Last week, the FAR Council issued a Final Rule, setting forth new FAR provisions that require the reporting of certain counterfeit and suspect counterfeit parts and certain major or critical nonconformances to the Government – Industry Data Exchange Program (“GIDEP”). This Final Rule comes more than five years after the rule was first proposed in the Federal Register in June 2014. The FAR Council describes the Final Rule as “significantly de-scoped” from the version proposed in 2014, but it nonetheless constitutes a significant expansion of the existing counterfeit part reporting obligations, which to date have applied only to electronic parts under DOD contracts.
A. Contracts Covered by the Rule
The Final Rule provides that the implementing contract clause (FAR 52.246-26) will be inserted into a contract that concerns one of four categories of items:
- Items that that are subject to higher-level quality standards, when the relevant contract includes the clause at FAR 52.246-11.
- Covers procurements for items where an agency is concerned about the risk of a non-conformance in a complex and critical item. Higher-level quality standards include overarching quality management system standards such as ISO 9001 and product or process specific quality standards such as SAE AS5553.
- Items that the contracting officer has determined to be “critical.”
- A new requirement that covers procurements for items whose failure is likely to (1) “result in hazardous or unsafe conditions for individuals using, maintaining, or depending upon the item” or (2) “prevent performance of a vital agency mission.”
- Electronic parts or items containing electronic parts, provided that the contract exceeds the simplified acquisition threshold.
- This category’s focus on electronic parts tracks the scope of the existing DFARS requirement that has applied to defense contractors since 2014.
- Services provided in conjunction with any of the three above categories of items.
- Covers contracts for services provided in connection with the procurement of one of the above three categories of items.
The new clause set forth in the Final Rule must be flowed down without alteration (except for parties) in subcontracts that fit in any of the categories described above. Notably, the prime contractor is responsible for determining whether the subcontract is for “critical items for which use of the clause is appropriate.” This may impact negotiations between primes and their subcontractors if there are questions as to whether the product clearly fits within the “critical” definition.
B. Carve-Outs & Exemptions
As compared to the original proposed rule, the Final Rule incorporates several substantial carve-outs and exemptions that have the effect of limiting the new rule’s applicability. Most notably, the clause is not required in contracts or subcontracts for commercial items, which is a significant limitation on the new rule’s applicability and one that will be welcomed by industry.
Aside from the exception for commercial items, there are several other categories of products and contractors to which the new rule does not apply. The rule does not apply to contracts or subcontracts for certain medical devices that already are subject to FDA reporting requirements. And the rule also recognizes narrow exemptions that will relieve contractors from the clause’s GIDEP reporting requirements (discussed below), even if the clause is inserted in the contract. These exemptions are for: (1) foreign corporations that do not have any offices, locations or fiscal paying agents in the United States; (2) contractors that are aware that the relevant item is the subject of “an on-going criminal investigation”; and (3) contractors that have confirmed that the supplier from which they purchased the item in question has not sold the item to anyone else.
Further, the rule does not include a requirement to establish a new system for detecting and avoiding counterfeit parts, as the existing DFARS rule (DFARS 252.246-7007) currently does for defense contractors that supply DOD with electronic parts. Instead, the rule expects that contractors will build GIDEP screening and reporting processes into their existing “inspection system or program for the control of quality.”
C. Screening and Reporting Requirements
The core requirements of FAR 52.246-26 are twofold. First, contractors are required to “screen” the GIDEP database to ensure that they do not purchase counterfeit parts or parts that contain a major or critical nonconformance.
Second, contractors are required to report to both the Contracting Officer and the GIDEP database within 60 days of “becoming aware or having reason to suspect” that an item is a counterfeit part. In addition to counterfeit parts, contractors are also required to submit reports to GIDEP (but not to the Contracting Officer) when they detect a major or critical nonconformance in a “common item.”
The term “common item” is defined to mean “an item that has multiple applications versus a single or peculiar application.” In the preamble, the Council notes that “[s]everal respondents opined that the definition of ‘common item’ is overbroad, susceptible to many interpretations, and needs further clarification.” Indeed, one respondent stated “that it is difficult to imagine any item (other than a one-of-a-kind part) that would not be a ‘common item.’” Despite these concerns, however, the Council decided to continue with the broad definition, while also deleting a list of example common items that was set forth in the proposed rule (these examples included “raw or processed materials, parts, components, subassemblies, and finished assemblies that are commonly available products”).
D. Analysis & Implications for Contractors
The Final Rule represents a meaningful expansion of contractor compliance obligations and is poised to trigger a number of interesting – and significant – questions and consequences. We discuss four such issues below.
1. Scope of Rule
The original proposed rule was breathtaking in its scope, as it potentially could have applied to nearly all contracts with all agencies. The FAR Council’s ultimate adoption of a carve-out for commercial items – following a wave of pushback from industry – serves as a useful reminder of the value of preparing substantive comments in response to proposed regulations. And more generally, this change aligns with a broader trend towards streamlining the federal procurement system to more closely approximate conditions in the commercial marketplace.
But while the Final Rule is a narrower than the proposed version, certain aspects of the rule remain quite broad, and contractors should underestimate the scope and effect of the rule at their peril. The decidedly vague definition of a “critical” item is illustrative. Read literally, the concept of a “critical” item could have broad applicability, potentially encompassing contracts for any item the failure of which prevents performance of an agency’s mission (regardless of safety concerns). Thus, although the preamble to the Final Rule emphasizes the importance of avoiding counterfeit parts in procurements for complex systems such as spacecraft and missile guidance systems, the definition of a “critical” item leaves open the possibility that procurements for far more mundane categories of parts could be covered by the new rule, so long as they are deemed mission-critical.
2. De Facto Debarment Concern?
One commentator offered that a negative GIDEP report could result in de facto debarment of a contractor — the inference being that the government will not do business with a contractor that supplies counterfeit or suspected counterfeit parts. In response, the FAR Council notes that “[b]efore a report is submitted to GIDEP for publication, the manufacturer of the item or the supplier of the suspect counterfeit part is given the opportunity to provide their perspective on the issues presented in the report.” Thus, although the concern about product blacklisting is not trivial, at least contractors whose products are reported to GIDEP will have an opportunity to present their side of the story, which is an opportunity that does not exist in other contexts.
As any industry observer well knows, there has been a recent increase in actions by DOD and the Intelligence Community to ban products that present national security risks or otherwise jeopardize the integrity of the government’s chain integrity, and in many cases these actions do not even require notice to the impacted companies. (For more details, see our discussion of Section 806 and Intelligence Directive 731 here.) Given the increasing trend on the national security side for blacklisting products, we would expect the Government to actively enforce the reporting requirement in this Final Rule.
3. Impact on Prime-Sub Relations
As mentioned above, the new rule also could have significant implications for prime-sub relations. In the context of subcontract negotiations, the ambiguity inherent in the definition of the a “critical” item will be fodder for disputes about whether and when a subcontract might be subject to the new rule. Moreover, with the carve-out for commercial items, the new rule adds additional incentive for contractors to take the position that their products meet the definition of a commercial item under FAR 2.101 – and correspondingly increases the likelihood of prime-sub disputes about whether a product truly is “commercial.”
Additionally, in the event that a contractor identifies and reports a counterfeit or suspected counterfeit part to GIDEP, the contractor could (at least in theory) find itself subject to suit from the affected subcontractor or supplier on a business tort theory – i.e., that the GIDEP report damaged the subcontractor’s or supplier’s business. The new FAR clause includes only a limited safe-harbor provision that tracks the protection provided by the existing DFARS electronic counterfeit parts rule: that is, contractors are protected from tort liability if they report a suspected counterfeit electronic part under a DOD contract after making “a reasonable effort to determine that the report was factual.”
The clause does not include protections against tort liability in any other context. This potential litigation risk only underscores the critical importance of having a robust process for detecting potential counterfeit parts and reporting them appropriately to GIDEP.
4. Importance of GIDEP Reporting
The issuance of a GIDEP notice, especially for a non-conformance, could have a significant reputational impact on contractors. Although the Council rejected the notion that time was needed for contractors to develop processes and procedures with regard to GIDEP notices (noting instead that GIDEP has a Help Desk and web-based training), it is essential that these reports be accurate and vetted appropriately to ensure that trade secret information is not being shared broadly and that contractors are assessing the risks holistically. 
Contractors that do not have a process in place for addressing GIDEP reports should implement practices to ensure the correct type of GIDEP report is issued (Alert, Safe-Alert or Problem Advisory), appropriate remediation is implemented and adequately described in the GIDEP Report, and that a plan exists for notifying impacted customers. These reports have the potential for significant business impact and should be treated with appropriate care.