Does the National Cybersecurity Strategy spell the end of the government market for commercial software?

In This Story

People Mentioned in This Story

The use of commercial buying practices under Federal Acquisition Regulation (FAR) Part 12 has been a boon to industry and government alike. These procedures allow agencies to adopt commercial terms and conditions and have greatly streamlined the government’s access to innovative commercial off-the-shelf (COTS) software capabilities essential to a modern customer experience and successful agency mission support. Using these streamlined procedures represents a significant public/private procurement partnership that assists agencies in providing a modern, 21st century digital government.

On March 2 [2023], the Biden administration released their National Cybersecurity Strategy. Like its predecessors, the Biden strategy seeks to incentivize adequate and long-term investment in cybersecurity to combat current risks and mitigate future ones. Unlike previous strategies however, the Biden administration seeks to fundamentally reshape the allocation of legal risks and liabilities by placing greater legal obligations on software producers.

Some would argue that this outcome violates the basic foundations of FASA. Proper implementation of this new shift may require amendments to, or even discarding, FASA that codified the mandate to use commercial practices.

Whatever the outcome, the new shift of product liability envisioned by the National Cybersecurity Strategy will obviate the widespread use of standard UCC-based commercial terms and conditions and upend long standing business practices for standard commercial software producers.

Read the full Commentary.