Legislative and Regulatory Burdens

Congress and Department of Defense (DoD) leaders have expressed concerns regarding the cost and burdens of excessive legislative and regulatory requirements. Better Buying Power 3.0 included language to this effect, which was followed by September, 2015 report entitled, “Eliminating Requirements Imposed on Industry Where Costs Exceeded Benefits.” Similarly, Congress passed numerous provisions in the National Defense Authorization Acts (NDAA) for Fiscal Year (FY) 2016 and FY 2017 aimed at reducing legislative and regulatory burdens. One such provision in the FY 2016 NDAA created an advisory panel on streamlining and codifying acquisition regulations. Unnecessary requirements increases costs that are borne by taxpayers, increases the time it takes to deliver capabilities to the warfighter, and deprives the Department of cutting-edge technologies by deterring new entrants from the federal marketplace.


Rather than make a concerted effort to eliminate these requirements, the Department has too often relied upon “cut-outs” from the acquisition system. While these authorities are necessary in the short-term to support agency mission, over the long-term the accumulation of authorities may undermine the acquisition system. Industry has submitted an exhaustive list of burdensome requirements, however, little progress appears to have been made, and industry continues to be inundated with unnecessary requirements. For example, the amendments to the Federal Acquisition Regulation (FAR) to implement the Fair Pay Safe Workplaces Executive Order would install a costly, duplicative and unnecessary enforcement regime and threaten to blacklist federal contractors based on alleged violations of 14 labor laws and executive orders, despite adjudication processes already being in place for each. Similarly, the regulations to implement the Paid Sick Leave for Federal Contractors Executive Order, require costly compliance measures to provide benefits of marginal utility to employees.


In other cases, when certain regulatory requirements are justified, a lack of communication with industry can lead to unnecessarily burdensome requirements. For instance DFARS Case 2013-D018, “Network Penetration and Cloud Computing for Services” was published as an interim rule, after being developed for two years. Soon after, DoD held an industry day where it became evident that the cybersecurity standards required by the regulations were unconscionable in the timeframe mandated, leading to another interim rule to delay its requirements. Such situations harm the government-industry relationship, and undermine crucial public policy goals.