We previously discussed key elements of the newly released interim rule (“the interim rule” or “the rule”) implementing Part B of Section 889 (“Part B”), which prohibits the federal government from contracting with entities that use certain Chinese telecommunications equipment. This post provides a more detailed analysis of the scope and application of the rule, as well as five compliance recommendations given the impending August 13th deadline.
Rule Applies to All Contracts Effective August 13, 2020
Part B applies to all solicitations, options, and modifications on or after August 13th, including contracts for commercial items, commercially available off-the-shelf (COTS) items, and contracts at or below both the micro-purchase and simplified acquisition thresholds. Like it did with respect to Part A, GSA intends to issue a Mass Modification requiring contractors to certify compliance with Part B. GSA has also released Q&As and FAQs to assist contractors with Part B implementation. The interim rule acknowledges that Part B will have a broad impact across contractors in a range of industries, including healthcare, education, automotive, aviation, and aerospace. The rule, however, does not apply to federal grant recipients (which are subject to a separate rulemaking).
Despite industry requests to extend the implementation date, the statutory August 13th deadline remains in place. The provision at FAR 52.204-24 and the clause at FAR 52.204-25 will be incorporated into all solicitations and contracts. The Defense Department (“DoD”) recently issued a memorandum with instructions on Part B implementation, including the process for incorporating Part B into existing contracts. Before modifying contracts to extend the period of performance, DoD advises that contracting officers “should” provide contractors sufficient notice and adequate time to comply with Part B. DoD will also require contractors to submit Part B representations prior to issuing a call or order under blanket purchase agreements and basic ordering agreements.
Extends to Prime Contractors Only and Excludes Affiliates/Subsidiaries (for now)
Part B prohibits the federal government from contracting with “an entity” that uses covered technology or services. The interim rule provides helpful clarifications limiting the scope of the ban by defining the “entity” as the prime contractor and stating that, unlike Part A, Part B will not flow down to subcontractors and suppliers. Additionally, the ban will not apply to the prime contractor’s affiliates and subsidiaries, although the FAR Council is considering extending the ban to domestic subsidiaries and affiliates effective August 13, 2021. This would substantially expand the scope and compliance burden associated with Part B.
Part B Bans Any Use of Covered Technology, Including Commercial Uses
Although industry advocated for an interpretation of “use” that would require a nexus to a federal government contract, the interim rule takes a significantly broader view by applying Part B to the contractor’s use of covered technology, regardless of whether it is used to perform a federal contract. Thus, the ban will apply to a contractor’s commercial operations and require prime contractors to evaluate relationships with their commercial vendors. The term “use,” however, is not defined, nor does the interim rule address whether Part B applies to the home office technology employees use while working remotely. Given the COVID-19 pandemic and significant shift to telework, telework technology may ultimately be covered.
Level of Diligence Required for Representation – “Reasonable Inquiry”
Under FAR 52.204-24, an offeror will be required to represent that, after conducting a “reasonable inquiry,” it does/does not use covered equipment/services. The government is working on updates to the System for Award Management (“SAM”) to allow offerors to make this representation annually.
FAR 52.204-25 defines a “reasonable inquiry” as an “inquiry designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity that excludes the need to include an internal or third-party audit.” (emphasis added). This means that contractors will not be expected to conduct a full audit of their systems, but rather should review information in their possession, which the rule notes will be found “primarily” in documentation or other records. However, “information” could also include publicly available information found through internet searches or public databases, so contractors should still plan on performing some due diligence research on their vendors. The rule also notes that a “reasonable inquiry” should include “examining relationships with any subcontractor or supplier,” suggesting that prime contractors may need to contact certain vendors for further information on the products/services provided. This outreach may be necessary for products that may have been rebranded or that contain covered components, making it difficult to identify whether they fall within the ban.
The rulemakers acknowledge that the industry cost of compliance with the FAR clause will be high, estimating $11 billion in the first year and $2.2 billion in subsequent years.
Complex Waiver Process (Two-Year Delayed Implementation)
The interim rule provides a detailed and complex process for seeking a waiver, which in reality entitles contractors to only a two-year delayed implementation. The head of an agency may grant a one-time waiver expiring no later than August 13, 2022. A representation that an offeror uses covered equipment/services will automatically be treated as a request for a waiver. The contracting officer will require the offeror to provide (1) a compelling justification for the additional time needed for implementation, (2) a “full and complete laydown of the presences” of covered equipment/services in the entity’s supply chain, and (3) a phase-out plan to eliminate the covered equipment/services from the offeror’s systems. An offeror seeking a waiver may also submit this information with its offer.
The rulemakers estimate that a waiver will take “at least a few weeks to obtain,” which is likely optimistic given the many steps involved. Agencies must perform market research prior to initiating the waiver process and then consult with the Office of the Director of National Intelligence (“ODNI”) 15 days before granting the waiver (except for emergencies) and provide 30 days’ advance notice to the appropriate Congressional committees.
There are also downsides to requesting a waiver. If mission needs do not allow time to obtain a waiver, agencies may proceed with awarding to another offeror that does not require a waiver. Further, because the FAR Council rejected the alternative of a uniform, government-wide agency process, waivers will not enjoy reciprocity among agencies. Even if a contractor obtains a waiver from one agency, the contractor will be required to request another waiver for that same product/service if submitting an offer for a different agency procurement.
The Director of National Intelligence may also grant a waiver if the Director determines a waiver is in the national security interest of the United States. Unlike agency waivers, this waiver does not expire.
“Backhaul” Exception Eliminated for Contractors
Section 889 contains two exceptions, one of which applies to the procurement of services connecting to the facilities of a third-party such as backhaul, roaming or interconnection arrangements. The rule states that this exception applies only to a government agency that is contracting with an entity to provide a service. The rule therefore eliminates the use of this exception for contractors, leaving contractors to rely on the second exception for equipment that cannot route or redirect user data traffic or permit visibility into user data packets. Although the interim rule provides definitions for the backhaul exception, it does not define any terms for this second exception.
Suggested Actions for Developing a “Robust-Risk Based Compliance Approach”
The interim rule encourages contractors to adopt a “robust-risk based compliance approach,” to include regulatory familiarization, corporate enterprise tracking, education, and the replacement of covered equipment/services. Developing and implementing a compliance program to demonstrate a “reasonable inquiry” will be critical. Given the August 13th deadline and the rule’s adoption of a risk-based framework, we suggest the below actions be incorporated into compliance plans:
- Educate Key Stakeholders on Part B Compliance: This includes purchasing/procurement, materials management professionals, and program managers.
- Inventory Technology: Identify telecommunications technologies and classify from high to low risk in accordance with the rule’s suggestion of a risk-based compliance approach.
- Review Supplier Information: Review supplier data identifying the product’s manufacturer/vendor (purchase orders, invoices, etc.), as well as information on product components (e.g., specification sheets).
- Implement a Risk-Based Approach: Focus compliance efforts on higher-risk systems (e.g., laptops, phones, routers, etc.) given the impending compliance deadline.
- Consider Vendor Outreach: Certain higher-risk technologies may merit outreach to vendors to request additional information on the products/services provided.
Rulemakers have sought industry feedback on the rule’s impact and cost, indicating rulemakers may be receptive to incorporating changes into a final rule. Interested parties have 60 days to submit comments (September 14, 2020).