July 31, 2023

Second Quarter 2023 Government Contracts Policy and Regulatory Review

At a Glance

  • After a decline in COVID-19 hospitalizations and deaths, the Biden administration ended the vaccine requirement for federal contractors and employees.
  • New rules provide cybersecurity guidance for government contractors that own or operate a covered information system or have controlled unclassified information.
  • Sustainable procurement remains a priority for this administration and offers potential funding and partnership opportunities for the private sector.
  • U.S. Supreme Court issues unanimous False Claims Act decision adopting a subjective standard.

From increased cybersecurity requirements to updated Inflation Reduction Act guidance, to a long-awaited Supreme Court decision on the False Claims Act, federal contractors had a lot to think about during the second quarter of 2023.

The End of the COVID-19 Federal Contractor Vaccine Mandate

On May 9, 2023, the Biden administration issued Executive Order 14099 revoking the COVID-19 vaccination requirement for federal contractors and employees, citing a decline in COVID-19 deaths and hospitalizations. The Safer Federal Workforce Task Force consequently advised federal contractors that the Administration would not be taking further steps to enforce the requirement and advised agencies to rescind any policies they had put in place to implement the requirement.

CHIPS Act

On June 23, 2023, the National Institute of Standards and Technology (NIST) issued an expanded Notice of Funding Opportunity under the CHIPS Act. Enacted in August 2022, the CHIPS Act provides nearly $280 billion to increase domestic research and manufacturing of semiconductors. This Notice expands on the Notice of Opportunity that was published earlier this year to include the construction, expansion or modernization of commercial facilities for wafer manufacturing and semiconductor materials and manufacturing equipment for which the capital investment equals or exceeds $300 million. The Notice provides further detail on what facilities may meet those definitions and therefore be eligible for funding.

On the same date, NIST released “CHIPS for America, Vision for Success: Facilities for Semiconductor Materials and Manufacturing Equipment.” In that guidance document, NIST stated its intent to release an additional funding opportunity in fall 2023 and reiterated its goals to work alongside industry, state and local entities, labor unions, economic development organizations, institutions of higher education, and others to build semiconductor supply chain resilience and advance U.S. technology leadership.

False Claims Act

On June 1, the Supreme Court issued its long-awaited decision in United States et al. ex rel. Schutte et al. v. SuperValu Inc. et al. Writing for a unanimous Court, Justice Thomas concluded that a defendant’s subjective understanding about the lawfulness of its conduct is relevant to whether it knowingly violated the False Claims Act (FCA). In other words, to assess the second prong of FCA liability — whether or not the defendant knowingly submitted a “false” claim to the government — a court must adopt a subjective standard, not an objective reasonableness one. The determination of scienter is subjective and relates to what the defendant knew at the time that the claim was submitted. Given the complexities and ambiguities of certain specifications and requirements contained in government contracts, this interpretation may be especially beneficial to contractors.

Domestic Sourcing Requirements

On June 9, 2023, the Department of Defense (DoD) issued a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to increase the Buy American domestic content thresholds and revise key definitions, among other changes. The proposed revisions to DFARS Part 225 and the associated clauses supplement the Federal Acquisition Regulation’s (FAR) implementation of EO 14005, Ensuring the Future Is Made in All of America by All of America's Workers, by making conforming changes that address domestic preferences in DoD procurement.

The proposed rule would implement scheduled increases to the domestic content threshold from 55% to 60% in calendar year 2023, then to 65% in calendar years 2024 through 2028, and finally to 75% in calendar year 2029 and later. Definitions of “domestic end product,” “qualifying country end product” and “domestic construction material” will be revised to address the scheduled domestic content increases. The proposed rule also recommends several other changes to establish consistency between the DFARS Buy American regulations and the FAR Buy American regulations, including implementation of the framework for an enhanced price preference for end products and construction material considered to be critical or made up of critical components. DoD will accept comments on the proposed rule until August 8, 2023.

Small Business Administration

The U.S. Small Business Administration (SBA) also had a busy spring, executing several new rules and amendments during the second quarter of 2023.

In April, the FAR Council issued a proposed rule to better align the FAR with the SBA regulations that govern data rights for the Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) Programs. Specifically, the proposed rule updates the FAR definitions of “computer database,” “computer software,” “data,” “unlimited rights” and several other terms to align with their SBIR/STTR definitions. The proposed rule also extends the SBIR/STTR data rights protection period from a minimum of 4 years to 20 years by creating a new record retentions category at FAR 4.805(c)(9).

In May, SBA amended its regulations to allow its Office of Hearings and Appeals (OHA) to hear appeals from Historically Underutilized Business Zone (HUBZone) status protests. In short, this amendment allows entities that disagree with their HUBZone status determination to seek review from OHA’s independent administrative law judges. Entities must seek this review within ten days of the determination and can expect to receive a decision from the OHA within 45 days.

The SBA also issued a final rule altering the control and ownership requirements for the 8(a) Business Development program. Specifically, this rule implements (1) consequences for noncompliance with subcontracting limitations, (2) updated joint venture (JV) and size regulations, and (3) clarifications on the ostensible subcontractor rule. These consequences include the threat of not being given “a past performance rating of satisfactory or higher for the appropriate factor or subfactor in accordance with FAR 42.5103” if found to be noncompliant with these subcontracting limitations. The updated JV regulations include updates to the distinction between populated and unpopulated joint ventures and JV recertification requirements.

With respect to the ostensible subcontractor rule, this final rule clarifies how the ostensible subcontractor rule should apply to general construction contracts. It also codifies factors to consider in determining when a prime contractor’s relationship with a subcontractor is suggestive of unusual reliance, including whether the prime contractor's proposed management previously served with the subcontractor on the incumbent contract and whether the prime contractor lacks relevant experience and must rely upon its more experienced subcontractor to win the contract.

Notably, this rule comes on the heels of a Government Accountability Office (GAO) decision reaffirming its AttainX, Inc. ruling that when evaluating a JV for award of a contract, the SBA “requires agencies to consider the experience of the [JV] individual members … if the [JV] itself does not demonstrate sufficient capabilities or past performance to be considered for award.”

OFCCP

On June 5, the Office of Federal Contract Compliance Programs (OFCCP) announced the 250 federal construction contractors and subcontractors chosen for an annual compliance evaluation. The list, better known as the Corporate Scheduling Announcement List (CSA), is created every fiscal year based on a methodology developed by OFCCP. This year, OFCCP considered highest aggregated contract value, contract records, exemptions, and more. The 250 contractors and subcontractors being evaluated marks a significant increase from the 10 contractors evaluated in 2019 and 2020. These selected contractors and subcontractors will have thirty days to prepare documents and other information for compliance review. In light of this trend of increasing evaluations, contractors and subcontractors should be aware of what is required for a compliance review.

Russia-Ukraine

In recent months, the Biden administration implemented additional sanctions against Russia. Faegre Drinker discussed the initial announcement of additional sanctions targeting individuals and entities working in architecture, engineering, construction, manufacturing, and transportation in Russia. These sanctions prohibit the export of any services related to engineering or architecture to Russia and establish greater export controls for electronics, advance fibers, chemicals, biologics, and more advanced technologies. The Office for Foreign Asset Control (OFAC) and the Department of State also expanded sanctions against entities and individuals thought to be facilitating the evasion of sanctions or other economic measures put in place as responses to the Russia and Ukraine conflict.

The Biden administration also approved a new security aid package for Ukraine. The package provides billions in assistance in the form of additional ammunition, artillery rounds and support to maintain existing defense systems. Likewise, the package may create an opportunity for contractors capable of providing air defense systems and munitions, artillery rounds, ammunition for unmanned aerial systems, commercial satellite imaging services, and support for training and maintenance activities.

Sustainable Procurement

One of the most significant developments in sustainable procurement this spring was that the Internal Revenue Service (IRS) and Department of Treasury issued Notice 2023-38, Domestic Content Bonus Credit Guidance under Sections 45, 45Y, 48, and 48E. The Notice announces the IRS’s and the Department of Treasury’s shared intent to publish regulations on the Inflation Reduction Act’s (IRA) domestic content bonus tax credit requirements while providing preliminary guidance on how to qualify for those same credits.

Summarily, the IRA’s domestic content bonus tax credits include a production credit under Section 45 of the Internal Revenue Code, a clean energy production credit under Section 45Y, an investment credit under Section 48, and an electricity investment credit under Section 48E. Under those four sections, taxpayer projects that satisfy domestic content requirements are entitled to up to a 10% increase in base credit or in overall credit. The Notice provides additional guidance as to how the domestic content requirements are defined. For example, the Notice explains that the domestic content requirement for steel or iron requires that all manufacturing processes for structural steel and iron occur in the United States. Likewise, the Notice explains that the “manufactured product” requirement is satisfied if all components that are “manufactured products” are produced in the United States. The Notice, however, merely defines “manufactured product” as an “item produced as a result of the manufacturing process.” It provides similarly limited guidance on the definition of “component.” The Faegre Drinker team will be watching to see if the IRS’s and Department of Treasury’s forthcoming rules provide any further details.

In addition, on June 5, the Biden administration released the U.S. National Clean Hydrogen Strategy and Roadmap. The Roadmap “sets forth an all of government approach to clean hydrogen” with the goal of ensuring “that clean hydrogen is developed and adopted as an effective decarbonization tool for maximum benefit to the United States.” Central to the Roadmap are three key strategies: (1) targeting strategic, high impact uses for clean hydrogen; (2) reducing the cost of clean hydrogen; and (3) focusing on the development of regional hydrogen networks. Industry partners are expected to play a key role in executing these strategies and should be ready to capitalize on the many funding and partnership opportunities that are sure to follow the Roadmap’s publication.

Also in June, the Department of the Interior introduced a proposal that would update its renewable energy regulations in order to promote the development of solar and wind energy on public lands. The updated regulations would reduce acreage rental rates and capacity fees by around 80%, streamline the Department’s review of applications, and deliver greater certainty for the private sector as a result. Comments on the proposed rule are due by August 15.

Cybersecurity

Cybersecurity was an area of focus for the Biden administration this spring. On May 3, DoD issued a proposed rule that would expand its Defense Industrial Base (DIB) Cybersecurity Program. The DIB Cybersecurity Program is a voluntary program to bolster participants' capabilities to safeguard DoD information that resides on unclassified DIB information systems. The program encourages greater threat information sharing to complement mandatory aspects of the DIB cybersecurity activities that are contractually mandated by Defense Federal Acquisition Regulation Supplement (DFARS) 252.204–7012. This proposed rule would change program eligibility criteria so that contractors that own or operate a covered information system would be eligible for the program, instead of keeping program eligibility limited to contractors with at least a Secret level clearance. DoD estimates that the change could allow 68,000 additional contractors to participate in the program.

A week later, the National Institute of Standards and Technology (NIST) shared a new draft of Rule SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.” The Rule sets forth security requirements for the protection of controlled unclassified information (CUI) when that information resides outside of federal government systems — like when it resides on contractor systems, for example. The revisions made to this draft include eliminating the distinction between basic and derived security requirements, streamlining and updating security controls, and making certain security requirements more specific. Contractors are only required to comply with this Rule if it is included in their contracts. However, given the Administration’s increased focus on cybersecurity and the FAR Council’s long-standing intent to standardize cybersecurity requirements across all of government contracting, contractors should familiarize themselves with these revisions, as this Rule will likely be the basis of any future, universally-applicable cybersecurity requirements.

Likewise, on June 21, the Department of Homeland Security (DHS) issued a final rule updating the Homeland Security Acquisition Regulation’s (HSAR) cybersecurity and incident reporting requirements. The Rule aims to better safeguard CUI by identifying CUI handling requirements and security processes and procedures applicable to contractor information systems operated on behalf of DHS. It also seeks to improve incident reporting requirements by updating timelines and required data elements, inspection provisions, and post-incident activities and laying out specific procedures for reporting incidents having to do with Personally Identifiable Information. Contractors contracting with DHS should review the Rule and be prepared to certify their compliance if requested.

Also in the realm of cybersecurity, in early June, the FAR Council issued an interim final rule that implements OMB Memorandum M-23-13 and creates FAR 52.204-27, which “prohibits contractors from having or using a covered application on any information technology owned or managed by the Government, or on any information technology used or provided by the contractor under a contract, including equipment provided by the contractor's employees.” Critically, the rule “applies to devices regardless of whether the device is owned by the Government, the contractor, or the contractor's employees (e.g., employee-owned devices that are used as part of an employer bring your own device (BYOD) program),” so long as the device is used in the performance of a contract.  The Rule does not define the key phrases “not used in performance of the contract” or “incidental to a Federal contract,” leaving contractors without guidance on many issues. We explore the Rule and some of its possible implications here and will continue to monitor its implementation and enforcement.

Foreign Military Sales Modernization

As expected, DoD released its own recommendations for strengthening the foreign military sales program. These recommendations, issued on June 13, build off of those made in the defense industry report released this past February and include: improving DoD’s understanding of ally and partner requirements; enabling efficient reviews for release of technology; providing allies and partner nations relevant priority capabilities; accelerating acquisition and contracting support; expanding the defense industrial base capacity; and ensuring broad U.S. government support. Contractors should continue to follow this modernization effort, as it is sure to impact the defense industry.