(This article was originally published in Law360 and has been modified for this blog.)

Companies in a range of industries that contract with the U.S. Government—including aerospace, defense, healthcare, technology, and energy—are actively working to assess whether or not their information technology systems comply with significant new restrictions that will take effect on August 13, 2020.  These new restrictions prohibit the use of certain Chinese telecommunications equipment and services, and a failure to comply can have dramatic consequences for these companies.  The new restrictions also will have an immediate impact on mergers and acquisitions involving a company that does—or hopes to do—business with the Federal government.  In this article, we highlight some key considerations for M&A practitioners relating to these restrictions.

Background

On July 14, 2020, the U.S. Government’s Federal Acquisition Regulatory Council (“FAR Council”) published an interim rule to implement Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (“FY19 NDAA”).[1]  When the new rule takes effect on August 13, it will prohibit the Department of Defense and all other executive branch agencies from contracting—or extending or renewing a contract—with an “entity” that “uses” “covered telecommunications equipment or services as a substantial or essential part of any system.”  The restrictions cover broad categories of equipment and services produced and provided by certain Chinese companies—namely Huawei, ZTE, Hytera, Hangzhou Hikvision, Dahua, and their affiliates.[2]

The new rule will be applicable to all contracts with the U.S. Government, including those for commercial item services and commercially available-off-the-shelf products.[3]  Companies with a single one of these contracts will soon have an ongoing obligation to report any new discovery of its internal “use” of certain covered telecommunications equipment and services to the Government within one business day with a report of how the use will be mitigated ten business days later.[4]  Further, although companies can seek to obtain a waiver on a contract-by-contract basis from agencies, these waivers must be granted by the head of the agency, and may only extend until August 13, 2022 at the latest.[5]

The new rule is the second part of a two-stage implementation of Section 889’s restrictions on covered telecommunications equipment and services in Government contracting.  It builds on an earlier rule that implemented Section 889(a)(1)(A) of the FY19 NDAA on August 13, 2019 by prohibiting an executive branch agency from acquiring certain covered telecommunications equipment or services that is a substantial or essential part of any system.[6]

The new rule is expansive in scope, and its effects will be felt far beyond the traditional defense industrial base.  Thus, mergers and acquisitions practitioners are well advised to become familiar with the rule and consider how it might impact any future transaction where an acquisition target does at least some business with the Government or has aspirations to do so in the future.

Due Diligence Considerations

Special consideration should be made during due diligence to evaluate a target’s compliance with the new rule.  In addition to “rip and replace costs” of abandoning covered telecommunications equipment or services to come into compliance, post-closing risks associated with a violation of the rule might include the loss of future contracts, contractual penalties (which could potentially apply across all Government contracts that a company holds) and potential False Claims Act liability.  Two areas of the rule in particular should be carefully considered when assessing a target’s compliance with the requirements.

Meaning of “Use”

The FAR Council has not specifically defined the term “use.”  This means that it is not clear, at present, how far the prohibition on certain covered telecommunications and services is intended to extend within a company.  For example, as many employees work remotely due to COVID-19, these employees may rely on mobile phones, routers, modems, internet services, cloud business solutions, and other equipment and services that potentially could constitute “use” by a company.  Many companies, including possible acquisition targets, have not yet taken steps to evaluate and mitigate these types of risks due to the complex compliance requirements and the fact that the new rule was only issued a few weeks ago.

With this said, as one point of clarification, the FAR Council explicitly stated that the prohibition on “use” of certain covered telecommunications equipment or services will apply “regardless of whether that usage is in performance of work under a Federal contract.”[7]  Thus, unlike many Federal Acquisition Regulation requirements, the restrictions in the new rule apply to both Government and commercial activities of an “entity” that contracts with the Government.

From a diligence perspective, a buyer will therefore need to ensure that it understands and considers the compliance steps that a target is taking across the entire business of the entity that contracts with the Government.  This may be a particular challenge for a target that has a relatively small portion of its business focused on Government contracting.

“Reasonable Inquiry” Standard

Companies will be required to represent to the Government during the contracting process whether they “use covered telecommunications equipment or services, or use any equipment, system, or service that uses covered telecommunications equipment or services.”[8]  Prior to making that representation, a company must conduct a “reasonable inquiry” into its use of such equipment or services.  “Reasonable inquiry” is defined in the new rule as “an inquiry designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity that excludes the need to include an internal or third-party audit.”[9]

Due to practical considerations, a prospective buyer is generally unable to confirm for itself that a target is not using covered telecommunications equipment or services or that the target holds no information “in [its] possession about the identity of the producer or provider of covered telecommunications equipment or services.”  Thus, the buyer will need to assess the process that the target used to conduct its inquiry to determine its likely degree of compliance with the requirements.

Because the exact steps involved with undertaking a “reasonable inquiry” are not yet crystallized, it is likely that individual companies will undertake considerably different approaches to ascertain whether any covered telecommunications equipment or services are in use.  Some companies may conduct expansive inquiries that include a review of vendor contracts, invoices, and receipts over a lengthy period of time.  Other companies may conduct interviews with key employees or undertake targeted information gathering efforts among their suppliers.  The unique approach that a target might take should be evaluated during due diligence relative to emerging industry practices and to the requirements of the regulation to understand the relative degree of risk associated with the approach.

It will also be prudent to assess after August 13, 2020 whether a target is relying on any statutory exceptions or has requested a delayed implementation waiver for additional time to comply.[10]  The waiver process would need to be tracked very closely to ascertain the ability of the target to continue contracting with the Government without significant interruption after the waiver period expires.  If in evaluating a target it is identified that a waiver is likely to be necessary for the target to come into compliance with Section 889(a)(1)(B), an analysis as to the uniqueness of the product offered to the Government and the strength of the target’s “compelling justification” for additional time to comply should be undertaken.

Integration Considerations

A prospective buyer should also consider how the new rule might affect its post-closing integration plans.  Two notable areas to consider are (1) how a potential further expansion of the rule in the next year could affect a buyer’s corporate family, and (2) whether integration plans for the buyer and the target need to be adjusted to account for the rule in its current form.  This will involve consideration of not just the target’s state of compliance, but also the buyer’s.

Potential Extension of the Rule

Prior to release of the new rule, there was uncertainty within industry about whether and how the term “entity” would be defined.  As noted above, the FAR Council clarified in the new rule that the “prime contractor is the only ‘entity’ that the agency ‘enters into a contract’ with,” and limited the scope of application of the rule to the signatory to the government contract.  Notwithstanding this statement, the FAR Council indicated that it would consider expanding application of the rule beyond the contracting entity.  Specifically, the FAR Council announced that it is seeking public comments on whether to expand the rule to apply to “the offeror and any affiliates, parents, and subsidiaries of the offeror that are domestic concerns, and expand the representation at 52.204-24(d)(2) so that the offeror represents on behalf of itself and any affiliates, parents, and subsidiaries of the offeror that are domestic concerns.”[11] The FAR Council stated that it will make this determination at the time that it finalizes the new rule, which should happen by August 13, 2021.

The potential expansion of the rule could have most significant implications for large  companies with a number of corporate entities, particularly where some or all of those other entities do not themselves have Government contracts.  For example, if a single company in a corporate family holds a prime contract with the Government (including a newly acquired company), that company may soon need to ensure that adequate diligence has been conducted across the entire corporate family if the FAR Council were to move forward with this extension of the rule.  The same could be true for companies in a private equity portfolio.

Delayed discovery of covered telecommunications equipment or services has the potential to have a disruptive impact on business operations, particularly if it is difficult or costly to change service providers or to replace equipment.  Accordingly, it may be prudent to consider the associated risk of expansion of the rule in advance of acquiring an entity that holds Government contracts to ensure that the acquisition does not have unforeseen impacts on the buyer’s broader business.

Integration Planning

Even in its present form, a prospective buyer may need to consider the potential impact of the rule across the buyer’s corporate family.  Principally, because the new rule does not distinguish between services provided by vendors and services provided by affiliated companies, companies could be deemed to be “using” certain covered telecommunications equipment and services where they accept shared services from a parent, subsidiary, or an affiliate.  The prohibition would most clearly cover “use” of shared corporate networks or IT services, but it could also include “use” of corporate management or logistics services if those services are in turn reliant on covered telecommunications equipment or services as a substantial or essential part of any system.  Indeed, the FAR Council explicitly identified “building management, billing and accounting, and freight services” as industries that will be impacted by the new prohibition, so it is likely that the Government will pay close attention to these types of shared services.[12]  It will therefore be important for buyers to identify the shared services that they are contemplating providing to the target following the acquisition, assess whether those shared services are reliant on covered telecommunications equipment and services, and evaluate whether the target has the ability to stand-alone without certain support from the parent or other affiliated entities in cases where a “rip and replace” effort is not feasible.

Conclusion

Although the Section 889(a)(1)(B) prohibitions on “use” of certain covered telecommunications equipment and services may be straightforward in concept, the new regulations raise considerable complexities in the transactional context that that will need to be fully considered as part of any deal involving a Government contractor.  Prospective buyers should consider the aforementioned issues and others as early as possible to ensure that any potential issues are identified and addressed as the transaction moves forward.

[1] Pub. L. No. 115-232.

[2] Prohibition on Contracting With Entities Using Certain Telecommunications and Video Surveillance Services or Equipment, 85 Fed. Reg. 42,665 (July 14, 2020); see also FAR 52.204-25(a).

[3] 85 Fed. Reg. at 42,673.

[4] Id. at 42,666; see also FAR 52.204-25(d).

[5] 85 Fed. Reg. at 42,677.  The statute and interim rule also allows the Director of National Intelligence to provide a waiver that does not have an expiration date if it is in the national security interests of the United States, but we expect these waivers to be uncommon.  See id. at 42,668.

[6] Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment, 84 Fed. Reg. 40,216 (Aug. 13, 2019).

[7] 85 Fed. Reg. at 42,666, 42,678.

[8] Id. at 42,678.

[9] Id. at 42,679.

[10] The principal exception to Section 889(a)(1)(B) is set forth at Section 889(a)(2)(B) of the FY19 NDAA; it applies to telecommunications equipment that cannot route or redirect user data traffic or permit visibility into any user data or packets that such equipment transmits or otherwise handles.

[11] See 85 Fed. Reg. at 42,666, 42,672-73 (emphasis added).

[12] See id. at 42,668.