The FAR Council published an interim rule effective June 2, 2023, that bans TikTok on contractor and contractor employee electronic devices that are used in the performance of federal contracts.
How Did This Come About?
Congress passed the No TikTok on Government Devices Act under the Consolidated Appropriations Act of 2023. As a result, the Office of Management and Budget (OMB) issued guidance in the Memorandum M-23-13 dated February 27, 2023, and DoD issued an interim rule amending the FAR by including FAR 52.204-27 Prohibition on ByteDance Covered Application.
Public comments to the interim rule are currently under review, and the final rule is being drafted with the report due to the Defense Acquisition Regulations (DAR) Council by October 11, 2023.
What Does the Ban Cover?
FAR 52.204-27 prohibits the contractor from having or using TikTok or any successor application or service developed or provided by ByteDance Limited or an entity owned by ByteDance Limited, on information technology used in the performance of a government contract. The ban applies whether the technology is owned by the Government, contractor, or the contractor employees. The regulation is applicable to contracts above and below the micro-purchase, contracts for commercial products and services, and Commercially available off-the-shelf (COTS) items. Yes – even COTS items. It doesn’t cover devices that are “incidental to a Federal contract”; however, the FAR doesn’t define “incidental.”
What Does Information Technology Include?
Information technology includes any equipment owned or managed by the Government or any information technology used or provided by the Contractor under the contract. This includes equipment provided by the Contractor’s employees, such as part of an employer's “bring your own device” (BYOD) program. Yes, when used to access email and other contract files, your personal cell phones are banned from having the TikTok app.
There aren’t many exceptions either. Exceptions are limited to National Security Interests, law enforcement activities, and security research activities in accordance with OMB Memorandum M-23-13 and must be granted by an agency head.
What is the Effective Date of the Ban?
Contracting officers will include the clause in:
- Solicitations issued on or after June 2, 2023;
- Solicitations issued before the effective date, but the contract award is made on or after June 2, 2023;
- Contracts that are modified to extend the period of performance or when options are exercised.
And don’t think you got off scot-free. If you have an indefinite delivery indefinite quantity (IDIQ) contract, Contracting Officers will be modifying those contracts to include the FAR clause 52.204-27, by July 3, 2023, to apply to future orders.
Contractors are required to flow down the clause to subcontracts.
Is There a Risk of Noncompliance?
The use of TikTok software on a company’s information technology system or employee’s personal devices could result in a cyber incident or foreign access to Government contract information. Since cyber incidents have to be reported to the Government and investigated, a company does not want to be at risk of noncompliance for not removing TikTok from its information systems or employee personal devices.
Takeaways
We recommend contractors update their policies and procedures to prohibit the use of TikTok on contractor information systems or employee-owned devices used to perform on Government contracts. This could include updating the employee handbook or having employees attest to removal from contractor or personal devices used on Government contracts.
Contractors should evaluate their Information technology and company-issued phones and uninstall TikTok from these devices when used in the performance of Government contracts. Most companies have systems in place to block access to unwanted sites or prevent the download of certain applications and should ensure TikTok is included. Companies should have employees that use personal devices (home computers, personal cell phones) for contract work uninstall TikTok from these devices. Companies do not want to end up with a cyber incident as a result of having the TikTok software on their devices.
The clause is required to be flowed down to subcontracts, so contractors should consider adding this requirement to their representations and certifications. Contractors should also develop a plan for modifying existing subcontracts and long-term master agreements.
Redstone GCI is happy to assist contractors in evaluating their purchasing process to ensure compliance and identify areas for improvement and change. We often review purchasing policies and practices to ensure compliance with DFARS requirements, perform “mock audits” to assess whether purchasing files comply with policies, procedures, and regulations, and provide CPSR-related training to contractor purchasing/buying departments.
Lynne is a Director with Redstone Government Consulting, Inc. providing government contract consulting services to our clients primarily related to Commercial Item Determinations and support, Cost Accounting Standards, DFARS Business System Audits, Proposals, and Incurred Cost. Prior to joining Redstone Government Consulting, Lynne served in several capacities with DCAA and DCMA for over 35 years. Professional Experience Lynne began her career working with DCAA in the Honeywell Resident Office, Clearwater, FL in 1984. Lynne’s experience included various positions which involved conducting or reviewing forward proposals or rate audits, financial capability audits, progress payments, accounting and estimating systems, cost accounting standards, claims and disclosure statement reviews. She is an expert in FAR, DFARS, CAS and testified as an expert witness. Lynne assisted in drafting the commercial item guidance for DCAA Headquarters. Lynne was assigned as a Regional Technical Specialist where she provided guidance to 20 field offices on highly complex or technical issues relative to forward pricing, financial capability or progress payment issues. As an Assistant for Quality, she was involved in reviewing and ensuring audit reports were in compliance with policy and GAGAS as well as made NASBA certified presentations to the staff including but not limited to billing reviews, CAS, unallowable cost and progress payments. To enhance her experience in government contracting, Lynne accepted a position with DCMA in 2015 as part of the newly organized DCMA Cadre of Experts in the Commercial Item Group. This included performing reviews of prime contractor’s assertions and/or commercial item determinations as well as performing price analyses. Lynne was a project lead and later became a lead analyst where she engaged with the buying commands on requests and reviewed price analysis reviews performed by a team of 5 analysts. She also assisted the DCMA CPSR team relative to commercial items and co-instructed the Commercial Item Training presented to DCMA. Education Lynne earned a Bachelor of Science Degree in Accounting from the University of Central Florida. Certifications State of Florida Certified Public Accountant State of Alabama Certified Public Accountant Defense Acquisition Workforce Improvement Act (DAWIA) Level III- Auditing DAWIA Level III – Contracting