Potential security threats from technology developed by Chinese companies with alleged connections to the Chinese government continue to generate headlines and garner attention, with the Government scrutinizing the risk from specific Chinese firms' products. These potential security threats have now resulted in substantial new compliance obligations for landlords to the Federal Government, along with mandatory representations, both of which generate risk for the lessor.
Effective August 13, 2019, Section 889 of the Fiscal Year 2019 National Defense Authorization Act (NDAA) prohibits the use of telecommunications or surveillance equipment or services from certain Chinese companies in support of any Government lease or contract. Government Leases frequently require the provision of telecom and surveillance services, and lessors will now have to take this requirement into account when entering into a lease with the Federal Government.
This blog post1 will explore the most recent requirements for General Services Administration (GSA) leases and the compliance exposure for lessors. It will also discuss the risk of noncompliance and potential methods for limiting exposure.
The new requirements governing the provision of telecommunications and surveillance services stem from Section 889 of the Fiscal Year 2019 NDAA. This section prohibits the Federal Government from procuring or obtaining, or extending or renewing a contract to procure or obtain, "any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system." Part of this requirement became effective on August 13, 2019, one year after the passage of the 2019 NDAA.2
For now, this requirement is being implemented through the interim rule cited as Federal Acquisition Regulation (FAR) Case 2018-017, and by the General Services Administration (GSA), through the addition of a new contract clause and a new representation in GSA leases: FAR 52.204-25 and GSAR 552.204-70. The FAR clause appears only to apply to leases awarded after August 13, 2019.
The FAR Clause
- FAR 52.204-25 - PROHIBITION ON CONTRACTING FOR CERTAIN TELECOMMUNICATIONS AND VIDEO SURVEILLANCE SERVICES OR EQUIPMENT (AUG 2019)
This new General Clause to GSA leases does four things: (1) Prohibits the provision of certain telecommunications equipment or services (called covered telecommunications equipment or services) to the Government; (2) Defines "covered telecommunications equipment;" (3) Requires the lessor to self-report any violations of this provision; and (4) Requires the lessor to flow these obligations down to all subcontractors.
- The Contractor is prohibited from providing to the Government any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless an exception at paragraph (c) of this clause applies or the covered telecommunication equipment or services are covered by a waiver described in Federal Acquisition Regulation 4.2X04.
This subsection of the clause actually prohibits two separate actions: (1) Provision of certain telecommunications supplies to the Government; and (2) Provision of services using certain telecommunications equipment to the Government.
This second prohibition will impact most lessors. A standard clause in GSA leases requires the lessor to provide telecommunications access and cabling (with express specifications) as part of the Government buildout. See, e.g., ¶ 3.42 of the GSA lease form template L100. These shell buildout requirements for telecommunications closets will require some level of inquiry into supply chain integrity for any products used.
Additionally, the Government typically reserves the right to install its own telecommunications equipment or contract with others for the same. Any lessor accepting responsibility for the installation of Government equipment will need to carefully screen its supplies prior to their installation or turnover to Government control.
Finally, the Government often requires surveillance services to be provided as part of the lease's security improvements. As explained below, surveillance services will be subject to the prohibition on use of certain equipment, and lessors will need to ensure that their surveillance equipment does not run afoul of that prohibition.
2. "Covered telecommunications equipment or services" means –
(1) Telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities);
(2) For the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes, video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities);
(3) Telecommunications or video surveillance services provided by such entities or using such equipment; or
(4) Telecommunications or video surveillance equipment or services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of National Intelligence or the Director of the Federal Bureau of Investigation, reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country.
This provision details the specific companies the Government intends to preclude from its telecommunications suites. However, the final provision, prohibiting the use or provision of telecommunications equipment from a "covered foreign country," is a catch-all that may apply to any Chinese firm designated by the Secretary of Defense. 48 C.F.R. § 52.204-25 ('Covered foreign country' means The People's Republic of China.).
Of note, this provision governs both contracts for provision of equipment and contracts (or leases) that include provision of services that entail the use of designated Chinese-manufactured telecommunications and surveillance equipment. This is the provision that may most clearly impact most lessors, as outlined above. What is unclear is exactly where the Government will draw the line with respect to what "services" are being performed under the lease.
This requirement represents a sea-change in the Government's approach to network security. It's unclear from this regulation whether "equipment" will mean finished products on the market, or whether it extends to components. If the Government takes the position that it is the latter, then any compliance review will become significantly more burdensome, time-consuming, and expensive.
3. In the event the Contractor identifies covered telecommunications equipment or services used as a substantial or essential component of any system, or as critical technology as part of any system, during contract performance, or the Contractor is notified of such by a subcontractor at any tier or any other source, the Contractor shall report the information in paragraph (d)(2) of this clause to the Contracting Officer, unless elsewhere in this contract are established procedures for reporting the information…. The Contractor shall report the following information pursuant to paragraph (d)(1) of this clause:
(i) Within one business day from the date of such identification or notification: the contract number; the order number(s), if applicable; supplier name; supplier unique entity identifier (if known); supplier Commercial and Government Entity (CAGE) code (if known); brand; model number (original equipment manufacturer number, manufacturer part number, or wholesaler number); item description; and any readily available information about mitigation actions undertaken or recommended.
(ii) Within 10 business days of submitting the information in paragraph (d)(2)(i) of this clause: any further available information about mitigation actions undertaken or recommended. In addition, the Contractor shall describe the efforts it undertook to prevent use or submission of covered telecommunications equipment or services, and any additional efforts that will be incorporated to prevent future use or submission of covered telecommunications equipment or services.
This is a requirement for self-reporting the use of any prohibited telecommunications or surveillance equipment to the Government. The timeline is extremely aggressive: one business day. In the event that a lessor discovers, after lease award, the existence of any prohibited telecommunications equipment or surveillance equipment used in support of the lease, the lessor could have as little as 24 hours to report the fact to the Contracting Officer.
4. The Contractor shall insert the substance of this clause, including this paragraph (e), in all subcontracts and similar contractual instruments, including subcontracts for the acquisition of commercial items.
In plain English, this clause requires the lessor to "flow down" this requirement to all of its subcontractors, suppliers and vendors.
The GSA Representation
- GSAR 552.204-70 REPRESENTATION REGARDING CERTAIN TELECOMMUNICATIONS AND VIDEO SURVEILLANCE SERVICES OR EQUIPMENT (AUG 2019)
This clause is actually a representation, which will be incorporated into all GSA leases moving forward. As written, it requires the lessor to confirm whether it does or does not make use of any "covered telecommunications equipment" in support of a Government lease:
The Offeror or Contractor represents that it [ ] will or [ ] will not [Contractor to complete and submit to the Contracting Officer] provide covered telecommunications equipment or services to the Government in the performance of any contract, subcontract, order, or other contractual instrument resulting from this contract. This representation shall be provided as part of the proposal and resubmitted on an annual basis from the date of award.
Additionally, if the lessor responds affirmatively to that representation, it triggers additional reporting obligations and representations:
If the Offeror or Contractor has responded affirmatively to the representation in paragraph (c) of this clause, the Offeror or Contractor shall provide the following additional information to the Contracting Officer--
(1) All covered telecommunications equipment and services offered or provided (include brand; model number, such as original equipment manufacturer (OEM) number, manufacturer part number, or wholesaler number; and item description, as applicable);
(2) Explanation of the proposed use of covered telecommunications equipment and services and any factors relevant to determining if such use would be permissible under the prohibition in paragraph (b) of this provision;
(3) For services, the entity providing the covered telecommunications services (include entity name, unique entity identifier, and Commercial and Government Entity (CAGE) code, if known); and
(4) For equipment, the entity that produced the covered telecommunications equipment (include entity name, unique entity identifier, CAGE code, and whether the entity was the OEM or a distributor, if known).
Changes to Existing Leases
For new leases with the Federal Government, these requirements are mandatory. This is true whether the lease is for existing space or new build. These requirements will even apply for succeeding leases.
For existing leases this issue becomes more complicated. It's unclear whether, as a matter of policy, the Government intends to make these requirements retroactive (the statutory requirement is only forward-looking), but there is an avenue for them to do so. Most leases with the Federal Government include a clause similar or identical to the Changes clause in the GSA's form 3517B – General Clauses (Rev. 06/16). This clause expressly allows the Federal Government to "direct changes to the Tenant Improvements within the Space, Building Security Requirements, or the services required under the Lease." However, in the event that such a change drives an increase in costs, which it almost certainly would, then the lessor will be entitled to an equitable adjustment:
If any such change causes an increase or decrease in Lessor's costs or time required for performance of its obligations under this Lease, whether or not changed by the order, the Lessor shall be entitled to an amendment to the Lease providing for one or more of the following:
(1) An adjustment of the delivery date;
(2) An equitable adjustment in the rental rate;
(3) A lump sum equitable adjustment; or
(4) A change to the operating cost base, if applicable.
But regardless of whether the Government decides to retroactively add the FAR clause to existing leases, the representation (GSAR 552.204-70) will be added to the System for Award Management (SAM) registration process, so all lessors will be required to examine whether or not any "Covered Telecommunications Equipment" is used in support of Federal leases.
The compliance risk associated with these requirements is substantial. First, falsely certifying that a lessor uses no "Covered Telecommunications Equipment" in the administration of its lease or leases can result in False Claims Act liability. It is unclear how the Government intends to treat this representation, but for another set of representations – the Small Business Size representations – the Department of Justice has taken the position that false certification damages may be up to triple the full value of set-aside contracts.
Next, there is a risk of breach damages. It is unclear how the Government could calculate its damages in the event of noncompliance, but any compromise of Government information could potentially subject the lessor to liability for breach damages.
Finally, there is a risk of suspension and debarment. The Government clearly takes any threats to national security very seriously, and these clauses represent an aggressive approach to that threat. Failure to meet these requirements, or falsely certifying compliance, could result in a suspension and debarment official opening an inquiry into whether a lessor is a responsible partner to the Federal Government. When debarred, no new leases or contracts may be awarded to an entity, with very narrow exceptions. Additionally, affiliated entities can be implicated, with suspension and debarment liability extending up the ownership chain, and even attaching to individuals.
Flow Down Compliance
Lessors should consider flowing these new requirements down to General Contractors and Construction Managers for new build construction, and to property managers for succeeding leases or leases in existing space.
However, lessors should be aware that "flowing it down" by itself will not insulate the landlord from any adverse actions; the lessor still remains the party to the Government lease, and the Government will hold the lessor responsible for noncompliance.
These new obligations represent a dramatic shift in how the Government is approaching security for its networks, and places substantial new burdens on Government lessors. Lessors should carefully consider their approach to compliance with these new obligations.
It is unclear how and when GSA (and other Government agencies) will implement compliance and oversight for these requirements. As of this writing, we are unaware of any funding or structure provided to GSA (or other agencies with leasing authority) to oversee these lease requirements. Furthermore, it is unclear who – if anyone – at GSA possesses the technical expertise to audit compliance with these requirements.
Additionally, these compliance obligations only address Phase I of the 2019 NDAA. Phase II, which will come into effect next summer, expands the existing controls to prohibit "enter[ing] into a contract (or extend[ing] or renew[ing] a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system." Sec. 889(a)(1)(B). In other words, the Government may not only not contract for risky equipment or services, but it may not contract with any entities who use such equipment or services. This will broaden the scope of applicability dramatically, and will require all lessors to perform a new compliance analysis.