Federal Contractors' Compliance Responsibilities Just Got Easier, or Did They?
On July 14, 2020, the Federal Acquisition Regulatory (FAR) Council issued an interim final rule intended to clarify the scope and application of the requirements set forth in Section 889(a)(1)(B) of the FY2019 National Defense Authorization Act (FY19 NDAA). The rule's release comes after months of eager anticipation by—and almost apocalyptic warnings from—a wide variety of government contractors and industry groups who argued, among other things, that contractors would find it impossible to comply with (a)(1)(B) requirements, much less to do so by the statutory deadline of August 13, 2020 (which they also urged should be extended). The rule does not move the deadline for compliance, but it does make clear that (a)(1)(B) applies only at "the prime contract level." This has caused some to declare victory in the belief that the FAR Council has essentially done away with the arduous task of confirming supply chain compliance.
To this we say, "not so fast." Just because the rule explains that it does not apply to subcontractors because they do not have privity with the government, that doesn’t mean that prime contractors don’t have a responsibility to look at their supply chain to ensure compliance company-wide, “regardless of whether that usage is in performance of a Federal contract.”
FY19 NDAA Section 889(a)(1)(B) Requirement
Section 889 was part of the John S. McCain National Defense Authorization Act (NDAA) that was signed into law on August 13, 2018. Section 889 “Prohibition on Certain Telecommunications and Video Surveillance Services or Equipment” established a “(a) Prohibition on Use or Procurement.—(1) The head of an executive agency may not—(A) procure or obtain or extend or renew a contract to procure or obtain any equipment, system or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system; (B) enter into a contract (or extend or renew a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” (Emphasis added.)
How far down a prime contractor must go to confirm that it does not “use” any covered equipment is not defined. Instead, Section 889(a)(2) provides a limited carve-out to allow a federal agency to procure “(A) with an entity to provide a service that connects to the facilities of a third-party, such as backhaul, roaming or interconnection arrangements” or “(B) cover telecommunications equipment that cannot route or redirect user data traffic or permit visibility into any user data or packets that such equipment transmits or otherwise handles.” Those exceptions to the prohibition on procurement and use of covered goods and services, however, also would require some due diligence on the part of the prime contractor to confirm the limitation on (A)’s service arrangements and the inability of (B)’s equipment to route, redirect or permit visibility into any user data or packets it handles.
The conference report accompanying the NDAA confirms that Section 889 prohibitions were intended to prevent the introduction of technology or services from “any company that the head of a relevant Federal agency reasonably believes is controlled by the government of the Peoples Republic of China.” The report included a specific list of companies identified initially as subject to the prohibition –Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hikvision Digital Technology Company and Hahua Technology Company. Notably, the conference report also indicates that any limitation on the prohibitions was to be transitional, and that Congress sought to “assist affected businesses, institutions and organizations as is reasonably necessary for those affected entities to transition from covered communications equipment and services, to procure replacement equipment and services, and to ensure that communications services to users and customers is sustained.”
While rollout of the prohibition on federal agency procurement of covered systems and services came swiftly, but due to a deviation and then FAR provision, it has been almost two years since the provision’s passage and the road to FAR Council interpretation and implementation of Section 889(a)(1)(B)’s prohibition on a prime contractor’s uses of covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system has been rocky to say the least. However, the time for implementation—by August 13, 2020—is nearing. Contractors need to understand that there are issues that remain outstanding, as well as the current terms for compliance under the interim final rule.
Implementation by the Interim Final Rule and Issues that Remain Open
The rule provides the interim path for implementation of Section 889(a)(1)(B)’s complex edict. The rule implements Section 889(a)(1)(B) by amending the FAR and relevant FAR clauses to incorporate certain specific (a)(1)(B) requirements. For example, the rule amends FAR 52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment, which previously focused solely on Section 889(a)(1)(A), to add a new subsection (b)(2):
Section 889(a)(1)(B) … prohibits the head of an executive agency on or after August 13, 2020, from entering into a contract, or extending or renewing a contract, with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless an exception at paragraph (c) of this clause applies or the covered telecommunication equipment or services are covered by a waiver described in FAR 4.2104. This prohibition applies to the use of covered telecommunications equipment or services, regardless of whether that use is in performance of work under a Federal contract.
In its discussion of this provision, the rule explains this prohibition "applies at the prime contract level to an entity that uses any equipment, system, or service that itself uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, regardless of whether that usage is in performance of work under a Federal contract." The FAR Council goes on to state that, while FAR 52.204-25's Section (a)(1)(A) prohibition will continue to flow down to all subcontractors, the (a)(1)(B) prohibition does not because of the statute's language and the fact that "the prime contractor is the only 'entity' that the agency 'enters into a contract' with, and an agency does not directly 'enter into a contract' with any subcontractors, at any tier."
However, the rule also requires a representation from the contractor in the System for Award Management (SAM) as to whether it will use or has covered equipment or services. If the contractor does not have or use such equipment or services then it can represent it “will not” or “does not” and the contracting officer may rely on this representation “unless the contracting officer has reason to question the representations.” FAR 4.2103(a)(2). A contractor that selects “does” or “will” must complete the representation again in each procurement.
Where the contractor indicates that it “does” or “will” use such covered equipment or services in a particular procurement, the rule provides that the contracting officer will consider whether a one-time waiver is necessary to make an award. Where a waiver is deemed necessary, the rule provides that the contracting officer will “request the offeror provide: (1) A compelling justification for the additional time to implement the requirements under 889(a)(1)(B), for consideration by the head of the executive agency in determining whether to grant the waiver; (2) a full and complete laydown of the presences of covered telecommunications or video surveillance equipment or services in the entity’s supply chain; and (3) a phase-out plan to eliminate such covered telecommunications equipment or services from the entity’s systems.” In this regard, the rule and rulemaking history provide a very significant distinction between how it will handle offerors that represent that they will not use and do not have covered equipment or services and those that cannot make that representation. This is potentially going to be quite troublesome for contractors given the nature of what the rule says is required for the representation.
Specifically, the rule modifies FAR 52.204-24 Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment to require a contractor to represent as part of its offer, "[a]fter conducting a reasonable inquiry," whether or not it uses "covered telecommunications equipment or services, or use[s] any equipment, system, or service that uses covered telecommunications equipment or services." The rule also requires the submission of additional information about any covered equipment or covered services that will be used. In connection with such representations, the rule defines "reasonable inquiry" to mean "an inquiry designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity that excludes the need to include an internal or third-party audit."
It may be tempting to read the definition of “reasonable inquiry” as relieving prime contractors of all responsibility to make inquiries of those within their supply chains, and permitting them to rely only on what they already know about the equipment, systems and services they use. But such an approach seems entirely too simplistic. If a contractor that represents that it knows it has covered equipment or services must provide a full and complete laydown of the presences of covered equipment and services in its supply chain, then shouldn’t a contractor that represents that it does not have or use such equipment or services be required to engage in a similar effort to ensure the accuracy of its representation? Given that the rule makes clear that the express purpose of the rule is "to protect the homeland … from the impact of Federal contractors using covered telecommunications equipment or services that present a national security concern," it makes no sense to think that the rule establishes an arrangement under which the protection of the homeland's national security depends solely on what prime contractors already know about the equipment and services they use. This should be a special concern since it is not likely that federal contractors (especially commercial item or service contractors) have previously understood that they had an obligation to inquire into this aspect of the telecommunications equipment, systems and services on which they rely.
These discrepancies (and others) point to the likely scenario that the present rule is only an interim gap-filler and that future rulemaking to impose greater requirements on the supply chain of the contractor will follow shortly. Indeed, the rulemaking poses a number of specific questions to the federal contracting community, inviting comment in this area. This may be due to the FAR Council's own recognition of the rule's inconsistencies—and, perhaps, its foreshadowing of things to come. For example, the rulemaking asks the community, "To what extent do you have insight into existing systems and their components?" It also seeks comments about "the challenges involved in identifying uses of covered telecommunications equipment or services (domestic, foreign and transnational) that would be prohibited by the rule." Similarly, it asks, "What are the best processes and technology to use to identify covered telecommunications equipment or services? [and] Are there automated solutions?"
Given the nature and scope of these questions, it is clear that there remain unresolved issues in implementation of the prohibition of Section 889(a)(1)(B). It would be a mistake to interpret this interim final rule as providing a definitive answer on whether or to what extent a reasonable inquiry requires at least a top-level inquiry of suppliers by prime contractors to follow up on the important information they know they do not have. Contractors at all tiers would be well-served to engage in a well-documented process for identifying whether and to what extent they (and their affiliates and subsidiaries) have or use covered equipment or services enterprise-wide. In many cases, such an approach should include consideration of the contractors' suppliers and even, depending on the specific facts, others in their supply chains. A reasonable response to the representation requirement will be one that is based on a reasonable, documented fact-gathering. Remember a representation is viewed in the same light as a certification. A false representation or one based on failing to take steps based on what you knew or should have known is the standard triggering the False Claims Act.