The FY 2025 National Defense Authorization Act (“NDAA”) sustains Congress’s continued focus on countering China’s expanding influence and enhancing U.S. resilience in an era of great power competition.  This year’s legislation reflects the practice of carrying the State Department and Intelligence Authorization Acts within the NDAA—marking the third consecutive year that these critical measures have been advanced in tandem.  The Foreign Relations and Intelligence Committees in both chambers of Congress have increasingly adopted the Armed Services Committees’ playbook, embedding China-focused legislation modeled on past defense measures in their respective authorizations.  This blog examines key provisions designed to address what Congress views as strategic challenges posed by China while closing loopholes that could confer military, economic, or technological advantages to Beijing.  We divide these provisions into the following five categories:  (1) provisions that address potential security risks linked to Chinese-origin technology; (2) provisions that limit the transfer of U.S. technology or data to China; (3) so-called “time to choose” provisions that curtail Department of Defense (“DoD”) engagement with third parties that engage with China; (4) provisions that tackle a range of broader geopolitical concerns; and (5) studies and reports to identify emerging issues and concerns.

Provisions addressing potential security risks linked to Chinese-origin technology: 

  • Section 162, which builds on the American Drone Security Act set forth in the FY 2024 NDAA, mandates that DoD mitigate risks associated with small unmanned aerial systems (“sUAS” or “drones”) manufactured in “covered foreign countries,” including China.  It directs DoD to disassemble—at least once every three years—a drone made by Da Jiang Innovations (a leading Chinese manufacturer) or a similar commercial sUAS manufacturer, develop a strategy to transition to domestic or allied sources for critical drone components, and to determine if any of the foreign companies in the sUAS supply chain should be included on DoD’s “1260H list”—a list of companies with alleged ties to the Chinese military.  Inclusion of a Company on the 1260H list will soon have implications for DoD contractors, since Section 805 of the FY 2024 NDAA included a provision that, beginning in June 2026, prohibits the DoD from procuring items from entities on the list or entities “subject to the control of” 1260H listed entities, and beginning in June 2027, prohibits the DoD from procuring items that include in their supply chain products or components made by 1260H listed entities or entities “controlled” by 1260H listed entities.
  • Under section 164, effective June 30, 2026, DoD is prohibited from operating, procuring, or using certain LiDAR (Light Detection and Ranging) technology that is manufactured, developed, or reliant on software, network connectivity, or data storage associated with China, Russia, Iran, or North Korea.  DoD’s use of any system that incorporates or interfaces with such LiDAR technology is also prohibited.  Section 164 expressly prohibits LiDAR developed by Hesai Technology, headquartered in Shanghai, China, a leading manufacturer of LiDAR sensors that are used in both commercial self-driving cars and Chinese autonomous warfighting systems.  The Secretary of Defense can provide a waiver, but it requires the Secretary to certify to Congress that the waiver is needed for the national interest of the United States.
  • Section 1078 mandates a study and report to Congress on DoD’s use of unmanned ground vehicle systems manufactured by a “covered foreign country,” defined in this section as China, Iran, North Korea, or Russia.  It requires an assessment of cybersecurity and technological vulnerabilities, identification of manufacturers with ties to China’s military-civil fusion policy, and recommendations whether to prohibit DoD’s procurement or use of such systems from an entity that is domiciled in a covered foreign country or subject to influence or control by the government of such a country.  Section 1078 is unique in that if the DoD report recommends banning procurement of unmanned ground vehicle systems from a covered foreign country, the prohibition will automatically spring into effect one year later, requiring no further legislative action.
  • Section 1546 requires DoD to develop a risk framework assessing the threat of data collection and misuse and exposure to disinformation posed by personal mobile devices and applications—particularly those tied to China and other adversarial nations—used by military members and DoD civilian employees, and a plan to educate the DoD workforce to counter these threats. 

The House Armed Services Committee (“HASC”) Report accompanying the NDAA for FY 2025 also includes several provisions in this category.  Although committee reports are not enacted in law, DoD’s policy is to comply with directive report language as a matter of comity with Congress:

  • One provision targets routers, modems, and similar devices from Chinese manufacturers that pose security risks akin to Huawei and ZTE technologies banned under section 889 of the FY 2019 NDAA.  It directs DoD to assess the risk that these devices—whether on DoD networks or in the homes of DoD personnel—could be exploited by malware to compromise DoD systems, critical infrastructure, or sensitive information (HASC Report 118-529, pp. 254-55).
  • A second provision focuses on countering risks posed by hardware-based encrypted data storage devices used in DoD, particularly those potentially compromised by Chinese control over encryption technologies.  DoD is directed to evaluate existing risk management tools and provide Congress a list of hardware-based encrypted data storage products that have been excluded from DoD procurement in the last 5 years (HASC Report 118-529, p. 337).  

Provisions limiting the transfer of U.S. technology or data to China:

  • Section 226 mandates annual review of DoD research grants to ensure compliance with DoD policies.  This rigorous oversight is intended to protect sensitive U.S. research and technology from exploitation and from indirectly supporting China’s military-civil fusion strategy.
  • Section 238 restricts DoD from funding fundamental research collaborations between U.S. higher education institutions and certain foreign academic institutions, including those with ties to China.  This provision is aimed at countering China’s exploitation of academic partnerships to enable technology transfer or intellectual property theft that bolsters its military and technological capabilities.
  • Section 839 amends section 855 of the NDAA for FY 2022 to expand required contractor and subcontractor disclosures about their employees who perform work in China on a DoD “covered contract.”  Under section 855 of the FY 2022 NDAA, the definition of a “covered contract” included any DoD contract or subcontract with a value in excess of $5 million and excluded contracts for commercial products or services.  Section 839 removes the $5 million threshold and expands the definition of a “covered contract” to include commercial contracts, but clarifies that covered contracts only include DoD contracts or subcontracts “for, or including, any information and communications technology, including contracts for commercial products or services.”  As amended, the law requires disclosures about contractor and subcontractor work performed on a covered contract for, or subject to the laws of China.   This could potentially include personnel outside of China who are nevertheless performing work for China or are subject to Chinese laws or control.  Finally, this section expands the disclosures for contractors providing software to DoD by requiring them to identify whether any Chinese government entity requires them to disclose any “cybersecurity vulnerabilities” or “software vulnerabilities.” 
  • Section 1025 prohibits DoD from contracting with shipyards owned, controlled, or influenced by foreign adversary countries, including China, with a view to safeguarding U.S. naval technology and strengthening domestic and allied industrial bases.
  • Section 1070 requires DoD to provide detailed annual briefings to Congress on attempts by foreign actors, including but not limited to individuals from adversarial nations like China, to gain unauthorized access to U.S. military installations. 
  • Section 1641 expands existing prohibitions on sharing missile defense information and systems with Russia to include China. 
  • Section 3112 prohibits citizens or agents of “covered foreign nations,” including China, from accessing sensitive areas of U.S. national security laboratories and nuclear weapons production facilities.
  • Section 6432 requires enhanced screening of foreign visitors from “countries of risk,” including China, seeking access to U.S. national laboratories by the Department of Energy’s Office of Intelligence and Counterintelligence.
  • The HASC Report accompanying the 2025 NDAA directs DoD to explore the feasibility of a pilot program to assess and mitigate the risks of foreign ownership, control, or influence—including by China—on entities across DoD research, development, testing, and evaluation programs and the Defense Industrial Base, including whether commercial tools can be leveraged for this purpose (HASC Report 118-529 pp. 214-15). 

“Time to Choose” provisions:

The FY 2025 NDAA adds new “Time to Choose” provisions, so named because they mirror the intent of section 812 of the NDAA for FY 2024, which required entities providing contracted consulting services to DoD either to certify that they do not hold consulting contracts with “covered foreign entities” like China or to establish an auditable Conflict of Interest Mitigation Plan that would ensure their employees did not provide services to covered foreign entities and DoD simultaneously.  Section 812 had the effect of forcing consulting companies to “choose” between working for DoD and working for China and other adversarial nations at any given point in time.

  • Section 851 appears to prohibit DoD from contracting with any entity that also contracts with a lobbyist who provides services to Chinese military companies.  See Covington’s deep dive into section 851 here.
  • Section 853 prohibits DoD from procuring semiconductors, semiconductor manufacturing equipment, and design tools from companies that knowingly supply such products to Huawei and establishes a certification process requiring suppliers to verify compliance. 
  • DoD often collaborates with filmmakers, television producers, and other media professionals on movie and entertainment projects, to ensure accurate depictions of the military.  Section 1059 prohibits DoD from using appropriated funds to support entertainment projects that comply with censorship demands from the Chinese government or Chinese Communist Party.

Provisions tackling a range of broader geopolitical concerns:

  • Section 214 extends the Global Research Watch Program by ten years, to September 30, 2035.  The program monitors and assesses global research and development efforts, focusing on areas of strategic importance to U.S. national security, including by tracking scientific and technological advancements in adversarial nations, like China.
  • Section 228 establishes the National Defense Economic Competition Research Council to analyze, propose, and coordinate research on economic activities intended to undermine U.S. national security, particularly by nations like China.  Activities to be examined and mitigated include economic coercion, manipulation, and the use of adversarial capital to acquire U.S. technology or real estate, or to deny U.S. access to critical resources.  
  • Section 1055 prohibits the use of DoD funds to support EcoHealth Alliance or the Wuhan Institute of Virology in China, directly or indirectly.  
  • Section 1346 strengthens reporting requirements related to DoD’s 1260H list to enhance its ability to identify and counter China’s influence in critical industries.  To that end, section 1346 broadens criteria for including a company on the 1260H list, and mandates detailed justifications for adding or removing entities from the list, at least annual updates to the list, and publication of the list in English and Mandarin, ensuring transparency and broad accessibility.  As noted above, per section 805 of the NDAA for FY 2024, effective June 30, 2026, DoD will be precluded from contracting with 1260H-listed companies and effective June 30, 2027, DoD will be prohibited from procuring items that include in their supply chain products or components made by 1260H listed entities or entities “subject to the control of” 1260H listed entities. 
  • Section 1347 directs DoD to develop a comprehensive strategy to identify and counter the malign activities of China’s People’s Liberation Army across regions, functions, and domains.  Although the statute does not define “malign activities,” they are generally considered to include: military aggression, espionage and cyberattacks, economic coercion, political influence and subversion through disinformation, and using military-civil fusion to acquire civilian technologies and infrastructure that can enhance military capabilities. 
  • Section 5121 aims to enhance multilateral cooperation to strengthen Taiwan’s security, by calling for elements of the U.S. Departments of Treasury and State to consult with European counterparts to prepare sanctions against China if it takes hostile actions against Taiwan.  The provision emphasizes fostering political, economic, and defense ties with Taiwan, increasing its international participation, countering Chinese propaganda, and strengthening Taiwan’s cybersecurity, energy, and food security while facilitating arms and technology transfers.
  • Section 7208 amplifies the Uyghur Forced Labor Prevention Act by prohibiting the Department of State from using Federal funds to procure solar energy products manufactured in the Xinjiang Uyghur Autonomous Region of China (“XUAR”) or which are known to be produced with forced labor in other regions in the country.  By targeting solar energy products—an industry heavily reliant on polysilicon sourced from XUAR—this measure aims both to counter China’s use of forced labor and reduce U.S. dependency on Chinese-manufactured solar components. 

Studies and Reports:

Many disregard NDAA provisions that mandate studies and reports to Congress.  We caution against this approach, however, because these directives signal matters Congress deems worthy of closer scrutiny and often serve as precursors to future legislation.  

  • Section 3521 mandates an independent study to examine the business practices of the Shanghai Shipping Exchange (“SSE”), focusing on China’s influence on the exchange and SSE’s potential manipulation of global container freight markets to the detriment of U.S. consumers and businesses.  Located in Shanghai, the SSE is overseen by China’s Ministry of Transport and plays a central role in the global maritime shipping industry. 
  • Section 6401 directs the Director of National Intelligence (“DNI”) to assess China’s biotechnology capabilities, focusing on how the Chinese government supports the sector through mechanisms like foreign investment, subsidies, and talent recruitment, with findings to be reported to Congress in mid-2025.
  • Section 6404 mandates a report by the DNI to Congress on the Chinese government’s efforts to evade U.S. transparency and national security regulations, including trade restrictions, export controls, and sanctions.  It specifically intends to expose and address China’s attempts to bypass measures such as the Department of Commerce Entity List, Treasury’s Specially Designated Nationals list, export controls, forced labor import bans, and U.S. restrictions on outbound investment in certain national security technologies and products.   

The FY 2025 NDAA marks a further shift in how defense contractors, lobbying firms, and research institutions must operate to align with U.S. national security priorities.  Through stricter contracting restrictions, heightened supply chain oversight, tighter lobbying regulations, and enhanced limitations on adversarial access to sensitive U.S. technologies, the law underscores Congress’s determination to curb foreign influence, particularly from China.  Key provisions, including strengthened due diligence requirements, updated disclosure mandates, and bans on high-risk products, have created a rapidly shifting compliance landscape.  To remain eligible for federal contracts, businesses would be well-served to stay ahead of regulatory developments, reinforce internal controls, and align their operations with evolving national security objectives.

Subscribe to Covington’s NDAA Blog.

This is the third blog in a series analyzing the FY 2025 NDAA signed into law on December 23, 2024.  Future posts will address NDAA provisions covering supply chain and stockpile security, and Congress’s effort to mature the Office of Strategic Capital and leverage private investment to accelerate the development of critical technologies and strengthen the defense industrial base.  Subscribe to our blog here.

Tags: NDAA; National Defense Authorization Act
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Stephanie Barna Stephanie Barna

Stephanie Barna draws on over three decades of U.S. military and government service to provide advisory and advocacy support and counseling to clients facing policy and political challenges in the aerospace and defense sectors.

Prior to joining the firm, Stephanie was a senior…

Stephanie Barna draws on over three decades of U.S. military and government service to provide advisory and advocacy support and counseling to clients facing policy and political challenges in the aerospace and defense sectors.

Prior to joining the firm, Stephanie was a senior leader on Capitol Hill and in the U.S. Department of Defense (DoD). Most recently, she was General Counsel of the Senate Armed Services Committee, where she was responsible for the annual $740 billion National Defense Authorization Act (NDAA). Additionally, she managed the Senate confirmation of three- and four-star military officers and civilians nominated by the President for appointment to senior political positions in DoD and the Department of Energy’s national security nuclear enterprise, and was the Committee’s lead for investigations.

Previously, as a senior executive in the Office of the Army General Counsel, Stephanie served as a legal advisor to three Army Secretaries. In 2014, Secretary of Defense Chuck Hagel appointed her to be the Principal Deputy Assistant Secretary of Defense for Manpower and Reserve Affairs. In that role, she was a principal advisor to the Secretary of Defense on all matters relating to civilian and military personnel, reserve integration, military community and family policy, and Total Force manpower and resources. Stephanie was later appointed by Secretary of Defense Jim Mattis to perform the duties of the Under Secretary of Defense for Personnel and Readiness, responsible for programs and funding of more than $35 billion.

Stephanie was also previously the Deputy General Counsel for Operations and Personnel in the Office of the Army General Counsel. She led a team of senior lawyers in resolving the full spectrum of issues arising from Army wartime operations and the life cycle of Army military and civilian personnel. Stephanie was also a personal advisor to the Army Secretary on his institutional reorganization and business transformation initiatives and acted for the Secretary in investigating irregularities in fielding of the Multiple Launch Rocket System and classified contracts. She also played a key role in a number of high-profile personnel investigations, including the WikiLeaks breach. Prior to her appointment as Deputy, she was Associate Deputy General Counsel (Operations and Personnel) and Acting Deputy General Counsel.

Stephanie is a retired Colonel in the U.S. Army and served in the U.S. Army Judge Advocate General’s Corps as an Assistant to the General Counsel, Office of the Army General Counsel; Deputy Staff Judge Advocate, U.S. Army Special Forces Command (Airborne); Special Assistant to the Assistant Secretary of the Army (Manpower & Reserve Affairs); and General Law Attorney, Administrative Law Division.

Stephanie was selected by the National Academy of Public Administration for inclusion in its 2022 Class of Academy Fellows, in recognition of her years of public administration service and expertise.

Read more about Stephanie BarnaEmail
Show more Show less
Photo of Susan B. Cassidy Susan B. Cassidy

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors…

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors on compliance with FAR and DFARS requirements, with a special expertise in supply chain, cybersecurity and FedRAMP requirements. She has an active investigations practice and advises contractors when faced with cyber incidents involving government information, as well as representing contractors facing allegations of cyber fraud under the False Claims Act. Susan relies on her expertise and experience with the Defense Department and the Intelligence Community to help her clients navigate the complex regulatory intersection of cybersecurity, national security, and government contracts. She is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. In 2023, Chambers USA quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Her clients range from new entrants into the federal procurement market to well established defense contractors and she provides compliance advices across a broad spectrum of procurement issues. Susan consistently remains at the forefront of legislative and regulatory changes in the procurement area, and in 2018, the National Law Review selected her as a “Go-to Thought Leader” on the topic of Cybersecurity for Government Contractors.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 7012, and NIST SP 800-171 requirements,
Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 and limitations on sourcing from China
Federal Acquisition Security Council (FASC) regulations and product exclusions,
Controlled unclassified information (CUI) obligations, and
M&A government cybersecurity due diligence.

Susan has an active internal investigations practice that assists clients when allegations of non-compliance arise with procurement requirements, such as in the following areas:

Procurement fraud and FAR mandatory disclosure requirements,
Cyber incidents and data spills involving sensitive government information,
Allegations of violations of national security requirements, and
Compliance with MIL-SPEC requirements, the Qualified Products List, and other sourcing obligations.

In addition to her counseling and investigatory practice, Susan has considerable litigation experience and has represented clients in bid protests, prime-subcontractor disputes, Administrative Procedure Act cases, and product liability litigation before federal courts, state courts, and administrative agencies.

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Prior to joining Covington, Susan served as in-house senior counsel at Northrop Grumman Corporation and Motorola Incorporated.

Read more about Susan B. CassidyEmail
Show more Show less
Photo of Ryan Burnette Ryan Burnette

Ryan Burnette is a government contracts and technology-focused lawyer that advises on federal contracting compliance requirements and on government and internal investigations that stem from these obligations. Ryan has particular experience with defense and intelligence contracting, as well as with cybersecurity, supply chain…

Ryan Burnette is a government contracts and technology-focused lawyer that advises on federal contracting compliance requirements and on government and internal investigations that stem from these obligations. Ryan has particular experience with defense and intelligence contracting, as well as with cybersecurity, supply chain, artificial intelligence, and software development requirements.

Ryan also advises on Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) compliance, public policy matters, agency disputes, and government cost accounting, drawing on his prior experience in providing overall direction for the federal contracting system to offer insight on the practical implications of regulations. He has assisted industry clients with the resolution of complex civil and criminal investigations by the Department of Justice, and he regularly speaks and writes on government contracts, cybersecurity, national security, and emerging technology topics.

Ryan is especially experienced with:

Government cybersecurity standards, including the Federal Risk and Authorization Management Program (FedRAMP); DFARS 252.204-7012, DFARS 252.204-7020, and other agency cybersecurity requirements; National Institute of Standards and Technology (NIST) publications, such as NIST SP 800-171; and the Cybersecurity Maturity Model Certification (CMMC) program.
Software and artificial intelligence (AI) requirements, including federal secure software development frameworks and software security attestations; software bill of materials requirements; and current and forthcoming AI data disclosure, validation, and configuration requirements, including unique requirements that are applicable to the use of large language models (LLMs) and dual use foundation models.
Supply chain requirements, including Section 889 of the FY19 National Defense Authorization Act; restrictions on covered semiconductors and printed circuit boards; Information and Communications Technology and Services (ICTS) restrictions; and federal exclusionary authorities, such as matters relating to the Federal Acquisition Security Council (FASC).
Information handling, marking, and dissemination requirements, including those relating to Covered Defense Information (CDI) and Controlled Unclassified Information (CUI).
Federal Cost Accounting Standards and FAR Part 31 allocation and reimbursement requirements.

Prior to joining Covington, Ryan served in the Office of Federal Procurement Policy in the Executive Office of the President, where he focused on the development and implementation of government-wide contracting regulations and administrative actions affecting more than $400 billion dollars’ worth of goods and services each year.  While in government, Ryan helped develop several contracting-related Executive Orders, and worked with White House and agency officials on regulatory and policy matters affecting contractor disclosure and agency responsibility determinations, labor and employment issues, IT contracting, commercial item acquisitions, performance contracting, schedule contracting and interagency acquisitions, competition requirements, and suspension and debarment, among others.  Additionally, Ryan was selected to serve on a core team that led reform of security processes affecting federal background investigations for cleared federal employees and contractors in the wake of significant issues affecting the program.  These efforts resulted in the establishment of a semi-autonomous U.S. Government agency to conduct and manage background investigations.

Read more about Ryan BurnetteEmail
Show more Show less
Photo of Chanda Brown Chanda Brown

Chanda Brown advises clients on complex national security, defense, regulatory compliance and government contract matters, including bid-protests, size protests, internal investigations and the allocation of government rights in patents. For exporters, she provides guidance to clients regarding the export and import of dual…

Chanda Brown advises clients on complex national security, defense, regulatory compliance and government contract matters, including bid-protests, size protests, internal investigations and the allocation of government rights in patents. For exporters, she provides guidance to clients regarding the export and import of dual use and military products under the Export Administration Regulations and the International Traffic in Arms Regulations. Her work has involved responding to federal agency enforcement actions, assisting with export licensing and registrations, drafting export control plans, conducting product self-classifications and voluntary self-disclosures.

In corporate transactions and public company representations, Chanda performs due diligence in connection with large and small government contractors. In transactions involving acquisitions by non-U.S. companies, she has helped clients navigate complex transactions before the Committee on Foreign Investment in the United States (CFIUS).

Read more about Chanda BrownEmail
Show more Show less