(a) Establishment
Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense, acting through the Assistant Secretary of Defense for Industrial Base Policy, shall establish a Department of Defense-wide program to be known as the Defense Supply Chain Intelligence and Risk Response Program (in this section referred to as the Program ) to enhance the Department’s ability to illuminate, assess, anticipate, and respond to risks across the defense industrial base supply chain.
(b) Purpose
The purpose of the Program shall be to provide a coordinated, holistic framework for the Department of Defense to effectively identify and manage the risks within and across the broader defense supply chain, including risks associated with microelectronics, semiconductors, counterfeit items, diminishing manufacturing sources and material shortages, obsolescence, supply chain disruptions, cyber vulnerabilities, foreign sourced components, foreign investments, financial distress, and sourcing of critical technologies from entities within or associated with covered nations.
(c) Activities
The Program shall—
identify and characterize supplier concentration, single-point dependencies, structural vulnerabilities, and risks arising from foreign ownership, control, or influence;
inform Department of Defense policy and funding decisions intended to enable rapid, scalable response to supply chain vulnerabilities, including creation of stockpiles and identification of alternative domestic suppliers and surge capacity; and
support and inform Department of Defense efforts to reduce reliance on covered nations for supply chains essential to the national defense.
(d) Implementation
In implementing this section, the Assistant Secretary of Defense for Industrial Base Policy shall, in consultation with the Assistant Secretary of Defense for Sustainment and not later than 365 days after the date of the enactment of this Act—
perform an identification and assessment of the supply chain illumination efforts, supply chain risk management activities, and policies of the Department of Defense, along with annual funding profiles associated with such efforts, activities and policies;
develop a common framework across the Department of Defense and with contractors of the Department to enable a holistic and coordinated approach for identifying managing risks within defense supply chains; and
provide the Secretary of Defense the following:
Findings and recommendations based on the assessment performed under paragraph (1), including recommendations related to expansion, consolidation, or cancellation of identified supply chain illumination efforts and supply chain risk management activities.
A plan of action for successful implementation of the framework developed under paragraph (2).
Recommendations for employment of advanced data analytics and artificial intelligence capabilities or tools to support and enable Program activities, including capabilities such as—
mapping of multi-tier supply chains across the defense industrial base, including domestic and international supplier networks;
identifying and linking entities across public records, corporate registries, trade data, and other commercial datasets to identify foreign ownership, control, or influence;
highlighting supplier concentration, single-point dependencies, and other structural risk indicators; and
modeling and forecasting of supply chain disruptions and economic security risks.
(e) Commercial technology utilization
The Secretary shall ensure that any advanced data analytics and artificial intelligence capabilities or tools to support the Program are procured—
in accordance with the preference for commercial products and commercial services under section 3453 of title 10, United States Code;
in accordance with the requirements to use competitive procedures under applicable law and the Department of Defense Supplement to the Federal Acquisition Regulation; and
in a manner that provides the Department with flexibility to adapt procurement strategies to Program needs, evolving market conditions, and advances in technology throughout the life of the Program.
(f) Reporting requirements
(1) Initial report
Not later than April 1, 2027, the Secretary shall submit to the congressional defense committees a report describing—
progress made in implementing the Program;
integration of Program activities with existing Industrial Base Analysis and Sustainment activities and supply chain risk management activities; and
resource requirements, including funding, personnel, data access, and technical infrastructure.
(2) Annual report
Not later than one year after the date on which the Program is established, and annually thereafter for five years, the Secretary shall submit to the congressional defense committees a report that includes—
an assessment of the effectiveness of the Program in improving the Department’s ability to illuminate, assess, anticipate, and respond to risks across the defense industrial base supply chain; and
any additional legislative, regulatory, or policy recommendations necessary to strengthen defense industrial base resilience.
(g) Definitions
In this section:
The term covered nation has the meaning given such term in section 4872 of title 10, United States Code.
The term foreign ownership, control, or influence refers to ownership structures, governance arrangements, financial relationships, or other mechanisms through which a foreign person or entity may direct, materially influence, or control a supplier or sub-tier entity within the defense industrial base.
The term economic security risks means risks arising from supply chain fragility, economic coercion by a covered nation including financing by a covered nation, or other vulnerabilities in a commercial supply chain that may adversely affect national security.