Supply-Chain Rules from Section 889(a)(1)(A) of the NDAA for 2019 (Implemented by FAR Subpart 4.21)
There have been several recent developments in U.S. law, relating to non-tariff restrictions on foreign-origin information technology and telecommunications equipment, with a focus on Chinese-origin products. This is the second installment of a three-part series on this topic.
Section 889 of the National Defense Authorization act for 2019 (the “NDAA”) placed new restrictions on all U.S. Government procurements of certain telecommunication equipment, systems, and services (“Systems”). Effective August 13, 2019, the U.S. Department of Defense (“DoD”), General Services Administration (“GSA”), and National Aeronautics and Space Administration (“NASA” and, collectively with DoD and GSA, the “Agencies”) issued an interim rule that implements NDAA Section 889(a)(1)(A) (the “Interim Rule”), by adding Subpart 4.21 to the Federal Acquisition Regulation (the “FAR”) and creating FAR Clauses 52.204-24 and 52.204-25.
While the Interim Rule is in effect, contractors are invited to submit public comments on or before October 15, 2019.
What These Rules Apply to:
The Interim Rule and the FAR Clauses apply to all U.S. Government contracts, including all contracts at or below the simplified acquisition threshold, for the acquisition of commercial items, and for the acquisition of commercial-off-the-shelf items.
At a high level, the Interim Rule prohibits contractors from providing any equipment, system, or service that uses “covered telecommunications equipment or services” as a “substantial or essential component” of any system, or as “critical technology” as part of any system, unless an exception or a waiver applies. As discussed below, this essentially places restrictions on a contractor’s use/inclusion of the products of Chinese telecom giants, Huawei and ZTE, as well as other named Chinese entities.
Mechanics and Key Definitions:
- Step 1
The Interim Rule only impacts Systems that include “covered telecommunications equipment or services.” “Covered telecommunications equipment or services” is defined to mean:
(1) Telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities);
(2) For the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities);
(3) Telecommunications or video surveillance services provided by such entities or using such equipment; or
(4) Telecommunications or video surveillance equipment or services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of National Intelligence or the Director of the Federal Bureau of Investigation, reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country.
Note that paragraph (2) equipment is prohibited only when used for a “national security purpose.” No additional clarification is provided for what constitutes a “national security purpose.”
Also note that paragraph (4) references “the government of a covered foreign country.” In this regard, “covered foreign country” is defined to mean “The People’s Republic of China.” Thus, paragraph (4) provides broad discretion for the Secretary of Defense to designate additional entities that are “connected” in some way to the Chinese government. Presumably, however, if the Secretary of Defense were to designate additional entities under paragraph (4), it would publish the name of each entity and the scope of products in a separate notice. In any case, the rule only impacts Systems that include equipment or services, provided by particular entities. So, if the subject System does not include any of these equipment or services, the prohibition does not apply.
- Step 2
Assuming “covered telecommunications equipment or services” are included in the System, then the contractor must determine whether the System uses the “covered telecommunications equipment or services” as either (1) a “substantial or essential component,” or (2) as “critical technology.”
“Substantial or essential component” means “any component necessary for the proper function or performance of a piece of equipment, system, or service.” No additional clarification is provided on the meaning of this term. However, with respect to hardware Systems, it appears most/all components of such Systems would be “substantial or essential components.” For software Systems, perhaps there is more flexibility to determine that a specific element is not “necessary for the proper function or performance of” the System.
“Critical technology” has the same meaning as included in the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”). More specifically, it means:
(1) Defense articles or defense services included on the United States Munitions List set forth in the International Traffic in Arms Regulations under subchapter M of chapter I of title 22, Code of Federal Regulations;
(2) Items included on the Commerce Control List set forth in Supplement No. 1 to part 774 of the Export Administration Regulations under subchapter C of chapter VII of title 15, Code of Federal Regulations, and controlled—
(i) Pursuant to multilateral regimes, including for reasons relating to national security, chemical and biological weapons proliferation, nuclear nonproliferation, or missile technology; or
(ii) For reasons relating to regional stability or surreptitious listening;
(3) Specially designed and prepared nuclear equipment, parts and components, materials, software, and technology covered by part 810 of title 10, Code of Federal Regulations (relating to assistance to foreign atomic energy activities);
(4) Nuclear facilities, equipment, and material covered by part 110 of title 10, Code of Federal Regulations (relating to export and import of nuclear equipment and material);
(5) Select agents and toxins covered by part 331 of title 7, Code of Federal Regulations, part 121 of title 9 of such Code, or part 73 of title 42 of such Code; or
(6) Emerging and foundational technologies controlled pursuant to section 1758 of the Export Control Reform Act of 2018 (50 U.S.C. 4817).
In the Interim Rule, the Agencies acknowledged that FIRRMA’s definition extends beyond the scope of telecommunications—e.g., it includes certain “agents and toxins.” However, the Agencies explained in the Interim Rule that this over-breadth will not cause undue burden on contractors, because the rules still apply only to Systems that include “covered telecommunications equipment or services.”
Paragraph (1) includes all items subject to the ITAR. Paragraph (2) includes most items included on the EAR’s Commerce Control List (the “CCL”). Note, however, that paragraph (2) does not include EAR-controlled items classified as EAR99 or CCL-listed items that are controlled only for anti-terrorism reasons. For example, items controlled by the CCL under ECCN 5A991 (which controls many telecom items) would not qualify as “critical technology” because ECCN 5A991 is controlled only for anti-terrorism reasons. In any case, suffice it to say that contractors will need to determine the U.S. export classification of any “covered telecommunications equipment or services” that the contractor will include in a System, in order to determine whether those items are “critical technology” and, thus, subject to the prohibition.
Note that paragraph (6) includes “emerging and foundational technologies,” which are being defined through separate rulemakings.
- Step 3
If the System will use “covered telecommunications equipment or services” as either a “substantial or essential component” or as “critical technology,” then contractors should consider the exclusions provided in FAR Clause 52.204-25, paragraph (c), which says:
“This clause does not prohibit contractors from providing—
(1) A service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements; or
(2) Telecommunications equipment that cannot route or redirect user data traffic or permit visibility into any user data or packets that such equipment transmits or otherwise handles.”
No additional clarification is provided on the scope of these exclusions. For example, it is unclear whether the exclusion at paragraph (2) would apply if the subject telecommunications equipment “routes” user data traffic as part of its normal function, even if the equipment does not “redirect” or “permit visibility” into user data traffic.
- Step 4
Fourth, if the subject System does not qualify for either of the exclusions, then a formal waiver would have to be obtained. The head of the agency can grant a waiver, though there is a Congressional reporting requirement. In addition, the Director of National Intelligence can grant a waiver.
Ultimately, if the subject System uses “covered telecommunications equipment or services” as a “substantial or essential component” of any system, or as “critical technology” as part of any system, and if no exception applies and no waiver is obtained, then the agency is prohibited from procuring the System.
FAR Clause 52.204-25 is the basic clause and includes all the key definitions. It prohibits agencies from procuring Systems that that use “covered telecommunications equipment or services” as a “substantial or essential component” of any system, or as “critical technology” as part of any system, unless an exception or a waiver applies. It also prohibits the contractor from providing any such Systems, unless an exception or a waiver applies.
FAR Clause 52.204-24 contains a representation by the contractor of whether any “covered telecommunications equipment or services” will be provided under the contract (i.e., the Step 1 determination discussed above), regardless of the resolution of Steps 2 through 4 above. If any “covered telecommunications equipment or services” will be provided, then the contractor must disclose it to the procuring agency, and provide details, including an “explanation of the proposed use of covered telecommunications equipment and services and any factors relevant to determining if such use would be permissible under the prohibition . . . .”
Thus, as a practical matter, the contractor is responsible for determining whether any “covered telecommunications equipment or services” will be provided under the contract. If any “covered telecommunications equipment or services” will be provided, then the contractor must disclose it to the agency, and it is the agency’s responsibility to resolve the issues discussed above for Steps 2 through 4. Obviously, if the contractor believes the System should not be subject to the prohibition for any of the reasons discussed in Steps 2 though 4, the contractor will want to include its reasons/arguments in its reporting to the agency under FAR Clause 52.204-24.
Finally, FAR Clause 52.204-25 is a mandatory flow-down for all subcontractors. FAR Clause 52.204-24 is not a not mandatory flow-down. However, given the contractor’s duty to identify all “covered telecommunications equipment or services” to be provided, prime contractors should flow down this clause as well.