GAO’s recent protest decision in HPI Federal, LLC, B-422583, Aug. 9, 2024, 2024 WL 3823852, highlights the importance of making clear and precise Trade Agreements Act (TAA) compliance certifications when offering products for sale to the U.S. Government.   

  • On the one hand, GAO found that it was unreasonable for an agency to accept an offeror’s certification that certain of its products were “assembled in” a TAA-compliant country as evidence of the product’s TAA compliance.  GAO reasoned that the referenced assembly — which was not described in the proposal — may not satisfy the TAA’s requirement for “substantial transformation” in that country. 
  • In contrast, GAO found that it was reasonable for the agency to accept the same offeror’s certification that other products had a TAA-compliant “country of origin”. 

As these contrasting examples show, offerors should take care to ensure that their certifications are adequate to establish TAA compliance.  A certification falling short of that standard could place an award at risk, and could even render an offeror ineligible for award. 

Continue Reading Trade Agreements Act Certifications Undergo New Scrutiny

This is part of an ongoing series of Covington blogs on the implementation of Executive Order No. 14110 on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” (the “AI EO”), issued by President Biden on October 30, 2023.  The first blog summarized the AI EO’s key provisions and related OMB guidance, and subsequent blogs described the actions taken by various government agencies to implement the AI EO from November 2023 through July 2024.  This blog describes key actions taken to implement the AI EO during August 2024.  It also describes key actions taken by NIST and the California legislature related to the goals and concepts set out by the AI EO.  We will discuss developments during August 2024 to implement President Biden’s 2021 Executive Order on Cybersecurity in a separate post. 

Continue Reading August 2024 Developments Under President Biden’s AI Executive Order

On September 4, DoD published a proposed rule updating the other transaction (OT) regulations set forth in 32 CFR part 3.  These updates are intended to implement various changes to the prototype OT statute (42 U.S.C § 4022) previously enacted by Congress.  Among other things, those changes included:

  • An expansion of the “appropriate circumstances” under which a prototype OT may be issued, to include situations involving participation by nonprofit research institutions, participation by small businesses, or opportunities “to expand the defense supply base”; and
  • Authority for DoD to issue follow-on “production” OTs on a sole source basis, provided that competitive procedures were used for award of the initial prototype OT.

Although these changes were already applicable to DoD as a matter of statute, the proposed rule would ensure that the CFR is aligned with the statute and that the regulations provide accurate guidance. More details are below.

Continue Reading DoD Rolls Out Proposed Changes to Prototype OTA Regulations

This is part of a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021through July 2024.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during August 2024.  We discuss developments during August 2024 to implement President Biden’s Executive Order on Artificial Intelligence in a separate post. 

Continue Reading August 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

The Cybersecurity and Infrastructure Security Agency (“CISA”) released a new guide on August 2, 2024 titled, “Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle” (the “Software Acquisition Guide”).  This guide addresses the cybersecurity risks associated with the acquisition and use of third-party developed software and certain related physical products in an agency enterprise environment, and provides recommendations to agency personnel for understanding, addressing, and mitigating those risks.  This guide was followed on August 6, 2024, by a separate guide issued jointly by CISA and the FBI titled, “Secure By Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem” (the “Secure By Demand Guide”).  Together, these two guides provide agency and industry personnel a series of questions that can be used to obtain information from suppliers, set technical requirements, and develop contract terms for the acquisition of secure software as contemplated by the Biden Administration’s May 2021 Cybersecurity Executive Order (“EO”) and the Office of Management and Budget (“OMB”) memoranda implementing that Order. 

The specific impact that the guides will have on federal procurements and software developers in the federal supply chain is not yet clear.  With this said, all software producers in the federal supply chain are currently required to fully comply with new secure software development minimum requirements promulgated by the Office of Management and Budget by September 8 of this year, as detailed in our prior post here.  The Software Acquisition Guide in particular builds on those requirements and thus could be adopted by agencies that opt to impose additional obligations on contractors beyond those minimum requirements.

Continue Reading New Guides Released Relating to Secure Software Development Requirements

This is part of an ongoing series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through June 2024.  This blog describes key actions taken to implement the Cyber EO during July 2024.  It also describes key actions taken during July 2024 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, national security, and software supply chain security.

Continue Reading July 2024 Developments Under President Biden’s Cybersecurity Executive Order and AI Executive Order

Earlier this month, the FAR Council took action to extend its existing authority to collect information from government contractors for novation requests with a notice in the Federal Register.  While this was a routine action, it is a reminder that the novation process is in need of serious attention.  The notice addresses prior public comments that echo a longstanding sentiment that government contractors want a more streamlined, practical approach to novations — the procedure and requirements for which have remained substantively unchanged for nearly three decades. The FAR Council should heed commenters’ suggestions — re-imagine Subpart 42.12 of the Federal Acquisition Regulation (“FAR”) and implement a novation process that functions better for the U.S. Government and its contractors.

Current Process:  Requirements and Policy Foundation

FAR Subpart 42.12, in its current form, requires a contractor seeking to novate a contract to another entity, including a corporate affiliate, to assemble various documents, including three signed copies of the proposed novation agreement, a document describing the proposed transaction, a list of affected contracts, and evidence of the transferee’s capability to perform.  But the novation process does not end there — the contractor must gather a slew of other supporting documents, including some that typically are not available until after completion of the transaction.  These various other documents include:

  • an authenticated copy of the instrument effecting the transfer of assets;
  •  a certified copy of each resolution of the corporate parties’ boards of directors authorizing the transfer of assets;
  • a certified copy of the minutes of each corporate party’s stockholder meeting necessary to approve the transfer of assets;
  • an authenticated copy of the transferee’s certificate and articles of incorporation, if a corporation was formed for the purpose of receiving the assets involved in performing the affected contracts;
  • legal counsel opinions for the transferor and transferee stating that the transfer was properly effected under applicable law and the effective date of transfer;
  • balance sheets of the transferor and transferee as of the dates immediately before and after the transfer of assets, audited by independent accountants; and
  • evidence that any security clearance requirements have been met.  See FAR 42.1204(e),(f).

The FAR contemplates that after the contractor has packaged together all of this material, it will then submit the novation request to the so-called Responsible Contracting Officer.  According to FAR 42.1203, the Responsible Contracting Officer is responsible for examining the required documentation, soliciting feedback from the contracting officers for each of the affected contracts, and determining on behalf of the Government “whether or not it is in the Government’s interest to recognize the proposed successor in interest” (i.e., to grant the novation request).

The FAR’s novation process has important policy underpinnings.  The Government is obligated to contract with responsible contractors.  See FAR Subpart 9.103.  The novation process is designed to, among other things, ensure compliance with this requirement.  Similarly, novation functions as a government form of know-your-customer requirements in the commercial financial sector, whereby financial institutions and their employees must undertake reasonable diligence into their customers and associated risks.

Problems With Existing Novation Process

The existing novation process at FAR Subpart 42.12 has a number of shortcomings.  Here are a few examples:

  • FAR Subpart 42.12 does not account for the range of corporate transactions a contractor may undertake.  The current regime allows contracting officers to recognize a change in name of an existing legal entity through FAR 42.1205 and a transfer of a contract to a different legal entity through FAR 42.1204.  As these are the only mechanisms available, there is often confusion among contracting officers and industry on the applicable procedures for corporate transactions that do not fall neatly into one of these two buckets.  One example is the conversion of a legal entity to another form, such as from a S-Corp into an LLC.  There are often questions over whether this constitutes a name change or a novation, and this may lead contracting officers to adopt an overly conservative approach and require novation agreements.  Of course, novation is not a clean fit either, as no assets are actually being transferred in most conversions. 
  • It creates unnecessary risk in asset-based transactions involving government contractors.  Despite the requirement for a document describing a “proposed transaction”, in reality, parties typically are forced to sign and close asset-based transactions before the Government will review a novation request.  As noted above, FAR Subpart 42.12 requires submission of materials that generally are not available until after completion of an M&A transaction, like the instrument effecting the transfer of assets and legal opinions of both parties.  Thus, parties typically must submit their novation packages only after the purchase price has changed hands.  The resulting uncertainty in whether and when the Responsible Contracting Officer will approve parties’ novation request naturally makes transaction parties uneasy, and it may have the effect of disincentivizing some in industry from pursuing deals structured as asset sales.  It also makes asset-based deals more difficult.  The volume and variety of documents, not to mention the level of coordination between outside counsel, required to compile a complete novation package imposes an unnecessary (and avoidable) burden on such transactions.
  • It creates inconsistent outcomes.  Notably, the FAR lacks a defined timeline over which the Responsible Contracting Officer must review the novation request, nor does it offer a transparent and objective framework under which the novation request will be evaluated.  This can lead to inconsistent treatment of similarly situated contractors.  In addition, despite the explicit language in FAR 42.1203 requiring submission to a single Responsible Contracting Officer, certain agencies and certain contracting officers often will insist on submission of a separate novation package for contracts under its domain. 

What Would a Re-Write Look Like?  Recommendations for Improving FAR Subpart 42.12

To start, the FAR Council should create a formal process for pre-closing engagement between the transferor, transferee, and Responsible Contracting Officer.  A formal engagement process could help eliminate the uncertainty that contractors face in the current M&A landscape around when to reach out to the Government and shorten the time between closing and novation package submittal.  It also would presumably better protect the Government’s interests over the existing after-the-fact review and approval framework. 

In addition, the FAR Council should establish a required timeline upon which the Responsible Contracting Officer must review and approve novation packages.  And, it should dispense with the unnecessary and burdensome documentation requirements, like audited financial statements.

Comments addressed by the FAR Council in its recent Federal Register notice represent a decent baseline for considering ways to fix FAR Subpart 42.12.  Among other ideas, commenters suggested:

  • defining time frames for the Government’s review of the novation package;
  • reserving the novation process for asset transfers between two completely unaffiliated legal entities;
  • conversely, permitting a streamlined process for asset transfers between two affiliated entities within the same corporate parent structure;
  • removing the requirement to provide the ‘‘approximate remaining unpaid balance’’ of contracts to be novated at FAR 42.1204(e)(2)(iv);
  • removing the requirement for a corporate seal or imposing a dollar threshold above which the corporate seal is required; and
  • replacing the listed documents at FAR 42.1204(f)(1)-(3) with certification that the required activities (registration, approval by the board, etc.) have been completed.

We also suggest some other ideas for consideration:

  • clarifying that  electronic signatures are permitted;
  • providing clarity on the authority of Responsible Contracting Officers to execute agreements on behalf of the entire Government;
  • eliminating the requirement to submit audited financial statements, and replace it with guidance on acceptable alternative evidence of financial capability; and
  • creating an online Government portal for submission of novation packages.

These are practical steps that could improve the novation process for both the Government and industry.  Even if a full scale re-write of FAR 42.12 is unrealistic in the near term, the FAR Council should at a minimum scrutinize the comments received from industry and consider acting on at least some of them.

This is part of an ongoing series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through May 2024.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during June 2024.  It also describes key actions taken during May 2024 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, national security, and software supply chain security.

Continue Reading June 2024 Developments Under President Biden’s Cybersecurity Executive Order, National Cybersecurity Strategy, and AI Executive Order

This is part of an ongoing series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through April 2024.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during May 2024.  It also describes key actions taken during May 2024 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, national security, and software supply chain security.

Continue Reading May 2024 Developments Under President Biden’s Cybersecurity Executive Order, National Cybersecurity Strategy, and AI Executive Order

A recent decision by the Armed Services Board of Contract Appeals found the Navy liable to a commercial crane manufacturer for delay damages. In Konecranes Nuclear Equip. & Servs., LLC, ASBCA No. 62797, 2024 WL 2698011 (May 7, 2024), the Board reiterated the age-old lesson—you have to read the contract—and provided guidance about how to calculate the delay damages. Beyond that, the Board found apparent inspiration for part of its holding in an unlikely source: a classic song by the Rolling Stones.

Continue Reading You Can’t Always Get What You Want: ASBCA Channels Rolling Stones and Awards Contractor $4.9 Million in Delay Damages