FAR Agenda Narrows, with CUI and OCI Rules Moving Forward

The Federal Acquisition Regulatory Council (FAR Council) released its Spring 2025 regulatory agenda as part of the government-wide Unified Agenda of Regulatory and Deregulatory Actions, unveiling a slimmed-down list of procurement rules.

In line with the Trump administration’s deregulatory priorities, the FAR Council dropped several policy-oriented initiatives while maintaining a focus on two rules that strike at the core of procurement and information security — controlled unclassified information (CUI) and organizational conflicts of interest (OCI).

The agenda marks a narrowing compared with the Biden administration’s fall 2024 Unified Agenda, which had included more than 40 FAR-related rules. The Spring 2025 list contains fewer than half that number, reflecting what contractors and practitioners are already describing as the administration’s “one-in, ten-out” regulatory philosophy seen in Executive Order 14192.

Rules Removed from Agenda

Several rules championed by the Biden administration did not survive the Trump administration’s regulatory reset.

A proposed rule still on the agenda seeks to end government procurement of paper straws and requires agencies to procure straws with the strength and durability of plastic. This rule seeks to rescind the Biden-era rule designed to reduce waste and promote environmentally friendly alternatives in federal cafeterias and supply contracts.

Also eliminated is the proposed sustainable procurement rule. This rule would have created preferences for contractors with lower greenhouse gas emissions and required agencies to evaluate climate risks. This proposal, initially championed as a procurement-driven tool for climate policy, had already drawn concerns from industry over implementation costs.

The FAR Council also rolled back efforts to extend a higher minimum wage for federal contractors. Under the Biden administration, Executive Order 14026 raised the wage, but the FAR Council has moved forward with an interim rule eliminating those requirements.

Two Rules Still Advancing, One to Watch

While rules have been stripped away, the FAR Council is preserving two proposals that will have a significant impact on the procurement system.

The first is a final rule on CUI. This rule sets a single, consistent standard for how contractors must protect CUI across all agencies. It will require alignment with the security controls in National Institute of Standards and Technology (NIST) Special Publication 800-171, now in Rev. 3, mandate reporting of cybersecurity incidents, and align with the Department of Defense’s newly-finalized Cybersecurity Maturity Model Certification (CMMC) rule. Because CUI touches nearly every industry that contracts with the federal government, the rule is expected to impose compliance obligations on a significant number of government contractors. It is scheduled for finalization in December 2025.

The second is the long-awaited OCI overhaul. The existing FAR provisions on OCI have not kept pace with the increasingly complex structure of federal procurements, particularly in the defense, intelligence and high-technology sectors, where contractors often play multiple roles. The new rule aims to clarify the definition of OCI, expand disclosure requirements, and modernize procedures for mitigating conflicts. It is also scheduled for finalization in December 2025.

Another notable open FAR case is currently under review at the Office of Information and Regulatory Affairs (OIRA). That rule is intended to implement Executive Order 14173, Ending Illegal Discrimination and Restoring Merit-Based Opportunity and Executive Order 14168, Defending Women From Gender Ideology Extremism and Restoring Biological Truth to the Federal Government. While the draft text has not yet been released, OIRA’s meeting logs show several stakeholder sessions in mid-2025, where outside participants raised issues and shared materials on potential impacts. Until OIRA completes its review and the FAR Council issues proposed language for comment, the precise obligations the rule may impose remain unclear.

Broader Context and Takeaways

The narrowing of the FAR agenda reflects a consistent theme across the Trump administration. Practitioners note that the move is unsurprising given the administration’s deregulatory philosophy.

The regulatory burden may be lighter in some areas. There will be no new compliance obligations for sustainable procurement, no additional wage mandates, and no procurement restrictions such as the paper straw rule. But the rules that remain will demand significant attention. Cybersecurity compliance programs will need to be tightened and aligned with government-wide standards, and corporate governance structures will need to anticipate and mitigate potential OCI risks.

Please contact the author if you have any questions about how these actions will affect your business.