Key Details: In June 2023, the Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA) published an interim rule called "Prohibition on a ByteDance Covered Application". Effective June 2, 2023, Contracting Officers (COs) shall include Federal Acquisition Regulation (FAR) 52.204-27 in solicitations issued on or after June 2, 2023. Additionally, agencies were instructed to have this FAR clause in existing indefinite delivery, indefinite quantity contracts by July 3, and when agencies decide to exercise an option or modify an existing contract to extend the performance period.
This follows recent efforts to safeguard data and places a ban on TikTok and other associated ByteDance applications on equipment used in connection with the performance of a federal contract. Government contractors are encouraged to read the interim rule thoroughly to understand the scope as it was effective in June. Businesses are also encouraged to contact Ryan & Wetmore for further information and expertise regarding your business growth journey.
Background on the Rule
This interim rule is set to implement the "No TikTok on Government Devices Act" and the guidance under OMB M-23-13, dated February 27, 2023, titled "No TikTok on Government Devices." As such, the rule revises the FAR and implements this prohibition on "covered applications" to safeguard government contractor supply chains and limit outside access.
What Does the Ban Cover?
Covered applications include the social networking platform, TikTok, and any associated successor application, software, or service developed or provided by ByteDance Limited. Covered applications also include entities owned by ByteDance Limited.
As noted earlier, this rule prohibits the presence and use of covered applications in equipment used by government contractors and their employees during the performance of a government contract. This includes information technology systems and devices provided by the government, the contractor, or employees. As such, the prohibition applies to any device regardless of ownership.
Additionally, the FAR Council's commentary on the rule notes that contractors must prohibit the presence or use of the TikTok website or URLs associated with the covered application.
Who is Impacted?
This rule impacts all prime contractors. This includes contracts below the simplified acquisition threshold and contracts used to acquire commercial products and services. Also, prime contractors must flow down the FAR clause to all subcontractors, regardless of the subcontracting tier. As such, the FAR clause will be included by COs in all solicitations, awards, modifications, or extensions issued after June 2. Government contractors are encouraged to thoroughly review their contracts as this rule was effective in June.
It is important to note that FAR 52.204-27 does not apply to all information technology that contractors may use when performing on a government contract. The prohibition placed on information technology under the rule and associated language covers information technology that executive agencies require the contractor to use either specifically or to some significant extent during the performance of the contract. Federal agencies are to specify the requirements of information technology in their statements of work.
Exceptions
Contractors should note that equipment acquired incidental to a federal contract and equipment that is personally owned (like cell phones) that are not used during the performance of the relevant contract are excluded from this rule.
How Government Contractors Can Prepare
As the new FAR clause is included in contracts, businesses are encouraged to perform the following steps to ensure compliance:
- Identify covered applications on information technology devices used during contract performance.
- Disallow installation of covered applications on information technology devices used on the performance of a contract.
- Prohibit internet traffic from information technology devices used during the performance of a contract to covered applications.
- Review internal policies and procedures regarding IT and cybersecurity.
- Update your Company's cybersecurity policies and procedures to include the prohibition of covered applications on devices.
- Perform an internal review of your cybersecurity infrastructure to determine compliance gaps.
- Train employees on government contracts to follow cybersecurity policies and procedures.
- Communicate with employees about what devices are impacted by the prohibition.
For further information and expertise, contact Ryan & Wetmore today.
Today’s Thought Leaders
About Peter Ryan
Partner, Co-founder, & CPA
Peter T. Ryan co-founded Ryan & Wetmore in 1988 with business partner Michael J. Wetmore. Peter provides clients with the best strategies for success. His expertise extends across various industries. Peter obtained a Master of Business Administration in Finance from the University of Baltimore and a Bachelor of Arts in Accounting from the Catholic University of America.
About Rosie Cheng
Finance Consultant
Rosie Cheng is a Finance Consultant at Ryan & Wetmore. She focuses on government contracting services and produces many of the firm’s government contracting newsletters. Rosie graduated from Georgetown University with a Master of Science in Management and from William and Mary with a Bachelor of Business Administration.