On June 2, 2023, the FAR Council issued an Interim Rule with immediate effect that prohibits the presence or use of the TikTok app on “information technology” (IT) equipment used by government contractors and contractor personnel in the performance of a contract. The interim rule mirrors the Office of Management and Budget’s guidance, which directed federal agencies to remove TikTok and successor apps made by Chinese company ByteDance Limited from federal devices (to implement the No TikTok on Government Devices Act).
General Prohibition and Applicability
Broad in scope, the prohibition—implemented by new contract clause FAR 52.204-27—applies to the use or presence of TikTok on (i) IT equipment owned or managed by the government; and (ii) both contractor-owned and employee-owned IT equipment used in contract performance. The FAR clause excludes personally owned cell phones that are not used in the performance of a contract. In addition, the clause applies to contracts below the simplified acquisition threshold and to contracts for commercial products and services. The clause is also a required flowdown to subcontractors.
The clause does allow agencies to provide exemptions for contractors performing law enforcement activities, national security activities, and security research, though agencies are instructed to use exemptions sparingly.
For purposes of the prohibition, the clause incorporates a statutory definition of “information technology” (rather than the standard definition at FAR 2.101), which covers IT equipment when the contract requires the use of such equipment, or requires the use of such equipment “to a significant extent in the performance of a service or the furnishing of a product” but does not include “equipment acquired by a Federal contractor incidental to a Federal contract.” Neither the clause nor the commentary provides clarification about what type of use may be “incidental” and fall out of scope of the prohibition.
Compliance Standards
In the rulemaking commentary, the FAR Council notes that it expects contractors already have technology in place to block access to unwanted or nefarious websites and to prevent and remove a downloaded app, suggesting that the Government expectation is that the contractors will impose technical barriers in addition to using policies and procedures, training, and awareness campaigns to comply with the requirement.
Timing
Agencies are directed to include the new FAR clause in:
- Any solicitation issued on or after July 2, 2023;
- Any contract award that occurs on or after July 2, 2023, even if the solicitation predated the rulemaking;
- Existing IDIQ contracts, to be amended by July 2, 2023 to apply to future orders;
- Any modifications/option awards for existing contracts or task or delivery orders that extend the period of performance.
Comments on the Interim Rule are due by August 1, 2023.
Compliance Considerations
Contractors will need to move quickly to ensure that they comply with the clause before the government begins to include it in contracts. In preparing, contractors should consider taking the following steps:
- Update employee/subcontractor device policies to reflect FAR 52.204-27 restrictions.
- Circulate guidance on FAR 52.204-27 restrictions to impacted employees and subcontractors, including instructions on how to uninstall TikTok from personal devices.
- Identify all devices used in contract performance, including any personal or employee-provided devices.
- Direct employees and subcontractors using personal devices in contract work to uninstall TikTok from such devices within the next 30 days.
- Communicate with information technology personnel and consider whether technical solutions should be deployed (e.g. removing existing instances of TikTok from contractor-managed devices, blocking TikTok downloads moving forward, etc.)