Photo of Adelicia R. CliffePhoto of Evan D. WolffPhoto of M.Yuan ZhouPhoto of Michael G. Gruden, CIPP/GPhoto of Alexandra Barbee-GarrettPhoto of Jacob Harrison

On June 2, 2023, the FAR Council issued an Interim Rule with immediate effect that prohibits the presence or use of the TikTok app on “information technology” (IT) equipment used by government contractors and contractor personnel in the performance of a contract. The interim rule mirrors the Office of Management and Budget’s guidance, which directed federal agencies to remove TikTok and successor apps made by Chinese company ByteDance Limited from federal devices (to implement the No TikTok on Government Devices Act).

General Prohibition and Applicability

Broad in scope, the prohibition—implemented by new contract clause FAR 52.204-27—applies to the use or presence of TikTok on (i) IT equipment owned or managed by the government; and (ii) both contractor-owned and employee-owned IT equipment used in contract performance.  The FAR clause excludes personally owned cell phones that are not used in the performance of a contract.  In addition, the clause applies to contracts below the simplified acquisition threshold and to contracts for commercial products and services.  The clause is also a required flowdown to subcontractors.

The clause does allow agencies to provide exemptions for contractors performing law enforcement activities, national security activities, and security research, though agencies are instructed to use exemptions sparingly.

For purposes of the prohibition, the clause incorporates a statutory definition of “information technology” (rather than the standard definition at FAR 2.101), which covers IT equipment when the contract requires the use of such equipment, or requires the use of such equipment “to a significant extent in the performance of a service or the furnishing of a product” but does not include “equipment acquired by a Federal contractor incidental to a Federal contract.” Neither the clause nor the commentary provides clarification about what type of use may be “incidental” and fall out of scope of the prohibition.

Compliance Standards

In the rulemaking commentary, the FAR Council notes that it expects contractors already have technology in place to block access to unwanted or nefarious websites and to prevent and remove a downloaded app, suggesting that the Government expectation is that the contractors will impose technical barriers in addition to using policies and procedures, training, and awareness campaigns to comply with the requirement.

Timing

Agencies are directed to include the new FAR clause in:

  • Any solicitation issued on or after July 2, 2023;
  • Any contract award that occurs on or after July 2, 2023, even if the solicitation predated the rulemaking;
  • Existing IDIQ contracts, to be amended by July 2, 2023 to apply to future orders;
  • Any modifications/option awards for existing contracts or task or delivery orders that extend the period of performance.

Comments on the Interim Rule are due by August 1, 2023.

Compliance Considerations

Contractors will need to move quickly to ensure that they comply with the clause before the government begins to include it in contracts.  In preparing, contractors should consider taking the following steps:

  • Update employee/subcontractor device policies to reflect FAR 52.204-27 restrictions.
  • Circulate guidance on FAR 52.204-27 restrictions to impacted employees and subcontractors, including instructions on how to uninstall TikTok from personal devices.
  • Identify all devices used in contract performance, including any personal or employee-provided devices.
  • Direct employees and subcontractors using personal devices in contract work to uninstall TikTok from such devices within the next 30 days.
  • Communicate with information technology personnel and consider whether technical solutions should be deployed (e.g. removing existing instances of TikTok from contractor-managed devices, blocking TikTok downloads moving forward, etc.)
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Adelicia R. Cliffe Adelicia R. Cliffe

Adelicia Cliffe is a partner in the Washington, D.C. office, a member of the Steering Committee for the firm’s Government Contracts Group, and a member of the International Trade Group. Addie is also co-chair of the firm’s National Security practice. Addie has been…

Adelicia Cliffe is a partner in the Washington, D.C. office, a member of the Steering Committee for the firm’s Government Contracts Group, and a member of the International Trade Group. Addie is also co-chair of the firm’s National Security practice. Addie has been named as a nationally recognized practitioner in the government contracts field by Chambers USA.

Photo of Evan D. Wolff Evan D. Wolff

Evan D. Wolff is a partner in Crowell & Moring’s Washington, D.C. office, where he is co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and a member of the Government Contracts Group. Evan has a national reputation for his deep technical…

Evan D. Wolff is a partner in Crowell & Moring’s Washington, D.C. office, where he is co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and a member of the Government Contracts Group. Evan has a national reputation for his deep technical background and understanding of complex cybersecurity legal and policy issues. Calling upon his experiences as a scientist, program manager, and lawyer, Evan takes an innovative approach to developing blended legal, technical, and governance mechanisms to prepare companies with rapid and comprehensive responses to rapidly evolving cybersecurity risks and threats. Evan has conducted training and incident simulations, developed response plans, led privileged investigations, and advised on hundreds of data breaches where he works closely with forensic investigators. Evan also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). He is also a Registered Practitioner under the Cybersecurity Maturity Model Certification (CMMC) framework.

Photo of M.Yuan Zhou M.Yuan Zhou

M. Yuan Zhou is a counsel in the Washington, D.C. office of Crowell & Moring, where she is a member of the firm’s Government Contracts Group.

Yuan’s practice includes a wide range of investigatory, counseling, and transactional capabilities, including: internal investigations related to…

M. Yuan Zhou is a counsel in the Washington, D.C. office of Crowell & Moring, where she is a member of the firm’s Government Contracts Group.

Yuan’s practice includes a wide range of investigatory, counseling, and transactional capabilities, including: internal investigations related to the False Claims Act, the Procurement Integrity Act, and other civil and criminal matters; compliance reviews and enhancing contractor compliance programs; representing clients in suspension and debarment proceedings; counseling on data rights issues, challenges, and disputes; mandatory disclosures; and providing government contracts due diligence in transactional matters. As part of the firm’s State and Local Practice, Yuan also counsels clients on state and local procurement issues, ranging from bid protests to contract negotiations with state agencies, and advises prime contractors and subcontractors on a variety of issues including prime/sub contract formation, disputes, and other government contracts issues.

Photo of Michael G. Gruden, CIPP/G Michael G. Gruden, CIPP/G

Michael G. Gruden is a counsel in Crowell & Moring’s Washington, D.C. office, where he is a member of the firm’s Government Contracts and Privacy and Cybersecurity groups. He possesses real-world experience in the areas of federal procurement and data security, having worked…

Michael G. Gruden is a counsel in Crowell & Moring’s Washington, D.C. office, where he is a member of the firm’s Government Contracts and Privacy and Cybersecurity groups. He possesses real-world experience in the areas of federal procurement and data security, having worked as a Contracting Officer at both the U.S. Department of Defense (DoD) and the U.S. Department of Homeland Security (DHS) in the Information Technology, Research & Development, and Security sectors for nearly 15 years. Michael is a Certified Information Privacy Professional with a U.S. government concentration (CIPP/G). He is also a Registered Practitioner under the Cybersecurity Maturity Model Certification (CMMC) framework. Michael serves as vice-chair for the ABA Science & Technology Section’s Homeland Security Committee.

Michael’s legal practice covers a wide range of counseling and litigation engagements at the intersection of government contracts and cybersecurity. His government contracts endeavors include supply chain security counseling, contract disputes with federal entities, suspension and debarment proceedings, mandatory disclosures to the government, prime-subcontractor disputes, and False Claims Act investigations. His privacy and cybersecurity practice includes cybersecurity compliance reviews, risk assessments, data breaches, incident response, and regulatory investigations.

Photo of Alexandra Barbee-Garrett Alexandra Barbee-Garrett

Alexandra Barbee-Garrett is an associate in Crowell & Moring’s Washington, D.C. office, where she practices in the Government Contracts Group.

Alex represents government contractors in both litigation and counseling matters. Her practice includes bid protests before the Government Accountability Office (GAO), the U.S.

Alexandra Barbee-Garrett is an associate in Crowell & Moring’s Washington, D.C. office, where she practices in the Government Contracts Group.

Alex represents government contractors in both litigation and counseling matters. Her practice includes bid protests before the Government Accountability Office (GAO), the U.S. Court of Federal Claims, and the U.S. Court of Appeals for the Federal Circuit. Alex’s practice also focuses on federal regulatory compliance, mandatory disclosures to the government, contract disputes under the Contract Disputes Act (CDA), prime-sub disputes, and False Claims Act and internal investigations.

Prior to joining Crowell & Moring, Alex was a law clerk to Judge Richard A. Hertling of the U.S. Court of Federal Claims and a government contracts associate at another large law firm. Alex graduated honors from The George Washington University Law School, where she was an articles editor of The Public Contract Law Journal. Alex won the 2015 Government Contracts Moot Court Competition and served as chair for the 2016 competition. Prior to law school, Alex worked as a health care legislative assistant for Rep. Rick Larsen (WA) in the U.S. House of Representatives. She received her B.A. in international studies and anthropology from the University of Washington.

Photo of Jacob Harrison Jacob Harrison

Jacob Harrison helps his clients navigate both domestic and international legal challenges.

Jake advises U.S. government contractors on internal investigations and state and federal regulatory compliance. His compliance practice focuses on counseling clients operating at the intersection of government contracts and cybersecurity, including

Jacob Harrison helps his clients navigate both domestic and international legal challenges.

Jake advises U.S. government contractors on internal investigations and state and federal regulatory compliance. His compliance practice focuses on counseling clients operating at the intersection of government contracts and cybersecurity, including for cybersecurity compliance reviews, risk assessments, and data breaches.

In his international practice, Jake represents foreign and domestic clients in Foreign Sovereign Immunities Act and Anti-Terrorism Act litigation. He also has experience advising clients involved in cross-border commercial arbitration proceedings.

During law school, Jake served as an associate editor of the Emory Law Journal and interned at the Supreme Court of Georgia and the Georgia House Democratic Caucus. Before attending law school, Jake worked in politics and state government.