How the 'supply chain risk' label became the Pentagon's most powerful weapon against U.S. companies |
How the 'supply chain risk' label became the Pentagon's most powerful weapon against U.S. companies
The legal tools used against Anthropic were designed to counter Huawei and ZTE, not domestic AI companies with contract disputes
PixeloneStocker / Getty Images
When the Pentagon formally notified Anthropic in early March that it had been designated a "supply chain risk," it wielded a label that had existed for years but had never once been turned against an American company. In letters dated March 3, 2026, the Department of Defense designated Anthropic as the first domestic firm. The tools the government invoked were 10 U.S.C. ยง 3252 and the Federal Acquisition Supply Chain Security Act of 2018, two statutes with a clear legislative pedigree: They were built to protect federal systems from foreign adversaries.
The question now central to Anthropic's legal and constitutional battle with the Pentagon is whether that framework can lawfully be repurposed to punish an American technology company over a contract disagreement.
The laws Congress actually wrote
The supply chain risk framework rests on two distinct legal authorities, and both trace to the same period of escalating U.S. concern about Chinese and Russian technology infiltrating federal networks.
Section 3252 of Title 10 was originally enacted as part of the National Defense Authorization Act for Fiscal Year 2019, signed into law on Aug. 13, 2018. It provides the secretary of defense and the secretaries of the Army, Navy, and Air Force with authority to exclude a source from Pentagon procurements involving national security systems. The statute defines the threat it targets with specificity. A "supply chain risk" is "the risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert" a covered system so as to "surveil, deny, disrupt, or otherwise degrade" its operation.
The second authority, FASCSA, was enacted three months later. Signed into law on Dec. 21, 2018, as Title II of the SECURE Technology Act, it established the Federal Acquisition Security Council (FASC), an interagency body with representatives from seven executive branch departments. The FASC was created to assess supply chain risk and make removal and exclusion recommendations to three order-issuing agencies: the Director of National Intelligence for intelligence community contracts, the........