As 2026 begins and Congress returns from its holiday break, the federal IT community finds itself at a critical inflection point.
When Congress reconvenes, it will face a calendar stacked with deadlines, lapsed authorities, and must-pass priorities that could shape federal technology policy for years to come.
Here is a look at what may be coming down the pike in 2026:
TMF reauthorization
Among the most urgent looming issues is the Technology Modernization Fund (TMF), an initiative housed at the General Services Administration (GSA) that provides funding to federal agencies for tech modernization projects. Since its creation in 2017 under the Modernizing Government Technology Act, the TMF has invested more than $1 billion across dozens of projects aimed at improving citizen services, strengthening cybersecurity, and updating legacy systems.
But as Dec. 12, 2025, passed, so did the fund’s authority to operate. Despite bipartisan backing and industry letters urging reauthorization, Congress failed to act in time – leaving over $150 million in TMF funding effectively frozen. GSA can continue to oversee its existing investments, but it is not able to make any new TMF awards.
Advocates argue that without a TMF reauthorization early in 2026, agency IT modernization will slow, and agencies will face greater operational risk.
CISA 15 extension
Another clock running down is the Cybersecurity Information Sharing Act of 2015 (CISA 15), which established a legal framework for government and industry members to share cybersecurity threat data.
While a short-term extension for CISA 15 was tucked into the funding package that reopened the federal government this fall, the law’s authority is only extended until Jan. 30, 2026.
When lawmakers return, extending CISA 15 will be critical. Cybersecurity experts warn that failure to extend or reauthorize CISA 15 will leave information-sharing arrangements in legal limbo.
SLCGP extension
On the same Jan. 30 clock sits the State and Local Cybersecurity Grant Program (SLCGP). This program disburses federal funds to state and local governments to bolster their cybersecurity defenses.
Like CISA 15, SLCGP received a short-term extension tied to the continuing resolution (CR), but its funding authority will expire right alongside the CR if Congress doesn’t act.
SBIR/STTR lapse
Perhaps more quietly, the Small Business Innovation Research Program (SBIR) and the Small Business Technology Transfer Program (STTR) programs lapsed on Sept. 30, 2025. The programs have delivered over $77 billion in research and development funding to more than 33,000 small businesses nationwide, helping drive technological breakthroughs.
Unlike CISA 15 and SLCGP, these programs did not receive a lifeline in the CR. The lapse has already stopped agencies from issuing new funding opportunities and inserted uncertainty into the planning cycles of thousands of small innovative firms.
When Congress reconvenes, lawmakers may revisit these programs and offer them an extension as well.
FITARA refresh
Attention is turning back to the Federal Information Technology Acquisition Reform Act (FITARA) Scorecard, which debuted in 2015 to grade the 24 largest federal agencies on their progress across a range of IT-related categories. There has not been a FITARA Scorecard since September 2024 – the late Rep. Gerry Connolly, D-Va., issued the last edition.
However, his successor, Rep. James Walkinshaw, D-Va., said he is eager to carry on Conolly’s work on the FITARA Scorecard. Walkinshaw said he and Rep. Suhas Subramanyam, D-Va., have talked about developing a modernized version of the scorecard that takes “elements that are still relevant,” while creating stronger categories for AI and cyber.
Will 2026 be the year FITARA’s relevance is renewed?
Government funding
Underlying all of the above is a simpler but ever-present reality: Congress must fund the government. Lawmakers sent federal agencies into 2026 operating under a continuing resolution that expires on Jan. 30.
Appropriators will need to thread the needle on a suite of issues, from broad spending priorities to targeted IT accounts, or risk another standoff that could exacerbate uncertainty around the very programs that agencies are trying to stabilize. Given the fractious dynamics in both chambers, it’s unclear whether a clean full-year funding bill – much less one that includes reauthorizations – can emerge by the deadline.