2023 NDAA Tightens Controls on Chinese Semiconductors in Government Contractor Supply Chains

President Joe Biden signed into law the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 (2023 NDAA or Defense Bill) on Dec. 23, 2022. The Defense Bill, which passed the U.S. House of Representatives on Dec. 8 and the Senate on Dec. 15, includes a key provision, Section 5949, that prohibits the U.S. government from doing business with companies that rely on certain Chinese semiconductor manufacturers with ties to the Chinese Communist Party and the Chinese military. It includes several provisions that mirror the restrictions on the procurement and use of certain telecommunications equipment, software and services found within Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Section 889).

The enactment of Section 5949 comes as the Biden Administration and Congress have enhanced their focus on competing with the Chinese chip industry and mitigating potential national security concerns related to critical infrastructure and technologies. Within the last year alone, the U.S. government has imposed new unilateral export controls pertaining to China on certain advanced computing and semiconductor manufacturing items,¹ prioritized the strengthening of the domestic chip supply chain through the passage of the CHIPS and Science Act, released an updated list (through the U.S. Department of Defense) of "Chinese military companies" operating in the United States in accordance with Section 1260H of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, and added several Chinese semiconductor manufacturers to the Entity List issued by the U.S. Department of Commerce's Bureau of Industry and Security. The enactment of Section 5949 is the most recent action in an unprecedented regulatory crackdown on the Chinese microelectronics sector.

A Closer Look at Section 5949

In an ode to Section 889, Section 5949 prohibits executive agencies from procuring or contracting with entities to obtain any electronic parts, products, or services that include covered semiconductor products or services from certain Chinese entities. Section 5949 aims to 1) protect national security, 2) reduce U.S. dependence on China, 3) promote economic security and 4) mitigate future chip shortages. Notably, to assist industry in compliance and to assuage any potential supply chain disruptions, the semiconductor prohibitions in Section 5949 will not go into effect until five years from the enactment of the 2023 NDAA, and the Federal Acquisition Regulatory (FAR) Council will issue the corresponding regulations within three years following the date of enactment. As with Section 889, Section 5949 includes a Part A and a Part B.

Part A

Part A prohibits any federal agency from procuring or obtaining, or extending or renewing, a contract to procure or obtain any electronic parts, products or services that include covered semiconductor products or services. "Covered semiconductor products or services" include any semiconductor products or services produced by Semiconductor Manufacturing International Corporation (SMIC), ChangXin Memory Technologies (CXMT), Yangtze Memory Technologies (YMTC) and their subsidiaries or affiliates. These companies — including China's largest chipmaker — represent a substantial and growing share of the global semiconductor chips market. A broad range of electronic equipment imported into the United States (including mobile phones, networking equipment and automobile parts) incorporate chips by these entities or their affiliates.

Importantly, Section 5949 also gives the U.S. Secretaries of Defense and Commerce the authority to designate other products or services as "covered" if they determine that the product or service is provided by an entity owned, controlled by or connected to the government of a "foreign country of concern," including China, Russia, North Korea and Iran.

Part B

Part B prohibits any federal agency from entering into a contract (or extending or renewing a contract) with an entity to procure or obtain electronic parts or products that use any electronic parts or products that include covered semiconductor products or services. Unlike Section 889, this prohibition does not restrict a government contractor's ability to use covered semiconductor products or services for their own internal purposes. Instead, Section 5949 focuses on procured electronic parts, products or services. Additionally, unlike Part A, Part B applies only to products or services that are determined to be part of a "critical system."²

Although Part B of Section 5949 is not as onerous from a compliance standpoint as Part B of Section 889, government contractors supporting "critical systems" will still be required to take steps to inventory all U.S. government deliverables to ensure they are not procuring products or services for their internal use that contain the prohibited microelectronics. Notably, however, the 2023 NDAA does not require any covered semiconductor products or services to be removed or replaced on a retroactive basis; instead, the prohibitions apply only as of the five-year-out effective date.

The FAR Council Will Issue Regulations Implementing Section 5949

Within three years after the enactment date, the FAR Council must promulgate regulations implementing the prohibitions. Major aspects of the regulations include:

• a requirement for government contractors that supply electronic parts or products to agencies to certify the non-use of covered semiconductor products or services in those parts or products, detect and avoid the use or inclusion of covered semiconductors in such products or services, and pay for any rework or corrective action required to remedy any use or inclusion of covered semiconductors in such products and services; the cost of any rework or corrective action would not be allowable under federal contracts
• a requirement of "covered entities," prime contractors and subcontractors to report to the government in writing within 60 days if the entity "becomes aware, or has reason to suspect" that an end item, component or part of any "critical system" purchased by or for the government contains covered semiconductor products or services
• a requirement for prime contractors to incorporate the substance of the prohibitions and implement contract clauses into contracts for the supply of electronic parts or products

Notable Exceptions, Waivers and Safe Harbors

Several provisions are included within Section 5949 that reduce the compliance burden on both industry and the federal government, especially in comparison to requirements of Section 889.

• As noted above, prohibitions under Section 5949 are not retroactive and, as such, entities are not required to remove or replace any covered semiconductor products or services that are considered "resident" (i.e., found within existing equipment, systems or services).
• The Federal Communications Commission (FCC) is not required to designate covered semiconductor products and services to its List of Covered Communications and Equipment Services maintained under Section 2 of the Secured and Trusted Communications Networks Act of 2019 as it does with certain telecommunications equipment, software and services pursuant to Section 889.
• Section 5949 authorizes the U.S. Secretaries of Defense, Commerce, Homeland Security and Energy, as well as the Director of National Intelligence, to waive the semiconductor prohibitions after the date of enactment if the waiver is in the "critical national security interests" of the United States.³
• Importantly, government contractors can reasonably rely on certifications from covered entities and subcontractors regarding the inclusion (or not) of covered semiconductor products or services in electronic products and parts. This means that government contractors are not required to conduct third-party audits of their subcontractors or formal review of those certifications. Further, government contractors and subcontractors that notify the government that a critical system contains actual or suspected covered semiconductor products or services will not be subject to civil liability or determined to be non-responsible if they have not manufactured or assembled the impacted products. If the notification involves parts or products manufactured or assembled by the notifying contractor/subcontractor, that company must make an effort to identify and remove the covered products or services.

Implications for Industry

Businesses with a nexus to the microelectronics sector in China should exercise caution when selecting products, service providers, vendors, suppliers and contract manufacturers. Section 5949 imposes concrete U.S. government supply chain prohibitions on some of the largest and most prolific chipmakers in China. Section 5949 provides executive branch agencies with the authority to designate additional companies to the prohibited list if they determine that the product or service is provided by an entity owned, controlled by or connected to the government of a "foreign country of concern," including China, Russia, North Korea and Iran.

Considering the heightened regulatory scrutiny of the microelectronics sector, businesses — especially federal government contractors — must have effective visibility into the materials and services involved in U.S. government deliverables. This means conducting comprehensive due diligence of suppliers, vendors and contract counterparties and considering appropriate contractual provisions to address the new supply chain risks. Adherence to Section 5949 will require an enhanced understanding of your company's global supply chains and component parts. Preparing now will minimize future disruptions and help ensure that your business is in compliance with U.S. law when Section 5949 prohibitions go into effect.

If you are seeking assistance in preparing for compliance with Section 5949, expanding your company's supply chain due diligence system or understanding the implications of Section 5949 on U.S. government contracting, reach out to the authors or another member of Holland & Knight's International Trade Group or Government Contracts Group.

Notes

¹ For more information, see previous Holland & Knight alert: "Commerce Department Rolls Out Measures to Strengthen Export Controls on China," Oct. 21, 2022.

² "Critical System" is identified in the 2023 NDAA to mean 1) "a telecommunications or information system operated by the Federal Government, the function, operation, or use of which: A) involves intelligence activities; B) involves cryptologic activities related to national security; C) involves command and control of military forces; D) involves equipment that is an integral part of a weapon or weapons system"; or E) is critical to the direct fulfillment of military or intelligence missions; 2) other systems identified by the Federal Acquisition Security Council; and 3) additional systems identified by the U.S. Department of Defense. "Critical System" does not include systems used for routine administrative and business applications (including payroll, finance, logistics and personnel management applications).

³ Other heads of executive agencies can also waive Section 5949 prohibitions in consultation with the Secretary of Commerce and the Secretary of Defense or the Director of National Intelligence, including for reasons of non-availability.

Information contained in this alert is for the general education and knowledge of our readers. It is not designed to be, and should not be used as, the sole source of information when analyzing and resolving a legal problem, and it should not be substituted for legal advice, which relies on a specific factual analysis. Moreover, the laws of each jurisdiction are different and are constantly changing. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. If you have specific questions regarding a particular fact situation, we urge you to consult the authors of this publication, your Holland & Knight representative or other competent legal counsel.