United States: Agencies Release Interim Final Rule Implementing First Phase of 2019 NDAA Section 889

Key Points

  • On August 7, the DOD, GSA, and NASA released a prepublication version of an Interim Final Rule implementing paragraph (a)(1)(A) of § 889 of the 2019 NDAA. The rule is effective next Tuesday, August 13, 2019.
  • Among its other notable provisions, the rule (1) adds new definitions of "critical technology" and "substantial or essential component"; (2) sets forth determinations necessary to apply the new rule's restrictions to acquisitions (a) below the SAT, and for (b) Commercial Items, and (c) COTS items; and (3) imposes one-day and 10-day reporting requirements in the event contractors discover the use of covered equipment or services in the course of contract performance.
  • Companies affected by the rule should immediately take account of the requirements effective August 13, 2019, and consider filing public comments to weigh in on various provisions in the rule. The agencies will publish a notice in the Federal Register inviting public comments (OMB Control Number 9000-0199) during a 60-day period following publication of the Interim Final Rule, i.e., until approximately early- to mid-October, 2019.

Introduction and Background

On Wednesday August 7, 2019, the Federal Acquisition Regulatory (FAR) Council (comprised of the Department of Defense (DOD), the General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA), collectively, "the agencies") issued a prepublication version of an Interim Final Rule implementing the first phase of § 889 of the National Defense Authorization Act of 2019 ("2019 NDAA").

Section 889 of the 2019 NDAA generally prohibits federal agencies, federal contractors, and grant or loan recipients from procuring or potentially using—without a waiver or exemption—certain "covered telecommunications equipment or services," specifically those produced by Huawei Technologies Company and ZTE Corporation and, with respect to certain public safety or surveillance applications, Hytera Communications Corporation, Dahua Technology Company, and Hangzhou Hikvision Digital Technology Company—as a "substantial or essential component of any system, or as critical technology as part of any system."

Broadly speaking, § 889's prohibitions become effective in two phases:1

  • First, under § 889(a)(1)(A), as of one year following the enactment of the 2019 NDAA, i.e., by August 13, 2019, federal executive agencies may not themselves "procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system."
  • Second, under § 889(a)(1)(B), as of two years following enactment, i.e., by August 13, 2020, federal executive agencies may not "enter into a contract (or extend or renew a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system."

Key Provisions

In the prepublication version of the Interim Final Rule released Wednesday, the FAR Council set forth revisions and additions to the FAR to implement paragraph (a)(1)(A) of § 889 of the 2019 NDAA. As described below, the rule—which will be effective as published as of next Tuesday, August 13, 2019—imposes new, affirmative requirements for U.S. government contractors (regardless of agency) that may involve new forms of diligence and compliance controls.


The rule implements the provisions of § 889 through two additions to the FAR: FAR 52.204-24 "Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment," and FAR 52.204-25 "Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment."

Under the rule, contracting officers shall:

  • Include these new FAR provisions and clauses (1) in solicitations issued on or after August 13, 2019, and resultant contracts; and (2) in solicitations issued before August 13, 2019, provided award of the resulting contract(s) occurs on or after August 13, 2019.
  • Modify, in accordance with FAR 1.108(d),2 existing indefinite delivery contracts to include the FAR clause for future orders, prior to placing any future orders. Further, if modifying an existing contract or task or delivery order to extend the period of performance, including exercising an option, contracting officers shall include the clause in accordance with FAR 1.108(d).
  • Include new provision FAR 52.204-24 in all solicitations for an order or notices of intent to place an order, including those issued before August 13, 2019, where performance will occur on or after that date under an existing indefinite delivery contract.

Importantly, prime contractors should ensure that they carefully collect and track costs of compliance with these new provisions for existing contracts. The cost of compliance with a new contract provision will be recoverable on both fixed-price and cost-reimbursement contracts. Contracts should be carefully reviewed to identify the cost of compliance in any modification seeking to add these clauses.

Further, pursuant to determinations described in the Interim Final Rule, the new FAR clauses will apply to contracts at or below the Simplified Acquisition Threshold (SAT), as well as Commercial Items and Commercially Available Off-the-Shelf Items (COTS). According to the FAR Council, although § 889 does not address acquisitions of commercial items or COTS, "there is an unacceptable level or risk" of purchasing and using covered equipment and services that "is not alleviated by" the availability of the same items to the general public or the small size of the purchase (i.e., at or below the SAT). As a result, the rule warns that agencies "may face increased exposure for violating the law and unknowingly acquiring" banned items absent this additional coverage.

Reporting and Certification

Under FAR 52.204-24, each offeror must provide a representation that "It [ ] will, [ ] will not provide covered telecommunications equipment or services to the Government in the performance of any contract, subcontract or other contractual instrument resulting from this solicitation." If the offeror responds affirmatively (i.e., that it will provide such items or services), the offeror shall further provide the following information as part of its offer:

  • All covered telecommunications equipment and services offered (include brand; model number, such as original equipment manufacturer (OEM) number, manufacturer part number or wholesaler number; and item description, as applicable)
  • Explanation of the proposed use of covered telecommunications equipment and services and any factors relevant to determining if such use would be permissible under the prohibition in paragraph (b) of this provision
  • For services, the entity providing the covered telecommunications services (include entity name, unique entity identifier, and Commercial and Government Entity (CAGE) code, if known)
  • For equipment, the entity that produced the covered telecommunications equipment (include entity name, unique entity identifier, CAGE code and whether the entity was the OEM or a distributor, if known).

Under FAR 52.204-25, contractors must also satisfy, pursuant to subparagraph (d), certain reporting requirements in the event that they identify the "use" of covered telecommunications equipment or services during contract performance or the contractor is made aware of the use of the same by a subcontractor at any tier or by any other source. Notably, the rule does not specify whether such "use" must be that of the procuring agency or the contractor itself (or for that matter any other party, and whether or not involved in activities related to contract performance).

One-Business Day Reporting Requirement – In such case, FAR 52.204-25 requires the contractor to report the information to the contracting officer within one business day from the date of such identification or notification and identify in such report the contract number; the order number(s), if applicable; supplier name; supplier unique entity identifier (if known); supplier CAGE code (if known); brand; model number (OEM number, manufacturer part number or wholesaler number); item description; and any readily available information about mitigation actions undertaken or recommended.

Ten-Business Day Reporting Requirement – FAR 52.204-25 further requires within ten business days a report of information containing "any further available information about mitigation actions undertaken or recommended." Further, the contractor must "describe the efforts it undertook to prevent use or submission of covered telecommunications equipment or services, and any additional efforts that will be incorporated to prevent future use, or submission of covered telecommunications equipment or services."

Finally, under paragraph (e) of FAR 52.204-25, contractors must flow down the substance of the clause, including paragraph (e), to all subcontractors at all tiers, "including [in] subcontracts for the acquisition of commercial items" (i.e., flow down would not be required to COTS subcontracts). Notably, this flowdown requirement appears only in FAR 52.204-25. However, while contractors are accordingly not required, as a matter of law, to obtain certifications required by FAR 52.204-24 from subcontractors and suppliers in their supply chain, they would be wise to do so.


Building on the prohibitory language of § 889, the rule adds two important definitions clarifying the scope of covered items and services.

"Critical Technologies"

First, the rule adopts the definition of "critical technologies" included in the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) (Section 1703 of Title XVII of the 2019 NDAA, Pub. L. 115-232, 50 U.S.C. § 4565(a)(6)(A)).

As we previously discussed in our coverage of FIRRMA,3 "critical technology" is essentially any technology on an export control list, primarily the U.S. Munitions List (USML) (sensitive military items) (Part 121.1 of the International Trafficking in Arms Regulations (ITAR)) or the Commerce Control List (CCL) (commercial, dual-use and less sensitive military items) (Supp. No. 1 to Part 774 of the Export Administration Regulations (EAR)). If it is not listed, then it is not a "critical technology." Critical technologies will eventually include now-uncontrolled "emerging and foundational" technologies essential to national security that are identified through a regular order interagency process and, after a public notice-and-comment process, identified on an export control list.

In its explanation for adopting the FIRRMA definition, the agencies note that § 889 and FIRRMA have similar objectives (i.e., ensuring U.S. national security from "certain risks regarding foreign actors") and that consistency in effectuating those objectives is crucial. The agencies acknowledge that some elements of "critical technology," as so defined, "may not raise concerns" with respect to covered telecommunications equipment or services (e.g., export controlled agents or toxins). However, they assert that "the majority of identified categories in the FIRRMA definition . . . include or could potentially include covered telecommunications equipment or services," and that "[s]ince the prohibition does not apply if no covered telecommunications equipment or services are present, a definition that includes [additional, unrelated categories] is overbroad in a way that incurs no additional cost, and ensures the benefits of consistency with other Government efforts."

Notably, this definition necessarily excludes items subject to U.S. export controls and controlled for only Anti-Terrorism (AT) reasons. Rather, it includes items "included on the Commerce Control List" and "controlled . . . [p]ursuant to multilateral regimes, including for reasons relating to national security, chemical and biological weapons proliferation, nuclear nonproliferation, or missile technology; or [f]or reasons relating to regional stability or surreptitious listening." As a result, is unclear whether the rule prohibits the acquisition or use of networking equipment and electronics devices (e.g., handsets) commonly classified under Export Control Classification Numbers (ECCN) 5A991 and 5A992 (or other similarly controlled product groups), which are controlled only for AT reasons and would accordingly not qualify as "critical technology."

"Substantial or essential component"

Second, and without similar elaboration, the rule defines "substantial or essential component" to mean "any component necessary for the proper function or performance of a piece of equipment, system, or service." The rule does not define the term "necessary" or "proper function," leaving an open question how strictly those terms will be interpreted and applied.

Other key terms not defined

Notably, the rule leaves undefined other key terms that generated commentary and concern among industry stakeholders through DOD's early engagement comment period and other public meetings. For example, the rule does not define or clarify the scope of the terms "affiliate or subsidiary," "uses" or "system(s)." These terms, among other provisions, may receive additional attention and commentary during the public comment period and produce additional clarifying guidance in the agencies' Final Rule.

Call for Comments

Although the rule is effective as of August 13, 2019, the agencies will accept comments from interested parties for 60 days after the publication of the rule in the Federal Register, i.e., approximately early- to mid-October depending on when the rule is officially published, for consideration in the formation of the final rule.

Conclusions and Recommendations

Section 889 and its forthcoming FAR counterparts impose significant, and in some cases novel, compliance obligations for U.S. government contractors and subcontractors. Companies who sell to the federal government directly or indirectly should immediately review and assess their exposure under the rule in preparation for the August 13, 2019 effective date. In the following days and weeks, affected companies should also consider submitting public comments to provide feedback and direction on various aspects of the rule. This feedback will be of critical importance in generating guidance on as-yet undefined terms and requirements in the eventual Final Rule.


1 Section 889(b)(1), also effective August 13, 2020, further provides that executive agencies "may not obligate or expend loan or grant funds to procure or obtain, extend or renew a contract to procure or obtain, or enter into a contract (or extend or renew a contract) to procure or obtain the equipment, services, or systems described in subsection (a)."

2 FAR 1.108(d) provides:

(d) Application of FAR changes to solicitations and contracts. Unless otherwise specified-

(1) FAR changes apply to solicitations issued on or after the effective date of the change;

(2) Contracting officers may, at their discretion, include the FAR changes in solicitations issued before the effective date, provided award of the resulting contract(s) occurs on or after the effective date; and

(3) Contracting officers may, at their discretion, include the changes in any existing contract with appropriate consideration.

3 The CFIUS Reform Legislation—FIRRMA—Will Become Law on August 13, 2018 (Aug. 10, 2018), https://www.akingump.com/en/news-insights/the-cfius-reform-legislation-firrma-will-become-law-on-august-13.html.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions