Huawei Rule Part 2: You “Use,” You Lose (Government Contracts)

On July 14, the member agencies of the US government Federal Acquisition Regulation (“FAR”) Council, published a long-awaited interim rule (the “Interim Rule”) implementing Section 889(a)(1)(B) of the 2019 National Defense Authorization Act (FY19 NDAA), which prohibits government agencies from “enter[ing] into a contract (or extend[ing] or renew[ing] a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as a critical technology as part of a system.” (emphasis added). The Interim Rule, which goes into effect August 13, 2020, represents the second phase of implementation of Section 889. It follows on the heels of the rule implementing Section 889(a)(1)(A) last year, which prohibits government agencies from procuring or obtaining such equipment, systems, or services. For purposes of both sections, “[c]overed telecommunications equipment” includes, among others, telecommunications equipment manufactured by Huawei or ZTE, as well as video surveillance and telecommunications equipment (when used for public safety, national security, or security of government facilities and critical infrastructure) produced by three Chinese telecom companies, their subsidiaries and affiliates, and others that may be identified in future.

In a Nutshell

The Interim Rule imposes a dramatic, wide-sweeping additional restriction on government contractors, requiring a representation with each offer “whether covered telecommunications equipment or services are used by the offeror.” The new rule clarifies that the Section 889(a)(1)(B) restriction extends beyond a government contractor’s business with the US government to a government contractor’s entire business. Given the breadth of companies that the Interim Rule currently applies to, and the fact that additional companies may be added to the list in future, government contractors now face a daunting task of identifying and representing to the US government whether or not they use covered telecommunications equipment in any of their businesses. The consequences of failing to comply are significant, as an inaccurate representation could constitute a breach of contract, expose the contractor to potential false claims liability, and lead to significant financial loss for government contractors.

Background

The restrictions in the FY19 NDAA stem from an effort to eliminate a perceived threat to the supply chain posed by certain Chinese companies, including Huawei and ZTE, as well as concerns regarding certain Chinese companies’ use of video surveillance and facial recognition technology. Specifically, the Interim Rule cautions that “[t]he exfiltration of sensitive data from contractor systems arising from contractors’ use of covered telecommunications equipment or services could also harm important governmental, privacy, and business interests.”

As we reported in our alert last year, the rule implementing Section 889(a)(1)(A) of the FY19 NDAA took effect on August 13, 2019. That interim rule prohibited executive agencies from:

procuring or obtaining, or extending or renewing a contract to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, unless [an exception or waiver applies].

This initial prohibition flows down to a government contractor’s subcontractors at all tiers.

While Section 889(a)(1)(A) and its implementing rule remain in effect, the restrictions imposed by the now-effective Section 889(a)(1)(B) take an expansive next step. By prohibiting government agencies from entering into a contract (or extending or renewing one) with an entity that even uses any equipment, system, or service that itself makes use of covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, the government has eliminated any required direct nexus between the covered telecommunications equipment and the government contract.

The Interim Rule implementing Section 889(a)(1)(B) amends the following sections of the FAR:

• FAR subpart 4.21, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment.
• The provision at 52.204-24, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment.
• The contract clause at 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment.

What Does the Interim Rule Cover?

As mentioned, the Interim rule applies to federal contractors that use “covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” It applies to all US government contractors with FAR-covered contracts. The Interim Rule applies only to “offeror” entities and does not flow down to subcontractors, unlike Section 889(a)(1)(A). While the current definition of offeror does not cover corporate families (such as domestic affiliates and subsidiaries), the FAR Council is considering extending the restriction to domestic corporate families in one year’s time by August 13, 2021, but apparently is not currently considering extending the restriction to affiliated parties outside the United States.

The Interim Rule maintains the same definition of “critical technology” set forth in the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”), which primarily consists of export-controlled items, as well as the definitions of “Covered foreign country,” “Covered telecommunications equipment or services,” and “Substantial or essential component.”

Notably, “substantial or essential component” is defined broadly in FAR 4.2101 to mean “any component necessary for the proper function or performance of a piece of equipment, system, or service.”

What Do Government Contractors Have to Do Now?

The Interim Rule requires government contractors to provide a submission along with each offer that represents, “after conducting a reasonable inquiry, whether covered telecommunications equipment or services are used by the offeror.” The representation would be added as an additional section to FAR 52.204-24, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment. While this representation is currently being imposed on a solicitation-by-solicitation, contract-by-contract basis, the representation eventually will be added as just one of the myriad representations required for contractors to submit (and update at least annually) in the System for Award Management (SAM).

The Interim Rule provides that “[a]n entity may represent that it does not use covered telecommunications equipment or services, or use any equipment, system, or service that uses covered telecommunications equipment or services within the meaning of this rule, if a reasonable inquiry by the entity does not reveal or identify any such use.” The Interim Rule defines “reasonable inquiry” as one “designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity. A reasonable inquiry need not include an internal or third-party audit.” However, the preamble to the Interim Rule does clarify that the FAR Council expects the offeror’s “reasonable inquiry” to include the covered telecommunications equipment of any supplier or subcontractor, “regardless of whether that used is in performance of work under a Federal Contract.”

If the offeror indicates that it does use covered telecommunications equipment, the offeror will be required to provide an explanation for why such usage does not violate the restrictions imposed by the act and regulation.

No Third-Party Backhaul Services Exception for Contractors under 889(a)(1)(B)

As we noted in our prior alert, the statute includes two exceptions at 889(a)(2)(A) and (B). First, section 889(a)(2)(A) allows the head of an executive agency to procure with an entity “to provide a service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements.”

The Interim Rule now has a definition of “backhaul,” which “means intermediate links between the core network, or backbone network, and the small subnetworks at the edge of the network (e.g., connecting cell phones/towers to the core telephone network). Backhaul can be wireless (e.g., microwave) or wired (e.g., fiber optic, coaxial cable, Ethernet).” 

However, the Interim Rule adds that the 889(a)(2)(A) exception “does not apply to a contractor’s use of a service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements.”  Thus, this exception does not apply to contractors using such systems under 889(a)(1)(B).
 

Second, section 889(a)(2)(B) allows an entity to use “telecommunications equipment that cannot route or redirect user data traffic or [cannot] permit visibility into any user data or packets that such equipment transmits or otherwise handles.” It is not clear whether the exception would apply if the telecommunications equipment were capable of transmitting data but is appropriately air-gapped to prevent transmission of that data (such as using covered video surveillance devices as part of a closed-circuit system).

One-time Waiver Process

Section 889(d)(1) of the FY2019 NDAA allows the head of an executive agency to issue a one-time waiver on a case-by-case basis. Any such waiver will expire no later than August 13, 2022. Once this period expires, executive agencies must comply with the prohibition.

The Interim Rule provides that the executive agency’s decision whether to start the waiver process will be “based on market research and feedback from Government contractors during the acquisition process, in concert with other internal factors.”

The Interim Rule makes clear that, if an offeror submits an offer with a representation “that it uses covered telecommunications equipment or services as a substantial or essential component of a system, or as critical technology as part of any system and no exception applies,” the offeror will be treated as seeking a waiver. Following such a submission, the contracting officer will have to consider whether a waiver is necessary, and then request information on the following from the offeror:

1. a compelling justification for additional time to implement the requirements under section 889(a)(1)(B);
2. “a full and complete laydown of the presences of covered telecommunications or video surveillance equipment or services in the entity's supply chain”; and
3. “a phase-out plan to eliminate such covered telecommunications equipment or services from the entity's systems.”

An offeror may also proactively submit this information along with their offer before the contracting officer has decided to initiate the formal waiver process.

The Interim Rule notes that it might not be possible to determine whether a waiver should be considered until offers have been received and the executive agency has analyzed representations from offerors.

Compliance Steps and Noncompliance Risks

The Interim Rule highlights the importance “for contractors to develop a compliance plan that will allow them to submit accurate representations to the Government in the course of their offers.” The Interim Rule, therefore, suggests that “a robust, risk-based compliance approach will help reduce the likelihood of noncompliance.” It notes that the FAR Council assumes the following steps would be a part of a compliance plan developed by any entity:

1. Entities should familiarize themselves with the rule.
2. Entities must “determine through a reasonable inquiry whether the entity itself uses ‘covered telecommunications’ equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” As noted above, this inquiry should include subcontractors and suppliers providing the offeror with covered telecommunications equipment and services.
3. Entities should educate their “purchasing/procurement, and materials management professionals to ensure they are familiar with the entity's compliance plan.”
4. If covered equipment and services are identified, an entity must “implement procedures if the entity decides to replace existing covered telecommunications equipment or services and ensure new equipment and services acquired for use by the entity are compliant.”
5. An entity should “provide representation to the Government regarding whether the entity uses covered telecommunications equipment and services and alert the Government if use is discovered during contract performance.”
6. “For entities for which a waiver will be requested, (1) develop a phase-out plan to phase-out existing covered telecommunications equipment or services, and (2) provide waiver information to the Government to include the phase-out plan and the complete laydown of the presence of the covered telecommunications equipment or services.”

The Interim Rule notes that failure to comply constitutes a breach of contract from a purely contractual point of view, and may consequently “lead to cancellation, termination, and financial consequences.” As the contractor must also submit an affirmative representation as to whether it uses covered equipment, a misrepresentation could expose to the contractor to false claims liability as well.

Comments

The Interim Rule allows interested parties to submit written comments on or before September 14, 2020, to be considered in the formation of the final rule. Interested parties may want to comment on the following issues:

• The Interim Rule does not define “use,” “system,” or “critical infrastructure.” These definitions are critical to identifying the scope of the rule.
• The Interim Rule was issued very shortly before the effective date of Section 889(a)(1)(B), giving stakeholders little time to implement compliance measures. The cost of compliance with this rule may be significant, and government contractors may not have many viable alternatives to the covered telecommunications equipment. Commenters may want to urge the government to consider implementing a grace period for compliance, in addition to the waiver provision already set forth in the rule.

Comments can be submitted on the Federal eRulemaking portal under FAR Case 2019-009.