Today, the Federal Acquisition Regulatory Council (“FAR Council”) released an Advance Notice of Proposed Rulemaking (the “ANPRM”) describing the agencies’ plan to implement Section 5949 of the National Defense Authorization Act (“NDAA”) for FY 23 (Pub. L. 117-263).

Section 5949 prohibits the Federal Government from procuring certain semiconductor parts, products, or services traceable to named Chinese companies and potentially other foreign countries of concern.  To that end, the ANPRM invites public comment on the proposed contents of an implementing FAR clause, to take effect December 23, 2027.

As discussed below, the FAR Council proposed applying the regulations broadly to all solicitations and contracts, including commercial item and commercially available off-the-shelf (“COTS”) contracts, subject only to a limited waiver.  Although not set out in the statute, the clause would require contractors to conduct a “reasonable inquiry” into their supply chain to detect potential violations.  It would also require both disclosure and the taking of corrective action in the event that nonconforming products or services are discovered. 

More details are below, and our previous coverage of Section 5949 is available here.

Potential Operation of the Rule

As an initial matter, the forthcoming FAR clause would require contractors to apply the twin prohibitions in Section 5949(a)(1).

In broad strokes, Section 5949(a)(1) restricts the procurement or use of “covered semiconductor products or services,” defined to include semiconductors and associated products designed, produced, or provided by Semiconductor Manufacturing International Corporation (SMIC); ChangXin Memory Technologies (CXMT) and Yangtze Memory Technologies Corp (YMTC), plus subsidiaries and affiliates.  In addition, the statute anticipates that additional covered semiconductor products or services controlled by or otherwise connected to the government of a “foreign country of concern” (i.e., Iran, Russia, China, and North Korea) could be added via internal government coordination and publication in the Federal Register.

This restriction has two prongs:

  • First, under Section 5949(a)(1)(A), the U.S. government may not directly procure or obtain any electronic parts, products, or services that include covered semiconductor products or services;
  • Second, under Section 5949(a)(1)(B), the U.S. government may not enter into a contract with an entity to procure or obtain electronic parts or products that use electronic products that include covered semiconductor products or services.  By way of example, the ANPRM explains that this prong could prohibit an agency from acquiring a replacement control panel within a critical system that enables an IoT device that includes a covered semiconductor product or service.  This prohibition does not apply to electronic products used in systems that are not “critical systems,” however.[1] 

The ANPRM did not provide any additional guidance on the definition of “critical systems” beyond what appeared in the statute, nor does it define the term “use” for purposes of the prohibition under 5949(a)(1)(B).  It does, however, contemplate adding certain new definitions, some ofwhich could be construed quite broadly in the context of Section 5949, such as affiliate, electronic parts, and electronic services.

Supply Chain Diligence, Disclosure, and Corrective Action

The FAR clause operationalizes the restriction as follows:

  • Contractors must conduct a reasonable inquiry to detect and avoid the use or inclusion of covered semiconductor products or services in electronic products and electronic services.  In conducting such an inquiry, contractors and subcontractors may reasonably rely on certifications of compliancefrom suppliers of electronic products or services and are not required to conduct independent third-party audits or other formal reviews related to such certifications.  This is a new standard, not outlined in the statute, and is similar to the standard seen in the Section 889 context. 
  • Contractors must make certain disclosures, including (i) disclosures to direct customers regarding the inclusion of a covered semiconductor product or service in electronic products or electronic services, and (ii) notifications to the appropriate Federal authorities within 60 days of learning or suspecting that a product to be used in a critical system contains covered semiconductor products or services.  The clause would include a safe harbor from civil liability or from determinations that the contractor is not presently responsible, provided that the contractor provides the appropriate notification to the Government and makes a comprehensive and documentable effort to identify and remove the covered semiconductor products or services.
  • Contractors must carry out any necessary rework or corrective action if they fail to disclose the inclusion of covered semiconductor products or services in electronic parts or electronic services to direct customers.  The costs of such corrective action would be treated as unallowable costs. 

The forthcoming FAR clause may broadly apply to “all solicitations and contracts” subject to a limited waiver

The ANPRM contemplates that the FAR clause would be incorporated into “all solicitations and contracts,” including those: (i) valued at or below the simplified acquisition and micro-purchase thresholds; (ii) for the acquisition of commercial products and commercial services; and (iii) for the acquisition of COTS items.  As a result, the ANPRM contemplates that “every unique awardee with electronic products or services would need to conduct a reasonable inquiry” to assess compliance with this rule; that 75 percent of all awardees will have electronic products or services that will be impacted by the prohibition; and that up to 20 percent of semiconductors in those electronic products or services “are not currently compliant with the prohibition.”  The FAR clause would also be required in all subcontracts involving “the supply of any electronic products.”   

The heads of executive agencies would have limited authority to waive the application of these requirements in particular situations, generally where the agency determines that no compliant product or services is available to be procured at prices not prohibitively expensive, and where such waiver could not reasonably be expected to compromise critical U.S. national security interests.  Certain agency heads would have additional authority to waive the application of these requirements where it would be in the critical national security interests of the United States.

Notably, the ANPRM also reiterates that Section 5949’s prohibitions would not require agencies to remove any products or services already in place prior to the December 2027 effective date of the prohibition, nor would it limit the utilization of covered semiconductor products throughout the lifecycle of existing equipment.

Additional requirements to assist contractors and the Government in ensuring compliance with the Section 5949 prohibition

The ANPRM notes that federal rulemakers “are considering requiring offerors to identify the provenance of the supply chain for the semiconductor components for each electronic product to be provided to the Government” in order to allow the Government to validate contractor compliance with the prohibition.  According to the ANPRM, such provenance information could include requiring offerors to identify vendors and facilities responsible for design, fabrication, assembly, packaging, and testing of the products.  Additionally, the ANPRM contemplates that the Department of Commerce may compile a public list of known electronic products and services that include covered semiconductor products or services to assist contractors with identifying prohibited products.

Preparing for Compliance

Contractors are encouraged to submit comments to the FAR Council in response to the questions included in the ANPRM, which ask for feedback on, inter alia, recommendations on how to further clarify the scope of the prohibition, the inclusion of additional definitions, whether industry has sufficient visibility into supply chains, the appropriate procedures for conducting a reasonable inquiry, and the anticipated need for waivers after December 2027.

We are continuing to monitor the FAR Council’s development of this rule for our clients.  If you have any questions concerning the material discussed in this post, please contact the members of our Public Policy, Cybersecurity, and Government Contracts groups.

[1] The ANPRM indicates that because the FAR definition of “products” already includes “parts,” the implementing rule would refer only to electronic products and services.  

Tags: Cybersecurity, NDAA, Procurement, Semiconductors
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Susan B. Cassidy Susan B. Cassidy

Susan Cassidy co-chairs Covington’s Aerospace and Defense Industry Group, and has been advising government contractors for more than 35 years on the requirements imposed on companies contracting with the U.S. Government.

Susan’s practice focuses on the intersection of cybersecurity, national security, and supply…

Susan Cassidy co-chairs Covington’s Aerospace and Defense Industry Group, and has been advising government contractors for more than 35 years on the requirements imposed on companies contracting with the U.S. Government.

Susan’s practice focuses on the intersection of cybersecurity, national security, and supply chain risk management for companies that sell products and services to the U.S. Government. Susan advises contractors at all phases of the procurement cycle, and regularly:

advises clients on compliance obligations imposed by the FAR, DFARS, and other agency regulatory requirements;
leads internal and government False Claims Act (FCA) investigations addressing allegations of violations of government cybersecurity, national security, supply chain, quality, and MIL-SPEC requirements; and
advises clients who have suffered a cyber breach where U.S. government information may have been impacted.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 252.204-7012, FedRAMP, controlled unclassified information (CUI), and NIST SP 800-171 requirements;
Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 semiconductor product and service restrictions, and limitations on sourcing a variety of products from China; and
Federal Acquisition Security Council (FASC) regulations and product exclusions.

 

Susan previously served as senior in-house counsel for two major defense contractors (Northrop Grumman Corporation and Motorola Incorporated) and is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. Chambers USA has quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Susan’s pro-bono work extends to assisting veterans in a variety of matters, as well as providing advice to elderly clients on their wills and other end-of-life planning documents.

Read more about Susan B. CassidyEmail
Show more Show less
Photo of Michael Wagner Michael Wagner

Mike Wagner represents companies and individuals in complex compliance and enforcement matters arising in the public procurement context. Combining deep regulatory expertise and extensive investigations experience, Mike helps government contractors navigate detailed procurement rules and achieve the efficient resolution of government investigations and…

Mike Wagner represents companies and individuals in complex compliance and enforcement matters arising in the public procurement context. Combining deep regulatory expertise and extensive investigations experience, Mike helps government contractors navigate detailed procurement rules and achieve the efficient resolution of government investigations and enforcement actions.

Mike regularly represents contractors in federal and state compliance and enforcement matters relating to a range of procurement laws and regulations. He has particular experience handling investigations and litigation brought under the civil False Claims Act, and he routinely counsels government contractors on mandatory and voluntary disclosure considerations under the FAR, DFARS, and related regulatory regimes. He also represents contractors in high-stakes suspension and debarment matters at the federal and state levels, and he has served as Co-Chair of the ABA Suspension & Debarment Committee and is principal editor of the American Bar Association’s Practitioner’s Guide to Suspension & Debarment (4th ed.) (2018).

Mike also has extensive experience representing companies pursuing and negotiating grants, cooperative agreements, and Other Transaction Authority agreements (OTAs). In this regard, he has particular familiarity with the semiconductor and clean energy industries, and he has devoted substantial time in recent years to advising clients on strategic considerations for pursuing opportunities under the CHIPS Act, Inflation Reduction Act, and Bipartisan Infrastructure Law.

In his counseling practice, Mike regularly advises government contractors and suppliers on best practices for managing the rapidly-evolving array of cybersecurity and supply chain security rules and requirements. In particular, he helps companies assess and navigate domestic preference and country-of-origin requirements under the Buy American Act (BAA), Trade Agreements Act (TAA), Berry Amendment, and DOD Specialty Metals regulation. He also assists clients in managing product and information security considerations related to overseas manufacture and development of Information and Communication Technologies & Services (ICTS).

Mike serves on Covington’s Hiring Committee and is Co-Chair of the firm’s Summer Associate Program. He is a frequent writer and speaker on issues relating to procurement fraud and contractor responsibility, and he has served as an adjunct professor at the George Washington University Law School.

Read more about Michael WagnerEmail
Show more Show less
Photo of Stephanie Barna Stephanie Barna

Stephanie Barna draws on over three decades of U.S. military and government service to provide advisory and advocacy support and counseling to clients facing policy and political challenges in the aerospace and defense sectors.

Prior to joining the firm, Stephanie was a senior…

Stephanie Barna draws on over three decades of U.S. military and government service to provide advisory and advocacy support and counseling to clients facing policy and political challenges in the aerospace and defense sectors.

Prior to joining the firm, Stephanie was a senior leader on Capitol Hill and in the U.S. Department of Defense (DoD). Most recently, she was General Counsel of the Senate Armed Services Committee, where she was responsible for the annual $740 billion National Defense Authorization Act (NDAA). Additionally, she managed the Senate confirmation of three- and four-star military officers and civilians nominated by the President for appointment to senior political positions in DoD and the Department of Energy’s national security nuclear enterprise, and was the Committee’s lead for investigations.

Previously, as a senior executive in the Office of the Army General Counsel, Stephanie served as a legal advisor to three Army Secretaries. In 2014, Secretary of Defense Chuck Hagel appointed her to be the Principal Deputy Assistant Secretary of Defense for Manpower and Reserve Affairs. In that role, she was a principal advisor to the Secretary of Defense on all matters relating to civilian and military personnel, reserve integration, military community and family policy, and Total Force manpower and resources. Stephanie was later appointed by Secretary of Defense Jim Mattis to perform the duties of the Under Secretary of Defense for Personnel and Readiness, responsible for programs and funding of more than $35 billion.

Stephanie was also previously the Deputy General Counsel for Operations and Personnel in the Office of the Army General Counsel. She led a team of senior lawyers in resolving the full spectrum of issues arising from Army wartime operations and the life cycle of Army military and civilian personnel. Stephanie was also a personal advisor to the Army Secretary on his institutional reorganization and business transformation initiatives and acted for the Secretary in investigating irregularities in fielding of the Multiple Launch Rocket System and classified contracts. She also played a key role in a number of high-profile personnel investigations, including the WikiLeaks breach. Prior to her appointment as Deputy, she was Associate Deputy General Counsel (Operations and Personnel) and Acting Deputy General Counsel.

Stephanie is a retired Colonel in the U.S. Army and served in the U.S. Army Judge Advocate General’s Corps as an Assistant to the General Counsel, Office of the Army General Counsel; Deputy Staff Judge Advocate, U.S. Army Special Forces Command (Airborne); Special Assistant to the Assistant Secretary of the Army (Manpower & Reserve Affairs); and General Law Attorney, Administrative Law Division.

Stephanie was selected by the National Academy of Public Administration for inclusion in its 2022 Class of Academy Fellows, in recognition of her years of public administration service and expertise.

Read more about Stephanie BarnaEmail
Show more Show less
Photo of Peter Terenzio Peter Terenzio

Peter Terenzio advises clients regarding the regulatory requirements that govern federal contractors and grantees. He focuses on helping clients navigate the Cost Accounting Standards (CAS) and the cost principles in FAR Part 31 and 2 CFR Part 200. He also routinely advises on…

Peter Terenzio advises clients regarding the regulatory requirements that govern federal contractors and grantees. He focuses on helping clients navigate the Cost Accounting Standards (CAS) and the cost principles in FAR Part 31 and 2 CFR Part 200. He also routinely advises on Other Transaction Authority (OTA) research, prototype, and production agreements.

Peter works on accounting, cost, and pricing matters, including providing day-to-day compliance advice; assisting with responses to audits and investigations and findings of potential noncompliance; and performing internal investigations of alleged violations. He also advises on other regulatory regimes, including the complicated prevailing wage rules imposed by the Davis Bacon Act (DBA) and Service Contact Act (SCA). He has particular experience with prototype OTAs issued in cutting edge fields, including quantum computing and biotechnology.

Peter also represents contractors in disputes arising under contracts and grants. He knows how to work closely with the client’s subject matter experts to prepare and submit detailed requests for equitable adjustment (REAs) to secure price or schedule relief. When contract disputes cannot be resolved amicably, he has helped clients in litigation before federal courts and the Boards of Contract Appeals.

Read more about Peter TerenzioEmail
Show more Show less
Photo of Ryan Burnette Ryan Burnette

Ryan Burnette is a government contracts and technology-focused lawyer that advises on federal contracting compliance requirements and on government and internal investigations that stem from these obligations. Ryan has particular experience with defense and intelligence contracting, as well as with cybersecurity, supply chain…

Ryan Burnette is a government contracts and technology-focused lawyer that advises on federal contracting compliance requirements and on government and internal investigations that stem from these obligations. Ryan has particular experience with defense and intelligence contracting, as well as with cybersecurity, supply chain, artificial intelligence, and software development requirements.

Ryan also advises on Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) compliance, public policy matters, agency disputes, and government cost accounting, drawing on his prior experience in providing overall direction for the federal contracting system to offer insight on the practical implications of regulations. He has assisted industry clients with the resolution of complex civil and criminal investigations by the Department of Justice, and he regularly speaks and writes on government contracts, cybersecurity, national security, and emerging technology topics.

Ryan is especially experienced with:

Government cybersecurity standards, including the Federal Risk and Authorization Management Program (FedRAMP); DFARS 252.204-7012, DFARS 252.204-7020, and other agency cybersecurity requirements; National Institute of Standards and Technology (NIST) publications, such as NIST SP 800-171; and the Cybersecurity Maturity Model Certification (CMMC) program.
Software and artificial intelligence (AI) requirements, including federal secure software development frameworks and software security attestations; software bill of materials requirements; and current and forthcoming AI data disclosure, validation, and configuration requirements, including unique requirements that are applicable to the use of large language models (LLMs) and dual use foundation models.
Supply chain requirements, including Section 889 of the FY19 National Defense Authorization Act; restrictions on covered semiconductors and printed circuit boards; Information and Communications Technology and Services (ICTS) restrictions; and federal exclusionary authorities, such as matters relating to the Federal Acquisition Security Council (FASC).
Information handling, marking, and dissemination requirements, including those relating to Covered Defense Information (CDI) and Controlled Unclassified Information (CUI).
Federal Cost Accounting Standards and FAR Part 31 allocation and reimbursement requirements.

Prior to joining Covington, Ryan served in the Office of Federal Procurement Policy in the Executive Office of the President, where he focused on the development and implementation of government-wide contracting regulations and administrative actions affecting more than $400 billion dollars’ worth of goods and services each year.  While in government, Ryan helped develop several contracting-related Executive Orders, and worked with White House and agency officials on regulatory and policy matters affecting contractor disclosure and agency responsibility determinations, labor and employment issues, IT contracting, commercial item acquisitions, performance contracting, schedule contracting and interagency acquisitions, competition requirements, and suspension and debarment, among others.  Additionally, Ryan was selected to serve on a core team that led reform of security processes affecting federal background investigations for cleared federal employees and contractors in the wake of significant issues affecting the program.  These efforts resulted in the establishment of a semi-autonomous U.S. Government agency to conduct and manage background investigations.

Read more about Ryan BurnetteEmail
Show more Show less
Photo of Daniel Raddenbach Daniel Raddenbach

Daniel Raddenbach assists clients in navigating the complex regulatory regimes that apply to federal contractors. In addition to providing regulatory advice, he routinely works with clients in the government contracts M&A space to provide regulatory reviews and risk analyses of potential transactions. He…

Daniel Raddenbach assists clients in navigating the complex regulatory regimes that apply to federal contractors. In addition to providing regulatory advice, he routinely works with clients in the government contracts M&A space to provide regulatory reviews and risk analyses of potential transactions. He also represents contractors in complex disputes, including litigation and claims against the federal government and prime-sub disputes.

Most recently, Daniel has specialized in assisting clients in the semiconductor industry to apply for and negotiate CHIPS Act funding awards to construct or modernize semiconductor fabrication facilities. He regularly advises clients on the ramifications of applying for funding under the CHIPS Act programs, providing analysis on topics including CHIPS programmatic requirements, the national security guardrails, and federal labor law requirements (including Davis-Bacon), among others.

Read more about Daniel RaddenbachEmail
Show more Show less