On February 17, 2026, the Federal Acquisition Regulation (FAR) Council proposed a new rule that will impact technology companies that sell electronic products and services to the federal government, should those products and services include certain semiconductor products or services. The proposed rule implements Section 5949 of the 2023 National Defense Authorization Act, and continues the federal government’s efforts to prohibit sources deemed to be threats to national security. Not unlike other FAR rules concerning prohibited sources (e.g., Section 889 and Kaspersky Labs), the proposed rule will require federal government contractors to review their supply chains, make representations in their offers, and notify the government if they subsequently learn they delivered a noncompliant product. This alert discusses highlights of the proposed rule in the FAQs below.
When Does the Rule Take Effect?
Contractors should expect the rule to take effect December 23, 2027. This is the date required by Section 5949. That said, the FAR Council has issued only a proposed rule at this time, with public comments due April 20, 2026. It remains to be seen when the actual final rule will be published. Given the date required by the statute, however, contractors should not wait for the final rule before reviewing their semiconductor supply chains.
What Semiconductor Products or Services Will Be Prohibited?
The proposed rule will prohibit electronic products and services that include semiconductor products or services designed, produced, or provided by Semiconductor Manufacturing International Corporation (SMIC), ChangXin Memory Technologies, or Yangtze Memory Technologies Corp, or any of their subsidiaries, affiliates, or successors. In addition, the U.S. Secretary of Defense or Commerce can designate additional prohibited sources of semiconductor products or services, namely, entities that are owned or controlled by, or connected to the government of China, North Korea, Russia, or Iran, or other countries the Secretary of Commerce finds is engaged in conduct detrimental to U.S. national security or foreign policy interests.
Such a semiconductor product or service is known as a “covered semiconductor product or service.”
There are two prohibitions under the rule. Federal agencies are prohibited from procuring or obtaining:
- electronic products or services that include “covered semiconductor products or services;” and
- electronic products, for use in critical systems, that use electronic products that include “covered semiconductor products or services.”
Contractors that wish to sell electronic products and services to the federal government, therefore, will need to ensure that their products and services do not include noncompliant semiconductors.
What Kind of Review Will My Company Need to Do?
The proposed rule requires contractors to conduct a “reasonable inquiry” to determine if their electronic products are compliant, and to certify as such when submitting its offer under a new solicitation provision at FAR 52.240-XX.
Contractors familiar with the “reasonable inquiry” under the FAR 52.204-24 (i.e., the 889 representation) might be glad to know that the proposed rule does not require a third party audit. However, the new rule appears to expect more from contractors when it comes to prohibited semiconductor products and services then FAR 52.204-24 requires for telecommunications equipment and services. Under the proposed rule, if a contractor is unable to find information to confirm that an electronic product or electronic service does not use or include a covered semiconductor product or service, the contractor “would need to look to its suppliers to conduct reasonable inquiries” and have the suppliers provide a certification that it had done so and that no product or service included a semiconductor from a prohibited source. The Council added, “It is expected that most entities will conduct a full review of the electronic products and electronic services that they may offer to the Government, rather than assess on a solicitation-by-solicitation basis.”
What If My Reasonable Inquiry Determines My Electronic Product Includes a Covered Semiconductor Product or Service?
Although many companies might forego an opportunity if their electronic products or services are noncompliant due to inclusion of a covered semiconductor product or service, some may not. One reason they may not is because the proposed FAR 52.240-XX expressly allows for the government to seek an exception or waiver for a noncompliant offer. To qualify for an exception or waiver, however, FAR 52.240-XX requires the contractor to disclose the noncompliance. Disclosure will not subject the contractor to civil liability or make the contractor nonresponsible.
What Are Those Exceptions Mentioned Above?
The proposed rule includes six exceptions.
- Products resident in government equipment or systems, which were acquired prior to December 23, 2027 (i.e., contractors will not be required to remove and replace electronic products delivered prior to the effective date)
- Covered semiconductor products or services that are necessary throughout the lifecycle of existing equipment (e.g., replacement and spare parts) that was acquired by the contractor prior to December 23, 2027
- Commercial products or commercial services that include covered semiconductor products or services, where there are no alternative sources available, until December 23, 2028
- Products compliant at the time of contract award, but made noncompliant after because of a subsequent determination by the Secretary of Defense or Commerce, in the absence of a contract modification
- Commercial service procurements except for procurements for information technology and telecommunications
- Electronic services that are incidental to the performance of the contract (e.g., contractor payroll)
Importantly, the contractor cannot and should not determine whether an exception applies on its own. The proposed rule explains that “exceptions will be determined by the Government and can be based on any applicable disclosures by offerors or reporting by contractors.”
Notably, while the rule provides for exceptions, the FAR Council pointed out that “the overall goal of the statute remains the exclusion of semiconductors from prohibited entities to the greatest degree possible by December 23, 2027. As such, exceptions and waivers are meant to act as a bridge to near-term compliance with the rule, not an indefinite reprieve from it.” Contractors therefore should not count on an exception or waiver being reason to delay ensuring its supply chain is compliant.
What Happens If After Award, I Learn the Electronic Product I Sold to the Government Includes a Covered Semiconductor Product or Service?
The contractor’s obligation to know the sourcing of its product does not end with submission of its offer. A new contract clause, FAR 52.240-YY, provides that if, after award, the contractor learns or “has reason to suspect” that the electronic product or electronic service it sold to the government contains covered semiconductor products or services, it must notify the contracting officer in writing within 72 hours of learning of the noncompliance. This notification requirement applies even if an exception might apply, since again, the government makes the exception determination. However, similar to the noncompliance disclosure requirement under FAR 52.240-XX at the time of proposal submission, compliance with this reporting requirement does not create potential civil liability or negatively affect responsibility.
What Resources Are Available to Help?
As noted above, the Secretary of Defense or Commerce can designate a prohibited source of a semiconductor product or service. The proposed rule notes that the U.S. Department of Commerce will host a to-be-determined website that will list these sources. In addition, the proposed rule provides that the Department of Commerce is “considering” hosting a website that will list organizations that have certified their semiconductor products and services as being from compliant sources. When (and in the case of the second website, if) these websites go live, contractors may reasonably rely on them according to the proposed rule, unless a contractor has information causing it to doubt their accuracy.
What Else Should I Know?
Lastly, the proposed rule requires contractors and subcontractors—that are “semiconductor covered entities”—to disclose any covered semiconductor product or service in the electronic products or services they sell to non-federal government customers. A “semiconductor covered entity” is an entity that develops a semiconductor design and purchases a covered semiconductor product or service from SMIC, or an entity designated by the Secretary of Defense or Commerce.
According to the FAR Council, this disclosure requirement reflects the government’s concern that a covered semiconductor product or service is a threat to all customers “of semiconductor covered entities, not just the Government.” Thus, the government is using its contracts to increase awareness beyond its contractors of the risk to the supply chain presented by certain semiconductor sources. As such, “Non-Federal customer awareness of the inclusion of covered semiconductors will increase supply chain visibility, which should enhance the capability for protection and risk mitigation.”
The proposed rule does not give guidance how to make such a disclosure, but the FAR Council suggested a company could include it in marketing material, website, or sales agreement with a non-federal customer.
Conclusion
While a final rule is still to be released, contractors should be reviewing their supply chains now to determine what, if any, changes they may need to make to deliver compliant products and services. They also should be reviewing diligence practices for gaps or areas for improvement so as to be able to satisfy their “reasonable inquiry” obligations. Because the message is clear: the semiconductor supply chain security is a matter of national security, and contractors wishing to be competitive in the federal government marketplace when selling electronic products and services must have demonstrably resilient supply chains.
Moreover, lest there be any doubt, contractors should expect more rules impacting their supply chains for other products and services due to security concerns over sourcing. As we discussed here, the National Defense Authorization Act (NDAA) for Fiscal Year 2026 prohibits the federal government from buying biotechnology equipment or services produced by certain “biotechnology companies of concern.” The 2026 NDAA also includes requirements to limit federal government agency purchases from foreign entities of concern (e.g., companies connected to China, Russia, North Korea, and Iran) of advanced batteries, computer displays, photovoltaic modules or inverters, additive manufacturing machines, and molybdenum, gallium, or germanium. We expect notices of proposed rules for these prohibitions in the future and will monitor any new developments.
