Federal Acquisition Regulation: Prohibition on Certain Semiconductor Products and Services

DEPARTMENT OF DEFENSE GENERAL SERVICES ADMINISTRATION NATIONAL AERONAUTICS AND SPACE ADMINISTRATION <CFR>48 CFR Part 40</CFR> <DEPDOC>[FAR Case 2023-008, Docket No. FAR-2023-0008, Sequence No. 1]</DEPDOC> <RIN>RIN 9000-AO56</RIN> <SUBJECT>Federal Acquisition Regulation: Prohibition on Certain Semiconductor Products and Services</SUBJECT> <HD SOURCE="HED">AGENCY:</HD> Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA). <HD SOURCE="HED">ACTION:</HD> Advanced notice of proposed rulemaking. <SUM> <HD SOURCE="HED">SUMMARY:</HD> DoD, GSA, and NASA are considering amending the Federal Acquisition Regulation (FAR) to implement paragraphs (a), (b), and (h) in section 5949 of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 that prohibits executive agencies from procuring or obtaining certain products and services that include covered semiconductor products or services effective December 23, 2027. </SUM> <EFFDATE> <HD SOURCE="HED">DATES:</HD> Interested parties should submit written comments to the Regulatory Secretariat Division at the address shown below on or before July 2, 2024 to be considered in the formation of the proposed rule. </EFFDATE> <HD SOURCE="HED">ADDRESSES:</HD> Submit comments in response to FAR Case 2023-008 to the Federal eRulemaking portal at <E T="03">https://www.regulations.gov</E> by searching for “FAR Case 2023-008”. Select the link “Comment Now” that corresponds with “FAR Case 2023-008”. Follow the instructions provided on the “Comment Now” screen. Please include your name, company name (if any), and “FAR Case 2023-008” on your attached document. If your comment cannot be submitted using <E T="03">https://www.regulations.gov,</E> call or email the points of contact in the <E T="02">FOR FURTHER INFORMATION CONTACT</E> section of this document for alternate instructions. <E T="03">Instructions:</E> Please submit comments only and cite “FAR Case 2023-008” in all correspondence related to this case. Comments received generally will be posted without change to <E T="03">https://www.regulations.gov,</E> including any personal and/or business confidential information provided. Public comments may be submitted as an individual, as an organization, or anonymously (see frequently asked questions at <E T="03">https://www.regulations.gov/faq</E> ). To confirm receipt of your comment(s), please check <E T="03">https://www.regulations.gov,</E> approximately two to three days after submission to verify posting. <FURINF> <HD SOURCE="HED">FOR FURTHER INFORMATION CONTACT:</HD> <E T="03">Farpolicy@gsa.gov</E> or call 202-969-4075. Please cite FAR Case 2023-008. </FURINF> <SUPLINF> <HD SOURCE="HED">SUPPLEMENTARY INFORMATION:</HD> <HD SOURCE="HD1">I. Background</HD> Semiconductors are tiny electronic devices that are essential to America's economic and national security. Semiconductors power our consumer electronics, automobiles, data centers, critical infrastructure, and virtually all military systems. These devices power tools as simple as a power adapter and as complex as a fighter jet or a smartphone. They are also essential building blocks of the technologies that will shape our future, including artificial intelligence, biotechnology, and clean energy. For additional information on semiconductors, visit <E T="03">https://www.nist.gov/semiconductorsandchips.gov.</E> See the section containing definitions in this advance notice of proposed rulemaking for the definition of “semiconductor”. The National Counterintelligence and Security Center, located in the U.S. Office of the Director of National Intelligence, has identified semiconductors as one of the technology sectors where the stakes of disruption are potentially greatest for U.S. economic and national security. There are numerous opportunities for adversaries and other threat actors to introduce hardware backdoors, malicious firmware, and malicious software into a semiconductor during production. Since semiconductors are key components of U.S. critical infrastructure ( <E T="03">e.g.,</E> information technology, communications) and have many military applications, it is vital that these threat vectors are addressed during the production process. Chips are ultimately integrated into end products, so it can be difficult to identify and mitigate risks to semiconductor hardware, firmware, and software. Due to this significant national security risk, Congress included a prohibition for certain covered semiconductors in section 5949 of the James M. Inhofe National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2023 (Pub. L. 117-263). The statute states that “[t]he head of an executive agency may not (A) procure or obtain, or extend or renew a contract to procure or obtain, any electronic parts, products, or services that include covered semiconductor products or services; or (B) enter into a contract (or extend or renew a contract) with an entity to procure or obtain electronic parts or products that use any electronic parts or products that include covered semiconductor products or services”. However, executive agencies are not required to— (1) Remove or replace any products or services resident in equipment, systems, or services, prior to the effective date of the prohibition. (2) Prohibit or limit the utilization of covered semiconductor products or services throughout the lifecycle of existing equipment. DoD, GSA, and NASA plan to implement section 5949 of the NDAA for FY 2023 in the FAR via FAR Case 2023-008, Prohibition on Certain Semiconductor Products and Services. <HD SOURCE="HD2">A. Prohibition Scope</HD> The statute's prohibition applies to products, parts, and services. The term “products” is currently defined in FAR 2.101 to mean supplies, which in turn includes all types of property including parts, except land and interests in land. Thus, under the FAR's definition, the term “product” already covers “parts” (see FAR 2.101). To avoid redundancy, DoD, GSA, and NASA are planning to use the following language, which removes the term “part”, to implement the statutory prohibition: • Section 5949(a)(1)(A) of the NDAA for FY 2023 prohibits executive agencies from procuring or obtaining electronic products or electronic services that include covered semiconductor products or services. • Section 5949(a)(1)(B) of the NDAA for FY 2023 prohibits executive agencies from procuring or obtaining electronic products that use electronic products that include covered semiconductor products or services; however, this prohibition does not apply to electronic products used in systems that are not critical systems. Section 5949(a)(1)(B) goes beyond the prohibition in section 5949(a)(1)(A) by prohibiting Federal agencies from acquiring electronic products used within critical systems that use electronic products that incorporate covered semiconductor products or services. For example, section 5949(a)(1)(B) could restrict a Federal agency from acquiring a replacement control panel within a critical system that enables an Internet of Things (IoT) device that includes a covered semiconductor product or service and was purchased prior to the effective date of the prohibition. <HD SOURCE="HD2">B. Definitions</HD> DoD, GSA, and NASA are considering incorporating the following definitions that are referenced in section 5949 of the NDAA for FY 2023: • <E T="03">Covered entity</E> (section 5949(j)(2)). ○ An entity that— Develops, domestically or abroad, a design of a semiconductor that is the direct product of United States origin technology or software; and Purchases covered semiconductor products or services from an entity described in the first or third paragraph of the definition of covered semiconductor product or services. • <E T="03">Covered nation</E> (section 5949(j)(5) and 10 U.S.C. 4872(d)) ○ The Democratic People's Republic of Korea (North Korea); ○ The People's Republic of China; ○ The Russian Federation; ○ The Islamic Republic of Iran. • <E T="03">Covered semiconductor product or service</E> (section 5949(j)(3)) ○ A semiconductor, a semiconductor product, a product that incorporates a semiconductor product, or a service that utilizes such a product, that is designed, produced, or provided by Semiconductor Manufacturing International Corporation (SMIC) (or any subsidiary, affiliate, or successor of such entity); ○ A semiconductor, a semiconductor product, a product that incorporates a semiconductor product, or a service that utilizes such a product, that is designed, produced, or provided by ChangXin Memory Technologies (CXMT) or Yangtze Memory Technologies Corp (YMTC) (or any subsidiary, affiliate, or successor of such entities); or ○ A semiconductor, semiconductor product, or semiconductor service produced or provided by an entity that the Secretary of Defense or the Secretary of Commerce, in consultation with the Director of the National Intelligence or the Director of the Federal Bureau of Investigation, determines to be an entity owned or controlled by, or otherwise connected to, the government of a foreign country of concern, provided that the determination with respect to such entity is published in the <E T="04">Federal Register</E> . • <E T="03">Critical national security interests</E> mean any interests having a critical impact on the national defense, foreign intelligence and counterintelligence, international and internal security, or foreign relations of the United States. • <E T="03">Critical system</E> (section 5949(j)(4)) ○ National security system (see 40 U.S.C. 11103(a)(1)); ○ Additional systems identified by the Federal Acquisition Security Council; or ○ Additional systems identified by the Department of Defense, consistent with guidance provided und ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Preview showing 10k of 29k characters. Full document text is stored and available for version comparison. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━