A July 2022 report relayed the news that the U.S. Department of Commerce (Commerce) is investigating the installation of Huawei equipment into cell towers situated near U.S. military bases and missile silos, based on concerns the equipment could hoover up sensitive data and transmit it to China.
The report indicates that Commerce is carrying out the investigation pursuant to its rules implementing Executive Order (EO) 13873 on “Securing the Information and Communications Technology and Services Supply Chain” (the ICTS Rules).
What are the ICTS Rules, and how will they be enforced? The ICTS Rules empower Commerce to review — and as warranted, to mitigate, block, or unwind — dealings in information and communications technology and services (ICTS) that have a nexus with a designated “foreign adversary,” including China and Russia.
In February 2021, the Department of Defense (“DoD”) promulgated 32 C.F.R. Part 117. This move converted the National Industrial Security Program Operating Manual (“NISPOM”)—the rules that govern personnel and facility security clearances—from DoD policy into federal law. The move originally garnered little attention because the new regulations include virtually all requirements that were in the prior NISPOM. DoD, however, embedded new requirements with potentially significant implications for cleared contractors and their senior management officials (“SMO”). And the Defense Counterintelligence and Security Agency (“DCSA”) is now signaling that it will hold SMOs accountable if they fail to meet these requirements.
A cleared contractor’s SMO is the person “with ultimate authority over the facility’s operations and the authority to direct actions necessary for the safeguarding of classified information in the facility.” § 117.3(b). Typically, the SMO is the individual who holds the top position at a company, such as a chief executive officer or majority owner. Prior to the promulgation of Part 117, the SMO had discretion to delegate responsibility over the contractor’s industrial security program to another employee. Section 117.7(b)(2) of the new NISPOM regulations has put an end to that practice.
About two months have passed since the August 13, 2020, effective date of Part B of Section 889 of the FY 2019 National Defense Authorization Act. Part B, sometimes referred to as the Chinese telecommunications equipment ban, broadly prohibits the federal government from contracting with entities that use certain Chinese telecommunications (including video surveillance) equipment and services.
After the FAR Council published its July 10, 2020, Interim Rule, contractors, large and small, spent countless hours working to be able to certify compliance by August 13. This deadline was critical because the Interim Rule said that absent such a certification, a contractor was ineligible for future contract awards. That is, government agencies were prohibited from renewing or extending existing contracts with contractors unable to certify Part B compliance. Indeed, agencies were prohibited from issuing an order under an existing contract to a contractor that failed to certify compliance.
On July 10, the government issued the long-awaited Interim Rule implementing Part B of Section 889 (here is a link to the pre-publication version, with the official version soon to follow). Part B prohibits the federal government from contracting with entities that use certain Chinese telecommunications equipment (previously discussed in our blog posts here and here). The Interim Rule is 86 pages and addresses issues related to compliance with Part B, as well as clarifying aspects of Part A.
These are the key points federal contractors need to know:
Effective Date: The effective date remains August 13, 2020. The ban applies to solicitations, options, and modifications on or after August 13. However, as we previously discussed, the Department of Defense may allow its contractors more time to comply, despite the statutory deadline.
Required Representation: An offeror must represent that, after conducting a reasonable inquiry, it does/does not use covered telecommunications equipment/services.
“Reasonable inquiry” means an inquiry designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity. An internal or third-party audit is not required.
Scope of “Use”: Applies to the contractor’s use of covered technology, regardless of whether it is used to perform a federal contract. Thus, a contractor’s commercial operations are included.
Affiliates/Subsidiaries: The required representation is not applicable to affiliates or subsidiaries at this time. The FAR Council is considering whether to expand the scope of the representation/prohibition to cover an offeror’s domestic affiliates, parents, and subsidiaries. If expanded, it would be effective August 13, 2021.
Subcontractors: The ban and required representation are not applicable to subcontractors at this time. The ban only applies at the prime contractor level and does not include a flow down obligation.
Detailed Waiver Process: The Interim Rule includes a detailed and complex process for seeking a waiver (really a two-year delayed application).
Suggested Compliance Steps: The Interim Rule suggests contractors adopt a “robust, risk-based compliance approach” to include educating personnel on the ban and implementing corporate enterprise tracking to identify covered equipment/services.
Regulators are still seeking feedback from industry, which suggests the government’s willingness to incorporate changes in a final rule. But prime contractors need to act now. In the next 30 days, prime contractors need to determine through a “reasonable inquiry” whether they use covered equipment, regardless of whether that use relates to performance of a federal contract. To demonstrate a reasonable inquiry, contractors should memorialize all steps taken and decisions made in performing the inquiry.
A more detailed analysis is forthcoming. In the meantime, if you have any questions regarding compliance, please contact one of Blank Rome’s Government Contracts practice group attorneys for guidance.