The US Department of Defense (DoD), the General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) (together, federal agencies) issued earlier this week a long awaited set of interim regulations (the Interim Rule) that effectively prohibit these federal agencies from contracting with firms that utilize certain covered telecommunications equipment and services from Huawei, ZTE, Hikvision, Hytera, and other specified Chinese firms as key components or technology in any of their systems – even where such equipment or services are not being offered to the US government.
The Interim Rule, which implements Section 889(a)(a)(B) of the John S. McCain National Defense Authorization Act for 2019 (NDAA), follows the adoption last year of a related, and somewhat narrower ban on the direct use of such covered telecommunications equipment and services in federal contracts and subcontracts.
The Interim Rule has broad implications for all federal contractors. This broad and controversial contracting prohibition, which has significant implications for more than roughly four million federal contractors, is yet another step in the US government’s effort, on the basis of national security concerns, to eliminate products from Huawei and certain other Chinese providers from the US supply chain and preclude their participation in US telecommunications networks. Federal offerors would be prudent to conduct an initial inquiry into their ability to comply with the prohibition (based on a survey of their business operations) and consider its implications for pending contract actions.
A harbinger of other actions to address supply chain risk. This rule also should be viewed as a harbinger of others likely to come that affect the US supply chain more broadly – beyond telecom to include areas like personal protective equipment needed to address the COVID-19 pandemic and the protection of the bulk-power system. See our recent Alert on the Bulk-Power System Electrical Equipment Executive Order. In this regard, the Interim Rule notes that the United States has “increasingly relied on a global industrial supply chain,” and has taken a series of actions to address supply chain and cybersecurity risk. The discussion of this issue highlights that yet other actions may be forthcoming as the Defense Department and other federal agencies implement other new provisions of law governing supply chain risk and cybersecurity.
Effective date; comments welcome. The Interim Rule, which was published in the Federal Register on July 14, 2020 (see 85 Fed. Reg. 42665) and takes effect on August 13, 2020, applies to all federal solicitations on or after that date and previously issued solicitations that are awarded after that date. Comments can, however, be provided by interested parties until September 14, 2020. In the Notice, the federal agencies in particular invite comments on specific impacts of the Interim Rule on Contractors, including the challenges in identifying such covered telecommunications equipment or services they are utilizing in their supply chain, and their ability to replace such equipment or services with non-covered items and the costs of doing so.
A brief overview
This Legal Alert addresses core elements of, and issues arising from, the Interim Rule:
- The context and policy rationale for the Interim Rule – which flows from the US strategy to treat China as a competitor and limit the national security risks associated with reliance on Chinese telecom products and services on that basis using all the tools at its disposal (export controls, procurement prohibitions, sanctions, and otherwise);
- The broad scope of the Interim Rule, which applies to all offerors on federal contracts but not subcontractors, and the limited ability to qualify for exemptions or obtain waivers; and
- The implications of the Interim Rule for federal contractors, who are required to conduct a necessary inquiry into, and certify compliance with the new procurement ban in any response to a federal request for procurement.
Context and policy: another element of the US effort to disengage with China in 5-G
The Interim Ban is the latest in a series of actions by the Administration to disengage US telecommunications networks from fifth generation and other wireless (5-G) equipment and services provided by Huawei and certain other Chinese telecom providers in order to limit perceived US national security risk.
The United States has taken a series of steps, using export controls, procurement restrictions, telecommunications regulatory actions, and other policy tools, to limit US reliance on 5-G telecommunications equipment and services provided by Huawei and other Chinese firms and affiliates and has embarked on a sustained campaign to encourage US friends and allies to do likewise. Most recently, following suit and reversing its earlier decision, the United Kingdom announced an intent to ban equipment from the Huawei from the country’s high-speed wireless network because of the supply chain risk associated with relying on its equipment.
A series of US actions on Chinese telecom. Among other things, the US Department of Commerce’s Bureau of Industry and Security (BIS) placed targeted Chinese telecommunications giant Huawei Technologies Co. Ltd. and many of its non-US affiliates (together, “Huawei”) on the “Entity List.” See our recent Alert on this subject for details. As a consequence, US persons are prohibited from exporting to Huawei, without a license, any technology, software or services that are subject to US export jurisdiction, i.e., that are subject to the Export Administration Regulations (EAR). And, there is a presumption of denial for all such licenses. More recently, BIS took a series of regulatory actions designed to preclude Huawei and other Chinese telecom firms from using US software and technology to design and produce semiconductors offshore to support their equipment and services – i.e., from doing indirectly what the Entities List designation preclude them from doing directly through exports from the United States. This action apparently has affected Huawei’s supply chain and introduced additional risk to foreign purchasers such as the UK.
Concurrently with this action, the President issued an Executive Order on Securing the Information and Communications Technology and Services Supply Chain (EO 13873). The Commerce Department thereafter proposed regulations, still pending, that establish a process Commerce can utilize to broadly evaluate, on a case by case basis, whether sanctions are warranted in the basis of a request of another federal department, credible information submitted by private parties, or at the Secretary of Commerce’s own discretion Thus, when these rules are finalized, in the event that the US determines that a transaction poses a risk to US information and communications technology or services, the Commerce Department could prohibit Huawei and other Chinese competitors from providing any information and communications technology or service to persons within US jurisdiction.
Further, the Federal Communications Commission (the FCC) has moved to block United States telecommunications firms from using certain critical federal funds to buy certain Huawei or ZTE equipment or services. Specifically, under the new FCC rule, wireless carriers are barred from using money from the Universal Service Fund (USF) to make purchases from companies posing a national security threat to the integrity of communications networks or the communications supply chain.
Subsequently, Congress passed and the President signed into law the Secure and Trusted Communications Networks Act of 2019,1 which confirms the FCC’s decision, prohibits it from subsidizing the acquisition or maintenance of telecommunications equipment or services from untrusted suppliers, and also creates a $1 billion program to reimburse small and rural telecommunications providers with fewer than two million customers for the removal of equipment that poses a national security risk from their networks and its replacement with equipment from trusted suppliers.
The national security and economic rationale for US action. All of these actions, including the Interim Rule, are driven by the same deep-seated national security and economic concerns over US vulnerability to reliance on Chinese 5-g telecommunications equipment and services. More specifically, there are perceived risks that: 1) under Chinese law, the Government of China could in an exigency order Huawei and other Chinese firms, through their provision of goods and services, to disrupt US or other global telecommunications; and 2) the Government of China, through the equipment of Huawei and other Chinese providers of 5-G goods and services, could conduct surveillance of various types. As Attorney General William Barr recently remarked, “[f]rom a national security standpoint … China would have the ability to shut countries off from technology and equipment upon which their consumers and industry depend. The power the United States has today to use economic sanctions would pale by comparison to the unprecedented leverage we would be surrendering into the hands of China.”2
The Interim Rule directly recognizes these concerns, highlighting that it “seeks to avoid the disruption of Federal contract systems and operations that could in turn disrupt the operations of the Federal Government, which relies on contractors to provide a range of support and services.” 85 Fed. Reg. at 42666. It also recognizes the risk of “exfiltration of sensitive data from contract systems arising from contractors’ use of covered telecommunications equipment or services – and observes that such surreptitious acquisition of US data could “harm important governmental, privacy, and business interests.” Id.
The broad prohibition
By its terms, the Interim Rule is broad in scope, and, subject to several limitations, prohibits federal contractors from providing any equipment, system or service that uses covered telecommunications equipment or services as a substantial or essential components of any system, or as a critical technology as part of any system, in the absence of an exception or waiver.
Applies to all federal procurements. The prohibition applies across the board in the federal government, and includes contractors who participate in any federal procurement, including even those below the simplified acquisition threshold and the acquisition of commercial off-the-shelf (COTs) items – both of which are often exempt from many such rules. The Interim Rule also applies to future orders under indefinite delivery contracts and the exercise of options or modifications to existing contracts or task or delivery orders to extend the period of performance. The reason for the application of the rule to COTs Items is what the Interim Notice calls the need to alleviate the “unacceptable level of risk for the Government” of contracting with entities that use covered telecommunications equipment or services. The preamble to the Interim Rule notes that this risk is not alleviated by the fact that the equipment or service being acquired has already been sold or offered for sale to the general public or because the purchase is small.
Applies only to prime contractor offerors today, but may cover their affiliates in the future. Unlike the ban on the federal procurement of certain Chinese telecom equipment and services promulgated last year, which applied to subcontractors, this ban only applies to “entities” that themselves directly contract with federal government departments and agencies. Thus, in this respect the ban is somewhat narrower – subtier suppliers will not need to certify compliance with this new obligation.
While the interim ban, as written, only applies to offerors themselves, and not their parent, subsidiaries or other affiliates, the Federal Acquisition Regulation Council, which oversees the federal procurement rules, has signaled that it is considering expanding the prohibition to such domestic (i.e., not foreign parties. This expansion, if adopted, would considerably expand the compliance obligations for larger contractors with numerous subsidiaries and other affiliates.
Key definitions shape the scope of the ban. The scope of the new prohibition is also shaped through based the same definitions used in the federal procurement ban established last year to implement Section (a)(1)(B) of the NDAA (i.e., the prohibition on federal agencies directly procuring certain telecommunications equipment or services from the same Chinese providers). Specifically,
- The “covered telecommunications equipment or services” is broadly defined to include not only telecommunications equipment produced by Huawei or ZTE or subsidiaries or affiliates thereof, but video surveillance and telecommunications equipment provided by four other named Chinese firms and telecommunications or video surveillance services provided by all of these firms or by other entities the Secretary of Defense determines to be “owned or controlled by, or otherwise connected to,” the Government of China.3 84 Fed. Reg. 40217. The four other named Chinese firms are Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company, or any subsidiary or affiliate thereof.
- The term “substantial or essential component” means “any component necessary for the proper function or performance of a piece of equipment, system, or service.” Thus, under this functionality approach, numerous components of systems undoubtedly will meet the “substantial or essential” test.
- Finally, “critical technology” is broadly defined by reference to articles and technologies on a range of lists of articles and technologies covered by US export control laws and regulations, including most notably the US Munitions list and Commerce Control List, and any “emerging and foundational technologies” added to these lists under the recently enacted Export Control Reform Act of 2018.
Limited exceptions and waivers. While there are certain limited exceptions to this broad prohibition4 and waivers may be granted on a case by case basis, as a practical matter the interim rule likely precludes any meaningful engagement by Chinese firms (those named and others later designated), directly or indirectly, with prime level contractors in the federal telecommunications and information system markets.
Notably, the Interim Rule establishes a robust, case-by-case, security-based internal US government waiver process with which federal departments and agencies must comply.
First, if the agency is considering granting a waiver request, it must seek detailed information from the offeror: 1) a compelling justification for the additional time needed to implement the requirements of the NDAA; 2) a “full and complete laydown” of the presence of covered equipment or services in the “entity’s supply chain”; and 3) a phase-out plan to eliminate such covered items from the entity’ systems.
Second, after considering detailed information provided by the offeror and before granting the waiver, the agency must: designate a senior agency official for supply chain risk management who is responsible to ensure the agency effectively carries out the supply chain risk management functions describe in law, regulation and policy; participate in inter-agency sharing of supply chain risk information; consult with the Office of the Director of National Intelligence (ODNI) on the waiver request; and only grant the request where ODNI confirms it does not have existing information suggesting that the waiver would present a material increase in national security risk.
Notably, the federal agency also must attest, in a notice provided to ODNI, 15 days before granting the waiver (and to Congress 30 days thereafter), that granting the waiver “would not, to the agency’s knowledge having conducted the necessary due diligence as directed by statute and regulation, present a material increase in risk to US national security.”
Suffice to say, it is very unusual to see this type of robust internal US government waiver process set forth in a regulation – which apparently is designed to circumscribe the use of waiver authority. In short, this robust process, and the need for a certification by a senior agency official to ODNI and Congress, appears to limit the likelihood that waivers will be granted to cases of truly compelling need.
Compliance procedures and burdens: contractors cannot “bury their head in the sand”
Notably, the prohibition in the Interim Rule operates through certifications offerors make when responding to solicitations for federal contracts – i.e., before the award is made. Specifically, offerors must either certify their compliance or provide information necessary for the relevant federal department or agency to make an informed judgment on a waiver request. Thus, the burden is on contractors to comply with the Interim Rule or risk liability for inaccurate statements under criminal statutes like the False Statements Act or the False Claims Act or non-criminal administrative provisions.
What is somewhat unusual, however, is that offerors are required to certify compliance “[a]fter conducting a reasonable inquiry.” What is a “reasonably inquiry?” The Interim Rule specifies that this is “an inquiry designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity that excludes the need to include an internal or third-party audit.”
In other words, an offeror cannot “bury its head in the sand” and simply sign a certification on the basis of limited knowledge available to senior management without conducting a review. While the offeror needn’t conduct an “audit,” it needs to undertake some type of process – presumably one it can maintain a record of in the event that the relevant federal agency questions its compliance. Thus, for example, one can imagine a memorandum to each of the company’s divisions or business units from a senior executive and responses might be a “reasonable inquiry.”
Further, it should be recognized that the diligence required relates to whether the offeror has “used” covered telecommunications equipment or services in its supply chain. It could, for example, be using such equipment or services provided to it through a third party service provider. Thus, it needs to make sure its inquiry cover these types of scenarios – adding further complexity to the task of both conducting an inquiry and complying.
In addition, where a contractor certifies that is not in compliance with the new prohibition and seeks a waiver, it faces the need to submit considerable information required to the federal customer. This includes a description of the covered telecommunications equipment or service, its use of the same, and any further explanation of factors relevant to determining if the use would be permissible.
In sum, the Interim Rule places significant burdens and risks on federal offerors – both those who can comply with its terms and those who seek a waiver. They face the considerable burden of continually monitoring and gathering information about the covered telecom equipment or services they are utilizing in their supply chains and the costs and risks of replacing such covered items in their supply chain. If a waiver is needed, they also must address but the choice whether to spend the considerable resources needed to bid on a contract opportunity given the uncertainty over whether a waiver would be granted – which will not be known until weeks after the offer is submitted.