Today, the Federal Acquisition Regulatory Council (“FAR Council”) released an Advance Notice of Proposed Rulemaking (the “ANPRM”) describing the agencies’ plan to implement Section 5949 of the National Defense Authorization Act (“NDAA”) for FY 23 (Pub. L. 117-263).
Section 5949 prohibits the Federal Government from procuring certain semiconductor parts, products, or services traceable to named Chinese companies and potentially other foreign countries of concern. To that end, the ANPRM invites public comment on the proposed contents of an implementing FAR clause, to take effect December 23, 2027.
As discussed below, the FAR Council proposed applying the regulations broadly to all solicitations and contracts, including commercial item and commercially available off-the-shelf (“COTS”) contracts, subject only to a limited waiver. Although not set out in the statute, the clause would require contractors to conduct a “reasonable inquiry” into their supply chain to detect potential violations. It would also require both disclosure and the taking of corrective action in the event that nonconforming products or services are discovered.
More details are below, and our previous coverage of Section 5949 is available here.
Potential Operation of the Rule
As an initial matter, the forthcoming FAR clause would require contractors to apply the twin prohibitions in Section 5949(a)(1).
In broad strokes, Section 5949(a)(1) restricts the procurement or use of “covered semiconductor products or services,” defined to include semiconductors and associated products designed, produced, or provided by Semiconductor Manufacturing International Corporation (SMIC); ChangXin Memory Technologies (CXMT) and Yangtze Memory Technologies Corp (YMTC), plus subsidiaries and affiliates. In addition, the statute anticipates that additional covered semiconductor products or services controlled by or otherwise connected to the government of a “foreign country of concern” (i.e., Iran, Russia, China, and North Korea) could be added via internal government coordination and publication in the Federal Register.
This restriction has two prongs:
- First, under Section 5949(a)(1)(A), the U.S. government may not directly procure or obtain any electronic parts, products, or services that include covered semiconductor products or services;
- Second, under Section 5949(a)(1)(B), the U.S. government may not enter into a contract with an entity to procure or obtain electronic parts or products that use electronic products that include covered semiconductor products or services. By way of example, the ANPRM explains that this prong could prohibit an agency from acquiring a replacement control panel within a critical system that enables an IoT device that includes a covered semiconductor product or service. This prohibition does not apply to electronic products used in systems that are not “critical systems,” however.[1]
The ANPRM did not provide any additional guidance on the definition of “critical systems” beyond what appeared in the statute, nor does it define the term “use” for purposes of the prohibition under 5949(a)(1)(B). It does, however, contemplate adding certain new definitions, some ofwhich could be construed quite broadly in the context of Section 5949, such as affiliate, electronic parts, and electronic services.
Supply Chain Diligence, Disclosure, and Corrective Action
The FAR clause operationalizes the restriction as follows:
- Contractors must conduct a reasonable inquiry to detect and avoid the use or inclusion of covered semiconductor products or services in electronic products and electronic services. In conducting such an inquiry, contractors and subcontractors may reasonably rely on certifications of compliancefrom suppliers of electronic products or services and are not required to conduct independent third-party audits or other formal reviews related to such certifications. This is a new standard, not outlined in the statute, and is similar to the standard seen in the Section 889 context.
- Contractors must make certain disclosures, including (i) disclosures to direct customers regarding the inclusion of a covered semiconductor product or service in electronic products or electronic services, and (ii) notifications to the appropriate Federal authorities within 60 days of learning or suspecting that a product to be used in a critical system contains covered semiconductor products or services. The clause would include a safe harbor from civil liability or from determinations that the contractor is not presently responsible, provided that the contractor provides the appropriate notification to the Government and makes a comprehensive and documentable effort to identify and remove the covered semiconductor products or services.
- Contractors must carry out any necessary rework or corrective action if they fail to disclose the inclusion of covered semiconductor products or services in electronic parts or electronic services to direct customers. The costs of such corrective action would be treated as unallowable costs.
The forthcoming FAR clause may broadly apply to “all solicitations and contracts” subject to a limited waiver
The ANPRM contemplates that the FAR clause would be incorporated into “all solicitations and contracts,” including those: (i) valued at or below the simplified acquisition and micro-purchase thresholds; (ii) for the acquisition of commercial products and commercial services; and (iii) for the acquisition of COTS items. As a result, the ANPRM contemplates that “every unique awardee with electronic products or services would need to conduct a reasonable inquiry” to assess compliance with this rule; that 75 percent of all awardees will have electronic products or services that will be impacted by the prohibition; and that up to 20 percent of semiconductors in those electronic products or services “are not currently compliant with the prohibition.” The FAR clause would also be required in all subcontracts involving “the supply of any electronic products.”
The heads of executive agencies would have limited authority to waive the application of these requirements in particular situations, generally where the agency determines that no compliant product or services is available to be procured at prices not prohibitively expensive, and where such waiver could not reasonably be expected to compromise critical U.S. national security interests. Certain agency heads would have additional authority to waive the application of these requirements where it would be in the critical national security interests of the United States.
Notably, the ANPRM also reiterates that Section 5949’s prohibitions would not require agencies to remove any products or services already in place prior to the December 2027 effective date of the prohibition, nor would it limit the utilization of covered semiconductor products throughout the lifecycle of existing equipment.
Additional requirements to assist contractors and the Government in ensuring compliance with the Section 5949 prohibition
The ANPRM notes that federal rulemakers “are considering requiring offerors to identify the provenance of the supply chain for the semiconductor components for each electronic product to be provided to the Government” in order to allow the Government to validate contractor compliance with the prohibition. According to the ANPRM, such provenance information could include requiring offerors to identify vendors and facilities responsible for design, fabrication, assembly, packaging, and testing of the products. Additionally, the ANPRM contemplates that the Department of Commerce may compile a public list of known electronic products and services that include covered semiconductor products or services to assist contractors with identifying prohibited products.
Preparing for Compliance
Contractors are encouraged to submit comments to the FAR Council in response to the questions included in the ANPRM, which ask for feedback on, inter alia, recommendations on how to further clarify the scope of the prohibition, the inclusion of additional definitions, whether industry has sufficient visibility into supply chains, the appropriate procedures for conducting a reasonable inquiry, and the anticipated need for waivers after December 2027.
We are continuing to monitor the FAR Council’s development of this rule for our clients. If you have any questions concerning the material discussed in this post, please contact the members of our Public Policy, Cybersecurity, and Government Contracts groups.
[1] The ANPRM indicates that because the FAR definition of “products” already includes “parts,” the implementing rule would refer only to electronic products and services.