In August 2024, the Indian Ministry of Defense (MoD) and the United States’ Department of Defense (DoD) formalized a bilateral, non-binding Security of Supply Arrangement (SOSA) that aimed to promote reciprocal priority support for defense-related goods and services. The SOSA will allow both nations to promptly procure essential defense components during critical situations, thereby prioritizing national security objectives.
In addition, Indian leaders proposed discussions concerning a Reciprocal Defense Procurement Agreement (RDPA) – a strategic framework that facilitates the “rationalization, standardization, and interoperability” of procurement standards and procedures between India and the United States. Taken together, these two agreements are essential for optimal technology transfers and sharing, and thereby are a prerequisite to ensure further growth within the bilateral India-U.S. bilateral defense cooperation framework. The RDPA is particularly essential, for it promotes continuous dialogue concerning market access and procurement issues, ensuring equitable opportunities for defense industries in participating countries.
The formalization of the RDPA between India and the United States will improve transparency and equity in defense procurement procedures between both partners, facilitate reciprocal market access to each nation’s defense industries, and advance interoperability within defense systems. Such an agreement will enable Indian defense manufacturers to ease the procurement of defense equipment from the United States, as the U.S. DoD will be able to waive certain restrictions that call for buying American products, among other considerations.
However, numerous challenges remain in the execution of the RDPA. Variations in procurement practices between India and the United States pose challenges in the realization of major objectives such as reciprocity in defense acquisitions. There are also questions over the range and applicability of the RDPA when it comes to research and development (R&D), as well as the pursuit of exemptions from specific U.S. procurement regulations.
If the RDPA is signed, Indian contractors and subcontractors will then be obligated to navigate the intricate framework of rules and regulations governing the United States’ defense procurement system. These regulations delineate the responsibilities of DoD contractors concerning the storage, transmission, and processing of “controlled information,” which pertains to sensitive data with military implications. Indian contractors will have to adhere to these regulations.
Moreover, defense contractors will need to comply with cybersecurity regulations. For instance, a substantial part of the Defense Federal Acquisition Regulation Supplement (DFARS) related to cybersecurity refers to the mandatory reporting of data breaches, necessitating contractors to disclose the nature of the incident and the specific malicious software or tactics employed. These mandates may include the implementation of audit controls, and the management of baseline configurations and configuration controls for both software and hardware. Finally, U.S. regulations also necessitate the enforcement of robust Identity and Access Management (IAM) measures, the assurance of physical security in the workplace, and the preservation of personnel integrity.
Under DFARS, contractors are also required to obtain Cybersecurity Maturity Model Certification (CMMC), with renewals mandated every three years. The CMMC serves as the DoD’s standard for verifying that contractors fulfil the necessary cybersecurity obligations prior to the actual awarding of contracts. Similarly, contractors using an External Service Provider – for example, e.g., Cloud Service Provider (CSP) – must confirm that the provider meets the Federal and Risk Authorization Management Program Moderate Baseline or its equivalent requirements.
The DFARS requirements present challenges for small and medium-sized contractors, who may lack the resources to meet these stringent standards. American industry associations have underscored the ambiguity surrounding both DFARS and the CMMC, and the supplementary costs that contractors are required to bear in order to comply with the established standards.
The potential advantages of an India-U.S. RDPA are considerable: enhanced interoperability, technological innovation, and economic development. However, its implementation will be difficult in practice. Variations in procurement procedures, adherence to intricate U.S. regulations, and apprehensions regarding the possible repercussions on domestic defense sectors must be meticulously addressed throughout the negotiation process.
Successful execution of the RDPA will entail a comprehensive understanding of the subtleties inherent in both the U.S. and Indian defense procurement frameworks. The effectiveness of collaboration between the defense industries of the two countries will largely hinge on their capacity to navigate this existing regulatory environment.
If and when India and the United States are able to achieve this, the RDPA will become a reality.