" Effective immediately, no contractor, supplier, or partner that does business with the United States military may conduct any commercial activity with Anthropic."
Example: Perhaps "Amazon US Services LLC" or whichever subsidiary they have that deals with the government will be banned from using Claude, and all of it's other subsidiaries won't?
Well, IANAL but tweets aren't legislation. What that tweet implies is something that would have to be amended into the NDAA, which requires congress. Hegseth can't just go on a drunk rant and have everything out of his mouth become law.
The supply chain risk directive would come from existing procurement law, which only allows the DoD to require contractors to certify that Anthropic is not used in the fulfillment of any government work.
Which is also separate from Trumps' EO, which being an EO only applies to the federal government directly.
So yeah, banning any contractor, supplier, or partner from any commercial activity with Anthropic is just fantasy without going through congress first.
You know, it's an interesting question what happens when the commander in chief makes a pronouncement like this. PROBABLY everyone will just ignore it and go with the actual technical definitions of these things, but...I mean it is an order.
> Contractors can still use Claude internally in their business, so long as it is not used in government work directly.
I work in the enterprise SaaS and cybersecurity industry. There is no way to guarantee that amongst any FedRAMP vendor (which is almost every cybersecurity and enterprise SaaS or on their roadmap).
Almost all FedRAMP products I've built, launched, sold, or funded were the same build as the commerical offering, but with siloed data and network access.
This means the entire security and enterprise SaaS industry will have to shift away from Anthropic unless the DPA is invoked and management is changed.
More likely, I think the DoD/DoW and their vendors will force Anthropic to retrain a sovereign model specifically for the US Gov.
Edit: Can't reply
> This is the core assertion that is not clear nor absolute.
If Walmart can forcibly add verbiage banning AWS from it's vendors and suppliers, the US government absolutely can. At least with Walmart they will accept a segmented environment using GCP+Azure+OCI. Retraining a foundational model to be Gov compliant is a project that would cost billions.
By declaring Anthropic a supply chain risk, it will now be contractually added by everyone becuase no GRC team will allow Anthropic anywhere in a company that even remotely touches FedRAMP and it will be forcibly added into contracts.
No one can guarantee that your codebase was not touched by Claude or a product using Claude in the background, so this will be added contractually.
FedRAMP contracts require all inputs being FedRAMP compliant and a vetted BOM. Anthropic is no longer FedRAMP high and because it is declared a supply chain risk now all our FedRAMP contracts are at risk and any company who has FedRAMP customers is at risk too.
> This means the entire security and enterprise SaaS industry will have to shift away from Anthropic unless the DPA is invoked and management is changed.
This is the core assertion that is not clear nor absolute.
The designation only applies to projects that touch the federal government, or software developed specifically for the federal government.
Contractors can still use Claude internally in their business, so long as it is not used in government work directly.
A complete ban would be adding Anthropic to the NDAA, which requires congress.
The DoD designation allows the DoD to make contractors certify that Anthropic is not used in the fulfillment of the government work.