Supply chain protection has been a point of increasing emphasis by the Government and especially the Department of Defense (“DoD”) in recent years. In no area is this more true than ensuring that Government systems and equipment are free from counterfeit electronic parts, which can raise both security and defect concerns. DoD has accordingly taken several steps, many of which have taken the form of new requirements on contractors, to protect against counterfeit electronic parts. With these requirements has come added risk to contractors that even mistakenly use electronic parts in the goods they sell to DoD. However, an August 30, 2016, final DFARS rule (implemented at DFARS 231.205-71) seeks to mitigate some of this risk by allowing contractors to recover the cost of replacing counterfeit electronic parts, as long as the contractor has taken certain steps to prevent the use of such parts.
Under the final rule, DoD contractors will now be able to recover the cost of counterfeit electronic parts and suspect counterfeit electronic parts, as well as the cost of rework and other corrective action necessary to address the use of counterfeit electronic parts in sales to DoD. Recovery is possible when a contractor meets three threshold requirements:
- The contractor has implemented an operational system to detect and avoid counterfeit electronic parts and suspect counterfeit electronic parts;
- The part in question is Government furnished property or has been purchased from an acceptable supplier under DFARS 252.246-7008; and
- The contractor reports the part to its contracting officer(s) and the Government Industry Data Exchange Program (GIDEP) within 60 days of becoming aware that the part is counterfeit or suspected counterfeit.
Though seemingly straightforward in nature, these threshold requirements are significant. For example, in promulgating the final rule in May 2014, DoD made clear that the responsibility for implementing an “operational system to detect and avoid counterfeit electronic parts” falls on the contractor who must “establish a risk-based counterfeit detection and avoidance system” that reflects its unique circumstances. As set out in DFARS 252.246-7007, such systems must include, among other features, training, inspection and testing, risk-based processes that allow for electronic part tracking, reporting and quarantining mechanisms for counterfeit parts, and processes for keeping continually informed regarding current counterfeiting information. Even for the most sophisticated contractors these requirements impose a burden, and for smaller contractors and subcontractors such requirements may prove too tall a hurdle to pass.
Second, whether a contractor’s suppliers meet the criteria of DFARS 252.246-7008 is both a new and complex question. This clause has only been in existence since August 2, 2016, when DoD issued a final rule creating the clause and making minor adjustments to DFARS 252.246-7007. The new clause applies to all contracts, even those at or below the simplified acquisition threshold and contracts for the acquisition of commercial items, including commercial off-the-shelf items, and also must be flowed down to all subcontractors (except those that are the original manufacturer). And under the clause, contractors must deploy a tiered approach to obtaining electronic parts, deploying different protections and using various types of dealers depending upon the availability of the part.
- Tier One are parts that are in production from the original manufacturer and must be obtained either from that manufacturer, the manufacture’s authorized suppliers, or suppliers that only obtain parts from original manufacturers or their suppliers
- Tier Two are parts that are no longer in production or available from the stock of Tier One suppliers and must be obtained from contractor-approved suppliers, meaning suppliers the contractor has vetted using industry approved counterfeit prevention measures.
- Tier Three are parts that cannot be obtained from Tier One and Tier Two sources. These parts can still be used, but only when the contractor notifies the contracting officer; is responsible for inspection, testing and authentication; and documents its inspection, testing and authentication for review by the Government.
While these requirements provide some guidance to contractors, many questions remain unanswered. For example, there is little guidance on what constitutes a contractor approved supplier beyond stating that such suppliers are determined “trustworthy” by a contractor. Similarly, what constitutes sufficient industry approved counterfeit prevention measures is unclear. And, the degree of effort a contractor must exert to ensure that a part is not available under Tier One or Tier Two before moving on to a lower tier supplier is not well defined. These types of questions make adherence to DFARS 252.246-7008 challenging and therefore could complicate the extent of protection provided by the new safe harbor rule.
Ultimately, the new safe harbor rule is a welcome protection for contractors that are facing the conflicting realities of a DoD customer that is increasingly sensitive to the use of counterfeit electronic parts and a supply chain that is ever more complex and difficult to monitor. However, the ability of contractors to actually meet the requirements for this protection remains to be seen and will likely take trial, error and litigation to clarify over the coming years.