When the Pentagon formally notified Anthropic in early March that it had been designated a "supply chain risk," it wielded a label that had existed for years but had never once been turned against an American company. In letters dated March 3, 2026, the Department of Defense designated Anthropic as the first domestic firm. The tools the government invoked were 10 U.S.C. § 3252 and the Federal Acquisition Supply Chain Security Act of 2018, two statutes with a clear legislative pedigree: They were built to protect federal systems from foreign adversaries.
The question now central to Anthropic's legal and constitutional battle with the Pentagon is whether that framework can lawfully be repurposed to punish an American technology company over a contract disagreement.
The laws Congress actually wrote
The supply chain risk framework rests on two distinct legal authorities, and both trace to the same period of escalating U.S. concern about Chinese and Russian technology infiltrating federal networks.
Section 3252 of Title 10 was originally enacted as part of the National Defense Authorization Act for Fiscal Year 2019, signed into law on Aug. 13, 2018. It provides the secretary of defense and the secretaries of the Army, Navy, and Air Force with authority to exclude a source from Pentagon procurements involving national security systems. The statute defines the threat it targets with specificity. A "supply chain risk" is "the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert" a covered system so as to "surveil, deny, disrupt, or otherwise degrade" its operation.
The second authority, FASCSA, was enacted three months later. Signed into law on Dec. 21, 2018, as Title II of the SECURE Technology Act, it established the Federal Acquisition Security Council (FASC), an interagency body with representatives from seven executive branch departments. The FASC was created to assess supply chain risk and make removal and exclusion recommendations to three order-issuing agencies: the Director of National Intelligence for intelligence community contracts, the Department of Homeland Security for civilian agencies, and the Department of Defense for defense agencies.
Both statutes emerged from the same policy problem. Information and communications technology services are essential to government operations, but prior efforts to evaluate supply chain threats had been fragmented, undertaken by individual agencies to address specific risks. The Kaspersky episode made the gap impossible to ignore: When the Department of Homeland Security concluded in 2017 that Kaspersky Lab products posed security threats due to the company's ties to Russian government agencies, no government body had jurisdiction to coordinate the response. DHS was forced to use its authorities under the Federal Information Security Modernization Act to order the removal of Kaspersky from federal networks.
Congress wrote FASCSA and Section 3252 to close that gap with a deliberate, multi-step process.
Every prior use targeted foreign adversaries
Before Anthropic, every exercise of supply chain risk authority had been directed at companies with documented ties to foreign intelligence services.
The most prominent came from Congress itself. The Fiscal Year 2019 NDAA included Section 889, a direct prohibition on federal agencies and federal grant recipients from procuring telecommunications equipment from five Chinese companies. The statute banned products from Huawei, ZTE, Hytera, Hikvision, and Dahua, as well as their subsidiaries and affiliates.
The FCC followed with its own designations. The commission found that Huawei and ZTE had "substantial ties to the Chinese government," were subject to "Chinese law requiring them to assist in espionage activities," and presented "known cybersecurity risks and vulnerabilities in their equipment." The FCC finalized those designations on June 30, 2020.
Kaspersky Lab faced a similar trajectory. DHS banned all federal agencies from using Kaspersky software in 2017. The FCC placed Kaspersky on its Covered List in March 2022, finding it posed an unacceptable risk to national security. In June 2024, the Commerce Department's Bureau of Industry and Security prohibited Kaspersky from supplying cybersecurity products in the U.S., citing "the Russian Government's offensive cyber capabilities and capacity to influence or direct Kaspersky's operations."
Then came the FASCSA system's first actual use. On Sept. 15, 2025, the Office of the Director of National Intelligence published the first FASCSA exclusion order, prohibiting the intelligence community from procuring products and services from Acronis AG, a Swiss cybersecurity and data protection company. The order did not provide public findings or a rationale, which may reflect the classified nature of the underlying intelligence.
The pattern across every case is consistent: foreign-headquartered companies, documented or suspected ties to adversary governments, and concerns about sabotage, espionage, or covert access to U.S. systems.
What makes Anthropic different
The Anthropic case breaks from that pattern in every material respect.
Both the Pentagon and Anthropic have acknowledged that contract negotiations broke down over terms of use, not adversarial risks to Defense Department systems. The dispute stems from a July 2025 contract under which Anthropic's Claude model became the first frontier AI approved for use on classified government networks, and the Pentagon's subsequent request that Anthropic waive restrictions on mass domestic surveillance and on fully autonomous weapons systems.
The statutory language itself poses a problem for the government's position. Section 3252 defines supply chain risk as the risk that "an adversary" may sabotage or subvert a covered system. As legal scholars at Lawfare have argued, the "deny" and "disrupt" language the government would cite is not a standalone trigger but describes the consequence of an adversary's hostile act. Reading it otherwise "would collapse 'supply chain risk' into 'any vendor limitation the Pentagon dislikes,' transforming a narrow security authority into a general-purpose procurement weapon."
The procedural requirements add another layer of difficulty. Before exercising Section 3252 authority, the secretary must make a written determination that the action is "necessary to protect national security by reducing supply chain risk" and that "less intrusive measures are not reasonably available." The most obvious, less intrusive measure: The Pentagon could decline to renew the contract and move to a competitor, a routine procurement decision requiring no supply chain designation, no secondary boycott, and no government-wide ban.
A separate legal analysis by the law firm Venable LLP distinguished between the Anthropic designation and the statutory framework Congress used against Chinese telecommunications companies. Section 889 of the FY2019 NDAA, the "Huawei ban," had explicit statutory authorization for its broad commercial prohibition. No comparable procurement-law precedent supports the broader commercial restrictions the Pentagon has suggested for Anthropic.
Why the distinction matters
The gap between how these authorities were designed and how they are now being used is not just a legal technicality. It carries implications for every company that sells technology to the federal government.
There is no public record of any company being designated under Section 3252 by the Pentagon before Anthropic, and the designation of an American-owned and -operated company appears to be without precedent, according to analysis published by Just Security. Section 3252 is a procurement authority, not a sanctions authority. If Congress wanted to give the secretary the power to exclude all uses of a company, legislators are capable of doing so, the same analysis noted, pointing to Section 889 as the example of what explicit exclusion language looks like.
The industry's response has reflected the concern. The Information Technology Industry Council, whose members include Nvidia $NVDA, Amazon $AMZN, and Apple $AAPL, wrote to Defense Secretary Pete Hegseth expressing "concern" about the precedent. This is notable because major ITI members hold substantial defense contracts and rarely take positions that could antagonize the Pentagon.
"If you give the government a license to kill companies, then companies are always going to be under threat of execution, and therefore they will always feel like they need to do what the government says," Matthew Seligman, founder of Grayhawk Law, said.
The supply chain risk designation was designed to protect federal technology infrastructure from foreign sabotage. Its application to Anthropic tests whether the executive branch can stretch that authority into something Congress did not contemplate: a tool for disciplining domestic vendors who refuse the government's terms. The courts will decide whether the statute can bear that weight. The answer will shape how every American technology company calculates the risk of doing business with the Pentagon.
