As the US Congress takes up consideration of the National Defense Authorization Act (NDAA), BSA | The Software Alliance is weighing in with lawmakers about tech policy priorities up for Senate consideration. In the expert Q&A below, BSA Senior Director of IT Modernization and Procurement Jessica Salmoiraghi talks about the latest on the NDAA and BSA’s priorities.
What is the current status of the National Defense Authorization Act (NDAA) in the US Congress? Why is it important?
The NDAA is one of the few pieces of legislation that consistently moves through Congress. In fact, it’s almost always one piece of legislation that is almost guaranteed to pass by December, even if other bills stall.
Right now, most of the action around the NDAA is currently in the Senate. The Senate’s version of the NDAA (S. 4638) was introduced in early July, and there are more than 1,100 amendments filed. We’re tracking those amendments and guidance on how and when Congress might act. However, we believe that the Senate and House are having an informal conference to iron out existing policy differences.
Since the NDAA is considered “must-pass” legislation, how does it impact policy, including technology policy?
Because the NDAA is “must-pass” legislation, its amendments can often serve as a vehicle for affecting other areas of policy. That is true of tech policy this year.
For example, the Senate version of the NDAA includes exciting language to advance multi-cloud technology. BSA has been emphasizing the importance of utilizing multi-cloud technologies and senators have included language into the base bill to define multi-cloud, promote its adoption, and improved reporting on its use. There is also work being done on artificial intelligence (AI) policy, quantum technology, cybersecurity, and general defense contracting provisions.
What are BSA’s top priorities in engaging with lawmakers regarding the NDAA?
Our main priorities include multi-cloud technology and AI, among other items proposed within the bill. We’re also focused on strengthening language around cybersecurity and maintaining a longstanding stance on export controls and outbound investments.
Why is multi-cloud adoption important to the Department of Defense and the government more broadly?
Multi-cloud adoption is the next step needed to usher along information technology (IT) modernization. It allows for the Department of Defense, which relies on software and cloud services for its national security mission, to use new IT systems to meet their needs. It also helps other federal agencies update older IT systems to enhance flexibility, resiliency, and user experience across the federal government.
Can you go deeper into the multi-cloud provisions? What are the specific provisions being considered?
There are several exciting opportunities for Congress to promote multi-cloud technology, which is considered a best practice across the private sector.
One of the key sections of the NDAA focuses on ensuring competition for AI procurement, while also promoting the use and definition of multi-cloud—a first for the US government—which can help with broad adoption across the federal government.
How will AI policy factor into the final NDAA?
AI policy is still a bit uncertain. It was not a major focus in the House version of the bill, so it remains to be seen whether House lawmakers would adopt any of the Senate’s proposed language on AI. There are numerous AI-related amendments under consideration, and the final outcome will depend on negotiations.
What’s the process ahead for the NDAA? What will the next few months look like?
The House has already passed its version of the NDAA. The Senate still needs floor time to address its over 1,100 amendments. It’s uncertain whether Majority Leader Schumer will bring the bill to the floor sometime soon, or instead push its consideration to the lame-duck session. Informal negotiations between the House and Senate have likely started, but those talks need to ramp up to meet the December deadline.
Based on what the House has done, and the Senate has in front of them, what should enterprise software companies expect from the final NDAA?
Enterprise software companies should expect a strong focus on cybersecurity in the NDAA. It’s also possible that the multi-cloud language will make it into the final bill. However, some issues, like outbound investment, remain uncertain.
Read BSA’s FY25 NDAA Letter to Senate Armed Services Committee here.
