Earlier this month, the Federal Acquisition Regulatory Council (“FAR Council”) issued an advanced notice of proposed rulemaking (ANPR) to implement parts of Section 5949 of the National Defense Authorization Act (NDAA) for Fiscal Year 2023 designed to impose new restrictions on the sale and use of certain semiconductor technology. Once the relevant Federal Acquisition Regulation (FAR) clause is finalized, it will prohibit government contractors from selling to the U.S. government products and services that incorporate semiconductors produced, designed, or provided by specified Chinese companies and other companies that the U.S. Government considers to be national security threats.

The Underlying Legislation

Section 5949 of the FY 2023 NDAA directed that federal agencies “may not (A) procure or obtain, or extend or renew a contract to procure or obtain, any electronic parts, products, or services that include covered semiconductor products or services; or (B) enter into a contract (or extend or renew a contract) with an entity to procure or obtain electronic parts or products that use any electronic parts or products that include covered semiconductor products or services.” “Covered semiconductor products or services” was defined in the statute to include semiconductor parts, products, or services designed, produced, or provided by the Chinese companies Semiconductor Manufacturing International Corporation (SMIC), ChangXin Memory Technologies (CXMT), Yangtze Memory Technologies Corp (YMTC), or their subsidiaries or affiliates. Many types of electronics imported into the United States (including mobile phones, networking equipment, and automobile parts) currently incorporate chips manufactured by these companies. Section 5949 also authorizes the Secretaries of Defense and Commerce to include within the covered semiconductor ban other products or services provided by an entity owned, controlled by, or connected to the government of a “foreign country of concern,” which are currently China, Russia, North Korea, and Iran.

Under Part B of Section 5949, federal agencies are prohibited from procuring not only the covered semiconductor products or services themselves, but also any “electronic parts or products that use any electronic parts or products that include covered semiconductor products or services.” In other words, Part B focuses further down the supply chain of electronic parts and products purchased by government agencies. However, this Part of Section 5949 only applies to products or services where the covered semiconductor products or services are used in “critical systems,” which the statute identifies as telecommunications or information systems operated by the government for certain defense, intelligence, or national security activities.

The Section 5949 ban is part of Congress’s continuing focus on and concern with China’s manufacturing capabilities, including its growing semiconductor capabilities, and an attempt to ensure that products and services purchased by the government are not susceptible to hardware backdoors or malicious firmware or software that could be introduced during semiconductor manufacturing.

The Proposed Implementing Regulations and Timing Considerations

The ANPR was issued on May 3, 2024. It solicits comments from industry and other interested parties, which must be submitted prior to July 2, 2024. Comments will be considered and potentially incorporated into the FAR Council’s final rule, which, per Section 5949, must be issued by December 23, 2025. The prohibition will go into effect as of December 23, 2027. Government purchases prior to that date will not be subject to the restrictions, nor is there any requirement to “rip and replace” covered semiconductor products from any existing equipment.

Important Takeaways from the Proposed Rule

1. Revised and clarified definition of relevant terms. The ANPR fills in some gaps in the definitions of key terms such as “covered semiconductor product or service,” “covered entity,” and “critical systems,” in a manner that is consistent with, but arguably slightly more expansive than those in Section 5949.

• A “covered semiconductor product or service” is defined as “[a] semiconductor, a semiconductor product, a product that incorporates a semiconductor product, or a service that utilizes such a product, that is designed, produced, or provided by” SMIC, CXMT, YMTC, “or any subsidiary, affiliate or successor of such entities” or “by an entity that the Secretary of Defense or the Secretary of Commerce, in consultation with the Director of the National Intelligence or the Director of the Federal Bureau of Investigation, determines to be an entity owned or controlled by, or otherwise connected to, the government of a foreign country of concern, provided that the determination with respect to such entity is published in the Federal Register.”
• A “covered entity” is one that “[d]evelops, domestically or abroad, a design of a semiconductor that is the direct product of United States origin technology or software; and [p]urchases covered semiconductor products or services from [either SMIC or an entity designated by the government as controlled by or connected to a foreign country of concern. (CXMT and YMTC entities are not included in this definition.)
• A “critical system” includes “national security systems (as defined in 40 U.S.C. 11103(a)(1) to include telecommunications and information systems used for intelligence, cryptological activities related to national security, military command and control, weapons systems components or critical military or intelligence functions); or additional systems identified by the Federal Acquisition Security Council or by the Department of Defense. Systems “used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications)” are not encompassed by the definition.

A specific definition is also provided for the term “semiconductor,” based on the implementing regulations for the Creating Helpful Incentives to Produce Semiconductors (CHIPS) Act:

Semiconductor means an integrated electronic device or system most commonly manufactured using materials including, but not limited to, silicon, silicon carbide, or III-V compounds, and processes including, but not limited to, lithography, deposition, and etching. Such devices and systems include, but are not limited to, analog and digital electronics, power electronics, and photonics, for memory, processing, sensing, actuation, and communications applications.

2. Requirement for compliance certification by all offerors on government procurements based on their “reasonable inquiry.” The ANPR proposes a clause to be included in all solicitations “that would require offerors to certify, after conducting a reasonable inquiry, to the non-use of covered semiconductor products or services in electronic products or electronic services provided to the Government.” The term “reasonable inquiry” is defined as “an inquiry designed to uncover any information in the entity’s possession about whether any electronic products or electronic services that are provided to the Government—(1) Include covered semiconductor products or services; or (2) Use electronic products that include covered semiconductor products or services.” Helpfully, the definition goes on to state that, as part of the reasonable inquiry, contractors are able to rely on certifications of compliance from those in their supply chain who provide electronic products or services. The FAR Council makes clear that a reasonable inquiry does not have to include a formal audit or review, but may include “other mechanisms of diligence review depending on the facts and circumstances.” Diligence review is always required for entities “established or operated in foreign countries of concern,” even if they have provided a compliance certification.

3. Proposed FAR clause requirements for direct contractors. In addition to the solicitation provision, the ANPR describes the elements of the FAR contract clause it plans to include in the final rule and incorporate into future government contracts. This clause would require federal contractors to:

• abide by the Section 5949 Part A prohibition on the sale of electronic products or services that include covered semiconductor products or services to federal government agencies;
• comply with the Section 5949 Part B prohibition with respect to “electronic parts or products that use any electronic parts or products that include covered semiconductor products or services,” but only for “critical systems”;
• conduct a reasonable inquiry to detect and avoid the use or inclusion of covered semiconductor products or services in electronic products and services sold to the government; and
• incorporate the substance of the Section 5949 prohibitions and applicable FAR clauses into all subcontracts for the supply of any electronic products.

4. Proposed FAR clause requirements applicable to both contractors and subcontractors. Both federal contractors and subcontractors would be required to notify federal authorities within 60 days of becoming aware of actual or suspected inclusion of covered semiconductor products or services in a critical system. Also, if the contractor or subcontractor is a “covered entity,” it must affirmatively “disclose to direct customers the inclusion of a covered semiconductor product or service in electronic products or electronic services” that it sells. Failure to provide such notice means that the covered entity is responsible for any rework or corrective action required to remedy the inclusion of the covered product or service.

Based on these requirements, all federal government contractors and subcontractors will need to:

• establish policies and procedures to detect and track the use of covered semiconductor products or services throughout their supply chains; and
• create an ongoing monitoring and compliance process to report detection of non-conforming end items, components, or parts of critical systems.

5. Inclusion of Safe Harbors in Proposed Rule. Potential good news for such contractors and subcontractors includes safe harbors built into the proposed rule. As noted above, one such provision gives contractors the ability to rely on certifications from covered entities without the need to conduct a formal audit or review. Another is a guarantee that contractors and subcontractors that notify the government that a critical system contains actual or suspected covered semiconductor products or services will not be subject to civil liability or a finding of non-responsibility in connection with future procurements, so long as the offending product or service is removed. Finally, the ANPR indicates that the final rule will clarify an available waiver process, which will allow various agencies to grant waivers of the ban for certain products and procurements, although the ANPR suggests that only agencies will be able to request waivers, not contractors themselves.

6. Important Distinctions between this rule and the ban on “covered telecommunications equipment.” It bears noting that the FY 2023 NDAA Section 5949 “covered semiconductor” restrictions are similar to the FY 2019 NDAA Section 889 restrictions on the federal government’s purchase of “covered telecommunications products and services,” the so-called “Huawei ban.” However, unlike that provision, Section 5949 does not seek to prohibit federal contractors and subcontractors themselves from using covered semiconductor products and services, and does not require an onerous certification concerning “use” by the company. Rather, the focus is on electronic parts in the semiconductor supply chain and whether products or services sold to the government use covered semiconductor products or services at any level. In addition, perhaps in response to one of the major critiques of the telecommunications ban, the ANPR notes that the government is considering creating a list of electronic products and services (such as telecommunications and cloud storage or computing services) that include covered semiconductor products or services. Such a list would help contractors identify products and services covered by the semiconductor ban.

7. The FAR Council really wants to hear what you think. Notably, the ANPR includes a list of 18 questions for public commenters’ input. The FAR Council is soliciting comments on proposed definitions, asking how difficult the rule will be to implement given visibility into supply chains, inquiring about the likelihood of the need for waivers, and asking if development of a list of products with prohibited semiconductors would be helpful. Contractors, subcontractors, and other covered entities should take the FAR Council up on the opportunity to provide comments to shape the final rule.

In addition to providing comments, contractors and subcontractors should also begin evaluating their supply chains in anticipation of implementation of the final requirements for covered semiconductors. Through the CHIPS Act and other programs, the federal government is working to try to boost domestic semiconductor production, but until reliable alternative sources are available, this ban could have significant ripple effects through the electronics industry.

[View source.]