What's Next in 2022: FAR Council and DoD Issue Procurement Regulatory Agendas
After a relatively quiet 2021, government contractors can soon expect a flurry of new procurement regulations in 2022, according to agendas published today by the Federal Acquisition Regulation (FAR) Council and Department of Defense (DoD). The anticipated regulations include the highly anticipated final rules implementing changes to the FAR's Buy American Act (BAA) requirements and the dual Section 889 bans on certain Chinese telecommunications equipment and services. It also includes a series of proposed rules and long-term regulatory actions aimed at shoring up the cybersecurity defenses of the industrial base, including plans to overhaul DoD's Cybersecurity Maturity Model Certification (CMMC) Framework. We'll highlight some of the most significant actions planned for 2022, ranging from regulations in the final rule stage to the pre-rule stage and beyond.
Final Rule Stage
- Increasing the Minimum Wage for Contractors (Interim Final Rule Expected 1/22). Implementing Executive Order (E.O.) 14026 and final rule issued by the Department of Labor (DOL), the interim final rule will raise the hourly minimum wage paid by contractors to workers performing work on or in connection with covered federal contracts to $15.00 per hour beginning January 30, 2022; beginning January 1, 2023, and annually, the hourly minimum wage will be raised to an amount determined by the Secretary of Labor. The interim rule is available here.
- Amendments to the FAR BAA Requirements (Final Rule Expected 2/22). Implementing E.O. 14005, the final rule would amend the FAR rules implementing the BAA by (1) immediately increasing the domestic content threshold for products to 60 percent, (2) setting a schedule for future increases up to 75 percent by 2029, (3) creating a limited fallback threshold of 55 percent when qualifying products are not available or too expensive, (4) establishing enhanced price preferences for domestic products that are critical products or comprised of critical components, and (5) adopt a post-award domestic content reporting requirement for contractors. For more information about the anticipated BAA changes in the FAR, see our prior alerts here and here.
- Prohibition on Certain Telecommunications and Video Surveillance Services or Equipment (Final Rule Expected 3/22). The FAR Council is preparing to issue the long-awaited final rule implementing section 889 (a)(1)(A) of the FY19 National Defense Authorization Act (NDAA), which prohibits the federal government from procuring equipment, systems, or services that use certain Chinese telecommunications equipment and services. The interim rule is available here.
- Prohibition on Contracting with Entities Using Certain Telecommunications and Video Surveillance Services or Equipment (Final Rule Expected 3/22). The FAR Council also plans to issue the final rule implementing section 889 (a)(1)(B) of the FY19 NDAA, which prohibits the federal government from entering into contracts with entities that use equipment, systems, or services that use certain Chinese telecommunications equipment or services. We previously have discussed Section 889 Part B interim rules here, here, here, and here.
Proposed Rule Stage
- Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors (Notice of Proposed Rulemaking (NPRM) Expected 1/22). The rule would implement E.O. 14042, requiring a clause be included in certain contracts to ensure compliance with the Safer Federal Workforce Task Force Guidance. We previously have discussed the Task Force Guidance here, here, here, and here. The implementation date of this proposed rule may be impacted by pending litigation challenging the executive order.
- Controlled Unclassified Information (CUI) (NPRM Expected 2/22). With the goal of protecting CUI in a uniform manner across the government, the rule would amend the FAR to implement the National Archives and Records Administration CUI program of E.O. 13556 and Office of Management and Budget (OMB) Memorandum M-17-12.
- Cyber Threat and Incident Reporting and Information Sharing (NPRM Expected 2/22). The rule would amend the FAR to increase information sharing regarding cyber threats, including requiring certain contractors to report cyber incidents to the federal government, in accordance with E.O. 14028 (previously discussed here and here).
- Standardizing Cybersecurity Requirements for Unclassified Information Systems (NPRM Expected 2/22). Also implementing sections of E.O. 14028, the rule would amend the FAR to standardize common cybersecurity requirements across federal agencies for unclassified information systems, in accordance with recommendations provided by the Department of Homeland Security (DHS). Among other things, the requirements are expected to address the types of cybersecurity events that must be logged, data requiring retention, and how to protect logged data.
- Re-representation of Size and Socioeconomic Status (NPRM Expected 4/22). The rule would amend the FAR to implement the Small Business Administration (SBA) final rule, requiring contractors to re-represent their size and economic status for all set-aside orders issued under full and open multiple-award contract.
- Small Business Innovation Research and Technology Transfer Programs (NPRM Expected 5/22). The rule would align the FAR with changes made to the SBA's Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) Policy Directive issued May 2, 2019, including revisions to definitions, allocation of rights, and data rights marking provisions.
- Minimizing the Risk of Climate Change in Federal Acquisitions (NPRM Expected 5/22). The FAR Council is proposing to amend the FAR to (1) ensure major agency procurements minimize the risk of climate change and (2) require consideration of the social cost of greenhouse gas emissions in procurement decisions. The rule would implement Section 5(b)(ii) of E.O. 14030 and follows an advanced NPRM released on October 15, 2021.
- Exemption of Commercial and Commercial Off-the-Shelf (COTS) Item Contracts from Certain Laws and Regulations (NPRM Expected 11/22). Implementing Section 839 of the FY19 NDAA, the rule would require the FAR Council to review the FAR and past determinations to eliminate unnecessary regulations from applying to contracts for commercial products, commercial services, and commercially available off-the-shelf (COTS) items contracts.
- CMMC Framework (Interim Rule Expected 12/22). The DoD rule will establish cybersecurity requirements for contractors to obtain CMMC status with the goal of ensuring Federal Contractor Information and CUI is adequately protected. The rule would implement (1) the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 DoD Assessment Methodology to evaluate contractor implementation of the cybersecurity requirements in NIST SP 800-171 and (2) the CMMC framework, a new DoD certification process to measure a contractor's adherence to requisite cybersecurity practices.
- Assessing Contractor Implementation of Cybersecurity Requirements (Final Action Expected 12/22). DoD also is finalizing an interim rule to implement a standard DoD-wide methodology for assessing DoD contractor compliance with NIST SP 800-171 and the CMMC Framework, to provide the DoD the ability to assess contractor compliance at the corporate level and to ensure contractors can adequately protect sensitive unclassified information at a level commensurate with risk.
- Definition of Subcontract (NPRM Expected 12/22). Implementing Section 820 of the FY19 NDAA, the rule would amend the FAR to revise the definition of "subcontract" for the procurement of commercial items to exclude agreements entered into by a contractor for the supply of commodities that are intended for use in the performance of multiple contracts with the federal government and other parties and are not identifiable to any particular contract.
If you have any questions about the regulatory actions listed above, or would like assistance with submitting comments on a proposed rule, please contact one of the Miller & Chevalier attorneys listed below:
The information contained in this communication is not intended as legal advice or as an opinion on specific facts. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. For more information, please contact one of the senders or your existing Miller & Chevalier lawyer contact. The invitation to contact the firm and its lawyers is not to be construed as a solicitation for legal work. Any new lawyer-client relationship will be confirmed in writing.
This, and related communications, are protected by copyright laws and treaties. You may make a single copy for personal use. You may make copies for others, but not for commercial purposes. If you give a copy to anyone else, it must be in its original, unmodified form, and must include all attributions of authorship, copyright notices, and republication notices. Except as described above, it is unlawful to copy, republish, redistribute, and/or alter this presentation without prior written consent of the copyright holder.