New Proposed Federal Rules May Impact Telecom and Data Center Operators
Due to cybersecurity concerns, the U.S. government has placed significant restrictions on U.S. government agencies’ and federal government contractors’ (including prime contractors’ and subcontractors’) ability to do business with entities that have Chinese telecommunications companies in their “supply chain” or that create a “supply chain risk.” One such law is the John S. McCain National Defense Authorization Act (the Act).1
The Department of Defense (DOD), the General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) have issued an interim rule (the Interim Rule) seeking to implement portions of the Act, and amend the Federal Acquisition Regulations (FAR) accordingly, and have solicited comments regarding clarifications or modifications to the Interim Rule prior to it becoming a permanent rule.
Effective Date of the Interim Rule: Aug. 13, 2019
Deadline for Comment: Oct. 15, 2019. Interested parties should submit written comments to the Regulatory Secretariat Division at the GSA.
Substance of the Interim Rule
The Interim Rule revises the FAR to implement Section 889(a)(1)(A) of the Act, which prohibits federal agencies from procuring, obtaining, extending, or renewing a contract to procure or obtain any equipment, system, or service that uses “covered telecommunications equipment or services” as a “substantial or essential component”2 of any system or as a “critical technology” as part of any system (the Restriction). Contractors can seek waivers from the Restriction from the applicable agency or from the Director of National Intelligence.
“Covered telecommunications equipment or services” includes: (1) “[t]elecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities)”; (2) “[f]or the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities)”; (3) “[t]elecommunications or video surveillance services provided by such entities or using such equipment”; or (4) “[t]elecommunications or video surveillance equipment or services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of National Intelligence or the Director of the Federal Bureau of Investigation, reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country,” i.e., the People’s Republic of China. The following are excluded from the Restriction: (i) services connecting to third-party facilities (the Interim Rule identifies backhaul, roaming, and interconnection arrangements as examples); and (ii) telecommunications equipment that cannot route or redirect user data traffic or permit visibility into any user data or packets that such equipment transmits or otherwise handles (the Interim Rule provides no examples).
The Interim Rule requires any contractor to report to the federal government if it uses or is notified by any subcontractor or any other source that “covered telecommunications equipment or services” is used as a “substantial or essential component” or a “critical technology” of its systems. The Interim Rule also requires contractors to include the substance of the rule in “all subcontracts and other contractual instruments, including subcontracts for the acquisition of commercial items.”
Any telecommunications carrier or data center operator that utilizes “covered telecommunications equipment or services” either internally or to provide services to customers as a “substantial or essential component” of any system or as “critical technology” as part of any system during contract performance would be precluded from doing business with the federal government, directly or indirectly (i.e., as a prime contractor or subcontractor) under a plain reading of the language of the Act and the Interim Rule. A broad reading of the Interim Rule could prohibit the provision of a wide range of telecommunications and data center services, whereas a narrow reading could render them insignificant to many telecommunications and data center providers.