Protecting AI and Cloud Competition in Defense Act of 2025

The bill tells the Department of Defense (DoD) to use competitive award processes whenever it buys cloud computing, data infrastructure, or large AI “foundation” models from companies. It defines key terms like cloud provider, data infrastructure provider, and foundation model provider, and sets a threshold for “covered providers” that have done at least $50 million in DoD contracts in any of the past five years. DoD must make sure the government keeps exclusive rights to access and use all government data involved in these contracts. The bill directs that contract competitions must consider government control over intellectual property and data rights, as well as security, interoperability, and the ability to audit systems. It calls for modular, open-system approaches, fair division of work, and clear technical boundaries, and it requires efforts to reduce barriers facing small businesses and nontraditional defense contractors. It also tells DoD to favor multi-cloud technology, unless that is not possible or would create a serious national security risk. The bill orders the DoD’s Chief Digital and Artificial Intelligence Office to update the Defense Federal Acquisition Regulation Supplement (DFARS). These updates must ensure that government-furnished data given to vendors for AI development and operations cannot be used or shared without proper authorization, including for training or improving commercial products without explicit DoD approval. Government data stored on vendor systems must be separated and protected according to DoD data rules and the “Creating Data Advantage (Open DAGIR)” principles. Violations must carry specific penalties, including fines and possible contract termination, though DoD acquisition executives may grant exemptions when they decide it is necessary for national security and they notify the Chief Digital and Artificial Intelligence Officer. Finally, the bill requires the Chairman of the Joint Chiefs of Staff, working with the Under Secretary of Defense for Acquisition and Sustainment, to submit yearly reports to the congressional defense committees through 2031. These reports must assess competition, innovation, barriers to entry, and market concentration in the defense AI market, list any exemptions that were granted, and provide recommendations for future laws or administrative actions. The Department must publish a public version of each report online and also share it by other methods on request at no cost to the Department.

The bill could shape how the military adopts and uses AI and cloud technologies by setting rules that stress competition, security, and data protection. This may affect large technology companies that already have major contracts with DoD, as well as smaller or newer firms that want to enter the defense AI and cloud markets. By limiting how government data can be used to train or improve commercial AI products, the bill aims to control how sensitive information is handled. This could influence how vendors design their systems and services for defense work. The required reports on competition and market power may give Congress and the public more information about how concentrated the defense AI and cloud markets are, but the exact impact on prices, innovation, and military capabilities is not specified in the bill and would depend on how it is implemented.

• Applies to cloud providers, data infrastructure providers, and foundation model providers that have had at least $50 million in DoD contracts in any of the previous 5 fiscal years.
• Requires the Department of Defense to use a competitive award process for each procurement of cloud computing, data infrastructure, or foundation model solutions.
• Directs that the government retain exclusive rights to access and use all government data involved in these contracts.
• Requires procurement processes to prioritize government roles in intellectual property and data rights, as well as security, interoperability, and auditability.
• Mandates use of modular open systems approaches with appropriate work allocation and technical boundaries in relevant contracts.
• Requires steps to reduce barriers to entry for small businesses and nontraditional contractors in AI and cloud procurements.
• Directs DoD to prioritize multi-cloud technology, unless it is infeasible or poses a substantial national security danger.
• Orders updates to the Defense Federal Acquisition Regulation Supplement (DFARS) to prevent government-furnished data from being used to train or improve commercial products without express DoD authorization.
• Requires that government data stored on vendor systems be separated and protected according to DoD data decrees and Creating Data Advantage (Open DAGIR) principles.
• Specifies that violations of the new data rules must carry penalties, including possible fines and contract termination.
• Allows component acquisition executives to grant exemptions to these data rules when necessary for national security, with notice and justification provided to the Chief Digital and Artificial Intelligence Officer.
• Requires annual reports from the Chairman of the Joint Chiefs of Staff, starting by January 15, 2027, for 4 years, on competition, innovation, barriers to entry, and market concentration in the defense AI market.
• Mandates that each report list all exemptions granted under the bill and include recommendations for legislative and administrative actions.
• Requires a publicly releasable version of each report to be posted on a Department of Defense website and available by other means upon request at no cost to the Department.

• The bill’s definition of “foundation model” includes both very large models (at least 1 billion parameters) and smaller models that could be adapted to perform high-risk tasks, potentially covering a wide range of AI systems.
• The “covered provider” threshold is based on total DoD contract value over the previous five years, not just AI or cloud contracts, which could bring some large contractors under these rules even if AI is only a small part of their business.
• Exemptions to the data-use rules can be granted at the component level for national security reasons, which may allow some programs to operate under different data-sharing practices than others.
• The reporting requirement extends for four years after the first report due in 2027, meaning its insights and any recommended changes may come after initial implementation experiences, not before.
• The bill directs DFARS updates but does not spell out detailed technical standards, leaving significant choices to DoD rulemaking and interpretation.