In October 2020, we wrote about a memorandum issued by the now former Director of National Intelligence (DNI), John Ratcliffe, which waived the requirement that Department of Defense (DOD) contractors comply with Part B of Section 889 of the National Defense Authorization Act for Fiscal Year 2019 until September 30, 2022. Unless another waiver is granted, full compliance with Section 889, Parts A and B, will be required starting October 1st for all DOD contracts.
Essentially, Section 889 is a broad prohibition of the use of any covered Chinese technology that poses a threat to U.S. cybersecurity and national security. For a quick overview, Section 889 is divided into two parts:
- Part A is established at Federal Acquisition Regulation (FAR) 52.204-24, -25, and -26. It prohibits the government from procuring telecommunications equipment or services where a substantial or essential component of those goods or services is sourced from Huawei Technologies Company, Hangzhou Hikvision Digital Technology Company, Hytera Communications Company, Dahua Technology Company, or ZTE Corporation.
- Part B, though referenced in the FAR subsections above, still does not have final regulations to describe the full scope of the law’s applicability or the nuances of its application. Under Part B, no agency can enter a contract with a contractor that is using the prohibited equipment or services in any aspect of its business, even if that use is unrelated to the company’s federal contracts.
Given how broad Part B is for the government contracting community, it is surprising that a final rule on the specifics of Part B’s application is now over a year late. Indeed, the Defense Acquisition Regulations Council originally tasked the Acquisition Technology & Information FAR Team with reviewing public comments and drafting a final FAR rule for Part B by May 2021. That deadline was extended to November 2, 2022, due to the large number of comments that were submitted and the discovery of a vast number of unintended consequences that a sweeping application of Part B would entail.
Regarding Section 889 waivers, the heads of executive agencies are authorized to grant one-time waivers to entities on a case-by-case basis under Section 889(d)(1), but only until August 13, 2022. As a result, any current agency-based waivers are arguably ineffective because Congress did not give the agency authority to grant such waivers. Only the DNI has the authority to grant longer waivers. The DNI has already granted a waiver in the case of the U.S. Agency for International Development, which, through September 30, 2028, is allowed to utilize internet and phone services from covered Chinese companies, but only for overseas contracts that directly relate to the agency’s overseas missions where no other technology is available.
With the DNI’s waiver for DOD expiring on October 1st, Part B is in effect with limited exception, even though we are still awaiting final regulations. Agencies and contractors are expected to remain compliant and to continue avoiding the use of any covered technology associated with the prohibited Chinese companies.
If you have questions about Section 889 compliance and its impact for your business, please contact Cy Alba, the author of this client alert, or a member of PilieroMazza’s Government Contracts or Cybersecurity & Data Privacy practice groups.
Special thanks to Ustina Ibrahim for her assistance with this client alert.