- with readers working within the Aerospace & Defence and Construction & Engineering industries
- within Insolvency/Bankruptcy/Re-Structuring topic(s)
WHAT: The Federal Acquisition Regulatory Council (FAR Council) issued a proposed rule to implement parts of Section 5949 of the James M. Inhofe National Defense Authorization Act (NDAA) for Fiscal Year 2023, which prohibits agencies from procuring certain electronic products or electronic services that include or contain covered semiconductor products or services. The proposed rule follows an advance notice of proposed rulemaking that the FAR Council issued in May 2024, which resulted in comments from 18 respondents (see Wiley's ANPR Alert). The proposed rule is the second and penultimate step in the FAR Council's process to implement restrictions under paragraphs (a), (b), (c), and (h) of Section 5949. When these provisions take effect in December 2027, they will ban agencies from acquiring products or services that incorporate semiconductors produced, designed, or provided by specific Chinese companies or other entities determined to pose threats to U.S. national security.
WHEN: The FAR Council issued the proposed rule on February 17, 2026. Comments on the proposed rule are due April 20, 2026. The semiconductor prohibitions will take effect on December 23, 2027, with some exceptions. Products acquired by the Government before the effective date will not be subject to the prohibitions, and that exception will extend throughout the products' lifecycles.
WHAT DOES IT MEAN FOR INDUSTRY: The proposed rule is the second step of the FAR Council's process to implement the restrictions created under the NDAA. When issued, the final rule will require contractors at all levels to provide new certifications for covered semiconductor products or services and scrutinize electronic parts, products, or services provided to the Government. The final rule could have far-reaching impacts on contractors' supply chains and their compliance obligations, potentially resulting in substantial costs. As a result, contractors should begin diligence efforts to identify covered semiconductors in their supply chains and locate alternative sources in advance of the final rule and the prohibition's effective date. Compliance may also require the redesign of products to replace prohibited semiconductors.
Section 5949 of the FY 2023 NDAA
Section 5949 of the FY 2023 NDAA prohibits agencies from procuring or obtaining products or services that contain or use "covered semiconductor products or services" – those designed, produced, or provided by Chinese companies Semiconductor Manufacturing International Corporation (SMIC), ChangXin Memory Technologies (CXMT), Yangtze Memory Technologies Corp (YMTC), their subsidiaries or affiliates, or an entity the U.S. Government determines to be owned, controlled, or connected to the government of a country of concern.
Effective December 23, 2027, the proposed rule will prohibit agencies from procuring or obtaining (1) electronic products or electronic services that include covered semiconductor products or services, and (2) electronic products for use in critical systems identified by the Government which contain electronics that include covered semiconductor products or services. The second prohibition extends beyond the first by addressing scenarios in which a product destined for a critical system incorporates another electronic product that contains a covered semiconductor – for example, a ground control station that controls an unmanned aircraft containing a covered semiconductor, or a control panel within a critical system that enables an Internet of Things device that includes a covered semiconductor product or service.
Section 5949's restrictions reflect Congress' continued focus on countering China's growing semiconductor capabilities. The U.S. Intelligence Community has identified significant economic and national security risks arising from foreign adversaries' potential disruption of electronic equipment through potential "backdoors" built into semiconductors used in U.S. defense, telecommunications, and energy systems, or other malicious firmware and software introduced during the semiconductor production process. Congress attempted to mitigate this risk by banning the use of semiconductors produced by the highest-risk Chinese entities in U.S. Government-procured products and services. See Wiley's Section 5949 Alert for more details. The proposed rule acknowledges the implementation costs to the U.S. Government and industry will be substantial – estimated at more than $1 billion over 10 years – but concludes that such measures are necessary to protect U.S. national and economic security.
The Proposed Rule
The proposed rule summarizes Section 5949 and implements its prohibitions by creating a new FAR section at FAR 40.20X, Prohibition on certain semiconductor products and services; a corresponding solicitation provision, FAR 52.240-XX, Certification Regarding Certain Semiconductor Products and Services; and contract clause, FAR 52.240-YY, Prohibition on Certain Semiconductor Products and Services.
Key Definitions
The proposed rule adopts many of the Advance Notice of Proposed Rulemaking's (ANPR) core definitions with some refinements:
- Covered semiconductor product or service: a
semiconductor, semiconductor product, a product incorporating a
semiconductor product, or a service using such a product, if it is
designed, produced, or provided by:
- SMIC, CXMT, YMTC, or their subsidiaries, affiliates, or successors; or
- An entity determined by the Secretary of Defense or Secretary of Commerce (in consultation with U.S. intelligence agencies) to be owned, controlled by, or connected to the government of a "semiconductor foreign country of concern," and that determination is published in the Federal Register. (The Department of Commerce will maintain a website listing entities subject to such determinations.)
- Semiconductor foreign country of concern: North Korea, China, Russia, Iran, and any country the Department of Commerce (in consultation with Defense, State, and the Intelligence Community) determines is engaged in conduct detrimental to U.S. national security or foreign policy interests.
- Critical system: a national security system (as defined by 40 U.S.C. §11103(a)(1)) or other systems identified by the Federal Acquisition Security Council (or Department of Defense systems identified under Section 224 of the FY 2020 NDAA). The definition excludes systems used for routine administrative and business applications such as payroll, finance, logistics, and personnel management.
- Electronic product: products that include parts or components that have electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
- Electronic service: defined broadly as "any service that uses electronic products."
- Semiconductor covered entity: a domestic or foreign entity that develops a design of a semiconductor that is a direct product of U.S.-origin technology or software and that purchases covered semiconductor products or services from SMIC (but notably not CXMT/YMTC) or an entity designated by the Secretary of Defense or Commerce as being owned, controlled, or connected to the government of a semiconductor foreign country of concern.
- Reasonable inquiry: an inquiry intended to uncover any information in the entity's possession, including information acquired from external sources, about whether any electronic products or electronic services provided to the Government include covered semiconductor products or services or use electronic products that include such products or services.
Contractors Must Conduct a Reasonable Inquiry and Certify Compliance
Under the new clause at FAR 52.240-XX, by submission of an offer, contractors will certify that they have conducted a reasonable inquiry and that they will not provide electronic products or electronic services that include covered semiconductor products or services (or, for critical systems, electronic products that use other electronic products that include covered semiconductors), except as disclosed or waived.
Thus, before submitting a bid or proposal, offerors will need to conduct a "reasonable inquiry" to determine whether the electronic products or electronic services they propose to provide to the Government include or use covered semiconductor products or services. The proposed rule anticipates that most entities are conducting regular and comprehensive reviews of their portfolio of electronic products and services offered to the Government, rather than performing the supply chain inquiry on a solicitation-by-solicitation basis.
To satisfy this "reasonable inquiry" requirement, the proposed rule anticipates contractors consulting the Department of Commerce website (which will list both prohibited entities and certified-compliant organizations), searching supplier and manufacturer websites, or using supply chain illumination programs or other due diligence tools. The proposed rule also states that, to the extent a contractor cannot confirm its compliance with the prohibitions through available information, it must require its lower-tier suppliers to conduct their own reasonable inquiry and certify compliance.
Importantly, the proposed rule clarifies that a reasonable inquiry does not necessarily require independent third-party audits or other formal reviews. It adds that a contractor's good faith reliance on certifications from lower-tier subcontractors, without additional investigation to corroborate, is sufficient to comply with the new requirements (unless the entity discovers discrepancies or has reason to doubt the accuracy of a certification).
Broad Scope of Application
The proposed rule confirms the broad scope of application previewed in the ANPR. The FAR Council intends to apply the semiconductor prohibitions to acquisitions of all products, including commercial products and commercially available off-the-shelf (COTS) items, all non-commercial services, commercial information technology (IT) services, and commercial telecommunications services. The prohibitions will apply to acquisitions at or below the simplified acquisition threshold (SAT) and the micro-purchase threshold. In short, most federal procurements will be subject to the semiconductor prohibitions.
In a notable departure from the ANPR's suggestion that the rule might apply to all commercial products and commercial services, the proposed rule creates a targeted exception for commercial services other than commercial IT services and commercial telecommunications services (i.e., services in Category D of the Federal Procurement Data System Product and Service Codes Manual). The proposed rule explains that applying the prohibition to all commercial services would impact many categories of services, such as hotel accommodations, in which the risk to the Government is very low and the Government represents a tiny share of the overall market. The proposed rule also excepts from the prohibition electronic services that are "incidental to the performance of the contract," such as contractor payroll services.
The proposed rule's broad application will thus affect government contractors at all levels. Even contractors providing electronic products and services through small purchases and those supplying COTS items will need to comply with the semiconductor restrictions and certification requirements.
FAR Council Decides Against Requiring Provenance and Supply Chain Tracking
The ANPR indicated the FAR Council was "considering requiring offerors to identify the provenance of the supply chain for the semiconductor components for each electronic product provided to the Government." As explained in Wiley's prior ANPR alert, gathering this information would be extremely time-consuming and resource intensive, and contractors would need to obtain detailed information from their own suppliers and each subcontractor's suppliers. Notably, the proposed rule does not require contractors to provide detailed provenance information for every semiconductor in their supply chain and instead relies on the reasonable inquiry and self-certification framework, which the FAR Council determined would "sufficiently mitigate the risk of noncompliance at this time." The proposed rule says the FAR Council considered but rejected a requirement for contractors to provide artifacts such as hardware bills of materials, given the current level of industry adoption of such tools and the costs this would add. But future rulemaking could impose such requirements depending on industry adoption trends.
Pre- and Post- Award Disclosure Requirements
The proposed rule creates several new disclosure requirements. For example, if an offeror discovers that electronic products or services it intends to offer to the Government include covered semiconductor products or services, the offeror must disclose this information with its offer. The required disclosure must include, to the extent known: a description of the affected products, the entity that produced the covered semiconductor, the functionality and associated risk, applicable exception factors, the availability of compliant alternatives, and if the product relates to maintenance, information about the item being maintained. These disclosures are required even if the product or service falls within an exception, such as spare parts for a product acquired by the Government before the prohibition's effective date.
On or after December 23, 2027, a contractor that identifies, suspects, or is notified that an electronic product or service provided during contract performance contains covered semiconductor products or services must report this to the contracting officer (and include the same information required for a pre-award disclosure) in writing within 72 hours; again regardless of whether an exception might apply. This timeline is significantly shorter than the 60-day ceiling in Section 5949 but is consistent with comparable reporting deadlines in related FAR and DFARS provisions (such as FAR 52.204-23, 52.204-25, and DFARS 252.204-7012). The proposed rule explains that the shortened timeline is appropriate based on the Government's need for prompt awareness of potential national security risks.
These disclosures are intended to allow the Government to determine, among other things, whether an exception applies, whether to pursue a waiver, or whether to award the contract to another offeror. The contracting officer will forward the disclosure to the program office or requiring activity for processing in accordance with agency procedures.
Safe Harbor Protections
The proposed rule implements the safe harbor protections in Section 5949(h)(7) and (h)(8) by noting that offerors, contractors, and lower-tier suppliers that disclose or report covered semiconductors in electronic products manufactured or assembled by another entity will not be subject to civil liability or a determination of non-responsibility. Entities that disclose covered semiconductors in products they manufacture or assemble will receive the same protections if they make a "comprehensive and documentable effort" to identify and remove the covered semiconductor products or services. These protections apply at both the pre-award (through the disclosure process) and post-award (through timely use of the notification process) stages and are intended to encourage transparency throughout the supply chain.
Exceptions and Waivers
The proposed rule provides several exceptions. For example, agencies need not remove or replace covered semiconductors in equipment acquired before December 23, 2027, or limit their use of such equipment (including repairs and spare parts) through their typical lifecycle. Commercial products or services with no available alternatives are also excepted until December 23, 2028. The proposed rule also excepts semiconductors designated as covered semiconductors after contract award, unless the contract is later modified to include such covered semiconductor products or services. And as discussed above, most commercial services (other than IT and telecommunications) and electronic services incidental to contract performance are excepted.
The proposed rule allows agency heads to waive the prohibitions for up to two years (which can be renewed for additional periods), subject to consultation with the Secretary of Commerce (regarding availability of compliant alternatives) and the Secretary of Defense or Director of National Intelligence (regarding national security). The Secretary of Defense, Director of National Intelligence, and Secretaries of Commerce, Homeland Security, and Energy also have independent waiver authority. The proposed rule explains that these waivers are intended as "a bridge to near-term compliance with the rule, not an indefinite reprieve from it."
Subcontractor Flowdown and Non-Federal Customer Disclosure
The proposed rule requires prime contractors to flow down the substance of FAR 52.240-YY in all subcontracts, including subcontracts for commercial products and commercial services. The semiconductor prohibition, reasonable inquiry, 72-hour reporting, and safe harbor provisions thus apply at every tier of the supply chain.
Additionally, contractors and subcontractors that qualify as "semiconductor covered entities" must disclose the inclusion of covered semiconductors in electronic products or services sold to non-federal customers. This extends the rule's impact beyond government contracting into companies' broader commercial relationships. Section 5949 and the proposed rule do not prescribe the content or method of these disclosures, and the FAR Council posits that contractors could comply by providing disclaimers in marketing material, on their websites, or sales agreements to non-federal customers.
Department of Commerce Supply Chain Tools
The proposed rule identifies two websites that the Department of Commerce is considering hosting to facilitate compliance: (1) a list of organizations that have certified their products or services do not contain covered semiconductors, on which offerors may reasonably rely without further inquiry; and (2) a list of entities determined to be connected to a semiconductor foreign country of concern, with effective dates for each determination. This represents a different approach from the ANPR, which had contemplated a list of covered electronic products and services rather than entity-level certification and designation lists. By switching from product-level lists to entity-level certifications and designations, the proposed rule reduces the risk that the list will be immediately outdated as specific products change. This is important because the proposed rule expressly permits offerors to rely on the Commerce website lists in good faith, without further inquiry (again absent a reason to believe otherwise).
Substantial Impacts on Contractors
The proposed rule confirms the ANPR's prediction of significant compliance costs for contractors. It estimates total costs of approximately $1.86 billion (undiscounted) over 10 years, with approximately $530 million in the first year and $147 million annually thereafter. Industry will bear most of these costs (approximately $1.8 billion), driven by regulatory familiarization, reasonable inquiry efforts, supply chain alternative sourcing, and product redesigns. The proposed rule specifically recognizes that these requirements may have a significant economic impact on small entities – particularly considering the disproportionate impact of redesigning affected products and smaller entities' potentially lower bargaining power with suppliers – and is seeking public comment on its Regulatory Impact Analysis.
Section 5949(g)
Consistent with the ANPR, the proposed rule does not implement Section 5949(g), which relates to mitigating supply chain risks for non-prohibited semiconductor products and services. The FAR Council is expected to address Section 5949(g) in a separate rulemaking. This future rulemaking will likely address ongoing efforts to increase and secure the domestic supply chain for semiconductors, such as those funded by the CHIPS and Science Act of 2022.
Comments and Next Steps
The semiconductor prohibitions begin December 23, 2027, but the impact has already begun as many contractors have already started examining their supply chain risks and modifying their sourcing patterns. Going forward, all impacted contractors need to thoroughly evaluate their supply chains to determine whether any electronic products or services they offer to the Government may include or use covered semiconductor products or services. And companies that anticipate compliance challenges should consider commenting on the proposed rule to help inform the final regulations.
We expect the FAR Council to move quickly to promulgate the final rule once industry comments are submitted to ensure that contractors have sufficient time to prepare for the new requirements. Comments on the proposed rule are due April 20, 2026.
Wiley'sGovernment Contracts,Telecom, Media & Technology,National Security, Supply Chain, and Privacy, Cyber & Data Governancepractices will continue to monitor these issues and keep contractors apprised of new developments.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
