On May 6, 2014, the Department of Defense issued its final rule on the detection and avoidance of counterfeit electronic parts in the supply chain, implementing requirements of the National Defense Authorization Acts for FY2012 and FY2013. See 79 Fed. Reg. 26,092. The new rule, effective immediately, comes nearly a year after DoD issued a proposed rule that generated considerable attention from industry. This new final rule includes a number of changes and clarifications.
- Overview of the Rule
The new rule addresses counterfeit electronic parts and suspect counterfeit electronic parts in the supply chain. Covered contractors must establish and maintain acceptable systems to detect and avoid counterfeit parts. These systems will be reviewed as part of purchasing system audits, and a contractor's failure to maintain an acceptable detection and avoidance system may result in "disapproval of the purchasing system by the Contracting Officer and/or withholding of payments." With a limited exception, the rule makes the costs of counterfeit electronic parts or suspect counterfeit parts unallowable, and the costs of rework or corrective action required to remedy the use or inclusion of such parts is also unallowable.
The most substantial change in the final rule, as compared to the proposed rule, is that the requirements now apply only to "electronic parts." While this limitation was included in the FY 2013 NDAA, which the rule is meant to implement, DoD's proposed rule issued in May 2013 had no such limitation. Other changes include "expanded and clarified" requirements for contractors' detection and avoidance systems; changes, additions, and deletions to definitions of key terms; and further clarification of requirements.
- General Applicability
The requirements established in this final rule apply to CAS-covered prime contractors, including prime contractors subject to modified CAS coverage. DFARS 246.870-2(a); 79 Fed. Reg. at 26,099 ("With regard to contractors or subcontractors with modified CAS-coverage, the law does not make a distinction. Therefore any prime contract subject to CAS coverage, whether full or modified, is subject the final rule.").But covered contractors must flow down the requirements to subcontractors at all tiers, regardless of whether those subcontractors are CAS-covered. This includes subcontractors providing commercial items or commercial off-the-shelf (COTS) items, and small businesses and educational institutions. See DFARS 252.246-7007(c)(9); 79 Fed. Reg. at 26,099. Thus, "[a]ny electronic part procured by a CAS-covered prime contractor [is] subject to the restrictions." 79 Fed. Reg. at 26,099.
One of the most significant changes from the proposed rule is a narrowed focus on counterfeit electronic parts and suspect counterfeit electronic parts. The proposed rule was not so limited, applying to counterfeit parts of any type. The final rule defines a counterfeit electronic part as follows:
Counterfeit electronic part means an unlawful or unauthorized reproduction, substitution, or alteration that has been knowingly mismarked, misidentified, or otherwise misrepresented to be an authentic, unmodified electronic part from the original manufacturer, or a source with the express written authority of the original manufacturer or current design activity, including an authorized aftermarket manufacturer. Unlawful or unauthorized substitution includes used electronic parts represented as new, or the false indication of grade, serial number, lot number, date code, or performance characteristics.
DFARS 202.101. The new rule defines a suspect counterfeit electronic part as an electronic part for which "credible evidence (including, but not limited to visual inspection or testing) provides reasonable doubt that the electronic part is authentic." Id.
- Requirements for Counterfeit Electronic Part Detection and Avoidance Systems
Covered contractors must establish and maintain acceptable counterfeit electronic part detection and avoidance systems. The final rule expands and attempts to clarify the criteria for these systems. As established in DFARS 246.870-2(b) and 252.246-7007(b) each system must include risk-based policies and procedures that address, at a minimum, twelve criteria. These criteria are summarized below.
Training of personnel
While training must be addressed in the contractor's system, the rule leaves contractors the flexibility to determine the appropriate type, based upon the contractor's assessment of what programs and capabilities are already in place, and what more may be needed.
Inspection and testing of electronic parts
DFARS 252.246-7007(c)(2) requires inspection and testing of electronic parts, including criteria for acceptance and rejection. These are to be performed "in accordance with accepted Government- and industry-recognized techniques." The rule does not specify those techniques.
The rule does not require testing and inspection of all electronic parts. To the contrary, DoD acknowledges in the preamble that "requiring the contractor to test and inspect all electronic parts would be prohibitive." Accordingly, DoD explains that the "requirement to test or inspect is dependent on the source of the electronic part" and the "final rule allows contractors to make risk-based decisions based on supply chain assurance measures."
As further explained in DFARS 252.246-7007(c)(2), determinations of risk must be based on (1) the assessed probability of receiving a counterfeit electronic part; (2) the probability that the inspection or test selected will detect a counterfeit electronic part; and (3) the potential negative consequences of a counterfeit electronic part being installed (e.g., human safety, mission success) where such consequences are made known to the Contractor.
Use of suppliers that are the original manufacturer, sources with the express written authority of the original manufacturer or current design activity, including an authorized aftermarket manufacturer or suppliers that obtain parts exclusively from one or more of these sources
DoD describes this criterion as "a categorization of what types of suppliers may be deemed 'trusted' and therefore treated differently from other suppliers." 79 Fed. Reg. at 26,097. This is the closest attempt to a definition of "trusted supplier" that the current rule provides.
Processes for maintaining electronic part traceability
The rule requires traceability but, as DoD notes in its discussion, gives "contractor[s] flexibility to utilize industry standards and best practices . . . ." The contractor's processes must, however, include certification and traceability documentation; clear identification of the name and location of supply-chain intermediaries from the manufacturer to the direct source of the product for the seller; and, where available, the manufacturer's batch identification for the electronic parts, such as date codes, lot codes or serial numbers. DFARS 252.246-7007(c)(4). The clause lists "item unique identification" (IUID) as one example of the processes that might be implemented, but does not require it.
Flow down of counterfeit detection and avoidance requirements
As noted above, at the prime contract level, only CAS-covered contractors are subject to the new rules, but covered contractors must flow down the detection and avoidance requirements, including the applicable system criteria, to subcontractors at all levels, including commercial item and Commercial-Off-The-Shelf subcontractors, who are responsible for buying or selling electronic parts or assemblies containing electronic parts, or for performing authentication testing. DFARS 252.246-7007(c)(9) and (e).
Methodologies to identify suspect counterfeit electronic parts and to rapidly determine if a suspect counterfeit electronic part is, in fact, counterfeit; Design, operation, and maintenance of systems to detect and avoid counterfeit electronic parts and suspect electronic parts
The new rule provides little guidance for such criteria, except to note that "[t]he Contractor may elect to use current Government- or industry-recognized standards to meet this requirement."DFARS 252.246-7007(c)(8).
Processes to abolish counterfeit parts proliferation; the reporting and quarantining of counterfeit electronic parts and suspect counterfeit electronic parts
Contractors must report counterfeit electronic parts and suspect counterfeit electronic parts to the Contracting Officer and to the Government-Industry Data Exchange Program (GIDEP),
whenever the Contractor becomes aware of, or has reason to suspect that, any electronic part or end item, component, part, or assembly containing electronic parts purchased by the DoD, or purchased by a Contractor for delivery to, or on behalf of, the DoD, contains counterfeit electronic parts or suspect counterfeit electronic parts.
DFARS 252.246-7007(c)(6). Such parts "shall not be returned to the seller or otherwise returned to the supply chain until such time that the parts are determined to be authentic." Id.
Note that the government plans to address reporting and quarantining requirements more fully in FAR Case 2013-002, regarding expanded reporting of nonconforming supplies.
Process for keeping continually informed of current counterfeiting information and trends
DFARS 252.246-7007(c)(10) requires procedures for keeping informed of counterfeiting information and trends, specifically including "detection and avoidance techniques contained in appropriate industry standards, and using such information and techniques for continuously upgrading internal processes."
Process for screening the Government-Industry Data Exchange Program (GIDEP) reports and other credible sources of counterfeiting information
The rule provides no special guidance for this process, except to note that the purpose of this particular requirement is to "avoid the purchase or use of counterfeit electronic parts." DFARS 252.246-7007(c)(11).
Control of obsolete electronic parts
The new clause further requires contactors to establish "[c]ontrol of obsolete electronic parts in order to maximize the availability and use of authentic, originally designed, and qualified electronic parts throughout the product's life cycle." DFARS 252.246-7007(c)(12).
- Cost Allowability
The final rule establishes a new DFARS cost principle, 231.205-71, that makes the cost of counterfeit electronic parts or suspect counterfeit electronic parts and the cost of rework or corrective action that may be required to remedy the use or inclusion of such parts unallowable, unless the following exception is met: (1) the contractor has a reviewed and DOD-approved operational system to detect and avoid counterfeit parts and suspect counterfeit electronic parts; (2) the counterfeit electronic parts or suspect counterfeit electronic parts are government-furnished property; and (3) the contractor provides timely (i.e., within 60 days after becoming aware) notice to the government.
The preamble summarizes a number of comments questioning whether the exception could be read to establish a two-part, rather than a three-part, test, but responds somewhat cryptically that the exception language is purposefully worded as it is, indicating that all three parts of the exception must be met for it to apply. The final rule does not include the term "expressly unallowable," as was included in the proposed rule, but the comments make clear that the deletion of the word "expressly" was solely to eliminate redundancy (because the final rule explicitly states that the costs are unallowable), and has no bearing on whether penalties could be assessed for including unallowable counterfeit electronic parts costs in submissions to the government.
- Contractor Purchasing System Review
Consistent with the proposed rule, the final rule establishes the requirement to consider a contractor's counterfeit electronic parts detection and avoidance system as part of a Contractor Purchasing System Review performed by DCMA. As of the effective date of the final rule, there will be two versions of the Contractor Purchasing System Administration clause, DFARS 252.244-7001. The "Basic" clause is supplemented to add additional criteria to subsection (c) (that identifies the attributes a contractor's purchasing system must have) related to a counterfeit electronic parts detection and avoidance system, and the "Basic" clause will be included in solicitations and contracts that contain FAR 52.244-2, Subcontracts. The "Alternate I" clause contains only the criteria related to a counterfeit electronic parts detection and avoidance system in subsection (c) and will be included in solicitations and contracts where compliance with the new DFARS 252.246-7007, Contractor Counterfeit Electronic Part Detection and Avoidance System, is required but otherwise do not contain FAR 52.244-2, Subcontracts.
The preamble makes clear that if a deficiency related to the counterfeit electronic parts detection and avoidance system is determined by the ACO to be significant, the purchasing system may be disapproved and a withholding of payments can result. The preamble addresses concerns about DCMA resources in expanding the scope of a CPSR and states that the CPSR will include assistance from the local DCMA Quality Assurance Representative and that the CPSR group will perform as many reviews as possible, based on yearly risk assessments and requests from administrative contracting officers. When performing a CPSR, the preamble notes that the review will include an examination of the contractor's policies and procedures related to the detection and avoidance of counterfeit electronic parts.
- On The Horizon
While this is a final rule from DoD, additional rules and guidance are in progress with the government. These include, for example:
- FAR Case 2013–002, entitled "Expanded Reporting of Nonconforming Supplies," is being drafted to require expanded reporting of nonconforming items in partial implementation of section 818 of the NDAA for FY 2012. It was anticipated that this section could provide clarity as to the definition of a trusted supplier; however, given DoD's statement in the final rule that it intentionally left that term undefined to avoid confusion with other industry standards, it remains to be seen whether this FAR Case will provide any more insight.
- FAR Case 2012–032 resulted in a proposed rule on December 3, 2013, to clarify when to use higher-level quality standards in solicitations and contracts, and to update the examples of higher-level quality standards by revising obsolete standards and adding two new industry standards that pertain to quality assurance for avoidance of counterfeit items.
- DFARS Case 2014-D005, entitled "Detection and Avoidance of Counterfeit Electronic Parts – Further Implementation," may elaborate upon the identification of "trusted suppliers." 79 Fed. Reg. at 26,096. The case is still being researched by DARS staff, whose report is due May 28, 2014.
- DCMA is also developing a "Counterfeit Detection and Avoidance System Checklist" that will be "available when finalized." 79 Fed. Reg.at 26,096.