WHAT: The Federal Acquisition Regulation (FAR) Council published an interim rule implementing the No TikTok on Government Devices Act that was included in the Consolidated Appropriations Act, 2023 (Pub. L. No. 117-328) and addressed in Office of Management and Budget Memorandum M–23–13. The interim rule prohibits the use of TikTok or other applications by ByteDance on contractors’ information technology, including employee-owned devices that are used as part of a bring-your-own-device (BYOD) program. The interim rule adds a new contract clause at FAR 52.204-27, Prohibition on a ByteDance Covered Application, which states: “The Contractor is prohibited from having or using a covered application on any information technology owned or managed by the Government, or on any information technology used or provided by the Contractor under this contract, including equipment provided by the Contractor’s employees.”
WHEN: The interim rule is effective immediately. Contracting officers are required to include the new clause at FAR 52.204-27 in any solicitations, awards, modifications, exercise of options, or extensions as of June 2, 2023. Public comments on the interim rule can be submitted by August 1, 2023.
WHAT DOES IT MEAN FOR INDUSTRY: Consistent with the national security concerns that led to the statute, the prohibition in FAR 52.204-27 applies to all contracts, including contracts at or below the simplified acquisition threshold and contracts for commercial products, including procurements for commercially available off-the-shelf (COTS) items, and commercial services. The prohibition also applies to purchases at or below the micro-purchase threshold, which is currently $10,000. The preamble to the interim rule notes that the FAR Council does not expect the interim rule to have a significant economic impact because contractors can leverage technology they already have in place “to block access to unwanted or nefarious websites, prevent the download of prohibited applications (apps) to devices, and remove a downloaded app.” Furthermore, the FAR Council notes that the new rule, unlike FAR 52.204–25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment, which implements bans on certain Chinese telecommunications and video equipment, does not require a contractor to review its supply chain. Likewise, the interim rule does not include a reporting requirement or require a representation of compliance.
FAR 52.204-27 adopts the statutory definition of “information technology” in 40 U.S.C. § 11101(6), which applies to equipment that is required to be used under a contract or used “to a significant extent in the performance or the furnishing of a product.” The clause itself, however, applies more broadly by prohibiting covered applications on information technology that is used to any extent on a government contract.
As the interim rule notes, in addition to blocking or preventing download of apps, contractors can address this rule through employee policies for workplace technology, which may need to be updated, and employee communications or training that “clearly explain[s] to . . . employees when a covered application is prohibited on a personal device used in performance of a Federal contract.”