Coming December 4: Do You Know Where Your Supply Chain Risks Are? FAR Council Issues Interim Rule Requiring Contractor Diligence for FASC Exclusion and Removal Orders
Client Alert | 18 min read | 10.12.23
On October 5, 2023, the Federal Acquisition Regulation (FAR) Council published an interim rule to prohibit, in the performance of a government contract, the delivery or use of “covered articles” (which includes certain information technology and telecommunications equipment, hardware, systems, devices, software, and services) subject to a Federal Acquisition Supply Chain Security Act (FASCSA) exclusion or removal order. The interim rule also imposes obligations for a related “reasonable inquiry” at the time of proposal submission and quarterly monitoring during contract performance. These changes implement the FASCSA of 2018 (P.L. 115-390). While the Federal Acquisition Security Council (FASC) and the order-issuing agencies (Department of Homeland Security (DHS), Department of Defense (DoD), and the Office of the Director for National Intelligence (ODNI)) have not yet issued any such FASCSA orders, those orders will be identified in the System for Award Management (SAM) or – in some cases – identified in and specific to the contract and any resulting subcontracts.
The new FAR clauses implementing these changes will apply to all contracts, including contracts below the simplified acquisition threshold (SAT), contracts or orders for commercial products or services (including commercial off-the-shelf (COTS) items), and orders under indefinite delivery, indefinite quantity contracting vehicles. The interim rule goes into effect on December 4, 2023 and comments on the interim rule are due on December 4, 2023 as well.
FASCSA and the FASC
The interim rule is the latest step in implementing FASCSA. A prior interim rule established the FASC as the repository for reports of supply chain risk. The FASC uses that information to draft recommended orders, which DHS, DoD, and ODNI review for approval. FASCSA orders apply as follows:
Table 1. FASCSA Order Applicability.
A FASCSA order may require the exclusion of covered sources or articles from federal procurement activities (as a prime contractor or subcontractor at any tier) and/or removal of covered articles from federal or contractor information systems.
October 2023 Interim Rule Prohibits Delivery of Covered Articles and Requires At Least Quarterly Monitoring for Prohibited Covered Articles
Three new FAR clauses, FAR 52.204-28, -29, and -30, prohibit contractors from providing any named covered article, or any product or service from a named source, that is subject to an applicable FASCSA order. These clauses are required to be included in all applicable solicitations or contracts, including those below the SAT, for commercial products or services, or COTS items, due to the “unacceptable level of risk for the Government in buying products or services subject to a FASCSA order.”
Key Definitions
|
- FAR 52.204-29, Federal Acquisition Supply Chain Security Act Orders-Representation and Disclosures, requires offerors to represent that they will not provide or use as part of performance of the contract any named covered article, or any products or services from a named source, subject to an applicable FASCSA order, or disclose any such articles used in order to request a waiver.
- Representation: Submission of an offer constitutes a representation that the offeror made a “reasonable inquiry” into its supply chain and does not propose to provide or use any covered article, or any products or services produced or provided by a source, if the article or source is prohibited by an applicable FASCSA order in response to the solicitation, except if waived by the solicitation, or as disclosed.
- Disclosure and Waiver Request: If the offeror cannot make this representation, then for any covered article subject to an applicable FASCSA order, or any products or services produced or provided by a source subject to an applicable FASCSA order, the offeror may request a waiver.[1]
- FAR 52.204-30, Federal Acquisition Supply Chain Security Act Orders-Prohibition, prohibits contractors from providing or using in the performance of the contract any named covered article, or any product or service, covered by a FASCSA order (unless under a waiver). The clause requires the following:
- Monitoring: Contractors must review the System for Award Management (“SAM”) at least once every three months or more often as advised by the contracting officer to determine if new FASCSA orders apply to their supply chains.[2] The contractor must conduct a reasonable inquiry to determine whether its supply chain is affected. If the supply chain includes covered articles under a new FASCSA order (or it is discovered at any point that the supply chain or deliveries to the government have included covered articles under preexisting FASCSA orders), then the contractor must provide notice and report to the government.
- Notice and Reporting: If a FASCSA order applies to a product in a contractor’s supply chain and is to be or has been provided to the Government or used during contract performance, the provision requires the contractor to report it to the contracting officer within three (3) business days with basic information on the product or service, including “readily available information about mitigation actions.”[3] Then, within ten (10) business days, the contractor must update that report with information on mitigation actions taken and actions taken to prevent future submissions or use of covered articles or sources. Subcontractors must make the same report to the prime contractor, who in turn must notify the contracting officer.
- Waiver: A contractor may submit a written request to the contracting officer for a waiver to a new FASCSA order.[4] The contracting officer then decides whether—or not—to issue a waiver.
- Flowdown: These requirements must be flowed down to all subcontracts, including for commercial products and services.
- FAR 52.204-28, Federal Acquisition Supply Chain Security Act Orders-Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts, requires contractors to comply with FASCSA orders and to remove any covered articles or products or services subject to a FASCSA order when notified of the order by the contracting officer. This clause is a required provision in solicitations and contracts under all FSS, GWACs, and multi-agency contracts when FASCSA orders will be applied at the task- or delivery-order level.
FAR Subpart 4.23, Federal Acquisition Security Council Information Sharing
The interim rule also adds FAR Subpart 4.23, which requires contracting agencies to share relevant supply chain risk information with FASC, and identifies procedures for agencies to implement FASCSA exclusion or removal orders for “covered articles.” This Subpart establishes procedures for executive agencies to request waivers from a FASCSA order (or parts thereof) for (1) an agency; (2) specific agency actions or a specific class of acquisitions; (3) agency actions before compliance with a FASCSA order is practicable; or (4) other limited agency activities.[5]
Key Takeaways
While the FAR Council acknowledges significant cost for contractors to perform the requisite supply chain diligence and monitoring, the Council assumes contractors will leverage existing policies and procedures for other exclusions (e.g., Kaspersky ban, Section 889) in implementing this supply chain management requirement. While the new rule does provide for waivers, such waivers likely will be limited similar to the few granted waivers for Section 889 and other supply chain restrictions.
Before the December 4, 2023 effective date, contractors can begin taking steps to ensure that they can comply with the new clauses by:
- Ensuring that their supply chain tracking systems are capable of conducting or supporting a “reasonably inquiry” to determine whether they have any “covered articles” subject to relevant FASCSA orders in their internal infrastructure and public sector supply chain.
- Establishing a process for reviewing solicitations for contract-specific FASCSA orders and reviewing SAM for new FASCSA orders at the time of proposal submission and, subsequently, at least every 3 months;
- Updating employee/subcontractor device policies as necessary to reflect FASCSA orders;
- Circulating guidance on FASCSA order restrictions to applicable supply chain management and procurement employees and to subcontractors;
- Communicating with information technology personnel and considering whether technical solutions can and should be deployed; and
- Preparing to incorporate FAR 52.204-28, -29, and -30 into subcontract flowdowns effective December 4, 2023.
We would like to thank Dilan Wickrema, Senior Law Clerk, for his contribution to this alert.
[1] A waiver request must include the (1) name of the product or service provided to the Government; (2) name of the covered article or source subject to a FASCSA order; (3) if applicable, name of the vendor, including the Commercial and Government Entity code and unique entity identifier (if known), that supplied the covered article or the product or service to the Offeror; (4) brand; (5) model number (original equipment manufacturer number, manufacturer part number, or wholesaler number); (6) item description; and (7) the reason the applicable covered article, product, or service is being provided or used.
[2] The rule specifically requires contractors to search for the phrase “FASCSA order” in the System for Award Management (SAM) at https://www.sam.gov to locate applicable FASCSA orders. The Government may also identify in the solicitation additional FASCSA orders that are not in SAM, which are effective and apply to the solicitation and resultant contract.
[3] The three-day report must contain the (A) contract number; (B) order number(s), if applicable; (C) name of the product or service provided to the Government or used during performance of the contract; (D) name of the covered article or source subject to a FASCSA order; (e) if applicable, name of the vendor, including the Commercial and Government Entity code and unique entity identifier (if known), that supplied the covered article or the product or service to the Contractor; (f) brand; (g) Model number (original equipment manufacturer number, manufacturer part number, or wholesaler number); (h) item description; and (i) any readily available information about mitigation actions undertaken or recommended.
[4] See n. 1 for waiver request requirements.
[5] An agency must submit a request for waiver in writing to the official that issued the relevant FASCSA order, unless other instructions for submission are provided by the applicable FASCSA order. The waiver must include (1) identification of the applicable FASCSA order; (2) a description of the exception sought, including, if limited to only a portion of the order, a description of the order provisions from which an exception is sought; (3) the name or a description sufficient to identify the covered article or the product or service provided by a source that is subject to the order from which an exception is sought; (4) compelling justification for why an exception should be granted, such as the impact of the order on the agency's ability to fulfill its mission-critical functions, or considerations related to the national interest, including national security reviews, national security investigations, or national security agreements; (5) any alternative mitigations to be undertaken to reduce the risks addressed by the FASCSA order; and (6) any other information requested by the issuing official.
Insights
Client Alert | 3 min read | 12.10.24
Fast Lane to the Future: FCC Greenlights Smarter, Safer Cars
The Federal Communications Commission (FCC) has recently issued a second report and order to modernize vehicle communication technology by transitioning to Cellular-Vehicle-to-Everything (C-V2X) systems within the 5.9 GHz spectrum band. This initiative is part of a broader effort to advance Intelligent Transportation Systems (ITS) in the U.S., enhancing road safety and traffic efficiency. While we previously reported on the frustrations with the long time it took to finalize rules concerning C-V2X technology, this almost-final version of the rule has stirred excitement in the industry as companies can start to accelerate development, now that they know the rules they must comply with.
Client Alert | 6 min read | 12.09.24
Eleven States Sue Asset Managers Alleging ESG Conspiracy to Restrict Coal Production
Client Alert | 3 min read | 12.09.24
New York Department of Labor Issues Guidance Regarding Paid Prenatal Leave, Taking Effect January 1
Client Alert | 4 min read | 12.06.24