By Elizabeth Sullivan
Disclaimer: This is longer than our usual blog posts – the rule was 86 pages, so bear with me through this one.
Section 889 – a name that does not mean much to the average person, but carries a lot of weight for contractors. This is a section in the FY2019 National Defense Authorization Act (NDAA) that seeks to eradicate Chinese telecom from the entire U.S. government supply chain. Why write about it now? The part that impacts federal contractors of all sizes (Part B) goes into effect in less than a month.
Earlier this year, the Department of Defense (DoD) held a public meeting to hear from industry. Of the salient points made, one resounding theme was that definitions will mean everything for implementation. However, industry hasn’t been able to share any definitional clarity because of the rule release delay. The FAR Council published their interim rule last week – Part B goes into effect before the comment period is over, which means contractors will have to comply with the rule starting on August 13, 2020. Public comments can be submitted until September 14.
Here are the five key components for small/midsize business contractors to pay attention to.
You’ll have a new box to check in SAM. Contractors will need to annually check a box in SAM verifying that they do not use any covered telecommunications equipment or services. A contractor can choose to say yes, they do use some of these banned equipment/services, which would require an offer-by-offer representation for contracts and task/delivery orders under IDIQs. It is important to know this ban applies toany equipment, system, or service that uses the covered equipment or services as a substantial or essential component of any system, or as critical technology as part of any of a contractor’s systems. Think this rule does not apply to you? Think again – acquisitions of commercial items (including COTS) and contracts at or below the simplified acquisition threshold (SAT) must also adhere to this prohibition.
Definitions are key. Definitions are critical to the implementation of this rule, which defines words such as “backhaul” and “roaming,” but leaves contractors with uncertainty over what constitutes a covered technology. FAR 4.2101 covers some of these definitions, however there was no further clarity in the rule regarding who is considered “any subsidiary or affiliate of such entities” of the five listed companies (Huawei, ZTE, Hytera, Hikvision and Dahua). It seems problematic that a small business contractor is expected to research all of the subsidiaries and affiliates of these companies to make sure they are not utilizing any prohibited components. Note to government: why not just provide a list?
Another definitional bone I have to pick is the meaning of “reasonable inquiry.” The rule says that a company is compliant if a “reasonable inquiry” by the company does not show any use of the prohibited equipment or services. So, what exactly does that mean? According to the rule, a reasonable inquiry is something that is designed to uncover any use of these covered telecommunications equipment or services and does not need to be an internal or third-party audit. While I am not a lawyer, I can imagine that every procurement attorney would advise contractors to have some type of legitimate audit of systems in case compliance risks arise.
The waiver process is laborious. Although a waiver sounds reasonable and gives contractors added time to comply (until August 13, 2022), it doesn’t seem designed for small or midsize contractors. In order to get a one-time waiver, the head of an agency has to grant it. Before this happens, a senior agency official for supply chain risk management has to discuss the waiver with the Federal Acquisition Security Council (FASC). And consult with the Office of the Director of National Intelligence (ODNI) to make sure conditions are met. And provide notice to the ODNI and FASC 15 days before granting the waiver. And notify appropriate Congressional committees within 30 days. The FAR Council does acknowledge that this process could take a few weeks and advises to enter at your own risk because “agencies may reasonably choose not to initiate one and to move forward and make award to an offeror that does not require a waiver.” A quick data point: there are 387,967 companies registered is SAM, 74% of which are small. That would mean if every small company decided to submit an offer for a federal award and sought a waiver, that would be 287,096 waivers.
Six contractor actions are necessary for compliance. A chunk of the rule outlines contractor compliance recommendations. After reading and re-reading these six actions in the rule, I’m left with the same feeling: small contractors need something more detailed than just general guidelines. Generalities like “read and understand the rule and necessary actions for compliance” and “corporate enterprise tracking” sound great, what exactly does that entail? During more normal times – let alone a pandemic – building out a compliance program can be complicated, not to mention costly. It is important contractors have the detailed information to get it right.
Finally, I see dollar signs. The rule completely underestimates the time it will take contractors to implement and remain compliant with this rule. A whole section is dedicated to this analysis – and quite a few estimates left me scratching my head (you can find these in Section III, Part D). Companies aware of the rule have been spending months trying to prepare and continue to evaluate the components in their government offerings. An important part of complying with the rule to highlight is that a company cannot use any of these prohibited systems/equipment, even if they are not used in its federal contracts. That means no split networks or having one system for U.S. federal business and a difference one for commercial or contracts with other countries. I see more dollar signs.
The FAR Council is seeking public comment on the rule – and federal contractors should respond. In Section IV of the rule you can find a list of questions the Council wants industry to answer, and it is worth taking a look at them. One that is also found in the beginning of the rule is whether an expansion of the prohibition should be made to include all company subsidiaries and affiliates. Feedback is also requested on subjects like challenges, costs and insight into existing systems.
One thing all contractors, regardless of size have in common – they want to be compliant so they can compete. Given the uphill battle small and midsize contractors face when it comes to compliance with Section 889 and many other contracting requirements, advocacy on this issue is critical.