Anthropic Supply Chain Risk Designation Takes Effect — Latest Developments and Next Steps for Government Contractors

Through letters dated March 3, 2026, the United States Department of War (DoW) formally notified Anthropic that it has been designated a supply chain risk—the first such designation ever applied to an American company. On March 9, 2026, Anthropic filed lawsuits in two federal courts challenging the designation. This Legal Update discusses the latest developments, the legal authority for the designation, the litigation outlook, and practical guidance for government contractors.

Latest Developments

We discussed the background of this unprecedented dispute in our prior Legal Update. In brief, the Pentagon’s designation stems from failed renegotiations of a July 2025 contract under which Anthropic’s Claude model became the first frontier artificial intelligence (AI) approved for use on classified government networks. DoW asked Anthropic to waive the restrictions on mass domestic surveillance and fully autonomous weapons systems in the July 2025 contract. Anthropic refused to do so.

On February 27, 2026, President Trump directed all federal agencies to cease using Anthropic’s AI technology with a six-month phase-out period, and Secretary Hegseth announced the pending supply chain risk designation. Several federal agencies, including some civilian agencies, immediately began discontinuing their use of Anthropic products and directing their personnel to do the same.

Through letters dated March 3, DoW formally notified Anthropic that the designation had become effective and that it applies to all Anthropic affiliates and all products and services. On March 9, Anthropic filed two lawsuits in federal court challenging the designation under several different statutory and constitutional grounds.

Legal Authority for the Designation

The DoW has invoked two legal authorities to support its supply chain risk designation: (i) 10 U.S.C. § 3252; and (ii) the Federal Acquisition Supply Chain Security Act of 2018 (FASCSA).

10 U.S.C. § 3252

Under 10 U.S.C. § 3252, the Secretary of War can exclude a source from defense procurements involving national security systems for the purpose of reducing supply chain risk. A national security system broadly includes any information system (including any telecommunications system) used for intelligence or cryptologic activities, command and control of military forces, or as an integral part of a weapon or weapons system.

The statute defines “supply chain risk” as the risk that “an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert” the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system so as to surveil, deny, disrupt, or otherwise degrade its function, use, or operation. Before exercising this authority, the Secretary of the DoW is required to make a written determination that the action is “necessary to protect national security by reducing supply chain risk” and that “less intrusive measures are not reasonably available.” DoW must also provide notice to the appropriate congressional committees with a summary of the risk assessment and the basis for the determination.

In its notice to Anthropic, the Secretary stated that the designation would apply to “[a]ll DoW procurements for which 48 C.F.R. Subpart 239.73 is applicable,” and extends to all of Anthropic’s products or services—not just Claude—that meet the definition of “covered item of supply” or are procured as part of a “covered system,” as those terms are defined in DFARS 239.7301:

• “Covered items of supply” means an item of information technology that is purchased for inclusion in a covered system, and the loss of integrity of which could result in a supply chain risk for a covered system.
• “Covered system” means any information system, including any telecommunications system, used or operated by an agency or its contractor, that (i) involves intelligence activities, (ii) involves cryptologic activities related to national security, (iii) involves command and control of military forces, (iv) involves equipment that is an integral part of a weapon or weapons system, (v) is critical to the direct fulfillment of military or intelligence missions, or (vii) is kept classified.

The designation authority is implemented through two DFARS provisions. DFARS 252.239-7017, Notice of Supply Chain Risk, is a solicitation provision notifying offerors that the Government may exercise authorities under 10 U.S.C. § 3252 and that in doing so, the Government may consider public and non-public information, including all-source intelligence, relating to the offeror and its supply chain. DFARS 252.239-7018, Supply Chain Risk, is a contract clause that requires contractors to “mitigate supply chain risk in the provision of supplies and services to the Government.”

Notably, the clauses apply only to the performance of covered defense contracts. They do not prohibit a contractor from having commercial business relationships with Anthropic or using Anthropic products outside of their defense work. DoW’s notification to Anthropic does not purport to extend to commercial contracts.

FASCSA Order

By separate letter, DoW also notified Anthropic that it was designated a supply chain risk under FASCA. The FASCA notice also applies to all Anthropic entities, as well as all products and services that meet the statutory definition of a “covered article,” which includes information technology, telecommunications equipment or services, the processing of information on federal or non-federal systems that are subject to the Controlled Unclassified Information program, or other hardware, systems, devices, software, or services that include embedded or incidental information technology. According to the letter, the designation applies only to DoW procurements.

FASCSA is applied to federal contractors through FAR 52.204-30, Federal Acquisition Supply Chain Security Act Orders—Prohibition, which is flowed down to all subcontractors. Under that clause, contractors have a duty to: (i) review SAM.gov at least once every three months (or as advised by the contracting officer) for new FASCSA orders; (ii) if a new FASCSA order could impact the contractor’s supply chain, conduct a “reasonable inquiry” to identify whether a covered article or product or service produced or provided by a source subject to the FASCSA order was provided to the Government or used during contract performance; (iii) report to the contracting officer within three business days if a covered article or product or service produced or provided by a source subject to a FASCSA order was provided to the Government or used during contract performance; and (iv) report mitigation and corrective action plans within 10 business days. Contractors may submit requests for waivers on individual programs.

Litigation Outlook

Anthropic has filed suit in federal court to challenge the designations. Because 10 U.S.C. § 3252 and FASCA are subject to different legal authorities and judicial review processes, Anthropic filed actions in two different courts (i.e., the Northern District of California and the Court of Appeals for the D.C. Circuit). Anthropic is seeking a temporary restraining order and preliminary injunction to halt DoW’s implementation of the designation while the case proceeds. This will likely play out over the coming days and weeks. In the meantime, defense contractors may receive directives from their government customers and prime contractors not to use Anthropic products in their performing their work on covered contracts.

Practical Guidance for Government Contractors

Government contractors should take the following steps to manage risk during this period of uncertainty:

Review your contracts for the Supply Chain Risk clauses. Contractors should immediately review their existing DoW contracts to determine whether they include DFARS 252.239-7018 or FAR 52.204-30. For contracts that include DFARS 252.239-7018, contractors must “mitigate supply chain risk in the provision of supplies and services to the Government.” Even in the absence of a specific directive from a government customer or prime contractor, continued use of Anthropic products in performance of such contracts may be deemed a failure to satisfy this obligation.

FAR 52.204-30 contemplates new FASCSA orders being applied to contracts through a modification. However, even in the absence of a contract modification, as noted previously, the clause requires contractors to (i) conduct a reasonable inquiry to determine whether a covered article or product or service produced or provided by a prohibited source was provided to the government or used during contract performance, and (ii) report certain information about such instances to the Government within three business days.

Monitor for directives from government customers or prime contractors. The scope and enforceability of the DoW’s designation remain contested, and implementation guidance may vary and evolve over the coming weeks and months. Contractors should look for formal direction from their contracting officer or prime contractor specific to their contracts, including contracts that do not include the Supply Chain Risk clauses, and should seek clarification where needed to confirm the scope of any directive to stop using Anthropic.

Conduct an inventory of Anthropic usage. Contractors should conduct an internal review to identify any use of Claude or other Anthropic products in connection with their government contract work. This information will be essential for responding to customer inquiries and making any compliance certifications. Although the supply chain risk designation technically applies only to certain covered defense contracts, contractors should be prepared to respond to directives and inquiries from customers on their other government contracts as well.

Assess whether compliant alternatives are available. Contractors that use Anthropic products in connection with government work should evaluate whether they can perform equivalent functions through alternative means, and document any technical or functional differences. This analysis may be necessary to respond to customer inquiries or to demonstrate that the contractor your organization is taking steps to mitigate supply chain risk.

Be prepared to explain the impact of transitioning away from Anthropic. Contractors that have integrated Anthropic’s technology into mission-critical systems and would face significant disruption in replacing it should be prepared to communicate that fact to their contracting officers and prime contractors. To the extent that a transition is feasible, clearly document and communicate any impact to cost and schedule associated with the change. Such impacts may provide a basis for equitable adjustment or other contractual relief.

Consult legal counsel. Given the unsettled legal landscape, contractors should consult with counsel before taking significant actions in reliance on the designation, particularly actions that could expose the contractor to liability or that could not easily be reversed if the designation is enjoined or withdrawn.

Conclusion

The Pentagon’s designation of Anthropic as a supply-chain risk is an unprecedented action that raises significant legal questions. Government contractors should immediately assess their exposure, monitor developments closely, and be prepared to respond to directives from customers or prime contractors while maintaining appropriate documentation. We will continue to track this matter and provide updates as the situation develops.