/>iOn November 15, 2024, the Department of Defense (“DoD”) issued a long-awaited Proposed Rule to implement Section 1655 of the National Defense Authorization Act for Fiscal Year 2019.
Section 1655 prohibits DoD from acquiring technology, cybersecurity, industry control, or weapon system products or services unless the contractor provides certain disclosures. Specifically, per newly proposed Defense Federal Acquisition Regulation Supplement (“DFARS”) clauses (1) DFARS 252.239-70YY (Preaward Disclosure of Foreign Obligations-Representation) and (2) DFARS 252.239-70ZZ (Postaward Disclosure of Foreign Obligations), the contractor must disclose whether source code and/or computer code was shared with a foreign person or government, and must maintain its foreign obligation disclosures in the Electronic Data Access (“EDA”) system. Further, under DFARS 252.239-70ZZ, contractors will be required to flow down the requirement in subcontracts.
The disclosures must include:
- Whether, and if so, when, at any time after August 12, 2013, the Offeror/Contractor has allowed a foreign person or foreign government to review the source code for any product, system, or service that DoD is using or intends to use, or the computer code for any other than commercial product, system, or service developed for DoD.
- Whether, and if so, when, at any time after August 12, 2013, the Offeror is under any obligation to allow a foreign person or foreign government to review, as a condition of entering into an agreement for sale or other transaction with a foreign government or with a foreign person on behalf of such a government—
- The source code for any product, system, or service that DoD is using or intends to use; or
- The computer code for any other than commercial product, system, or service developed for DoD; and
- Whether or not the Offeror/Supplier holds or has sought a license pursuant to the Export Administration Regulations (15 CFR chapter VII, subchapter C) or the International Traffic in Arms Regulations (22 CFR chapter I, subchapter M) for information technology products, components, software, or services that contain computer code custom-developed for the other than commercial product, system, or service DoD is procuring, using, or intends to use.
Notably, this Proposed Rule comes more than six years after Congress initially enacted the requirement. This rulemaking action is part of a growing movement towards regulations targeting supply chain security, especially with a focus on foreign adversaries. We expect scrutiny towards foreign involvement with the government contract supply chain to continue to expand.
If this Proposed Rule is enacted as is, both contractors and subcontractors will have to be diligent in determining and reporting any relevant foreign involvement. Moving forward, contractors should enact internal procedures to regularly monitor any foreign involvement to ensure timely reporting. Failure to comply with these requirements may impact current and/or future awards. Contractors working with DoD and with ties to foreign governments should review the proposed rule and determine whether they may supply products, systems, or services that are covered in order to determine what disclosures may be required.
The comment period for the Proposed Rule is open through January 14, 2025. Comments can be submitted here or via email to osd.dfars@mail.mil.
Sidney Howe also contributed to this article.
