Posts

Showing posts with the label 2026-01-30 Digest

More 8(a) Scrutiny Announced

The 8(a) Business Development Program has garnered intense scrutiny from the Trump Administration over the past few months.  See  here ,  here  and  here . This focus continues with three significant developments in 2026: Secretary Pete Hegseth’s January 16 announcement on X of a Department of War audit of 8(a) sole-source contracts, the Small Business Administration’s (SBA) January 22 guidance restructuring how the 8(a) program is administered, and SBA’s issuance of Notices of Suspension to some 8(a) firms that failed to fully respond to SBA’s   by the January 19 deadline. Together these developments reflect growing skepticism toward the 8(a) program and signal increased scrutiny for contractors that have long treated 8(a) status as a relatively predictable procurement vehicle. Department of War Audit On January 16, 2026, Secretary of War Pete Hegseth announced via X (formerly Twitter) that the Department would be “taking a sledgehammer” to the 8(a) progra...

OFCCP’s Start to 2026—Proposed Funding and a Focus on Complaints and VEVRAA

Quick Hits OFCCP issued an Information Collection Request on January 2, 2026, seeking to revise questions on its complaint and pre-complaint inquiry forms to align with Executive Order 14173. OFCCP issued a renewed Information Collection Request on January 7, 2026, seeking to extend existing recordkeeping requirements under VEVRAA. On January 20, 2026, an appropriation bill was introduced that proposed to fund OFCCP at $100,976,000 for fiscal year 2026 . This appropriation bill passed the House of Representatives on January 22, 2026, and now moves to the Senate for final approval. The future and focus of OFCCP has been the subject of discussion and speculation by the federal contractor community since  Executive Order (E.O.) 14173  was signed in January 2025. In the lead-up to last year’s government shutdown, the House Appropriations Committee proposed to eliminate OFCCP and move oversight obligations to other federal agencies, while the Senate Appropriations Committee propos...

Government Contracting in 2026- Key Legal & Compliance Risks

  As federal agencies continue to navigate budget constraints, geopolitical uncertainty, workforce shortages, and rapid technological change, government contractors entering 2026 face an increasingly complex legal and enforcement environment. Recent case law, agency guidance, and enforcement activity reflect a clear trend: Contractors are being held to higher standards of documentation, transparency, and internal controls across the procurement lifecycle. Below are six legal issues government contractors should be actively monitoring — and preparing for — in 2026. 1.  Heightened Scrutiny of Responsibility Determinations and Contractor Integrity Agencies are paying closer attention to contractor “responsibility,” particularly with respect to ethics, compliance systems, financial viability, and past performance. Responsibility determinations — long considered largely discretionary — are increasingly shaped by issues that extend well beyond the instant procurement. Recent litiga...

HIPAA Privacy Notices Must Be Updated by February 16: Key Points for Group Health Plan Sponsors and Covered Entities

If your business is required to maintain a notice of your HIPAA privacy practices, you must act quickly to make sure your notice is updated to comply with new requirements established in a 2024 final rule. Specifically, you have until  February 16  to revise your NPP to include specific content related to heightened confidentiality rules for substance use disorder treatment records. We’ll explain everything you need to know ahead of the impending deadline. Quick Background HIPAA Privacy Rule.  Federal regulations (known as the “Privacy Rule”) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) set national standards for safeguarding individuals’ “protected health information” (PHI), such as their medical records and other individually identifiable health information. These rules apply to “ covered entities ” – such as health plans or healthcare providers – and their “ business associates .” Privacy Notice Requirement.  Unless an exception ...

Ransomware: What You Need to Know as Attacks, Regulation and Enforcement Increase

Executive Summary What’s new.  As the frequency and sophistication of ransomware attacks increase, corporate responses to these incidents are subject to ever-growing regulation, and enforcement actions are becoming more frequent. Why it matters.  Businesses that are victims of a ransom attack face new regulatory risks and heightened scrutiny over their response processes, on top of potential operational damage and reputational harm. What to do now.  Organizations can mitigate legal and regulatory risks by ensuring incident response, escalation and notification protocols are thorough, up to date and well documented, and by engaging experienced legal counsel and cybersecurity advisers in advance of any incident. __________ Ransomware attacks continue to evolve in sophistication, disrupting operations and commanding the urgent attention of regulators, law enforcement and government agencies. Organizations victimized in these incidents now face not only the immediate operatio...