The government is buying autonomous systems faster than it is writing the rules that govern them. Contractors delivering autonomous and AI-enabled capabilities to the Department of War (DoW) must comply today with a patchwork of authorities and mandates, while remaining nimble and preparing for regulatory change. As contractors assess compliance decisions they should be making now, here is where to focus:
- Software Assurance and Cybersecurity Obligations
Against this landscape, Congress provided a number of authorities and requirements for DoW utilization of AI and machine learning (ML) in the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2026. A few highlights include:
- Section 1512, Artificial Intelligence and Machine Learning Security in the Department of Defense: Requires the Secretary of War, in consultation with other federal agencies, to establish a Department-wide cybersecurity and governance policy for AI/ML systems addressing AI-specific threats, security best practices, monitoring and testing standards, and DoW workforce training. As we have written, AI-enabled threats are outpacing cybersecurity defenses, and this requirement is a first step toward attempting to close that gap.
- Section 1513, Physical and Cybersecurity Procurement Requirements for Artificial Intelligence Systems: Requires DoW to develop, with academia and industry, physical and cybersecurity standards for covered AI/ML technologies. The framework must address procurement risk, timelines, DFARS and Cybersecurity Maturity Model Certification (CMMC) integration, and cost-benefit considerations. “Covered AI and ML technology” includes acquired systems and lifecycle components such as source code, trained parameters, development methods, and algorithms.
- Section 1532, Guidance and Prohibition on Use of Certain Artificial Intelligence: Bans DoW acquisition or use of “covered AI,” including AI developed by DeepSeek, High-Flyer, or related entities. It also required removal of covered AI from DoW systems by January 17, 2026, and bars contractors from using covered AI in DoW contract performance absent a Secretary of War waiver.
Together, sections 1512, 1513, and 1532 of the NDAA for FY 2026 create a national-security perimeter around AI and ML by requiring DoW to treat these technologies as potential vectors for espionage, sabotage, and cyber warfare. These requirements move DoW and its contractors from passive, software-generic safeguards to affirmative AI-specific requirements focused on three layers: policy and governance, the defense supply chain, and protection from adversary-linked technology.
- Testing, Validation, and Explainability Requirements
In June 2026, the White House issued two related actions – Executive Order 14409 and National Security Presidential Memorandum 11 (NSPM-11) – which provide two key data points on how the Administration is looking to regulate—or not regulate—AI across the Federal Government and the national security enterprise. These actions overlay the CMMC program, the decade-old autonomy-in-weapons systems policy in DoD Directive (DoDD) 3000.09, and the Department’s Responsible AI Ethical Principles. The result of Executive Order 14409 and NSPM-11 is an intersecting set of obligations that touch cybersecurity, acquisition, weapons-system development, and corporate conduct all at once. These rules are being rewritten at a rapid pace. For example, on July 13, 2026, DoW paused implementation of parts of CMMC, and NSPM-11 directs DoW to update DoDD 3000.09 within 90 days, while guidance and actions around frontier AI are continuously evolving.
For government contractors, the NSPM-11 accountability pillar is the most immediately relevant element. NSPM-11 directs agencies to terminate, for default or convenience, contracts with companies that have “repeatedly demonstrated a pattern of conduct” inconsistent with the NSPM’s pillars, including prohibitions on censorship, ideological bias, and unauthorized surveillance in AI systems. These terms, however, are imprecise and no applicable evidentiary standards for what constitutes actionable misconduct exist yet. The prime contractor is accountable for ensuring its supply chain subcontractors comply. A requirement that AI contracts include clauses guaranteeing the Government “knowledge and approval” before a vendor disables, degrades, or materially modifies a system the Government depends on further contributes to uncertainty for government contractors. Executive Order 14409 and NSPM-11 will need careful reconciliation with existing intellectual property (IP) licenses, terms/conditions, and model-provider agreements.
For contractors, the practical takeaway is that compliance can no longer be managed as separate cybersecurity, acquisition, and engineering workstreams. There are also autonomy and legal-review requirements for any national security-adjacent AI effort. Given the uncertainties and regular direction adjustments, contractors should take the following actions to plan for change and document their diligence:
- Audit AI use against the NSPM-11 Accountability pillar.
- Map subcontractor AI use in supply chains.
- Treat CMMC self-assessments with seriousness and the view that they will be audited.
- Plan for CMMC/cybersecurity level creep, with rising focus on cybersecurity expect increased requirements.
- Watch for the DoDD 3000.09 revision (expected in September 2026).
- Build legal review lead time into schedules.
- Budget for verification and validation/test and evaluation, and regression testing.
- Think before opting into the frontier-model early-access program.
- Seek to maintain optionality in frontier-model usage, as government action can affect workflows without much warning.
- Trusted AI and Responsible AI in Autonomous Weapons Programs
In the autonomous weapons context, trusted AI focuses on whether an AI-enabled system is technically and operationally worthy of confidence: whether it performs as intended, remains reliable in realistic conditions, resists manipulation, supports explainability where needed, and can be monitored or disengaged when circumstances change. Responsible AI focuses on whether the system is designed, developed, fielded, and used in a lawful, ethical, accountable, and appropriately governed manner. In this evolving autonomous landscape, contractors should treat both trusted AI and responsible AI concepts as mutually reinforcing requirements.
The DoW AI Ethical Principles—responsible, equitable, traceable, reliable, and governable—are increasingly relevant to acquisition planning, source selection, technical evaluation, test and evaluation, cybersecurity, and lifecycle sustainment. DoW’s policy on autonomy in weapons systems (DoDD 3000.09) expressly connects autonomous and semi-autonomous weapon systems that incorporate AI capabilities to those principles and to the DoW Responsible AI Strategy and Implementation Pathway.
The DoW Drone Dominance Program offers a concrete example of how trusted AI and responsible AI principles are likely to shape acquisition. The DoW is seeking drones that are reliable, resilient, and effective enough to support warfighters in contested battlefield conditions. At the same time, contractors must address responsible AI considerations through human-systems integration analysis, including whether a human operator must remain “in the loop” for making specific decisions or may instead supervise fully autonomous systems.
For fully autonomous weapons systems, the most sensitive issues often arise at the boundary between technical performance and human judgment. A system may detect, classify, recommend, navigate, prioritize, or engage at machine speed, but DoW and its contractors will still be on the hook to show how commanders and operators retain the level of human judgment over the use of force that may be required by law, policy, law of war obligations, rules of engagement, and weapon system safety rules. In complying with trusted AI requirements, contractors should –
- Include cybersecurity as part of a trusted AI framework. AI-enabled autonomy can be affected by data poisoning, adversarial inputs, model theft, unauthorized model modification, compromised inference services, insecure software supply chains, and manipulation of sensors or communications.
- Map the AI security boundary broadly: model repositories, training and fine-tuning environments, simulation systems, mission-data stores, prompt and output logs, software factories, cloud services, and deployed edge devices may all be relevant to the Government’s assessment of procurement risk.
- Expect the Government to ask not only whether an autonomous capability works, but whether the contractor can prove how it was designed, trained, tested, validated, monitored, and controlled.
- Data Rights and Intellectual Property Issues
Data and IP rights in federal autonomous systems are increasingly strained by legacy DFARS rules that were built for static technical data and software, not for evolving and continuously trained AI models. DFARS 252.227-7013 and -7014 allocate rights based largely on funding, producing categories like unlimited rights, government purpose rights, and limited/restricted rights. But these DFARS clauses do not address model weights, fine-tuned models, evolving deliverables, or how government purpose rights apply when the underlying model keeps changing. The DoW Intellectual Property Guidebook, issued in April 2025, recognizes this gap by urging program offices to develop an intentional IP strategy early rather than relying on default DFARS outcomes.
Newer AI-focused policy is moving beyond that legacy framework. Office of Management and Budget (OMB) Memorandum M-25-22 directs agencies to standardize IP and data-ownership terms, prevent vendor lock through data portability, and prohibit contractors from using non-public government data or AI outputs to train public or commercial models without agency consent. The General Service Administration draft AI system terms go further by giving the Government ownership of government data and contract-specific developments, limiting contractor reuse, requiring government-specific fine-tuning to remain confidential and exclusive, and allowing unilateral benchmarking for bias and truthfulness, as well as suspension and decommissioning-cost exposure for failed systems. These requirements conflict with many commercial AI business models, in which shared infrastructure and customer-driven model improvement are common.
The practical consequence of the changing IP landscape is that IP and data-rights strategy can no longer be handled as a boilerplate exercise at the back end of contract negotiation. Contractors should carefully document funding sources, mark deliverables properly under DFARS 7013/7014, assess whether AI tools qualify as commercial software, and ensure their ML Operations can support commitments not to train on Government data. Contractors selling to both civilian and defense agencies also need an enterprise-wide IP strategy to avoid inconsistent or conflicting ownership and use rights across contracts. Contractors should also:
- Identify funding sources at the component level before signing a contract.
- Mark every deliverable correctly.
- Proactively assert commercial software status where supported.
- Negotiate model-weight and fine-tuning ownership explicitly in contract text.
- Scrutinize “no training on government data” clauses against machine learning operations pipelines.
- Build for data portability and other export formats.
- Flowdown Obligations for Subcontractors and Suppliers
Autonomous weapons programs rarely depend on a single contractor. These programs are built from multiple components with multiple subcontractors and suppliers, which means compliance obligations do not stop at the prime contract. The DoW emphasis on autonomous weapons systems will create opportunities for innovative contractors, but it will also raise the compliance baseline. Prime contractors will need to collect enough evidence to support representations and certifications and be prepared to flow down requirements to subcontractors and suppliers.
For unmanned aircraft systems (UAS) and autonomy contractors, supply-chain restrictions are a central compliance issue. Statutory and regulatory restrictions, such as section 848 of the NDAA for FY 2020, prohibit procurements of UAS manufactured and managed by a covered foreign country or an entity domiciled in a covered foreign county (defined as the People’s Republic of China), including hardware, software, network connectivity, and data storage. These statutory restrictions require contractors to look beyond the finished platform and consider whether any component or supplier affiliation creates a prohibited-source or covered-foreign-entity concern.
Contractors can expect impacts to and oversight of covered articles such as information technology, telecommunications equipment or services, cloud computing, software, hardware, systems, devices, and services that include embedded or incidental information technology. FAR subpart 4.23 will likely impact AI and autonomy programs as the Federal Acquisition Security Council (FASC) implements the Federal Acquisition Supply Chain Security Act exclusion and removal orders. The Revolutionary FAR Overhaul proposed rule, will consolidate and update FAR-based security requirements under Part 40.
In general, prime contractors should prepare to flowdown cybersecurity, incident-reporting, controlled unclassified information (CUI), export-control, classified safeguarding, and access-control obligations to all subcontractors that handle protected information or support protected systems. Subcontractors may be required to provide prompt notice of changes in ownership, foreign affiliation, data-hosting locations, software dependencies, model providers, and supply-chain relationships that could affect eligibility or performance. Contractors should:
- Ensure compliance by monitoring applicable solicitation clauses, System for Award Management (SAM) notices, and agency-specific directions for compliance with regulations.
- Heed the regulations like FAR 52.204-21 (establishing basic safeguarding requirements for covered contractor information systems) and DFARS 252.204-7021 (imposing CMMC requirements during performance).
- Reserve audit, inspection, substitution, notification, and termination rights if a subcontractor uses a prohibited source, suffers a material cyber incident, changes a critical supplier, or cannot provide required compliance evidence.
- For cleared work, consider National Industrial Security Program Operating Manual (NISPOM) requirements for facility-clearance, personnel-clearance, classified safeguarding, foreign ownership, control, or influence, and foreign disclosure obligations regarding subcontractors and suppliers relating to federal work. And these requirements will soon be applicable to non-cleared contractors, as we have written about separately.
- Be aware that these obligations may apply to model repositories, training environments, simulation systems, mission data, inference services, software factories, and cloud environments—not just traditional document repositories or personnel.
Bottom Line
AI/ML and autonomy policies are quickly becoming contractual compliance matters with potential far-reaching consequences like False Claims Act, export controls, supply chain integrity, and intellectual property impacts. For contractors, the immediate question is how to deploy AI-enabled autonomy at the speed the government wants while meeting all the requirements that attach. Fluet’s Government Contracts team is closely following the changing contractor AI/ML and autonomy requirements and can help organizations identify opportunities.


