A new Federal Acquisition Regulation (FAR 52.204-27) clause prohibits federal contractors and subcontractors from “having or using” the social networking service TikTok or any “successor application” developed by ByteDance, a Chinese internet technology company headquartered in Beijing, on any information technology system used or provided by the contractor in the performance of a government contract. Many government contractor companies are left wondering if they need to direct their employees to remove TikTok from their mobile devices. While the FAR does not directly address the question, the prohibition applies to cellphones and other mobile devices regardless of whether the device is owned by the government, the contractor company, or the contractor’s employees (company-issued devices and employee-owned devices that are used as part of an employer bring your own device (BYOD) program). It appears that a purely personally owned cellphone that an employee does not use in the performance of the government contract is not subject to the prohibition.
There is minimal guidance from government agencies describing which specific activities would be considered part of the performance of the government contract. However, the General Services Administration (GSA) issued a Smart Bulletin which states that the TikTok ban does not apply to personally owned cell phones which are not used in the performance of contract work or “to technology incidental to the performance of such work.” The government seems more concerned with the communication and storing of information about the work being performed under the contract rather than work which is “incidental” to the contract, such as conducting background checks or searching for candidates to perform the work (especially where the work itself is not discussed). As such, and until further guidance is issued that states otherwise, this language from the Smart Bulletin indicates that employees of government contractors providing back-office support or other “incidental” services may not be subject to the ban.
Of course, the safest approach is for government contractors and subcontractors to institute a workplace social media policy which prohibits employees working on or in connection with a federal government contract from having the TikTok app on any computers or mobile devices, unless the device is used for purely personal reasons and not used at all for company business.
Lastly, while the new FAR is silent on fines or penalties for noncompliance, contractual remedies for violations may be expected because the rule itself will be inserted into government contracts and which will flow down to subcontractors. Unlike prior supply chain bans (e.g., Section 889, Kaspersky ban), FAR 52.204-27 does not currently require contractors to certify their compliance, nor does it require contractors to report any non-compliance discovered during performance. Contractors are urged to consult their legal counsel prior to entering into government contracts that implement the TikTok ban or issuing new policies concerning the ban.
