How to win contracts from the world’s largest client: the US Government (2): Regulations, barriers and solutions



This is the second installment of the series on How to win contracts from the world’s largest client, the US Government”. In the first article we talked about the structure of the government, the ways a non-US company can access this gigantic market, the initial procedures that must be followed, types of government contracts and aspects to take into account when preparing proposals.

In this second article we deal with the regulations that must be taken into account, how some of them pose entry barriers of special relevance for international companies or their US subsidiaries and what solutions can be used to avoid them. We talk about aspects such as the FAR, the ‘Buy American Act’, ITAR & EAR, restrictions on classified contracts, CMMC, CFIUS and barriers to outsourcing abroad. We focus primarily on Federal Government contracts in the United States, since the diversity in state and local contract regulations is very wide.

In a third and final installment of this series, we focus on analyzing the advantages that small businesses can benefit from and how they can be used by international companies as a way to access government contracts in the US.

Applicable regulations

It is important to know the applicable regulatory sources to understand how contracts are awarded and what standards must be followed when executing them, as a breach can cause serious damage to the company and affect its ability to continue acting as a government contractor. Depending on the origin of each government contract, different rules will apply. 

Regarding federal government contracts, the applicable rules are the Federal Administration Regulations or FAR. They regulate all aspects related to federal contracts.

The General Services Acquisition Manual or GSAM defines the policies, practices, clauses, contractual conditions and forms for contracts managed through the GSA, which is one of the possible avenues of sale to the federal government, although not the only one. GSA is an agency of the federal government that centralizes part of the purchases of products and services made by the various organizations within the federal government.

The Federal Travel Regulation or FTR implements policies applicable to the travel of federal civilian employees and other persons authorized to travel at government expense, such as suppliers in federal contracts.

On the other hand, government contractors that participate in contracts of the ‘cost reimbursement’ type (e.g. cost+, times & materials) are subject to mandatory accounting standards such as the Cost Accounting Standards or CAS , something that is verified by frequent audits by agencies such as the Defense Contract Audit Agency (DCAA).

Additionally, each department or government agency can define its own particular standards. For example, there is a “NASA FAR Supplement” or NFS which adds to the FAR the regulations specifically applicable to contracts awarded by NASA. Likewise, the Ministry of Defense uses the Defense Federal Acquisition Regulation Supplement or DFARS, as an extension to the FARs.

Similarly, states and local governments define their rules for the management of public contracts. For example, the state of California defines in its State Contracting Manual the policies, procedures and regulations applicable to contracts awarded by the state.

Obviously, in addition to the general regulations specific to government contracts, the general laws applicable to contracts of all kinds in the public and private sectors will also apply, such as those relating to human resources, banking transactions, safety and hygiene at work, etc. Sector-specific regulations will also need to be taken into account. 

Contract-specific clauses

Each government contract, in addition to the general rules of different levels mentioned in the previous sections, defines a series of specific clauses applicable exclusively to that contract. They normally cover all kinds of aspects such as the definition of the product or service to be provided (‘scope of work’), the price to pay for them, the duration of the contract, the calendar and main milestones, termination conditions and other applicable matters.

These clauses are clearly defined in the RFP or Request For Proposal and must be studied carefully before deciding to respond to it, as there may be special conditions that restrict or hinder the participation of non-US personnel, foreign-owned US companies, or collaboration with foreign entities. Sometimes information is provided in advance about the contract through an RFI or Request for Information, in which information is also requested from companies interested in submitting an offer. 

The prime contractor is the one who signs the contract with the corresponding government agency and must decide which clauses will be transmitted (“flowed down”) to its subcontractors. Some of them will be mandatory for the entire chain of subcontractors. Therefore, a company that participates as a subcontractor in a government contract should focus on analyzing the contract that it is going to negotiate with the main contractor and not so much on the clauses of the main contract. In any case, it is always positive to identify relevant clauses from the RFP phase as it is possible that they end up impacting the subcontractors.

Similarly, if a subcontractor also has subcontractors, it must analyze the contract with their client and make sure to transmit the applicable clauses in their subcontracts to guarantee compliance with all conditions.

Buy American Act

The “Buy American Act” or, really, Acts, is a set of laws passed since 1933 that offers US companies certain advantages for federal product purchase contracts. Particularly relevant is section 25 of the FAR (Foreign Acquisition). It should be noted that these rules  do not apply to the acquisition of services, but may affect the purchase of products and materials acquired through a service contract.

The degree of protectionism of these measures has recently increased through actions of the Trump administration in its last days (Final Rule of 19 January 2021) that were endorsed and expanded by President Biden a few days later through an Executive Order signed on January 25, 2021. Despite the great differences between the two presidents, they have agreed to increase the degree of protection of the interests of US companies in acquisitions by the Federal Government.

There may be additional changes in the near future such as proposed changes to the FAR on July 30, 2021, which are in the phase of revision. The spirit of “Buy American” was one of the pillars of Biden’s campaign, although high inflation, the sharp reduction in unemployment in the US throughout 2021 and the lack of qualified workers in some sectors will have to be taken into account before applying new protectionist measures.

Although the details are complicated and exceptions are established, in general, for the purchase of a product to follow the spirit of the ‘Buy American Act’ it must meet the following requirements:

  • Be made in the USA
  • More than 55% of the cost of the product must come from US components.
  • For the particular case of products whose iron or steel content exceeds 50% of the total product, more than 95% of the cost of the product must come from US components.

Products that do not meet these standards may compete in a federal government acquisition, but in such a case an advantage of 20% is given to the competitors in the case of products that do meet those standards. This percentage rises to 30% when the competitors are considered a “small business”.

In construction carried out under federal contracts, unmanufactured materials must have been mined or produced in the USA. Fabricated materials must have been produced substantially from US-produced, mined, or manufactured materials.

In general, the following cases are excluded from this law:

  • Services
  • Information Technology
  • Contracts priced below $10,000
  • Situations in which the cost of US alternatives is drastically higher or when there is no similar product available in the US
  • Contracts in which the product will be used outside the US
  • Other reasons of public interest considered by the applicable federal client

On the other hand, there are laws or specific regulations similar to the Buy American Act that affect specific agencies, such as the Berry Amendment which restricts the purchase of foreign-sourced clothing and fabrics by the DoD. Similarly, state or local governments can define standards that favor US or even regional suppliers. For this reason, the applicable regulations should be carefully analyzed when studying the RFP of a government contract.

We need to emphasize again that the described ‘Buy American’ doctrine affects only the acquisition of products and materials within the framework of federal contracts


The International Traffic in Arms Regulations or ITAR , is a United States law that restricts and controls the export of military and defense technologies (or technologies that have a potential use in those sectors) to safeguard the national security of the United States and other objectives of its foreign policy. It affects all types of contracts, both government and commercial, when handling this type of technology and the associated information. Its compliance and the export authorizations are managed by the Directorate of Defense Trade Controls or DDTC of the Department of State (Ministry of Foreign Affairs). 

ITAR has an enormous impact on the operations of foreign-owned companies working in the aerospace or defense sectors, especially when they must interact with “non-US Persons”, defined as representatives of non-US companies or non-US citizens who are not permanent residents of the US (that is, they do not have a ‘Green Card’). The transfer of technology or information associated with such foreign entities or persons is totally prohibited unless an export license has been received in advance from DDTC.

It is essential to fully understand the implications of this law and define a strategy that allows it to operate effectively, ensuring its strict compliance. There are technologies used at a massive scale in the commercial sector but which are restricted by ITAR for their potential military use. The penalties for violations are very serious, including fines for the company and possible imprisonment for individuals who have committed violations.

In fact, ITAR is one of the most important reasons why companies dedicated to sectors such as aerospace or defense decide to establish a subsidiary in the US to be able to do business in this country. This action greatly facilitates relationships with US clients, but work protocols must be defined to avoid any risk of ITAR violation.

As indicated in ITAR Part 122, any person (natural or legal) engaged in the business of manufacturing, exporting or importing temporarily defense articles in the United States, or providing defense services, must register with the DDTC. This will apply to the US subsidiary of a foreign company that is going to work with dual-use technologies.

Registration with DDTC can be done at their website by providing a ‘Statement of Registration ‘(Department of State Form DS-2032). This form must be signed by a senior executive of the US company (CEO, President, Secretary, etc.) who is directly hired as an employee of the company (that is, it cannot be an external person), has received authorization by the company for such signature and is a ‘US Person’ (i.e., United States nationality or ‘Green Card’). This person, whose role is often referred to as ‘ ITAR Empowered Official’, represents the company before DDTC (in particular to process export authorizations) and has ultimate responsibility for the company’s compliance with ITAR. For foreign-owned companies, it is necessary to identify in the ‘Statement of Registration’ the persons (natural or legal) who have the ultimate ownership and control of the company. 

To avoid the risk of unauthorized export of ITAR information, the company must carefully create, implement and verify compliance with an ‘Export Compliance Program’ or ECP that defines, among other things, the management policy for items restricted by ITAR, including technical data. This program is mandatory for all employees of the US subsidiary and those of other affiliates or partners who are going to interact with it in any way within the framework of specific export authorizations. For example, employees of the United States subsidiary other than ‘US Persons’ and employees of other group companies cannot at any time have access to the network or the offices in which ITAR-restricted articles are housed (including technical data), unless access has been authorized by a DDTC export license.

Less restrictive than ITAR, but also relevant, are the Export Administration Regulations or EAR , managed by the US Department of Commerce (Ministry of Commerce) and affecting exports of products and services in a large number of sectors. In general, the regulations applicable to companies from NATO countries and their citizens are not very demanding and avoid the need for export licenses, but require the US government to be informed of the exports made.

Classified Contracts

A very important sector within government contracts is defense contracts, many of which are classified to protect national security. In order for a US company to participate in a classified contract, it must obtain a Security Clearance or Facility Clearance (FCL). The applicable regulations are defined in detail in the National Industrial Security Program Operating Manual, or NISPOM .

The government agency that manages the FCLs is the Defense Counterintelligence and Security Agency (DCSA), formerly called DSS (Defense Security Service). DSS is still referenced in many documents. 

In order for employees of a U.S. company to gain access to classified items (material or immaterial, such as information or software), the company has needs to obtain first a Facility Security Clearance or FCL and the employees must have received a Personal Security Clearance or PCL. Both FCL and PCL must have the classification level associated with these items (Confidential, Secret or Top Secret).

Contractors are not required to have an FCL during the bidding phase of a classified contract if access to classified items is not required in order to prepare it. In any case, it would be essential in this case to explain in the offer the existing plans to acquire and maintain the necessary security clearances (FCL and PCLs) to be able to participate in the contract if awarded. For this reason, it is essential to carry out a good planning of the process even before starting to work on specific opportunities that involve access to classified elements.

With very few exceptions, foreign companies and individuals are not eligible for a personal security clearance (PCL) or establishment clearance (FCL). US subsidiaries of foreign companies can get an FCL after a long and complicated process and the implementation of a series of protocols required by the US government such as an SSA or Special Security Agreement. Upon completion, employees of those US subsidiaries who are US citizens will be eligible for a Personal Rating (PCL) which, when approved, will allow them to work on classified projects.


As a consequence of the growing concern on the part of the US government about cybersecurity, the US Department of Defense (DoD) has recently defined a Cybersecurity Maturity Certification called Cybersecurity Maturity Model Certification or CMMC, which will be progressively mandatory for contractors who want to work on government contracts. 

Its implementation started in late 2020, focusing on a small number of defense sensitive contracts. However, its scope will grow in the coming years and it is to be expected that in a short time it will be mandatory for all companies that work on government contracts. Likewise, it would not be surprising if its application expands to the private sector in the US. More information on the DoD Acquisition & Sustainment Office website about CMMC.


CFIUS is the Committee on Foreign Investment in the United States, an inter-agency committee (managed from the Department of Treasury) authorized to review transactions that could result in the control of a US business by a foreign person to determine the effect of such transactions on the national security of the United States. 

CFIUS can be important in the case of acquisitions of US companies involved in government contracts, or in activities of importance to national security, by foreign persons (a foreign citizen or a foreign entity) or by a US entity controlled directly or indirectly by foreign persons. In such cases, it is recommended to report the transaction to CFIUS before it becomes effective.

The CFIUS submission is voluntary, but it is highly recommended in the case of acquisition of companies that perform critical work for US Government agencies, particularly in the area of defense or involved in the management of ITAR-controlled items. This is even clearer in the case of a company owned by a foreign government.

The process implies that the acquiring company communicates to CFIUS its intention to acquire the target company and requests a determination on its approval, which is normally received in no more than 45 days, although the process can take up to 3 months in some cases. It is common for the government to ask questions about the buyer and the company to be acquired, which must be answered very quickly (typically 3 business days) to avoid the cancellation of the process.

The risk of not carrying out this process is that the US government could potentially reject the acquisition later after the buyer and the acquired company have spent a lot of time and money, with significant consequences.

For more information about CFIUS you can go to the CFIUS website from the Department of the Treasury. It is always advisable to go to this page since some modifications of the law are being developed, which will be implemented in the near future.

Subcontracting to a foreign country

The aforementioned barriers that affect international companies when trying to participate in US government contracts, such as the ‘Buy American Act’ or ITAR, affect only in some cases and can often be avoided or reduced with various strategies such as the creation of a company in the USA. .

In any case, it is important to bear in mind that the US subsidiary, and sometimes other foreign affiliates that subcontract from it, will be subject to a good number of contractual clauses that will have to be transmitted in all subcontracts

In the first installment of this series we define the most common types of government contracts. ‘Fixed price’ type contracts grant a priori great freedom of subcontracting by the US subsidiary to the parent company or to other international subsidiaries of the group, provided that ‘Buy American’ type barriers are respected or ITAR when applicable. However, ‘cost reimbursement’ type contracts usually require that the work be performed by personnel from a US company, who must follow applicable accounting standards in order to claim reimbursement for costs incurred.


The importance of the government sector for international companies is considerable but will be even greater in the coming years, taking into account the enormous federal investments in infrastructures approved recently that will be of the greatest interest to sectors as diverse as infrastructures (construction of roads and bridges, telecommunications, transport), electric vehicles, clean energy or cybersecurity.

The government sector is complex and poses difficulties of all kinds such as those mentioned in this article, but they can be managed properly with the right knowledge.

Markentry USA helps international companies from multiple sectors in their process of entering the US government market, providing support in all the necessary steps from a  feasibility study and strategic planning to the creation of the subsidiary and business development including support for the preparation of proposals. Our team has extensive experience helping international companies to achieve the entry and execution in all types of government contracts including areas as complex as NASA, technologies protected by ITAR or classified contracts.

In a third and final article of these series we discuss in detail important benefits that small businesses, even foreign-owned companies, can take advantage of.