In the ongoing effort to strengthen the government’s cybersecurity infrastructure, on May 3, 2024, the Federal Acquisition Regulatory Council (“FAR Council”) issued an Advanced Notice regarding its upcoming proposed rulemaking under Federal Acquisition Regulation (“FAR”) Case No. 2023- 008 to implement Section 5949 of the 2023 National Defense Authorization Act (“2023 NDAA”). As enacted, Section 5949 will ban the government from purchasing products or services that include or use semiconductor technology from China and other covered nations starting from December 23, 2027. The semiconductor ban will impact all procurements. At present, Section 889 of the 2019 NDAA bans the purchase and use of Chinese telecommunications equipment and services by government contractors. Because semiconductor technology forms the essential building blocks to all modern electronic technology, the semiconductor ban is a continuation of the effort to secure both government and contractor information technology systems against the threats of espionage and sabotage by foreign adversaries. This brief alert addresses the FAR Council’s Advanced Notice. 

As stated in the Advanced Notice, Section 5949(a)(1)(A) will prohibit federal agencies from procuring or obtaining electronic products or electronic services that include covered semiconductor products or services, while Section 5949(a)(1)(B) will prohibit agencies from procuring or obtaining electronic products that use electronic products that include covered semiconductor products or services. “Part A,” as characterized by the FAR Council, would appear to ban the purchase of any product or services that include banned semiconductor technology (such as a laptop), whereas “Part B” would more broadly prohibit the purchase of any product (such as a system) that would need to use another product that includes or uses banned semiconductor technology. However, the “Part B” prohibition would only apply to electronic products that are used in “critical systems,” which are defined as national security systems involving intelligence and military activities, with authorization given to the Federal Acquisition Security Council or the Department of Defense to expand the scope.

“Covered semiconductor products or services” are defined as products or services that incorporate or use such a product that is designed, produced or provided by Semiconductor Manufacturing International Corporation (“SMIC”), ChangXin Memory Technologies (“CXMT”), Yangtze Memory Technologies Corp (“YMTC”), or any subsidiary, affiliate, or successor of the foregoing entities, as well by any entity owned or controlled by, or otherwise connected to, a “foreign country of concern” – namely, China, Russia, Iran, and North Korea. This list may be expanded by the Secretary of Defense or the Secretary of Commerce, in consultation with the Director of the National Intelligence or the Director of the Federal Bureau of Investigation. 

The FAR Council intends to apply the semiconductor ban to all procurements, including those below the simplified acquisition threshold and even the micro purchase threshold. There are no exceptions for commercial products and services or for commercial-off-the-shelf items. The FAR Council will propose rules to include the semiconductor ban in solicitations as well as in a new FAR contract clause. Solicitations will require offerors to certify that, after conducting a “reasonable inquiry,” they are not providing any covered semiconductor products or services to the government. The reasonable inquiry standard will likely be similar in application to that presently under Section 889 of the 2019 NDAA, thus obtaining certifications of compliance from suppliers will remain critical. The proposed contract clause, which the FAR Council intends to be a mandatory flow down provision to subcontractors providing electronic products, will continue the reasonable inquiry obligations and impose certain disclosure requirements, which if followed, may protect contractors from civil liability and questions about their present responsibility. Notwithstanding these apparent protections, it is not clear whether the proposed rule intends to use disclosures as means to create a safe harbor but, in any event, in some cases, a disclosure or certainly a failure to disclose will require the contractor to rework or replace any nonconforming products or services. Such costs, which could be significant, will be unallowable which would preclude contractors from seeking recovery pursuant to a request for equitable adjustment in the case of fixed price contracts or as a reimbursable cost under cost-type contracts. 

While there is still a ways to go between the forthcoming proposed rule, the final rule, and the December 23, 2027, effective date, contractors should take advantage of the time now to review their electronic product and service supply chains, consider the means by which they can conduct a reasonable inquiry as to any areas of potential noncompliance, and consider a proactive review of their sources of supply and contractual certification and indemnity provisions with subcontractors and suppliers of electronic products and services. Comments on the proposed rule, which we expect will be active, will be due within 60 days after its publication by the FAR Council. Nelson Mullins will continue to monitor this important national security issue.