Contractors involved in the Federal Government’s procurement of information technology (IT) systems should consider taking affirmative steps to prepare for significant legal uncertainties arising from a confusing provision enacted by Congress to combat Chinese cyber-espionage. The new provision, which Congress recently included in the “must-pass” appropriations measure that averted a government shutdown, generally prohibits certain agencies from acquiring IT systems that potentially have even a remote connection to the Chinese government. The White House expressed concerns about the provision, but these concerns did not prevent the President from signing the larger package. U.S. businesses, particularly in the high-tech sector, have been critical of the provision, and the White House reportedly has indicated that it may seek to modify or even drop the provision in future years. In the meantime, however, the provision is the law of the land, and contractors should be aware of its potential effects.
Section 516 of the FY 2013 Continuing Appropriations Act, which funds the Federal Government through September 30, 2013, generally prohibits the Departments of Commerce and Justice, as well as NASA and the National Science Foundation, from acquiring IT systems “produced, manufactured or assembled” by entities that are “owned, directed or subsidized by the People’s Republic of China.” Agencies may only make such acquisitions if the head of the agency, in consultation with the FBI, assesses the risks of cyber-espionage associated with the acquisition and certifies to Congress that the acquisition is “in the national interest of the United States.”
The House Appropriations Committee originally added the legislation during its consideration of the FY 2013 spending measure in April 2012. While the Senate version did not include such a provision, it was nevertheless among the provisions that survived into the final package presented to the President. Although the measure applies only to procurement of IT systems throughout the remainder of FY 2013, now that the template has been set, it is possible that similar prohibitions could be included in future appropriations measures.
The U.S. business community has raised several concerns with Section 516 – focused primarily on its impact on U.S. competitiveness in global markets – and has already begun a lobbying effort aimed at eliminating the provision, or at least modifying it, from future appropriations. Notwithstanding this effort, however, government contractors and commercial entities generally are looking at significant uncertainty in the near term as it pertains to government acquisition of IT systems.
To begin with, Section 516 includes several terms that are vague at best, and leaves several questions unanswered as to the provision’s application. For example, the legislation does not define “information technology system,” nor does it give any clarification as to what it means for an entity to be “owned, directed or subsidized” by China. If “owned” is to include less than 50% holdings, or if there are no guidelines as to what it means for an entity to be “directed” or “subsidized” by China, substantial compliance and workability issues will exist for the agencies and the contractors alike. Furthermore, the potential application of Section 516 to any part of a company’s supply chain is a legitimate concern given that the text of the provision does not make any distinction between suppliers or subcontractors.
Additionally, there remain significant questions as to how the FBI and federal procurement personnel will implement Section 516. The FBI will presumably have a substantial role in evaluating the cyber-espionage risks associated with an IT system acquisition under the law, but the contracting agencies appear to have some discretion in determining whether an acquisition is “in the national interest,” meaning that the provision’s impact may vary from agency to agency. It is also unclear what role, if any, the private sector (i.e., contractors and IT suppliers) may have in the performance of risk assessments, and the extent to which the relevant agencies will consult with the private sector and share information concerning risks already identified.
Even apart from the interpretation and implementation challenges, it is also unclear whether Section 516 might face a challenge in the World Trade Organization (WTO). Although China is not a party to the Government Procurement Agreement and therefore cannot challenge the U.S. in that area, the provision’s use of “subsidized” might open an avenue for China to challenge the provision as a measure taken against subsidies. Under the WTO’s Agreement on Subsidies and Countervailing Measures (ASCM), only certain countermeasures are permitted in response to subsidies, and China might challenge the U.S. as implementing a measure that falls outside the ASCM’s parameters. However, even if there was such a challenge, any WTO proceedings could take a long time before resolution.
Lastly, it remains unclear whether Section 516 is just a starting point and might be expanded in the future. While on its terms the provision applies only to FY 2013 procurement, it is possible – perhaps probable – that Congress will default to include the provision in its appropriations legislation for FY 2014 and beyond. This is consistent with past legislation, where once such a provision is included in an appropriations law, it is more difficult to remove it in subsequent years. It is also unclear whether Congress might extend the prohibition in Section 516 in future years to additional agencies. Although the Commerce, Justice, and Science Subcommittee, which is where the provision originated, only has jurisdiction over certain agencies, other subcommittees might nevertheless follow its lead, particularly if tensions with China are running higher as the subcommittees are drafting their bills.
While at this point there are far more questions than answers on the impact and implementation of Section 516, it is nevertheless important for government contractors and potential bidders to consider these issues as early as possible and to identify the best avenues to avoid potential problems down the road. At the very least, government contractors should implement diligence measures to identify IT systems companies with which they are doing business and in which Chinese government entities appear to have an ownership, control, or other financial role. One of the elements of uncertainty created by the new law is what level of diligence will be required to demonstrate compliance, but it can be presumed that inaction will be viewed negatively. Additionally, it may be worth considering whether to engage with other businesses already lobbying Congress and the Administration to pull back on the Section 516 prohibitions in the future.