Reprinted with permission from the May 2026 issue of The Intellectual Property Strategist. © 2026 ALM Global Properties, LLC. Further duplication without permission is prohibited. All rights reserved.

Introduction & Overview

For those that follow or are otherwise thrust into intellectual property (IP) issues in the realm of U.S. Government (USG) contracting, the notion of “data rights marking” has been a recurring topic since at least December 2020 when the U.S. Court of Appeals for the Federal Circuit issued its decision in Boeing Co. v. Secretary of the Air Force, 983 F.3d 1321 (Fed. Cir. 2020). Since then, it has only become more prevalent, including with proposed regulatory amendments and the Federal Circuit’s decision last year in FlightSafety International v. Secretary of the Air Force, 130 F.4th 926 (Fed. Cir. 2025). Although this area of USG contract practice is not particularly flashy, it is fraught with potential pitfalls. Improper or non-conforming data rights markings can lead to objection or challenge by the USG, and a failure to mark may lead to loss of certain rights in the underlying IP. Accordingly, this article provides a practical guide to data rights marking, especially for those individuals involved in, or responsible for, marking content delivered to the USG.

Background

The delivery of IP comprising data and/or software is a common requirement under USG contracts. The notion of “data rights” refers to the contractual provisions governing the USG’s license rights in such data or software delivered thereunder. Depending on the type of contract, such provisions may be prescribed by sections of the Federal Acquisition Regulation (FAR), Defense FAR Supplement (DFARS), or other agency FAR supplement. Alternatively, data rights provisions may be written out in contracts such as an Other Transaction agreement (OTA), Cooperative Research and Development Agreement (CRADA), or the like. While each type of contract may have its own data rights provisions, including as to data rights marking, this article focuses specifically on data rights provisions under the DFARS. The principles herein, however, can typically be extrapolated to other USG contracting scenarios, but each contract should be considered on its own.

DFARS 252.227-7013 and -7014 provide that contractors may “assert” restrictions in the license rights the USG is granted in non-commercial (e.g., applicable only to the USG, such as for military purposes) technical data and software delivered from the contractor thereunder. Technical data refers to recorded information of a scientific or technical nature (e.g., technical drawings, manufacturing specifications, material properties data sheets, etc.) and software refers to computer programs and source code, as well as related algorithms, processes, flow charts, and the like. DFARS 252.227-7015 provides the license rights the USG is granted in the contractor’s commercial technical data delivered. Note that, as part of the USG’s Revolutionary FAR Overhaul (RFO) efforts, the USG has engaged in consolidation and deletion of various FAR and DFARS provisions, including renumbering thereof. As relevant here, according to USG internal guidance, effective Feb. 1, 2026, the RFO Part 227 “class deviation” has resulted in consolidation and renumbering of DFARS 252.227-7013 and -7014 into DFARS 252-227-7989, and renumbering of DFARS 252.227-7015 into DFARS 252.227-7990, each with certain edits not critical to the discussion herein. See, e.g., RFO “Update to DFARS Part 227 ‘Patents, Data, and Copyrights’ Guidance and Clauses,” Warfighting Acquisition University. The RFO is ongoing and the class deviations are subject to additional procedures before formal implementation into the Code of Federal Regulations’ DFARS provisions. Regardless, most existing contracts retain for the time being the prior provisions/numbering (DFARS 252.227-7013, -7014, and -7015) unless and until modified, and this article therefore primarily refers to them as well. Contractors, however, can likely start expecting new DFARS solicitations to reference the new class deviation provisions/numbering (DFARS 252.227-7989 and -7990).

Critically, the USG does not “own” the data or software delivered under these DFARS provisions (even if the USG paid for the development thereof), but instead receives license rights — i.e., “data rights” — therein. The contractor makes data rights “assertions,” usually via a data rights assertion (DRA) table, with respect to the relevant data or software required to be delivered. The most common categories of data rights are: “Unlimited Rights” — the USG can disclose the data/software to anyone for any reason; “Government Purpose Rights” — the USG generally can disclose outside of the USG only for USG purposes; and “Limited Rights” (for technical data) / “Restricted Rights” (for software) — the USG generally can only disclose within the USG, with limited exceptions. Although these categories apply specifically to non-commercial technical data and software, there are similar categories for commercial technical data that parallel Unlimited Rights and Limited Rights. Commercial software is, however, governed by different provisions and typically provided according to the contractor’s customary commercial software license agreement.

Although there are many strategic and salient points of data rights assertions (a complex matter all on its own) not discussed herein, the applicability of the various categories of data rights tends to comport with a “follow-the-money” approach. If the USG fully paid for the development of the data/software à Unlimited Rights typically applies; if partial funding by the USG à Government Purpose Rights; if exclusively private funding à Limited Rights / Restricted Rights. There can be variations on this approach, including for Specially/Specifically Negotiated License Rights (SNLRs) and Small Business Innovation Research (SBIR) Rights, not discussed in depth here. But there are also key carve-outs to this follow-the-money approach for data considered necessary for operation, maintenance, installation, or training (OMIT) or form, fit, and function (FFF) data — each of which gets Unlimited Rights treatment, regardless of funding source.

For purposes of this discussion, it is assumed that data rights assertions have already been made under the respective contract and a corresponding DRA table informs the contractor and USG what technical data/software is delivered with which data rights category.

Data Rights Markings Generally

Data rights marking refers to the marking(s) specific to the USG’s data rights in the data or software delivered under the USG contract. This concept is distinct from a company’s standard “proprietary” or “confidential” marking that may typically be applied to documents shared among non-USG entities, such as under a non-disclosure agreement or other agreement containing confidentiality provisions. Indeed, as discussed below, the notion of contractors’ “proprietary” markings is one of the reasons data rights marking is a prominent topic in USG contract practice. Note that data rights marking is also distinct from, though somewhat related to, “Distribution Statements”—a topic which could warrant its own discussion but, in general, any Distribution Statement used should not contradict the level of data rights. See “DoD Instruction 5230.24 Distribution Statements on DoD Technical Information” at p. 23 (Table 1) (Jan. 10, 2023); “Distribution Statements and Their Corresponding Reasons for Use” (Oct. 15, 2018).

Ostensibly, data rights marking should be easy. Certain regulations even tell the contractor what language to include. For example, under DFARS 252.227-7013(g)(4), non-commercial technical data delivered with Limited Rights must bear the following marking:

Limited Rights Contract Number                                                                                                        Contractor Name                                                                                                        Contractor Address                                                                                                     The Government’s rights to use, modify, reproduce, release, perform, display, or disclose these technical data are restricted by paragraph (c)(3) of the DFARS 252.227-7013, Rights in Technical Data—Other Than Commercial Products and Commercial Services, clause contained in the above identified contract. Any reproduction of technical data or portions thereof marked with this legend must also reproduce the markings. Any person, other than the Government, who has been provided access to such data must promptly notify the above named Contractor.

There are similar markings for Restricted Rights (software) and for Government Purpose Rights (as well as for SBIR Rights and Special License Rights). Marking under DFARS 252.227-7989(g)(4)-(5), to the extent included in the USG contract instead of DFARS 252.227-7013 and -7014, is similar. There is no specified marking for Unlimited Rights under current in-force regulations, nor for delivery of commercial technical data.

So, why is data rights marking a prevalent topic these days? Generally for two reasons: (1) proprietary, or so-called third-party, markings; and (2) commercial technical data rights markings. First, proprietary markings are commonplace in business-to-business dealings, and ideally included on every proprietary/confidential document a company shares externally. But when such markings are retained on, or added to, documents containing data or software delivered under a USG contract, the issue becomes more complicated. The Federal Circuit in the Boeing case tackled the issue of whether delivery of Unlimited Rights non-commercial technical data could include a proprietary marking — generally concluding “yes” but without delineating the exact language or limits thereof. See, 938 F.3d at 1327-34. Eventually, on remand, Boeing and the Air Force ultimately settled upon the following marking (hereafter Boeing marking), see Boeing Co., ASBCA Nos. 61387, 61388, Order of Dismissal at Ex. 1, Att. 1 (Dec. 6, 2022).

THE DATA HEREIN ARE NONCOMMERCIAL TECHNICAL DATA DELIVERED TO THE U.S. GOVERNMENT WITH UNLIMITED RIGHTS Contract Number                                                                                                        Contractor Name         The Boeing Company                                                        Contractor Address                                                                                                     © [YYYY] Boeing. The technical data herein are owned by The Boeing Company. The U.S. Government authorizes non-U.S. Government recipients of these data to use these data for the performance of U.S. Government contracts or subcontracts. Any other third-party us of the data requires permission from the U.S. Government or The Boeing Company.

Second, as to commercial technical data markings, the Federal Circuit in the FlightSafety case dealt with a somewhat similar scenario dealing with “unrestricted rights” data under DFARS 252.227-7015(c)(1) (parallel, as mentioned, to Unlimited Rights) and FlightSafety’s proprietary markings included on the deliverables. The Federal Circuit acknowledged the importance of contractors placing “restrictive markings on their data to preserve their rights,” but rejected all of FlightSafety’s proffered markings. FlightSafety, 130 F.4th at 937-40. The court held that the language of a contractor’s proprietary marking cannot contradict any aspects of the USG’s actual rights in the technical data granted under the contract. See id.

Taking the principles of these two cases together, a key takeaway is that proprietary markings are permissible according to the Federal Circuit but must not conflict with the USG’s rights enumerated as to the applicable data rights category under DFARS 252.227-7013, -7014, or -7015 (or DFARS 252.227-7989 or -7990). Even so, the Boeing case only explicitly dealt with Unlimited Rights under DFARS 252.227-7013, and FlightSafety with unrestricted rights under DFARS 252.227-7015. Any proprietary marking, especially for other-than-Unlimited Rights, thus may be subject to scrutiny by the USG. See “DoD Manual 5010.12 Acquisition and Management of Contractor-Prepared Data” (Nov. 21, 2025) (noting in Appendix 8A: Data Markings (pp. 77-78) that DFARS regulations “define the restrictive rights marking legends allowed” and stating that “‘Proprietary’ is not an acceptable marking for noncommercial” technical data/software, though acknowledging that “there are no requirements for a specified restrictive legend or marking for commercial” technical data and notably stating that such data “can be marked with ‘proprietary’ or other language that denotes the data is subject to use, release, or disclosure restrictions”).

The industry is thus left to determine whether and how to employ these principles under all marking scenarios, which is the crux of the discussion below.

Practical Guidance

Unlimited Rights

If nothing else, the resolution of the Boeing case set a (non-binding) baseline of sorts for data rights marking in delivering Unlimited Rights non-commercial technical data (or software) under the DFARS. A template based on the Boeing marking might look like the following:

THE [DATA / SOFTWARE] HEREIN [ARE / IS] NON-COMMERCIAL [TECHNICAL DATA / SOFTWARE] DELIVERED TO THE U.S. GOVERNMENT WITH UNLIMITED RIGHTS Contract Number                                                                                                        Contractor Name                                                                                                        Contractor Address                                                                                                     (c) [YYYY] [Contractor]. The [technical data / software] herein [are / is] owned by [Contractor]. [The U.S. Government authorizes non-U.S. Government recipients of [these / this] [data / software] to use [these / this] data for the performance of U.S. Government contracts or subcontracts.] Any [other] third-party use [or disclosure] of [these / this] [data / software] requires permission from the U.S. Government or [Contractor].

If not doing so already, contractors should consider adopting an approach to include a Boeing-type marking on all Unlimited Rights deliverables. Even so, the USG may not universally accept such a marking and would likely have no objections to receiving Unlimited Rights data and software without any data rights marking or proprietary marking whatsoever—recall, no data rights marking is specified under the DFARS for Unlimited Rights, and the USG has very broad rights in Unlimited Rights content.

Importantly, the statement at the bottom of the Boeing marking (hereafter “proprietary statement”) includes two key elements: (1) the contractor owns the data, i.e., which is akin to saying the data is proprietary to the contractor; and (2) third-party use requires permission from the USG or contractor. Note the word “proprietary” is absent (given the USG’s objection to it in the Boeing case), but reciting the contractor’s ownership effectively accomplishes the same thing. And the word “confidential” is not used (the USG reserves that term only in relation to classified materials), but the recitation against third party use without permission implies as much. Note also a couple “optional” (but preferred) modifications to the Boeing marking that the above template proposes — the middle sentence in the proprietary statement (“The U.S. Government authorizes . . .”) is preferably excluded and might only be included if the USG requests it; and the final sentence (“Any other third-party use . . .”) preferably also removes “other” and adds “or disclosure” to explicitly mention restricting third-party disclosure in addition to use.

Why does this matter? Because even for Unlimited Rights data/software a contractor would prefer to maintain as many IP rights in such data/software as possible, e.g., to prevent against misappropriation. Remember, the USG does not own the contractor’s Unlimited Rights data/software. Moreover, given the carve-outs on OMIT and FFF data — required to be delivered with Unlimited Rights, regardless of funding source — the contractor may have even invested significant private funds to develop such OMIT or FFF content. Also, the USG is not required to exercise the full scope of its Unlimited Rights — and, indeed, may prefer not to share the information outside of the USG if the content is particularly sensitive and/or would be detrimental to the USG (in addition to the contractor) if used or disclosed without restriction. Accordingly, any proprietary statement may help preserve and protect the contractor’s rights in the data/software, potentially up to and including confidentiality or trade secret rights — though the Federal Circuit to-date has not weighed in on the viability of as much.

Government Purpose Rights

Recall the two key elements in the Boeing marking: (1) the contractor owns the data; and (2) third-party use requires permission. Although — unlike Unlimited Rights — there is a regulatorily-prescribed marking for Government Purpose Rights under the DFARS, such marking states neither of these two elements explicitly. Accordingly, in line with the Boeing case, and consistent with the FlightSafety case, a proprietary statement should ostensibly be acceptable for a Government Purpose Rights marking, and not limited just to Unlimited Rights markings. A template might look like the following:

Government Purpose Rights Contract Number                                                                                                        Contractor Name                                                                                                        Contractor Address                                                                                                     Expiration Date                                                                                                           The Government’s rights to use, modify, reproduce, release, perform, display, or disclose these technical data are restricted by paragraph (c)(2) of the DFARS 252.227-7013, Rights in Technical Data—Other Than Commercial Products and Commercial Services, clause contained in the above identified contract. No restrictions apply after the expiration date shown above. Any reproduction of technical data or portions thereof marked with this legend must also reproduce the markings. (c) [YYYY] [Contractor]. The technical data herein are owned by [Contractor]. [The U.S. Government authorizes non-U.S. Government recipients of these data to use these data for the performance of U.S. Government contracts or subcontracts.] Any [other] third-party use [or disclosure] of these data requires permission from the U.S. Government or [Contractor].

A similar template can be generated for Government Purpose Rights software under DFARS 252.227-7014 (as well as for DFARS 252.227-7989 if incorporated into the contract instead of DFARS 252.227-7013 and -7014). Note again the “optional” (preferred) modifications in the middle and final sentences in brackets. Indeed, there is even more reason to leave out these optional components for Government Purpose Rights because, even though the USG has broad rights to disclose the content outside of the USG for USG purposes, DFARS 252.227-7013(c)(2)(iii) and -7014(c)(2)(iv) require that, prior to any such release, the recipient must be subject to a nondisclosure agreement or other restriction from further disclosure.

Limited Rights & Restricted Rights

As with Government Purpose Rights, the two key elements of the proprietary statement (contractor ownership and permission for third-party use) are not explicitly stated in the prescribed Limited Rights and Restricted Rights markings under DFARS 252.227-7013 and -7014 (or DFARS 252.227-7989). And, for the same reasons as above, a proprietary statement ideally should be acceptable for Limited Rights and Restricted Rights markings. A Limited Rights template might look like the following:

Limited Rights Contract Number                                                                                                        Contractor Name                                                                                                        Contractor Address                                                                                                     The Government’s rights to use, modify, reproduce, release, perform, display, or disclose these technical data are restricted by paragraph (c)(3) of the DFARS 252.227-7013, Rights in Technical Data—Other Than Commercial Products and Commercial Services, clause contained in the above identified contract. Any reproduction of technical data or portions thereof marked with this legend must also reproduce the markings. Any person, other than the Government, who has been provided access to such data must promptly notify the above named Contractor. (c) [YYYY] [Contractor]. The technical data herein are owned by [Contractor]. Any third-party use [or disclosure] of these data requires permission from [Contractor] or, to the extent authorized under DFARS 252.227-7013(c)(3), the U.S. Government.

A Restricted Rights template under DFARS 252.227-7014 would be similar. Critically, note the “optional” middle sentence in the proprietary statement of the Boeing marking (“The U.S. Government authorizes . . .”) should be completely excluded here. The USG does not have broad rights under Limited Rights or Restricted Rights to authorize use or disclosure by third parties (even for USG purposes) without the contractor’s consent. Note, however, that the last sentence includes suggested language acknowledging that the USG does have the ability to disclose Limited Rights data (and Restricted Rights software) under limited circumstances without necessarily needing pre-approval from the contractor — including to covered Government support contractors, and as necessary for emergency repair and overhaul.

Commercial Technical Data

Similar principles and techniques as above would apply to any markings for commercial technical data delivered under DFARS 252.227-7015 (or DFARS 252.227-7990, to the extent incorporated into the USG contract instead of DFARS 252.227-7015), but the lack of regulatorily-prescribed data rights markings may provide a bit more flexibility. A template for unrestricted rights under DFARS 252.227-7015(c)(1) (as mentioned, akin to Unlimited Rights) might look like the following:

THE DATA HEREIN ARE COMMERCIAL TECHNICAL DATA DELIVERED TO THE U.S. GOVERNMENT UNDER DFARS 252.227-7015(c)(1) Contract Number                                                                                                        Contractor Name                                                                                                        Contractor Address                                                                                                     (c) [YYYY] [Contractor]. The technical data herein are owned by [Contractor]. [The U.S. Government authorizes non-U.S. Government recipients of these data to use these data for the performance of U.S. Government contracts or subcontracts.] Any [other] third-party use [or disclosure] of these data requires permission from the U.S. Government or [Contractor].

The inclusion of the optional components in the proprietary statement would comport with the discussion above for Unlimited Rights markings.

A template for rights under DFARS 252.227-7015(c)(2) (as mentioned, akin to Limited Rights) might look like the following:

THE DATA HEREIN ARE COMMERCIAL TECHNICAL DATA DELIVERED TO THE U.S. GOVERNMENT UNDER DFARS 252.227-7015(c)(2) Contract Number                                                                                                        Contractor Name                                                                                                        Contractor Address                                                                                                     (c) [YYYY] [Contractor]. The technical data herein are owned by [Contractor]. Any third-party use [or disclosure] of these data requires permission from the U.S. Government or [Contractor].

The USG’s rights in commercial computer software delivered under a USG contract are governed by separate provisions (DFARS 227.7202-3) stating that the contractor’s standard commercial software license should apply, however appropriate marking of such software should still be accomplished, and a similar template as above could be employed.

Other Scenarios

The above templates and principles can ideally be extrapolated for other data rights marking scenarios, including as under the DFARS, FAR (or supplements), or even OTAs, CRADAs, and similar USG contracts — but the language of the contract always controls. For instance, other templates can be built similar to the above, each including the following components:

1. Data Rights Category / Statement — g., “Government Purpose Rights”
2. Contract and Contractor Information — g., “Contract Number________” etc.
3. Expiration (if applicable) — g., “Expiration Date________”
4. Regulatory Language (if applicable) — g., “The Government’s rights to use ….”
5. Copyright Information (optional) — g., “(c) 2026 [Contractor]”
6. Proprietary Statement — g., “The technical data herein ….”

There are also potentially a number of other ways to draft a compliant proprietary statement, provided it does not conflict with the USG’s rights — for example, including “Non-U.S. Government Notice” followed by the preferred text.

Finally, note that other (non-data rights or proprietary) markings not analyzed herein are often also required in the delivery of technical data or software under a USG contract. These include, but are not limited to, Distribution Statements, export control markings, and controlled unclassified information (CUI) markings.

Conclusion

The above discussion is meant to provide approaches to data rights marking that are consistent with the case law and other USG contract practice. The goal is to maximize contractors’ ability to protect their valuable IP without losing rights due to improper or failed markings. While there can be no guarantee of success, and contractors may have to negotiate or make tough decisions on a case-by-case basis with respect to data rights markings, the tools provided herein should help contractors devise best practices and strategies for dealing with data rights marking issues.

*****

Darrell Stark is a Partner with Taft Stettinius & Hollister LLP in the Cincinnati office. He is an experienced IP transactional and litigation attorney, and advises clients regularly on commercial and U.S. Government transactions involving IP and data rights, including licensing, research & development, and mergers & acquisitions. Darrell also litigates IP disputes in federal trial and appellate courts and administrative bodies. Darrell draws on his prior experience as in-house IP counsel in the aerospace industry to help clients align their IP strategies with their broader business goals in both the commercial and defense industries. He can be reached at dstark@taftlaw.com or on LinkedIn here.