Contractors Face New Reporting Requirements

Photo: iStock

The Federal Acquisition Regulatory Council released an interim rule in August implementing part of the 2019 National Defense Authorization Act. It describes two sets of compliance obligations that deserve close attention from current and prospective government contractors.

The rule covers the portion of Section 889, subsection (a)(1)(A), that prohibits the federal government from acquiring certain telecommunications equipment or services from Huawei, ZTE and other Chinese companies. Specifically: “The head of an executive agency may not … procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”

Its provisions apply to new solicitations issued on or after Aug. 13 and any resulting contracts, as well as to contracts that are awarded on or after Aug. 13, even if the solicitations preceded that date.

The second part of Section 889 implementation, sections (a)(1)(B) and (b)(1), goes into effect on Aug. 13, 2020. Regulations for those sections remain pending within the government, but the definitions and waiver process established by (a)(1)(A) will be instructive for those regulations as well.

The rule adopts statutory text to define “covered telecommunications equipment or services,” with no changes. It does, however, import an expansive definition of “critical technology,” borrowed from the Foreign Investment Risk Review Modernization Act, or FIRRMA. The law applies at all dollar values and to purchases of commercial and commercially available off-the-shelf items.

There are still open questions.

“Substantial or essential component” is defined, but only broadly as “any component necessary for the proper function or performance of a piece of equipment, system, or service.” Each agency will have to determine which components meet that definition for purposes of compliance. Seeking additional clarification through the comment period could be important.

“Critical infrastructure” is not defined at all, even though the definition of “covered telecommunications equipment” includes equipment produced by Hytera, Hikvision, or Dahua used for “physical security surveillance of critical infrastructure.” However, we expect that the government would likely borrow the definition of critical infrastructure from FIRRMA: “Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems or assets would have a debilitating impact on national security.”

The rule imposes a two-step certification process that presents serious new risks for government contractors. First, in connection with work after Aug. 13, and later as part of the System for Award Management profile, contractors will be required to represent whether they sell material or services that include covered telecommunications equipment or services.

Second, if they respond that they do, then they must make separate, detailed, offer-by-offer disclosures in connection with bids for contracts and for task and delivery orders.

This system of certifications meaningfully expands the scope of risk associated with due diligence in acquisitions, and broadens potential exposure to the False Claims Act and other anti-fraud statutes.

However, the representations could also have a potential upside in terms of justifying an exclusion or waiver. The preamble explains that the information provided in the representation will help the government determine if a waiver request may be appropriate. The head of an executive agency may, on a one-time basis, waive the requirements for section (a)(1)(A) for up to two years if the entity seeking the waiver provides a “compelling justification” for the additional time needed to implement the requirements.

Organizations seeking a waiver will be required to submit to the head of the executive agency for which they are intending to contract with a “full and complete laydown” of the presence of covered equipment or services in the supply chain and a “phase-out” plan to eliminate those elements from the supply chain.

The rule creates a severe reporting regime with aggressive deadlines: “In the event the contractor identifies covered telecommunications equipment or services used as a substantial or essential component of any system, or as critical technology as part of any system, during contract performance, or the contractor is notified of such by a subcontractor at any tier or by any other source, the contractor shall report the information … to the contracting officer … [and] in the case of the Department of Defense, the contractor shall report to the” Defense Industrial Base Network.

An initial report is due within one business day, with a follow-up report due in 10 business days. The contractor must report any covered equipment, systems or services discovered during contract performance in a fairly high level of detail, and must flow this requirement down to subcontractors.

Additionally, the “notified” aspect of this reporting requirement is broad, and is not qualified by thresholds like “credible” information. Because it captures notification by “any other source,” it is conceivable that the government could impose a constructive notice requirement on contractors, or could take the position that open-source news reporting triggers the reporting requirements. 

Jeffrey Bozman is an associate, Susan Cassidy is a partner and Samantha Clark is special counsel at Covington & Burling LLP.

Topics: Contracting, Government Contracting Insights