Supply chain risks are on the rise. Protecting the supply chain is a critical aspect of our national security, health and public safety. Whether parts are electronic or not, if they aren’t what they are represented to be, don’t do what they are supposed to do, or do things that they’re not supposed to do, then they pose real, tangible risks to our national security, health and safety. Unfortunately, it may be difficult to determine whether a part or supply is counterfeit or simply nonconforming. Even if it is nonconforming, if it is a critical or major nonconformance, it may raise the risk of catastrophic failure when used.
Contractors and the Department of Defense (DoD) struggle with how to best address counterfeit and nonconforming parts – to ferret them out of the supply chain and to obtain timely notice when such a part is identified in the supply chain by others. Numerous laws and regulations have been issued to try to address the situation. For example, DoD rules provide authority to eliminate contractors and their suppliers from contracts if they are determined to pose a risk to the supply chain. Other government-wide Federal Acquisition Regulation (FAR) rules prohibit specific equipment and services from being used or delivered under government contracts because they have been deemed to pose a national security risk. And still other DoD or government-wide rules require contractors to certify the conformity of their supplies, report actual or suspected counterfeits and nonconformities when found, require procurement of electronic items from the original equipment manufacturer or authorized reseller, or use a counterfeit electronic part detection and avoidance systems.
On November 22, 2019, the FAR Council issued a government-wide final rule on the Reporting of Nonconforming Items to the Government-Industry Data Exchange Program (GIDEP) to try to address some of these concerns. In the past, GIDEP has provided the Government and DoD contractors the opportunity to report on, and to find out about, identified actual or potential supply chain risks. This final rule expands the scope of GIDEP screening and reporting to contractors and subcontractors involved in contracts at DoD and other agencies across the Federal Government.
The final rule requires contractors to screen GIDEP as part of their inspection system or program to control quality, and to avoid the use and delivery of actual or suspect counterfeit items or major or critical nonconforming items to the Government. The final rule also requires contractors to report on actual or suspect counterfeit parts or parts with critical or major nonconformances to their Contracting Officer, as well as the GIDEP. Contractors must now submit a report within 60 days “of becoming aware or having reason to suspect, such as through inspection, testing, record review, or notification from another source (e.g., seller, customer, third party) that an item purchased by the contractor for delivery to, or for, the Government is ‘counterfeit or suspect counterfeit item’ or ‘a common item that has a major or critical nonconformance’.”
The definitions of those now reportable matters under the final rule include:
- “Counterfeit item” is defined as “an unlawful or unauthorized reproduction, substitution, or alteration that has been knowingly mismarked, misidentified, or otherwise misrepresented to be an authentic, unmodified item from the original manufacturer, or a source with the express written authority of the original manufacturer or current design activity, including an authorized aftermarket manufacturer. Unlawful or unauthorized substitution includes used items represented as new, or the false identification of grade, serial number, lot number, date code, or performance characteristics.”
- “Suspect counterfeit item” is defined as “an item for which credible evidence (including but not limited to, visual inspection or testing) provides reasonable doubt that the item is authentic.”
- “Nonconforming item” for purposes of the final rule includes (i) “[a]ny items that are subject to higher-level quality standards in accordance with the clause at 52.246-11, Higher-Level Contract Quality Requirement”; (ii) “[a]ny items that the contracting officer, in consultation with the requiring activity determines to be critical items for which use of the clause is appropriate”; or (iii) “electronic parts or end items, components, parts, or materials containing electronic parts, whether or not covered [by (i) or (ii)] …” under a DoD prime or subcontract, where the acquisition is above the simplified acquisition threshold (SAT).
- “Critical item” is defined as “an item, the failure of which is likely to result in hazardous or unsafe conditions for individuals using, maintaining, or depending upon the item; or is likely to prevent performance of a vital agency mission.”
- “Critical nonconformance” is defined as “a nonconformance that is likely to result in hazardous or unsafe conditions for individuals using, maintaining, or depending upon the supplies or services; or is likely to prevent performance of a vital agency mission.”
- “Major nonconformance” is defined as “a nonconformance, other than critical, that is likely to result in failure of the supplies or services, or to materially reduce the usability of the supplies or services for their intended purpose.”
The rule carves out exemptions from reporting for the following types of situations: 1) acquisition of medical devices that are subject to U.S. Food and Drug Administration reporting requirements; 2) where disclosure would impact an ongoing criminal investigation, 2) where the incident arises under a FAR part 12 commercial item contract or subcontract for commercial items, 3) where the contract or subcontract is valued below the Simplified Acquisition Threshold (SAT). What is potentially confusing about the final rule is that it still requires DoD contractors and their supply chain to report on counterfeit or suspect counterfeit electronic parts for DoD contracts and subcontracts, including commercial items, while for non-DoD agencies it “focuses on supplies that require higher-level quality standards or are determined to be critical items.”
The rulemaking on the final rule confirms that there is a limited safe harbor available for DoD contractors and subcontractors that report to GIDEP where they have “made a reasonable effort” to determine that they have an actual or suspect counterfeit part. However, the final rule does not expand that safe harbor to non-DoD contracts or reporting on major or critical nonconforming parts.
Note too that the regulatory history of the final rule indicates that a contractor’s report to GIDEP on an actual or suspected counterfeit also may be considered “credible evidence” of fraud under the FAR Mandatory Disclosure Rule and trigger a duty on the contractor to report to the Inspector General as well as the Contracting Officer under the Mandatory Disclosure Rule.
In addition to the above, the final GIDEP reporting rule does not address a number of issues that continue to plague both the Government and contractors, including such important issues as:
- The rule does not require reporting of foreign corporations or entities that do not have an office, place of business, or paying agent in the United States. As counterfeits may come through a variety of ways into the supply chain – notably through foreign acquisitions – this carve out omits a key component of the supply chain community.
- The rule requires the contractor to retain the part in question until provided disposition instructions by the Contracting Officer. This may raise issues of chain of custody, costs of retention, and protection of the integrity of the part. It also raises questions of what the contractor is to do under the contract to perform its obligations in the wake of its reporting.
- The reporting obligations may provide a road map to critical or key government contractors and suppliers of covered parts for bad actors to track and trace. How to secure the supply chain and provide notice is a key issue for contractors and the Government.
This final rule is another step in securing the Government-Industry supply chain. Contractors should be taking steps to assess their requirements and to institute procedures to address these reporting requirements in a timely and secure fashion. Further, in addition to reporting on such items, contractors should be considering whether and to what extent their contract’s costs, schedule or method of performance are being impacted, and whether these increased costs and changes can be compensated.