The Interim Rule: On June 2, 2023, the FAR Council issued an interim rule that prohibits having or using TikTok and other covered applications by ByteDance Ltd. on federal contractor devices.[i] This interim rule follows in the wake of the government-wide initiative that bans TikTok on all federal government devices implemented earlier this year due to rising national security concerns and geopolitical tensions between the United States and China. The interim rule amends FAR Part 4, adding new subpart FAR 4.22, “Prohibition on a ByteDance Covered Application,” with a corresponding contract clause at FAR 52.204-27 (the “FAR clause”).
Immediate Implementation: The interim rule is effective immediately. Contracting Officers must include the FAR clause in all solicitations and new awards, including orders, modifications, options, or contract extensions, issued on or after June 2, 2023. Federal contractors should expect amendments to solicitations issued prior to June 2, 2023, no later than July 3, 2023.
Application of the Interim Rule: The FAR clause applies to “the social networking service TikTok or any successor application or service developed or provided by ByteDance Limited or an entity owned by ByteDance Limited.”[ii] Like other prohibitions on covered technology, the FAR clause imposes a broad prohibition on the presence or use of the covered application:
The Contractor is prohibited from having or using a covered application on any information technology owned or managed by the Government, or on any information technology used or provided by the Contractor under this contract, including equipment provided by the Contractor’s employees however, this prohibition does not apply if the Contracting Officer provides written notification to the Contractor that an exception has been granted in accordance with OMB Memorandum M-23-13.
The ban applies to all devices used in the performance of a federal contract, regardless of whether they are owned by the government, the contractor, or the contractor’s employees. The ban includes federal contractor employees’ devices used as part of an employer’s bring your own device (“BYOD”) program, but it does not include (1) personally-owned devices that are not used in the performance of the federal contract or (2) equipment that is incidental to a contract.
A few other notes:
- The interim rule applies to acquisitions at or below the Simplified Acquisition Threshold (“SAT”) and acquisitions for commercial products and services, including Commercially Available Off-the-Shelf (“COTS”) items.
- The FAR clause does not exclude imbedded information technology (e.g., HVAC systems); this differs from the standard definition of “information technology” in FAR 2.101.[iii]
- And again, like other prohibitions surrounding technology, this FAR clause flows down to all subcontracts.
The government does not expect this rule to have a “significant economic impact on business” because the rule is less complex than other prohibitions on technology (e.g., FAR 52.204-25). The government believes that contractors already should have policies and procedures in place that block nefarious technology and that define appropriate technology use for employees. Public comments are being accepted on the interim rule until August 1, 2023.
What’s Next? Although the proposed rule does not include any reporting or record keeping requirements, federal contractors should work incorporate the interim rule into their compliance framework as soon as possible. Steps might include drafting or amending policies to ban the presence and use of TikTok on laptops and cell phones used by employees and subcontractors during contract performance or having your IT staff block employees’ access to the website and installation of the application. Contractors who have a BYOD policy could require certifications from employees and subcontractors that no personal or employee-provided devices use TikTok and verify implementation through endpoint management. Contractors are urged to implement appropriate steps immediately.
As the federal government continues to expand the breadth and depth of prohibited technology used in connection with its information systems, the government contracts industry should consider the possibility that these bans may expand to any system that stores federal information. For example, law firms and accounting firms may become subject to the same prohibition when handling government information provided by their federal contractor-clients in a subpoena response, bid protest, or other litigation.
If you need assistance complying with the new interim rule, have questions, or would like assistance submitting comments to the interim rule, Nichols Liu can help. Please contact the authors of this article or the Nichols Liu attorney with whom you regularly work.
[i] Federal Acquisition Regulation: Prohibition on a ByteDance Covered Application, 88 Fed. Reg. 36430 (June 2, 2023) (to be codified at 48 C.F.R. part 31), https://www.federalregister.gov/documents/2023/06/02/2023-11756/federal-acquisition-regulation-prohibition-on-a-bytedance-covered-application.
[ii] FAR 52.204-27(a).