Following the release of GAO and Congressional reports detailing counterfeit electronic parts in the Department of Defense (“DoD”) supply chain, Congress and the executive branch have made DoD supply chain security a priority. As part of the Government’s comprehensive approach to improving supply chain security for DoD, previously blogged about here and here, Congress passed legislation containing new reporting requirements for contractors who discover counterfeit or suspected counterfeit parts. The Government – Industry Data Exchange Program, or “GIDEP,” is a joint U.S. – Canadian program, funded by both governments, is currently DoD’s designated reporting organization for counterfeit parts.

New Proposed DFARS Rule. On May 16, 2013, DoD published proposed changes to the DFARS, which include two new requirements for government contractors to report counterfeit parts. First, proposed section 246.870, Contractors’ counterfeit electronic part avoidance and detection systems, includes a requirement for contractors to have a system in place that addresses “[t]he reporting and quarantining of counterfeit electronic parts and suspect counterfeit electronic parts.” Next, the rule proposes to add the same language to Section 252.7001, Solicitation Provisions and Contract Clauses. Coupled with the language of Section 818(c)(4) of the 2012 NDAA, this rule will require contractors to participate in GIDEP. And while the proposed rule is silent on the timeliness of the reporting, Section 818 indicates that contractors will be required to submit reports within 60 days. It will be interesting to see whether/how the timeliness element is included in the final rule.

Legal Barriers to Reporting. Reporting of counterfeit parts to GIDEP has not been historically widespread, for a number of reasons. Section 818 of the 2012 NDAA removed one of the barriers to reporting counterfeit parts: civil liability. Section 818(c)(5) carves out a safe harbor for companies reporting counterfeit parts or suspected counterfeit parts, providing that companies reporting counterfeit or suspected counterfeit electronic parts will “not be subject to civil liability on the basis of such reporting, provided the contractor or subcontractor made a reasonable effort to determine that the end item, component, part or material concerned contained counterfeit electronic parts or suspect counterfeit electronic parts.”

The Safe Harbor and Things to Come. The proposed rule still leaves a lot of questions unanswered. First, will foreign companies be required to follow the GIDEP reporting requirements? Currently, only U.S. and Canadian companies may participate in GIDEP. Next, is GIDEP sufficiently robust to serve as a central mandatory reporting mechanism for counterfeit electronic parts? And to what degree will companies be required to investigate suspected counterfeit parts before they are entitled to immunity from civil liability? The proposed rule is silent on these issues. Finally, the May 16, 2013 proposed rule only addresses some of the requirements of Section 818. Stay tuned for more changes in the coming months to both the Safe Harbor requirements and to requirements for government contractors to participate in GIDEP.