On June 2, 2023, the U.S. Government enacted a temporary regulation essentially banning TikTok, or any successor app developed by ByteDance Limited, on all government-owned or managed IT platforms, including those utilized by government contractors. This rule is enforced through the new Federal Acquisition Regulation (FAR) clause, FAR 52.204-27, dubbed the Prohibition on a ByteDance Covered Application.

This prohibition results from the “No TikTok on Government Devices Act” incorporated into the Consolidated Appropriations Act 2023. The newly added FAR clause adheres to the guidelines provided by the Office of Management and Budget (OMB) Memorandum M-23-13. The ban is labeled a national security measure to safeguard government systems, reflecting Congress’s ongoing initiative to restrict China’s access to federal contractor supply chains. The security concerns around using TikTok, which initiated this act, emerged around 2020.

As per FAR 52.204-27, federal contractors cannot utilize a “covered application” on any government-owned or managed IT or any tech equipment used under this contract, including those supplied by contractor employees. Covered applications refer explicitly to TikTok or any successor app created by ByteDance Limited. The “information technology” (IT) is defined in 40 U.S.C.§ 11101(6) as follows:

A. With respect to an executive agency means any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency, if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency that requires the use:

A. Of that equipment; or

B. Of that equipment to a significant extent in the performance of a service or the furnishing of a product;

C. Includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware, and similar procedures, services (including support services), and related resources; but

D. Does not include any equipment acquired by a federal contractor incidental to a federal contract.

The FAR council anticipates the rule won’t have a significant economic impact as contractors can block access to certain websites or applications using existing technology. However, the OMB Guidance adopts the 40 U.S.C.§ 11101(6) definition. It specifies that it applies to IT operated by agencies and IT utilized by a contractor to perform a service or deliver a product. This rule also applies to devices owned by the government, the contractor, or the contractor’s employees, excluding personal devices not used for federal contracts.

Unfortunately, both the OMB Guidance and the rule’s commentary fail to define what is meant by “required use” or “to a significant extent.” The definition of the exception for “equipment acquired by a federal contractor incidental to a federal contract” is also unclear. Thus, it remains uncertain the extent of the equipment covered. Contractors are encouraged to share their comments on the interim rule before August 1, 2023, hoping for clarity in the future.

The ban applies to all contracts except grants and cooperative agreements. Contracting officers may grant written exceptions under the terms of OMB Memorandum M-23-13. While contractors aren’t required to analyze their supply chain, all subcontracts must include the rule.

The February 27, 2023, OMB Memorandum M-23-13 states that the “definition reaches not only IT owned or operated by agencies, but also IT used by a contractor under a contract with the executive agency that requires the use of that IT, whether expressly or to a significant extent in the performance of a service or the furnishing of a product. That definition does not, however, include any equipment acquired by a federal contractor incidental to a federal contract. (Internal citations omitted.)

Unfortunately, OMB did not explain what it means for a contract to “require[] the use” of particular IT, what a “significant extent” is, or what “incidental” means in this context.

The new interim rule has been in effect since June 2, 2023, and applies to all future orders under all ongoing indefinite delivery indefinite quantity contracts as of July 3, 2023.

[View source.]