The SAFE Supply Chains Act directs the Secretary of Defense to procure and use information and communications technology (ICT) end‑use hardware and component products only when those products come from an original equipment manufacturer (OEM) or an authorized reseller. The bill sets out definitions for covered products, OEMs, and authorized resellers, creates a two‑reason waiver path, directs the Department to provide procurement guidance to help suppliers become authorized resellers, and requires annual reports to congressional armed services committees for six years.
For defense and industry professionals this is a procurement‑first approach to supply‑chain security: it limits sources of ICT to parties with direct OEM relationships, increases paperwork and oversight through waiver notices and reporting, and shifts compliance burdens onto acquisition offices and non‑OEM sellers. The bill contains no new appropriations and becomes effective one year after enactment.
At a Glance
What It Does
The bill prohibits the Department of Defense from procuring, renewing, or using covered ICT products unless they are sourced from an OEM or an authorized reseller. It creates a limited waiver process for scientifically valid research and for avoiding mission‑critical failures, requires procurement guidance to help suppliers qualify as authorized resellers, and mandates annual unclassified reports (with classified annexes allowed) for six years.
Who It Affects
Directly affects DoD acquisition offices, ICT original equipment manufacturers, aftermarket firms and distributors that serve as resellers, and integrators or maintenance providers who rely on secondary markets. It also engages congressional defense committees through required waiver notices and reporting.
Why It Matters
The measure erects legal barriers against purchases from unknown or indirect supply channels and prioritizes OEM‑chain provenance as a security control. That changes how acquisition teams validate sources, how aftermarket markets operate for DoD‑used equipment, and how companies position themselves to remain eligible suppliers.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The SAFE Supply Chains Act narrows the pool of permissible ICT suppliers for the Department of Defense to two categories: original equipment manufacturers and their authorized resellers. "Authorized reseller" is broadly defined to include resellers, aftermarket manufacturers, suppliers, distributors, and others that hold a direct or prime contractual arrangement with the OEM or have express written authority to perform functions such as manufacturing, stocking, repackaging, repair, service, or distribution. "Covered product" is focused on end‑use hardware and components and includes the firmware and software that comprise that hardware; the bill deliberately excludes standalone software and hardware whose principal function is non‑data related despite embedded ICT.
Procurement offices must comply with this source restriction except when the Secretary grants a waiver. The statute permits waivers only for two narrowly defined reasons: scientifically valid research and situations in which refusing a purchase would jeopardize mission‑critical functions.
The Secretary must notify the congressional defense committees when granting a waiver, and the notice must set out the justification, any security mitigations employed, and, if mitigations are required, a plan and milestones to avoid repeat waivers. Notices are to be unclassified with an optional classified annex; for research waivers, the duration aligns with the research project.To ease the transition, the bill directs the Secretary to issue procurement guidance aimed at helping firms that are currently ineligible to become authorized resellers, essentially creating a playbook for certification or contractual relationships with OEMs.
Oversight comes through annual reporting for six years: each report must count and categorize waivers, identify the legal basis used, and catalog steps taken to reduce waiver reliance. The statute expressly provides no additional funding for these activities and becomes operative one year after enactment, putting the onus on DoD to implement the new sourcing rules within a limited planning window.
The Five Things You Need to Know
The prohibition applies "notwithstanding sections 1905 through 1907 of title 41, United States Code," meaning the bill supersedes certain existing procurement authorities and exceptions in federal acquisition law for covered ICT purchases.
The bill’s definition of "authorized reseller" explicitly covers entities with direct or prime contractual arrangements or with the OEM’s express written authority to manufacture, buy, stock, repackage, sell, resell, repair, service, support, or distribute the covered product.
A waiver requires notice to congressional defense committees that must (in unclassified form) include the waiver justification, implemented security mitigations, and—if mitigations were used—a plan of action and milestones to avoid future waivers.
Each report to Congress must be submitted annually for six years, and must enumerate the number and types of waivers, the legal authority used for each waiver, and actions taken to reduce the Department’s reliance on waivers.
The Secretary must publish procurement guidance to assist firms currently blocked from eligible sourcing — effectively a mandate to create a pathway for aftermarket vendors and distributors to become authorized resellers.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title and scope
This short section names the statute the "Securing America’s Federal Equipment Supply Chains Act" (SAFE Supply Chains Act). It signals that the bill is focused on federal equipment supply chains and frames the following operative provisions as applying specifically to information and communications technology end‑use hardware and related components.
Who and what counts as covered product, OEM, and authorized reseller
This subsection supplies the operative vocabulary the acquisition workforce must use. "Covered product" targets end‑use ICT hardware and the firmware/software integral to that hardware, but excludes other software and devices whose core function is not data handling. The OEM definition requires that the manufacturer design the product from sourced or purchased components and sell under its own name, a formulation that may exclude original design manufacturers (ODMs) or private‑label arrangements unless they meet that test. The "authorized reseller" definition is unusually expansive — it lists specific commercial activities (manufacture, repackaging, repair, distribution) that qualify an intermediary as authorized, but ties that status to a direct contractual link or express written authorization from the OEM.
Near‑exclusive source rule for DoD ICT purchases
This is the operative prohibition: DoD may not procure, renew contracts for, or use covered products unless sourced from an OEM or an authorized reseller. Practically, acquisition offices will need to establish vendor‑source verification protocols, update solicitations and source selection criteria, and adjust contract language to require OEM provenance or proof of authorized reseller status. The plain effect is to shut off purchases from gray‑market suppliers and many secondary‑market channels unless those sellers secure OEM authorization.
Narrow, documented waivers with congressional notice
The Secretary may waive the prohibition only for scientifically valid research or to avoid jeopardizing mission‑critical performance. Each waiver triggers a notice to congressional armed services committees; the notice must explain the justification, list security mitigations, include a mitigation‑to‑eliminate plan and milestones where relevant, and declare that the product is not from an entity under a foreign adversary’s influence. Notices must be unclassified (with an allowance for a classified annex). Research waivers last for the life of the research project. This structure creates both transparency and a paper trail meant to deter broad use of waivers as an escape hatch.
Guidance for vendors, reporting requirements, no new funds, and effective date
The Secretary must issue procurement guidance to help suppliers become authorized resellers, a practical recognition that many aftermarket suppliers will need a pathway to compliance. The bill also requires annual unclassified reports (with classified annexes allowed) to the House and Senate Armed Services Committees for six years detailing the number and types of waivers, the legal basis for each, and actions taken to reduce waivers. No additional appropriations are authorized, and the law takes effect one year after enactment, giving DoD a finite implementation window without extra budgetary support.
This bill is one of many.
Codify tracks hundreds of bills on Defense across all five countries.
Explore Defense in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Department of Defense security and system integrity teams — they gain stricter provenance controls intended to reduce counterfeit, tampering, and supply‑chain insertion risks by narrowing trusted sources.
- Original equipment manufacturers — OEMs receive a competitive advantage because the statute privileges products sold under an OEM’s name or through OEM‑authorized channels, which can raise OEM bargaining power and aftermarket revenues.
- Congressional oversight (Armed Services Committees) — committees receive recurring, standardized reporting and explicit waiver notices that increase visibility into exceptions and build a record to pressure DoD implementation.
- Cybersecurity program managers and system integrators operating critical platforms — clearer sourcing rules reduce ambiguity about acceptable suppliers and create a definable standard for compliance and risk assessments.
Who Bears the Cost
- DoD acquisition offices and contracting officers — they must implement vendor‑verification, modify solicitations and contracts, and process waiver notices; those compliance tasks come without extra appropriations.
- Independent resellers, gray‑market distributors, and many aftermarket suppliers — businesses lacking OEM contracts or written authority lose direct access to DoD sales unless they secure OEM authorization, which may be costly or infeasible.
- Program managers and warfighters relying on legacy spares — narrowing permitted suppliers risks supply constraints, longer lead times, or higher prices for replacement parts when OEM channels are limited.
- Small resellers and repair shops — achieving "authorized reseller" status may require contractual, logistical, or IP agreements with OEMs that small businesses cannot readily obtain, concentrating market access among larger vendors.
Key Issues
The Core Tension
The central dilemma is security versus operational and market resilience: the bill tightens supply‑chain security by restricting sources to OEM‑controlled channels, but doing so risks supply bottlenecks, higher costs, and vendor lock‑in that can themselves undermine readiness. Reasonable stakeholders can disagree whether the improved provenance and reduced insertion risk justify the loss of market flexibility and potential increases in procurement friction.
The bill advances a clear security premise — provenance matters — but puts that premise into law by narrowing supplier choice in a way that can create real operational and market effects. Limiting DoD purchases to OEMs and their authorized resellers will likely reduce exposure to unknown secondary markets, but it also elevates the commercial leverage of OEMs and authorized channels, which can increase prices and slow procurement for legacy systems that rely on aftermarket parts.
That tension is especially acute for equipment nearing end‑of‑life where OEM support is limited and the aftermarket traditionally supplies spares.
Implementation hinges on definitions that will be litigated in practice. The OEM definition excludes firms that sell under another brand or complex OEM/ODM arrangements unless they satisfy the bill’s design‑and‑sell test, which could exclude widely used suppliers and spawn costly certification disputes.
The authorized reseller definition ties many commercial activities to "express written authority," raising questions about the form and scope of that authorization and whether OEMs can withhold reseller rights to shape aftermarket markets. The waiver regime provides oversight but may become a de facto safety valve that swallows the rule if DoD invokes mission necessity expansively.
Finally, the requirement to produce guidance and additional reporting without new funding risks under‑resourced compliance and inconsistent implementation across services.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.