Following a period of intense dispute over the Pentagon’s use of Anthropic’s frontier AI model, Claude, Secretary of Defense Pete Hegseth stated that he has directed the Department of Defense (DoD) to designate Anthropic as a “Supply-Chain Risk to National Security.” He added that, as a result, “[e]ffective immediately, no contractor, supplier, or partner that does business with the United States military may conduct any commercial activity with Anthropic.” Hegseth’s statement appears to indicate that this decision has been made and is final, although there is no information available that suggests the Department has effectuated it. At least one commentator has suggested that “if Hegseth gets his way,” other defense contractors will have to “divest” from Anthropic, calling the action “attempted corporate murder,” with ripple effects on other American AI companies.
The Secretary’s statement of the consequences for Anthropic’s business associates neither matches his actual legal authority nor the available statutory effects. While the Department has not been clear on what authorities it might invoke for the designation, Hegseth is presumably referencing the authorities in 10 U.S.C. § 3252. That law grants the Secretary the ability to exclude certain companies from competing for contracts or subcontracts for some of the U.S. military’s most sensitive information technology systems – specifically, those used for intelligence, command and control, and weapons systems (and similar enumerated sensitive information systems).
It must be noted at the outset that it would seem highly unlikely the Secretary can meet the statutory requirements of a designation under § 3252 in the Anthropic case. Both parties have acknowledged contract negotiations broke down over terms of use, not adversarial risks to DoD systems. What’s more, Anthropic’s Claude has been, and is, “extensively deployed” across U.S. military and intelligence systems (a situation Hegseth intends to maintain for up to six months past his announcement of a designation in a not so subtle signal that undermines his assertion of any true supply chain risk).
But even if such a designation could be supported in this case (again, a very real legal hurdle), designating a company as a “supply chain risk” does not give the Secretary the power to prohibit defense contractors from engaging in “any commercial activity” with the designated company. The powers granted by Congress are far more narrow – in short, they relate to procurement actions for a small set of highly sensitive information technology systems. This provision of law is not a sanctions authority, and attempting to in effect apply it as such raises broader legal and policy questions.
Indeed, there is much to say about why Hegseth has effectively threatened, if not attempted, “corporate murder” with his conduct and statements to date. I’ll leave that for another day. Below I’ll simply explain what a supply chain risk designation actually does, and does not do, and why Hegseth’s statements go far further than his statutory authority would support. At bottom, the supply chain risk designation process is a tailored national security authority designed to allow the Secretary (and a few other officials) to override DoD’s usual contracting process to protect the safety of the country’s most sensitive military systems. Abuse of that authority to resolve an ideological dispute playing out over DoD’s desire to change its contractual terms should not be taken lightly, including by overseers in Congress.
What Constitutes a Supply Chain Risk?
Under § 3252(d)(4), a “supply chain risk” is defined as:
“the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system.” (emphasis added).
The designation of a company as a supply chain risk is intended to address the long-held concern that certain companies could introduce backdoors or vulnerabilities into U.S. military systems that could be used for espionage or, worse, sabotage. These risks are typically associated with foreign intelligence services: for example, certain Chinese companies have been designated as national security threats by the Federal Communications Commission. While the Defense Department does not have to disclose designated entities, there is no public record of any company being designated under this provision by the Pentagon, and the designation of an American owned and operated company appears to be without precedent.
What Can the Secretary Restrict?
Section 3252 provides the head of a covered agency—defined as the “Secretary of Defense” and the Secretaries of the military departments—with the authority to carry out “covered procurement actions” to reduce supply chain risk with respect to “covered systems” and “covered items of supply.”
The provision does not grant the Secretary powers beyond excluding a designated company from participating in contractual bidding for a limited set of systems.
Under § 3252(d)(2), the Secretary’s authority is limited to three primary actions within the course of a covered procurement:
- Exclusion of a “source” (i.e., a company) that fails to meet certain qualification standards in the acquisition of covered systems (e.g., the Secretary can prevent a company that has not met certain standards, like obtaining an ISO 27001 cybersecurity certification, from being able to bid for a covered contract);
- Exclusion of a “source” that fails to achieve an acceptable supply chain risk rating in the evaluation process (e.g., the Secretary can prevent a company that does not score highly on an evaluation process for its supply chain during the bidding process from being able to win the bid, even if it otherwise has the best bid); and
- Directing a contractor for a covered system to exclude a particular source from consideration for a subcontract.
Each action merely provides the Secretary with the ability to exclude the designated company from participating or competing in the bidding process for certain covered contracts – or force an existing contractor not to use the designated company in its provision of services for “covered procurement.”
Section 3252 does not, however, grant the Secretary power to force any divestment or disassociation from the designated company. Importantly, nor does the law grant any powers regarding the use of the designated company for other purposes by contractors (such as, for example, using the company for supporting the contractor’s own IT systems or in its commercial contracts).
What Types of Defense Systems Does the Restriction Apply To?
Importantly, this power doesn’t extend to all military contracts – it only applies to “covered systems” and “covered items of supply.” Under § 3252 and its implementing regulations in DFARS 239.7301, a covered system is synonymous with a National Security System (NSS). These systems are information technology systems restricted to those used for intelligence activities, cryptologic activities related to national security, command and control of military forces, are “critical to the direct fulfillment of military or intelligence missions,” or equipment that is an integral part of a weapon or weapons system. (“Covered items of supply” are best understood as physical parts or software integrated into these systems.)
In addition, the statute and the DFARS explicitly exclude from the definition of a covered system “routine administrative and business applications (including payroll, finance, logistics, and personnel management applications).” In other words, the military could continue to use a designated company on its unclassified computers used by its human resources or finance teams, or on military-issued phones, even if the designated company is barred from NSS systems.
The Secretary’s power under § 3252 is limited to excluding a company from winning a contract or subcontract if that contract is for an NSS system. Notwithstanding Hegseth’s statements to the contrary, the exclusion doesn’t apply to other acquisitions. And it certainly doesn’t prevent defense contractors from using the company for their own internal purposes, for other government contracts, or from investing in a designated company.
Treating Section 3252 as a Sanction Would be an Abuse of Power
Section 3252 is a procurement authority, not a sanctions authority. If Congress wanted to give the Secretary (and the heads of other covered agencies) the power to exclude all uses of a company, legislators are certainly capable of doing so. For example, Section 889 Part B of the National Defense Authorization Act (NDAA) for Fiscal Year 2019 prohibits the U.S. government from doing business with any company that uses “covered” telecommunications equipment or services from specific Chinese companies (and their subsidiaries and affiliates). Under that provision, a company that merely uses a designated Chinese company’s parts or services cannot be used by the U.S. government for any reason. But unlike Section 889 of the NDAA, section 3252 is focused squarely on the integrity of the procurement process for national security systems.
Hegseth’s statement raises additional serious questions of law and policy, including as mentioned at the outset whether the a designation of Anthropic could actually meet the statutory requirements to constitute a “supply chain risk,” or whether the designation and his insistence that no U.S. defense contractor do any business with Anthropic are instead an extra-legal abuse of authority. But even if the Pentagon were somehow able to establish the validity of a supply chain risk designation (again, this is highly dubious, at best), Congress hasn’t given the Secretary, or any other officials, the power to dictate with whom defense contractors can do “any” business.
Congress should not let Hegseth abuse the statutory authority he’s been delegated, either with respect to the underlying supply chain risk designation (an issue likely to play out in the courts), or by turning it into “attempted corporate murder.”
– Tess Bridgeman, Published courtesy of Just Security.
