By this point, many companies have come to realize that they and their employees are subject to the Federal Government’s recent ban on TikTok, which may apply not only to Government- and company-owned devices but also to employee-owned devices. Yet, many questions persist as companies struggle to implement the vague language in the ban and are caught between employee frustrations and “a national security measure to protect Government information and information and communication technology systems.”
Although the interim rule leaves open a number of questions, some can be answered. Below are answers to a number of common questions as well as insight into what is still unanswered.
The ban applies if you have a contract with the ban in it.
It is likely in a contract by reference to FAR 52.204-27, Prohibition on a ByteDance Covered Application, but it may also be included via reference to Section 102 of Public Law 117-328 or OMB Memorandum M-23-13.
No. But, on June 2, 2023, agencies were instructed that they must include FAR 52.204-27 in the following contracts:
Thus, if your company has a contract that falls under those requirements, it likely has the ban in it. It may also have the ban even if it does not fall under those requirements.
At this point, the Government has not directed that the ban be extended to Federal grants or contracts under Federal grants.
Yes, including for the acquisition of COTS (commercially available off-the-shelf) items.
Per FAR 52.204-27, “The Contractor is prohibited from having or using a covered application on any information technology owned or managed by the Government, or on any information technology used or provided by the Contractor under this contract, including the equipment provided by the Contractor’s employees . . . ”
The interim rule does not define that term. Given the other language in the clause, it is clear that information technology “used . . . by the Contractor” under the covered contract would not be considered “incidental” under the interim rule. Thus the “incidental” carveout appears to be somewhat limited in usefulness at this point.
Yes. Even though the clause itself is not explicit in this regard, the FAR Council’s commentary to the rule states that the rule requires contractors “to prohibit the presence or use of a covered application or the URLs associated with a covered application . . .”
The clause does not set out specific steps for implementing the ban. But the FAR Council’s commentary to the rule states that it expects contractors to leverage existing technology, policies, and procedures, including communications with employees and trainings. It also states that the FAR Council anticipates contractors will do an initial review of technology and policies but only need to do a periodic review of policies thereafter.
Yes. FAR 52.204-27 requires contractors to include the substance of the clause “in all subcontracts” and to require the subcontractors to also flow down the clause to lower-tier subcontractors.
No. The FAR Council commentary states, “The changes made by this rule do not require a contractor to review its supply chain. Additionally, there is no reporting requirement by a contractor . . . .” The FAR Council also notes that this is different than the requirements under the Kaspersky and Huawei (Section 889) bans implemented under FAR 52.204-23, Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab and Other Covered Entities, and FAR 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment.
Yes. The OMB memorandum issued prior to this FAR clause asked agencies to report if they believe other applications should be considered for a ban.
Potentially. This is only an interim rule, which means that the Government has not yet finalized the rule. Final rules sometimes address issues that industry points out via comments.
Yes. Comments are due by August 1, 2023, and comments will “be considered in the formation of the final rule.”
 The ban originated in the Consolidated Appropriations Act, 2023 (Pub. L. 117– 328), Section 102 of Division R, which was signed into law on December 29, 2022; the subsequent Office of Management and Budget (OMB) Memorandum M-23-13, “No TikTok on Government Devices,” which was issued on February 27, 2023; and Federal Acquisition Regulation: Prohibition on a ByteDance Covered Application, 88 Fed. Reg. 36,430 (June 2, 2023) (to be codified at 48 C.F.R. Parts 4, 13, 39 , and 52).
Jayna Marie Rust is a partner in Thompson Coburn’s Washington, D.C. office. She counsels clients on Federal contract- and grant-administration matters, including labor and employment issues specific to contractors. She also assists contractors and other entities in preparing comments to proposed and interim rules.
Although we would like to hear from you, we cannot represent you until we know that doing so will not create a conflict of interest. Also, we cannot treat unsolicited information as confidential. Accordingly, please do not send us any information about any matter that may involve you until you receive a written statement from us that we represent you (an ‘engagement letter’).
By clicking the ‘ACCEPT’ button, you agree that we may review any information you transmit to us. You recognize that our review of your information, even if you submitted it in a good faith effort to retain us, and, further, even if you consider it confidential, does not preclude us from representing another client directly adverse to you, even in a matter where that information could and will be used against you. Please click the ‘ACCEPT’ button if you understand and accept the foregoing statement and wish to proceed.