What do the new FAR provisions from EO 14398 about DEI discrimination mean for federal contractors? 2026

According to GSA guidelines, contractors must review and update corporate policies, solicitations responses, subcontracting practices, and SAM.gov registrations to reflect the new non-discrimination attestations and clauses implementing EO 14398. This opening analysis explains the immediate compliance expectations: new FAR clause insertion, mandatory offeror attestations, expanded agency review at preaward, and enhanced post-award monitoring protocols. The FAR Council guidance lays out that contracting officers will include the new clause in solicitations valued at any amount where the agency finds the clause applicable, and agencies will require documented evidence in the contracting file and in SAM.gov, which ties directly to offeror responsibility determinations. Per FAR and GSA guidance, prime contractors must flow down required clauses to subcontractors and suppliers; primes that fail to enforce flow-downs may face suspension or debarment. The guidance also signals that agency inspectors general and GAO will scrutinize procurement data quality tied to DEI attestations, and that contracting officers will treat false attestations as false statements under FAR Part 3, referencing potential criminal or civil liability. Contractors should expect targeted reviews on awards for common products and services that represent large buying power across federal spend.

Per FAR 19.502, small businesses can access size and status-based preferences, but they must also meet new non-discrimination attestations under EO 14398; this creates specific preaward and responsibility impacts for small business programs including 8(a), HUBZone, WOSB, VOSB and SDVOSB. The implementation guidance from the FAR Council clarifies that contracting officers will evaluate an offeror's declarations about non-discriminatory DEI practices as part of responsibility determinations and source selection evaluation factors where appropriate, and that primes must demonstrate effective flow-down to subcontractors. The SBA plays a dual role: administering small business certifications while advising contracting officers how award decisions interact with certification status and attestations; failure to reconcile conflicting evidence can trigger protests or set-aside revocations. The new framework does not eliminate affirmative requirements for subcontracting goals or socio-economic preferences, but it does require documented policies showing that primes do not discriminate against individuals or organizations for exercising or declining to adopt DEI programs. That means small firms must maintain both certification documentation and clear policy statements that satisfy contracting officers' inquiries about discriminatory practices.

The SBA reports that 78% of small business contracts are awarded through competitive set-asides where certification and responsibility evidence matter most, so the new FAR provisions have outsized impact on small business access to competitive awards. Under OMB M-25-21, agencies will continue to require secure cloud authorizations and data protections for contract information, and contracting officers will use those digital records—SAM.gov attestations and contract clauses—to track compliance and referrals. DoD's CMMC framework requires cyber controls for handling controlled unclassified information, and while CMMC is separate, DoD has signaled that non-compliance with DEI-related attestations may influence responsibility findings for DoD awards and could lead to additional DFARS clauses for defense contracts. The interagency approach means contractors bidding across civilian and defense agencies must harmonize corporate policies and clause flow-down to meet both FAR-based civil agency requirements and DFARS-specific obligations where they overlap.

According to GSA guidelines, contractors must insert the new FAR clause and be prepared to present documentary proof that their employment policies and subcontracting practices do not discriminate for or against individuals or entities based on DEI program participation or viewpoints. Contracting officers will cite the FAR Council guidance that defines prohibited practices, the format of attestations, and minimum documentation standards; agencies may require sworn attestations or certifications in responses and may require post-award audits. Firms should expect contracting officers to use responsibility criteria under FAR Part 9 to assess whether a contractor's policies pose a risk to contract performance or to government interests. Per FAR 19.502 and FAR Part 4 requirements, companies must maintain contract records, and primes must demonstrate downstream compliance through subcontractor certificates and monitoring logs. For high‑visibility procurements, agencies may require more frequent reporting or spot audits. The practical implication: legal counsel, HR, procurement, and compliance teams must coordinate updates to employee handbooks, supplier agreements, and onboarding training and retain versions tied to each solicitation.

The SBA reports that 78% of small business set-aside awards hinge on demonstrable compliance with eligibility and responsibility standards, so small firms should ready their documentation now. Under OMB M-25-21, agencies will continue to require that sensitive procurement records be tracked in approved agency systems, and contracting officers will cross-check attestations against SAM.gov records and past performance. DoD's CMMC framework requires specific cybersecurity controls, and while CMMC does not govern DEI attestations, DoD contracting activity has warned that gaps in administrative compliance—including DEI attestations—can affect responsibility determinations and may trigger additional DFARS reporting requirements. Contractors performing on multi-agency contracts must therefore harmonize compliance across FAR, DFARS, and agency-specific acquisition regulations to avoid conflicting requirements and ensure a consistent record for inspectors general and acquisition review boards.

According to GSA guidelines, contractors must centralize compliance ownership—appoint a senior compliance officer who will own DEI attestation processes, SAM.gov updates, subcontractor flow-down oversight, and record retention. For complex solicitations, coordinate bid teams, legal, HR, and procurement to prepare a compliance appendix demonstrating policy language, training logs, and subcontractor agreements; this appendix should be attached to the proposal and maintained in the contracting file. Per FAR 19.502, small businesses can leverage mentor-protege and teaming arrangements but must ensure that prime firms do not use DEI attestations as a basis to improperly favor or disqualify small-business partners. Under OMB M-25-21, preserve digital audit trails and use FedRAMP-authorized cloud tools for storing attestations and training records; that reduces data integrity objections in audits. DoD contractors should map DEI documentation to DFARS/CMMC timelines to ensure administrative compliance runs in parallel with cybersecurity obligations.