The Department of Defense (DoD) has finalized regulations prohibiting the use of telecommunications equipment or services from Chinese entities or from entities that are owned or controlled by either the People’s Republic of China or the Russian Federation. The Final Rule, which went into effect on Friday, January 15, 2021, prohibits the DoD from buying or using banned telecommunications equipment and services that are a “substantial or essential component of any system” or that constitute a “critical technology.”
The Final Rule includes just two changes to the Interim Rule, which has been in effect since December 31, 2019:
- First, the Rule extends the deadline to report to DIBNET (the web-based information sharing portal for defense contractors) the discovery of covered defense telecommunications equipment or services from one business day to three business days.
- Second, the Rule also extends the deadline for contractors to report what mitigation actions they took in response to the discovery from ten (10) business days to thirty (30) business days.
These changes are important because they provide contractors with critical additional time in which to (i) gather necessary information regarding the existence of covered equipment and/or services prior to contacting DoD, and (ii) fully develop and describe appropriately tailored mitigation actions. Defense contractors should already be familiar with these requirements because the Interim Rule implemented three new contract clauses: DFARS 252.204-7016, Covered Defense Telecommunications Equipment or Services—Representation; DFARS 252.204-7017, Prohibition on Acquisition of Covered Defense Telecommunications Equipment or Services—Representation; and DFARS 252.204-7018, Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services. The regulations require that a contractor inform the government annually as to whether it provides covered defense telecommunications equipment or services to the government. A contractor responding affirmatively must in turn provide a description of all covered defense telecommunications equipment; an explanation of the proposed equipment and services; a listing of any factors relevant for the government to determine whether use would be permissible; and the identity of the entity that provided the service or produced the equipment.
These provisions apply to all solicitations and contracts, including those below the simplified acquisition threshold, and to acquisitions for commercial items. As the reporting requirements vest the prime contractor with responsibility to ensure wholesale supply chain compliance, it is integral that the appropriate standards be flowed down to applicable subcontractors to facilitate prompt notification to the prime or higher tier subcontractor upon discovery of covered defense telecommunications equipment. In fact, DoD cautioned that “[i]f the higher tier subcontractor or prime contractor does not report lower tier notifications of the discovery of covered defense telecommunications equipment or services, the higher tier subcontractor and prime contractor are at risk of being in violation of the prohibition.” Defense Federal Acquisition Regulation Supplement: Covered Defense Telecommunications Equipment or Services (DFARS Case 2018–D022), 86 FR 3832 (Jan. 15, 2021).
If a contractor identifies and adequately reports the use of covered defense telecommunications equipment or services, it should then develop and implement a mitigation strategy as soon as possible. Although contractors now have thirty days, instead of ten, to report what mitigation actions it has undertaken, companies should use this extra time to ensure that robust and appropriate measures are in place.