Who We ServeDefense Prime Contractors and Suppliers

Defense Prime Contractors and Suppliers

Defense prime contractors and the suppliers at every tier who sell into them. If you hold a DoW contract, bid on one, or supply components to someone who does, the regulations below apply to your supply chain and your compliance posture.

The Compliance Challenge

Screening named entities against a consolidated list is no longer enough. DoW contractors must now trace ownership structures, identify affiliates of restricted entities, and demonstrate continuous monitoring across sanctions, export controls, forced labor, biotechnology, and foreign ownership frameworks. The covered entity lists grow every year, and the penalties for missing a connection, whether deliberate or not, include contract disqualification, False Claims Act exposure, and lasting reputational damage. SolidIntel exists to close that gap.

Core Compliance Requirements

NDAA Section 889: Prohibited Telecommunications Equipment

Prohibits the use of telecommunications and video surveillance equipment from five Chinese companies (Huawei, ZTE, Hikvision, Dahua, and Hytera), or their subsidiaries and affiliates, in any federal contract or grant. All contractors must annually certify compliance. In effect since 2019 to 2020 and well-established, but the affiliate problem persists: a supplier not itself named may still be a covered entity through ownership. Part A flows down to subcontractors at every tier, meaning primes are responsible for ensuring compliance throughout their contractual arrangements, not just within their own operations.

NDAA Section 1260H: Chinese Military Companies

The DoW publishes an annually updated list of Chinese Military Companies, covering entities across AI, aerospace, biotechnology, and other sectors. As of January 2025, the list includes 134 entities, and it expands every year. Starting June 30, 2026, DoW may no longer directly procure from any listed entity or their affiliates. By June 30, 2027, the prohibition extends to indirect procurement, meaning contractors must scrub listed entities from their entire supply chains. The FY 2025 NDAA also introduced an ownership penetration clause: parent companies and subsidiaries of listed entities with 50% or more equity control can themselves be designated as Chinese Military Companies.

OFAC Sanctions: SDN List and Country Programs

The Office of Foreign Assets Control administers comprehensive sanctions against Cuba, Iran, North Korea, and Syria, and broad sectoral and targeted sanctions against Russia, Belarus, Venezuela, and others. The SDN List is updated multiple times per week. Any supplier, sub-tier vendor, or transaction counterparty that is a Specially Designated National or operates in a comprehensively sanctioned jurisdiction creates serious legal exposure. Russia-related programs have expanded dramatically since 2022 and continue to evolve. Point-in-time screening is not sufficient; continuous monitoring is required. FAR 52.225-13 requires primes to flow OFAC compliance obligations down to all subcontracts, making sanctions screening a supply chain responsibility at every tier.

ITAR: International Traffic in Arms Regulations

Any defense contractor working with items on the U.S. Munitions List must comply with ITAR, administered by the State Department's Directorate of Defense Trade Controls. This includes screening foreign nationals who access controlled technical data (deemed export compliance), vetting foreign partners and customers before technology transfers, and maintaining registration with DDTC. The USML was significantly revised in September 2025 and further revisions are planned for 2026 covering semiconductors, circuit boards, space systems, and the definition of defense services. Primes are responsible for ensuring that subcontractors receiving controlled technical data or defense articles are eligible to receive them, making sub-tier vetting an ITAR obligation, not just a best practice.

Commerce Control List

EAR: Export Administration Regulations

Items not on the USML but with dual-use potential fall under the EAR, administered by BIS. Defense contractors sourcing or exporting electronics, advanced materials, sensors, or software must classify items against the Commerce Control List and screen end users against the BIS Entity List, Military End User List, and Unverified List. The BIS Affiliates Rule, currently suspended through November 9, 2026, will dramatically expand screening obligations by treating unlisted subsidiaries of Entity List companies as restricted parties.

UFLPA: Uyghur Forced Labor Prevention Act

Establishes a rebuttable presumption that any goods produced wholly or in part in China's Xinjiang Uyghur Autonomous Region, or by entities on the UFLPA Entity List, are made with forced labor and are prohibited from U.S. import. The presumption extends to any product incorporating Xinjiang-origin inputs at any tier, not just goods produced in Xinjiang directly. CBP enforcement has expanded significantly, with automotive and aerospace components now among the highest-scrutiny categories. Detentions in these sectors rose over 1,500% between 2023 and 2024. A successful rebuttal requires clear and convincing evidence of clean sourcing, not just a supplier declaration.

DHS UFLPA FAQ

BIOSECURE Act (FY 2026 NDAA Section 851)

Enacted December 2025, the BIOSECURE Act prohibits federal agencies and contractors from procuring biotechnology equipment or services from designated biotechnology companies of concern. Covered entities include any company on the DoW 1260H list that is involved in biotech, as well as entities designated through a new OMB-led review process based on foreign adversary control, national security risk, and biotech involvement. OMB must publish its initial list within one year of enactment and the FAR must be updated within 180 days after that. Contractors with biotech-related supply chains should begin mapping 1260H exposure now, ahead of FAR implementation.

FOCI: Foreign Ownership, Control, or Influence

Any company holding or seeking a facility security clearance must demonstrate that foreign ownership, control, or influence does not compromise classified information. In May 2026, DoW proposed expanding FOCI review and mitigation requirements to unclassified contractors performing sensitive work, including manufacturing, engineering, IT, logistics, and supply chain functions. If finalized, this would subject an estimated 37,000 or more entities annually to FOCI submission requirements. FOCI analysis requires tracing ownership structures, investor relationships, and board-level influence across jurisdictions.

CFIUS: Committee on Foreign Investment in the United States

CFIUS reviews foreign investments in U.S. businesses to assess national security risk. The FY 2026 NDAA expanded CFIUS jurisdiction over foreign investments involving sensitive technology sectors and U.S. real estate near defense installations. For defense contractors, CFIUS is relevant in two directions: foreign investors acquiring an interest in your company may trigger mandatory filing obligations, and your own suppliers or partners may face CFIUS scrutiny that affects their ability to operate or transfer technology. The Trump administration has also advanced a fast-track process for allied-country investors while signaling tighter scrutiny of adversary-linked capital.

COINS Act: Outbound Investment Controls (FY 2026 NDAA)

The Comprehensive Outbound Investment National Security Act, included in the FY 2026 NDAA, represents Congress's most significant step toward codifying U.S. outbound investment controls. It restricts U.S. persons from investing in sensitive technology sectors (including semiconductors, AI, quantum computing, and hypersonics) in countries of concern (China, Russia, Iran, and North Korea). For defense contractors with venture arms, international joint ventures, or technology licensing arrangements, this creates new diligence obligations before transactions are executed. The Act is in place for seven years unless reauthorized.

Supply Chain Illumination Program (FY 2026 NDAA Section 833)

Major systems contractors are now required to submit supply chain information to DoW under the Supply Chain Illumination program established in the FY 2025 NDAA and expanded in FY 2026. In exchange for timely voluntary disclosure of noncompliant sources identified through supply chain illumination systems, DoW may issue national security waivers on an interim basis through January 1, 2028. The practical implication: contractors with robust supply chain visibility infrastructure are rewarded; those without it face both compliance exposure and loss of waiver eligibility.

Timeline

Upcoming Regulatory Changes and Deadlines

June 30, 2026

NDAA Section 851: Lobbying prohibition

DoW may not contract with any company (or its parent or subsidiary) that hires a lobbyist working for a 1260H-listed Chinese Military Company. Compliance requires vetting outside consultants, not just suppliers.

June 30, 2026

NDAA Section 1260H: Direct procurement ban

DoW may no longer directly procure goods, services, or technology from any 1260H-listed entity or their affiliates. Contractors selling to DoW must be clean at this date.

Nov 10, 2026

BIS Affiliates Rule reinstated

One-year suspension expires. Any entity 50% or more owned by an Entity List company is automatically subject to Entity List restrictions, whether or not individually named. Companies without ownership-tracing infrastructure face a compliance cliff.

Jan 1, 2027

DFARS 252.225-7052 Phase 2: Magnet traceability

Full mine-to-magnet supply chain traceability required for NdFeB magnets in DoW systems. Expands from current melting and production prohibition to the entire chain back to the mine.

June 30, 2027

NDAA Section 1260H: Indirect procurement ban

Prohibition extends to indirect procurement. Defense contractors must eliminate goods, services, and technology from 1260H-listed entities from their entire supply chains, not just direct purchases.

Oct 1, 2027

NDAA Section 154: Battery prohibition

DoW may not purchase batteries from six specific Chinese entities including CATL. Contractors supplying battery-containing systems must trace cell and BMS sourcing to confirm compliance.

Dec 23, 2027

NDAA Section 5949: Semiconductor prohibition

Proposed FAR rule prohibiting covered semiconductor products and services. Long qualification cycles mean supplier identification needs to start well before this date.

Within 1-2 years of enactment (Dec 2025)

BIOSECURE Act: FAR implementation

OMB must publish a list of biotechnology companies of concern within one year of enactment. FAR Council must then amend the FAR within 180 days. Contractors should begin mapping any biotech-related supply chain relationships to 1260H-listed entities now.

2026 (pending)

ITAR USML revisions: Semiconductors, space, defense services

DDTC has signaled three USML revisions for 2026: updates to space controls (Categories IV and XV), consolidation of semiconductor and circuit board controls (Category XI), and redefinition of defense services (Category IX). Companies in these sectors should monitor the Federal Register.

Ongoing

OFAC SDN List: Updated multiple times per week

Russia, Iran, China, and North Korea sanctions programs are dynamic. New designations can affect existing supplier relationships with no advance notice. Russia-related programs have expanded significantly since 2022. Point-in-time screening is not sufficient.

Our Solution

How SolidIntel Helps Defense Prime Contractors and Suppliers

Entity and Affiliate Network Mapping

Trace ownership structures through subsidiaries, joint ventures, and affiliates across 193 countries and in any language, surfacing connections that do not appear on named entity lists, including unlisted affiliates of SDN and Entity List companies.

Sanctions and SDN Screening

Screen suppliers, partners, and sub-tier entities against OFAC SDN, BIS Entity List, DDTC Debarred Parties, and 1260H Chinese Military Companies lists in a single workflow, with continuous monitoring for new designations.

UFLPA Supply Chain Traceability

Map upstream supplier relationships to identify Xinjiang-origin inputs at tier 2, 3, and beyond, where forced labor risk is most likely to be obscured. Produce documentation to support CBP rebuttal if goods are detained.

FOCI Screening Support

Map foreign ownership, investor relationships, and board-level influence for facility clearance reviews and FOCI determinations, including unclassified contractor reviews now proposed under DoW's expanded FOCI rule.

BIOSECURE Act Vetting

Identify whether biotech-related suppliers, sub-tier vendors, or research partners appear on the 1260H list or meet criteria for designation as biotechnology companies of concern before procurement decisions are made.

CFIUS and Investment Screening

Map foreign ownership and investor relationships relevant to CFIUS review, including identification of foreign adversary-linked investors, board-level influence, and beneficial ownership structures that may trigger mandatory filing obligations.

ITAR and EAR Entity Vetting

Identify whether counterparties, sub-tier suppliers, or technology recipients are debarred, restricted, or otherwise ineligible under ITAR or EAR before transactions or technology transfers occur.

Mandarin-Language Research

Chinese corporate registries, CCP-affiliated investor databases, and ownership disclosures unavailable in English-language sources are core to SolidIntel's research capability, essential for BIS Affiliates Rule, 1260H, and BIOSECURE Act compliance.

Automated Compliance Documentation

Generate timestamped, citation-backed risk reports in the format DoW reviewers and contracting officers expect, in minutes rather than analyst-weeks.

Continuous Monitoring

Supplier relationships that were clean at contract award may not remain clean. SolidIntel monitors your supplier base in real time and escalates new risk flags as the covered entity lists expand.

Ready to verify your supply chain?

Request a demo to see how SolidIntel handles compliance for Defense Prime Contractors and Suppliers.