Save the Last (Byte) Dance: New Interim Rule Bars TikTok and Successor ByteDance Apps

On June 2, 2023, the FAR Council issued an Interim Rule with immediate effect that prohibits the presence or use of the TikTok app on “information technology” (IT) equipment used by government contractors and contractor personnel in the performance of a contract. The interim rule mirrors the Office of Management and Budget’s guidance, which directed federal agencies to remove TikTok and successor apps made by Chinese company ByteDance Limited from federal devices (to implement the No TikTok on Government Devices Act).

General Prohibition and Applicability

Broad in scope, the prohibition—implemented by new contract clause FAR 52.204-27—applies to the use or presence of TikTok on (i) IT equipment owned or managed by the government; and (ii) both contractor-owned and employee-owned IT equipment used in contract performance.  The FAR clause excludes personally owned cell phones that are not used in the performance of a contract.  In addition, the clause applies to contracts below the simplified acquisition threshold and to contracts for commercial products and services.  The clause is also a required flowdown to subcontractors.

The clause does allow agencies to provide exemptions for contractors performing law enforcement activities, national security activities, and security research, though agencies are instructed to use exemptions sparingly.

For purposes of the prohibition, the clause incorporates a statutory definition of “information technology” (rather than the standard definition at FAR 2.101), which covers IT equipment when the contract requires the use of such equipment, or requires the use of such equipment “to a significant extent in the performance of a service or the furnishing of a product” but does not include “equipment acquired by a Federal contractor incidental to a Federal contract.” Neither the clause nor the commentary provides clarification about what type of use may be “incidental” and fall out of scope of the prohibition.

Compliance Standards

In the rulemaking commentary, the FAR Council notes that it expects contractors already have technology in place to block access to unwanted or nefarious websites and to prevent and remove a downloaded app, suggesting that the Government expectation is that the contractors will impose technical barriers in addition to using policies and procedures, training, and awareness campaigns to comply with the requirement.

Timing

Agencies are directed to include the new FAR clause in:

• Any solicitation issued on or after June 2, 2023;
• Any contract award that occurs on or after July 3, 2023, even if the solicitation predated the rulemaking;
• Existing IDIQ contracts, to be amended by July 3, 2023 to apply to future orders;
• Any modifications/option awards for existing contracts or task or delivery orders that extend the period of performance.

Comments on the Interim Rule are due by August 1, 2023.

Compliance Considerations

Contractors will need to move quickly to ensure that they comply with the clause before the government begins to include it in contracts.  In preparing, contractors should consider taking the following steps:

1. Incorporate FAR 52.204-27 into subcontract flowdowns.
2. Update employee/subcontractor device policies as necessary to reflect FAR 52.204-27 restrictions.
3. Circulate guidance on FAR 52.204-27 restrictions to impacted employees and subcontractors, including instructions on how to uninstall TikTok from personal devices if such devices are in scope based on the definition of “information technology.”
4. Identify all devices expressly required in a federal contract or where use is required “to a significant extent” in contract performance, including any personal or employee-provided devices as applicable.
5. Communicate with information technology personnel and consider whether technical solutions should be deployed (e.g. removing existing instances of TikTok from contractor-managed devices, blocking TikTok downloads moving forward, etc.)