On July 14, 2020, the Federal Acquisition Regulation (FAR) Council will issue a long-awaited interim rule implementing "Part B" of Section 889(a)(1) of the National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232). Section 889 imposes sweeping limitations on the acquisition or use of "covered telecommunications equipment or services" as a substantial or essential component of any system, or as critical technology as part of any system. "Covered telecommunications equipment or services" include telecommunications or video surveillance equipment and services produced by Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company, or any other company, including affiliates and subsidiaries, owned or controlled by the People's Republic of China.
Section 889 Background
Part A of Section 889, which was implemented last year with an interim rule that established FAR 52.204-24, -25, and -26, prohibits the government from acquiring or obtaining covered telecommunications equipment or services as a substantial or essential component of any system. Part A requires contractors to represent that they will or will not provide covered telecommunications equipment under each contract (FAR 52.204-24; GSAR 552.204-70). If the contractor answers that it will provide such equipment or services, then it must disclose a variety of information about the equipment or services (such as part number, function, and other information to permit the agency to determine if the "substantial or essential component" test or other exception applies). Part A also requires the contractor to make an immediate disclosure if it identifies any covered telecommunications equipment or services during performance (FAR 52.204-25(d)).
Unlike Part A, which applies only to what a contractor provides to the government under a contract, Part B of Section 889 is more far-reaching. Part B prohibits the government from entering into a contract with an "entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system." This means that contractors must not only evaluate and monitor what telecommunications equipment and services they provide to the government, but also what equipment or services that may be used somewhere within the company, even if the use is strictly limited to the company's commercial business.
To comply, the general expectation was that contractors would have to perform exhaustive audits of their IT systems, equipment, and services that would include conducting due diligence on the source of all equipment and services used—a daunting task for all contractors, but especially large contractors with significant commercial activities, employees, and physical locations.
"Reasonable Inquiry" Standard for Part B
While many burdens remain, the most surprising part of the interim rule for Part B is that it provides some needed relief by creating a "reasonable inquiry" standard before a contractor represents whether it does or does not use covered telecommunications equipment or services. This standard relaxes the potential compliance burden considerably. "A reasonable inquiry is an inquiry designed to uncover any information in the entity's possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity. A reasonable inquiry need not include an internal or third-party audit." The rule further clarifies that a "reasonable inquiry is an inquiry designed to uncover any information in the entity's possession—primarily documentation or other records—about the identity of the producer or provider of covered telecommunications equipment or services used by the entity."
Since a reasonable inquiry is based on the information already in the entity's possession, a contractor need not actively contact all suppliers of equipment and services to find out the origin of certain equipment or services that it may use. Rather, it is sufficient to conduct an internal audit to determine what is known about the identity of the producer or provider of covered telecommunications equipment or services before completing the new representation at FAR 52.204-24(d)(2).
While this standard affords important relief, it is important to understand that it applies only to the new Part B representation. In order to make the representation regarding Part A (now at FAR 52.204-24(d)(1)), contractors must still conduct sufficient due diligence to ensure that they will not, in fact, provide covered telecommunications equipment or services to the government under a contract. To make an accurate Part A representation, contractors must still take active steps to validate their supply chains.
Development of a Risk-Based Compliance Plan
Apparently in exchange for not requiring the same level of due diligence as is necessary for Part A compliance, the FAR Council stated in the preamble that it "assumes" that contractors will develop a risk-based compliance plan, even going so far as to outline key attributes of such a plan.
To ensure compliance, the FAR Council expects contractors to develop a compliance plan that includes (1) regulatory familiarization; (2) corporate enterprise tracking; (3) education; (4) cost of removal; (5) representation to the government; and (6) cost to develop a phase-out plan or submission of waiver information.
The rule warns that failure to submit an accurate representation "constitutes a breach of contract that can lead to cancellation, termination, and financial consequences" and therefore "it is important for contractors to develop a compliance plan that will allow them to submit accurate representations to the Government in the course of their offers."
Given this guidance, it would be prudent for contractors to begin developing the recommended compliance plan that tracks closely with the FAR Council's recommendation.
No Subcontractor Flow-Down for Part B
The interim rule helpfully clarifies that the requirements of Part B "will not flow down because the prime contractor is the only 'entity' that the agency 'enters into a contract' with, and an agency does not directly 'enter into a contract' with any subcontractors, at any tier." Thus, only prime government contractors will have to ensure compliance with the prohibited "use" of covered telecommunications equipment under Part B.
This contrasts, however, with the requirements of Part A, which are required to flow down to subcontractors at any tier, because Part A prohibits the government from acquiring or obtaining covered telecommunications equipment or services. Since the prohibition is based on what the government obtains, it is irrelevant whether the government is obtaining a covered equipment or service directly from a prime contractor or from one of its subcontractors.
Possible Expansion to All Corporate Affiliates
One of the open questions prior to the interim rule was whether Part B would apply only to the "entity" that contracts with the government. While the interim Part B rule now confirms this to be the case, the FAR Council explained that it is considering expanding the scope of Part B "to the offeror and any affiliates, parents, and subsidiaries of the offeror that are domestic concerns."
If Part B is expanded in this manner, it would have a significant impact on companies that rely on separate subsidiaries to perform federal business, for example. Under the current rule, only the corporate entity with the contract needs to represent that it does or does not use covered telecommunications equipment or services. This avoids a potentially significant compliance burden for the corporate parent and commercial business. However, if the rule is expanded to include affiliates, parents, and subsidiaries, companies will not be able to shield the commercial side of the business from Part B compliance.
Part B Requirements Incorporated Into Existing FAR Clauses
Rather than creating new FAR clauses to implement the Part B requirements, the FAR Council has incorporated the Part B requirements into the FAR clauses created last year to implement Part A, specifically FAR 52.204-24 and -25.
Defines Some Terms, Leaves Many Open Questions
The interim rule provides some additional definitions of key terms that were lacking when the Part A clauses were first introduced, including definitions for "roaming," "backhaul," and "interconnection agreements." However, the interim rule for Part B continues to leave many terms undefined, including the basic meaning of "use" and the meaning of "any system" in the context of whether covered telecommunications equipment or services are a substantial or essential component of any system.
While the interim rule for Part B does not answer every question, it provides important guidance that should alleviate some of the more daunting compliance burden many expected by requiring only a "reasonable inquiry" before certifying a contractor's use of covered telecommunications equipment or services.
The interim rule is effective August 13, 2020.
Given the broad impact of Part B and the open questions, all contractors should consider submitting public comments on the interim rule, which are due 60 days after the date of publication in the Federal Register.