Compliance is a procurement & engineering discipline — not a clearance step.

Aurevia's BESS, PCS, and inverter procurement is screened against NDAA Section 841 and the broader FEOC framework. Suppliers identified as Foreign Entities of Concern under the statutory framework are excluded by Aurevia procurement policy — not as a project-by-project decision, but as a standing supplier qualification rule.

FEOC analysis runs at the cell, module, and rack level. Country-of-origin documentation is captured at the bill-of-materials level and maintained as part of the project record. Where the customer is DoD or DoD-adjacent, the FEOC documentation package is structured to support government acceptance review.

Domestic content qualification is calculated and documented at the BOM level for solar modules, inverters, racking, BESS containers and components, and balance-of-system equipment. The qualification path — adjusted percentage method or elective safe harbor — is selected per project based on equipment availability and timing.

Energy community and prevailing-wage / apprenticeship bonus credit pathways are evaluated at the same time, so the procurement strategy is aligned to the full credit stack the project can capture — not engineered around a single bonus.

Where federal funding or federal customers apply, Buy American Act and Build America, Buy America (BABA) flowdowns are tracked through procurement and embedded in subcontract agreements. Waiver pathways are pursued only where compliant supply does not exist at the required cost or schedule.

FAR and DFARS clauses applicable to the prime contract are flowed down to subcontractors through Aurevia's standard subcontract template, which is maintained with outside counsel and updated as regulatory guidance evolves.

UL, IEEE, and NFPA standards applicable to solar, BESS, and microgrid systems are referenced in equipment specifications and verified through commissioning. Documentation is produced at the level federal acceptance testing requires — not the level commercial work tolerates.

Where state or local AHJs have adopted modified versions of these standards, the project-specific standards set is documented at engineering kickoff and tracked through commissioning. Listed equipment is required for all critical components; field-modified equipment is the exception, not the default.

SCADA, plant controllers, and microgrid controller architectures are designed with cybersecurity as an engineered requirement — network segmentation, access control, patch management, and audit logging are part of the controls scope, not added during commissioning.

Project data handling — drawings, specifications, controls configurations, and operational data — is governed by access control and information handling practices appropriate to the customer environment. For federal-adjacent work, controls and project data handling are aligned to applicable NIST 800-series guidance.