Geopolitical shifts are forcing defense primes and agencies to take a hard look at their suppliers’ source materials, components, and labor. As conflicts continue to flare up, the DoW has been taking action to illuminate supply chains, eliminate foreign dependencies, near-shore production, and boost allied nation sourcing. Here’s what you need to know to stay ahead of the changes. 

Requiring Greater Illumination to Target Foreign Dependencies

US policy and DoW guidance are increasingly targeting foreign dependencies in critical defense supply chains, creating compliance and sourcing pressure simultaneously. This isn’t so much a brand new change as the culmination of a program that has been honing in on foreign control and dependency over the last two decades, imposing increasingly stringent rules for visibility and the elimination of foreign influence.

Early focus on foreign investment and influence

The first move against foreign influence was the 2007 Foreign Investment and National Security Act. FISNA reformed the statutory framework governing national security reviews of foreign direct investments. In particular, it increased scrutiny of sovereign wealth funds and other foreign-owned investment vehicles, and expanded the scope of “national security” to explicitly protect critical U.S. infrastructure, core technologies, and major production facilities.

Serious focus on supply chains began with the SECURE Technology Act of 2018. This bill focused on federal IT supply chains, setting technology risk standards, modernizing vulnerability reporting, increasing interagency cooperation around IT security, and creating a bug bounty to incentivize researchers to discover vulnerabilities in IT systems. 

The focus on specific countries came the next year, with Executive Order 13873, titled “Securing the Information and Communications Technology and Services Supply Chain.” The EO blocked U.S. transactions involving technology designed, built, or supplied by entities controlled by “foreign adversaries,” including China, Russia, Iran, Cuba, Venezuela, and the DPRK. 

It gave the Secretary of Commerce the authority to block the acquisition, importation, transfer, or use of Information and Communications Technology and Services (ICTS) that pose an unacceptable national security risk. 

While 13873 was declared as a “state of emergency,” in practice it set a new status quo. The order has been extended ever since, and used to regulate new technology, such as connected vehicles and UAVs. 

Honing in on foreign influence

More recently, the US has extended Foreign Ownership, Control, or Influence screening. Historically, strict FOCI vetting was reserved for cleared contractors handling classified contracts. But under updated National Defense Authorization Act requirements, the DoW rigorously screens any entity handling sensitive work for ties to foreign entities and intelligence networks. 

The DoW is also implementing supply chain illumination measures, and expanding the scope of supply chain evaluation. Now, the government doesn’t just care where a product is assembled, but makes compliance hinge on origin at the component and material level. They are concurrently moving towards continuous vendor monitoring and comprehensive country of origin reporting under GAO-25-107283.

The DoW has also implemented part level tracking rules, requiring Bills of Material (BOMs) and Software Bill of Materials (SBOM) for software, electronics, weapons systems, and other equipment. Along with this, the DoW is working to eliminate foreign adversary reliance and ensure domestic supply of critical components like batteries and rare earth magnets. 

Stricter American Sourcing Requirements

In many ways, the globalization of supply chains has been a benefit for larger companies, enabling them to source the supplies and components they need more easily and cost-effectively. But for defense contractors, it has been a mixed blessing. 

Buy American sourcing rules 

While it will likely be years before the DoW can fully implement supply chain illumination down to the component or material level, there’s already considerable liability in the first two tiers. With some exceptions discussed in the Five Eyes section below, the DoW is required to source 100% domestic end products and components for food, clothing, fabrics, fibers, yarns, tents, and hand tools. The same goes for specialty metals used in many military vehicles, satellites, and weapons, including steel alloys, titanium, and zirconium under DFARS. 

The Buy American Act of 1933 set requirements for the government to purchase American made goods. The threshold to consider a product “made in America” has increased over time, requiring a greater fraction of costs and components sourced to the US. Currently, 65% of cost must go towards American components and manufacturing, rising to 75% in 2029.

Subcontractor flow-down

This becomes a real problem for primes with DFARs flow-down; since requirements for American-made products flow down to each of your subcontractors, your contractors and subcontractors also need to spend 65% of their costs in America. 

Of course, these rules aren’t absolute; the US military can and does buy from foreign suppliers under certain conditions. But you can’t ask for a waiver (or even investigate whether you’re eligible for one) if you don’t know you need a waiver. Add the foreign influence rules we discussed, and it’s clear you need a lot more visibility than most companies currently had.

Building visibility

So, do they expect you to document your whole supply chain down to the raw material level? No — at least, not yet. Realistically, even the most sophisticated primes aren’t able to shine the light more than a couple steps down into their supply chain at the moment, and the DoW knows it; while working to develop the Supply Chain Risk Evaluation Environment (SCREEn), the DoW spent five years illuminating the supply chain of the F-35 Prime, Lockheed Martin, but were only able to complete the exercise for 30,000 out of 40,000 parts. 

If they can’t do it yet. There probably aren’t many primes who can. 

Instead, primes should aim to collect country of origin and risk data for tier-1 and tier-2 suppliers in order of importance, starting with your critical suppliers. Collecting information once isn’t enough; you need to continuously monitor your supplies to ensure ownership, country of origin, or risk profile don’t change.

Expanded Five Eyes and AUKUS Sourcing

Allied nation sourcing now allows a number of exceptions for products from the other Five Eyes (FVEY) countries: the UK, Australia, Canada, and New Zealand. There are also further economic rules benefitting partnerships with UK and Australian under the AUKUS trade agreement. 

Under FVEY rules, the UK, Australia, and Canada are treated as if they’re located in America for the purpose of compliance with the BAA act. New Zealand is treated in a similar way under separate agreements. That means any product or component manufactured in a FVEY country can satisfy requirements like the By American Act.

The AUKUS Directive also eliminates ITAR bottlenecks between the US, UK, and Australia. An AUKUS-Authorized User can transfer ITAR-controlled defense articles and services between the three countries without seeking individual export licenses.There are also specific tech sharing agreements around specific technologies, such as nuclear-powered submarines, autonomous underwater vehicles and sensor networks, hypersonic weapons and detection, AI decision-making, and advanced cybersecurity.

The only exceptions are for tech on the Excluded Technology List, such as anti-personnel landmines, cluster munitions, and certain classified technologies. 

Increased Supply Chain Disruptions

Supply chain disruptions are nothing new for the defense industry; they’ve been around as long as there has been war. But the complexity and interdependence of modern supply chains, combined with increasing global instability have ratcheted up the challenge. Conflicts like the Iran-US war can impact the entire globe very quickly, as can labor conflicts, regional destabilization, and environmental disasters. And with both conflict and climate change accelerating, things are likely to get worse before they get better. 

Security is another growing risk. Government threat actors have ballooned over the past year, with a 266% in state-linked attacks on cloud infrastructure according to CrowdStrike’s 2026 global threat report. Foreign influence networks are more sophisticated as well, using ever more complex ownership structures to hide FOCI risk. 

And then there’s the rapid rate of change in the supply chain. Partnership and country of origin can literally change within a single shipment, and supplier ownership can switch almost as quickly. 

Coping with supply chain instability

To stay ahead of all these risks, you need a framework for operationalizing geopolitical signals, not just tracking headlines. That frees you to do a lot of different things, including: 

  • Optimizing your supply chain to minimize geographic concentration risk
  • Sourcing alternate suppliers to mitigate the impact of geopolitical conflicts and environmental emergencies
  • Tracking changes, mergers & acquisitions, and investments for new FOCI risk
  • Rapidly triaging new supplier risks for mitigation or alternate sourcing
  • Hardening your supply chain against companies with poor cybersecurity profiles

Craft gives you the data fabric and reporting capabilities to stay ahead of supply chain risk. You can dig into supplier ownership structures, spot geographical concentration, and examine risks like cybersecurity, finance, compliance, and FOCI, all from a single platform. Fully configurable alerting lets you see new risks in near-realtime, so you can fix upstream problems before they impact sensitive projects. 

 

Contact us today to see just how robust your defense supply chain can be.