Last week’s directive from the White House is more than a policy update but a long-overdue shift in how the federal government approaches technology. For decades, agencies have been encouraged to prioritize commercial off-the-shelf (COTS) solutions. Yet in practice, the system has too often defaulted to expensive, bespoke builds that lag behind the pace of innovation. Memorandum M-26-12, issued on April 17, 2026, provides specific guidance for implementing this order, emphasizing the goal of “Increasing the Acquisition of Commercial Products and Services” across the federal government.
The new guidance makes the expectation unmistakable: government should buy and deploy commercially available technology wherever possible. This is exactly how every leading industry operates. The world’s most sophisticated financial institutions, healthcare systems and global enterprises don’t build everything from scratch. They adopt best-in-class technology and adapt it to their needs. It’s faster, more secure and far more cost-effective. The federal government should be no different.
The reality is that the private sector is where innovation happens at scale. From cybersecurity to cloud infrastructure to AI, the most advanced capabilities are being built, tested and hardened in commercial environments every day. When government agencies rely on outdated procurement models or over-customized systems, they not only spend more but they also fall behind. The White House directive recognizes this gap and takes a meaningful step toward closing it. By pushing agencies to justify non-commercial purchases and increase adoption of proven solutions, it is setting a new standard for efficiency, accountability and performance.
Having spent more than two decades in government, including serving as DHS CISO, acting Deputy CIO, FedRAMP board member and vice-Chair of the Federal CISO Council, I have seen firsthand how difficult it has been for agencies to access and adopt the best commercial technologies even when they clearly outperform custom-built alternatives. That experience underscores a consistent challenge: the barrier is rarely the absence of capability, but the friction of adoption.
But policy alone isn’t enough. One of the biggest barriers preventing innovative companies from serving the government has never been capability. It has been compliance. Navigating federal cybersecurity requirements, authorization processes and procurement complexity can take years. For many of the most advanced technology companies, the cost and friction simply are not worth it. What is needed is a modern approach to bridging that gap. One that enables commercial providers to demonstrate security, compliance and operational readiness in a way that is faster, more standardized and more transparent. By reducing the burden of bespoke authorization processes and aligning requirements with modern software delivery practices, government can unlock far more innovation without compromising security.
This is where the next evolution of government technology adoption must focus: not on lowering standards, but on modernizing the path to meeting them. We already see this pattern in other highly regulated sectors. Financial services and healthcare, for example, have increasingly adopted standardized compliance frameworks, automated controls validation and continuous monitoring approaches that allow them to move faster while improving oversight. The Federal government can do the same.
This directive signals a turning point. It is an opportunity to rethink how government buys, builds and deploys technology and to align those practices with the realities of modern innovation. The mission is clear: deliver better outcomes for taxpayers, faster and more efficiently. The path forward is equally clear: adopt the best technology available and make it easier, faster and more consistent for the companies building it to serve.
