This bill does two things: it forbids federal contractors with active contracts from using the DeepSeek application (or any successor provided by High Flyer or High Flyer-owned entities) to perform, assist, or support federal contracts, subject to a narrow waiver for national-security or research needs; and it directs the Secretary of Commerce, with the Secretary of Defense, to deliver a detailed report within one year assessing national-security risks posed by AI platforms based in or affiliated with “countries of concern.”
The measure matters because it names a specific commercial application and pairs an immediate procurement restriction with a near-term intelligence and policy assessment. For procurement and compliance teams, that combination creates an urgent need to identify any contract activity involving DeepSeek or related services, to plan for waiver requests when work truly requires the tool, and to prepare for policy shifts the Commerce report may recommend around export controls, data localization, and agency contracting rules.
At a Glance
What It Does
The bill prohibits federally contracted work from relying on DeepSeek or successor services produced by High Flyer or its subsidiaries, but allows the Secretary of Commerce, after consulting the Secretary of Defense, to grant case-by-case waivers for national-security objectives or research. It also requires Commerce, in consultation with Defense, to submit an unclassified report (with a possible classified annex) within one year analyzing threats from AI platforms tied to countries of concern and recommending administrative and legislative fixes.
Who It Affects
Primary targets are federal contractors that use DeepSeek or related High Flyer products, federal contracting officers responsible for contract oversight, the Departments of Commerce and Defense tasked with the waiver and report, and companies and platforms based in or affiliated with countries statutorily designated as ‘‘countries of concern.’'
Why It Matters
By naming an application and demanding an interagency threat assessment, the bill sets a precedent for targeted procurement bans combined with policy reviews that could reshape how agencies vet foreign AI services, enforce export controls, and require data handling safeguards for contractors.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
Section 2 creates a narrow but concrete procurement prohibition: any firm holding an active federal contract may not use DeepSeek — or successors built or provided by High Flyer or entities it owns — in any capacity that supports performance of that contract. That language covers direct use to execute contract tasks as well as ancillary uses that support fulfillment.
The ban is not absolute: the Secretary of Commerce may grant waivers after consulting the Secretary of Defense when use is required for completing national-security-related objectives or for research tied to a contract. The waiver is case-by-case, not a blanket exemption, so agencies and contractors should expect to make a factual showing when seeking relief.
Section 3 directs the Secretary of Commerce, working with the Secretary of Defense, to produce a comprehensive report on the national-security implications of AI platforms based in or affiliated with ‘‘countries of concern’’—a statutory term that ties to an existing definition in title 10. The statute prescribes specific analytical lines: government censorship and influence over AI systems; the risk that platforms propagate state-sponsored propaganda; how evasion of export controls (for example on high-end GPUs) contributes to foreign model development; and detailed investigations of how U.S. data is stored, accessed, and repurposed by foreign entities.
The required report must be delivered to several congressional committees within one year and may be publicly unclassified while containing a classified annex for sensitive material.Operationally, the combination of an immediate targeted prohibition and a mandated interagency study creates two near-term tasks for agencies and contractors: (1) identify and remediate any contract performance that relies on DeepSeek or related services, including substituted tooling or contractual amendments; and (2) prepare to receive and act on Commerce’s recommendations, which could include new procurement clauses, data-handling requirements, or tighter coordination with export-control regimes. The statute does not itself create new criminal penalties or private-rights enforcement; instead it relies on procurement compliance and administrative waivers as its enforcement levers.
The Five Things You Need to Know
The ban applies only to federal contractors with an active federal contract and specifically covers DeepSeek and any successor application or service developed or provided by High Flyer or entities owned by High Flyer.
The Secretary of Commerce holds sole waiver authority but must consult the Secretary of Defense; waivers are available only on a case-by-case basis for national-security-related objectives of a contract or for research purposes.
Commerce must deliver the report within one year of enactment to the Senate Armed Services Committee, the Senate Commerce Committee, and the House Committees on Armed Services and Energy and Commerce.
The bill borrows the term ‘‘country of concern’’ from 10 U.S.C. 4872(f), anchoring the report’s target set to an existing statutory list rather than creating a new list in this Act.
The report must analyze censorship and government influence, use of AI for state propaganda, circumvention of export controls (notably GPU flows), detailed U.S. data-storage and access risks, economic-espionage vulnerabilities to IP and trade secrets, and must recommend administrative and legislative remedies; it must be submitted in unclassified form but may include a classified annex.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
Provides the Act’s short name, the ‘‘Protection Against Foreign Adversarial Artificial Intelligence Act of 2025.’' This is a labeling clause only; it has no substantive effect on implementation but flags the bill’s national-security framing for agencies that will read the statute.
Prohibition on use of DeepSeek by Federal contractors
Creates a targeted prohibition that bars federal contractors from using DeepSeek or any successor products provided by High Flyer or entities it owns to perform or support federal contracts. The provision is broad in functional scope—covering fulfillment, assistance, execution, or partial support—so contractors must review direct and ancillary uses. The statute contains no specified civil or criminal penalty; enforcement will therefore rely on routine procurement compliance tools (contract clauses, representations, and agency oversight) unless agencies adopt specific remedies. The provision includes a narrow waiver mechanism: the Secretary of Commerce, after consulting the Secretary of Defense, may grant a waiver when use is required for completion of a national-security-related contract objective or for research, on a case-by-case basis.
Scope and deadline for threat assessment
Directs the Secretary of Commerce, in consultation with the Secretary of Defense, to produce a detailed report on national-security threats from AI platforms based in or affiliated with ‘‘countries of concern,’' with a firm deadline of one year after enactment. The report must be delivered to four congressional committees named in the text, creating an intercommittee briefing requirement that ties Commerce’s analysis directly to Congressional oversight on both defense and commercial policy.
Required report elements and form
Lists discrete analytical topics Commerce must address—government censorship and influence, AI-enabled propaganda, risks from export-control circumvention for hardware like GPUs, granular analysis of U.S. data storage and access, economic-espionage risks to IP and trade secrets, threats to federal information—and allows an unclassified main report plus a classified annex. Practically, that forces Commerce to assemble technical, legal, and intelligence expertise and to balance public transparency with protection of sensitive intelligence or sources and methods.
This bill is one of many.
Codify tracks hundreds of bills on Technology across all five countries.
Explore Technology in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Federal agencies and national-security programs: the prohibition and the report reduce the likelihood that contractor workflows will introduce foreign-controlled AI tools into sensitive systems and give agencies new analytical material to tighten procurement rules.
- U.S. cloud and AI vendors that are not affiliated with countries of concern: the restriction can redirect federal demand toward vetted domestic or allied providers, creating new commercial opportunities.
- Congressional oversight and policymaking: the mandated report delivers a structured, interagency analysis that committees can use to craft targeted legislation or oversight, reducing information asymmetries about foreign-affiliated AI risks.
Who Bears the Cost
- Federal contractors using DeepSeek or related High Flyer services: they must cease using the tool for contract work, absorb remediation costs, and potentially replace workstreams or retool workflows.
- Contracting officers and procurement shops across agencies: agencies must detect prohibited uses, process waiver requests, and potentially renegotiate contract terms—work that increases administrative burden without allocating new funds.
- Department of Commerce and Department of Defense: both agencies must allocate staff, technical analysis, and coordination time to meet the one-year report deadline, creating opportunity costs and interagency friction for resource-intensive technical assessments.
- High Flyer and related firms: the statutory ban removes a federal contracting market and could prompt further government actions or reputational harm, even though the bill’s remedy is administrative rather than punitive.
Key Issues
The Core Tension
The central dilemma is security versus operational flexibility: the bill prioritizes an immediate, targeted defense by banning a named product and forcing a quick threat assessment, but that approach restricts contractors and research while leaving open significant questions about scope, enforcement, and whether a product-specific ban is the most effective or durable way to reduce foreign-AI risks without undercutting legitimate national-security research and operational needs.
Several implementation challenges and trade-offs flow directly from the bill’s design. First, the measure targets a named product and its successors rather than articulating a set of behavioral rules for all foreign-affiliated AI services.
That specificity makes the prohibition easy to state but easy for suppliers or intermediaries to evade—for example, by renaming services, rebranding ownership, or routing functionality through third-party hosts. Agencies will need active monitoring, revised contract clauses, and perhaps representations and warranties to police substitution.
Second, the waiver mechanism gives the Secretary of Commerce flexibility but leaves the practical standard and review process undefined. ‘‘National-security-related objective’’ is a broad phrase; contractors and agencies will want written guidance on the evidentiary showing required, the timeline for waiver decisions, and any reporting or mitigation conditions attached to waivers. Without operational rules, waiver processing could become a bottleneck for programs that legitimately need the technology for research or tightly scoped mission work.
Third, the mandated report is thorough by design but resource-intensive. Commerce must marshal technical forensics (data flows, storage topology), counterintelligence assessments (access by foreign political entities), and export-control analysis (hardware flows and circumvention).
Those are different analytic skill sets housed across multiple agencies, and time pressure plus classification needs may limit how much of the analysis can be meaningfully public. Finally, because the bill relies on procurement compliance rather than explicit statutory penalties, agencies must decide whether to amend the Federal Acquisition Regulation or pursue other administrative tools to make the ban operational and enforceable across contracts and subcontracting chains.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.