On June 2, 2023, the U.S. Government issued an interim rule that generally prohibits the presence or use of the social networking service TikTok or any successor application or service developed or provided by ByteDance Limited or an entity owned by ByteDance Limited on any information technology owned or managed by the government or used or provided by the contractor under a contract. The rule is implemented through a new Federal Acquisition Regulation (FAR) clause, FAR 52.204-27, Prohibition on a ByteDance Covered Application.

The TikTok ban comes from the "No TikTok on Government Devices Act" that was included in the Consolidated Appropriations Act, 2023 (Pub.L. 117-328), and the new FAR clause follows the implementing guidance issued by Office of Management and Budget (OMB) Memorandum M-23-13. The ban is being characterized as a national security measure to protect government information and technology systems and reflects Congress' ongoing efforts to limit the Chinese government's access to federal contractor supply chains. Although the interim rule was only passed recently, security concerns about TikTok have been ongoing since at least 2020, when the "No TikTok on Government Devices Act" was first introduced in the Senate.

Pursuant to FAR 52.204-27, federal government contractors are prohibited from having or using a "covered application" on any "information technology" owned or managed by the government or on any information technology used or provided by the contractor under this contract, including equipment provided by the contractor's employees. Covered applications are specifically defined as the "social networking service TikTok or any successor application or service" developed by ByteDance Limited. The term "information technology" (IT) is defined in 40 U.S.C.§ 11101(6) as:

  1. With respect to an executive agency means any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency, if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency that requires the use:
    1. Of that equipment; or
    2. Of that equipment to a significant extent in the performance of a service or the furnishing of a product;
    3. Includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware, and similar procedures, services (including support services), and related resources; but
    4. Does not include any equipment acquired by a federal contractor incidental to a federal contract.

The FAR council does not expect the rule to have a significant economic impact because contractors can use the technology they already have in place to block access to certain websites or applications.

That said, the OMB Guidance references the 40 U.S.C.§ 11101(6) definition and specifically notes that it reaches not only IT owned or operated by agencies but also IT used by a contractor under a contract with the executive agency that requires the use of that IT, whether expressly or "to a significant extent in the performance of a service or the furnishing of a product." And the definition does not "include any equipment acquired by a federal contractor incidental to a federal contract." According to the rule's commentary, it applies to "devices regardless of whether the device is owned by the Government, the contractor, or the contractor's employees (e.g., employee-owned devices that are used as part of an employer bring your own device (BYOD) program)." The ban does not cover personally owned devices not used in performing a federal contract.

Neither the OMB Guidance nor the rule's commentary explains what is meant by "required use" of the IT or "to a significant extent" in the performance of a service or furnishing a product. They also fail to explain what is meant by the exception for "equipment acquired by a federal contractor incidental to a federal contract." And neither provides additional guidance with regard to employee-owned devices. As a result, it is difficult to know exactly what equipment is covered and to what extent. The FAR Council is accepting comments until Aug. 1, 2023, so contractors should comment on the interim rule now. After the FAR Council reviews the comments, it will hopefully revise the interim clause to add clarity to these terms.

For now, the prohibition applies to all contracts, including contracts at or below the simplified acquisition threshold and contracts for commercial products, commercially available off-the-shelf (COTS) items, and commercial services. It does not apply to grants and cooperative agreements, and the contracting officer can waive the prohibition, in writing, in accordance with OMB Memorandum M-23-13. While the rule does not require a contractor "to review its supply chain" because the clause is a mandatory flow down, it must be included in all subcontracts at any tier moving forward.

FAR 52.204-27 was effective in all solicitations issued on or after June 2, 2023. Contracting officers must incorporate it when exercising an option or extending a contract's period of performance and will be modifying all existing indefinite delivery indefinite quantity contracts by July 3, 2023, to ensure it applies to future orders.

Taft summer associate Lizzy Dobbins contributed to this article.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.