Supply Chain

Last week, President Trump issued an executive order aimed at encouraging the expansion American manufacturing of essential medical products — Executive Order on Ensuring Essential Medicines, Medical Countermeasures, and Critical Inputs Are Made in the United States (August 6, 2020) (the “Order”).  The Order sets forth an ambitious plan requiring extensive agency action on a tight timeline that suggests a significant impact.  Closer examination of the Order raises significant questions about the practicalities of implementation and the realistic impact of the Order once the substantial stated exceptions are taken into account.

The List

The heart of the Order is a list of Essential Medicines, Medical Countermeasures (“MCMs”), and Critical Inputs to which the Order’s requirements apply — but the key components of this list do not yet exist.  Instead, the Order directs the Food and Drug Administration (“FDA”) to produce the list within 90 days and to include on the list Essential Medicines, MCMs, and Critical Inputs “that are medically necessary to have available at all times in an amount adequate to serve patient needs and in the appropriate dosage forms.”

The Order provides the following definitions that give some insight into what may be on the FDA’s eventual list:
Continue Reading Trump Administration Increases Uncertainty for Pharmaceutical Manufacturing

(This article was originally published in Law360 and has been modified for this blog.)

Companies in a range of industries that contract with the U.S. Government—including aerospace, defense, healthcare, technology, and energy—are actively working to assess whether or not their information technology systems comply with significant new restrictions that will take effect on August 13, 2020.  These new restrictions prohibit the use of certain Chinese telecommunications equipment and services, and a failure to comply can have dramatic consequences for these companies.  The new restrictions also will have an immediate impact on mergers and acquisitions involving a company that does—or hopes to do—business with the Federal government.  In this article, we highlight some key considerations for M&A practitioners relating to these restrictions.

Background

On July 14, 2020, the U.S. Government’s Federal Acquisition Regulatory Council (“FAR Council”) published an interim rule to implement Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (“FY19 NDAA”).[1]  When the new rule takes effect on August 13, it will prohibit the Department of Defense and all other executive branch agencies from contracting—or extending or renewing a contract—with an “entity” that “uses” “covered telecommunications equipment or services as a substantial or essential part of any system.”  The restrictions cover broad categories of equipment and services produced and provided by certain Chinese companies—namely Huawei, ZTE, Hytera, Hangzhou Hikvision, Dahua, and their affiliates.[2]

The new rule will be applicable to all contracts with the U.S. Government, including those for commercial item services and commercially available-off-the-shelf products.[3]  Companies with a single one of these contracts will soon have an ongoing obligation to report any new discovery of its internal “use” of certain covered telecommunications equipment and services to the Government within one business day with a report of how the use will be mitigated ten business days later.[4]  Further, although companies can seek to obtain a waiver on a contract-by-contract basis from agencies, these waivers must be granted by the head of the agency, and may only extend until August 13, 2022 at the latest.[5]

The new rule is the second part of a two-stage implementation of Section 889’s restrictions on covered telecommunications equipment and services in Government contracting.  It builds on an earlier rule that implemented Section 889(a)(1)(A) of the FY19 NDAA on August 13, 2019 by prohibiting an executive branch agency from acquiring certain covered telecommunications equipment or services that is a substantial or essential part of any system.[6]

The new rule is expansive in scope, and its effects will be felt far beyond the traditional defense industrial base.  Thus, mergers and acquisitions practitioners are well advised to become familiar with the rule and consider how it might impact any future transaction where an acquisition target does at least some business with the Government or has aspirations to do so in the future.

Continue Reading M&A and Section 889: Due Diligence and Integration Considerations

On July 10, 2020, the interim rule implementing Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. No. 115-232) was released by the U.S. Government’s Federal Acquisition Regulatory Council. Section 889 prohibits the U.S. Government from buying (as of August 2019)—or contracting with an entity that uses

In recent years, both Congress and the Executive Branch have made it a key priority to mitigate risks across the industrial and innovation supply chains that provide hardware, software, and services to the U.S. government (“USG”).  Five of these initiatives are likely to result in new regulations in 2020, each of which could have a fundamental impact on companies’ ability to sell Information, Communications, Technology and Services (“ICTS”) to the USG.  As these requirements begin to take hold, federal contractors should be mindful of potential impacts and the actions that can be taken now to prepare for increased USG scrutiny of their supply chain security.

Continue Reading Contractor Supply Chain Readiness – An Update on Expected Regulatory Changes

On May 5, 2020 the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (“CISA”) Information and Communications Technology (“ICT”) Supply Chain Risk Management (“SCRM”) Task Force (the “Task Force”) released a six-step guide for organizations to start implementing organizational SCRM practices to improve their overall security resilience.  The Task Force also released a revised fact sheet to further raise awareness about ICT supply chain risk.

As we discussed in a prior blog post on the Task Force’s efforts, the Task Force was established in 2018 with representatives from 17 different defense and civilian agencies, as well as industry representatives across the information technology and communications sectors.  The Task Force has been focused on assessing and protecting security vulnerabilities in government supply chains.  Since its founding, the Task Force has inventoried existing SCRM efforts across the government and industry, including some of the practices reflected in the guide.
Continue Reading CISA Information and Communications Technology Supply Chain Risk Management Task Force Releases New Guidance on Security Resiliency

The global spread of the COVID-19 virus may put many federal contractors at risk of missing contractual deadlines. In a growing number of cases, supply chains may become cut off, work spaces may be closed, or employees may need to stay home, all of which could impact a contractor’s ability to perform in a timely manner. This is the first in a series of blog posts aimed at helping contractors navigate performance delays, changes, and other complications caused by the coronavirus outbreak.

When confronting challenges caused by the coronavirus, contractors should know that their contracts may contain clauses that would excuse these delays such as FAR 52.249-14 (cost reimbursement and time and material contracts), FAR 52.249-8 (fixed price supply and service contracts), and FAR 52.212-4 (commercial contracts). All of these clauses share a common thread – a contractor should not be in default because of a failure to perform the contract if the failure arises from causes beyond the control and without the fault or negligence of the contractor.
Continue Reading “Excuse Me, My Performance Has been Interrupted”– How Excusable Delay Provisions in the FAR May Help Federal Contractors Affected by the Coronavirus

On Monday, the U.S. Court of Appeals for the Federal Circuit issued an opinion in Acetris Health, LLC v. United States, No. 2018-2399 (Fed. Cir. Feb. 10, 2020) (“Acetris”), that would permit pharmaceutical manufacturers to source a drug’s active pharmaceutical ingredient (“API”) from India, China and other non “designated countries” and yet still offer the end product for sale to the U.S. Government.  Under the Trade Agreements Act (“TAA”), if a drug’s API was sourced from outside of the United States or a designated country, at least some Government agencies previously had taken the position that the U.S. Government could not purchase it.  In Acetris, the Federal Circuit explained that the TAA inquiry should turn not on where the API (or some other component) is sourced, but instead on where the pill (or other end product) is manufactured.  Consistent with this approach, the court held that a pill manufactured in the United States was compliant with the TAA and implementing regulations even though the pill’s API was sourced from India.

Although the full implications of the Acetris decision are not yet clear, there is no doubt that the ruling alters the TAA compliance landscape and offers broader lessons outside of the pharmaceutical manufacturing context.  Consequently, the decision warrants close attention by contractors seeking to maximize supply chain efficiency.
Continue Reading A New Path to TAA Compliance: U.S.-Made End Products in Acetris

On January 31, the Department of Defense (“DoD”) released Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”).  This is the fourth iteration of the CMMC that DoD has publicly released since it issued the first draft in October, and it is intended to be the version that auditors will be trained against, and that will eventually govern defense contractors’ cybersecurity obligations.  (We discussed the draft versions of the CMMC in earlier blog posts, as well as DoD’s Version 1.0 release announcement.)

As outlined in more detail below, the CMMC is a framework that “is designed to provide increased assurance to the DoD that a DIB [Defense Industrial Base] contractor can adequately protect CUI [Controlled Unclassified Information] at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain.”

DoD stated publicly that it plans to add CMMC requirements to ten Requests for Information (“RFIs”) and ten Requests for Proposals (“RFPs”) by the end of this year, with contractors and subcontractors expected to meet all applicable CMMC requirements at the time of award.  DoD has indicated that these RFPs may involve relatively large awards, as it anticipates that each award will impact approximately 150 different contractors at all levels of the supply chain and at various levels of CMMC certification.  DoD’s goal is to have CMMC requirements fully implemented in all new contract awards by Fiscal Year 2026.

Continue Reading A Closer Look at Version 1.0 of DoD’s Cybersecurity Maturity Model Certification

The Trump Administration has declared this month National Slavery and Human Trafficking Prevention Month, calling on industry associations, law enforcement, private businesses, and others to work toward ending modern slavery and human trafficking. This proclamation follows the Administration’s efforts to combat human trafficking, which we have previously discussed here, and comes on the heels of an OMB memorandum released last fall aimed at “enhanc[ing] the effectiveness of anti-trafficking requirements in Federal acquisition while helping contractors manage and reduce the burden associated with meeting these responsibilities.”

Continue Reading Trump Administration Renews Focus on Anti-Human Trafficking Efforts

On November 27, 2019, the Department of Commerce issued a proposed rule to implement the May 15, 2019 Executive Order entitled “Securing the Information and Communications Technology and Services Supply Chain.”  Once finalized and effective, the regulations will govern the process and procedures that the Secretary of Commerce will use to determine whether certain transactions involving information and communications technology or services (“ICTS”) should be prohibited or otherwise restricted.  As currently drafted, the proposed rule goes further than many other legal authorities, in that it allows the government to prohibit or otherwise restrict a broad range of wholly commercial transactions that the Secretary determines present national security risks.

Details on key aspects of the proposed rule are in a Client Alert that we published on November 27, available here.  The public comment period remains open until December 27.  Given the breadth of the proposed rule and the significant number of open questions, thoughtful comments will be critically important in scoping a final rule.
Continue Reading Commerce Department Proposes Rule Impacting Information and Communications Technology Supply Chains