The Romanian Parliament approved last week the list of 21 projects funded through the European SAFE program, and the deadline for signing individual contracts is May 31, 2026. Romania is receives €16.6 billion—the second-largest allocation in the EU—from a program with a total budget of €150 billion at the European level.

For private companies entering the supply chains, this context implies a paradigm shift, as they transition from isolated contracts to integration into European supply chains, which also entails complex responsibilities.

The SAFE model requires that at least 65% of components come from the EU, with an emphasis on local production and technology transfer. In Romania, the “cooperation agreement” mechanism—a continuation of the offset system controlled by ARCTIS—makes the acceptance of products contingent upon meeting specific industrial indicators. The subcontractor is thus no longer merely a technical supplier but becomes part of an industrial policy, with direct exposure in the event of failure to meet the indirectly assumed indicators.

The regulatory framework (Government Emergency Ordinance 62/2025, as amended) allows for negotiations without prior publication and for the modification of ongoing contracts. This flexibility reduces bureaucracy but also limits the traceability of decision-making. Compliance obligations remain in full force and are transferred via flow-down clauses from the prime contractor to subcontractors—including those regarding cybersecurity, component origin, and export control.

In practice, main contracts (prime contracts) are rare to be performed entirely by the main supplier. Execution is fragmented among manufacturing subcontractors, component suppliers, software integrators, and service providers. In this context, subcontractors become essential—but also exposed—players in the new legal architecture of defense.

Companies entering these supply chains must understand that simplifying procurement procedures does not reduce compliance obligations. We recommend a compliance audit covering technical, legal, and supply chain aspects, the negotiations of protection terms in the relationship with the prime contractor, and the implementation of documented internal policies in the areas of anti-corruption, cybersecurity, ESG, and export control. Inaccurate statements regarding the origin of components, irregularities in the use of funds, or violations of export control regulations may result in civil and criminal liability for the companies involved and their decision-makers. A compliance audit conducted prior to signing the contract is not an additional cost, but a protective measure.

Documenting these measures is just as important as implementing them—in the event of an audit, the absence of evidence can create liability, even if the non-compliance originated from another point in the supply chain.