Businesses should consider cost of compliance and supply chain
If your business contracts with the United States Department of Defense (DoD), the General Services Administration (GSA), or National Aeronautics and Space Administration (NASA), you need to know about a new interim rule amending the Federal Acquisition Regulation (FAR) that prohibits the use of telecom and surveillance equipment from Chinese companies. This new interim rule is due to “an unacceptable level of risk for the government,” according to the notice posted on the Office of the Federal Register website.
This interim rule, which went into effect on Aug. 13, 2019, could make it more difficult for businesses to manage their supply chain when it comes to fulfilling contracts with the U.S. government. In addition to adding Chinese companies to the no go list of suppliers for contractors and subcontractors of government contracts, the new rule also seeks to address certain threats by implementing new reporting requirements on contractors and subcontractors.
Covered Telecommunications Equipment & Services
Section 889(a)(1)(A) of the interim rule prohibits contractors and subcontractors from obtaining “Any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any systems, or as a critical technology as part of any system” after Aug. 13, 2019. The rule outlines that equipment, components, or services produced or provided by the following companies is strictly prohibited:
• Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate)
• Hytera Communications Corporation
• Hangzhou Hikvision Digital Technology Company
• Dahua Technology Company (or any subsidiary or affiliate)
• “Any entity owned or controlled by, or otherwise connected to, the government of a covered foreign country” which is defined as the “People’s Republic of China.”
Under certain circumstances, the interim rule does allow (per section 889) the head of an agency to grant a one-time waiver on a case by case basis for up to a two-year period to end before Aug. 13, 2021. In order to obtain such a waiver, a “compelling justification for the additional time to implement” must be submitted and there is no guarantee a waiver will be granted.
This rule also requires companies with new or pending government contracts to submit with each offer a list of covered equipment or services that will be provided. This includes commercial items such as Commercial Off-the-Shelf (COTS) items such as surveillance cameras used for security purposes. Each agency, based on its specific mission and supply chain risks, may also determine additional information that must be provided by contractors.
To reduce the burden on contractors of providing information, the DoD, GSA, and NASA are working on updates to the System for Award Management that would allow contractors to submit whether they sell covered equipment, systems, or services on an annual basis. If the contractors report that they do use covered equipment, systems, or services, they would be required to provide further details on an offer-by-offer basis to the contracting officer within one business day.
Should a contractor or subcontractor determine during the course of fulfilling a government contract that covered services or substantial components of products are involved in the execution of said contract(s), this must be reported. That means if your business is already working on a government contract (post-Aug. 13, 2019) and it is discovered that any of the telecommunications or surveillance equipment or services is connected with a Chinese company, it must be reported to the agency you’re contracted with immediately.
Additionally, the reporting contractor or subcontractor must report any “readily available information about mitigation actions undertaken or recommended” within 10 business days. The same is true regarding the prevented use or submission or covered equipment or services as well as “any additional efforts that will be incorporated to prevent the future use or submission of covered telecommunications equipment or services.”
When Does This Go Into Effect?
The FAR 52.204-24, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment, and clause FAR 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Service or Equipment, outlines that any contracts issued on or before Aug. 13, 2019, as well as contracts awarded after that date are subject to the stipulations of the new rule. That means if your business contracted with the DoD, GSA, or NASA to provide telecommunications or surveillance equipment after Aug. 13, 2019, your company is impacted as well as any of your subcontractors.
According to the interim rule, any contracts awarded on or after Aug. 13, 2019, will be amended to achieve the updated requirements. If needed, contracting officers of the government can modify contracts to extend the period for completion of work to give contractors and their subcontractors the time necessary to meet the new requirements.
Questions Regarding the Interim Rule
There are several areas of concern regarding the new interim rule. For example, it broadly defines which equipment and services are covered. This means the onus is with the contractor(s) and subcontractor(s) to determine whether its supply chain meets the new requirements. This can become problematic as companies often change names, merge, or use affiliated businesses to operate. Ultimately, this could lead to great risk for organizations doing business with the government.
To complicate matters further, the rule goes as far as to include entities that have not yet been identified. It states, "Telecommunications or video surveillance equipment or services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of National Intelligence or the Director of the Federal Bureau of Investigation, reasonably believe to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country.” The rule fails to explain how contractors and subcontractors will know which entities these are in order to achieve compliance. And, as previously mentioned above, business entities can change quickly which means contractors and their subs may end up trying to hit a moving target to achieve compliance.
Another question arises as the “critical technology” or “substantial or essential components” definition is included in the new rule. These definitions are so broad in scope that contractors and subcontractors may have great difficulty in determining what is considered a covered product, component, and service and what is not. Again, this makes ensuring compliance incredibly difficult.
There are also exceptions when it comes to the prohibition of “… a service that connects to the facilities of a third-party…” or “Telecommunications equipment that cannot route or redirect user data traffic…” One can only presume that these exceptions are intended to cover cloud services and other services related to building in a telecommunications backbone for government agencies. Continued due diligence in working hand-in-hand with agencies throughout the contract will be key to compliance for contractors and their subs.
More Things to Consider
As a government contractor, it behooves you to be familiar with the new interim rule and its requirements. When preparing bids and proposals for government contracts, your business leaders will need to consider the costs and risks involved in compliance with all government rules and regulations, not just this new interim rule. In other words, you will really need to know what you’re business is getting into regarding government contracts and regulatory compliance. This includes the procurement of commercial items and COTS items that weren’t given a second thought in the past.
Finally, the interim rule includes any of your subcontractors. Ultimately, your business is responsible for the compliance of your subcontractors when it comes to the acquisition of commercial items and the execution of the contract. Be sure that your company is prepared to monitor your subcontractors for compliance as well.
Sharing Your Thoughts
Anyone interested in the formation of the final rule by FAR should submit comments in writing to the Regulatory Secretariat Division at the following address on or before Oct. 15, 2019, to be considered:
General Services Administration
Regulatory Secretariat Division (MVCB)
1800 F Street NW
Washington, DC 20405
You can also visit Regulations.gov and submit comments via the Federal eRulemaking portal by searching for “FAR Case 2018-017.” Select the link “Comment Now” that corresponds with “FAR Case 2018-017” and follow the instructions provided on the screen. Please include your name, company name (if any), and “FAR Case 2018-017” on your attached document.
Your Supply Chain & Compliance
As with any change in government regulations, your organization should do its due diligence when contracting with government agencies and ensuring compliance. Do your homework and make sure you understand regulations your business is expected to meet before, during, and following the execution of government contracts. While this new interim rule is meant to cover many threats while allowing the inclusion of a wide variety of contractors and subcontractors, its breadth could ultimately lead to issues with your supply chain and ability to meet regulatory requirements.
If you have further questions about this interim rule, please feel free to reach out to Dox at (585) 473-7766 or visit us online.