The federal government recently issued an interim rule, effective immediately, prohibiting the presence or use of the TikTok application in the performance of a contract. This rule continues the government’s actions against TikTok based on privacy and cybersecurity concerns raised by the links between the application’s parent company and the Chinese government. More specifically, the clause implements the No TikTok on Government Devices Act, which was enacted last December as part of the Consolidated Appropriations Act. Federal government contractors should be aware of the general TikTok ban and understand when and how it could apply to equipment used during the performance of a contract.
Background
ByteDance Limited (ByteDance) and TikTok have been the subject of U.S. government scrutiny for years over potential national security risks. Since the Chinese government enjoys significant latitude when it comes to Chinese companies, the U.S. government is concerned about possible use of the application by the Chinese government to spy on U.S. citizens and gain potential access to sensitive government information.
What Does the Rule Ban?
The new contract clause, FAR 52.204-27, bans “the presence or use of a covered application” on any IT owned or managed by the government or used or provided by a government contractor under a contract, including equipment provided by the contractor’s employees. “Covered applications” include: (i) TikTok, or (ii) any successor application or service developed or provided by ByteDance or an entity owned by ByteDance.
The prohibition applies broadly to various types of devices and contracts. In particular, the ban applies to all devices used in contract performance: government-owned devices, contractor-owned devices, employee-owned devices, and subcontractor-owned devices. This means any employee cell phones or laptops used to perform the contract—even if they are owned by the employee. Significantly, the rule explains that the TikTok ban does not apply to a contractor employee’s personally-owned cell phone as long as that phone is not used in the performance of the contract.
The prohibition also applies broadly across most types of contracts. As it relates to different types of contracts, the TikTok ban will be included in all future solicitations and contracts including:
- contracts at or below the Simplified Acquisition Threshold (SAT);
- contracts for the acquisition of commercial products, including Commercially Available Off-the-Shelf (COTS) items; and
- contracts for the acquisition of commercial services.
When and What Compliance is Required?
Contracting officers (CO) are now directed to include FAR 52.204-27 in (i) all solicitations issued on or after June 2, 2023, and (ii) any modification or option contract moving forward. Agencies are encouraged, but not required, to add FAR 52.204-27 prior to exercising the option to provide contractors with adequate time for compliance. In addition, by July 3, 2023, COs will modify solicitations issued prior to June 2, 2023 (where award will be made on or after July 3, 2023) and any existing indefinite delivery or indefinite quantity contract to include FAR 52.204-27.
While the FAR Council anticipates the rule will not have a significant economic impact on contractors, that remains to be seen. The FAR Council believes that contractors should be able to leverage their existing technological infrastructure to prohibit and remove TikTok on devices used under their government contracts. Indeed, many companies do already have the necessary technology in place to block access to unwanted or nefarious websites, prevent the download of prohibited applications, and remove downloaded applications. If your company does not have the relevant controls in place to comply with the rule, you should track any costs incurred that are reasonably associated with implementing the ban to your company’s IT if and when the clause is added to your contract. Indeed, you may be able to request an adjustment for these costs.
The FAR Council describes the efforts required by a contractor to update its technology policies to implement the prohibition to be “limited to an initial review of technology and policies.” Policies regarding the prohibition of TikTok will only require review periodically thereafter. This level of effort is much less onerous than previous prohibitions under the FAR that require frequent reviews of the supply chain. To meet these policy requirements, contractors should consider (1) updating their Code of Business Ethics or Employee Handbook with policies prohibiting downloading or using TikTok on any devices used to perform work on federal contracts and (2) providing employee training on the new requirement. Contractors are also required to insert the new clause in all subcontracts.
In addition to TikTok, ByteDance subsequently released other applications, including its new Lemon8 platform (similar to Instagram) which quickly became the second most downloaded app in the U.S. in April 2023. While the rule does not expressly prohibit Lemon8 from being on contractor IT, the application (and others from ByteDance) pose the same potential risks as TikTok. So, PilieroMazza recommends contractors ensure that their equipment does not contain these other applications at the same time as they address removing TikTok.
Key Takeaways
- Notify Employees. Contractors should immediately notify employees and subcontractors about the ban. Include a list of impacted personnel and contracts and provide instruction/direction for impacted employees to delete or uninstall TikTok on all covered devices.
- Update Policies. Contractors should update their technology and policies in compliance with this new prohibition.
- Identify All Areas of Application. Contractors should review existing contracts and attempt to identify all areas in which this prohibition likely applies. Contractors should understand requirements in the FAR and take steps to remove and prohibit TikTok from all IT that may be used in the performance of federal contracts.
- Track Costs. Although the costs are estimated to be negligible, contractors should track any non-negligible costs and notify the CO that you intend to seek an adjustment for these incurred costs if your contract is modified.
Parties who wish to submit comments on the interim rule must do so by August 1, 2023. If you have any questions about the new FAR clause or any other government contracts-related questions or need assistance drafting your Code of Business Ethics or other policies to comply with this rule, please contact Sarah Nash, Kevin Barnett, Annie Hudgins, or Daniel Figuenick III, the authors of this blog, or another member of PilieroMazza’s Labor & Employment or Government Contracts practice groups.