The FAR Councils has implemented a new rule that aims to limit Chinese government access to government contractor supply chains. Below, we’ll address the most common questions and provide helpful compliance tips to help you stay on track with your business compliance.
What’s included in the ban?
The TikTok ban encompasses any “covered application,” such as TikTok or its successor applications by ByteDance Limited, a privately held company based in Beijing, China. Contractors are prohibited from having or using these applications on any “information technology” used in the performance of a government contract. It applies to various types of contracts, including those below the micro-purchase threshold, contracts for commercial products and services, and COTS items.
Are there any exceptions?
Yes, there are a few exceptions to the ban. Devices that are “incidental to a Federal contract” are not covered by the rule. While the rule doesn’t define “incidental,” it may include technology used for indirect activities like payroll or human resources functions. Limited exceptions also apply to law enforcement activities, national security interests and activities, and security research. Moreover, there is a waiver process available.
When does compliance start?
Compliance has already started! The new rule requires the inclusion of FAR 52.204-27 in all solicitations issued after June 2, 2023. Additionally, many existing contracts have likely been amended to include the clause in future options and orders. Although, right now, may be a phase-in period to come into compliance, we strongly recommend that contractors take steps right away to ensure they are compliant. The deadline for submitting comments on the rule is August 1st, so there might be some clarifications or revisions to look forward to.
Does the rule cover every employee-owned device?
No, the rule only applies to devices used in the performance of a federal contract. For example, employee-owned devices used as part of an employer’s “bring your own device” (BYOD) program are covered, but personally owned mobile devices not used for work are exempt. So, you can still enjoy TikTok on your personal device when you’re off the clock!
How challenging is compliance?
Don’t worry, compliance isn’t overly burdensome. Regulators anticipate that most contractors can leverage their existing technologies, policies, and procedures and update them to include the TikTok prohibition. Many businesses already use internal controls to block access to certain websites or prevent employees from downloading specific applications. Compliance primarily involves reviewing your technology and policies for TikTok or any successor application or service, followed by periodic compliance checks.
Do contractors need to monitor their supply chains for compliance?
No, you don’t have to worry about monitoring your supply chains for compliance. The rule explicitly states that “changes made by this rule do not require a contractor to review its supply chain.” A simple subcontractor flow down should be sufficient. This is a notable difference compared to more stringent prohibitions like the Section 889 Chinese telecommunication ban in FAR 52.204-25, which necessitates active supply chain oversight.
How will compliance be enforced?
The interim rule and the FAR clause do not specify how the government will enforce the TikTok ban. Unlike previous supply chain bans, contractors are not required to certify their compliance or report any non-compliance discovered during performance. Additionally, contractors are not responsible for supply chain implementation. Therefore, we don’t expect the TikTok ban to be a significant enforcement area for regulators. It’s more likely to come up during larger audits or enforcement inquiries.
To help you meet the compliance requirements smoothly, here are some tips to consider:
- Update your employee handbook and technology policies to prohibit TikTok use on any contractor information system or employee-owned device used for federal contracts.
- Take steps to block TikTok on company-issued phones and monitor for any TikTok use through your system administration.
- Consider amending employee policy or compliance attestations to include the TikTok ban.
- Ensure the mandatory flow-down of the clause by including it in your standard terms and conditions or subcontracts.
- Analyze the exceptions carefully. If your organization needs to preserve access to TikTok on certain systems incidental to federal contracts, consult with legal counsel to ensure compliance with the interim rule.
We hope these insights and compliance tips have shed some light on the TikTok ban for federal contractors. Stay tuned for any updates and clarifications that may arise. Remember, compliance can be achieved with the right policies and procedures in place. If you have any further questions, feel free to reach out. We are always happy to help our small business community in keeping compliant.