Cybersecurity is a key concern of the federal government, which means that it should be a key concern for federal contractors, too.
To address a perceived cybersecurity risk, the 2019 NDAA prohibited the government from buying telecommunications devices produced by certain companies—namely, Huawei Technologies, ZTE Corporation, or any of their subsidiaries. In a proposed rule announced this week, this ban will be effective beginning August 13, 2019.
According to the interim rule, the FAR will be amended to give effect to Section 889 of the 2019 NDAA. As amended, the FAR will prohibit agencies “from procuring or obtaining, or extending or renewing a contract to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as a critical technology as part of any system[.]” Such covered telecommunications equipment or services includes:
- Telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any of their affiliates);
- Video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any of their affiliates);
- Any telecommunications or video surveillance services provided by any of these entities using any such equipment; and
- Any telecommunications or video surveillance equipment or services produced or provided by a company that the intelligence community reasonably believes is controlled or owned by the Chinese government.
The 2019 NDAA (and this follow-on rule) make clear that the federal government is concerned with the security risks of using Chinese-linked telecommunications companies. And though this prohibition seems comprehensive, there are exceptions: the FAR will not prohibit contractors from providing a service that connects to the facilities of a third party (such as backhaul, roaming, or interconnection arrangements) or telecommunications that cannot route or redirect user data or permit visibility into any user data or packets that such equipment transmits or otherwise handles. Moreover, the head of an agency or the Director of National Intelligence can provide a waiver for the use of a prohibited item.
This rule has significant ramifications for federal contractors—it prohibits, in most cases, a contractor from providing any of the covered equipment to the federal government. As part of this ban, moreover, there are detailed reporting requirements for contractors on related procurements.
Given the implications—both on particular contracts and to national security—it’s important for contractors to understand and comply with this new FAR rule. If you have any questions, please give me a call.