How should contractors prepare for increased government verification of origin claims under the new executive action? 2026

According to GSA guidelines, contractors must begin by mapping supply chains to the component level and documenting origin decisions for each line item, because the White House FAR announcement directs agencies to require verifiable evidence of country-of-origin for commercial buys. This mapping should include supplier names, manufacturing locations, part numbers, and invoices showing the last substantial transformation. The GSA notice emphasizes that origin assertions can no longer be simple self-attestations for higher-value procurements and that contracting officers will be required to include enhanced verification clauses in solicitations and awards. Contractors should incorporate SKU-level origin tags and retain records for a minimum of six years after final payment to align with standard FAR record-retention policies and to support post-award audits. The paragraph-level action is immediate: designate a compliance owner, run a baseline supplier survey within 45 days, and prepare a documented remediation plan for any non-conforming items. This operational work will directly affect proposal preparation, pricing, and subcontractor flowdowns for contracts above the new materiality thresholds.

Per FAR 19.502, small businesses can and should leverage subcontracting and teaming to meet origin-verification requirements while preserving eligibility for set-asides. Per FAR clauses that implement the Buy American Act and its implementing DFARS/Acquisition.GOV clauses, contracting officers now expect businesses to produce supplier certificates of origin, country-of-origin affidavits, and layered traceability records at time of award for contracts over $250,000. Small business primes can use compliant subcontractors or source domestically-manufactured components to stay eligible for 8(a), HUBZone, WOSB, VOSB and SDVOSB set-asides. The FAR text and associated GSA guidance require flowdown of origin-verification clauses where those clauses materially affect contract performance or price. Small firms should therefore update their SAM profile, solicit supplier attestations during proposal stage, and reflect any higher domestic-content costs in their price proposals. Using FAR-prescribed exceptions and waivers remains possible, but documentation for exception requests must be prepared in advance to avoid award delays.

The SBA reports that 78% of small contractors rely on supplier attestations and generic certificates for origin claims, which exposes them to heightened audit risk under the executive action; SBA guidance encourages pre-award supplier validation to avoid downstream False Claims Act exposure. To implement this, small businesses should run a two-step supplier vetting process: (1) initial attestation collection and (2) physical or forensic verification for high-risk components or single-source suppliers. The SBA recommendation includes budgeting for third-party verification tools—such as laboratory testing or blockchain provenance services—when component origin materially affects compliance. The SBA also recommends updating subcontract terms to require indemnities and audit access with explicit origin-evidence obligations. For small primes, this means revising contract templates, adjusting lead times, and potentially shifting to dual-sourcing for critical components to maintain pricing competitiveness while meeting origin-verification requirements spelled out in recent procurement updates.

Under OMB M-25-21 and the Administration's subsequent procurement reforms, agencies will prioritize improving verification of origin claims using standardized data and digital evidence, and they expect contractors to supply machine-readable certificates of origin where feasible. The OMB board's procurement modernization guidance calls for aligning FAR clauses with digitally verifiable supplier attestations and for agencies to adopt consistent audit triggers; this creates new expectations for contractors to produce CSV/JSON exportable provenance records tied to contract line item numbers. Contractors should therefore enhance ERP and procurement systems to capture and export origin-related metadata and configure quality-management controls to flag discrepancies. OMB's direction also encourages agencies to share audit findings across buyers, meaning a failure on one contract can influence risk assessments on future awards. Compliance therefore requires both process changes and modest technology investments to ensure evidentiary readiness for cross-agency verification.

DoD's CMMC framework requires secure handling of controlled unclassified information and, in practice, DoD contracting offices are increasing scrutiny of supply-chain provenance for defense-critical acquisitions; National Defense reporting shows DoD ratcheting up Buy American restrictions and verification. DoD procurement policy and DFARS clauses, such as DFARS 252.225-series requirements, interact with the new executive action by requiring documented chain-of-custody for components and, in some cases, third-party certification of origin. For contractors pursuing DoD awards, this means harmonizing CMMC cyber controls with supply-chain traceability so that evidence of origin is both secure and auditable. Firms should plan to integrate provenance data into their controlled-environment records and work with C3PAOs or auditors early to ensure evidence meets both cybersecurity and origin-verification expectations. Failure to align can result in bid protests, withholding of payments, and heightened False Claims risk under DOJ enforcement trends.

According to GSA guidelines, contractors must update contract clauses, proposal packages, and supplier terms to meet the new verification regime set by the 2025 FAR update and the 2026 executive order. Practically, that means adding origin-verification language to solicitations and awards, requiring supplier attestations, and attaching supporting documents (invoices, bills of lading, manufacturing certificates) to the contract file. FAR clauses in the 52-series and DFARS 252.225 clauses will be invoked more frequently; therefore prime contractors must create standardized origin-evidence templates and ensure flowdowns to subcontractors at all tiers. Implementation also requires assigning a named compliance officer, integrating origin tags in your ERP, and running a supplier remediation program for non-conforming items within 60–90 days of discovery. Agencies expect digitized records that can be reviewed rapidly; paper-only systems will be insufficient for routine audits. Budget implications include personnel time, third-party verification fees, and modest IT enhancements—costs that GSA estimates between $25,000 and $150,000 for small to mid-size firms depending on complexity.

Per FAR 19.502, small businesses can use teaming and subcontracting to meet origin-verification obligations while maintaining eligibility for set-asides, but they must still demonstrate actual performance and responsibility. Contractors must obtain written assurances from subcontractors, perform reasonable due diligence, and retain documentation that supports origin assertions at the time of award. The SBA and GSA guidance both recommend preparing origin packages during proposal development rather than post-award. Doing so reduces risk of protest or claim and shortens award timelines. For contracts implicating national security or critical infrastructure, DoD and DHS reviewers may require laboratory testing or independent certification. Contractors should therefore budget for those contingencies and schedule lead times that account for third-party verification, which can take 30–90 days depending on scope.

According to GSA guidelines, the best practice is to operationalize origin verification as a continuous compliance function rather than a one-time proposal activity. Implement standardized templates for supplier certificates of origin, integrate origin metadata into purchase orders and receipts, and run quarterly supplier re-validation for critical components. Per FAR and OMB modernization guidance, machine-readable provenance records reduce audit latency and support cross-agency verification. Train contracting and quality teams to identify red flags—single-source foreign suppliers, complex multi-tiered BOMs, and undocumented last substantial transformations—and flag those for immediate verification. Establish a single point of accountability, with the compliance lead reporting to senior leadership and linking origin risk to contract pricing decisions and contingency margins. This approach reduces award delays and lowers the risk of costly post-award disputes and FCA exposure.