§4713. Authorities relating to mitigating supply chain risks in the procurement of covered articles
(a)
(b)
(1) obtaining a joint recommendation, in unclassified or classified form, from the chief acquisition officer and the chief information officer of the agency, or officials performing similar functions in the case of executive agencies that do not have such officials, which includes a review of any risk assessment made available by the executive agency identified under section 1323(a)(3) of this title, that there is a significant supply chain risk in a covered procurement;
(2) providing notice of the joint recommendation described in paragraph (1) to any source named in the joint recommendation advising-
(A) that a recommendation is being considered or has been obtained;
(B) to the extent consistent with the national security and law enforcement interests, of information that forms the basis for the recommendation;
(C) that, within 30 days after receipt of the notice, the source may submit information and argument in opposition to the recommendation; and
(D) of the procedures governing the consideration of the submission and the possible exercise of the authority provided in subsection (a);
(3) making a determination in writing, in unclassified or classified form, after considering any information submitted by a source under paragraph (2) and in consultation with the chief information security officer of the agency, that-
(A) use of the authority under subsection (a) is necessary to protect national security by reducing supply chain risk;
(B) less intrusive measures are not reasonably available to reduce such supply chain risk; and
(C) the use of such authorities will apply to a single covered procurement or a class of covered procurements, and otherwise specifies the scope of the determination; and
(4) providing a classified or unclassified notice of the determination made under paragraph (3) to the appropriate congressional committees and leadership that includes-
(A) the joint recommendation described in paragraph (1);
(B) a summary of any risk assessment reviewed in support of the joint recommendation required by paragraph (1); and
(C) a summary of the basis for the determination, including a discussion of less intrusive measures that were considered and why such measures were not reasonably available to reduce supply chain risk.
(c)
(1) may, to the extent necessary to address such national security interest, and subject to the conditions in paragraph (2)-
(A) temporarily delay the notice required by subsection (b)(2);
(B) make the determination required by subsection (b)(3), regardless of whether the notice required by subsection (b)(2) has been provided or whether the notified source has submitted any information in response to such notice;
(C) temporarily delay the notice required by subsection (b)(4); and
(D) exercise the authority provided in subsection (a) in accordance with such determination within 60 calendar days after the day the determination is made; and
(2) shall take actions necessary to comply with all requirements of subsection (b) as soon as practicable after addressing the urgent national security interest, including-
(A) providing the notice required by subsection (b)(2);
(B) promptly considering any information submitted by the source in response to such notice, and making any appropriate modifications to the determination based on such information;
(C) providing the notice required by subsection (b)(4), including a description of the urgent national security interest, and any modifications to the determination made in accordance with subparagraph (B); and
(D) providing notice to the appropriate congressional committees and leadership within 7 calendar days of the covered procurement actions taken under this section.
(d)
(e)
(f)
(g)
(h)
(i)
(j)
(k)
(1)
(A) the Committee on Homeland Security and Governmental Affairs, the Committee on the Judiciary, the Committee on Appropriations, the Committee on Armed Services, the Committee on Commerce, Science, and Transportation, the Select Committee on Intelligence, and the majority and minority leader of the Senate; and
(B) the Committee on Oversight and Government Reform, the Committee on the Judiciary, the Committee on Appropriations, the Committee on Homeland Security, the Committee on Armed Services, the Committee on Energy and Commerce, the Permanent Select Committee on Intelligence, and the Speaker and minority leader of the House of Representatives.
(2)
(A) information technology, as defined in section 11101 of title 40, including cloud computing services of all types;
(B) telecommunications equipment or telecommunications service, as those terms are defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153);
(C) the processing of information on a Federal or non-Federal information system, subject to the requirements of the Controlled Unclassified Information program; or
(D) hardware, systems, devices, software, or services that include embedded or incidental information technology.
(3)
(A) a source selection for a covered article involving either a performance specification, as provided in subsection (a)(3)(B) of section 3306 of this title, or an evaluation factor, as provided in subsection (b)(1)(A) of such section, relating to a supply chain risk, or where supply chain risk considerations are included in the agency's determination of whether a source is a responsible source as defined in section 113 of this title;
(B) the consideration of proposals for and issuance of a task or delivery order for a covered article, as provided in section 4106(d)(3) of this title, where the task or delivery order contract includes a contract clause establishing a requirement relating to a supply chain risk;
(C) any contract action involving a contract for a covered article where the contract includes a clause establishing requirements relating to a supply chain risk; or
(D) any other procurement in a category of procurements determined appropriate by the Federal Acquisition Regulatory Council, with the advice of the Federal Acquisition Security Council.
(4)
(A) The exclusion of a source that fails to meet qualification requirements established under section 3311 of this title for the purpose of reducing supply chain risk in the acquisition or use of covered articles.
(B) The exclusion of a source that fails to achieve an acceptable rating with regard to an evaluation factor providing for the consideration of supply chain risk in the evaluation of proposals for the award of a contract or the issuance of a task or delivery order.
(C) The determination that a source is not a responsible source as defined in section 113 of this title based on considerations of supply chain risk.
(D) The decision to withhold consent for a contractor to subcontract with a particular source or to direct a contractor to exclude a particular source from consideration for a subcontract under the contract.
(5)
(A) information technology, as defined in section 11101 of title 40;
(B) information systems, as defined in section 3502 of title 44; and
(C) telecommunications equipment and telecommunications services, as those terms are defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153).
(6)
(7)
(Added
Editorial Notes
References in Text
Section 3101(c)(1), referred to in subsec. (k)(7), probably means section 3101(c)(1) of this title, which excepts the Department of Defense, the Coast Guard, and the National Aeronautics and Space Administration from applicability of the Procurement procedures and regulations of the Administrator of General Services.
Amendments
2022-Subsec. (j).
Statutory Notes and Related Subsidiaries
Change of Name
Committee on Oversight and Government Reform of House of Representatives changed to Committee on Oversight and Reform of House of Representatives by House Resolution No. 6, One Hundred Sixteenth Congress, Jan. 9, 2019. Committee on Oversight and Reform of House of Representatives changed to Committee on Oversight and Accountability of House of Representatives by House Resolution No. 5, One Hundred Eighteenth Congress, Jan. 9, 2023.
Effective Date
Title II of
Prohibition on Certain Semiconductor Products and Services
"(a)
"(1)
"(A) procure or obtain, or extend or renew a contract to procure or obtain, any electronic parts, products, or services that include covered semiconductor products or services; or
"(B) enter into a contract (or extend or renew a contract) with an entity to procure or obtain electronic parts or products that use any electronic parts or products that include covered semiconductor products or services.
"(2)
"(A)
"(i) to require any covered semiconductor products or services resident in equipment, systems, or services as of the day before the applicable effective date specified in subsection (c) to be removed or replaced;
"(ii) to prohibit or limit the utilization of such covered semiconductor products or services throughout the lifecycle of such existing equipment;
"(iii) to require the recipient of a Federal contract, grant, loan, or loan guarantee to replace covered semiconductor products or services resident in equipment, systems, or services before the effective date specified in subsection (c); or
"(iv) to require the Federal Communications Commission to designate covered semiconductor products or services to its Covered Communications Equipment or Services List maintained under section 2 of the Secured and Trusted Communications Networks Act of 2019 (47 U.S.C. 1603) [probably should be "(47 U.S.C. 1601)"].
"(B)
"(b)
"(1)
"(2)
"(3)
"(4)
"(5)
"(6)
"(A) the head of the agency, in consultation with the Secretary of Commerce, determines that no compliant product or service is available to be procured as, and when, needed at United States market prices or a price that is not considered prohibitively expensive; and
"(B) the head of the agency, in consultation with the Secretary of Defense or the Director of National Intelligence, determines that such waiver could not reasonably be expected to compromise the critical national security interests of the United States.
"(7)
"(c)
"(1)
"(2)
"(d)
"(1) the implementation of the prohibitions under subsection (a), including any challenges in the implementation; and
"(2) the effectiveness and utility of the waiver authority under subsection (b).
"(e)
"(1) conduct an analysis of semiconductor design and production capacity domestically and by allied or partner countries required to meet the needs of the Federal Government, including analyses regarding-
"(A) semiconductors critical to national security, as determined by the Secretary of Commerce, in consultation with the Secretary of Defense and the Director of National Intelligence, in accordance with section 9902(a)(6)(A)(i) of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (
"(B) semiconductors classified as legacy semiconductors pursuant to section 9902(a)(6)(A)(i) of William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (
"(2) assess the risk posed by the presence of covered semiconductor products or services in Federal systems;
"(3) assess the risk posed by the presence of covered semiconductor products or services in the supply chains of Federal contractors and subcontractors, including for non-Federal systems;
"(4) develop a strategy to-
"(A) improve the availability of domestic semiconductor design and production capacity required to meet the requirements of the Federal Government;
"(B) support semiconductor product and service suppliers seeking to contract with domestic, allied, or partner semiconductor producers and to improve supply chain traceability, including to meet the prohibitions under subsection (a); and
"(C) either certify the feasibility of implementing such prohibitions or exercising waiver authorities under subsection (b), to ensure uninterrupted Federal Government access to required semiconductor products and services; and
"(5) provide the results of the analysis, assessment, and strategy developed under paragraphs (1) through (4) to the Federal Acquisition Security Council.
"(f)
"(1)
"(2)
"(A) Sharing best practices, refining microelectronics standards, such as those established pursuant to section 224 of the National Defense Authorization Act for Fiscal Year 2020 (
"(B) Developing an assessment framework to inform Federal decisions on sourcing microelectronics, considering-
"(i) chain of custody and traceability, including origin and location of design, manufacturing, distribution, shipping, and quantities;
"(ii) confidentiality, including protection, verification, and validation of intellectual property included in microelectronics;
"(iii) integrity, including-
"(I) security weaknesses and vulnerabilities that include potential supply chain attacks;
"(II) risk analysis and consequence to system;
"(III) risk of intentional or unintentional modification or tampering; and
"(IV) risk of insider threats, including integrity of people and processes involved in the design and manufacturing of microelectronics; and
"(iv) availability, including-
"(I) potential supply chain disruptions, including due to natural disasters or geopolitical events;
"(II) prioritization of parts designed and manufactured in the United States and in allied or partner countries to support and sustain the defense and technology industrial base;
"(III) risk associated with sourcing parts from suppliers outside of the United States and allied and partner countries, including long-term impacts on availability of microelectronics produced domestically or in allied or partner countries; and
"(IV) obsolescence management and counterfeit avoidance and detection.
"(C) Developing a process for provenance and traceability from design to disposal of microelectronics components and intellectual property contained therein implementable across the Federal acquisition system to improve reporting, data analysis, and tracking.
"(D) Developing and implementing policies and plans to support the following:
"(i) Development of domestic design and manufacturing capabilities to replace covered semiconductor products or services.
"(ii) Utilization of the assessment framework developed under subparagraph (B).
"(iii) Implementation of the strategy required under subsection (e)(4) as applicable.
"(iv) Identification of and integration with existing information reporting and data visualization systems in the Federal Government, including modification to such systems to track the information.
"(v) A requirement to document microelectronics used in systems and subsystems, including origin and location of design and manufacturing, technologies used, and quantities procured.
"(vi) Elimination from Federal Government supply chains of microelectronics from entities included on the Consolidated Screening List maintained by the International Trade Administration of the Department of Commerce.
"(3)
"(A) The National Science and Technology Council Subcommittee on Microelectronics Leadership.
"(B) The Department of Commerce semiconductor industrial advisory committee established under subsection 9906(b) of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (
"(C) The White House Coordinator for CHIPS Implementation.
"(D) The Federal Acquisition Security Council (FASC).
"(E) The Government-Industry Working Group on Microelectronics.
"(F) The Joint Defense Manufacturing Technology Panel (JDMTP).
"(G) Standards development organizations.
"(g)
"(1) issue recommendations to mitigate supply chain risks relevant to Federal Government acquisition of semiconductor products and services, considering-
"(A) the analysis, assessment, and strategy developed under subsection (e) and any related updates;
"(B) the standards provided under section 224 of the National Defense Authorization Act for Fiscal Year 2020 (
"(C) the extent to which such recommendations would enhance the security of critical systems;
"(D) the extent to which such recommendations would impact Federal access to commercial technologies; and
"(E) any risks to the Federal Government from contracting with microelectronics suppliers that include covered semiconductor products or services in non-Federal supply chains; and
"(2) make recommendations to the Federal Acquisition Regulatory Council and the heads of executive agencies for any needed regulations to mitigate supply chain risks.
"(h)
"(1) provide that contractors who supply a Federal agency with electronic parts or products are responsible for-
"(A) certifying to the non-use of covered semiconductor products or services in such parts or products;
"(B) detecting and avoiding the use or inclusion of such covered semiconductor products or services in such parts or products; and
"(C) any rework or corrective action that may be required to remedy the use or inclusion of such covered semiconductor products or services in such parts or products;
"(2) require covered entities to disclose to direct customers the inclusion of a covered semiconductor product or service in electronic parts, products, or services included in electronic parts, products, or services subject to the contracting prohibition under subsection (a) as to whether such supplied parts, products, or services include covered semiconductors products or services;
"(3) provide that a covered entity that fails to disclose the inclusion to direct customers of a covered semiconductor product or service in electronic parts, products, or services procured or obtained by an executive agency in contravention of subsection (a) shall be responsible for any rework or corrective action that may be required to remedy the use or inclusion of such covered semiconductor product or service;
"(4) provide that the costs of covered semiconductor products or services, suspect semiconductor products, and any rework or corrective action that may be required to remedy the use or inclusion of such products are not allowable costs for Federal contracts;
"(5) provide that-
"(A) any covered entity or Federal contractor or subcontractor who becomes aware, or has reason to suspect, that any end item, component, or part of a critical system purchased by the Federal Government, or purchased by a Federal contractor or subcontractor for delivery to the Federal Government for any critical system, that contains covered semiconductor products or services shall notify appropriate Federal authorities in writing within 60 days; and
"(B) the Federal authorities shall report such information to the appropriate committees of Congress and leadership within 120 days;
"(6) provide that Federal bidders and contractors-
"(A) may reasonably rely on the certifications of compliance from covered entities and subcontractors who supply electronic parts, products, or services when providing proposals to the Federal Government; and
"(B) are not required to conduct independent third party audits or other formal reviews related to such certifications;
"(7) provide that a Federal contractor or subcontractor that provides a notification under paragraph (5) that does not regard electronic parts or products manufactured or assembled by such Federal contractor or subcontractor shall not be subject to civil liability nor determined to not be a presently responsible contractor on the basis of such notification; and
"(8) provide that a Federal contractor or subcontractor that provides a notification under paragraph (5) that regards electronic parts or products manufactured or assembled by such Federal contractor or subcontractor shall not be subject to civil liability nor determined to not be a presently responsible contractor on the basis of such notification if the Federal contractor or subcontractor makes a comprehensive and documentable effort to identify and remove covered semiconductor products or services from the Federal supply.
"(i)
"(1)
"(A) a report of the findings and recommendations of the analyses, assessment, and strategy developed under such subsection; and
"(B) a report on development of the microelectronics traceability and diversification initiative under subsection (f)(1).
"(2)
"(A) the development of recommendations under subsection (g), including the considerations described in paragraph (1) of such subsection; and
"(B) as applicable, the impact of any recommendations or regulations implemented.
"(j)
"(1)
"(A) the Committee on Armed Services, the Committee on Commerce, Science, and Transportation, the Committee on Homeland Security and Governmental Affairs, the Committee on Energy and Natural Resources, the Committee on Foreign Relations, the Committee on Banking, Housing, and Urban Affairs, the Select Committee on Intelligence, and the majority and minority leaders of the Senate; and
"(B) the Committee on Armed Services, the Committee on Energy and Commerce, the Committee on Science, Space, and Technology, the Committee on Oversight and Reform [now Committee on Oversight and Accountability], the Committee on Foreign Affairs, the Committee on Homeland Security, the Permanent Select Committee on Intelligence, and the Speaker, the majority leader, and the minority leader of the of the House of Representatives.
"(2)
"(A) develops, domestically or abroad, a design of a semiconductor that is the direct product of United States origin technology or software; and
"(B) purchases covered semiconductor products or services from an entity described in subparagraph (A) or (C) of paragraph (3).
"(3)
"(A) A semiconductor, a semiconductor product, a product that incorporates a semiconductor product, or a service that utilizes such a product, that is designed, produced or provided by, Semiconductor Manufacturing International Corporation (SMIC) (or any subsidiary, affiliate, or successor of such entity).
"(B) A semiconductor, a semiconductor product, a product that incorporates a semiconductor product, or a service that utilizes such a product, that is designed, produced, or provided by ChangXin Memory Technologies (CXMT) or Yangtze Memory Technologies Corp (YMTC) (or any subsidiary, affiliate, or successor of such entities).
"(C) A semiconductor, semiconductor product, or semiconductor service produced or provided by an entity that the Secretary of Defense or the Secretary of Commerce, in consultation with the Director of the National Intelligence or the Director of the Federal Bureau of Investigation, determines to be an entity owned or controlled by, or otherwise connected to, the government of a foreign country of concern, provided that the determination with respect to such entity is published in the Federal Register.
"(4)
"(A) has the meaning given the term 'national security system' in section 11103(a)(1) of title 40, United States Code;
"(B) shall include additional systems identified by the Federal Acquisition Security Council;
"(C) shall include additional systems identified by the Department of Defense, consistent with guidance provided under section 224 of the National Defense Authorization Act for Fiscal Year 2020 (
"(D) shall not include a system to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications).
"(5)
"(k)
"(1)
"(2)-[Amended this section.]
"(l)
"(1)
"(2)