Authors
On May 3, 2024, the Federal Acquisition Regulatory Council (FAR Council) released an Advance Notice of Proposed Rulemaking (ANPRM) to implement parts of Section 5949 of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2023. Section 5949 prohibits the U.S. government from procuring certain semiconductor technology tied to named Chinese companies and possibly other foreign countries of concern, namely China, Russia, North Korea, and Iran. The final FAR clause will prohibit government contractors from selling products and services to the U.S. government that incorporate semiconductors from covered nations and will require contractors to conduct a reasonable inquiry into their supply chains to detect potential violations.
Regulatory and compliance challenges
Section 5949 of the FY 2023 NDAA directed that federal agencies may not directly procure or contract with an entity to procure or obtain any electronic parts, products, or services that include covered semiconductor products or services. This prohibition will take effect on December 23, 2027. The statute defines “covered semiconductor product or service” to include semiconductor parts, products, or services designed, produced, or provided by three Chinese companies—Semiconductor Manufacturing International Corporation (SMIC), ChangXin Memory Technologies (CXMT), and Yangtze Memory Technologies Corp (YMTC)—as well as their subsidiaries or affiliates. Electronics imported into the United States, including mobile phones, automobile parts, and networking equipment such as routers, switches, and modems, currently incorporate chips manufactured by these companies. Section 5949 also authorized the U.S. Secretaries of Defense and Commerce to include within the covered semiconductor ban semiconductor products or services provided by an entity owned, controlled by, or connected to the governments of Russia, North Korea, and Iran, which, in addition to China, are all identified in the statute as foreign countries of concern.
The ANPRM proposes a FAR clause that would apply broadly to all federal government solicitations and contracts, subject to a limited waiver. The clause would require contractors to conduct a reasonable inquiry to detect and avoid the use or inclusion of covered semiconductor products or services in electronic products and services provided to the government. As part of this reasonable inquiry, contractors may rely on certifications of compliance from those in their supply chains as well as “other mechanisms of diligence review depending on the facts and circumstances.” Diligence review will always be required for entities established or operated in foreign countries of concern, even if they certify compliance. Additionally, contractors must notify federal authorities within 60 days of learning of or suspecting the use of a covered semiconductor product or service. Further, if the contractor is a “covered entity” that develops—either domestically or abroad—a semiconductor design that is (1) a direct product of U.S. origin technology or software and (2) purchases from either SMIC or an entity designated by the government as connected to a foreign country of concern, it must disclose the use or inclusion of covered semiconductors in any electronic products or services rendered to the U.S. Government.
Section 5949 and the related implementing regulations seek to address national security threats to the U.S. supply chain and ensure that products and services purchased by the federal government are not susceptible to malicious hardware or software. But this could significantly restrict U.S. access to essential technologies. Although the federal government is working to boost domestic semiconductor production through historic investments in U.S. semiconductor capacity like the CHIPS and Science Act, which allocated billions in federal funding for semiconductor research, development, and production, reliable domestic alternative sources are still lacking. The FAR Council may ultimately mitigate these challenges in its final regulations by collaborating with the electronics industry to implement feasible options.
Despite the aforementioned hurdles related to domestic semiconductor production, federal contractors must still prioritize supply chain risk management to meet the Government’s compliance demands. While not required by statute, federal contractors may benefit from third-party audits or other formal reviews of their suppliers’ certifications of compliance. The FAR Council is also considering a requirement that contractors be able to trace the provenance of their semiconductor supply chain for any electronic product that would be provided to the U.S. Government. Contractors will need to establish reliable systems and procedures to track the suppliers and facilities involved in the design, fabrication, assembly, packaging, and testing of such products. Contractors will also need to implement ongoing compliance monitoring to timely detect and report any non-conforming products or services. Comments on the ANPRM submitted by the August 2, 2024 deadline are currently under review.