subject to the Federal Property and Administrative Services Act (FPASA) to include a mandatory clause in contracts and “contract-like instruments,” including subcontracts and lower-tier subcontracts, prohibiting “racially discriminatory DEI activities.” The order defines this as “disparate treatment based on race or ethnicity” across recruitment, hiring, promotions, vendor agreements, program participation, and resource allocation.
Much of the clause restates contractual compliance obligations that already exist. Contractors know that their own noncompliance with a contract clause can result in termination, suspension, or debarment, and that submitting claims while knowingly noncompliant with material contract requirements creates FCA exposure. Credible evidence of a violation could also trigger mandatory disclosure obligations.
On the subcontractor side, primes are already responsible for subcontractor performance and face potential FCA liability when they have knowledge of a subcontractor’s noncompliance. When a subcontractor’s conduct provides credible evidence of a covered violation, including a civil FCA violation, it can trigger the prime’s mandatory disclosure obligations under FAR 52.203-13. What is new is the clause’s reporting threshold for subcontractor conduct that is “known or reasonably knowable” and that “may violate” the clause. Although undefined in the EO, this language appears to set a lower threshold for reporting than the mandatory disclosure “credible evidence” standard. A provision this broad is likely to encourage primes to over-report, an issue that already exists under the mandatory disclosure rule.
What is also new, and particularly relevant to the FCA, is the clause requiring contractors to acknowledge that compliance is material to the government’s payment decisions, citing 31 U.S.C. § 3729(b)(4). This language attempts to effectively bypass one of the most contentious issues of modern-day FCA litigation by requiring contractors to acknowledge materiality at the time of contract award. In addition, the Attorney General is directed not only to consider FCA actions for violations but to expedite qui tam review, a directive that, if implemented, would dramatically accelerate DOJ’s current practice of extending seal periods well beyond the statutory 60-day window.
Anti-discrimination obligations have been part of federal contracts since Executive Order 11246 in 1965. They were historically enforced through the Office of Federal Contract Compliance Programs (OFCCP) administrative compliance regime, but the current administration has rescinded EO 11246 and directed the Department of Labor, including OFCCP, to “cease and desist all investigative and enforcement activity” under it. Noncompliance with anti-discrimination requirements has theoretically always posed an FCA risk, but no administration before this one has built an enforcement structure around that theory: mandatory FCA materiality language in contracts and certifications, creation of the Civil Rights Fraud Initiative, and express direction that DOJ consider FCA actions where contractors violate federal civil rights and anti-discrimination laws. These provisions clearly signal that the government expects compliance and will use every available tool to enforce it.
The Clause’s Falsity Problem
The FCA does not define one of its core elements: falsity. What is “false” depends on the facts of each case. Yet as an essential element of an FCA violation, the threshold question is always whether the claim is, in fact, false.
There are two types of falsity in FCA cases: factual and legal. Most people are familiar with factual falsity, such as delivering a product that doesn’t work or billing for services not performed. Legal falsity, in contrast, focuses on the compliance obligations imposed on a contractor by some ancillary statutory, regulatory, or contractual requirement. Legal falsity has expanded the FCA’s reach far past its original factual-falsity roots, and in many domains that expansion has been productive.
Congress revived the statute in 1986 for the same reason it was enacted in 1863: to address concrete, provable fraud against the government. Modern extensions follow the same principle. Cybersecurity requirements such as CMMC levels and NIST controls provide clear benchmarks. A false certification of compliance with those requirements is a provable misrepresentation. The same applies to federal labor law requirements under the Davis-Bacon Act. Prevailing wages are published, payroll records are auditable, and the certification either aligns with reality or it doesn’t. This is legal falsity working as intended because the underlying obligation provides a clear standard against which a representation can be judged true or false.
The DEI clause is fundamentally different. “Disparate treatment” is a well-established concept in employment discrimination law, but the clause applies it to categories of conduct where the falsity determination defies straightforward analysis. A mentoring program that recruits from underrepresented groups. Aspirational diversity goals without quotas. Employee resource groups organized around shared backgrounds or identities. Whether any of those constitutes disparate treatment is a genuine legal question, and reasonable compliance officers may answer differently.
Even DOJ has acknowledged the difficulty of drawing this line. In Fourth Circuit litigation over EO 14173, DOJ “represented at oral argument that there is ‘absolutely’ DEI activity that falls comfortably within the confines of the law.” At the February 2026 Qui Tam Conference, Brenna Jenny, Deputy Assistant Attorney General for DOJ’s Commercial Litigation Branch, stated that enforcement targets practices that resulted in discrimination, “not merely” DEI programs, and that “promoting diversity isn’t inherently unlawful, nor is it a protective talisman.” If the government’s own lawyers concede in federal court that lawful DEI exists, and its lead enforcement official distinguishes between lawful diversity efforts and actionable discrimination, the question of where that line falls for any given program is precisely the kind of interpretive dispute the FCA is poorly suited to resolve.
In United States ex rel. Lamers v. City of Green Bay, the court found that the FCA does not resolve differences in interpretation arising from a disputed legal question. In United States v. AseraCare, Inc., the court’s position was stronger: a reasonable disagreement about a judgment call, without other evidence of objective falsehood, is not sufficient to establish falsity. To be clear, other circuits have declined to adopt AseraCare’s objective falsity requirement. In United States ex rel. Druding v. Care Alternatives, the Third Circuit rejected a categorical rule that expert disagreement defeats falsity and held that the “objective falsity” framework improperly conflated falsity with scienter. This split, however, does not save the government here. Even circuits that reject AseraCare’s framework still require the government to prove the claim is false. When the underlying obligation is a novel contractual prohibition with no interpretive case law, no agency guidance, and no enforcement history, that proof problem persists regardless of which side of the split the court takes.
The problem is not that courts cannot interpret the clause. The problem is that the FCA attaches treble damages, per-claim penalties, qui tam bounties, and reputational damage to the resolution of that interpretive question. That is disproportionate when the underlying dispute is about the legal characterization of a business practice under a standard that has never been applied.
Even If It’s False, Is It Material?
Even if the government clears the falsity threshold, it still must demonstrate that the falsehood would be capable of influencing the payment decision. In Universal Health Services, Inc. v. United States ex rel. Escobar, Justice Thomas made clear that materiality is “rigorous” and “demanding,” designed to ensure that the FCA is not a “vehicle for punishing garden-variety breaches of contract or regulatory violations.” The opinion also establishes that the government’s own designation of a requirement as material is relevant but not dispositive. The DEI clause does exactly what Escobar warned against, with statutory precision: the contractor “recognizes” that compliance is material to payment decisions “for purposes of” § 3729(b)(4). No appellate court has yet considered whether this kind of contract drafting satisfies Escobar’s materiality standard.
In United States ex rel. Petratos v. Genentech, the Third Circuit affirmed dismissal where the relator (the whistleblower plaintiff in FCA cases) effectively conceded that CMS consistently reimbursed claims with full knowledge of purported noncompliance, holding that a condition-of-payment label alone does not establish materiality. Declaring a requirement material by contract is not the same as treating it as material in practice. In contrast, United States ex rel. Badr v. Triple Canopy, Inc., shows what a strong legal falsity case looks like. The Fourth Circuit found the Government properly pled materiality where the requirement went to the essence of the contracted service: marksmanship qualifications for base security guards. The court further noted that the contractor’s “elaborate cover-up suggested that the contractor realized the materiality of the marksmanship requirement.”
Absent overt disregard for the clause’s requirements, such as the compensation-tied-to-demographics and race-restricted program patterns DOJ has flagged, FCA cases alleging DEI violations are unlikely to demonstrate Triple Canopy-level clarity. They are more likely to involve disputed characterizations of HR programs and business practices, not falsified qualification records. The distance between Triple Canopy and a contested mentoring initiative is the distance between fraud and a contract dispute.
The government’s own conduct since January 2025 may further preclude a finding of materiality the first time this is tested. The administration has signaled this enforcement priority for over fourteen months, stood up the Civil Rights Fraud Initiative in May 2025, and DOJ has reportedly opened investigations into DEI practices at specific companies. But investigations are not the payment-behavior evidence Escobar treats as probative. There appears to be no publicly reported instance of an agency refusing to pay, withholding funds, or imposing a similar penalty for noncompliance with the DEI certification requirement. Implementation of the certification regime was complicated by litigation, which provides the government with a plausible explanation for the thin public record. It is possible that there have been no allegations of noncompliance for the government to respond to, but if there have been, that gap undercuts the government’s claim that these certifications carry demonstrated payment significance in practice.
The Clause Doesn’t Reach Innocent (Or Even Negligent) Interpretations
Another essential element of the FCA is its scienter requirement: proof of actual knowledge, deliberate ignorance, or reckless disregard of the truth or falsity of a claim. Given the clause’s objectively fuzzy requirements, United States ex rel. Schutte v. SuperValu Inc. is directly relevant. At issue in SuperValu was the then-popular FCA defense of objective reasonableness. If a defendant had an objectively reasonable interpretation of its legal requirements, it could defeat the knowledge element absent authoritative agency guidance that would have warned it away from the mistaken belief. SCOTUS rejected that defense, clarifying that what matters is the defendant’s belief at the time of submitting the claim, not whether a reasonable interpretation existed afterward. Documented good-faith legal review and genuine restructuring provide a substantial defense, especially if supported by agency guidance. The same indeterminacy that makes falsity difficult to prove makes scienter harder to establish. If reasonable compliance officers disagree about what the clause requires, the government will struggle to show that a contractor knowingly disregarded a standard that no one has been able to define.
The Law Is Irrelevant When the Threat Is Enough
The government will face significant doctrinal obstacles if it tries to bring a borderline case alleging a violation of the DEI clause. Yet those obstacles are irrelevant to a contractor’s decision on what to do next quarter. The government just announced another record-breaking year for qui tam filings, now approaching 1,300 per year. Competitors, professional relators, and any employee with access to HR records or training materials are potential whistleblowers. For a company facing a choice between investigation costs, treble damages, per-claim penalties north of $28,000, and debarment exposure on one side, and canceling programs or eliminating policies that could be characterized as “DEI” on the other, the calculus is straightforward. The rational contractor complies regardless of the merits.
The government bypassed proportional contract administration tools and stacked the most severe civil and administrative remedies against an obligation that reasonable lawyers cannot agree on how to apply. And the compliance pressure is self-reinforcing. Every agency that withholds payment or takes corrective action in response to alleged noncompliance contributes to an enforcement record that the government will use as evidence of materiality in future cases. And every contractor that restructures a DEI program validates the threat, giving the government evidence that the market itself treats the requirement as consequential. The government does not need to win in court today. It needs contractors to act as though it could.
Using the FCA this way carries costs beyond the immediate policy objective. It dilutes the statute’s deterrent effect against fraud and burdens the qui tam system with cases that belong in contract administration, not fraud litigation. Every borderline DEI case that consumes DOJ resources is one in which actual fraud may not get the attention it deserves.
The government has used false compliance certifications as the basis for FCA enforcement for decades. What this administration has introduced in the DEI orders is a more aggressive step: writing FCA materiality directly into the contract clause and directing the Attorney General to consider FCA actions. If this approach proves effective, future administrations are almost certain to use it for their own policy priorities.
Each time the government aims this framework at a standard too ambiguous to support it, it risks producing doctrine that reshapes FCA enforcement well beyond the immediate context. The risk is compounded here because the government has built an enforcement regime that incentivizes qui tam filings but cannot control which cases are filed. It has the authority to dismiss meritless qui tam actions, but the administration is unlikely to dismiss cases alleging the very conduct its own executive order targets. Bad facts make bad law, and the law they make applies to every FCA case that follows, not just DEI cases. But that is a problem for the courts. For contractors, the calculation is simpler. The government does not need to win these cases. It just needs contractors to believe it might.
“I don’t know if it’s murder, but it looks like an attempt to cripple Anthropic. And specifically, my concern is whether Anthropic is being punished for criticizing the government’s contracting position in the press.”
Those words, spoken by Judge Rita Lin at the March 24 hearing on Anthropic’s motion for a preliminary injunction against the Department of Defense and sixteen other federal agencies, address the question that government contractors and Silicon Valley have been asking for the past month.
In late February, the President directed every federal agency to stop using Anthropic’s AI technology. The Secretary of Defense also designated Anthropic a supply chain risk to national security under 10 U.S.C. § 3252 after the company refused to remove usage restrictions from its contracts with the Department. Anthropic filed suit in the Northern District of California alleging that the government’s actions were unlawful. It is separately challenging a covered procurement action under 41 U.S.C. § 4713, which is subject to exclusive review in the D.C. Circuit. I have discussed the underlying policy dispute, including the “all lawful use” directive and the structural gaps in AI procurement governance, in a prior Lawfare piece. Alan Rozenshtein’s Lawfare piece addresses the remedy question from a national security law perspective.
On March 26, Judge Lin granted Anthropic’s motion for a preliminary injunction, enjoining the president’s social media directive, the secretary’s social media directive, and the Section 3252 supply chain designation. The order is stayed for seven days. The final paragraph of the preliminary injunction order captures in three sentences what this piece explains at length:
This Order restores the status quo. It does not bar any Defendant from taking any lawful action that would have been available to it on February 27, 2026, prior to the issuances of the Presidential Directive and the Hegseth Directive and entry of the Supply Chain Designation. For example, this Order does not require the Department of War to use Anthropic’s products or services and does not prevent the Department of War from transitioning to other artificial intelligence providers, so long as those actions are consistent with applicable regulations, statutes, and constitutional provisions.
Everyone expects the government to appeal, so that is probably next. But the question I keep hearing is, what do the federal contracting rules require when the government decides it no longer wants to work with a contractor?
The procurement system provides detailed, well-established answers to that question, developed by policymakers over decades. Section 3252 required the Secretary to determine, in writing, that less intrusive measures were not reasonably available, and to tell Congress which alternatives were considered and why they were rejected. This piece describes some of those measures.
The Tools the Government Had But Didn’t Use
First, the government is not required to contract with Anthropic. Under Perkins v. Lukens Steel, the government enjoys broad discretion to determine with whom it will do business and on what terms. No one disputes that the Executive Branch can decide it no longer wants a particular vendor’s products or services, but it must do so consistent with the law. Beyond this, the federal contracting system offers a range of tools for ending a contractor relationship, and they escalate in severity. With respect to Anthropic, the government skipped to the most extreme one.
The options available to the government for severing ties with Anthropic depend on the type of contract involved. Based on the public record, Anthropic had FAR-based contracts, including a GSA “OneGov” agreement; deployments through third-party contractors, including Palantir’s Maven Smart System; and a prototype Other Transaction (OT) with the Chief Digital and Artificial Intelligence Office. The tools available to end each relationship differ accordingly.
We do not know the full picture, but the government had multiple defined processes available to end its relationship with Anthropic and begin removing it from federal systems.
Termination
Under Anthropic’s FAR-based agreements, the simplest way for the government to sever its relationship with the company is through a “termination for convenience“ (T4C). If the contract includes a termination for convenience clause, as most FAR-based contracts do, the contracting officer may terminate when doing so is in the government’s interest. The standard is broad, but not limitless, as a termination cannot be an act of bad faith or an abuse of discretion. The contractor is entitled to certain costs when the government exercises its T4C rights, so the parties negotiate a settlement; if they disagree, the disputes process outlined in FAR Part 33 is followed.
If the concept of “broad government termination rights” sounds vaguely familiar, it is because you may recall that in early 2025, the government, through DOGE, exercised its T4C authority on a sweeping and unprecedented basis, terminating thousands of contracts for convenience across the federal government. The tool is neither obscure nor untested, and the government has shown absolutely no hesitation in deploying it.
There is little doubt that the government could have demonstrated that terminating its agreements with Anthropic was in the government’s interest. The administration has articulated a policy rationale—it wants AI models free from vendor usage restrictions—and Anthropic declined to comply. Whether or not you agree with the policy, the threshold is not hard to meet. They’ve certainly done it for less.
With respect to Anthropic’s OT agreement with CDAO, the picture is less certain, as the public record does not disclose the specific terms. Unlike FAR-based contracts, OTs are flexible instruments, so the FAR-based termination process does not automatically apply. But OTs often include FAR-like termination provisions, so the government may well have had a contractual off-ramp for the direct relationship. Beyond the government’s options, Anthropic itself offered to facilitate a transition to another provider.
Termination addresses the government’s immediate concern: current operational reliance on a vendor it no longer trusts. The government had contractual tools to address that concern without invoking a supply chain exclusion determination. It did not use them.
Suspension and Debarment
Termination for convenience is common enough that the FAR has an entire disputes process built around it. What happened last year was jarring, but a T4C in this instance wouldn’t have surprised anyone. The next option on the less-intrusive-measures menu is a significant jump, more like moving from a speeding ticket to a life sentence. But even a life sentence has more process than what the government did here.
Discretionary suspension and debarment are the federal procurement system’s mechanisms for excluding “nonresponsible” contractors from doing business with the government. Regulated by FAR 9.4, both tools are triggered by evidence of serious misconduct or grossly incompetent performance, but they serve different functions. Suspension is immediate and temporary, designed to protect the government while an investigation or legal proceeding is underway. Debarment is longer-term, typically following a criminal conviction, a civil judgment, or a finding that the contractor’s conduct is serious enough to affect its present responsibility. This is the FAR’s nuclear option. And given its potential consequences (both direct and collateral) it’s no wonder we call it the corporate death penalty.
Before I continue, I want to stop and address something directly. I am not suggesting that the government should have pursued debarment. On these facts, I do not believe it would survive judicial scrutiny. At issue is a contractual dispute in which a vendor declined to accept the terms the government wanted. That is not the kind of triggering misconduct the system was designed to address. But if we are evaluating less intrusive measures, which Section 3252 requires the Secretary to consider, then understanding what even this most extreme tool requires is essential. Because it shows just how far the government departed from any recognized process.
Specifically, the debarment process itself recognizes how consequential it can be for a contractor. FAR 9.402(b) establishes the core principle: debarment and suspension may be imposed “only in the public interest for the Government’s protection and not for purposes of punishment.”
FAR 9.4 implements that principle through a framework that requires notice and an opportunity to respond, though the timing differs depending on the tool used. These determinations are made by a Suspension and Debarment Official (SDO), whose ultimate question is one of present responsibility: can this contractor be trusted to continue doing business with the federal government? In answering this question, the SDO will generally assess present responsibility in light of remedial measures, mitigating factors, and aggravating factors. Suspension and debarment generally preclude new prime contract awards and restrict certain future subcontracts, but they do not, by themselves, require the termination of existing agreements. FAR 9.405-1 expressly permits agencies to continue existing contracts and subcontracts unless the agency head directs otherwise.
The Subcontractor Problem and Section 3252
Anthropic’s technology reportedly runs through Palantir’s Maven Smart Systems in classified defense workflows. The government’s direct contractual relationship appears to be with Palantir, not Anthropic. That makes it harder to use ordinary tools for severing the relationship. Directing a prime to remove a deeply integrated supplier mid-performance is indirect and creates commercial and technical risk for the prime. Reuters has reported that removing Claude would require Palantir to replace the model and rebuild parts of its software. As discussed above, debarment would constrain certain future subcontracting, but it would not by itself compel a prime to unwind an existing relationship.
Section 3252 offers something different. Congress established the original authority in the FY 2011 NDAA to address supply-chain risks in sensitive defense information technology procurements, and the statute defines “supply chain risk” as the “risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert” a covered system. Applying it to a domestic AI company in a dispute over contract terms pushes the statute well beyond its ordinary adversary-focused framing. Yet the structural difficulty of reaching a deeply embedded supplier through ordinary channels may help explain why the government reached for it.
Among the covered procurement actions the statute authorizes is the decision to withhold consent for a subcontract with a particular source or to direct a contractor to exclude a particular source from consideration for a subcontract (as implemented by DFARS 239.73). That subcontract-specific authority is best read as prospective. It addresses future subcontracting decisions, not the unwinding of an already-performing subcontract. The government, therefore, could have used a narrower, forward-looking measure while existing arrangements transitioned off on a defined timeline.
Instead, according to the public record in the Anthropic litigation, it chose a much broader covered procurement action, and the record does not show that narrower alternatives were meaningfully considered. Indeed, Judge Lin noted that the congressional notices required by § 3252(b)(3)(B) did not contain the required discussion of less intrusive measures, and the government conceded that omission at oral argument.
An Unusual Course of Action . . . Even for Government Procurement
There is no public record of Section 3252 being used to designate a domestic company as a supply chain risk. No president has ever directed government-wide exclusion of a named contractor by social media post. The government designated Anthropic a supply chain risk to national security and then gave itself six months to keep using Anthropic’s products on classified systems.
According to Anthropic’s complaint and supporting declarations, the government at one point threatened to both invoke the Defense Production Act to compel Anthropic to provide its services and designate it a supply chain risk, thereby excluding it—contradictory remedies directed at the same company in the same dispute. And as I type this sentence, according to Anthropic’s court filings, the contractor the government branded a national security threat continues to maintain its Top Secret facility security clearance, issued by the same government that currently declares it a threat to the United States government.
On February 27, the President posted on social media directing every federal agency to “IMMEDIATELY CEASE all use of Anthropic’s technology.” The post characterized Anthropic as a “RADICAL LEFT, WOKE COMPANY” and threatened “major civil and criminal consequences,” without citing a single source of authority for this extraordinary action. Court filings show that Anthropic had contracts or usage with at least 16 federal agencies. Treasury Secretary Bessent posted on X that the department was “terminating all use of Anthropic products.” The Federal Housing Finance Agency and the General Services Administration (GSA) followed. One after another, all on social media, none citing any statutory authority.
Later that day, Secretary Hegseth posted on social media, directing the Department to “designate Anthropic a Supply-Chain Risk to National Security.” No statute was cited. The Secretary described Anthropic’s stance as “fundamentally incompatible with American principles,” criticized its “defective altruism” and “Silicon Valley ideology,” and declared: “This decision is final.” He also directed that “no contractor, supplier, or partner that does business with the United States military may conduct any commercial activity with Anthropic.”
On March 3, the joint recommendation and risk analysis materialized, along with the statutory bases, which had appeared in neither of the social media posts. The Secretary signed the Secretarial Determination the same day the recommendations were submitted. The government’s opposition brief characterizes the Secretary’s February 27 social media post as “the beginning” of the decision-making process and argues it was not final agency action.
So, let’s take them at their word. The Secretary publicly announced the outcome, directed subordinates to produce the justification, and the justification confirmed the predetermined conclusion four days later. The record went from initiation to final determination without the contractor ever having an opportunity to respond before the decision was made.
None of the Established Processes Were Used
The government did not terminate Anthropic’s contracts for convenience; it directed every federal agency to stop using Anthropic’s products via social media. It did not initiate suspension or debarment proceedings before an SDO; the decision was made by a political appointee who had already announced the result on social media before any internal process had commenced. At the March 24 hearing, the government’s theory narrowed to speculation that Anthropic might install a “kill switch” or manipulate its software during operations. Anthropic’s counsel denied that the company has any such capability once Claude is deployed, and the government’s lawyer could not confirm otherwise.
The Secretary’s post also directed that “no contractor, supplier, or partner that does business with the United States military may conduct any commercial activity with Anthropic,” a directive for which the government later conceded there was no statutory basis. At the March 24 hearing, the government’s lawyer further conceded that the statement had “absolutely no legal effect at all.” Judge Lin then pressed the government on what, if anything, prevents the Department from changing its position on how the sentence would operate.
The Exclusion Without a Name
Courts have long recognized that a government agency’s conduct can effectively result in a government-wide exclusion without formal debarment proceedings ever being initiated. In Old Dominion Dairy Products, Inc. v. Secretary of Defense, the D.C. Circuit emphasized the severe economic and reputational consequences of effectively excluding a contractor from further government work, including the loss of contracts that would otherwise have been awarded and the effective destruction of the business.
De facto debarment is notoriously difficult to prove. As Dominique Casimir and Alexandra Barbee-Garrett explain in their piece, The Government’s Just Not That Into You—Is it De Facto Contractor Debarment?, the contractor typically faces “an uphill battle,” where their proposals “simply lose out quietly to those of its competitors, again and again, making it difficult to discern that a de facto debarment is occurring.” Courts generally require either an agency statement that it will not award future contracts or agency conduct demonstrating the same.
That’s what makes this case so remarkable. De facto debarment cases usually require painstaking reconstruction of a pattern of informal agency conduct, such as repeated nonresponsibility findings, back-channel communications between acquisition professionals, or unexplained refusals to award. This one came with a press release. And the President later stated: “I fired [them] like dogs.”
The kinds of economic and reputational harm Old Dominion described were already underway before any statutory process had begun.
What Kind of Business Partner Does the Government Want to Be?
If the government can brand a contractor a national security threat for refusing to accept contract terms, every federal contract negotiation becomes existential. At the March 24 hearing, Judge Lin pressed the government on precisely this point, asking whether an IT vendor can be designated a supply chain risk because it “is stubborn and insists on certain terms and it asks annoying questions.” She called that “a pretty low bar.”
The deterrent effect extends beyond Anthropic. It reaches every contractor that might push back on terms it considers unworkable, unsafe, or commercially unreasonable. The procurement system depends on good-faith negotiation between the government and its contractors. Contractors must be able to say no without the government branding them a national security threat—not for protection, but as punishment for driving a hard bargain.
I have been writing, teaching, and advising on suspension and debarment for nearly two decades. I know what it looks like when the government excludes a contractor. I know what it looks like when the government abuses the process. And I know what it looks like when the government skips the process entirely.
The corporate death penalty has rules. What happened here followed none of them.
This page presents an overview of what I have termed the “Federal Procurement Anti-Corruption Ecosystem” — a layered framework of laws, rules, and normative expectations that shape anti-corruption, integrity, and compliance in U.S. federal procurement. It is the foundation of my Anti-Corruption & Compliance course, which I teach at GW Law School. It is intended as a practical resource for students, practitioners, and policymakers.
Overview
The U.S. federal procurement system is mature, complex, and governed by myriad statutory and regulatory requirements. To ensure that U.S. taxpayer dollars are appropriately safeguarded, the Federal Acquisition Regulation (FAR) – the primary regulation applicable to federal executive branch agencies in their acquisition of goods and services – makes clear that the government procurement process demands the highest commitment to ethical and unbiased conduct (FAR 3.101–1).
To maintain integrity in this regime, entities that do business with the government are subject to a patchwork of requirements, restrictions, and compliance obligations. This framework, which I term the “U.S. Government Procurement Anti-Corruption Ecosystem,” is designed to prevent, detect, and mitigate corruption risks to the fullest extent possible.
The system recognizes corruption risk as a persistent feature of large spending programs and addresses this risk through oversight and enforcement mechanisms tailored to different categories of misconduct: criminal prosecution for intentional fraud, civil penalties for recklessness, and administrative remedies for noncompliance
The policies and requirements derive from a diverse composite of criminal and civil laws found in various titles of the United States Code and the Code of Federal Regulations. Moreover, many of the policies that underpin these statutory and regulatory requirements are buttressed by provisions in the FAR that either reiterate the policies or impose additional compliance obligations. This framework relies on multiple overlapping institutions—an intentional redundancy designed to avoid a single point of failure.
Transparency
In the United States, most aspects of the procurement process are transparent and readily accessible by the public. For example, the government procurement rules, located in the FAR, are available online at Acquisition.gov to anyone with internet access. Similarly, contract opportunities, requirements, evaluation criteria, and awards can be found in a single online portal – SAM.gov.
Procurement spending data may be tracked online via a user-friendly website: USASpending.gov. This data can also be found in the Federal Procurement Data System (FPDS). The U.S. government also shares information about contractor misconduct by publishing information related to certain criminal and civil proceedings, administrative agreements, and contractor exclusions (debarment or suspension) at SAM.gov.
Oversight
Transparency also bolsters another key component of the U.S. Government Procurement Anti-Corruption Ecosystem: oversight. In addition to traditional sources of accountability, such as the free press and civil society, the United States has developed a variety of sophisticated government oversight tools designed to identify and expose corruption, fraud, waste, and noncompliance.
Two of those tools are audits and investigations, conducted primarily through agency inspectors general (IGs). IGs are “independent and objective units within each agency whose duty it is to combat waste, fraud, and abuse in the programs and operations of that agency.” IGs fulfill this duty by “conducting audits and investigations relating to the programs and operations of its agency” and by actively referring matters, when warranted, to the U.S. Department of Justice for potential prosecution and agency Suspension and Debarment Officials for possible exclusion from the federal procurement system.
In addition to the agency IGs who oversee procurements by their respective agencies, in certain circumstances, additional oversight is warranted. For example, given the hundreds of billions of dollars spent by the U.S. Department of Defense (DoD) on an annual basis, the Defense Contract Audit Agency (DCAA) provides audit and financial advisory services to the DoD and other federal entities responsible for acquisition and contract administration. This is in addition to the general oversight provided by the DoD’s Office of Inspector General, and the various criminal investigative services located throughout DoD (i.e., Naval Criminal Investigative Service (NCIS), Air Force Office of Special Investigations (AFOSI), U.S. Army Criminal Investigation Division (CID), etc.).
Moreover, the U.S. Congress will periodically establish “special” IGs to oversee programs that involve significant government spending. For example, in an effort to oversee billions of dollars spent on reconstruction in Iraq and Afghanistan, Congress established Special Inspectors General for Iraq Reconstruction (SIGIR) and Afghanistan Reconstruction (SIGAR). Similarly, in response to the COVID-19 pandemic, Congress created the Pandemic Response Accountability Committee (PRAC) to oversee and combat fraud, waste, abuse, and mismanagement of pandemic-related programs and funding.
The U.S. legislative branch provides additional oversight of the U.S. procurement process, generally through relevant committee investigations and hearings, as well as its independent audit agency – the Government Accountability Office (GAO). The GAO is an independent, nonpartisan agency that works for Congress by conducting audits and producing reports on government operations – including government procurement programs and policies. The agency also houses one of the three fora designated to hear bid challenges – a critical government procurement oversight mechanism. The “bid protest” system residing in the GAO is a sophisticated and mature forum that enables contractors to challenge the terms of a solicitation or award of a federal contract. U.S. contractors are also empowered to file challenges at the U.S. Court of Federal Claims (COFC) and at the individual executive branch agency level.
Ethics Restrictions
U.S. government service demands that federal employees, including Special Government Employees, place loyalty to the Constitution, the law, and ethical principles above private gain. This “principle” is applicable to federal executive branch employees, including government acquisition professionals, who are also held to additional ethical standards due to their unique positions of trust.
U.S. government officials are subject to a lengthy list of ethics and integrity restrictions governing their federal work, including including, but not limited to, prohibitions against financial conflicts of interest, prohibitions on the use of nonpublic information in financial transactions, requirements to act impartially in the discharge of duties, and affirmative obligations to disclose waste, fraud, abuse, and corruption to appropriate authorities (5 C.F.R. § 2365.101(b)).
The ethics rules also prohibit federal employees from misusing their position and government resources (5 C.F.R. § 2365.701 to -.705). This category of restrictions is designed to ensure employees do not use their official positions, including information learned by virtue of the government position, for personal benefit or the benefit of others.
These ethics rules are designed to ensure that employees do not, for example, exploit the access they have due to their government position to obtain special treatment for themselves, friends, or family. Similarly, they require government employees to conserve and protect government property and prohibit its use for anything other than its authorized purpose. In addition, they require “official time” at work to be used for the performance of official duties –not for personal activities. There are also strict limitations on federal employees’ outside activities – particularly when those activities may conflict with the employees’ government duties (5 C.F.R. § 2365.801 to -.809, 2023). There are numerous other ethics “restrictions” applicable to federal public service, which help to promote integrity in the procurement process (5 C.F.R. §2365).
In addition to some of the more common ethics restrictions detailed here, there are also some limits on the political activities of federal employees “to ensure that federal programs are administered in a nonpartisan fashion, to protect federal employees from political coercion in the workplace, and to ensure that federal employees are advanced based on merit and not based on political affiliation.” The Hatch Act generally prohibits federal employees from engaging in partisan political activity while on duty, in a federal facility, or using federal property. The extent of the restrictions depends on the type of position the employee holds (i.e., employees in “law enforcement” positions are subject to greater limitations on their political activities). The Office of Special Counsel protects whistleblowers, enforces prohibited personnel practice laws, and administers the Hatch Act, contributing to accountability and integrity in the federal system.
To ensure federal employees understand their ethical obligations, agencies have designated ethics officials who are tasked with, among other things, implementing the agency ethics program, collecting and reviewing financial disclosure reports, and providing ongoing training and advice to agency employees. The Office of Government Ethics sets executive branch ethics standards and oversees agency ethics programs to prevent conflicts of interest and promote integrity among federal officials.
Although the United States has a fairly sophisticated ethics regime, the system is not without its flaws. The system famously excludes the president and vice president of the United States from much of its coverage. It also suffers from weak enforcement mechanisms, rendering the system vulnerable to abuse and neglect. Although there have been attempts to address relatively modest “technical” issues in the system, very little has been done to repair some of the system’s more significant weaknesses
Conflicts of Interest
Competition is a primary goal of the U.S. procurement system. To help preserve and promote competition, the United States has enacted laws designed to mitigate conflicts of interest. The laws relating to conflicts of interest are both criminal and administrative and are designed to ensure government officials and contractors do not taint procurements with unfair competitive advantages and favoritism toward particular vendors. Federal conflict-of-interest laws fall into two distinct categories: personal conflicts of interest (PCIs) and organizational conflicts of interest (OCIs).
Personal Conflicts of Interest
U.S. law attempts to prevent, mitigate, and punish PCIs criminally and administratively. The centerpiece PCI law is found at 18 U.S.C.§ 208 (acts affecting a personal financial interest) – a criminal law. The law prohibits government employees from having personal financial conflicts of interest with their official work. Specifically, the law prohibits federal officials from participating personally and substantially in a particular matter that would have a direct and predictable effect on the financial interests of the official or the official’s (1) spouse or minor child; (2) general partner; (3) organization in which the official serves as an officer, director, trustee, general partner or employee; or (4) persons with whom the official is seeking or has an arrangement for future employment.
To mitigate potential PCIs, government officials may recuse themselves from the conflicting matter, seek a waiver, or divest the financial interest. The failure to do so could result in a criminal prosecution, civil penalties, and up to five years imprisonment (18 U.S.C. § 216).
In addition to criminal prohibitions against PCIs, the FAR also contains a specific prohibition designed to prevent PCIs involving contractor employees performing “acquisition functions” (FAR 3.11). This particular provision was created in response to the increased outsourcing of work traditionally performed by government officials. It addresses concerns that when the U.S. government retains contractors to perform acquisition functions (e.g., planning acquisitions, developing statements of work, evaluating contract proposals, developing evaluation criteria, awarding or administering contracts), there is a greater risk that a conflict between a contractor employee’s personal financial interests and the government work it is performing could result in favoritism or bias, ultimately undermining competition.
The PCIs addressed by 18 U.S.C. § 208 and FAR 3.11 cover a fairly narrow category of conflicts. To address additional scenarios, not covered by these laws, that may still result in favoritism and bias, 5 C.F.R. § 2635.502 requires executive branch officials to maintain impartiality and integrity in the performance of their duties. It mandates that officials recuse themselves from matters that may cause a reasonable person, with knowledge of the relevant facts, to question the government employee’s impartiality. This “impartiality rule” is designed to avoid the appearance of favoritism in government decision-making. “It requires employees to consider these appearance concerns before participating in a particular matter if someone close to that employee is involved as a party to that matter.”
Organizational Conflicts of Interest
In recent decades, there has been an increase in organizational conflicts of interest caused by contractors’ competing business interests. This development is the result of consolidation in the information technology and defense industries, as well as the government’s increased reliance on contractors to provide services traditionally performed by public servants.
The FAR defines an OCI as occurring when, “because of other activities or relationships with other persons, a person is unable or potentially unable to render impartial assistance or advice to the government, or the person’s objectivity in performing the contract work is or might otherwise be impaired, or a person has an unfair competitive advantage” (FAR 2.101). The term “person” includes companies and other contracting entities. The current framework for analyzing whether an OCI exists derives primarily from FAR Subpart 9.5 and decisional precedent from the GAO and the U.S. COFC.
OCIs are generally separated into three categories:
Impaired objectivity – may arise where a contractor’s outside business relationships create an economic incentive to provide biased advice under a government contract;
Biased ground rules – may occur when, as part of its work under one procurement, the contractor has helped set the procurement’s ground rules, such as writing the statement of work or developing specifications, for another procurement; and
Unequal access to information – may occur when a contractor obtains access to nonpublic information as part of its contract performance which gives it an advantage in a later competition for a government contract.
FAR 9.504 requires a contracting officer (CO) to “identify and evaluate potential organizational conflicts of interest as early in the acquisition process as possible; and avoid, neutralize, or mitigate significant potential conflicts before contract award.” To fulfill this obligation, COs depend on contractors to disclose, among other things, “any facts that may cause a reasonably prudent perso to question the Contractor’s impartiality because of the appearance or existence of bias” (FAR 9.504). Agencies generally demand this information through solicitation provisions or contract clauses that clearly articulate the government’s expectations with regard to the disclosure of facts and circumstances that would give rise to an actual or potential OCI.
The law relating to OCIs is currently in flux, as the FAR Council published a new proposed OCI rule in January that will completely overhaul how the federal government handles these potential conflicts. It’s fate is uncertain in light of the Revolutionary FAR Overhaul, which did not integrate any of the proposed rule’s changes into its text.
One of the biggest scandals in U.S. government procurement history occurred in 1988, when an investigation revealed that DoD employees had accepted bribes from contractors in exchange for confidential procurement information that helped the contractors secure new contract awards. Known as “Operation Ill Wind,” the scandal ultimately resulted in the prosecution of more than 60 contractors, consultants, and government officials and a recovery of more than $622 million in fines, restitution, and forfeitures (Federal Bureau of Investigation, no date). In response to the scandal, Congress moved quickly by enacting the Procurement Integrity Act (PIA) (41 U.S.C. §§ 2101–07; FAR 3.104).
The PIA attempts to promote competition in two ways: by prohibiting the disclosure and receipt of confidential procurement information and by placing restrictions on post-government employment. With respect to the protection of confidential procurement information, the PIA prohibits the disclosure and receipt of nonpublic contractor bid or proposal information or source selection information before the award of a related federal agency procurement contract. This provision recognizes that the disclosure or receipt of such information could provide a prospective bidder or offeror with an unfair competitive advantage.
The PIA’s post-employment restrictions impose reporting and disqualification requirements on government acquisition officials engaging in employment discussions and negotiations. Its “compensation ban” prohibits government officials who are involved in certain procurement functions from accepting compensation from covered contractors for one year after performing those functions. The PIA’s provisions are construed quite broadly, imposing restrictions that may not be obvious to covered individuals. For example, a requirement to recuse from participation in a procurement can be triggered even if the employee is not engaged in formal employment discussions. Mere contact with a bidder or offeror about possible employment may necessitate that the employee affirmatively reject the possibility of employment or be disqualified from further personal and substantial participation in the relevant procurement.
The post-employment restrictions found in the PIA are buttressed by criminal “revolving door” restrictions found at 18 U.S.C. § 207, which imposes limits on the type of work former federal employees may perform for their new employers for specific periods of time. The restrictions range from a single year to lifetime bans and may include limitations on the employee’s ability to appear before or communicate with their former agency. The statutory requirements are often bolstered by Executive Orders, which provide additional “revolving door” restrictions.
Post-employment issues often arise in the context of bid protests, where disappointed bidders or offerors allege that their competitor has an “unfair competitive advantage” stemming from their hiring of a former Government employee.
Encouraging Disclosures of Fraud, Waste, and Corruption
Corruption is notoriously difficult to detect given that most corrupt transactions or agreements are executed covertly with the proverbial wink and a nod. To help root out and mitigate these illegal activities, the U.S. government has aggressively embraced a disclosure model. Whether by incentivizing voluntary disclosures, threatening debarment for failure to comply with mandatory disclosure obligations, or mandating government employee disclosures, disclosures have become a centerpiece of the U.S. government’s efforts to combat corruption.
Mandatory Disclosures
FAR 52.203–13 imposes a mandatory disclosure obligation on government contractors if they hold a contract expected to exceed $6 million with a performance period of 120 days or more (FAR 3.1004). FAR 52.203–13 requires contractors to make their disclosure in writing to the relevant agency Office of the Inspector General (OIG) and send a copy to the CO. The disclosure must contain information about certain violations of the law that a contractor’s principal, employee, agent, or subcontractor has committed in connection with the award, performance, or closeout of its government contract or any subcontract thereunder. The conduct that triggers disclosure includes:
A violation of Federal criminal law involving fraud, conflict of interest, bribery, or gratuity violations found in Title 18 of the United States Code
A violation of the civil False Claims Act
A significant overpayment.
Voluntary Disclosures
Even where the mandatory disclosure obligation is not applicable, the U.S. government has spent the last several decades encouraging companies to voluntarily disclose misconduct to the government. In an effort to incentivize disclosure, the government has detailed the type of “credit” companies will receive for their disclosures and cooperation.
The DOJ Criminal Division’s “Corporate Enforcement and Voluntary Self-Disclosure Policy” outlines the incentives available to corporations that discover and disclose potential criminal violations to the Justice Department (DOJ Justice Manual, 9–47.12). In short, the policy states that if a company voluntarily self-discloses, fully cooperates, and timely and appropriately remediates the violation, there is a presumption that the DOJ will decline to take enforcement action against the company absent certain “aggravating circumstances involving the seriousness of the offense or the nature of the offender” (DOJ Justice Manual, 9–47.12). Even if a company does not meet the strict criteria necessary for a declination, the policy offers a sliding scale of benefits (e.g., discounts from the U.S. Sentencing Guidelines fine range) to companies depending on the extent of their cooperation, seriousness of the misconduct, and the timing of their disclosure.
Government Employee Disclosures
The U.S. government emphasizes the important role government employees play in detecting and reporting misconduct – particularly in the procurement system. For example, the Standards of Ethical Conduct applicable to executive branch government employees require the disclosure of “waste, fraud, abuse, and corruption to appropriate authorities.” The FAR also imposes more targeted obligations on acquisition professionals. For example, FAR 3.104 requires government employees to report possible violations of the Procurement Integrity Act. FAR 3.302 requires employees to report suspected gratuities given to an officer, official, or employee of the government in an effort to obtain a contract or favorable treatment under a contract to the Contracting Offier or other designated official. Similarly, FAR 3.303 requires agencies to report suspected collusion to the DOJ Antitrust Division. There are numerous other examples of reporting obligations scattered throughout the FAR, emphasizing the importance the government places on these disclosures
Whistleblowing Protections & Rewards
The U.S. government recognizes that individuals who disclose wrongdoing often face backlash from their employers and colleagues. In an effort to incentivize whistleblowing and protect individuals who bring wrongdoing to light, the United States has enacted an extensive system of whistleblower rewards and protections.
Government Whistleblower Protections
The Whistleblower Protection Act protects “any disclosure of information” by federal government employees that they “reasonably believe . . . evidences an activity constituting a violation of law, rules, or regulations, or mismanagement, gross waste of funds, abuse of authority or a substantial and specific danger to public health and safety” (National Whistleblower Center). It prohibits retaliation in response to such disclosures, such as terminations, disciplinary or corrective action, transfers, details or reassignments, poor evaluations, or pay cuts.
Notably, the Whistleblower Protection Act does not protect disclosures that reflect only a disagreement with policy, information required to be kept secret by Executive Orders in the interest of the national defense or conduct of foreign affairs, or if disclosure is prohibited by law (5 U.S.C. § 2302(b)). Most federal employees are covered by this law, though it specifically exempts whistleblowers from the intelligence community and the FBI from its coverage.
Employees who work in a classified environment are covered by separate whistleblower protection statutes (e.g., intelligence community employees are covered by the Intelligence Community Whistleblower Protection Act of 1998, the Intelligence Authorization Act for Fiscal Year 2014, and Presidential Directive 19). Depending on the employee’s position, there may be limits relating to whom they may disclose the information. In general, civilian employees may disclose information to anyone, including nongovernmental audiences, unless the information is classified or specifically prohibited by law from release. If the information is classified or specifically prohibited by law from release, it may only be shared with the relevant agency OIG, the Office of Special Counsel, or a designated agency official.
Contractor Whistleblower Protections
Recognizing that government contractor employees play an important role in ensuring that federal funds are utilized honestly, efficiently, and with accountability, Congress enacted additional statutory protections for employees of contractors from retaliation (41 U.S.C. § 4712; 10 U.S.C. § 4701). Employees of a contractor, subcontractor, grantee, or subgrantee or personal services contractor are protected against retaliation (including discharge, demotion, or discrimination) for disclosing information about:
Violations of law, rule, or regulation related to a federal contract (including the competition for or negotiation of a contract) or grant
Gross mismanagement of a federal contract or grant
Gross waste of federal funds
Abuse of authority relating to a federal contract or grant
Substantial and specific danger to public health or safety.
The disclosure must be made to an authorized individual or entity:
A Member of Congress or a representative of a committee of Congress
An Inspector General
The Government Accountability Office
A federal employee responsible for contract or grant oversight or management at the relevant agency
An authorized official of the Department of Justice or other law enforcement agency
A court or grand jury
A management official or other employee of the contractor, subcontractor, or grantee who has the responsibility to investigate, discover, or address misconduct (41 U.S.C. § 4712).
Disclosures to an individual or entity not included in this list are not protected.
Whistleblower Rewards
To further incentivize individuals to disclose wrongdoing and compensate them for the potential loss of income, many whistleblower programs in the United States also offer financial rewards. Studies have shown that whistleblower reward programs increase the likelihood that individuals will come forward and expose wrongdoing.
The most prominent whistleblower rewards statute in the United States is the False Claims Act, which is used to combat procurement fraud. If a case is successful, whistleblowers receive a 15–30 percent share of the recoveries. The United States has numerous other successful whistleblower reward programs, including several new programs that have been created in the past few years:
Federal integrity failures operate on a spectrum, and federal law addresses them through distinct legal regimes that turn on different scienter requirements and decision-making forums, ranging from criminal prosecution to civil and administrative remedies. Public labeling, particularly by government officials, should use labels that track those legal distinctions, because terminology can shape the enforcement pathway, the consequences that follow, and the resulting public impression.
Criminal Fraud
Criminal fraud and false-statement offenses are punitive and require proof beyond a reasonable doubt that the defendant acted with a culpable mental state, not merely that information was inaccurate. Core federal fraud statutes, including mail fraud, wire fraud, and major fraud against the United States (18 U.S.C. §§ 1341, 1343, 1031), generally require proof of an intent to defraud. In government contracting matters, prosecutors also frequently rely on related Title 18 offenses, including knowingly presenting a false, fictitious, or fraudulent claim (18 U.S.C. § 287), making a materially false statement knowingly and willfully (18 U.S.C. § 1001), and conspiracy to commit an offense or to impair lawful government functions through deceit (18 U.S.C. § 371). Consistent with that emphasis on intent and willfulness, the Government Accountability Office describes fraud as obtaining a thing of value through willful misrepresentation and emphasizes that whether conduct constitutes “fraud” is ultimately determined through the judicial or other adjudicative process. These offenses are typically felonies punishable by significant fines and imprisonment.
Civil False Claims Act
Civil False Claims Act liability targets fraud against the government through a lower scienter threshold and civil remedies. Enacted in 1863 in response to allegations of fraud against the Union Army during the U.S. Civil War, the FCA is a statute that has become one of the world’s most consequential anti-fraud enforcement tools. The FCA imposes liability when a person acts “knowingly,” a standard that includes actual knowledge, deliberate ignorance, and reckless disregard, and does not require proof of specific intent to defraud. The statute creates civil liability for, among other things, knowingly presenting (or causing to be presented) a false claim for payment, knowingly making or using a false record or statement material to a false claim, conspiring to violate the Act, and knowingly concealing or improperly avoiding an obligation to pay the government (31 U.S.C. §§ 3729–3733). The FCA is not intended to cover honest mistakes or incorrect claims submitted through mere negligence. A defendant found liable faces treble damages plus substantial per-claim civil penalties.
The FCA is also strengthened by a distinctive whistleblower mechanism. Its qui tam provisions allow private citizens (relators) to file suit on the government’s behalf and receive a share of the recovery, typically 15–25 percent if the government intervenes and 25–30 percent if it declines. By deputizing private enforcement in this way, the FCA has become an exceptionally powerful tool, with annual recoveries often exceeding one billion dollars.
Administrative False Claims Act
Administrative remedies address smaller-dollar false-claim and false-statement matters through agency adjudication rather than federal court litigation. Formerly known as the Program Fraud Civil Remedies Act (PFCRA) and now known as the Administrative False Claims Act (or “baby False Claims Act”), this regime authorizes agencies to pursue certain matters through administrative proceedings, generally limited to claims not exceeding $1,000,000 (inflation-adjusted), with judicial review and judicial enforcement in federal court. It is designed, in part, to provide agencies a pathway when the Department of Justice elects not to pursue FCA remedies. The National Defense Authorization Act for FY25 included enhancements intended to encourage agencies to use this tool more frequently.
Corruption
The U.S. federal government has several laws designed to deter and punish illegal bribes and gratuities. These laws are designed to ensure that government officials do not accept anything of value in exchange for influencing a government official’s judgment or an official act, including the award of a government contract. Notably, the laws are defined broadly to encompass both large (i.e., wire transfers of large sums of money, bags full of cash) and small (i.e., gifts and hospitality) schemes. “Anything viewed as valuable by the public official, whether tangible or intangible, could potentially trigger liability if viewed as an attempt to improperly influence a government official to obtain a contract or favorable treatment” (Tillipman, 2014).
Domestic Corruption
The “centerpiece” of federal public corruption law, 18 U.S.C. § 201, prohibits two offenses: bribery and gratuities. Applicable to the demand and supply side of the illegal transaction, the statute punishes “both sides of a corrupt transaction.”
FAR 3.101–2 reinforces the prohibition against gratuities in the procurement context by prohibiting government employees from soliciting or accepting, directly or indirectly, any gratuity, gift, favor, entertainment, loan, or anything of monetary value from anyone who (a) has or is seeking to obtain government business with the employee’s agency, (b) conducts activities that are regulated by the employee’s agency, or (c) has interests that may be substantially affected by the performance or nonperformance of the employee’s official duties.
In addition to the bribery and illegal gratuities statute located at 18 U.S.C.§ 201, the federal government has many other statutes that it can use to prosecute public corruption (or what Professor Randall Eliason refers to as “bribery by another name”). Statutes such as Honest Services Fraud (18 U.S.C. § 1346.), the Hobbs Act (18 U.S.C. § 1951), and federal pro- grams bribery (18 U.S.C. § 666) similarly punish corrupt activities, though their application differs depending on the facts of a particular matter. For example, because 18 U.S.C. § 201 is limited to federal public officials, Honest Services Fraud and the Hobbs Act are often used in the prosecution of state corruption cases.
In addition to bribes, the U.S. federal government also prohibits “kickbacks” via the Anti- Kickback Act of 1986 (41 U.S.C. Chapter 87). The statute prohibits “subcontractors from making payments and contractors from accepting payments for the purpose of improperly obtaining or rewarding favorable treatment in connection with a prime contract or a subcontract relating to a prime contract” (FAR 3.502–2). “Kickbacks” are defined broadly to include “any money, fee, commission, credit, gift, gratuity, thing of value, or compensation of any kind” (FAR 3.502–1). Contractors are also prohibited from directly or indirectly including “the amount of any kickback in the contract price charged by a subcontractor to a prime contractor or a higher tier subcontractor or in the contract price charged by a prime contractor to the United States” (FAR 3.50–2).
Foreign Corruption
U.S. law also prohibits the bribery of foreign public officials through the Foreign Corrupt Practices Act (FCPA). The FCPA makes it illegal to corruptly offer or provide money or anything else of value to officials of foreign governments, foreign political parties, or public international organizations with the intent to obtain or retain business (15 U.S.C. §§ 78dd-1, et seq.). The law also requires issuers – companies whose securities are listed in the United States – to maintain accurate books and records and strong internal controls. Known globally for its broad application and robust enforcement, the FCPA has transformed the global anti-corruption compliance landscape and helped bolster anti-corruption enforcement efforts around the world. Although violations of this law do not directly impact the U.S. procurement system, companies that do business with the U.S. government should be aware of the FCPA’s prohibitions and government compliance expectations given the potential consequences for violations of the law, such as debarment.
Collusion
Enacted in 1890, the Sherman Act prohibits any agreement among competitors to fix prices, rig bids, or engage in other anti-competitive activity (5 U.S.C.§1). The Sherman Act covers a variety of anti-competitive schemes, which are prosecuted by the DOJ Antitrust Division, including (but not limited to):
Price Fixing: An agreement among competitors to restrict price competition, such as raising, fixing, or maintaining the price at which their goods or services are sold.
Bid Rigging: An agreement among some or all the bidders which predetermines the winning bidder and limits or eliminates competition among co-conspirators.
Market Allocation: Competitors agree to divide markets among themselves, including cus- tomer segments, geographic segments or product categories
Given that procurement systems are uniquely vulnerable to collusive misconduct, the DOJ launched the Procurement Collusion Strike Force (PCSF) in 2019 to combat antitrust crimes and related government procurement schemes at the federal, state, and local levels. The PCSF aims to deter and detect collusive behavior, enhance coordination and capacity among law enforcement partners, and educate key stakeholders to raise awareness of anti-competitive conspiracies and their consequences
Pre-Qualification & Exclusion
Pre-Qualification (Responsibility Determination)
In the United States, COs are required to determine whether a contractor is “responsible” prior to the award of the contract (FAR 9.103). Determination of contractor qualification requires consideration of whether the firm: (1) can be expected to complete the contract work on time and in a satisfactory manner; (2) is organized in such a way that doing business with it will promote various social and economic goals; and (3) satisfies other special standards of eligibility imposed by statutes and regulations.
Prospective contractors must be able to demonstrate the following to be determined respon- sible: (1) adequate financial resources to perform the contract; (2) the ability to comply with the delivery or performance schedule; (3) a satisfactory performance record; (4) a satisfactory record of integrity and business ethics; (5) the necessary organization, controls, skills, and experience; (6) the necessary equipment and facilities; and (7) be otherwise qualified and eligible to receive an award (FAR 9.104–1).
Exclusion (Suspension & Debarment)
The United States has a mature debarment regime, designed to protect the U.S. government from contractors that are corrupt, incompetent, or otherwise non-responsible. FAR 9.4 provides the framework for discretionary suspension and debarment in the U.S. procurement system and is grounded in the concept of “protection” rather than “punishment.”
As noted in FAR 9.402: “The serious nature of debarment and suspension requires that these sanctions be imposed only in the public interest for the Government’s protection and not for the purposes of punishment.” The punishment/protection distinction is one of the most frequently misunderstood aspects of the U.S. debarment regime – often leading to confusion and misunderstanding about how or why certain exclusion decisions are made when a contractor’s misconduct is discovered. The confusion likely stems from the mistaken belief that debarment is an extension of the government’s criminal justice system, designed to punish bad actors. Although this is certainly the case in some countries, in the United States, debarment is a “business decision,” intended to protect taxpayer dollars, not punish misconduct.
Suspension & Debarment Officials (SDOs) may be found in most federal executive branch agencies, with some agencies having more than one (e.g., Department of Defense and the Department of Homeland Security). Although they are required to comply with the policies and procedures detailed in FAR 9.4, agencies are responsible for establishing their own methods and procedures for coordinating suspension and debarment actions, which has led to some severe inconsistencies in agencies’ approaches to debarment. Because two or more agencies may have an interest in a particular contractor’s exclusion, the Interagency Suspension and Debarment Committee (ISDC) can coordinate suspension or debarment proceedings among interested agencies (known as the “lead agency” process).
SDOs are tasked with determining whether a contractor that has engaged in misconduct is presently responsible and, therefore, still eligible to receive government contracts. To determine a contractor’s present responsibility, SDOs must employ a two-step analysis. First, SDOs must determine whether, pursuant to FAR 9.4, there is cause for suspension or debarment, which generally includes fraud, crimes, very poor performance, violation of certain contract terms or laws, a knowing failure to disclose evidence of fraud or corruption, or “any other cause so serious or compelling a nature that it affects the present responsibility of the contrac- tor or subcontractor.”
If an SDO establishes there is cause, they must then determine whether exclusion is still necessary to protect the government’s interest. In making this assessment, an SDO will consider a multitude of “mitigating factors” to determine whether the contractor poses a threat to the government’s interests, including cooperation, disciplinary action against responsible employees, compliance enhancements, and other remedial measures.
Contractor Compliance
Over the last several decades, there has been an emerging global consensus on the importance of corporate ethics and compliance programs to help companies prevent, detect, and mitigate mis- conduct. The consensus has derived from increased global efforts to combat corruption. Since the late 1990s, dozens of countries have made multilateral commitments to combat corruption and enacted anti-corruption legislation to fight bribery and foster a new era of corporate compliance. Driven primarily by U.S. anti-corruption enforcement efforts, many large multinational companies have responded by investing heavily in sophisticated compliance programs and robust internal controls. As anti-corruption enforcement efforts and compliance expectations have grown, government anti-bribery enforcement agencies, nongovernmental organizations, and civil society organizations have begun publishing compliance guidance to assist companies with the design and implementation of internal ethics and compliance programs.
Notably, the development of rigorous internal compliance programs has been particularly pronounced in the defense industry, especially among large U.S. government contractors. This is because, similar to other heavily regulated industries, government contractors face increased enforcement risks. Since 2008, all U.S. government contractors have been legally required to have a written code of business ethics and conduct and to make a copy of the code available to each employee engaged in the performance of the contracts (FAR 52.203–13). The rule also requires contractors to exercise due diligence to prevent and detect criminal conduct and promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.
Companies seeking guidance regarding compliance best practices can access a wealth of information on the internet. The Defense Industry Initiative and International Forum on Business Ethical Conduct have developed compliance “toolkits” and regularly host ethics and compliance events for contractors. In addition, governments, NGOs, and public organizations have also published guidance to assist companies seeking information about compliance best practices. The DOJ’s “Evaluation of Corporate Compliance Programs” document is also a critical resource for contractors and compliance professionals.
If citing this resource, please use the following citation:
It Depends on the Acquisition Pathway, the Contract Type, and the Contract Terms.
The Anthropic-Pentagon dispute has drawn significant public attention and an equally large amount of misinformation. After Defense Secretary Pete Hegseth gave Anthropic an ultimatum to allow unrestricted use of its AI models “for all lawful purposes” and the company refused, President Trump directed federal agencies to stop using Anthropic’s products, and Hegseth designated the firm a “supply chain risk.”
Hours later, OpenAI announced its own Pentagon deal, claiming it included the same two restrictions Anthropic had been fighting for (no mass domestic surveillance, no fully autonomous weapons) while simultaneously agreeing to the “any lawful use” standard Anthropic rejected.
The public reaction has been chaotic, but most of the commentary, from both sides, reflects a fundamental misunderstanding of how the government buys AI. Commentators are debating whether AI companies should be able to restrict the government’s use of their technology, as if this were a novel question. It is not. Contractors restrict the government’s use of their products all the time. Whether and to what extent they can do so in any particular case depends on three things: the acquisition pathway, the contract type, and the negotiated contract terms.
Understanding these variables is essential to evaluating what happened with Anthropic, what OpenAI’s deal accomplishes, and what any of this means for the future of AI in the defense space.
How the Government Buys AI and Why It Matters
The federal government does not acquire AI through a single, uniform process. It uses multiple acquisition pathways, each of which creates a different allocation of rights and leverage between the government and the contractor. As I have detailed in my article, Buying Blind: Corruption Risk and the Erosion of Oversight in Federal AI Procurement, understanding these pathways is essential to understanding the governance risks that follow from each. Below, I list the most common pathways (there are others, but I won’t attempt to catalog them here).
Commercial Acquisition (FAR Part 12)
The most common pathway for federal AI procurement treats these systems as ordinary commercial software. Federal Acquisition Regulation (FAR) Part 12 is designed for the government to acquire goods and services already sold in the commercial marketplace, on commercial terms. The regulation explicitly limits the government’s ability to impose requirements beyond what is customary in the marketplace. Contractors selling commercial AI products are not required to grant the government broader usage rights than those granted to other customers. The government can request expanded rights, but contractors must agree, and this often requires additional consideration.
This means that when the government buys AI commercially, the vendor’s standard terms and conditions, including its acceptable use policies, are the default starting point. Restrictions on use are not some exotic demand by activist AI companies. This is the consequence of the government buying commercial products on commercial terms.
License Upgrades and Enterprise Agreements
Many agencies acquire AI capabilities not through standalone procurements but as add-on features to existing enterprise software agreements, such as Microsoft Copilot or Google Gemini. Because these AI capabilities are offered as upgrades to existing licenses, they fall under the terms of the base agreement. Renegotiating AI-specific terms means renegotiating the entire enterprise deal, which means commercial defaults typically prevail.
GSA Multiple Award Schedule
When agencies order through the GSA Schedule, they inherit whatever terms GSA negotiated at the master agreement level. Downstream ordering agencies have limited authority to modify those baseline terms. If the master agreement includes the vendor’s acceptable use policy, individual agencies generally cannot override those restrictions.
Negotiated Procurements (FAR Part 15)
FAR Part 15 gives agencies the broadest latitude to negotiate tailored terms, including provisions regarding usage rights, data rights, transparency, and governance. But this pathway comes with high procedural costs and longer timelines. In practice, agencies often avoid Part 15 for fast-moving AI purchases because it is slower and more process-heavy, and DoD leadership has emphasized commercial-first, rapid pathways.
Other Transactions (OTs)
OTs are non-FAR-based agreements used for research, prototyping, and certain production activities. They offer substantially more flexibility than FAR-based contracts. In 2025, the DoD used this pathway to award agreements valued at up to $200 million each to Anthropic, OpenAI, Google, and xAI. OTs are exempt from FAR requirements, so the terms are whatever the parties negotiate. An agency can use this flexibility to secure broad usage rights. A contractor can use it to embed restrictions. Either way, the terms are a product of negotiation, not a regulatory default.
What This Means in Practice
Each of these pathways produces a different set of contractual rights and obligations. The idea that a contractor categorically cannot restrict government use of its products, or that doing so is somehow illegitimate, reflects a fundamental misunderstanding of how government procurement law works. The scope of restrictions is determined by the specific acquisition pathway and what the parties negotiate. None of this is novel or controversial. It is basic procurement law.
What Does “Any Lawful Use” Mean?
This brings us to the central confusion in the public debate: what does the “any lawful use” standard actually do?
The Department of War may use the AI System for all lawful purposes, consistent with applicable law, operational requirements, and well-established safety and oversight protocols.
The contract addresses autonomous weapons, surveillance, and domestic law enforcement. In the provisions OpenAI has published, the operative language is largely framed by reference to existing legal authorities, including DoD Directive 3000.09, the Fourth Amendment, the Foreign Intelligence Surveillance Act, Executive Order 12333, and the Posse Comitatus Act. The system “shall not be used for unconstrained monitoring of U.S. persons’ private information as consistent with these authorities.” Domestic law enforcement use is permitted only “as permitted by the Posse Comitatus Act and other applicable law.”
Read on its face, the published excerpt does not give OpenAI an Anthropic-style, free-standing right to prohibit otherwise-lawful government use. The operative standard is “all lawful purposes,” conditioned on applicable law and related government requirements and protocols.
That does not mean the language is meaningless. There is an important distinction between the scope of a restriction and its enforceability. Restating legal requirements in a contract may not change what the law requires, but it can change remedies if the government’s use violates a contractual commitment. OpenAI generally would not be a proper plaintiff to assert Fourth Amendment rights on behalf of third parties, but it could frame noncompliance as a breach of its own agreement, and OpenAI states it could terminate the contract if the government violates its terms.
Contrast this with what Anthropic sought: explicit exceptions to “lawful use” that would have barred certain uses even if the government viewed them as lawful. Anthropic describes the impasse as turning on two requested exceptions: mass domestic surveillance of Americans and fully autonomous weapons. From the government’s perspective, that approach would effectively place a private contractor in the position of deciding which otherwise lawful uses were off-limits.
The Safety Stack: Where Real Leverage May Exist
The contract language is not the entire story. In a detailed blog post accompanying its announcement, OpenAI described a multi-layered enforcement approach that goes beyond the four corners of the agreement. This is where the analysis gets considerably more interesting from a procurement law perspective.
OpenAI claims three additional sources of leverage:
Cloud-only deployment with architectural control. OpenAI states that this is a cloud-only deployment—models are not provided on edge devices (where they could be used for autonomous lethal weapons). OpenAI retains what it describes as “full discretion” over its safety stack, including the ability to run and update classifiers that monitor use. The company says this deployment architecture enables it to “independently verify” that its red lines are not crossed.
Cleared OpenAI personnel in the loop. The company states that its own security-cleared employees will be involved in the deployment, and that its safety and alignment researchers will “be in the loop and help improve systems over time.”
Termination rights. OpenAI states that, as with any contract, it could terminate the agreement if the government violates the terms (though the scope of any termination right depends on the specific agreement, including notice, cure, and dispute resolution provisions that have not been disclosed).
Additionally, OpenAI makes a notable claim about the temporal scope of the contract’s legal references. According to the company, the contract “explicitly references the surveillance and autonomous weapons laws and policies as they exist today, so that even if those laws or policies change in the future, use of our systems must still remain aligned with the current standards reflected in the agreement.” If the full contract language supports this claim, it would constitute a genuine contractual restriction that goes beyond restating current law. Even if Congress amended FISA or DoD revised Directive 3000.09 to permit broader use, the contract could still bind the government to earlier standards.
The published excerpt offers limited support for that reading. The DoDD 3000.09 reference is versioned (“dtd 25 January 2023”), suggesting the contract is keyed to a specific iteration of that directive, though it is not conclusive without seeing the incorporation language. Whether the agreement “locks in” today’s standards, therefore, depends on contract language OpenAI has not published. For example, whether it incorporates these authorities “as in effect on” a particular date, or instead tracks them as amended over time.
These claims deserve careful scrutiny because they reveal something important about where the real contractual leverage lies in AI procurement, and it may not be where most people expect.
If OpenAI retains full discretion over its safety stack and deploys only on its own cloud infrastructure, the practical constraints on government use are architectural, not merely contractual. The government can use the system for “any lawful purpose,” but only to the extent OpenAI’s classifiers and safety systems permit. If a classifier blocks a particular use, the question is whether the government has a contractual right to demand its removal. OpenAI asserts that it retains “full discretion” over those systems.
This creates tension at the heart of the agreement. The contract permits use “for all lawful purposes,” subject to “operational requirements” and “well-established safety and oversight protocols.” OpenAI says it retains full discretion over the safety stack it runs in a cloud-only deployment. If the safety stack blocks a lawful use, which provision controls? The answer depends on the specific contract language governing the relationship between the permissive use standard and the deployment framework—language that has not been made public.
It is also worth noting the irony. The Pentagon’s objection to Anthropic was, at its core, that a private company should not be able to constrain the military’s use of AI technology. Yet the OpenAI arrangement appears to give the company significant operational control over how the technology functions in practice through infrastructure, personnel, and classifiers that OpenAI can update unilaterally. Whether this amounts to the kind of constraint the Pentagon sought to avoid with Anthropic depends entirely on the terms governing OpenAI’s discretion and whether the government retains any contractual right to override the safety stack for lawful uses.
Why the Acquisition Pathway Matters for What Comes Next
The public debate has focused almost entirely on whether AI companies should have the right to impose ethical restrictions on the military. That is a legitimate policy question. But it is the wrong frame for understanding what happened here, and it obscures the procurement realities that will shape AI governance going forward.
As I argue inBuying Blind, the government is acquiring AI technologies through pathways that systematically limit its ability to negotiate protective terms, not just protections for the company, but protections for the government itself. The same commercial acquisition methods that make it difficult for companies like Anthropic to enforce use restrictions also make it difficult for the government to secure adequate transparency requirements, audit rights, data protections, and safeguards against contractor lock-in. The emphasis on speed and commercial terms is a double-edged sword: it limits both parties’ ability to impose terms that deviate from commercial defaults.
The Anthropic dispute has focused attention on one direction of this dynamic: companies restricting the government. But the more consequential governance failure runs in the opposite direction: the government’s inability to secure the protections it needs when buying AI through commercial pathways that were not designed for technologies this complex and this consequential.
The government’s punitive response to Anthropic compounds this problem. If the consequence of negotiating aggressively with the government is being designated a supply chain risk—a mechanism more commonly associated with foreign adversary threats—companies have strong incentives to simply accept whatever terms the government demands. OpenAI itself said it does not believe the supply chain risk designation should have been applied to Anthropic. That may lead to faster procurement, but it will yield worse governance outcomes. Companies that are afraid to negotiate are companies that will not push back when the government’s proposed terms are inadequate for either party.
The question the public debate should be asking is not whether AI companies have the right to tell the Pentagon what to do. They do (within the limits of the contract they negotiate), depending on the acquisition pathway, contract type, and the terms the parties agree to. The question is whether the government’s current approach to AI procurement produces contracts that adequately protect the public interest. Based on the evidence, the answer is no. The Anthropic-Pentagon dispute, for all the attention it has received, is a symptom of that deeper problem, not its cause.
Whenever I speak to groups about AI procurement, I always start by asking: “Who here has heard of the AI tech stack?” Maybe one person raises their hand. On rare occasions, a handful of people do.
It’s understandable. GenAI adoption is relatively new, and most people don’t see beyond their preferred AI chat interface. Yet globally, particularly in the United States, governments are rushing to buy and deploy AI systems before stakeholders understand what they’re buying. This is what my new article calls “buying blind.”
Scope note: This blog post focuses on machine learning and generative AI systems (such as ChatGPT, Claude, and other large language models)—systems that rely on foundation models, training data, and the layered infrastructure described by the wedding cake framework.
Here’s what I’ve learned from teaching procurement law over the past 20 years: when dealing with complex subjects, analogies help new learners bridge the gap between the abstract and the concrete. That’s why I use a wedding cake to explain the AI tech stack in my article “Buying Blind: Corruption Risk and the Erosion of Oversight in Federal AI Procurement.” The cake’s tiers, stand, and frosting reflect the AI supply chain’s complex ecosystem.Each tier represents a layer of the AI supply chain and a category of procurement risk that most current federal contracts don’t consistently address.
What the Wedding Cake Layers Represent
The wedding cake isn’t a technical diagram—it’s a risk identification tool designed for procurement professionals, not technologists. I made specific choices (like combining foundation models with customization layers to illustrate conflicts of interest) that emphasize where corruption risks emerge rather than technical precision. Each “layer” represents categories of procurement risk that current contracts don’t consistently account for. If you only ever see the button you push—which is increasingly common in the federal space, where most AI applications are licensed as a service—you’re missing the risks that originate in the lower tiers and cascade upward through the entire system.
Cake Stand: Infrastructure
This is the foundation supporting the entire cake: semiconductors, AI chips, and cloud platforms for data storage and processing. Extreme market concentration begins here— NVIDIA dominates the advanced AI chip market, TSMC leads production of the most advanced semiconductors, and three providers (Amazon, Microsoft, Google) collectively account for a majority of the global cloud market. The risk: Agencies believe they’re contracting with one vendor without understanding the concentrated infrastructure dependencies underneath, creating lock-in and jurisdictional exposure they never evaluated.
Tier 1: Foundation Model & Customization
This is the AI model itself (trained on massive datasets), which can be customized for government use through fine-tuning, prompt engineering, and retrieval systems. I grouped these layers to illustrate potential conflicts of interest. For example, when contractors customize models using their own methodologies and terminology, then compete for contracts evaluated by tools built on those customizations. The risk: Agencies inherit biased training data or embedded conflicts of interest they cannot see downstream, because they have only licensed an AI application and have limited visibility into the AI supply chain.
Tier 2: Applications & Integration
These user-facing tools, such as contract clause review applications, anomaly detectors, solicitation drafting tools, and document analyzers, connect humans to AI models. Acquisition professionals see only the polished interface and seamless functionality during demos, while embedded dependencies, third-party components, and subcontractor relationships remain invisible. The risk: lock-in through technical integration, vendor control of competitively sensitive information, and security breaches from undisclosed supply chain entities, all of which current contractual practices do not adequately capture.
Tier 3: Human Oversight & Accountability
The essential review step in which government employees verify, question, and, if necessary, override AI outputs before they influence decisions. Instead, agency decision-making becomes prone to automation bias and rubber-stamping, particularly in agencies that lack formal requirements for documented human judgment. The risk: AI influences procurement decisions without meaningful human oversight. When challenged, agencies cannot prove that a qualified person reviewed the AI’s reasoning rather than simply adopting its output without meaningful scrutiny.
Frosting: Governance & Security
The laws, contract terms, policies, and safeguards that should wrap around the entire stack—defining permissible use, verification rights, testing requirements, and cybersecurity controls. What exists instead: “regulation by contract,” which expects individual contracting officers to negotiate adequate protections without standardized requirements, binding rules, or the workforce capacity to implement them consistently. The risk: Vulnerabilities at any layer cascade through the system because the governance wrapper protecting integrity was applied inconsistently, inadequately, or not at all.
Why This Matters Today: The AI Literacy Crisis
The wedding cake framework reveals hidden risks. But understanding what to look for doesn’t help if agencies lack the capacity to act.
GAO has repeatedly flagged workforce capability and implementation challenges that affect AI acquisition and oversight.Acquisition professionals can’t ask the right questions if they don’t understand the complex ecosystem that supports their tool. Current administration policies—the Plan and recent DOD AI strategy—place heavy emphasis on accelerating AI adoption and reducing barriers, which can compress the time for diligence if agencies do not deliberately account for it during the procurement process. Agencies face pressure to adopt AI rapidly, further compressing the already insufficient time available to build the necessary understanding.
The combination is dangerous: accelerated acquisition + literacy gaps + inadequate oversight = the “buying blind” crisis I document in my article.
Why the Wedding Cake Helps Government Procurement Stakeholders
For acquisition professionals: The framework prompts concrete questions before you award contracts. What’s in the training data, and how do we verify vendor claims about testing and data governance? Who are all the vendors in the supply chain? Given market concentration, what are our realistic alternatives if this relationship fails? Where is our data stored? What happens when this contract ends?
Without a visual model of what lies beneath the surface, these questions never get asked. The wedding cake makes these layers visible enough for acquisition professionals to begin asking the questions necessary to protect agencies’ interests and ensure mission success.
For government contracts attorneys: The layers reveal gaps in risk allocation. Traditional terms address surface-level functionality, but many risks reside in layers the solicitation never mentions: training data bias, supply chain security, infrastructure dependencies, and lock-in through market concentration. When disputes arise, contractual language may be found inadequate because it addresses only the top tier of the cake. Is the failure in the training data, the foundation model, the supply chain, or the infrastructure? Contracts that address only “the button” can’t resolve disputes about underlying components.
The coming wave of litigation—over biased outputs, supply chain failures, and security breaches—will require tracing problems through a complex ecosystem that current contracts don’t map.
AI Procurement by Tier: Sample Questions & Contractual Terms
For each layer of the AI stack, this table identifies baseline questions and contract terms. These are starting points, not exhaustive checklists. Every procurement requires additional diligence tailored to your use case, data sensitivity, and regulatory environment. Because leverage varies by jurisdiction and buying pathway, some protections may be more difficult to negotiate, particularly in commercial SaaS acquisitions. I map these buying pathways and governance constraints in Buying Blind. Future posts will explore additional protections and diligence strategies in depth.
Important: If you are an acquisition professional, you must consult with legal counsel, technical experts, and security teams to develop comprehensive evaluation criteria for your acquisition. This is not legal advice and does not substitute for consultation with qualified counsel.
Wedding-cake layer
Sample Questions to Ask
Sample Contractual Terms
Cake Stand: Infrastructure
Where is data stored/processed (jurisdiction), and what security environment are we using? What happens during an outage or incident?
Data residency/processing locations; baseline security controls; continuity and disaster recovery; incident notice and cooperation
Tier 1: Foundation model + customization
Which model/provider/version? Who controls updates? What independent testing exists for bias and performance? Who performed customization and what relationships do they have to potential competitors?
Version/change control; vendor assurance package; testing/validation rights; limits on agency data use for training; disclosure of customization entities and relationships to potential offerors
Tier 2: Applications + integration
What dependencies are embedded (APIs, third-party components, subcontractors)? What data is collected and retained during use, including procurement-sensitive information? Does any supply-chain entity also compete for contracts that this tool might support? What data is collected/retained (including logs), and who can access it?
Supply-chain disclosure and change control; integration documentation; data minimization and retention limits; exportability/interoperability; procurement-sensitive handling restrictions; organizational conflict of interest disclosure and mitigation plans; log retention/export
Tier 3: Human oversight + accountability
Who reviews outputs and with what override authority? What documentation proves meaningful review? Which uses are authorized vs prohibited in the acquisition lifecycle (drafting, market research, evaluation support)?
Required human review where appropriate; audit logs; defined accountability; training and escalation paths; prohibited uses where appropriate
Frosting: Governance + security
What independent verification backs vendor claims (attestations, audits, testing)? What safeguards wrap the full stack? What records/logs exist to support oversight and challenges?
Standard assurance terms; audit/testing rights (risk-based); security requirements; ongoing security reporting; organizational conflict of interest disclosure and mitigation; log retention + production support
Market structure (all layers)
Who controls choke points (cloud, model access, specialized compute)? What is the real switching cost, including data egress and usage fees?
Modularity; termination and transition assistance; avoidance of exclusivity; pricing protections beyond promotional periods; egress fee disclosure/limits
Testing (all layers)
How do we validate performance and security at each layer, not just the front-end interface? Who conducts testing (agency, vendor, independent third parties), including after updates?
Acceptance criteria; evaluation plan and cadence; remedies for failures; test access (including post-update regression where appropriate)
Exit/transition (all layers)
How do we extract our data and the materials needed to migrate (prompts, retrieval index, customizations)? Is switching realistic given concentration? What artifacts must be exportable/reusable?
Data export formats/timelines; transition services; post-termination deletion certification; portability commitments for data and configurations; reuse rights for deliverables created under this contract
The United States is accelerating toward a corruption crisis of its own making. In its race to rapidly acquire artificial intelligence (AI), current policy risks undermining longstanding procurement integrity safeguards.
In my new article, “Buying Blind: Corruption Risk and the Erosion of Oversight in Federal AI Procurement“ (forthcoming, Public Contract Law Journal, Vol. 55, No. 2 (Winter 2026)), I argue that AI does not merely amplify familiar corruption risks; it also creates new integrity vulnerabilities that existing oversight mechanisms are not calibrated to address.
WHY THIS MATTERS NOW
How the government acquires AI today determines the integrity vulnerabilities it will inherit tomorrow. Missing audit rights, weak testing requirements, and opaque supply chains are acquisition-phase choices that become significant corruption risks as AI expands across the federal procurement system.
Recent federal AI policy has accelerated adoption while narrowing regulatory oversight, leaving “regulation by contract” as the de facto governance model—even as agencies sign deals without adequate protections against corruption and integrity risks that will be exponentially harder to reverse once procurement dependencies harden.
The article challenges a dangerous assumption driving current federal AI policy: that governance impedes innovation. The evidence demonstrates the opposite. Governance encourages competition by preventing contractor lock-in. It safeguards innovation by promoting fair processes resistant to manipulation. And it enables sustainable AI adoption by building the institutional trust necessary for continued technological deployment. When oversight is treated as secondary to innovation, the procurement system itself becomes the risk.
What This Article Does
The article serves dual purposes:
For scholars and policymakers, it establishes analytical foundations for understanding how AI introduces novel corruption vulnerabilities that existing frameworks inadequately address.
For acquisition professionals and agency counsel navigating AI procurement today, it offers practical risk-mitigation strategies implemented within existing authorities.
Foundations
Introduces the U.S. Government Procurement Anti-Corruption Ecosystem and its core pillars.
Surveys the evolving statutory, regulatory, and sub-regulatory landscape governing federal AI acquisition.
Provides a “wedding cake” schematic of the AI technology stack, intentionally simplified to help acquisition professionals, counsel, and policymakers identify corruption and procurement integrity risks across the AI supply chain.
This wedding cake serves as a conceptual visualization of the AI tech stack
How Agencies Buy AI
Maps federal AI acquisition pathways and explains how the selected method shapes the government’s ability to secure enforceable governance terms.
Examines recent consolidation efforts, including GSA’s OneGov “AI deals” that offer leading AI platforms at promotional prices, raising significant buy-in and vendor capture concerns.
The Risk Landscape
Procurement Corruption Risks
Organizational conflicts of interest (including novel “foundation model conflicts” arising from AI supply chain complexity)
Fraud and AI-enabled deception (document fabrication, deepfakes, algorithmic concealment)
Supply chain manipulation (data poisoning, evasion attacks, and prompt injection) that can distort competition, evaluation, and contract performance
Systemic Procurement Integrity Risks
Vendor lock-in and switching costs
Promotional pricing strategies that front-load adoption and back-load recoupment
Automation bias compounded by workforce capacity gaps
Opacity and limited auditability
Technical failures (incumbency bias, hallucinations) that become exploitable in evaluation, protest defense, and post-award oversight
Each category is analyzed using acquisition fact patterns and practical hypotheticals to show how these risks materialize throughout the acquisition lifecycle.
Acquisition Gaps Become Operational Risks
Identifies the specific acquisition terms that determine deployment risk: audit rights, testing and evaluation requirements, documentation and disclosure obligations, data and model access, and remedies for nonconformance.
Explains how acquisition-phase gaps materialize at deployment once AI is embedded in procurement processes through automation bias, diminished human review mandates and capacity, opaque model updates, and degraded traceability for accountability and investigations.
What Agencies Can Do Now
Provides a prioritized safeguards menu that agencies can implement now under existing authority, distinguishing baseline protections from heightened requirements for high-risk use cases:
Applying existing OCI mitigation frameworks to AI supply chains.
Combating AI-generated fraud through detection infrastructure, enhanced disclosure requirements, and due process protections.
Negotiating anti-lock-in protections: portability, egress fee caps, and data control provisions.
Proposing enhanced transparency mechanisms, including an AI-BOM (AI Bill of Materials) disclosure model with tiered obligations, so documentation and verification requirements scale with risk.
Implementing red-teaming and system integrity testing proportionate to risk.
Developing an AI-literate acquisition workforce through intentional capacity-building initiatives.
Establishing AI Integrity Advocates modeled on the Competition Advocate structure, while leveraging existing technology-focused oversight infrastructure.
I shared this resource back in February, but with fraud and government spending dominating the headlines, now seems like a good time to revisit it. No better way to launch the “Commentary” section of my new website.
Fraud is just one piece of the federal government’s complex anti-corruption ecosystem. This resource page walks through the framework: transparency, oversight, ethics restrictions, conflicts of interest, disclosure requirements, whistleblower protections, corruption and collusion statutes, suspension and debarment, and contractor compliance.
If you prefer to jump straight to the fraud content, this section places the term in context.
And for anyone interested in spending New Year’s Eve reading about fraud allegations directed toward a different government program, here is my recent testimony for the Senate Committee on Small Business & Entrepreneurship’s hearing: “Running Government Like a Small Business: Cut Waste, Crush Fraud.”
To the GW Law students enrolled in my“Anti-Corruption & Compliance” class this spring, get ready. It is going to be an interesting semester.
