SIA Analysis of New Government Rules on Select Chinese Video Surveillance and Telecom Firms

By Jake Parker, Senior Director of Government Relations, Security Industry Association on July 13, 2020 | Integrators, Manufacturers |

Implementation rules for NDAA 2019 Section 889

Preliminary Analysis of FAR Rule and Other Implementing Regulations for Section 889(a)(1)(B) of the National Defense Authorization Act (NDAA) for Fiscal 2019 (P.L. 115-232)

What SIA Members Need to Know

This preliminary analysis covers the regulation implementing prohibitions on procurement of certain Chinese telecommunications and video surveillance products found in section 889(a)(1)(B) of the NDAA for FY 2019 (Pub. L. 115-232), which was published in the Federal Register on July 14, 2020. SIA will update this analysis with additional insight or information as needed.

Key documents:

[Federal Register; July 14, 2020] Federal Acquisition Regulation: Prohibition on Contracting With Entities Using Certain Telecommunications and Video Surveillance Services or Equipment (FAR Case 2019-009)

This interim final rule revises the Federal Acquisition Regulation specifically to implement section 889(a)(1)(B), known as “Part B.” According to the rule, this subsection “prohibits the head of an executive agency on or after Aug. 13, 2020, from entering into a contract or extending or renewing a contract with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system” unless an exception applies or a waiver is granted.

Covered equipment or services is defined in the statute as:

Telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities);
For the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure and other national security purposes, video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company or Dahua Technology Company (or any subsidiary or affiliate of such entities);
Telecommunications or video surveillance services provided by such entities or using such equipment; or
Telecommunications or video surveillance equipment or services produced or provided by an entity that the secretary of defense, in consultation with the director of national intelligence or the director of the Federal Bureau of Investigation, reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country.

Top Takeaways for Security Contractors

Commercial Use Unrelated to Federal Work Impacted.

The rule does not offer a specific definition of what is meant by “use.” Rather, it simply restates that statutory language that the prohibition “applies to Federal contractors’ use of covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system,” but adds “regardless of whether that usage is in performance of work under a Federal contract,” offering the following explanation:

The exfiltration of sensitive data from contractor systems arising from contractors’ use of covered telecommunications equipment or services could also harm important governmental, privacy and business interests. Accordingly, due to the privacy and security risks associated with using covered telecommunications equipment or services as a substantial or essential component or critical technology of any system, the prohibition applies to any use that meets the threshold described above.

Unfortunately, the interim rule offers little additional insight on a common question within the security industry, especially pertaining to resellers, as to whether an entity’s commercial sales of covered equipment to end-users meet this “threshold.” The rule does suggest that the reasonable inquiry expected of contractors (see below), is to determine whether the “entity itself” uses the equipment.

In any case, due to its applicability to uses by entities with federal contracts even unrelated to their federal work, this broad interpretation is expected to have widespread impact on the contracting community across many sectors, as covered video surveillance equipment is some of the most commonly used in the commercial sector in the United States.

Applicable Only to Prime Contractors.

The interim rule explains that while the requirements of Section 889 (a)(1)(A) – addressing direct federal procurement of products – flow down to subcontractors, Part B “will not flow down because the prime contractor is the only ‘entity’ that the agency ‘enters into a contract’ with, and an agency does not directly ‘enter into a contract’ with any subcontractors, at any tier.” Importantly, an entity that does not itself have a federal contract or make a bid to obtain one does not have compliance obligations under Part B. This also means Part B is not applicable to any affiliates, parents and subsidiaries of the offeror. Additionally, the requirements do apply to entities with contracts below the federal micro-purchase threshold as well as those providing commercial-off-the-shelf items.

Mechanism.

Similar to subsection (a)(1)(A) “Part A,” the Part B requirement will be implemented via offeror “representation” and disclosure requirements. Beginning Aug. 13, 2020, new contracts will include a requirement that all offerors provide a representation (self-certification) as to whether the entity does or does not “use any equipment, system or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”

Reasonable Inquiry Standard.

The interim rule adopts a “reasonable inquiry” standard when an offeror represents whether it uses covered telecommunications equipment. “A reasonable inquiry is an inquiry designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity. A reasonable inquiry need not include an internal or third-party audit.” This provision may be aimed at easing the compliance burden by suggesting that contractors only need to inquire based on what information they already possess. Note that this standard applies only to the Part B “representation,” versus the certification required under Part A.

Timeline for Compliance.

While the effective date for the rule is Aug. 13, 2020, contractors are bound by it at the point at which they have a contract with the implementing clause included, via new contracts or amendments, or need to renew your registration in the system for award management (SAM). These clauses will be included in solicitations issued on or after August 13, 2020, and solicitations issued before that date if the resulting award occurs on or after Aug. 13, 2020. Existing indefinite delivery contracts will be modified to include these clauses applicable to future orders where performance will occur on or after that date. Additionally, it is possible that agency-specific implementing rules may phase in aspects of these requirements over the next year.

Waivers: Expect Low Utilization.

Entities may request a one-time, two-year waiver that would allow the continued use of covered equipment. Additionally, the director of national intelligence may provide a waiver if the director determines the waiver is in the national security interests of the United States; however, the extensive reporting and disclosure requirements that accompany such waivers means it is unlikely many contractors will pursue this option.

Preparation for Customer Questions.

As customers with federal contracts begin to implement compliance measures, be prepared to answer questions and deliver compliant video surveillance solutions that may be determined to be needed in order to comply. Note that covered equipment includes video surveillance equipment produced by Chinese firms Hikvision, Dahua and Hytera when for the purposes of “public safety, security of government facilities, physical security surveillance of critical infrastructure and other national security purposes.” While not addressed directly in the language of the statute or the interim rule, it should be assumed that products for which these firms are the original equipment manufacturer would also be considered covered equipment, based on the rule implementing Part A. SIA recommends that systems integrators check directly with equipment manufacturers or distributors for the latest and most accurate information on the compliance status of specific products.

The Interim Rule Will Be Updated With a Final Version.

A public comment period on the interim rule is open for 60 days from the date of publication in the federal register, July 14, 2020. It is possible for adjustments in the requirements to be made in the final version of the rule to be published at a later date. Comments can be submitted at regulations.gov by searching for “FAR Case 2019-009” then selecting “Comment Now.” SIA plans to submit comments from the association based on member feedback.

Questions or comments? Please contact Jake Parker, SIA senior director of government relations, at jparker@securityindustry.org.

The analysis provided in this message is for your reference only. Nothing herein creates or constitutes an attorney-client relationship or consists of legal advice. The information presented is not a substitute for obtaining legal advice from a qualified attorney or other professional advisor retained to represent you.