Compliance Burdens Grow With Rule Barring Government Contractors’ Use of Telecommunications Equipment or Services From Certain Chinese Companies
The U.S. government has issued a long-awaited rule implementing legislation to prevent federal agencies from contracting with entities that use telecommunications equipment or services produced or provided by Huawei Technologies Company, ZTE Corporation, and certain other Chinese companies, a major step that will impose a significant new compliance burden on government contractors.
Under the pre-publication version of the interim rule amending the Federal Acquisition Regulation (FAR), which was released on July 10, 2020, as of August 13, 2020, solicitations will require offerors on future contracts to represent that, based on a "reasonable inquiry," they do not use telecommunications equipment or services produced by Huawei, ZTE, and certain other Chinese companies as a substantial or essential component of any system or as any critical technology.
In this update, we examine the interim rule, which implements section 889(a)(1)(B) of the 2019 National Defense Authorization Act (NDAA), and outline some of the steps that companies should consider taking as part of a compliance program. Building on a rule issued in August 2019 that prohibits agencies from acquiring telecommunications equipment or services from prohibited Chinese companies under section 889(a)(1)(A), the new rule raises numerous compliance questions, many of which remain unanswered based on the interim rule.
National Security Concerns and Scope
Section 889(a)(1)(B) is ostensibly grounded in national security concerns, focusing on foreign-owned or -controlled telecommunications equipment or services that, according to the rule, can be vulnerable to cyber threats and espionage. The interim rule cites a risk that government contractors using fifth generation wireless communications (5G) and other telecommunications equipment covered by the rule "could introduce a reliance on equipment that may be controlled by the Chinese intelligence services and military . . . ."
Under FAR 52.204-25, absent a waiver, agencies will be prohibited "from entering into" any contract (or extending or renewing an existing contract) with an entity that "uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system." Waivers and exceptions to the rule are available in narrow circumstances.
The provision at FAR 52.204-24 and the clause at FAR 52.204-25 will be included in all solicitations and contracts, respectively, issued or awarded on or after August 13, 2020. The clause will also be used in all future orders under indefinite delivery contracts and during options or extended performance periods.
The prohibition will apply to all prime FAR-based contracts, including micro-purchase contracts and contracts for commercial items, and across all industries. It also will apply to contracts and orders for commercially available off-the-shelf (COTS) items. The rule states that an offeror's failure to submit an accurate representation under FAR 52.204-25 constitutes a breach of contract that can lead to termination and financial consequences.
Importantly, the new rule applies "regardless of whether" the use of the equipment or services is "in performance of work under a Federal contract" (emphasis added). In other words, contractors will have to comply with the rule in their commercial (non-federal government) business sectors, and their "reasonable inquiry" will extend beyond their federal business.
Interested parties may submit written comments on the interim rule for 60 days after its publication. After comments are considered, a final rule will be issued—but the interim final rule becomes effective on August 13, 2020, regardless of any comments received or revisions considered by the government.
The interim rule estimates that the clause will impose $11 billion in compliance costs on industry in the first year and $2.2 billion per year in subsequent years.
The rule raises several questions, some of which are not answered.
1. What Equipment or Services Are "Covered"?
An initial question is what equipment or services are "covered" under the rule. The statute applies to "covered telecommunications equipment," which includes the following:
- Any telecommunications equipment or services produced or provided by Huawei, ZTE, or their subsidiaries or affiliates
- Video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, Dahua Technology Company, or their subsidiaries or affiliates, if such equipment is used for public safety or national security purposes
- Video surveillance or telecommunications services provided by such entities for any purpose
- Telecommunications or video surveillance equipment or services produced or provided by an entity owned or controlled by, or otherwise connected to, the government of the People's Republic of China
But neither the statute nor the interim rule defines "telecommunications equipment" or "video surveillance equipment," creating at least some level of uncertainty. For now, contractors should interpret "telecommunications equipment" broadly to include not only public switching equipment and transmission equipment, but also the communications equipment companies keep on their own premises, like private switches, cables, local area networks, modems, mobile phones, wireless devices, landline telephones, laptops, desktop computers, answering machines, teleprinters, fax machines, and routers.
"Video surveillance equipment" presumably includes, at minimum, video equipment and monitoring devices.
2. What Constitutes Prohibited "Use"?
Another significant question is what it means for a company to "use" prohibited equipment or services under the rule. The term "use" is not defined, but the prohibition applies to the use of equipment or services as "a substantial or essential component or as critical technology as part of any system."
FAR 52.204-25 defines "substantial or essential component" as "any component necessary for the proper function or performance of a piece of equipment, system, or service." And "critical technology" means, among other things, defense articles or defense services on the United States Munitions List, items on the Commerce Control List, and certain nuclear equipment.
One might reasonably interpret this language to mean that companies are prohibited from using covered equipment or services only to the extent that the company relies on them to operate a particular system or to deliver a service, or if the covered equipment or service meets the precise and relatively narrow definition of critical technology. But the minimal guidance in the interim rule makes it difficult for companies to determine exactly where to draw lines. For example, is a single mobile phone carried by a contractor employee a "substantial or essential component" of the contractor's overall telecommunications system? If not, does that suggest that the contractor has applied an unreasonably narrow interpretation of the rule such that any and all individual items of equipment could be considered unsubstantial or inessential, even if their components might be "substantial or essential" to the operation of the device?
3. Does the Prohibition Apply to Subcontractors? What About Affiliates of Prime Contractors?
Currently, the rule applies only to "offerors" and is not a mandatory flow down to subcontractors (unlike the prohibition in subsection A of section 889(a)). FAR 52.204-25 prohibits the government from "entering into a contract" with an entity that uses banned equipment or services, i.e., the prime contractor. The prohibition also does not apply to an offeror's corporate family, and thus companies' affiliates are not required to apply the rule merely because they are affiliates.
The interim rule notes, however, that in the final rule, the FAR Council is considering expanding the rule's scope beyond offerors to include any affiliates, parents, and subsidiaries that are domestic concerns (and to require that the offeror certify compliance on behalf of itself and those affiliates, parents, and subsidiaries). So, companies should plan accordingly and consider submitting comments on the interim rule before the deadline.
Note, however, that contractors' ability to comply and certify compliance to the government may depend in significant part on representations it obtains from suppliers and subcontractors. Thus, it will be important for contractors to review and consider changes to their sourcing processes, regardless of whether the flow down of FAR 52.204-25 is mandatory.
4. What Level of Diligence Is Required?
A critical question is what level of diligence is required for a company to be able to represent in good faith that it is not using any covered telecommunications equipment or services.
The interim rule requires that offerors bidding on government contracts conduct a "reasonable inquiry" into whether covered equipment or services are used by the offeror. A "reasonable inquiry" is an inquiry designed to uncover information in the entity's possession "about the identity of the producer or provider of covered telecommunications equipment or services used by the entity" but it does not include "an internal or third-party audit."
For now, entities must submit the required representation with each offer, but ultimately the representation will need to be made in the System for Award Management (SAM).
Compliance Recommendations for Contractors
The interim rule imposes significant compliance obligations on contractors but leaves unaddressed many questions of interpretation and implementation. At minimum, companies should take the following steps:
- Review the interim rule closely and develop an understanding of the key definitions.
- Conduct the required "reasonable inquiry" into the telecommunications equipment and services the company already uses. To do so, consider starting by creating a list, if one doesn't already exist, of all the telecommunications and video surveillance equipment and services the company currently uses, including laptops and phones. Further, work with knowledgeable IT professionals to identify, to the extent possible, the manufacturer and place of manufacture for each item of telecommunications and video surveillance equipment.
- Determining what is a substantial or essential "component of a system" may be difficult. Simply confirming where equipment was assembled is likely insufficient, so we recommend considering any repairs or replacements that may have been made and whether such repairs or replacements could have resulted in the incorporation of banned equipment.
- Examine and change, if necessary, the company's sourcing processes and documentation to ensure that the company acquires no banned equipment or services in the future. Note that although companies do not need to flow down the prohibition to subcontractors under the terms of FAR 52.204-25, the interim rule says that contractors should "examine relationships" with vendors or suppliers whose telecommunications equipment or services the company is using.
The final rule could be revised based on public comments, and the FAR Council is seeking comment on the potential impact of the rule on industry. Companies concerned about the rule may want to consider submitting comments outlining their views.
Our team will continue to track Section 889-related developments; subscribe here for future updates.
© 2020 Perkins Coie LLP