The FAR Council released an Interim Rule in August implementing part of Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019.  In this briefing, we highlight points where the Interim Rule provides clarity; definitional issues that remain unresolved; and new procedural requirements that government contractors should track.

The Interim Rule covers the portion of Section 889, subsection (a)(1)(A), that prohibits the federal government from acquiring certain telecommunications equipment/services from Huawei, ZTE, and other Chinese companies.  Specifically: “The head of an executive agency may not … procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”

Section (a)(1)(A) took effect on August 13, 2019, although a 60-day window remains open for stakeholders to submit comments to be considered in the development of a final rule.  Comments on the (a)(1)(A) Interim Rule are due by October 15, 2019.

The second part of Section 889 implementation, sections (a)(1)(B) and (b)(1), go into effect on August 13, 2020. Regulations for those sections remain pending within the government, but the definitions and waiver process established by (a)(1)(A) will be instructive for those regulations as well.

Concurrently, all of Section 889 is subject to a legal challenge in U.S. District Court for the Eastern District of Texas.  Huawei has sued to invalidate the entire provision, with the most prominent argument that Section 889 is an unconstitutional Bill of Attainder.  The case is in a relatively early stage, with another round of briefing due on September 10 and a hearing scheduled for September 19, 2019.

I.                Clarifications 

As expected, the rule adopts statutory text to define “covered telecommunications equipment or services,” with no changes.  It does, however, import an expansive definition of “critical technology,” borrowed from the Foreign Investment Risk Review Modernization Act (“FIRRMA”).  The Interim Rule concedes that the definition is overbroad – it includes “select agents and toxins” that are unlikely to apply to telecommunications – but used it in the interest of government-wide consistency as both the changes to the foreign investment review process contained in FIRRMA and Section 889 are being implemented simultaneously.  The law applies – as expected – at all dollar values (i.e., below the Simplified Acquisition Threshold) and to purchases of commercial and commercially available off-the-shelf items.

II.             Open Questions

Substantial or essential component” is defined, but broadly and only at a high level: “any component necessary for the proper function or performance of a piece of equipment, system, or service.”  Each agency will have to determine which components meet that definition for purposes of compliance.  This is an area where seeking additional clarification through the comment period could be important.

Critical infrastructure” is not defined at all, even though the definition of “covered telecommunications equipment” includes equipment produced by Hytera, Hikvision, or Dahua used for “physical security surveillance of critical infrastructure.”  Based on the approach to defining “critical technology,” however, we expect that the government would likely borrow the definition of “critical infrastructure” from FIRRMA: “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems or assets would have a debilitating impact on national security.”

III.           Important New Requirements

The Interim Rule describes two sets of compliance obligations that deserve close attention from current and prospective government contractors.

A.              “Representations”

The Interim Rule imposes a two-step certification process that presents serious new risks for government contractors.

  1. First, in connection with work after August 13, and later as part of the System for Award Management profile, contractors will be required to represent whether they sell material or services that include covered telecommunications equipment or services.
  1. Second, if they respond that they do, then they must make separate, detailed, offer-by-offer disclosures in connection with bids for contracts and for task/delivery orders.

This system of certifications meaningfully expands the scope of risk associated with due diligence in acquisitions, and broadens potential exposure to the False Claims Act and other anti-fraud statutes.

The representations could also have a potential upside in terms of justifying an exclusion or waiver.  The preamble explains that the information provided in the “representation will assist the Government in appropriately assessing the presence of any covered telecommunications equipment or services that may be present … to determine if the items in question will be used as a substantial or essential component, or to determine if a waiver request may be appropriate.”  The head of an executive agency may, on a one-time basis, waive the requirements for section (a)(1)(A) for up to two years if the entity seeking the waiver provides a “compelling justification” for the additional time needed for the entity to implement the requirements under the law.

Entities that seek a waiver will also be required to submit to the head of the executive agency for which they are intending to contract with a “full and complete laydown” of the presences of covered equipment or services in the supply chain and a “phase-out” plan to eliminate those elements from the supply chain.  The process for submitting a waiver will be determined by each agency.

B.              Reporting Requirements 

The Interim Rule creates a severe reporting regime with aggressive deadlines:  “In the event the Contractor identifies covered telecommunications equipment or services used as a substantial or essential component of any system, or as critical technology as part of any system, during contract performance, or the Contractor is notified of such by a subcontractor at any tier or by any other source, the Contractor shall report the information … to the Contracting Officer … [and] in the case of the Department of Defense, the Contractor shall report to the [DIBNET].”

An initial report is due within one business day, with a follow-up report due in 10 business days.  The contractor must report any covered equipment/systems/services discovered during contract performance in a fairly high level of detail, and must flow this requirement down to subcontractors.

The “notified” prong of this reporting requirement is broad, and is not qualified by thresholds like “credible” information.  Because it captures notification by “any other source,” it is conceivable that the government could impose a constructive notice requirement on contractors, or could take the position that open-source news reporting triggers the reporting requirements.

IV.           Applicability Dates 

The prohibitions take effect on August 13, 2019, and apply to new solicitations issued on/after that date and any resulting contracts, as well as to contracts that are awarded on/after August 13, 2019, even if the solicitations preceded that date.  The Interim Rule requires contracting officers to include the corresponding FAR clause in any future orders under an indefinite delivery (“ID/IQ”) contract, and in any extension of existing contracts or task/delivery orders (including an option).

Contracting officers must also include the representations provision in all solicitations or notices of intent under an existing ID/IQ contract, whenever performance will occur on/after August 13, 2019.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Susan B. Cassidy Susan B. Cassidy

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors…

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors on compliance with FAR and DFARS requirements, with a special expertise in supply chain, cybersecurity and FedRAMP requirements. She has an active investigations practice and advises contractors when faced with cyber incidents involving government information, as well as representing contractors facing allegations of cyber fraud under the False Claims Act. Susan relies on her expertise and experience with the Defense Department and the Intelligence Community to help her clients navigate the complex regulatory intersection of cybersecurity, national security, and government contracts. She is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. In 2023, Chambers USA quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Her clients range from new entrants into the federal procurement market to well established defense contractors and she provides compliance advices across a broad spectrum of procurement issues. Susan consistently remains at the forefront of legislative and regulatory changes in the procurement area, and in 2018, the National Law Review selected her as a “Go-to Thought Leader” on the topic of Cybersecurity for Government Contractors.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

  • Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 7012, and NIST SP 800-171 requirements,
  • Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 and limitations on sourcing from China
  • Federal Acquisition Security Council (FASC) regulations and product exclusions,
  • Controlled unclassified information (CUI) obligations, and
  • M&A government cybersecurity due diligence.

Susan has an active internal investigations practice that assists clients when allegations of non-compliance arise with procurement requirements, such as in the following areas:

  • Procurement fraud and FAR mandatory disclosure requirements,
  • Cyber incidents and data spills involving sensitive government information,
  • Allegations of violations of national security requirements, and
  • Compliance with MIL-SPEC requirements, the Qualified Products List, and other sourcing obligations.

In addition to her counseling and investigatory practice, Susan has considerable litigation experience and has represented clients in bid protests, prime-subcontractor disputes, Administrative Procedure Act cases, and product liability litigation before federal courts, state courts, and administrative agencies.

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Prior to joining Covington, Susan served as in-house senior counsel at Northrop Grumman Corporation and Motorola Incorporated.