On 14 July 2020 the member agencies of the US government Federal Acquisition Regulation (FAR) Council published a long-awaited interim rule implementing Section 889(a)(1)(B) of the National Defence Authorisation Act 2019 (FY19 NDAA), which prohibits government agencies from:
enter[ing] into a contract (or extend[ing] or renew[ing] a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as a critical technology as part of a system. (Emphasis added).
The interim rule, which took effect on 13 August 2020, represents the second phase of implementation of Section 889. It follows on the heels of the rule that implemented Section 889(a)(1)(A) in 2019, which prohibits government agencies from "procuring or obtaining" such equipment, systems or services. For purposes of both sections, 'covered telecommunications equipment' includes:
- telecoms equipment manufactured by Huawei or ZTE; and
- video surveillance and telecoms equipment (when used for public safety, national security or security of government facilities and critical infrastructure) produced by three Chinese telecoms companies, their subsidiaries and affiliates and others that may be identified in future.
Essentially, the new rule prohibits government agencies from entering into, extending or renewing a contract with contractors if they use any equipment, system or service that uses certain Chinese telecoms equipment or services as a substantial or essential component of any system or as critical technology as part of any system.
The interim rule imposes a dramatic, wide-sweeping additional restriction on government contractors, requiring a representation with each offer "whether covered telecommunications equipment or services are used by the offeror". The new rule clarifies that the Section 889(a)(1)(B) restriction extends beyond a government contractor's business with the US government to its entire business. Given the breadth of companies to which the interim rule currently applies, and the fact that additional companies may be added to the list in future, government contractors face the daunting task of identifying and representing to the US government whether they use covered telecoms equipment in any of their businesses. The consequences of failing to comply are significant, as an inaccurate representation could:
- constitute a breach of contract;
- expose the contractor to potential false claims liability; and
- lead to significant financial loss for the contractor.
The restrictions in the FY19 NDAA stem from an effort to eliminate a perceived threat to the supply chain posed by certain Chinese companies, including Huawei and ZTE, as well as concerns regarding certain Chinese companies' use of video surveillance and facial recognition technology. Specifically, the interim rule cautions that the:
exfiltration of sensitive data from contractor systems arising from contractors' use of covered telecommunications equipment or services could also harm important governmental, privacy, and business interests.
The rule implementing Section 889(a)(1)(A) of the FY19 NDAA took effect on 13 August 2019 (for further details please see "New Huawei rule: what it means for US companies"). That interim rule prohibited executive agencies from:
procuring or obtaining, or extending or renewing a contract to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless [an exception or waiver applies].
This initial prohibition flows down to a government contractor's subcontractors at all tiers.
While Section 889(a)(1)(A) and its implementing rule remain in effect, the restrictions imposed by the now-effective Section 889(a)(1)(B) take an expansive next step. By prohibiting government agencies from entering into a contract (or extending or renewing one) with an entity that uses any equipment, system or service that itself makes use of covered telecoms equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, the government has eliminated any required direct nexus between the covered telecoms equipment and the government contract.
The interim rule implementing Section 889(a)(1)(B) amends the following sections of the FAR:
- Subpart 4.21 – Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment;
- the provision at 52.204-24 – Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment; and
- the contract clause at 52.204-25 – Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment.
What does the interim rule cover?
As mentioned, the interim rule applies to federal contractors that use "covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system". It applies to all US government contractors with FAR-covered contracts. The interim rule applies only to offeror entities and does not flow down to subcontractors, unlike Section 889(a)(1)(A). While the current definition of 'offeror' does not cover corporate families (eg, domestic affiliates and subsidiaries), the FAR Council is considering extending the restriction to domestic corporate families by 13 August 2021. However, it is apparently not considering extending the restriction to affiliated parties outside the United States.
The interim rule maintains the same definition of 'critical technology' set out in the Foreign Investment Risk Review Modernisation Act 2018, which primarily consists of export-controlled items, as well as the definitions of:
- 'covered foreign country';
- 'covered telecommunications equipment or services'; and
- 'substantial or essential component'.
Notably, 'substantial or essential component' is defined broadly in FAR 4.2101 to mean "any component necessary for the proper function or performance of a piece of equipment, system, or service".
What must government contractors do now?
The interim rule requires government contractors to provide a submission along with each offer that represents, "after conducting a reasonable [e]nquiry, whether covered telecommunications equipment or services are used by the offeror". The representation would be added as an additional section to FAR 52.204-24 – Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment. While this representation is currently being imposed on a solicitation-by-solicitation, contract-by-contract basis, it will eventually be added as just one of the myriad representations required for contractors to submit (and update at least annually) in the System for Award Management.
The interim rule provides that an:
entity may represent that it does not use covered telecommunications equipment or services, or use any equipment, system, or service that uses covered telecommunications equipment or services within the meaning of this rule, if a reasonable [e]nquiry by the entity does not reveal or identify any such use.
The interim rule defines 'reasonable [e]nquiry' as one:
designed to uncover any information in the entity's possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity. A reasonable [e]nquiry need not include an internal or third-party audit.
However, the preamble to the interim rule clarifies that the FAR Council expects an offeror's reasonable enquiry to include the covered telecoms equipment of any supplier or subcontractor, "regardless of whether that used is in performance of work under a Federal Contract".
If an offeror indicates that it does use covered telecoms equipment, it must provide an explanation as to why such usage does not violate the restrictions imposed by the act and regulation.
No third-party backhaul services exception for contractors under Section 889(a)(1)(B)
The statute includes two exceptions at Sections 889(a)(2)(A) and (B). First, Section 889(a)(2)(A) allows the head of an executive agency to procure with an entity "to provide a service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements".
The interim rule defines 'backhaul' as
intermediate links between the core network, or backbone network, and the small subnetworks at the edge of the network (e.g., connecting cell phones/towers to the core telephone network). Backhaul can be wireless (e.g., microwave) or wired (e.g., fiber optic, coaxial cable, Ethernet).
However, the interim rule adds that the Section 889(a)(2)(A) exception "does not apply to a contractor's use of a service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements". Thus, this exception does not apply to contractors using such systems under Section 889(a)(1)(B).
Second, Section 889(a)(2)(B) allows an entity to use:
telecommunications equipment that cannot route or redirect user data traffic or [cannot] permit visibility into any user data or packets that such equipment transmits or otherwise handles.
It is unclear whether the exception will apply if the telecoms equipment is capable of transmitting data but is appropriately air gapped to prevent transmission of that data (eg, where covered video surveillance devices are used as part of a closed-circuit system).
Section 889(d)(1) of the FY2019 NDAA allows the head of an executive agency to issue a one-time waiver on a case-by-case basis. Any such waiver will expire no later than 13 August 2022. Once this period expires, executive agencies must comply with the prohibition.
The interim rule provides that the executive agency's decision whether to start the waiver process will be "based on market research and feedback from Government contractors during the acquisition process, in concert with other internal factors".
The interim rule makes clear that if an offeror submits an offer with a representation "that it uses covered telecommunications equipment or services as a substantial or essential component of a system, or as critical technology as part of any system and no exception applies", the offeror will be treated as seeking a waiver. Following such a submission, the contracting officer must consider whether a waiver is necessary and then request information on the following from the offeror:
- a compelling justification for additional time to implement the requirements under Section 889(a)(1)(B);
- "a full and complete laydown of the presences of covered telecommunications or video surveillance equipment or services in the entity's supply chain"; and
- "a phase-out plan to eliminate such covered telecommunications equipment or services from the entity's systems".
An offeror may also proactively submit this information along with its offer before the contracting officer has decided to initiate the formal waiver process.
The interim rule notes that it might not be possible to determine whether a waiver should be considered until offers have been received and the executive agency has analysed representations from offerors.
Compliance steps and non-compliance risks
The interim rule highlights the importance "for contractors to develop a compliance plan that will allow them to submit accurate representations to the Government in the course of their offers". Therefore, the interim rule suggests that "a robust, risk-based compliance approach will help reduce the likelihood of noncompliance". It notes that the FAR Council assumes the following steps would be part of a compliance plan developed by any entity:
- Entities should familiarise themselves with the rule.
- Entities must "determine through a reasonable [e]nquiry whether the entity itself uses 'covered telecommunications' equipment or services as a substantial or essential component of any system, or as critical technology as part of any system". As noted above, this enquiry should include subcontractors and suppliers providing the offeror with covered telecoms equipment and services.
- Entities should educate their "purchasing/procurement, and materials management professionals to ensure they are familiar with the entity's compliance plan".
- If covered equipment and services are identified, an entity must "implement procedures if the entity decides to replace existing covered telecommunications equipment or services and ensure new equipment and services acquired for use by the entity are compliant".
- An entity should "provide representation to the Government regarding whether the entity uses covered telecommunications equipment and services and alert the Government if use is discovered during contract performance".
- Entities for which a waiver will be requested should "(1) develop a phase-out plan to phase-out existing covered telecommunications equipment or services, and (2) provide waiver information to the Government to include the phase-out plan and the complete laydown of the presence of the covered telecommunications equipment or services".
The interim rule notes that a failure to comply constitutes a breach of contract from a purely contractual perspective and may "lead to cancellation, termination, and financial consequences". As contractors must also submit an affirmative representation as to whether they use covered equipment, a misrepresentation could expose them to false claims liability as well.
The interim rule allows interested parties to submit written comments, to be considered in the formation of the final rule, on or before 14 September 2020. Interested parties may want to comment on the following issues:
- The interim rule does not define 'use', 'system' or 'critical infrastructure'. These definitions are critical to identifying the rule's scope.
- The interim rule was issued shortly before the effective date of Section 889(a)(1)(B), giving stakeholders little time to implement compliance measures. The cost of compliance with this rule may be significant, and government contractors may not have many viable alternatives to the covered telecoms equipment. Commenters may want to urge the government to consider implementing a grace period for compliance, in addition to the waiver provision already set out in the rule.
Comments can be submitted via the Federal eRulemaking portal under FAR Case 2019-009.
