Revolutionary FAR Overhaul Proposed Rules

Several of the proposed rules focus on restructuring core acquisition procedures. The FAR Council proposes significant revisions to acquisition planning, market research, competition requirements, emergency acquisitions, publicizing requirements, service contracting and utility acquisitions. Consistent with the themes underlying the RFO deviations, the proposals seek to eliminate duplicative requirements, relocate procedural guidance to non-regulatory resources, consolidate related acquisition functions and provide greater flexibility for contracting officers. The proposed rules would also remove numerous obsolete provisions, including A-76 competition requirements, expired American Recovery and Reinvestment Act provisions and outdated acquisition procedures that the FAR Council concluded are no longer essential to sound procurement.

The most significant departures from the existing RFO deviations appear in the proposed revisions to FAR Parts 4, 33, 39, 40 and 49. The proposed Part 40 rule would not only make the current supply chain security and information security deviation permanent but also consolidate multiple pending cybersecurity and supply chain rulemakings into a single regulatory framework. The proposal would harmonize reporting requirements, establish a unified structure for security prohibitions and exclusions, implement covered procurement action requirements and substantially revise the Government’s approach to safeguarding controlled unclassified information (CUI). Similarly, the proposed revisions to Part 33 would generally adopt the streamlined protest framework reflected in the deviations while introducing enhanced agency-protest disclosure procedures and additional measures intended to increase confidence in agency-level protest resolution.

The proposed rules also contain numerous refinements that were not reflected in the Phase 1 deviations. For example, the FAR Council proposes to establish a formal regulatory sunset process, restructure SAM registration and representations requirements, relocate forms administration from FAR Part 53 into Part 1, revise acquisition planning requirements, adjust public notice thresholds, incorporate cybersecurity workforce requirements based on the NICE Framework and shorten key deadlines associated with termination settlement proposals and inventory schedules. Several proposals also seek comment on a potential FAR-wide renumbering of provisions and clauses to distinguish post-RFO clauses from legacy FAR clauses.

The June 23 proposals, therefore, provide an important reminder that the current RFO deviations should be viewed as an interim framework rather than the final state of the FAR. Although the proposed rules preserve many of the core concepts introduced during Phase 1—including streamlined regulatory text, increased contracting officer discretion and greater reliance on non-regulatory guidance—the rulemakings also reflect the FAR Council’s effort to incorporate lessons learned during implementation, harmonize overlapping requirements and integrate separate regulatory initiatives into the broader overhaul effort.

Contractors that have already revised policies, procedures and compliance programs to align with the RFO deviations should consider reviewing the proposed rules carefully, particularly in areas involving cybersecurity, supply chain security, CUI, bid protests and contract administration. In several key areas, the proposed regulations would do more than simply make the deviations permanent and could ultimately require additional changes to existing compliance and contracting practices. Comments on all four proposed rules are due by July 23, 2026.