The aerospace and defense industry is facing a rapidly shifting legal landscape in 2025, shaped by regulatory updates, enforcement trends, and geopolitical considerations. With increased scrutiny on foreign investments, cybersecurity compliance, and government contracting rules, companies operating in this space must be more vigilant than ever.
From the US Department of Justice’s expanded False Claims Act enforcement to evolving Small Business Administration rules, companies must adapt to a complex regulatory environment. The Biden administration’s previous regulatory priorities paired with the new administration’s recent executive actions add further uncertainty to this industry.
Here, we examine the most significant legal trends shaping the aerospace and defense (A&D) sector and their implications for businesses, government contractors, and investors.
With a new administration in place, government contractors are navigating a period of regulatory uncertainty. The administration has already moved to freeze many regulatory initiatives from the Biden era, including rules related to greenhouse gas disclosures, pay equity transparency, and diversity, equity, and inclusion (DEI) programs.
One of the most immediate changes concerns equal opportunity requirements. Through an executive order issued on January 21, the administration revoked Executive Order 11246, which mandated affirmative action in federal contracting. This new order, aspects of which at least one federal court has preliminarily enjoined, eliminates the requirement for government contractors to maintain affirmative action plans and introduces a requirement that contractors certify that they do not “operate any programs supporting DEI that violate any applicable federal anti-discrimination laws.”
Further, a hiring freeze on federal government employees has been implemented, with potential downstream effects on contractors that provide staffing and services to federal agencies. While exceptions exist for national security, health, and safety positions, the full impact on contractors remains to be seen.
Another major regulatory shift is the freeze on all pending federal regulations, impacting key rulemakings under the Defense Federal Acquisition Regulation Supplement (DFARS). Contractors must monitor these developments closely as many cybersecurity and supply chain security rules initiated under past administrations remain in limbo.
The defense industry is facing increasing scrutiny over foreign ownership, control, and influence. Upcoming updates to DFARS could require that companies with contracts exceeding $5 million be subject to Defense Counterintelligence and Security Agency review for potential foreign influence risks even if they do not handle classified information.
Outbound investment regulations have also been issued. Executive Order 14105 introduced new restrictions on US investments in Chinese businesses engaged in semiconductors, quantum computing, and artificial intelligence. Some transactions are outright prohibited while others are notifiable, requiring government reporting.
The Chinese Military Companies List, maintained by the US Department of Defense, has also been gaining attention and generating legal challenges. Previously used as a name-and-shame mechanism, recent amendments under the 2025 National Defense Authorization Act prohibit contractors from using products or services linked to listed Chinese military-affiliated entities.
For businesses engaged in M&A transactions involving foreign investors, the parties must determine whether mandatory or voluntary filings with the Committee on Foreign Investment in the United States (CFIUS) may be warranted to preempt regulatory roadblocks.
Beyond the United States, the development of indigenous capabilities in the Middle East has had a hand in shaping foreign investment and defense market dynamics. Defense contracting in the region is increasingly influenced by procurement and supply chain consolidation, cybersecurity concerns, intellectual property and human capital transfers, and heightened awareness of US sanctions compliance.
The legal landscape in the Middle East is also evolving, with a greater focus on employment risks, litigation exposure, and regulatory scrutiny. Companies operating in or partnering with firms in the Middle East must remain mindful of these legal considerations as they expand or maintain their presence in the region.
Mergers and acquisitions in the A&D sector face heightened regulatory scrutiny, particularly regarding potential criminal misconduct at acquired entities. Announced in 2023, the DOJ’s Safe Harbor Policy allows companies to voluntarily disclose misconduct uncovered during due diligence within six months post-acquisition, reducing the risk of criminal prosecution.
However, this protection applies only to criminal liability. Civil liability under laws such as the False Claims Act remains a concern. It would be prudent for companies to conduct enhanced compliance diligence on M&A targets—particularly those with government contracts—to identify and mitigate risks before closing transactions.
Cybersecurity compliance is a growing enforcement priority, with the DOJ Civil Cyber-Fraud Initiative leveraging the FCA to target contractors failing to meet cybersecurity obligations. The FCA imposes treble damages and per-claim penalties for false certifications of compliance, making it a powerful enforcement tool.
Key areas of focus include false certifications in contract proposals regarding cybersecurity capabilities, ongoing compliance certifications during contract performance, and failure to report cybersecurity breaches or noncompliance.
In fiscal year 2024, the DOJ recovered $93 million in FCA settlements from DOD contractors, not including a $428 million settlement with a major aerospace firm shortly after the fiscal year closed. The record-breaking volume of FCA cases, with nearly 1,000 new qui tam cases filed, suggests continued scrutiny.
Most FCA cybersecurity cases originate from whistleblowers, oftentimes insiders responsible for IT and compliance functions. Given the financial incentives for whistleblowers under the FCA, companies should look to strengthen internal controls, compliance programs, and employee training.
The US Securities and Exchange Commission’s Whistleblower Program continues to grow, receiving nearly 25,000 tips in fiscal year 2024, an 830% increase since its inception. Awards have totaled $2.2 billion, with $255 million issued in fiscal year 2024 alone.
The SEC is also actively enforcing Rule 21F-17, which prohibits employment agreements from restricting whistleblower disclosures. In 2024, seven public companies faced SEC settlements for requiring employees to waive monetary awards for whistleblowing or imposing advance notice requirements before disclosures.
The DOJ’s Corporate Whistleblower Awards Pilot Program, launched in August 2024, expands whistleblower protections beyond securities fraud, offering financial incentives for tips related to financial crimes, corruption, and healthcare fraud.
Employers should review confidentiality provisions in employee agreements to ensure compliance with whistleblower protection laws.
Several new regulations address supply chain security risks, particularly regarding connected vehicles and information and communications technology. The Commerce Department’s January 2025 final rule on connected vehicles prohibits Chinese- and Russian-made vehicle components in US automotive supply chains. Executive Order 14117, issued in February 2024, and related regulations issued in December 2024 restrict bulk transfers of sensitive US personal and government-related data to China, Russia, Iran, North Korea, Cuba, and Venezuela. These regulations, though currently subject to a regulatory freeze, are expected to move forward.
Meanwhile, the BIOSECURE Act, introduced but not passed in the previous Congress, could impact biotechnology firms and reflects growing concerns over biotech supply chains and US national security risks. Should it be reintroduced and passed, government contractors may be barred from working with certain biotechnology companies tied to foreign adversaries.
The legal landscape for businesses operating in the A&D sector is becoming more complex and enforcement driven, requiring businesses to stay ahead of regulatory changes. Key priorities include foreign investment restrictions, cybersecurity compliance, M&A due diligence, whistleblower protections, and supply chain security.
With the DOJ, SEC, and other regulatory agencies expanding enforcement actions, A&D businesses will want to implement robust compliance measures and develop proactive risk management strategies to navigate this evolving environment successfully.