Two staged deadlines under existing law impose new supply-chain compliance obligations on Department of Defense contractors. Starting June 2026, DoD is prohibited from directly procuring goods, services, or technology from companies on the Chinese Military Companies (CMC) list, or from companies that hire lobbyists who lobby for CMCs. Starting June 2027, the prohibition extends to indirect procurement — meaning contractors must remove CMC products and services from their own supply chains. Coverage from Government Contracts Navigator and Natl Law Review.
How this layers on top of Section 889
This isn't replacing Section 889 — it's adding to it. Section 889 of the FY2019 NDAA already prohibits federal agencies and contractors from buying or using telecommunications and video surveillance equipment from named Chinese suppliers (Huawei, ZTE, Hikvision, Dahua, Hytera). All federal contractors annually certify compliance via the SAM.gov representations.
The CMC restriction is broader. It targets a list of companies maintained by the Department of Defense as identified Chinese Military Companies. The list has grown steadily and includes major Chinese state-owned enterprises across telecom, semiconductors, shipbuilding, aviation, and biotech.
Compliance timeline
| Effective date | What changes | Who's affected |
|---|---|---|
| Already in force | Section 889(A) — direct procurement of named telecom/surveillance equipment banned | All federal contractors |
| Already in force | Section 889(B) — contractors banned from using named equipment in any operations | All federal contractors |
| June 2026 | DoD direct procurement ban from CMC-listed companies and their lobbyists | DoD prime contractors |
| June 2027 | Indirect procurement ban — CMC products/services must be out of contractor supply chains | DoD contractors and subs |
What "indirect procurement" really means
The June 2027 indirect-procurement ban is the harder compliance lift. It means defense contractors must trace their own supply chains and remove products, services, and technology developed by listed CMCs.
For a firm that supplies the DoD with, say, networking gear or specialty manufacturing components, indirect-procurement compliance requires:
- Mapping every component, sub-component, and software element to its country of origin and parent company
- Cross-referencing each against the current CMC list (which can change)
- Identifying alternative suppliers for any flagged components
- Re-qualifying alternatives through engineering, test, and cost-validation cycles
- Updating internal procurement controls to flag new CMC-affiliated sources before purchase
Firms with deep electronics or specialty manufacturing supply chains often discover that CMC-affiliated components are present three or four tiers down — beyond what their direct suppliers can easily attest to.
Penalties for non-compliance
Material misrepresentation on the SAM.gov annual certification is a False Claims Act exposure. Discovery during contract performance can result in:
- Termination for default
- Treble damages under the FCA
- Suspension or debarment
- Loss of follow-on awards
What to do this week
- If you don't already have a Section 889 supply-chain map, start one now. CMC compliance builds on the same data.
- Pull the current CMC list from DoD and circulate it to your procurement team.
- Survey direct suppliers: ask them to attest to CMC-free supply chains, in writing, with right of audit.
- Budget for re-qualification of any affected components — engineering and test cycles take 6–18 months.