The landscape of federal defense contracting is undergoing its most significant transformation in a decade. With the enactment of the National Defense Authorization Act (NDAA) for Fiscal Year 2026, the Department of War (DoW) has signaled a definitive shift away from the traditional lowest price acquisition model toward a faster, more innovation-driven procurement framework.
For Defense and Aerospace companies, these changes present both substantial opportunity and increased complexity. This is particularly true for small and mid-sized businesses (SMBs), non-traditional contractors, and dual-use technology firms, which are now better positioned than ever to compete for meaningful DoW work. Yet they must navigate evolving requirements around cybersecurity, data rights, and contract risk allocation.
Understanding these reforms is critical for maintaining a competitive edge in the 2026 bidding cycle. Below, we break down the most impactful procurement changes and what they mean for your organization's legal, operational, and intellectual property strategy.
1. The $10 Million TINA Threshold: A Regulatory Paradigm Shift
Potentially, the most discussed change in the FY 2026 NDAA is the substantial increase in the threshold for the Truthful Cost or Pricing Data Act (formerly known as TINA).
For years, the threshold sat at $2.5 million, requiring contractors to submit in-depth certified cost or pricing data for any contract exceeding that amount. To reduce administrative friction and encourage mid-tier participation, the new NDAA has raised this threshold to $10 million. This is a major win for companies looking to streamline their Government Contracts compliance processes. It aligns with the Defense Acquisition University (DAU) guidelines on Cost and Pricing Data, which detail how these thresholds reduce hurdles for non-traditional contractors.
The Impact:
- Reduced Compliance Burden: Mid-sized contractors can now bid on larger projects without the exhaustive requirement to provide certified data for contracts under $10 million.
- Increased Competition: This change allows non-traditional defense contractors to enter the space without needing massive compliance departments.
2. Moving from Lowest Price to Best Value Portfolio Models
The DoW traditional lowest price technically acceptable (LPTA) model has long been criticized for stifling innovation. The 2026 reforms lean heavily into best value trade-offs and portfolio-based acquisitions.
Rather than evaluating a single drone or satellite as an isolated purchase, the DoW is now looking at how a technology fits into a broader system of systems. Dual-use technologies particularly benefit here, as contractors can demonstrate how commercial innovations integrate with existing DoW digital infrastructure. To win in 2026, contractors need to demonstrate how their technology integrates with existing DoW digital infrastructure. This priority is outlined in the U.S. Department of War's latest Defense Industrial Strategy.
3. Section 801: Addressing Fixed-Price Contract Risks
Inflation and supply chain volatility in recent years have made fixed-price contracts a poison pill for many businesses. Section 801 of the FY 2026 NDAA offers a long-awaited solution. It prevents the DoW from forcing contractors to assume the total risk of loss on certain classified or high-risk fixed-price development programs.
When negotiating these agreements, it is vital to have a legal team experienced in government contracts to ensure your contracts include the necessary Economic Price Adjustment (EPA) clauses to protect your profit margins.
4. Cybersecurity and the CMMC 2.0 Flow-Down Liability
While procurement is becoming faster, it is also becoming more secure. We have officially entered Phase 1 of the Cybersecurity Maturity Model Certification (CMMC) 2.0 rollout.
Starting in 2026, almost all DoW solicitations require at least a Level 1 or Level 2 self-assessment. However, the legal "teeth" of this reform lie in the Flow-Down Clauses. Prime contractors are now legally responsible for ensuring every subcontractor in their supply chain is compliant with Data Protection, Privacy, and Cybersecurity mandates. Detailed documentation on these phased requirements can be found on the official DoW Chief Information Officer CMMC website.
The Legal Risk: If a sub-tier supplier suffers a breach and is found to be non-compliant, the Prime contractor may face False Claims Act (FCA) litigation.
5. Software Acquisition and Intellectual Property Rights
The FY 2026 NDAA places a renewed emphasis on the Modular Open Systems Approach (MOSA). The government wants to ensure they are not locked into a single vendor proprietary software.
Contractors must be extremely careful when negotiating data rights. If you do not explicitly assert your rights to privately developed code during the proposal stage, you risk granting the government unlimited rights. Essentially, protecting your Intellectual Property early in the bidding process is no longer optional. It is a business necessity.
What the FY 2026 NDAA Means for Small and Mid-Sized Defense Companies
The FY 2026 NDAA introduces several structural changes that are particularly impactful for small and mid-sized businesses (SMBs), including non-traditional defense contractors, venture-backed companies, and dual-use technology firms entering the defense ecosystem.
1. Lower Barriers to Entry, But Higher Strategic Expectations
The increase of the Truthful Cost or Pricing Data (TINA) threshold to $10 million is a significant development for SMBs. Historically, the compliance burden associated with certified cost or pricing data acted as a deterrent for companies without dedicated government contracts infrastructure. With this threshold increase:
- SMBs can now pursue larger contracts without triggering complex cost certification requirements.
- Early-stage and growth-stage companies can engage in DoW contracting sooner.
- Internal compliance costs are reduced, improving margins and speed to bid.
However, while administrative barriers are lower, competitive expectations are higher. SMBs must now differentiate based on innovation, integration capability, and mission impact, not just cost.
2. Increased Opportunity for Non-Traditional and Dual-Use Companies
The shift away from LPTA toward best value and portfolio-based acquisition strongly favors SMBs with proprietary or differentiated technologies, software-driven or AI-enabled platforms, and dual-use applications across commercial and defense markets.
For SMBs, this creates a real opportunity to compete against incumbents, particularly where agility and rapid iteration are valued. Dual-use technology firms, in particular, stand to gain significantly.
These companies can leverage commercial development efforts and past performance to demonstrate value in DoW systems. The reforms create a real opportunity to compete against incumbents, particularly where agility and rapid iteration are valued. However, success requires the ability to clearly articulate how a technology integrates into broader DoW systems and architectures.
3. Supply Chain Participation Comes with New Risk
Many SMBs will enter the defense ecosystem as subcontractors rather than primes. Under CMMC 2.0:
- SMBs must meet cybersecurity requirements even at lower contract tiers.
- Prime contractors will increasingly vet SMB partners for compliance readiness.
- Non-compliance can disqualify SMBs from participation entirely.
This creates a dual reality: opportunity through increased demand for innovative subcontractors, and risk because cybersecurity compliance becomes a gating requirement for revenue. SMBs should treat CMMC readiness as a business development function, not just an IT issue.
4. Intellectual Property Strategy Is a Critical Differentiator
For SMBs, intellectual property is often their most valuable asset. The NDAA emphasis on the Modular Open Systems Approach (MOSA) and data rights increases the risk of inadvertently granting the government broad rights in proprietary technology or losing long-term commercial leverage through poorly negotiated terms.
This risk is especially acute for dual-use firms that rely on the same technology for both commercial and defense markets. SMBs must proactively:
- Identify and document background IP prior to contract engagement.
- Assert data rights early in the proposal phase.
- Structure contracts to preserve commercialization pathways.
Failure to do so can materially impact valuation, especially for venture-backed companies.
5. Managing Risk in Fixed-Price Environments
While Section 801 provides some relief, SMBs remain disproportionately exposed to risk in fixed-price development contracts due to limited balance sheet flexibility, less ability to absorb cost overruns, and greater sensitivity to supply chain volatility.
SMBs should prioritize:
- Negotiating Economic Price Adjustment (EPA) clauses.
- Avoiding unfavorable risk allocation in early-stage programs.
- Structuring phased or milestone-based development agreements where possible.
6. Practical Takeaway for SMBs
The FY 2026 NDAA is one of the most favorable environments in years for SMB participation in defense contracting, but only for those who approach it strategically.
SMBs that succeed will invest early in compliance (particularly cybersecurity and contracting readiness), treat IP protection as a core business function, position their technology within broader defense ecosystems, and partner effectively with primes while maintaining leverage.
Conclusion: Preparing for the 2026 Bidding Cycle
The FY 2026 NDAA represents a pivotal shift in how the Department of War engages with industry. The move toward best value procurement, reduced compliance barriers for mid-sized contracts, and increased openness to non-traditional contractors creates a meaningful opportunity, particularly for small and mid-sized businesses.
At the same time, the expectations surrounding cybersecurity, supply chain accountability, and intellectual property protection have never been higher. For SMBs and dual-use technology companies, this is not simply an incremental change. It is a structural shift that requires a more proactive and strategic approach to government contracting.
Success in this environment will depend on early preparation and disciplined execution. Companies that invest in CMMC readiness, clearly define and protect their intellectual property, and position their technologies within broader defense ecosystems will be best positioned to capture value.
If you would like to discuss how these changes impact your business or explore a tailored strategy, please contact Matthew May, Aerospace and Defense Chair, directly.
