CLE Takeaways: 2026 Compliance, Risk, and Opportunity Trends for Government Contractors and Subcontractors

For government contractors and subcontractors, particularly those in the defense sector, 2026 is shaping up to be a pivotal year. Legal developments, policy shifts, and regulatory announcements over the last year are presenting new compliance requirements, acquisition reform strategies, and risk management priorities if companies want to stay competitive and avoid costly disputes.

Jerzy Piatkowski parsed an active 2025 and unpacked what it portends for 2026 in a recent CLE session covering legal and regulatory developments, new partnership opportunities, and more.

Legal Case Developments: Standing, OTAs, and Contractor Immunity

Decision on Standing: Subcontractors not submitting bids directly to the Government have no standing to submit a bid protest. To be an “interested party” eligible to protest, a contractor must have submitted, or intended to submit, a proposal.

Other Transaction Authority (OTA): OTAs continue to gain traction as a faster alternative to FAR-based procurement. Because they fall outside traditional protest rules, legal challenges are often pushed into federal courts with mixed results.

Boyle Contractor Defense: The longstanding Boyle decision shields military contractors from certain state tort claims when they meet specific federal specifications and notification criteria. The ongoing Hensley v. Fluor case may expand immunity into negligence claims arising in combat zones.

DoD Acquisition Reform: Speed, Alternate Proposals, and MOSA

The Department of Defense/Department of War is pushing a “War Fighting Acquisition System” to address procurement delays often tied to rigid specifications. Look out for:

  • Greater acceptance of alternative proposals that don’t meet 100% of RFP requirements
  • Shift from cost-reimbursement contracts to firm-fixed-price agreements
  • Default preference for commercial products and services, reducing compliance burdens
  • Contractor-funded innovation; companies that fail to invest in their own infrastructure risk losing relevance

This reform will link closely to expanded OTA use and fewer traditional cost type FAR procurements.

Benefits for Non-Traditional Defense Contractors

If your company is not subject to full Cost Accounting Standards (CAS), you may qualify as a “non-traditional defense contractor,” freeing you from onerous FAR Part 31 accounting rules and certain DFARS business requirements. This sector will enjoy lighter compliance burdens, making it essential to confirm your status and leverage these benefits.

False Claims Act Expansion: New Enforcement Priorities

The DOJ recovered nearly $7 billion in False Claims Act (FCA) settlements during 2025, with enforcement expanding into six priority areas:

  • Healthcare fraud, especially Medicare Advantage billing
  • Defense contract violations, particularly cybersecurity lapses
  • Customs and tariff evasion, including misclassification and import valuation misstatements
  • DEI compliance enforcement in hiring, admissions, and scholarships
  • E-Verify violations, targeting the hiring of unauthorized workers
  • Cybersecurity compliance failures, with penalties potential extending to criminal liability

Relators (whistleblowers) continue to bring FCA suits, though there is some debate over the constitutionality of relator provisions; possibly eventually headed to the Supreme Court.

Cybersecurity Maturity Model Certification (CMMC): Mandatory Timeline

CMMC is now a critical gatekeeper for DoD contract eligibility:

Voluntary inclusion in solicitations began November 2025, and mandatory prime/sub compliance kicks in fully by November 2028.

Levels:   

  • Level 1: 15 safeguarding standards for Federal Contract Information (FCI); self-assessment allowed
  • Level 2: 110 controls for Controlled Unclassified Information (CUI); most DoD contracts require this level
  • Level 3: Additional 24 controls for highly sensitive CUI, typically for classified work

    Prime contractors are already requiring subs to have Level 2 certification by preset dates, demonstrating that CMMC compliance for suppliers is now “table stakes.”

    NDAA 2026 Highlights: Biosecure Act, Project Spectrum, CRM

    The new National Defense Authorization Act introduces:

    • Biosecure Act: Federal agencies will be prohibited from contracting with “biotechnology companies of concern” (BCCs) once the list is finalized by OMB. U.S. companies must plan to disengage from potentially targeted Chinese, Iranian, or North Korean suppliers.
    • Project Spectrum: This assistance platform helps small- and medium-sized contractors navigate cybersecurity requirements.
    • Civil Reserve Manufacturing (CRM): This program creates incentives for commercial manufacturers to prepare rapid conversion to defense production during crises.

    FAR ‘Revolutionary Rewrite’ and Executive Actions Affecting Contractors

    The president has ordered a streamlining of the FAR, potentially removing redundant clauses and reducing regulatory volume. Additionally:

    • Stock Buybacks & Dividends Restriction: Publicly traded defense contractors may face prohibitions if not investing sufficiently in production capacity.
    • U.S. Government Equity Investments: Increased direct investment in private industry, creating opportunities for capital infusion with strategic implications.

    Strategies for COTS Sellers and CMMC Workarounds

    Suppliers of Commercial-Off-The-Shelf (COTS) items enjoy reduced compliance burdens. If you can prove prior COTS commercial sales, you may avoid hundreds of flow-down clauses, including most Cybersecurity Maturity Model Certification (CMMD) requirements, unless otherwise mandated.

    For companies unable to meet CMMC internally, third-party compliant enclaves offered by providers can segregate CUI handling, enabling continued DoD engagement within compliance limits.

    SBIR Program Status: Funding Uncertain

    The Small Business Innovative Research (SBIR) program expired in September 2025 and remains unauthorized. This eliminates a common funding pathway for tech innovation until Congress resolves the debate over its value versus alleged abuses.

    Wrapping Up

    In 2026, government contractors and subcontractors face a dual challenge: meeting higher compliance standards while capitalizing on acquisition reform and new funding mechanisms. By aligning with CMMC timelines, leveraging non-traditional defense contractor benefits, preparing for the Biosecure Act, and embracing OTA opportunities, companies can position themselves strategically for the evolving procurement landscape.

    Register to watch the full video, and learn more about Fenwick’s government contracts and public sector procurement capabilities.