Regulatory/FDA

Federal Government Agencies Issue Rule to Ban TikTok on Contractor Devices

The Federal Acquisition Regulation Council (“FAR Council”) published an interim rule on June 2 prohibiting federal contractors from using TikTok on government devices, The rule specifies that the ban on TikTok and other ByteDance-developed services “applies to devices regardless of whether the device is owned by the government, the contractor or the contractor’s employees,” including “employee-owned devices that are used as part of an employer bring your own device program.” Personally-owned mobile devices that are not used “in the performance of the contract” are exempted from the ban. This rule will impact any advertising agencies who contracts with federal government agencies.” While the FAR Council has invited comments from the public up until Aug. 1, the rule is being implemented with immediate effect.

More specifically, the interim rule adds a new contract clause at FAR 52.204-27, Prohibition on a ByteDance Covered Application, which states: “The Contractor is prohibited from having or using a covered application on any information technology owned or managed by the Government, or on any information technology used or provided by the Contractor under this contract, including equipment provided by the Contractor’s employees.” The interim rule is issued under the authority of the Secretary of Defense, the Administrator of General Services, and the Administrator of the National Aeronautics and Space Administration and is “being implemented as a national security measure to protect Government information and information and communication technology systems.”

Important for agencies, the rule says this ban extends to situations “where social media advertising services might be part of the procurement.” This effectively signals a pause on government TikTok spending. There’s no telling when the interim rule will be lifted, modified, or cemented as a permanent fixture of federal advertising restrictions. While exceptions are noted, including via a contracting officer providing written notification to the contractor that an exception has been granted in accordance with OMB Memorandum M-23-13, advertising uses did not make the cut.

FAR 52.204-27 adopts the statutory definition of “information technology” in 40 U.S.C. § 11101(6) but applies more broadly and prohibits ByteDance app use on information technology to any extent on a government contract. This broad definition is likely to create the most confusion among the contracting community.

Contracting officers must include the new FAR clause in all solicitations, awards, modifications, the exercise of options, or extensions issued after June 2, 2023. In addition, contracting officers must amend solicitations issued before but awarded after June 2, by July 3, 2023. Existing contracts shall only be modified to apply to future orders or when exercising options. The new clause applies to all prime contracts, including those below the simplified acquisition threshold, and contracts for commercial products and services. In addition, prime contractors will be required to flow down the clause to their subcontractors at any tier.

In the rulemaking commentary, the FAR Council notes that it expects contractors to already have technology in place to block access to unwanted or nefarious websites and to prevent and remove a downloaded app. It hints that the federal government’s expectation is that the contractors will impose technical barriers in addition to using policies and procedures, training, and awareness campaigns to comply with the requirement.

The interim rule implements the Consolidated Appropriations Act of 2023 in which Congress banned Federal employees from using TikTok on government-owned devices. The December 2022 legislation cited security risks and gave the Office of Management and Budget (OMB) 60 days to issue guidance regarding removing the Chinese-owned app.

For further information, about the federal government’s interim rule to ban TikTok on government contractor devices, please contact Jim Potter, CHC Executive Director at jpotter@cohealthcom.org.