New Cybersecurity Requirements for Federal Contractors
The U.S. Department of Defense (“DOD”) is moving towards implementing the Cybersecurity Maturity Model Certification (“CMMC”) program. When finally launched, the CMMC program will require many companies in the DOD supply chain with Controlled Unclassified Information (“CUI”) to obtain a third-party certification confirming that they are compliant with applicable cybersecurity controls. The impacted companies will not only affect prime contractors, but also subcontractors through the supply chain – even purveyors of commercial products and services.
The CMMC program contains three levels covering self-certifications, third-party certifications and governmental certifications:
Level 1 includes contracts where there is Federal Contract Information (“FCI”) and requires compliance with the 15 security controls enumerated in Federal Acquisition Regulation (“FAR”) 52.204-21. DOD’s position is that all contractors in the Defense Industrial Base (including subcontractors) hold FCI, at the very least. This is a self-certification.
Level 2 includes contracts with CUI and requires compliance with the 110 security controls in National Institute of Standards and Technology (“NIST”) Special Publication (SP) 800-171, Revision 2 (for now; compliance with Revision 3 is forthcoming). Some contractors (by DOD’s own estimates, there will eventually be 4,000) will be able to utilize a self-certification while others (more than 76,000) will need a third-party certification.
Level 3 also includes contracts with CUI, but CUI that DOD concludes is especially sensitive. The prime contractor and some subcontractors in the supply chain for Level 3 contracts will have to separately comply with 24 controls in NIST SP 800-172 and obtain a certification from the DOD Defense Industrial Base Cybersecurity Assessment Center (“DIBCAC”) after receiving a third-party assessment under Level 2.
While the program has been delayed, recent developments indicate that adoption is rapidly approaching:
The new $50 billion Army Marketplace for the Acquisition of Professional Services (“MAPS”) solicitation (which is currently on hold) asks whether contractors have at least an assessment scheduled to receive a third-party Level 2 CMMC assessment.
In a recent interview, Katie Arrington, who is performing the tasks of the DOD Chief Information Officer, said that DOD remains committed to CMMC and will seek to “federalize” it across the federal government.
The final CMMC rule that will be put into contracts is currently under review by the DARS Regulatory Control Officer, the final step before a review at the Office of Management and Budget and subsequent publication in the Federal Register.
DOD announced in rulemaking and on its CMMC website that it can require CMMC compliance earlier than announced in the rule.
The CMMC program is being rolled out and implemented through two separate rulemaking processes. The first, in Title 32 of the Code of Federal Regulations (“CFR”), lays out the CMMC program in detail, specifying the requirements for assessments and the roles and responsibilities of the various parties in the program. The final rule under Title 32 was effective on December 16, 2024, and assessments are currently underway. Separately, forthcoming rulemaking under Title 48 of the CFR would include the CMMC requirement in defense contracts.
Once the final rule is in the Defense Federal Acquisition Regulatory Supplement (“DFARS”), DOD will move through an implementation process with four phases, but DOD has maintained in rulemaking and on its website that it may accelerate requirements in advance of the rulemaking. (“In some procurements, DoD may implement CMMC requirements in advance of the planned phase.”) Once Phase 1 begins, DOD solicitations issued after that date will require a Level 1 or Level 2 self-certification. One year later, Phase 2 will take effect, which will require a Level 2 third-party certification (or conditional certification) for contractors holding certain types of CUI. Subsequent phases over the next two years will require implementation in option years and Level 3 assessments. As noted above, Level 3 assessments are reserved for companies possessing more critical CUI and are conducted by the DIBCAC.
The impact on the Defense Industrial Base (“DIB”) will be broad. By DOD’s own estimates, more than 220,000 companies in the Defense Industrial Base will be impacted by CMMC, including more than 76,000 companies that will eventually require a third-party certification. Even so, the ecosystem is rushing to meet demand. There are currently fewer than 70 companies that have been certified by the Cybersecurity Accreditation Body (which has a no-cost contract with DOD to manage the ecosystem) to allow those companies to conduct assessments that will be recognized by the DOD. This may create a potential bottleneck for companies that wait too long to get assessed.
Before an assessment may occur, companies must ensure they are compliant with the security controls in NIST 800-171. DOD’s position is that companies out of compliance are out of excuses because compliance with these security controls (if a company possesses CUI as part of a defense contract or subcontract) has been a requirement since December 31, 2017. Despite these longstanding requirements, many small and medium businesses, and non-traditional contractors, have had difficulty justifying the costs associated with compliance. DOD’s rollout of the CMMC program will require companies to make the choice to comply or not be in the DOD supply chain any longer.
Disagreeing with the Supreme Court, the Ninth Circuit and Two District Courts Find APA Jurisdiction in Challenges to Federal Contract and Grant Terminations
One of the immediate priorities of the second Trump administration has been the termination of a slew of federal contracts and grants. This, predictably, has led to litigation, mostly filed in the U.S. District Courts, which as we have previously written, have authority to grant equitable relief. The government has been arguing that these cases belong in the U.S. Court of Federal Claims, where only monetary damages are available (and only upon meeting the high burden of establishing that the government acted in bad faith). On April 4, 2025, the Supreme Court issued an emergency stay of a District Court’s preliminary injunction in a case challenging grant terminations, with the five-justice majority suggesting that the termination case belonged in the Court of Federal Claims. But since then, two U.S. District Courts and the Ninth Circuit Court of Appeals have ruled—contrary to the Supreme Court’s emergency stay order—that there is indeed district court jurisdiction in cases challenging contract and grant terminations. As Judge Young of the District Court of Massachusetts stated, “…this Court, after careful reflection, finds itself in the somewhat awkward position of agreeing with the Supreme Court dissenters and considering itself bound by the still authoritative decision of the Court of Appeals of the First Circuit…” which ruled that the Tucker Act did not apply, and that the government’s actions were reviewable under the Administrative Procedures Act (“APA”).
Commonwealth of Massachusetts et al. v. Robert F. Kennedy, Jr. et al., Case No. 25-10814-WHY, U.S. District Court for the District of Massachusetts
On May 12, 2025, the U.S. District Court for the District of Massachusetts ruled that it—not the Court of Federal Claims—has subject matter jurisdiction over a lawsuit brought by a coalition of states challenging the withdrawal of funding opportunities and grant terminations by the National Institutes of Health based on perceived connections to diversity, equity, and inclusion and gender issues.
The District Court noted that the Court of Federal Claims was established, and the Tucker Act was enacted, to allow contractors and grantees to pursue monetary claims against the United States. But not every claim against the government is cognizable under the Tucker Act, even if the remedy may involve the payment of money. The Court noted that “whether a claim is contractual in nature under the Tucker Act [and therefore belongs in the Court of Federal Claims] is based on a determination of the essence of the action,” which requires a court to examine the source of the rights underlying the claim and the type of relief sought or appropriate to redress the claim. Applying this “essence” test, the District Court found that the States are primarily challenging the allegedly unlawful policies and actions of public officials, not the terms of their terminated grants, and the relief sought—directing the expenditures of already-appropriated funds—is mainly injunctive, not compensatory.
The District Court extensively quoted Justice Jackson’s dissent in the Supreme Court’s order to explain why District Court review of terminations under an APA standard is appropriate, including that the government’s “robotic rollout of its new mass grant-termination policy means that grant recipients and reviewing courts are compelled to guess at the theory underlying the agency’s action. Moreover, the agency’s abruptness leaves one wondering whether any reasoned decision making has occurred with respect to these terminations at all. These are precisely the kinds of concerns that the APA’s bar on arbitrary-and-capricious agency decision making was meant to address.”
Community Legal Services in Palo Alto et al. v. HHS et al., Case No. 3:25-cv-02847-AMO
On May 14, 2025, the Ninth Circuit ruled that the district court has jurisdiction to hear challenges to agency actions terminating funding for legal representation of unaccompanied children, despite the government’s argument that such cases should be brought exclusively in the Court of Federal Claims under the Tucker Act. The plaintiffs in this case specifically alleged that the government violated the Trafficking Victims Protection Reauthorization Act (“TVPRA”) by withholding all congressionally authorized funding for direct legal representation of unaccompanied migrant children, thereby failing to “ensure, to the greatest extent practicable,” that unaccompanied children receive legal counsel as mandated by 8 U.S.C. § 1232(c)(5). The majority emphasized that the claims were rooted in statutory and regulatory violations, not contract disputes, noting, “To the greatest extent practicable does not mean to no extent at all.” The court further explained that the Tucker Act did not bar the plaintiffs’ APA claims, particularly since the plaintiffs, as the subcontractors on the program, have no direct contract with the government and thus could not sue under the Tucker Act. In dissent, Judge Callahan went further than arguing that the claims belonged in the Court of Federal Claims, and insisted that the plaintiffs’ claims are unreviewable, because the decision to terminate funding was “committed to agency discretion by law under 5 U.S.C. § 701(a)(2).” As Judge Callahan wrote, “Even if the district court had jurisdiction under the Administrative Procedure Act, the decision to terminate funding—or the decision of who to fund—is committed to agency discretion by law.” Notwithstanding the dissent, this decision underscores the judiciary’s increasing willingness to review agency actions that implicate statutory mandates, even when the government invokes arguments of unreviewability or exclusive jurisdiction elsewhere.
State of Colorado et al. v. HHS et al., Case No. 1:25-cv-00121-MSM-LDA
On May 16, 2025, the U.S. District Court for the District of Rhode Island reached the same conclusion, ruling that it has subject matter jurisdiction under the APA over a lawsuit brought by a coalition of States challenging the termination of public health grants by the Department of Health and Human Services (“HHS”). The Court rejected HHS’s argument that the States’ claims were contractual and fell under the exclusive jurisdiction of the Court of Federal Claims pursuant to the Tucker Act.
Applying the “essence” test, Judge Mary S. McElroy ruled that the District Court has jurisdiction because the essence of the case is not contractual, but rather centers on alleged violations of federal statutes, regulations, and constitutional principles. The judge distinguished between claims that arise from contract disputes—which would typically fall under the exclusive jurisdiction of the Court of Federal Claims via the Tucker Act—and claims seeking prospective, equitable relief for unlawful agency action under the APA. She emphasized that the States’ claims do not arise in any contract, but rather arise under the APA—particularly that statute’s provisions forbidding arbitrary and capricious action, action contrary to law, and action in excess of statutory authority and the Constitution’s Spending Clause and underlying separation of powers principles. The court found that the gravamen of the States’ allegations “does not turn on terms of a contract between the parties; it turns largely on federal statutes and regulations put in place by Congress and HHS.”
Judge McElroy further explained that the States are seeking relief that is prospective and equitable—namely, an injunction to halt the allegedly unlawful termination of federal funding—rather than money damages for breach of contract. She cited Supreme Court precedent, particularly Bowen v. Massachusetts, to support the distinction between actions for money damages (which fall under the Tucker Act) and actions for specific relief (which are reviewable under the APA in district court). The judge wrote, “Merely because their requested equitable relief would result in the disbursement of money is not a sufficient reason to characterize the relief as money damages.” She concluded that the case concerns the process and legality of HHS’s actions, not the enforcement of contractual obligations, and that district courts are the proper forum for reviewing such claims. This reasoning was reinforced by her observation that “the source of the States’ rights is based on federal law rather than on contract,” and that the States “have asked this Court to review and interpret the governing federal statute and regulations.” Thus, the District Court retained jurisdiction to adjudicate the States’ claims for injunctive and declaratory relief under the APA and the Constitution.
Conclusion
These recent decisions provide important guidance for parties seeking to challenge broad federal funding directives and contract and grant terminations, clarifying the circumstances under which such claims may proceed in district court rather than the Court of Federal Claims. As the Government continues to contest subject matter jurisdiction in ongoing litigation, further guidance from the Circuit Courts or the Supreme Court is likely. We will continue to monitor these developments and provide updates as the legal landscape evolves.
Understanding Small Business Size and Status Protests and Appeals: A Guide for Government Contractors
In the highly competitive world of federal government contracting, a firm’s small business size or socioeconomic status can determine its eligibility for lucrative set-aside contracts. For competitors and interested parties, the ability to challenge a company’s claimed size or status is a critical tool for ensuring compliance with the Small Business Act and maintaining the integrity of the procurement process. This article provides an overview of how size and status protests and appeals work under Small Business Administration (SBA) regulations.
What Are Size and Status Protests?
A size protest challenges whether a company qualifies as a small business under the SBA’s size standards for a particular procurement.
A status protest, by contrast, challenges a firm’s eligibility for a specific small business program — such as the 8(a) Business Development Program, HUBZone Program, Service-Disabled Veteran-Owned Small Business (SDVOSB) Program, or Women-Owned Small Business (WOSB) Program.
Who Can File a Protest and When?
Size Protests (13 C.F.R. § 121.1001):
The contracting officer
Another offeror whom the contracting officer has not eliminated from consideration
The SBA itself
The awardee, in limited circumstances (e.g., in a protest of a protest decision)
Status Protests (13 C.F.R. §§ 124.517, 126.801, 127.603):
The contracting officer
Other interested offerors
The SBA or the relevant program office (e.g., the VA Center for Verification and Evaluation for SDVOSB concerns under VA procurements)
Time Limits:
Generally, a protest must be filed within five business days after notification of the apparent successful offeror (13 C.F.R. §§ 121.1004, 124.517, 126.801(d), 127.603(c)).
What Happens After a Protest Is Filed?
For size protests, the SBA Area Office investigates and issues a formal size determination (13 C.F.R. § 121.1009). The Area Office reviews documents such as tax returns, operating agreements, and contracts to assess issues such as affiliation (13 C.F.R. § 121.103), receipts or employee count (13 C.F.R. § 121.104 and § 121.106), and the applicable size standard based on the NAICS code.
For status protests, the SBA program office (or in some cases, the Office of Hearings and Appeals) investigates the concern’s eligibility for the program in question, often requiring evidence of ownership, control, or principal place of business.
Appealing an Adverse Determination
Size Appeals:
If a party disagrees with the SBA Area Office’s size determination, they may file an appeal with the SBA Office of Hearings and Appeals (OHA) under 13 C.F.R. § 134.302. The appeal must be filed within 15 calendar days after the issuance of the size determination (13 C.F.R. § 134.304(a)).
OHA’s decisions are typically final and binding on all parties. Notably, new evidence is generally not permitted unless it relates to jurisdiction or good cause is shown (13 C.F.R. § 134.308(a)).
Status Appeals:
For WOSB and SDVOSB programs, appeals of protest decisions may be made to OHA under 13 C.F.R. §§ 127.605 and 128.805.
For 8(a) status determinations (entry or continuing eligibility), there is limited appealability, primarily involving denials of early graduation or termination (13 C.F.R. § 124.304).
HUBZone appeals are generally subject to review by OHA.
Strategic Considerations
Timeliness and Precision – Protests and appeals must be timely and specific. Unsupported or speculative allegations are often dismissed outright.
Affiliation Rules Are Complex – Many size protests involve nuanced affiliation issues, including common management, ownership, or contractual relationships.
Interplay with Contract Awards – A sustained protest or appeal can result in the loss of a contract award or the reevaluation of proposals.
Simultaneous Size/Status Protest and GAO/COFC Protest – Companies are allowed to simultaneously submit size/status protests and traditional protests before the agency, the Government Accountability Office, or the U.S. Court of Federal Claims. Filing simultaneous protests can increase the contractor’s chances of success.
Conclusion
Size and status protests and appeals are vital mechanisms for ensuring only eligible firms receive small business set-aside contracts. Businesses must not only ensure their own compliance but be prepared to challenge competitors when the integrity of a procurement is at stake.
Guarding Against the Unknown: M&A Due Diligence of AI Companies in Data-Sensitive Sectors
M&A in the AI sector is redefining deal risk, especially when sensitive data is involved. As AI companies power breakthroughs in biotech, healthcare, defense, and critical infrastructure, the stakes for companies acquiring businesses handling proprietary data, biotech research, medical records, trade secrets, critical technology or government intelligence have never been higher. In an era where a single data breach or compliance failure can derail innovation and shatter market trust, due diligence has evolved from a legal checkpoint to a mission-critical strategy for safeguarding value in a rapidly disrupting landscape.
Government Contracts and Defense
AI companies servicing defense sector clients with government contracts must rigorously evaluate their obligations under regulations such as the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR). It’s vital to examine transactions that may affect critical infrastructure or defense for clearance by the Committee on Foreign Investment in the United States (CFIUS). A prospective buyer’s due diligence process should include thorough analysis of customer contracts and internal compliance, especially in cross-border sales involving national security concerns, to ensure compliance with vital regulatory requirements.
Biotech Research
In biotech research, AI plays a crucial role in analyzing large datasets like genomic and clinical data, with predictive models aiding drug discovery. The data used in this research must adhere to the U.S. Food and Drug Administration (FDA) guidelines on data integrity, encompassing ethical standards, study validity, and accuracy. Detailed due diligence by a prospective buyer of adherence to these guidelines is imperative to adhere to regulations, ensuring companies advance innovation responsibly in the biotech sector.
Data Protection and Privacy
A top priority when assessing AI companies dealing with sensitive information is compliance with data protection regulations for both customer data and user data. Due diligence should thoroughly examine how companies structure policies to ensure adherence to regulations such as the Health Insurance Portability and Accountability Act (HIPAA) for medical data, the General Data Protection Regulation (GDPR) for EU-based data, and the California Privacy Rights Act (CPRA) for California user data. These evaluations safeguard sensitive information while bolstering trust in partnerships and operations.
Technological and Security Assessments
Robust cybersecurity measures are essential for AI companies to safeguard sensitive data against breaches. Due diligence should entail examining security protocols, vulnerability management strategies, and incident response plans, and evaluating technologies like encryption and secure coding practices. Ensuring an organization is equipped against cyber threats protects its most valuable assets. AI companies also need to be mindful of maintaining confidentiality standards of their proprietary IP when collaborating with government bodies or during regulatory reviews relating to their industry sector. Buyers will review those arrangements to evaluate whether a potential target has allowed for unintended disclosures of its proprietary algorithms.
Conclusion
The M&A landscape for AI companies managing sensitive data demands comprehensive due diligence across regulatory compliance, intellectual property protection, foreign investments, and cybersecurity. A thorough evaluation of these facets enables informed decision-making, securing sensitive information and aligning strategies in the rapidly evolving AI sector. An AI company undergoing a sale or seeking opportunities should act deliberately to strengthen its position in the above areas.
Listen to this post
Tiernan Still also contributed to this article.
Does “Indemnify” = “Hold Harmless”?
Does this sound familiar? Nearly every construction contract contains an indemnification provision with some variation of these terms. And if you have ever negotiated a construction contract, you know that indemnification provisions often feature in those discussions. But are the words “indemnify” and “hold harmless” an example of lawyers inserting a meaningless list of synonyms to ensure that all bases are covered? Or do “indemnify” and “hold harmless” mean different things? According to the Alabama Supreme Court in Adams v. Atkinson, No. SC-2024-0528, 2025 WL 1416851 (Ala. May 16, 2025), “indemnify” and “hold harmless” may be synonyms depending on the context.
As noted in one of our prior blog posts, “contractual indemnity is the right of one party (the indemnitee) to claim reimbursement for a loss from another party (the indemnitor).” But does “hold harmless” also give one party a right to indemnification when it appears by itself? This past week, the Alabama Supreme Court held that the answer might be “yes.”
In Adams, a beneficiary of a family trust sued other parties for reimbursement of attorneys’ fees under the terms of a prior settlement agreement. The beneficiary faced a demand for payment of attorneys’ fees from a trustee and sought reimbursement from the defendants under a hold harmless provision. The hold harmless provision did not include the word “indemnify” but required the defendants to “hold [the beneficiary] harmless against any demand… by any corporate trustee… for attorneys’ fees.” The defendants argued that “hold harmless” was a defensive term in that they agreed only to waive any claim against the beneficiary for attorneys’ fees. The beneficiary, however, argued that the hold harmless provision necessarily granted an offensive right to reimbursement, i.e., indemnification, for the attorneys’ fees because it contemplated claims against the beneficiary only.
The Alabama Supreme Court held that “hold harmless” and “indemnify” may be synonyms even when they “appear separately and perform the same function.” To be clear, the court emphasized its holding was “narrow.” In the context of the specific hold harmless provision at issue, holding the beneficiary harmless against demands by corporate trustees only made sense if “hold harmless” meant “indemnify.” The court concluded by (1) confirming that “indemnify” and “hold harmless” are synonyms when they appear as a doublet (i.e., beside each other in the same provision) and (2) reasoning that “hold harmless” can mean “indemnify” when it (a) appears separately and (b) performs the “same function” as an indemnification provision.
In ruling in favor of the beneficiary, the court determined the context of the specific agreement in Adams indicated that the parties intended the hold harmless provision to operate as a reimbursement mechanism rather than a mere waiver of rights. The court found the defendants’ argument illogical as they would have no claim for attorneys’ fees to be waived in an action by a trustee against the beneficiary in which none of the defendants were named.
So, what does Adams mean for your construction contracts?
It means that you should be careful when using the words “hold harmless” by itself because a court or arbitrator may conclude that it means something different than you intended. Regardless of whether you want “hold harmless” language to operate as a waiver or a right to indemnification, later interpretations of that provision may be fact-dependent and may vary depending on the specific language used.
2024 EEO-1 Component 1 Report Filing Now Open
Key Takeaways
The U.S. Equal Employment Opportunity Commission 2024 EEO-1 Component 1 Report filing opened on May 20, 2025, with a submission deadline of June 24, 2025, and no extensions being granted.
Employers must select a workforce snapshot from October 1, 2024, to December 31, 2024.
Filing is mandatory for private employers with 100 or more employees, federal contractors with 50 or more employees and certain affiliated private employers.
As anticipated, 2024 EEO-1 Component 1 Report filing officially opened May 20, 2025, on the EEO-1 Data Collection website. The EEOC has expressed that, as part of cost savings, the filing period for EEO-1 data will be shorter than in the past. Specifically, employers will have a deadline for submission of June 24, 2025. It is important to note that no extensions will be granted this year, making timely compliance essential.
In addition to the shorter time period for submission, there are additional changes to the 2024 EEO-1 reporting as discussed here.
Filing Requirements
The EEO-1 Report is a mandatory annual data collection that requires certain employers to submit demographic workforce data, including data by race/ethnicity, sex and job categories. The following entities are required to file:
Private employers with 100 or more employees;
Federal contractors with 50 or more employees; and
Private employers with fewer than 100 employees who are affiliated through centralized control or ownership with other entities, totaling 100 or more employees.
To complete their report, employers must select a workforce snapshot from any pay period between October 1, 2024, and December 31, 2024, for both full-time and part-time employees.
EEOC Acting Director Warns No ‘Diversity Exception’ to Title VII in Announcing EEO-1 Reporting Period Opening
On May 20, 2025, the U.S. Equal Employment Opportunity Commission (EEOC) opened the platform for employers to submit EEO-1 reports. In doing so, EEOC Acting Director Andrea Lucas warned employers not to use the data to take employment actions and reinforced earlier technical assistance that diversity, equity, or inclusion (DEI) practices that result in different treatment based on race, sex, or another protected characteristic can be unlawful discrimination.
Quick Hits
The EEOC has opened the 2024 EEO-1 Component 1 reporting period, emphasizing that employers must not use the reported demographic data to justify discriminatory employment practices based on race, sex, or other protected characteristics.
EEOC Acting Director Andrea Lucas warned employers that there is no “diversity exception” to Title VII of the Civil Rights Act, even if the data suggests employer policies may have a disparate impact on certain groups.
The warning potentially complicates employers’ evaluation of their compliance with equal opportunity and antidiscrimination laws and regulations.
Current EEOC regulations require private employers with one hundred or more employees, and federal contractors with fifty or more employees that meet certain criteria to submit annual EEO-1 Component 1 reports with demographic data on their employees, including race/ethnicity, sex, and EEO job categories.
The EEOC states EEO-1 data is used in a variety of ways, including enforcement, self-assessment by employers, and research. Some employers have thus looked at their EEO-1 data and potential employment disparities to gain insights into their workforce demographics and evaluate their compliance with equal opportunity and anti-discrimination laws and regulations, including Title VII of the Civil Rights Act of 1964.
However, in announcing the platform’s opening, EEOC Acting Director Lucas warned employers that their “obligations under [Title VII] not to take any employment actions based on, or motivated in whole or in part by, an employee’s race, sex, or other protected characteristics.”
Specifically, Acting Director Lucas told employers that they may not use any potential race or sex disparities revealed in their employment data as a basis for implementing hiring or promotion policies that might give preferences to job candidates or employees based on sex, race, ethnicity, or other protected characteristics.
“Your company or organization may not use information about your employees’ race/ethnicity or sex—including demographic data you collect and report in EEO-1 Component 1 reports—to facilitate unlawful employment discrimination based on race, sex, or other protected characteristics in violation of Title VII,” Acting Director Lucas stated.
“There is no ‘diversity’ exception to Title VII’s requirements,” she added.
Disparate Impact
Acting Director Lucas pointed to President Donald Trump’s April 23, 2025, EO 14281, “Restoring Equality of Opportunity and Meritocracy,” which calls for an end to liability for unlawful discrimination based on disparate impact, under which employers may be held liable for neutral employment policies or practices that have a substantial adverse impact on a protected group, such as race or sex. Specifically, the EO directed federal agencies like the EEOC to deprioritize enforcement of disparate impact claims.
The acting director said that under her leadership, the EEOC will follow and enforce the EEOC and will prioritize remedying intentional discrimination claims. She reiterated that employers may not use information collected as part of an EEO-1 report to treat employees differently based on any protected characteristic.
“[T]he fact that a neutral employment policy or practice has an unequal outcome on employees of a particular race or sex—that is, has a ‘disparate impact’ based on race or sex—does not justify your company or organization treating any of your employees differently based on their race or sex. As noted above, you must not use the information collected and reported in your organization’s EEO-1 Component 1 report to justify treating employees differently based on their race, sex, or other protected characteristic.”
Next Steps
The EEOC announced that the 2024 EEO-1 Component 1 data collection filing platform is now open until June 24, 2025, at 11:00 p.m. (EDT), which the EEOC will not extend, and the platform will close. This means covered employees will need to promptly prepare and file their reports by the deadline to maintain compliance.
The EEOC acting director’s warnings are in line with recent EEOC guidance issued under her leadership and policy directives from the Trump administration. Since taking office in January 2025, President Trump has issued a series of EOs, which are facing numerous legal challenges, seeking to eliminate unlawful DEI programs in employment and revoking federal contractors’ affirmative action program mandates, largely stripping authority from the Office of Federal Contract Compliance Programs (OFCCP).
At the same time, the EEOC acting director’s warnings to employers could complicate employers’ efforts to maintain antidiscrimination compliance and evaluate potential risk for unlawful discrimination claims.
Employee Complaint Rights: Update on Executive Order 13496 Compliance
Executive Order (E.O.) 13496, signed on January 30, 2009, mandates that certain government contractors and subcontractors post notices informing their employees of their rights under federal labor laws. This executive order applies to all government contracts, except for collective bargaining agreements and contracts for purchases under the Simplified Acquisition Threshold.
Quick Hits
E.O. 13496 requires government contractors and subcontractors to post notices informing employees of their rights under federal labor laws.
The DOL is seeking an extension of the current approval to collect information related to E.O. 13496 to ensure its enforcement through the complaint procedure.
OFCCP remains the primary enforcement body for complaints under E.O. 13496 despite significant staff reductions.
Under the regulatory provisions of E.O. 13496 (29 C.F.R. Part 471), contractors and subcontractors are required to post notices detailing employees’ rights under the National Labor Relations Act (NLRA). These notices must include information on activities that are illegal under the Act, a general description of the remedies available to employees, and contact information for further assistance. The U.S. Department of Labor (DOL) estimates that it will annually continue to receive approximately ten complaints alleging failures to comply with the notice posting requirements of E.O. 13496.
The National Labor Relations Board’s (NLRB) 2011 rule required private-sector employers to post similar notices to employees advising them of their rights under the NLRA. But in June 2013, the Fourth Circuit Court of Appeals stated the agency had exceeded its authority when making such a requirement, agreeing with an earlier D.C. Circuit decision. A second chance at such notices was taken in 2023, when former NLRB General Counsel Jennifer Abruzzo suggested that employers distribute “Know Your Rights” cards to educate employees of their rights.
Now, the DOL is seeking an extension of the approval to collect information related to E.O. 13496. According to the DOL, “An extension is necessary because if this information collection is not conducted, E.O. 13496 could not be enforced through the complaint procedure.” The information collection request was last approved in 2022.
The Office of Labor-Management Standards (OLMS) administers the enforcement provisions of E.O. 13496, while the Office of Federal Contract Compliance Programs (OFCCP) handles compliance evaluations and investigations. The Federal Register notice continues to designate OFCCP as the primary enforcement body for complaints under E.O. 13496, even though the Trump administration has reduced OFCCP’s staff by approximately 90 percent.
The notice-and-comment deadline is July 15, 2025. Comments on this renewal request will be summarized and included in the request for Office of Management and Budget (OMB) approval. The DOL seeks authorization for this information collection for three years.
Additional Tariffs On the Runway? Commerce Seeks Public Comments on Potential Commercial Aircraft, Engines, and Parts Tariffs
While many in the aviation industry are busy trying to navigate the existing U.S. tariff regime, they should also consider the potential impact of a new investigation that could lead to additional tariffs (e.g., 25 percent, based on recent similar investigations). On May 1, 2025, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) initiated a Section 232 investigation to determine the effects on the national security of imports of commercial aircraft and jet engines, and parts thereof (collectively, “aircraft and aircraft parts”). The current unpublished Federal Register notice of investigation can be found here.
This investigation is just the latest Section 232 investigation on imported merchandise, following closely on the heels of recently initiated investigations on lumber, semiconductors, pharmaceuticals, critical minerals and copper, just to name a few. Moreover, the U.S. has already imposed tariffs pursuant to Section 232 on autos and auto parts and on steel and aluminum articles.
During this investigation, BIS will allow for interested parties to submit written comments to inform the agency’s decision on whether to take action, including by imposing tariffs or quotas on imports. BIS is most interested in receiving comments on the:
current and projected demand in the U.S. for aircraft and aircraft parts;
extent to which domestic production of aircraft and aircraft parts can meet domestic demand;
role of foreign supply chains in meeting U.S. demand for aircraft and aircraft parts;
concentration of U.S. imports of aircraft and aircraft parts from a small number of suppliers and related risks;
impact of foreign government subsidies and predatory trade practices on the competitiveness of the aircraft and aircraft parts industry in the U.S.;
economic impact of artificially suppressed prices of aircraft and aircraft parts due to foreign unfair trade practices and state-sponsored overproduction;
potential for export restrictions by foreign nations, including the ability of foreign nations to weaponize their control over supplies of aircraft and aircraft parts;
feasibility of increasing domestic capacity for aircraft and aircraft parts to reduce reliance on imports;
impact of current trade policies on domestic production of aircraft and aircraft parts and whether tariffs or quotas are necessary to protect national security.
If the Section 232 tariffs on autos and steel/aluminum are any indication of the likely outcome, BIS’s investigation may result in imposition of a 25 percent duty on aircraft and aircraft parts. It remains to be seen whether any Section 232 tariffs on aircraft and aircraft parts, if imposed, may allow for import adjustment offsets if assembly occurs in the U.S. (similar to the Section 232 auto import adjustment) or if exemptions will be granted for certain countries (e.g., in the U.S.-U.K. trade deal).
BIS will allow for interested parties to submit written comments on this investigation during the comment period of within 21 days of official publication in the Federal Register, which we anticipate will be on May 13, 2025, making the comment period deadline June 3, 2025. Parties that may be impacted by tariffs or quotas on imports of aircraft and aircraft parts should strongly consider whether to submit comments or to begin strategic planning to deal with the added costs for aircraft and aircraft parts.
EEOC Opens EEO-1 Data Collection Portal With Reporting Changes
The Equal Employment Opportunity Commission (“EEOC”) has opened the 2024 EEO-1 data-collection cycle and set Tuesday, June 24, 2025, as the filing deadline for submissions. According to the EEOC, this year’s reporting window is shorter than in prior cycles as part of its “efforts to identify continued cost savings for the American public.” In its announcement about the opening of the portal, the EEOC made clear that the collection period will not be extended.
Relatedly, and as a follow-up to our previous post, the Office of Management and Budget (“OMB”) has approved the EEOC’s requested change to the EEO-1 report, eliminating the option allowing employers to voluntarily report employees who self-identify as “non-binary.” Employers now only have the option to report employees as male or female.
In connection with the opening of the portal, Acting EEOC Chair Andrea Lucas issued a public statement reminding employers of their “obligations under Title VII not to take any employment actions based on, or motivated in whole or in part by, an employee’s race, sex, or other protected characteristics.” She cautioned companies not to “use information about your employees’ race/ethnicity or sex—including demographic data you collect and report in EEO-1 Component 1 reports—to facilitate unlawful employment discrimination based on race, sex, or other protected characteristics in violation of Title VII.” Emphasizing that “Title VII’s protections apply equally to all workers, regardless of their race or sex,” Acting Chair Lucas addressed DEI programs, stating that “[d]ifferent treatment based on race, sex, or another protected characteristic can be unlawful discrimination, no matter which employees or applicants are harmed. There is no ‘diversity’ exception to Title VII’s requirements.”
She also referenced the Trump Administration’s recent Executive Order “direct[ing] all agencies to … de-emphasize ‘disparate impact’ enforcement.” Acting Chair Lucas confirmed that the EEOC “will fully and robustly comply with this and all Executive Orders,” and “will prioritize remedying intentional discrimination claims.” She also warned employers that “under existing law, the fact that a neutral employment policy or practice has an unequal outcome on employees of a particular race or sex—that is, has a ‘disparate impact’ based on race or sex—does not justify your company or organization treating any of your employees differently based on their race or sex.”
In light of these developments, employers should promptly gather the workforce data necessary to complete their 2024 reports, verify that their contact information is current in the portal, and monitor emails for further instructions. Early preparation will help ensure timely compliance within the shortened filing window.
Justice Department Launches Initiative Targeting Contractors’ and Grantees’ DEI Programs, Anti-Semitism, and Transgender Policies
On May 19, 2025, Deputy Attorney General Todd Blanche issued a memorandum (the “Memorandum”) establishing the Department of Justice’s “Civil Rights Fraud Initiative” (the “Initiative”). The program “will utilize the False Claims Act to investigate and, as appropriate, pursue claims against any recipient of federal funds that knowingly violates federal civil rights laws,” led by a team of attorneys from the DOJ’s Civil Rights Division and Civil Division’s Fraud Section who will “aggressively pursue this work together,” while consulting with the DOJ’s Criminal Division and other federal agencies.
Describing the False Claims Act (“FCA”) as the “the Justice Department’s primary weapon against government fraud, waste, and abuse,” the Memorandum states that the FCA is “implicated when a federal contractor or recipient of federal funds knowingly violates civil rights laws—including but not limited to Title IV, Title VI, and Title IX, of the Civil Rights Act of 1964—and falsely certifies compliance with such laws.”
The Initiative builds on President Trump’s “Ending Illegal Discrimination and Restoring Merit-Based Opportunity” Executive Order (the “Order”). The Order, among other things, requires federal agencies to include two provisions in every federal contract or grant award:
(A) A term requiring the contractual counterparty or grant recipient to agree that its compliance in all respects with all applicable Federal anti-discrimination laws is material to the government’s payment decisions for purposes of [the FCA]; and
(B) A term requiring such counterparty or recipient to certify that it does not operate any programs promoting DEI that violate any applicable Federal anti-discrimination laws.
The Administration has been issuing contract modifications incorporating these provisions which, as we discussed in a prior post, create significant risks for contractors. The Memorandum makes clear that the Justice Department is focused on relying on these provisions to pursue federal contractors and other recipients of federal funds that violate civil rights laws and provides instructive examples of the practices and entities that the Initiative will target.
For example, the Memorandum calls out universities, stating that “[c]olleges and universities cannot accept federal funds while discriminating against their students,” and that “a university that accepts federal funds could violate the False Claims Act when it encourages antisemitism, refuses to protect Jewish students, allows men to intrude into women’s bathrooms, or requires women to compete against men in athletic competitions.”
The Memorandum also states that the FCA is “implicated whenever federal-funding recipients or contractors certify compliance with civil rights laws while knowingly engaging in racist preferences, mandates, policies, programs, and activities, including through diversity, equity, and inclusion (DEI) programs that assign benefits or burdens on race, ethnicity, or national origin.” With respect to DEI programs, the Memorandum signals that the Justice Department will be looking for programs that are “camouflaged with cosmetic changes that disguise their discriminatory nature.”
Finally, the Memorandum seeks the assistance of the public in this effort, “strongly encourag[ing]” qui tam claims, in which individuals file FCA claims on behalf of the government “and, if successful, shar[e] in any monetary recovery.” The Justice Department also “encourages anyone with knowledge of discrimination by federal-funding recipients to report that information to the appropriate federal authorities so that the Department may consider the information and take any appropriate action.”
Stop Guessing the Price – Use Material Escalation Clauses to Protect Your Bid in a Volatile Tariff Climate
In today’s market, contractors often find themselves playing The Price is Right when bidding material costs — trying to hit the number just right without going over. But with new (and changing) tariffs targeting steel, aluminum, and other goods in 2025, that guessing game just became even riskier.
Should contractors base bids on current prices and absorb the risk of dramatic cost increases down the line? Or should they build in a buffer against future uncertainty and potentially price themselves out of the job? Another move may be to include a material escalation clause in your contracts.
In fixed-price or lump-sum contracts, general contractors, subcontractors, and suppliers typically bear the brunt of material price increases. However, supply chain disruptions and price volatility are increasing in the current economic climate, so builders have an incentive to address cost escalation more directly.
A material escalation clause allows parties to adjust the contract price if material costs rise significantly during the course of the project. It effectively shifts risk away from the contractor and toward the project owner. Material escalation clauses can be either “cost-based” or “index-based.” A cost-based clause compares the contractor’s actual incurred material cost to bid-day estimates, while an index-based clause ties pricing to published indexes such as the Producer Price Index (PPI) from the U.S. Bureau of Labor Statistics.
A typical material escalation clause would provide a contractor with entitlement to a change order if a significant change in the price of material occurred after the contract was executed. A significant price change would be defined contractually and tied to a threshold percentage increase in the cost of the material. Many clauses also include a cap on the amount of a price increase that an owner would be required to absorb.
Convincing an owner to include a material escalation clause can be a challenge, especially if they’re focused solely on keeping upfront costs low. Here are two strategies to make the conversation easier:
Offer Bid Transparency – Explain that bidding based on current material costs, rather than padding your bid with risk premiums, is only possible if the contract allows for later adjustments. In short, escalation clauses can lower the base bid.
Include a De-Escalation Component – Consider a two-way clause that benefits the owner if material prices drop beyond a certain threshold. This gives owners comfort that the clause isn’t just a one-sided windfall for the contractor.
Even though it may be a difficult conversation with an owner, spending the time to sort through material cost escalation clauses prior to contracting may be beneficial to both parties by providing more certainty around price risk during a period of expected volatility in global markets.
Listen to this post