New Executive Order on IT Supply Chain Takes Aim at Huawei and Others, Poses Significant Implications for Government Contract Supply Chains

On May 15, 2019, President Trump executed a new Executive Order (EO) likely to inject increased levels of scrutiny and uncertainty throughout the vast and interconnected web of government contract supply chains. The new EO, entitled “Securing the Information and Communications Technology and Services Supply Chain,” comes during a period of escalating trade tensions with China and following a breakdown of trade talks earlier in the week. The EO sets the stage for restricting commercial business with a significantly broader block of Chinese companies like Huawei (already subject to a federal procurement ban) in an effort to stem “malicious cyber-enabled actions” within U.S. networks.

Drawing upon authorities available under the International Emergency Economic Powers Act of 1977, the EO prohibits any commercial “transaction” determined by the Secretary of Commerce to involve “information and communications technology or services” designed, developed, manufactured, or supplied by entities owned, controlled, or subject to the jurisdiction of a “foreign adversary,” thereby posing “unacceptable risk to the national security of the United States.” This analysis requires a broad analysis including risk to the “U.S. critical infrastructure or the digital economy of the US.” On the same day President Trump executed the EO, the Department of Commerce announced that it would take a separate but related action in adding Huawei and 70 of its affiliates to the “entity list,” effectively prohibiting Huawei from acquiring items or technology from U.S. suppliers without authorization from Commerce.

In assessing the potential reach and impact of the supply chain EO, it is important to note that:

• The scope of technologies and services covered by the EO is exceedingly broad, defined to include “any hardware, software, or other product or service primarily intended to fulfill or enable the function of information or data processing, storage, retrieval, or communication by electronic means, including transmission, storage, and display.”
• Though intended initially to target Huawei and its affiliates, the EO contemplates that additional countries and entities considered foreign adversaries may be identified through regulations to be issued by Commerce within 150 days.
• Those regulations may also identify particular technologies subject to the new prohibitions, and establish procedures through which otherwise prohibited transactions or technologies may be permitted through the issuance of “licenses.”
• The EO also identifies enhanced roles and responsibilities for the Department of Homeland, Department of Justice, and the Director of National Intelligence. 

Much of the focus will now turn to Commerce and its development of regulations to implement the sweeping language of this new EO.