For years, Foreign Ownership, Control, or Influence — better known as FOCI — was something most defense contractors only worried about if they held a facility clearance or worked directly with classified programs. That’s changing quickly.
The Department of War is moving toward a much broader view of national security risk, and contractors across the defense industrial base are starting to realize they may soon face deeper scrutiny over ownership structures, foreign investment, supply chains, and investor relationships — even on unclassified work.
At the center of the conversation is a proposed DFARS rule that would expand FOCI disclosure requirements beyond traditional classified contracting. In practical terms, that means companies that may never have dealt directly with DCSA mitigation agreements or detailed ownership reporting could suddenly find themselves navigating a much more complex compliance environment.
The government’s concern is no longer limited to who can physically access classified information. Officials are increasingly focused on who influences defense technologies, who funds innovation, where supply chains originate, and whether foreign entities could exert leverage over critical programs.
That shift has major implications for contractors operating in the national security space.
Defense tech startups, AI companies, cyber firms, and dual-use technology companies are especially vulnerable because many have relied heavily on venture capital and global investment ecosystems to scale. A company may not consider itself “foreign owned,” but even minority foreign investment, offshore holding structures, or complex private equity arrangements could trigger additional scrutiny moving forward.
For larger contractors and private equity-backed firms, this could slow acquisitions, delay contract awards, and create entirely new compliance burdens. Companies may need to disclose beneficial ownership information, explain investor relationships, map foreign dependencies within supply chains, and potentially restructure governance models to satisfy mitigation requirements.
And for small businesses, the challenge may be even more difficult.
Many smaller contractors simply do not have in-house legal teams or security compliance departments ready to handle sophisticated FOCI reviews. Some may not even realize their investor structures or overseas partnerships could become problematic under expanded oversight.
The next year could create a clear divide between companies that proactively prepare and those that wait until a contract opportunity forces the issue.
That preparation starts with understanding your exposure.
Contractors should begin reviewing ownership structures now, especially if they have outside investors, foreign capital exposure, overseas affiliates, or strategic international partnerships. This is also the time to strengthen relationships with experienced government contracts attorneys, FOCI consultants, facility security officers, and DCSA advisors who understand how mitigation strategies work in practice.
Large primes will likely lean on internal compliance and legal teams, but mid-sized firms should consider engaging outside counsel early before they are forced into reactive compliance mode during an active procurement. Small businesses may benefit from connecting with PTACs, APEX Accelerators, industry associations like NDIA, and security-focused advisory firms that can help explain emerging requirements before they become a contract barrier.
There is also a growing need for communication between investors and operators in the defense sector. Many founders and executives may discover that funding structures that work well in commercial tech environments create complications inside the national security ecosystem.
The broader message from the Pentagon is becoming increasingly clear: ownership transparency is now considered part of national security readiness.
For contractors hoping to compete in the evolving defense market, compliance may soon become just as important as capability.
