Exclusion

On September 15, 2025, the Office of the Director of National Intelligence (“ODNI”) issued the first public exclusion and removal order (the “Order”) under the framework established by the Federal Acquisition Supply Chain Security Act of 2018 (“FASCSA”).  The Order applies to all products and services produced or provided by Acronis AG as well as all subordinate, subsidiary, or affiliated organizations doing business under various names in support of Acronis AG.  The exclusionary Order has two immediate impacts on the federal supply chain.  First, federal contractors entering into new contracts or following contractual modifications are prohibited from supplying products or services from Acronis to agencies that are either subject to the Order or that have otherwise adopted it (“Covered Agencies”).  Second, contractors are prohibited from using products or services from Acronis in the performance of new and modified contracts with Covered Agencies.  In addition, certain agencies must remove these products and services from particular information systems.

Although the prohibitions apply to new contract awards, all contractors to Covered Agencies that have the applicable FASCA FAR clause (FAR 52.204-30) in their agreements must conduct diligence to determine whether they have provided or used any prohibited products or services in the performance of their contracts.  Following this review, the clause requires contractors to report the use of prohibited products or services to Covered Agencies.

Additional detail on the FASCSA exclusionary process and this first public Order is provided below.Continue Reading First Order Issued under the Federal Acquisition Supply Chain Security Act, Triggering Immediate Requirements on Contractors

On the eve of the recent government shutdown over border security, Congress and the President were in agreement on a different issue of national security:  mitigating supply chain risk.  On December 21, 2018, the President signed into law the Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act (the “SECURE Technology Act”) (P.L. 115-390).  The Act includes a trio of bills that were designed to strengthen the cyber defenses of the Department of Homeland Security (“DHS”) and mitigate supply chain risks in the procurement of information technology.  The last of these three bills, the Federal Acquisition Supply Chain Security Act, should be of particular interest to contractors that procure information technology-related items related to the performance of a U.S. government contract.  Among other things, the bill establishes a Federal Acquisition Security Council, which is charged with several functions, including assessing supply chain risk.  The bill also gives the Secretary of DHS, the Secretary of the Department of Defense (“DoD”) and the Director of National Intelligence authority to issue exclusion and removal orders as to sources and/or covered articles based on the Council’s recommendation.  Finally, the bill allows federal agencies to exclude sources and/or covered articles deemed to pose a supply chain risk from certain procurements.
Continue Reading Jumping to Exclusions: New Law Provides Government-Wide Exclusion Authorities to Address Supply Chain Risks