Interim Rule Establishes New Supply Chain Diligence Requirements for Contractors

The interim rule allows the FASC to issue both “exclusion” and “removal” orders (collectively, “FASCSA orders”). Exclusion orders apply during the procurement process to prohibit contractors from offering covered articles or services. Removal orders require contractors to physically remove any prohibited equipment/products from an executive agency information system (even during contract performance). Thus, as of December 4, contractors will need to take steps to ensure that they are not offering or providing such prohibited products and services under their government contracts. No FASCSA orders have been issued yet, but once orders are issued, the interim rule instructs that FASCSA orders will be identified on SAM.gov and in solicitations.

The interim rule goes into effect on December 4, 2023, and requires the new FAR clauses to be incorporated into all solicitations and contracts (including orders and modifications) issued after December 4, 2023.

New FAR Clauses and Obligations
The new FAR clauses implementing these changes will apply to all contracts including contracts below the simplified acquisition threshold, contracts or orders for commercial products or services (including commercial off-the-shelf items), and orders under indefinite delivery, indefinite quantity contracting vehicles. Below, we summarize the three new FAR clauses.

FAR 52.204-28, Federal Acquisition Supply Chain Security Act Orders – Federal Supply Schedules, Governmentwide Acquisition Contracts, and Multi-Agency Contracts requires contractors to comply with FASCSA orders and to remove any covered articles or products or services subject to a FASCSA order when notified of the order by the contracting officer. This clause is required in solicitations and contracts under all Federal Supply Schedules, Governmentwide Acquisition Contracts and multi-agency contracts when FASCSA orders will be applied at the task- or delivery-order level.

FAR 52.204-29, Federal Acquisition Supply Chain Security Act Orders – Representation and Disclosures requires offerors to represent that they will not provide or use as part of performance of the contract any named covered article, or any products or services from a named source subject to an applicable FASCSA order or disclose any such articles used in order to request a waiver.

Under FAR 52.204-29, submission of an offer constitutes an offeror’s representation that it has conducted “a reasonable inquiry” and determined that it does not propose to provide or use as part of performance any prohibited covered articles or products or services subject to the applicable FASCSA orders. FAR 52.204-30 defines a “reasonable inquiry” as “an inquiry designed to uncover any information in the entity’s possession about the identity of any covered articles, or any products or services produced or provided by a source,” but does not include “an internal or third-party audit.”

Offerors that are not able to make this representation may seek a waiver. Offerors must disclose all pertinent information in their bid, as laid out in paragraph FAR 52.204-29Waivers are discretionary, and the government will use this information to determine whether a waiver is appropriate.

FAR 52.204-30, Federal Acquisition Supply Chain Security Act Orders-Prohibition prohibits contractors from providing or using in the performance of the contract any named covered article, or any product or service, covered by a FASCSA order (unless under a waiver). This clause must be flowed down to all subcontracts (except for the requirement to continuously monitor SAM.gov for additional FASCSA orders).

Per the interim rule, solicitations issued after December 4, 2023, will include the new FAR clause that requires contractors to adhere to the prohibition on the provision or use of covered articles or sources during contract performance.  Contracting officers are instructed, within six months of December 4, 2023, to amend existing indefinite delivery, indefinite quantity contracts to include the new clause. The clause, however, only prohibits articles or sources identified as being restricted at the time of the solicitation and any prohibitions on new sources or articles are only effective through contract modification. The interim rule requires contracting agencies to modify contracts within six months should applicable FASCSA orders be identified after issuance of a solicitation or contract.

FAR 52.204-30 also imposes a continual monitoring and reporting obligation on contractors. Specifically, contractors are required to check SAM.gov at least once every three months (or more as advised by the contracting officer) to determine if new FASCSA orders that are not identified in the contract apply to their supply chains. If a contractor identifies a new FASCSA order that could impact its supply chain, it must conduct a reasonable inquiry to determine whether a covered article or product or service produced or provided by a source subject to the FASCSA order(s) was provided to the government or used during contract performance.

If a contractor discovers that a covered article, product or service produced or provided by a source is subject to a new FASCSA order and was provided to the government or used during contract performance, the contractor is required to report it to the contracting officer within three business days with basic information on the product or service. (If it is a Department of Defense agency, the contractor must report to the Defense Industrial Base Cybersecurity Portal.) Within 10 business days, the contractor must update that report to include the contractor’s additional mitigation efforts. Subcontractors are required to make the same report to the prime contractor, who then must notify the contracting officer.

As demonstrated above, the interim rule requires significant monitoring by contractors of their supply chains. Contractors should take heed of the internal burden such monitoring may require, both in terms of allocating personnel and costs. Failure to comply with these obligations could result in significant consequences including contract termination and liability under the False Claims Act. In addition, contractors who identify issues through their monitoring must be prepared to act very quickly to report and mitigate these issues. This could present additional business challenges, especially given the fact that, to date, no FASCSA orders have been issued, so contractors do not yet know which products or services may be subject to exclusion or removal. In recent years, the government has implemented other prohibitions including those related to certain telecommunications equipment and services, unmanned aircraft systems and semiconductors. (See the National Defense Authorization Act for Fiscal Year 2019, Section 889; National Defense Authorization Act for Fiscal Year 2020, Section 848; and National Defense Authorization Act for Fiscal Year 2023, Section 5949.) It is possible that FASCSA orders could expand prohibitions in these areas and introduce prohibitions related to additional products and services. Thus, contractors should begin taking steps now to ensure compliance with the interim rule’s requirements, including:

• Prepare to incorporate the new FAR clauses into subcontracts at all levels,
• Communicate with subcontractors and suppliers about these new reporting and monitoring requirements,
• Review and update internal policies and procedures and confirm capability to conduct “reasonable inquiry” in a timely manner,
• Designate and train an oversight team or point person to manage and conduct FASCSA order monitoring, and
• Consider whether to seek cost adjustments in connection with any contract that is modified to include these clauses.