The recently enacted 2023 National Defense Authorization Act adopts federal procurement restrictions for certain covered Chinese semiconductor products and services

Amid the 4,000 pages of provisions in the recently enacted Fiscal Year 2023 National Defense Authorization Act (NDAA) are prohibitions and associated requirements relating to the federal procurement of certain Chinese semiconductor products and services. The raison d’etre of these restrictions is to disengage further the federal government from reliance on such Chinese products and the attendant national security risks they may pose.

The federal procurement ban on covered semiconductor products and services was modeled after a similar ban on certain Chinese telecommunications products and services contained in the FY 2019 John S. McCain National Defense Authorization Act. Notably, in contrast to the Chinese telecomm ban implemented over a two-year period, the NDAA stayed the implementation of the semiconductor ban for five years in order to give companies time to understand their supply chain and plan and implement their compliance with the new restrictions.

Federal procurement prohibitions and waiver authority

Specifically, the NDAA prohibits the head of an executive agency from:

1. procuring or obtaining, or extending or renewing a contract to procure or obtain, any electronic parts, products, or services that include “covered semiconductor products or services;” or

2. entering into a contract, or extending or renewing a contract, with an entity to procure or obtain electronic parts or products that include “covered semiconductor products or services.”

Notably, the term “covered semiconductor products or services” targets certain Chinese semiconductor manufacturers – in an apparent effort to decouple US government purchasing from reliance on these Chinese products in order to limit associated national security risks. Senate Majority Leader Chuck Schumer, one proponent of the NDAA’s semiconductor restrictions, emphasized that the provisions will “further limit dependence on dangerous Chinese-made chips by the federal government, shoring up protections for American cybersecurity, privacy, and defense, and ensuring more American-made chips are used by the government.” Thus, the term “covered semiconductor product or services” is defined to include any semiconductor, a semiconductor product, a product that incorporates a semiconductor product, or a service that utilizes such a product, that is designed, produced, or provided by:

  • Semiconductor Manufacturing International Corporation (SMIC), ChangXin Memory Technologies (CXMT), or Yangtze Memory Technologies Corp. (YMTC) (or any subsidiary, affiliate, or successor of such entities), or
  • an entity that the Secretary of Defense or Commerce, in consultation with the Director of National Intelligence or FBI, determines to be an entity owned or controlled by, or otherwise connected to, the government of a “foreign country of concern.”

To be sure, the NDAA includes seemingly broad waiver authority. In particular, the prohibitions can be waived by the Secretary of Defense, Director of National Intelligence, Secretary of Commerce, Secretary of Homeland Security, or Secretary of Energy if one determines the waiver is in the critical national security interests of the United States. Additionally, the head of any executive agency may waive the prohibitions (for no longer than two years per waiver, subject to renewal) if: (1) no compliant product or service is available to be procured as, and when, needed at United States market prices or a price that is not considered prohibitively expensive; and (2) the waiver could not reasonably be expected to compromise the critical national security interests of the United States.

It remains to be seen, however, whether the US government will invoke these waivers. If the Chinese telecomm procurement ban is a guideline, one can expect these waivers to be used very sparingly.

Notably, these prohibitions would become effective five years after the legislation is enacted— (i.e., on December 23, 2027). The five-year stay of implementation was added to provide “ample time for companies to understand and strengthen their supply chains,” and allow “companies that have previously relied on chips manufactured by SMIC, YMTC, and CXMT [to] source their chips from chipmakers outside of China.” The five-year implementation recognizes that there are long lead times involved in replacing semiconductor products or services that are embedded in or otherwise used in electronic parts, products and services. Additionally, new semiconductor products need to be designed and undergo rigorous qualification processes. The extra time thus provides semiconductor companies and federal contractors with the breathing room to plan and implement such changes without the risk of violations of the federal ban.

Regulations implementing prohibitions and requirements for covered entities and contractors

The NDAA also would also require the Federal Acquisition Regulatory Council to promulgate regulations implementing the prohibitions no later than three years after enactment. Additionally, the regulations must include a requirement for prime contractors to incorporate the substance of such prohibitions and applicable implementing contract clauses into contracts for the supply of electronic parts or products.

Specifically, the NDAA requires the regulations to:

  • Provide that contractors who supply a federal agency with electronic parts or products are responsible for: (1) certifying to the non-use of covered semiconductor products or services in such parts or products; (2) detecting and avoiding the use or inclusion of such covered semiconductor products or services in such parts or products; and (3) any rework or corrective action that may be required to remedy the use or inclusion of such covered semiconductor products or services in such parts or products;
  • Require covered entitiesto disclose to direct customers the inclusion of a covered semiconductor product or service in electronic parts, products, or services included in electronic parts, products, or services subject to the contracting prohibition as to whether such supplied parts, products, or services include covered semiconductors products or services;
  • Provide that a covered entity that fails to disclose the inclusion to direct customers of a covered semiconductor product or service in electronic parts, products, or services procured or obtained by an executive agency in contravention of the prohibitions shall be responsible for any rework or corrective action that may be required to remedy the use or inclusion of such covered semiconductor product or service;
  • Provide that the costs of covered semiconductor products or services, suspect semiconductor products, and any rework or corrective action that may be required to remedy the use or inclusion of such products are not allowable costs for federal contracts;
  • Provide that any covered entity or federal contractor or subcontractor who becomes aware, or has reason to suspect, that any end item, component, or part of a critical system purchased by the federal government, or purchased by a federal contractor or subcontractor for delivery to the federal government for any critical system, that contains covered semiconductor products or services must notify the appropriate federal authorities in writing within 60 days.

At the same time, the NDAA does require certain measures that effectively limit the potential liabilities of federal contractors be included in the new regulations implementing the Chinese semiconductor ban. Specifically, the new regulations must:

  • Provide that federal bidders and contractors: (1) may reasonably rely on the certifications of compliance from covered entities and subcontractors who supply electronic parts, products, or services when providing proposals to the Federal Government; and (2) are not required to conduct independent third party audits or other formal reviews related to such certifications;
  • Provide that a federal contractor or subcontractor that provides a notification to federal authorities that does not regard electronic parts or products manufactured or assembled by such federal contractor or subcontractor shall not be subject to civil liability nor determined to not be a presently responsible contractor on the basis of such notification; and
  • Provide that a federal contractor or subcontractor that provides a notification to the federal authorities regarding electronic parts or products manufactured or assembled by such federal contractor or subcontractor shall not be subject to civil liability nor determined to not be a presently responsible contractor on the basis of such notification if the federal contractor or subcontractor makes a comprehensive and documentable effort to identify and remove covered semiconductor products or services from the federal supply.

Final thoughts and conclusion

Viewed in context, the new federal procurement ban on certain Chinese semiconductor products and services is part of an ongoing effort, reflected in the recently issued National Security Strategy of the United States, to robustly compete with China in areas critical to ensuring the US technological advantage central to both our military capability and economic growth. It also is one of a growing list of measures taken by the US government over security of supply concerns relating to reliance on the Chinese semiconductor. In effect, these measures are designed to disengage the US government from reliance on certain Chinese semiconductor products and services and the attendant risks they can bring.

Such other recently promulgated US measures notably include the CHIPS and Science Act of 2022 (CHIPS+), the main goal of which was to promote domestic US semiconductor production and innovation. CHIPS+ also included provisions that would prohibit a semiconductor company receiving federal financial assistance under CHIPS+ from engaging in any “significant transaction” involving the “material expansion of semiconductor manufacturing capacity in the People’s Republic of China” for 10 years after receiving such assistance.

Additionally, the US Department of Commerce Bureau of Industry and Security recently implemented more stringent export controls on certain advanced computing and semiconductor manufacturing items and for supercomputer and semiconductor end-uses under the Export Administration Regulations (EAR), which are intended to restrict China’s ability to obtain advanced computing chips, develop and maintain supercomputers, and manufacture advanced semiconductors.

In light of the forthcoming NDAA procurement ban on Chinese semiconductor products and services, federal contractors and subcontractors would be wise to use the five-year grace period prior to implementation to plan wisely.In effect, they should carefully review their internal use of covered Chinese semiconductor products and services and adopt internal plans to ensure compliance with the new regulations likely to emerge, including change their semiconductor product and service mix accordingly.

_________________

This second restriction does not cover products or services that include covered semiconductor products or services in a system that is not a “critical system.” The term “critical system” includes(1) a telecommunications orinformation systemoperated by the federal government, the function, operation, or use of which (a)involves intelligence activities, cryptologic activities related to national security, command and control of military forces, equipment that is an integral part of a weapon or weapons system; or (b) is critical to the direct fulfillment of military or intelligence missions; and (2) additional systems identified by the Federal Acquisition Security Council and the US Department of Defense (but does not include a system to be used for routine administrative and business applications, including payroll, finance, logistics, and personnel management applications).

The term “foreign country of concern” includes North Korea, China, Russia, and Iran, as well as any country that the Secretary of Commerce, in consultation with the Secretary of Defense, the Secretary of State, and the Director of National Intelligence, determines to be engaged in conduct that is detrimental to the national security or foreign policy of the United States.

A “covered entity” is an entity that: (1) develops, domestically or abroad, a design of a semiconductor that is the direct product of US-origin technology or software; and (2) purchases covered semiconductor products or services from SMIC (or any subsidiary, affiliate, or successor of such entity) or (2) an entity that the Secretary of Defense or Secretary of Commerce, determines to be owned or controlled by, or otherwise connected to, the government of a “foreign country of concern.”

The NDAA23 would require Federal authorities to report the information to appropriate committees in Congress and leadership within 120 days.

Implementation of Additional Export Controls: Certain Advanced Computing and Semiconductor Manufacturing Items; Supercomputer and Semiconductor End Use; Entity List Modification, 87 Fed. Reg. 62186 (Oct. 13, 2022), available at https://www.federalregister.gov/documents/2022/10/13/2022-21658/implementation-of-additional-export-controls-certain-advanced-computing-and-semiconductor.

[View source.]