Contractor-Related Provisions in the FY 2025 Intelligence Authorization Act

Each year, Congress drafts the Intelligence Authorization Act to grant appropriate authorities and implement policies related to U.S. clandestine operations. Recently, the Senate Select Committee on Intelligence passed the FY 2025 Intelligence Authorization Act (S.4443), which has now been placed on the Senate Legislative Calendar for further review and passage. The House version of the legislation is not yet available. Often, the Intelligence Authorization Act is incorporated and passed under DOD’s annual National Defense Authorization Act.

S.4443 reflects many of the IC’s current technology priorities, including bolstering AI and cyber authorities and capabilities to improve intelligence missions and operations as well as remain ahead of U.S. adversaries. The bill also reflects the IC’s focus on delivering technology innovation at speed and scale.

Contractors aware of such provisions, even as the legislation undergoes Congressional processes and amendments, remain informed of expected policies and provisions that highlight IC priorities and impact IC private-public partnerships.  This is particularly important as information on intelligence priorities and operations is often confidential and hard to obtain.

Below are select provisions and associated sections from the bill, categorized by theme, that have contractor implications:  

Budget Authorizations

• Sec. 103: Authorizes $657M for the Intelligence Community Management Account (The ICMA funds ODNI, including all staff and activities associated with the mission.)
• Sec. 507: Establishes the Intelligence Community Technology Bridge Fund under ODNI to assist with the transition of products and services from research and development to the contracting and production phases. Authorizes $75M for the fund in FY 2025 and each FY thereafter.

AI-related:

• Sec. 504: Requires advanced computation and AI system vendors and researchers to report information risks, compromised AI systems, or generation of synthetic media and computer code to appropriate U.S. government entities.
• Sec. 505: Sets the functions of NSA’s AI Security Center as making available AI research test beds, developing guidance on counter-AI techniques, and promote safe AI adoption practices.
• Sec. 510: Establishes the creation of a database to publicly track AI security and safety incidents through voluntary input by private, public, and academic sectors.
• Sec. 511: Holds entities responsible for concealing technology measures or modifications of machine-manipulated media through false generation.

Workforce-related:

• Sec. 508: Provides additional authorities and details to the IC on the Public-Private Talent Exchanges program.
• Sec. 705: Requires a plan to ensure intelligence collection positions at the CIA are staffed as authorized by the Intelligence Authorization Act of FY 2024.

Cyber-related:

• Sec. 512: Provides a list of foreign ransomware organizations to be treated as hostile foreign cyber actors by the U.S.
• Sec. 514: Establishes ransomware threats to critical infrastructure a national intelligence priority.
• Sec. 1203: Requires penetration testing as part of the testing, certification and recertification of voting system hardware and software.

Contracting-related:

• Sec. 509: Outlines the justifications in which a property, product or service may be acquired by the IC using other than competitive procedures.
• Sec. 702: Establishes an IC-wide standard policy to approve a program of contractor-owned and contractor-operated sensitive compartmented information facilities to improve private-public partnerships in technology innovation.