Last week, the FAR Council issued a Final Rule, setting forth new FAR provisions that require the reporting of certain counterfeit and suspect counterfeit parts and certain major or critical nonconformances to the Government – Industry Data Exchange Program (“GIDEP”).[1]  This Final Rule comes more than five years after the rule was first proposed in the Federal Register in June 2014.  The FAR Council describes the Final Rule as “significantly de-scoped” from the version proposed in 2014, but it nonetheless constitutes a significant expansion of the existing counterfeit part reporting obligations, which to date have applied only to electronic parts under DOD contracts.

A.             Contracts Covered by the Rule

The Final Rule provides that the implementing contract clause (FAR 52.246-26) will be inserted into a contract that concerns one of four categories of items:

  • Items that that are subject to higher-level quality standards, when the relevant contract includes the clause at FAR 52.246-11.
    • Covers procurements for items where an agency is concerned about the risk of a non-conformance in a complex and critical item. Higher-level quality standards include overarching quality management system standards such as ISO 9001 and product or process specific quality standards such as SAE AS5553.
  • Items that the contracting officer has determined to be “critical.”
    • A new requirement that covers procurements for items whose failure is likely to (1) “result in hazardous or unsafe conditions for individuals using, maintaining, or depending upon the item” or (2) “prevent performance of a vital agency mission.”
  • Electronic parts or items containing electronic parts, provided that the contract exceeds the simplified acquisition threshold.
    • This category’s focus on electronic parts tracks the scope of the existing DFARS requirement that has applied to defense contractors since 2014.
  • Services provided in conjunction with any of the three above categories of items.
    • Covers contracts for services provided in connection with the procurement of one of the above three categories of items.

The new clause set forth in the Final Rule must be flowed down without alteration (except for parties) in subcontracts that fit in any of the categories described above.  Notably, the prime contractor is responsible for determining whether the subcontract is for “critical items for which use of the clause is appropriate.”  This may impact negotiations between primes and their subcontractors if there are questions as to whether the product clearly fits within the “critical” definition.

B.             Carve-Outs & Exemptions  

As compared to the original proposed rule, the Final Rule incorporates several substantial carve-outs and exemptions that have the effect of limiting the new rule’s applicability.  Most notably, the clause is not required in contracts or subcontracts for commercial items, which is a significant limitation on the new rule’s applicability and one that will be welcomed by industry.

Aside from the exception for commercial items, there are several other categories of products and contractors to which the new rule does not apply.  The rule does not apply to contracts or subcontracts for certain medical devices that already are subject to FDA reporting requirements.  And the rule also recognizes narrow exemptions that will relieve contractors from the clause’s GIDEP reporting requirements (discussed below), even if the clause is inserted in the contract.  These exemptions are for: (1) foreign corporations that do not have any offices, locations or fiscal paying agents in the United States; (2) contractors that are aware that the relevant item is the subject of “an on-going criminal investigation”; and (3) contractors that have confirmed that the supplier from which they purchased the item in question has not sold the item to anyone else.

Further, the rule does not include a requirement to establish a new system for detecting and avoiding counterfeit parts, as the existing DFARS rule (DFARS 252.246-7007) currently does for defense contractors that supply DOD with electronic parts.  Instead, the rule expects that contractors will build GIDEP screening and reporting processes into their existing “inspection system or program for the control of quality.”

C.             Screening and Reporting Requirements

The core requirements of FAR 52.246-26 are twofold.  First, contractors are required to “screen” the GIDEP database to ensure that they do not purchase counterfeit parts or parts that contain a major or critical nonconformance.[2]

Second, contractors are required to report to both the Contracting Officer and the GIDEP database within 60 days of “becoming aware or having reason to suspect” that an item is a counterfeit part.  In addition to counterfeit parts, contractors are also required to submit reports to GIDEP (but not to the Contracting Officer) when they detect a major or critical nonconformance in a “common item.”

The term “common item” is defined to mean “an item that has multiple applications versus a single or peculiar application.”  In the preamble, the Council notes that “[s]everal respondents opined that the definition of ‘common item’ is overbroad, susceptible to many interpretations, and needs further clarification.”  Indeed, one respondent stated “that it is difficult to imagine any item (other than a one-of-a-kind part) that would not be a ‘common item.’”  Despite these concerns, however, the Council decided to continue with the broad definition, while also deleting a list of example common items that was set forth in the proposed rule (these examples included “raw or processed materials, parts, components, subassemblies, and finished assemblies that are commonly available products”).[3]

D.             Analysis & Implications for Contractors

The Final Rule represents a meaningful expansion of contractor compliance obligations and is poised to trigger a number of interesting – and significant – questions and consequences.  We discuss four such issues below.

  1. Scope of Rule

The original proposed rule was breathtaking in its scope, as it potentially could have applied to nearly all contracts with all agencies.  The FAR Council’s ultimate adoption of a carve-out for commercial items – following a wave of pushback from industry – serves as a useful reminder of the value of preparing substantive comments in response to proposed regulations.  And more generally, this change aligns with a broader trend towards streamlining the federal procurement system to more closely approximate conditions in the commercial marketplace.[4]

But while the Final Rule is a narrower than the proposed version, certain aspects of the rule remain quite broad, and contractors should underestimate the scope and effect of the rule at their peril.  The decidedly vague definition of a “critical” item is illustrative.  Read literally, the concept of a “critical” item could have broad applicability, potentially encompassing contracts for any item the failure of which prevents performance of an agency’s mission (regardless of safety concerns).  Thus, although the preamble to the Final Rule emphasizes the importance of avoiding counterfeit parts in procurements for complex systems such as spacecraft and missile guidance systems, the definition of a “critical” item leaves open the possibility that procurements for far more mundane categories of parts could be covered by the new rule, so long as they are deemed mission-critical.

  1. De Facto Debarment Concern?

One commentator offered that a negative GIDEP report could result in de facto debarment of a contractor — the inference being that the government will not do business with a contractor that supplies counterfeit or suspected counterfeit parts.  In response, the FAR Council notes that “[b]efore a report is submitted to GIDEP for publication, the manufacturer of the item or the supplier of the suspect counterfeit part is given the opportunity to provide their perspective on the issues presented in the report.”  Thus, although the concern about product blacklisting is not trivial, at least contractors whose products are reported to GIDEP will have an opportunity to present their side of the story, which is an opportunity that does not exist in other contexts.

As any industry observer well knows, there has been a recent increase in actions by DOD and the Intelligence Community to ban products that present national security risks or otherwise jeopardize the integrity of the government’s chain integrity, and in many cases these actions do not even require notice to the impacted companies.  (For more details, see our discussion of Section 806 and Intelligence Directive 731 here.)  Given the increasing trend on the national security side for blacklisting products, we would expect the Government to actively enforce the reporting requirement in this Final Rule.

  1. Impact on Prime-Sub Relations

As mentioned above, the new rule also could have significant implications for prime-sub relations.  In the context of subcontract negotiations, the ambiguity inherent in the definition of the a “critical” item will be fodder for disputes about whether and when a subcontract might be subject to the new rule.  Moreover, with the carve-out for commercial items, the new rule adds additional incentive for contractors to take the position that their products meet the definition of a commercial item under FAR 2.101 – and correspondingly increases the likelihood of prime-sub disputes about whether a product truly is “commercial.”

Additionally, in the event that a contractor identifies and reports a counterfeit or suspected counterfeit part to GIDEP, the contractor could (at least in theory) find itself subject to suit from the affected subcontractor or supplier on a business tort theory – i.e., that the GIDEP report damaged the subcontractor’s or supplier’s business.  The new FAR clause includes only a limited safe-harbor provision that tracks the protection provided by the existing DFARS electronic counterfeit parts rule: that is, contractors are protected from tort liability if they report a suspected counterfeit electronic part under a DOD contract after making “a reasonable effort to determine that the report was factual.”

The clause does not include protections against tort liability in any other context.  This potential litigation risk only underscores the critical importance of having a robust process for detecting potential counterfeit parts and reporting them appropriately to GIDEP.

  1. Importance of GIDEP Reporting

The issuance of a GIDEP notice, especially for a non-conformance, could have a significant reputational impact on contractors.  Although the Council rejected the notion that time was needed for contractors to develop processes and procedures with regard to GIDEP notices (noting instead that GIDEP has a Help Desk and web-based training), it is essential that these reports be accurate and vetted appropriately to ensure that trade secret information is not being shared broadly and that contractors are assessing the risks holistically. [5]

Contractors that do not have a process in place for addressing GIDEP reports should implement practices to ensure the correct type of GIDEP report is issued (Alert, Safe-Alert or Problem Advisory), appropriate remediation is implemented and adequately described in the GIDEP Report, and that a plan exists for notifying impacted customers.[6]  These reports have the potential for significant business impact and should be treated with appropriate care.

[1] GIDEP is a joint United States–Canada program, funded by both governments, and is currently DOD’s designated reporting organization for counterfeit parts.

[2] This requirement does not apply if the Contractor is a foreign corporation or partnership that does not have an office, place of business, or fiscal paying agent in the United States.

[3] As noted above, there are some narrow exceptions to the reporting requirement, including if the contractor is a foreign corporation without a place of business or agent in the United States, the contractor is aware that the non-conforming item is subject to a criminal investigation, and where the part at issue has not been released to more than one customer.

[4] For example, Congress has attempted to cabin the definition of “subcontract” in order to reduce flowdown obligations, DOD expanded its use of Other Transactional Authorities (“OTAs”), and GSA has moved to develop an expanded commercial online buying portal.

[5] The contract clause expressly prohibits the contractor from filing GIDEP reports that include any trade secrets or other confidential commercial or financial information that is protected under the Trade Secrets Act.

[6] The GIDEP Operations Manual provides guidance regarding participation in the program and reporting requirements, as well as procedures for the exchange of reports, data, and information.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Susan B. Cassidy Susan B. Cassidy

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors…

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors on compliance with FAR and DFARS requirements, with a special expertise in supply chain, cybersecurity and FedRAMP requirements. She has an active investigations practice and advises contractors when faced with cyber incidents involving government information, as well as representing contractors facing allegations of cyber fraud under the False Claims Act. Susan relies on her expertise and experience with the Defense Department and the Intelligence Community to help her clients navigate the complex regulatory intersection of cybersecurity, national security, and government contracts. She is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. In 2023, Chambers USA quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Her clients range from new entrants into the federal procurement market to well established defense contractors and she provides compliance advices across a broad spectrum of procurement issues. Susan consistently remains at the forefront of legislative and regulatory changes in the procurement area, and in 2018, the National Law Review selected her as a “Go-to Thought Leader” on the topic of Cybersecurity for Government Contractors.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

  • Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 7012, and NIST SP 800-171 requirements,
  • Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 and limitations on sourcing from China
  • Federal Acquisition Security Council (FASC) regulations and product exclusions,
  • Controlled unclassified information (CUI) obligations, and
  • M&A government cybersecurity due diligence.

Susan has an active internal investigations practice that assists clients when allegations of non-compliance arise with procurement requirements, such as in the following areas:

  • Procurement fraud and FAR mandatory disclosure requirements,
  • Cyber incidents and data spills involving sensitive government information,
  • Allegations of violations of national security requirements, and
  • Compliance with MIL-SPEC requirements, the Qualified Products List, and other sourcing obligations.

In addition to her counseling and investigatory practice, Susan has considerable litigation experience and has represented clients in bid protests, prime-subcontractor disputes, Administrative Procedure Act cases, and product liability litigation before federal courts, state courts, and administrative agencies.

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Prior to joining Covington, Susan served as in-house senior counsel at Northrop Grumman Corporation and Motorola Incorporated.

Photo of Michael Wagner Michael Wagner

Mike Wagner represents companies and individuals in complex compliance and enforcement matters arising in the public procurement context. Combining deep regulatory expertise and extensive investigations experience, Mike helps government contractors navigate detailed procurement rules and achieve the efficient resolution of government investigations and…

Mike Wagner represents companies and individuals in complex compliance and enforcement matters arising in the public procurement context. Combining deep regulatory expertise and extensive investigations experience, Mike helps government contractors navigate detailed procurement rules and achieve the efficient resolution of government investigations and enforcement actions.

Mike regularly represents contractors in federal and state compliance and enforcement matters relating to a range of procurement laws and regulations. He has particular experience handling investigations and litigation brought under the civil False Claims Act, and he routinely counsels government contractors on mandatory and voluntary disclosure considerations under the FAR, DFARS, and related regulatory regimes. He also represents contractors in high-stakes suspension and debarment matters at the federal and state levels, and he has served as Co-Chair of the ABA Suspension & Debarment Committee and is principal editor of the American Bar Association’s Practitioner’s Guide to Suspension & Debarment (4th ed.) (2018).

Mike also has extensive experience representing companies pursuing and negotiating grants, cooperative agreements, and Other Transaction Authority agreements (OTAs). In this regard, he has particular familiarity with the semiconductor and clean energy industries, and he has devoted substantial time in recent years to advising clients on strategic considerations for pursuing opportunities under the CHIPS Act, Inflation Reduction Act, and Bipartisan Infrastructure Law.

In his counseling practice, Mike regularly advises government contractors and suppliers on best practices for managing the rapidly-evolving array of cybersecurity and supply chain security rules and requirements. In particular, he helps companies assess and navigate domestic preference and country-of-origin requirements under the Buy American Act (BAA), Trade Agreements Act (TAA), Berry Amendment, and DOD Specialty Metals regulation. He also assists clients in managing product and information security considerations related to overseas manufacture and development of Information and Communication Technologies & Services (ICTS).

Mike serves on Covington’s Hiring Committee and is Co-Chair of the firm’s Summer Associate Program. He is a frequent writer and speaker on issues relating to procurement fraud and contractor responsibility, and he has served as an adjunct professor at the George Washington University Law School.

Photo of Peter Terenzio Peter Terenzio

Peter Terenzio routinely advises clients regarding the multiple regulatory regimes that apply to federal contractors. His practice also extends outside of traditional government procurement contracts to include federal grants and Other Transaction Authority (OTA) research, prototype, and production agreements.

Among other things, Peter…

Peter Terenzio routinely advises clients regarding the multiple regulatory regimes that apply to federal contractors. His practice also extends outside of traditional government procurement contracts to include federal grants and Other Transaction Authority (OTA) research, prototype, and production agreements.

Among other things, Peter regularly helps clients with the constantly evolving domestic-preference requirements promulgated pursuant to various federal laws, including, for example, the Buy American Act (BAA) and Trade Agreements Act (TAA), but also including more recently the Inflation Reduction Act (IRA) and Infrastructure Investment and Jobs Act (IIJA). He also has particular experience with helping clients navigate the complicated prevailing wage rules imposed by the Davis Bacon Act (DBA) and Service Contact Act (SCA). Peter has used this regulatory knowledge to help clients negotiate the specifics of their contracts, grants, and OTA agreements.

Peter also has significant experience with the disputes that may arise during the execution of government prime contracts. He knows how to work closely with the client’s subject matter experts to prepare and submit detailed requests for equitable adjustment (REAs) in order to secure much-needed price or schedule relief. Where necessary, he has assisted clients with converting their REAs into certified claims, and when disputes cannot be resolved at the Contracting Officer level, he has helped clients vindicate their contractual rights in litigation before the Boards of Contract Appeals.