Category: Government Contracts

Secure Software Regulations and Self-Attestation Required for Federal Contractors

US Policy and Regulatory Alert

Government contractors providing software across the federal government’s supply chain will be required later this year to comply with a new Secure Software Design Framework (SSDF). The SSDF requires software vendors to attest to new security controls in the design of code used by the federal government.

Cybersecurity Compromises of Government Software on the Rise

In the aftermath of the cybersecurity compromises of significant enterprise software systems embedded in government supply chains, the federal government has increasingly prioritized reducing the vulnerability of software used within agency networks. Recognizing that most of the enterprise software that is used by the federal government is provided by a wide range of private sector contractors, the White House has been moving to impose a range of new software security regulations on both prime and subcontractors. One priority area is an effort to require government contractors to ensure that software used by federal agencies incorporates security by design. As a result, federal contractors supplying software to the government now face a new set of requirements to supply secure software code. That is, to provide software that is developed with security in mind so that flaws and vulnerabilities can be mitigated before the government buys and deploys the software.

The SSDF as A Government Response

In response, the White House issued Executive Order 14028, “Executive Order on Improving the Nation’s Cybersecurity” (EO 14028), on 12 May 2021. EO 14028 requires the National Institute of Standards and Technology (NIST) to develop standards, tools, and best practices to enhance the security of the software supply chain. NIST subsequently promulgated the SSDF in special publication NIST SP 800-218. EO 14028 also mandates that the director of the Office of Management and Budget (OMB) take appropriate steps to ensure that federal agencies comply with NIST guidance and standards regarding the SSDF. This resulted in OMB Memorandum M-22-18, “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices” (M-22-18). The OMB memo provides that a federal agency may use software subject to M-22-18’s requirements only if the producer of that software has first attested to compliance with federal government-specified secure software development practices drawn from the SSDF. Meaning, if the producer of the software cannot attest to meeting the NIST requirements, it will not be able to supply software to the federal government. There are some exceptions and processes for software to gradually enter into compliance under various milestones for improvements, all of which are highly technical and subjective.

In accordance with these regulations, the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security issued a draft form for collecting the relevant attestations and associated information. CISA released the draft form on 27 April 2023 and is accepting comments until 26 June 2023.1

SSDF Implementation Deadline and Requirements for Government Suppliers

CISA initially set a deadline of 11 June 2023 for critical software and 13 September 2023 for non-critical software to comply with SSDF. Press reports indicate that these deadlines will be extended due to both the complexity of the SSDF requirements and the fact that the comment period remains open until 26 June  2023. However, CISA has not yet confirmed an extension of the deadline.

Attestation and Compliance with the SSDF

Based on what we know now, the attestation form generally requires software producers to confirm that:

  • The software was developed and built in secure environments.
  • The software producer has made a good-faith effort to maintain trusted source code supply chains.
  • The software producer maintains provenance data for internal and third-party code incorporated into the software.
  • The software producer employed automated tools or comparable processes that check for security vulnerabilities.

Software producers that must comply with SSDF should move quickly and begin reviewing their approach to software security. The SSDF requirements are complex and likely will take time to review, implement, and document. In particular, many of the requirements call for subjective analysis rather than objective evaluation against a set of quantifiable criteria, as is usually the case with such regulations. The SSDF also includes numerous ambiguities. For example, the SSDF requires versioning changes in software to have certain impacts in the security assessment, although the term “versioning” does not have a standard definition in the software sector.

Next Steps and Ricks of Noncompliance

Critically, the attestations on the new form carry risk under the civil False Claims Act for government contractors and subcontractors. Given the fact that many of the attestations require subjective analysis, contractors must take exceptional care in completing the attestation form. Contractors should carefully document their assessment that the software they produce is compliant. In particular, contractors and other interested parties should use this opportunity to share feedback and insights with CISA through the public comment process.

K&L Gates lawyers in our National Security Practice are closely tracking the implementation of these new requirements.

1 88 Fed. Reg. 25,670.

Copyright 2023 K & L Gates

Biden Administration Proposes That Federal Contractors Must Disclose GHG Emissions

Last Thursday, the Biden Administration proposed that all federal contractors (except those receiving less than $7.5 million annually in contracts) be required to, among other things, disclose their GHG emissions.  Specifically, according to the press release issued by the White House, “Federal contractors receiving more than $50 million in annual contracts would be required to publicly disclose Scope 1, Scope 2, and relevant categories of Scope 3 emissions, disclose climate-related financial risks, and set science-based emissions reduction targets” and “Federal contractors with more than $7.5 million but less than $50 million in annual contracts would be required to report Scope 1 and Scope 2 emissions.”  The Biden Administration further announced that “[t]his proposed rule leverages widely-adopted third party standards and systems . . . including the CDP environmental reporting system, the Task Force on Climate-Related Financial Disclosures (TCFD) Recommendations, and the Science Based Targets Initiative (SBTi) criteria.”  It should be noted that this proposed rule is also quite similar to the climate disclosures proposed by the SEC–an unsurprising observation, as both were proposed by the Biden Administration and relied upon the same third-party standards (e.g., the TCFD).

The significance of this proposed rule–beyond the regulatory burden imposed upon federal contractors, which is substantial–is that the Biden Administration is signaling its commitment to, and reliance upon, climate-related financial disclosures as a key tool to address the challenge of climate change.  Thus, regardless of the legal challenges that the SEC proposal (and any similar regulatory rule) will be subject to, it is clear that the impetus for these types of disclosures will continue, including through other means at the government’s disposal.  Bearing this in mind, it would be rational for companies to take steps to generate the information necessary for these sort of disclosures, and to prepare to issue them–as this regulatory pressure is unlikely to dissipate soon.

Today, the Biden-Harris Administration is taking historic action to address greenhouse gas emissions and protect the Federal Government’s supply chains from climate-related financial risks. In support of President Biden’s Executive Orders on Climate-Related Financial Risk and Catalyzing Clean Energy Industries and Jobs Through Federal Sustainability, the Administration is proposing the Federal Supplier Climate Risks and Resilience Rule, which would require major Federal contractors to publicly disclose their greenhouse gas emissions and climate-related financial risks and set science-based emissions reduction targets.”

For more Federal Legal News, click here to visit the National Law Review.
©1994-2022 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

Upcoming Proposed Changes to DOL’s Independent Contractor and Overtime Rules

The Department of Labor’s Wage and Hour Division is expected to propose new rules on independent contractor classification and overtime entitlement requirements in the coming weeks.  The proposals would alter the qualifications for certain employees to receive overtime payments under the Fair Labor Standards Act when they work in excess of 40 hours in one week.

The Fair Labor Standards Act (“FLSA”) grants the Department of Labor authority regarding overtime eligibility under the statute.  Currently and among other considerations, employees are non-exempt under the FLSA when they earn less than a guaranteed $684 per week or $35,568 per year.  If the DOL raises this salary threshold, as it is considering, an even larger swath of the workforce could be entitled to overtime payments.

The proposals follow President Biden’s withdrawal of former President Trump’s independent contractor rule in May 2021, which had not yet taken effect when President Biden took office.  However, United States District Judge Marcia A. Crone held in March 2022 that the DOL had not properly followed the requirements for withdrawal as set forth in the Administrative Procedure Act.  In so holding, Judge Crone gave the Trump administration’s independent contractor rule the effect of law as if it had gone into effect in March 2021, as scheduled. The Biden administration’s proposed changes to the existing rule will likely affect the salary basis and exemption requirements of the employee versus independent contractor misclassification analysis under the FLSA.  Employers should prepare for these upcoming changes by reviewing their employee job descriptions and time record procedures.  Employers should also engage counsel to re-examine their employee classifications at large to ensure their exempt employees are truly exempt under the current rules and that they understand that changes may need to be implemented when the new rules take effect.

Article By Holly H. Williamson and Savannah R. Gibbs of Hunton Andrews Kurth

For more government contractor legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

An Updated Federal Overtime Rule: When’s It Coming?

Twice a year (in the spring and the fall), each federal agency publishes aRegulatory Agenda” that discloses the proposal and final rules it has recently issued, together with those that it plans to issue.  Back in the fall of 2021, the U.S. Department of Labor’s Wage and Hour Division noted in the agenda that it was reviewing the regulations for exemption of executive, administrative, and professional (“EAP”) employees from the Fair Labor Standards Act’s minimum wage and overtime requirements codified in 29 C.F.R. Part 541.

One of the “primary goals” of the planned rulemaking is to update the minimum salary level requirement for employees who, by virtue of their duties, would qualify for an EAP exemption under section 13(a)(1) of the FLSA.  You may recall that in May 2016, the Obama DOL issued a new overtime rule, to take effect on December 1 of that year, that would have—among other things—required the DOL to update (i.e., increase) the salary threshold for EAP exemptions every three years.  In November 2019, before it could take effect, a federal judge in Texas enjoined the new overtime rule on a nationwide basis, declaring it “unlawful.”

In September 2019, the Trump DOL issued a new overtime rule, which took effect on January 1, 2020, raising the weekly minimum salary for EAP exemptions from $455 per week ($23,660 per year) to $684 per week ($35,568 per year).  The increase was the first in 15 years, but nowhere near the boost the Obama administration tried to roll out in 2016 (to $913 per week, or $47,476 per year).

Cut to the Biden administration.  The DOL noted in the fall 2021 Regulatory Agenda that “[r]egular updates [to the minimum salary for EAP exemption] promote greater stability, avoid disruptive salary level increases that can result from lengthy gaps between updates and provide appropriate wage protection.”  The agency listed a timetable for issuance of a proposed overtime rule update (a Notice of Proposed Rulemaking, or NPRM) as April 4, 2022.  Seven months later, we’ve seen no proposed rule.

If and when issued, the public will have the opportunity to comment on the proposed rule.  (Back in 2016, the Obama DOL received more than 293,000 comments to its proposed overtime rule.)  Stay tuned.

Article By Allan S Bloom of Proskauer Rose LLP

For more labor and employment legal news, click here to visit the National Law Review.

© 2022 Proskauer Rose LLP.

The COVID-19 Change Order

During the pandemic it has become common for contractors to submit change orders to owners seeking reimbursement for COVID-19 related expenses and costs.  This is especially true for large construction projects.  These “COVID-19 Change Orders” seek reimbursement for everything from masks, dividers, hand sanitizer and other items required to follow and implement CDC guidelines (or to comply with state and local orders) for maintaining a safe work environment.  COVID-19 Change Orders also seek reimbursement for extended general conditions caused by having less workers on site because of social distancing requirements, lost time caused by shorter working hours, and lost time associated with CDC mandated hygiene breaks and temperature checks. On larger projects, COVID-19 Change Orders can escalate into millions of dollars and are often submitted without warning towards the end of a project when final completion and the payment of retainage are approaching.

For owners and contractors that are trying to complete their projects, many of which have been delayed or suffered from cost overruns, these unexpected COVID-19 Change Orders can be very problematic and hard to navigate.  Owners will argue that increased costs associated with the pandemic have affected all businesses, not just contractors.  Contractors will respond that these are real costs that they must pay to operate.  Often, the justification for reimbursement is not black and white because it is hard to find a specific contractual provision that addresses such an unprecedented situation, which causes uncertainty and strained relations between owners and contractors at the end of a project.

The justifications asserted for COVID-19 Change Orders vary from project to project and are sometimes asserted as an event of force majeure or more commonly as a general change in site conditions.  While many force majeure clauses expressly apply to acts of God, pandemics and government shutdowns, that is not the end of analyzing whether the clause applies.  While the application of a force majeure clause to these situations is highly dependent on the wording of such a clause, most require that performance be completely prevented and do not recognize commercial impracticability as a justification for delay.  There were a small number of projects that were shut down at the beginning of the pandemic by state and local orders in stricter jurisdictions, but for the most part complete shutdowns were uncommon because of various exceptions to such orders for businesses broadly defined as “essential.”  As the pandemic extended through late 2020, and into 2021, shutdowns became non-existent.  Finally, many force majeure clauses don’t allow for the reimbursement of costs for implementing required protective measures, they simply allow for an extension of the contract time.

As a result, many contractors have turned to other contractual provisions, such as language related to changes in site conditions or clauses related to change orders in general.  But prior to the pandemic these provisions were not drafted with this circumstance (a virus) in mind.  Instead, they usually apply to changes in “physical” conditions at the site that are specifically described, like subsurface conditions, otherwise concealed physical conditions or hazardous materials found at the site.   Making the argument that a virus is an unknown “physical” condition at the site can be a challenge since the virus is airborne, not necessarily part of the site itself and not unique to the site.  In addition, because many of these clauses require the approval of the owner or are only triggered by specific conditions, they may not support a unilateral change order.

Because of the ambiguity surrounding COVID-19 Change Orders, many owners will initially be reluctant to cover such reimbursements for their contractors.  Aside from the specific language in their construction contracts, Owners should consider other factors when deciding whether to reject, accept or partially accept COVID-19 Change Orders, including the risk of strained relations with its contractor, distractions at the project and the costs of a potential dispute with its contractor.  If there are remaining construction contingency funds available, and the project has otherwise run smoothly, the owner should consider offering all or part of it at the end of the project to avoid a dispute.  Likewise, contractors should be thoughtful and thorough when deciding whether to seek reimbursement for project costs associated with COVID-19, and make sure the costs at issue were necessary and can be verified.  Finally, if the contractor received government loans or payments because of the pandemic, including funds from the Paycheck Protection Program, it should strongly consider not seeking reimbursement from the owner.

Article By Richard F. Whiteley, Phillip L. Sampson Jr., and Stacianne M. Wilson of Bracewell LLP

For more coronavirus legal news updates, click here to visit the National Law Review.

© 2022 Bracewell LLP

The Intersection of the Bipartisan Infrastructure Law and Davis-Bacon Act Requirements for Federal Contractors and Subcontractors

On November 15, 2021, President Joe Biden signed the $1.2 trillion Infrastructure Investment and Jobs Act into law, which is popularly known as the Bipartisan Infrastructure Law (“BIL”).

The BIL is estimated to create an additional 800,000 jobs.  The United States Department of Labor (“DOL”) contends that such new jobs will “expand the middle class, revitalize our nation’s transportation, communications and utility systems and build a more resilient, reliable, and environmentally sound future.”  The White House asserts that the BIL will provide protection to “critical labor standards on construction projects,” as a substantial portion of the construction projects included in the BIL will be subject to requirements of the Davis-Bacon Act (“DBA” or the “Act”).

While the BIL provides new revenue sources and opportunities for construction projects, federal contractors and subcontractors should ensure that their businesses comply with the DBA’s prevailing wage rates and labor standards requirements.

Scope and Coverage of DBA

In its simplest form, the DBA, enacted in 1931, requires federal contractors and subcontractors to pay prevailing wage rates and fringe benefits to certain construction workers employed on certain federal contracts.  The DOL’s Wage and Hour Division (“WHD”) administers and enforces the Act’s requirements on federally funded and assisted construction projects.  The DBA applies to contracts:

  1. Which the Federal Government or the District of Columbia is a party;

  2. For the construction, alteration, or repair, such as painting and decorating, of public buildings and public works to which the Federal Government or the District of Columbia is a party;

  3. Involving the employment of mechanics, laborers, and other workers that engage in manual or physical labor (except for individuals performing administrative, clerical, professional, or management work such as superintendents, project managers, engineers, or office staff); and

  4. Which are in excess of $2,000.

With respect to the DBA applying to federal contracts above $2,000, this value threshold only applies to the initial federal contract.  If the threshold is met, however, then the DBA applies to any lower-tier subcontracts even if the value of the subcontract is less than $2,000.

Requirements for Contractors and Subcontractors

There are various requirements for federal contractors and subcontractors under the DBA, which the United States Supreme Court has described as “a minimum wage law designed for the benefit of construction workers.”  The Act was designed to protect construction workers’ wage standards from federal contractors who may base their contract bids on wage rates that are lower than the local wage level.  Under the DBA, federal contractors and subcontractors are required, among other things, to do the following:

  1. Pay covered workers who work on the work site the prevailing wage rates and fringe benefits that are listed in the applicable wage determinations, which are provided by the WHD (the prevailing wage rate consists of both the basic hourly rate of pay and any fringe benefits to bona fide third-party plans, which may include medical insurance; life and disability insurance; pensions on retirement or death; compensation for injuries or illness resulting from occupational activity; or other bona fide fringe benefits – bona fide fringe benefits, however, do not include payments made by employer contractors or subcontractors that are required by other federal, state, or local laws such as required contributions to unemployment insurance);

  2. Maintain accurate payroll records for employees that must be submitted to the contracting agency on a weekly basis (within seven days following the regular pay date for the particular workweek), which must include the following for covered employees: (i) name; (ii) classification; (iii) daily and weekly hours worked; and (iv) deductions made and actual wages paid (there are additional recordkeeping requirements for federal contractors who employ apprentices or trainees under approved DOL programs);

    • Federal contractors and subcontractors are also required to preserve the payroll records for three years following the completion of the covered work, provide accessibility to the records upon request by the DOL or its representatives, and allow the DOL or its representatives to interview employees during work hours.

    • Federal contractors and subcontractors can use the WHD’s Form WH-347 to satisfy the weekly reporting requirements.

  3. With respect to prime or general contractors, they must ensure that specific contract clauses and the applicable wage determinations are inserted into any lower-tier subcontracts (the contract clauses cover the following: (i) construction wage rate requirements; (ii) withholding of funds; (iii) payrolls and basic records; (iv) apprentices and trainees; (v) compliance with requirements under the Copeland Act; (vi) requirements for subcontracts; (vii) contract termination – debarment; (viii) compliance with construction wage rate requirements and related regulations; (ix) disputes concerning labor standards; and (x) certification of eligibility); and

  4. Post a notice of the prevailing wages as to every classification of worker and an “Employee Rights under the DBA” poster in a prominent location that is easily accessible to the covered workers at the work site.

Practical Consideration in Compliance with DBA

Federal contractors and subcontractors should ensure that covered workers are properly classified for the work such individuals perform and paid in accordance with the prevailing wage rate for their classification.

Employers will often face recordkeeping challenges when they have nonexempt employees who perform covered (manual) work and non-covered (administrative) work in the same workweek.

In such instances, the employer must determine whether the employee is salaried or paid hourly.  If the employee is salaried, the employer must determine whether the employee’s salary is greater than or equal to the prevailing wage rate for the employee’s classification.  If not, the employer contractor is required to increase the employee’s pay for the week the covered work is performed.

Likewise, if the employee is paid hourly, then the employer must ensure the employee’s hourly rate is greater than or equal to the prevailing wage rate for the employee’s classification.

Federal contractors and subcontractors could face various consequences due to their failure to comply with the DBA, ranging from termination of the federal contract and debarment to a contracting agency withholding money due to the contractor to cover back wages due to employees as well as criminal prosecution.  Accordingly, federal contractors and subcontractors should consult with legal counsel to ensure they comply with the various DBA requirements for any covered contracts.

Article By Xavier D. Lightfoot and Devon D. Williams of Ward and Smith, P.A.

For more government contracts legal news, click here to visit the National Law Review.

© 2022 Ward and Smith, P.A.. All Rights Reserved.

If You Can’t Stand the Heat, Don’t Build the Kitchen: Construction Company Settles Allegations of Small Business Subcontracting Fraud for $2.8 Million

For knowingly hiring a company that was not a service-disabled, veteran-owned small business to fulfill a set aside contract, a construction contractor settled allegations of small business subcontracting fraud for $2.8 million.  A corporate whistleblower, Fox Unlimited Enterprises, brought this misconduct to light.  We previously reported on the record-setting small business fraud settlement with TriMark USA LLC, to which this settlement is related.  For reporting government contracts fraud, the whistleblower will receive $630,925 of the settlement.

According to the allegations, the general contractor and construction company Hensel Phelps was awarded a General Services Administration (GSA) contract to build the Armed Forces Retirement Home’s New Commons/Health Care Building in Washington, D.C.  Part of the contract entailed sharing the work with small businesses, including service-disabled, veteran-owned small businesses (SDVOSB).  The construction contractor negotiated all aspects of the contract with an unidentified subcontractor and then hired an SDVOSB, which, according to the settlement agreement, Hensel Phelps knew was “merely a passthrough” for the larger subcontractor, thus creating the appearance of an SDVOSB performing the work on the contract to meet the set-aside requirements.  The supposedly SDVOSB subcontractor was hired to provide food service equipment for the Armed Forces Retirement Home building.

“Set aside” contracts are government contracts intended to provide opportunities to SDVOSB, women-owned small businesses, and other economically disadvantaged companies to do work they might not otherwise access.  Large businesses performing work on government contracts are often required to subcontract part of their work to these types of small businesses.  “Taking advantage of contracts intended for companies owned and operated by service-disabled veterans demonstrates a shocking disregard for fair competition and integrity in government contracting,” said the United States Attorney for the Eastern District of Washington, as well as a shocking disregard for proper stewardship of taxpayer funds.

Whistleblowers can help fight fraud and protect taxpayers by reporting government contracts fraud.  A whistleblower can report government contracts fraud under the False Claims Act and become a relator in a qui tam lawsuit, from which they may be entitled to a share of the funds the government recovers from fraudsters.

Article By Eva Gunasekera and Renée Brooker at Tycko & Zavareei LLP

For more whistleblower legal news, click here to visit the National Law Review.

© 2022 by Tycko & Zavareei LLP

Implications of the Use of the Defense Production Act in the U.S. Supply Chain

What owners, operators and investors need to know before accepting funds under the DPA

There has been an expansion of regulations related to Foreign Direct Investment (FDI) in both the United States and abroad. Current economic and geopolitical tensions are driving further expansion of FDI in the U.S. and elsewhere.

Whether by intent or coincidence, the Foreign Investment Risk Review Modernization Act (FIRRMA) regulations that took effect February 13, 2020, included provisions that expanded the Committee on Foreign Investment in the U.S. (CFIUS) and FIRRMA based upon the invocation of the Defense Production Act (DPA) – such as with President Biden’s recent Executive Order evoking the DPA to help alleviate the U.S. shortage of baby formula.

As background, the U.S. regulation of foreign investment in the U.S. began in 1975 with the creation of CFIUS. The 2007 Foreign Investment and National Security Act refined CFIUS and broadened the definition of national security. Historically, CFIUS was limited to technology, industries and infrastructure directly involving national security. It was also a voluntary filing. Foreign investors began structuring investments to avoid national security reviews. As a result, FIRRMA, a CFIUS reform act, was signed into law in August 2018. FIRRMA’s regulations took effect in February 2020.

It is not surprising that there are national security implications to U.S. food production and supply, particularly based upon various shortages in the near past and projections of further shortages in the future. What is surprising is that the 2020 FIRRMA regulations provided for the application of CFIUS to food production (and medical supplies) based upon Executive Orders that bring such under the DPA.

The Impact of Presidential DPA Executive Orders

The 2020 FIRMMA regulations included an exhaustive list of “critical infrastructure” that fall within CFIUS’s jurisdiction. Appendix A to the regulations details “Covered Investment Critical Infrastructure and Functions Related to Covered Investment Critical Infrastructure” and includes the following language:

manufacture any industrial resource other than commercially available off-the-shelf items …. or operate any industrial resource that is a facility, in each case, that has been funded, in whole or in part, by […] (a) Defense Production Act of 1950 Title III program …..”

Title III of the DPA “allows the President to provide economic incentives to secure domestic industrial capabilities essential to meet national defense and homeland security requirements.” This was arguably invoked by President Trump’s COVID-19 related DPA Executive Orders regarding medical supplies (such as PPEs, tests and ventilators, etc.) and now President Biden’s Executive Order related to baby formula (and other food production).

Based on the intent of FIRRMA to close gaps in prior CFIUS coverage, the FIRRMA definition of “covered transactions” includes the following language:

“(d) Any other transaction, transfer, agreement, or arrangement, the structure of which is designed or intended to evade or circumvent the application of section 721.”

Taken together, the foregoing provision potentially gives CFIUS jurisdiction to review non-U.S. investments in U.S. companies covered by DPA Executive Orders that are outside of traditional M&A structures. This means that even non-controlling foreign investments in U.S. companies (such as food or medical producers) who receive DPA funding are subject to CFIUS review. More significantly, such U.S. companies can be subject to CFIUS review for a period of 60 months following the receipt of any DPA funding.

As a result of DPA-related FDI implications, owners, operators, and investors should carefully assess the implications of accepting funding under the DPA and the resulting restrictions on non-U.S. investors in businesses and industries not historically within the jurisdiction of CFIUS.

Article By David Vance Lucas of Bradley Arant Boult Cummings LLP

For more administrative and regulatory legal news, click here to visit the National Law Review.

© 2022 Bradley Arant Boult Cummings LLP

The Government Contractor’s Guide to (Not) Doing Business with Russia

The United States is engaging in a new form of warfare. Russia invaded Ukraine just over two months ago and, rather than join the fight directly by sending troops to defend Ukraine, the United States is fighting indirectly by engaging in unprecedented financial warfare against the Russian Federation. The initial export and sanctions actions were swift and severe – but somewhat expected. As the invasion persists, the U.S. Federal Government and individual States also have begun to leverage procurement policy to amplify the financial harm to Russia. This Guide will try to help make sense of the current efforts targeting Russia, the potential impact to government contractors, and proactive steps to mitigate risk.

  1. Sanctions and Export Controls on Russia

Before we get to the specific issues government contractors will face with respect to Russia, we should lay out a bit of a landscape. We have covered the broader restrictive measures on Russia here and have updated them steadily as those measures have broadened and deepened.

Generally, U.S. export controls prohibit nearly all exports of U.S.-origin items to Russia, and U.S. sanctions prohibit U.S. persons from transacting—directly or indirectly—with a host of Russian persons, businesses, and financial institutions, as discussed in greater detail below.

1.2   Sanctions

The increased Russia sanctions will present a compliance concern, but most companies with solid protective measures already in place will not need to change too much to address it. For instance, if your company uses a third-party screening service to identify potentially sanctioned parties in your proposed transactions, your company may reasonably rely on that service to update the lists against which it screens. Further, most screening services can identify sanctioned parties in a prospective transaction partner’s ownership chain where that information is readily available. In light of the increased sanctions and increased scrutiny, however, it may be worth confirming that your screening vendor is making that check for you and request it if they are not.

It is most likely that the sanctions that will limit payments to Russia—sanctions on banks, on government agencies, and on the Russian Central Bank—will create supply chain difficulties for government contractors in the near term. The first and most obvious supply impact will be on oil and gas—by far the largest Russian export. Restrictions on Russia have increased, and will continue to increase, prices until the world market can adjust.

Additionally, there are other supplies that may become more scarce and, it follows, more expensive. Russia supplies platinum, titanium, and vanadium to the fuel cell, hydrogen, and 3D printing industries. Russia also is the world’s third largest supplier of nickel used for electric vehicle batteries, and is heavily involved in the production of stainless steel, a basic commodity in countless industries.[1]

1.3   Export Controls

Many companies that supply the U.S. Government, particularly the U.S. Military, will have limited sales in Russia because of long-standing restrictions on supplies to Russia for military end-uses. However, the new export controls may affect commercial suppliers as they decide what to do with the commercially available off-the-shelf items they supplied to offices, restaurants, or civil aircraft in Russia just a few months ago.

For those companies, we note that Russian businesses desperately are trying to get their supplies into the country, and some do not shy away from a little dissembling to do so. For example, we have seen customers and distributors suddenly request their supplies be delivered to neighboring Kazakhstan—a huge red flag that the supplies would be reexported to Russia in violation of U.S. law, a practice called “transshipment” by the regulators who would be keen to catch and level penalties against those engaged in it. Similarly, requests for software programs, updates, and patches are being made to U.S. companies in ways designed to disguise a Russian end-user, such as delivery to third-country servers.

So, for government contractors, as for many U.S. companies, a nimble shifting of logistics chains, and a hard look at any customer requests that don’t quite pass the sniff test, appear to be in order.

  1. Federal Procurement Legislation

As the Russian invasion of Ukraine has persisted, the U.S. Government continues to identify new ways to punish Russia economically beyond sanctions and export limitations. Not wanting to let the Executive Branch have all the fun, on March 21, 2022, Congress took action of its own – Representative Carolyn Maloney (D-NY) introduced the Federal Contracting for Peace and Security Act (H.R. 7185). The purpose of the legislation is simple: to “[p]rohibit the federal government from purchasing products or services from companies that continue to conduct business in Russia during its war of aggression.” The legislation specifically targets “covered entities” that conducted business in Russia during the “covered period.” Specifically, the bill would:

  • Prohibit any agency from awarding, extending, or renewing any contract with a covered entity;
  • Prohibit any agency from awarding, extending, or renewing a contract with a company that issued a major subcontract to a covered entity; and
  • Require the termination of existing contracts with covered entities.

As currently drafted, the reach of the proposed legislation is staggering, and would cover any Federal contractor with an affiliated entity (including any parent, subsidiary, successor entity, or beneficial owner of such company) that conducted business in Russia during the covered period. The proposed legislation defines “conducted business” broadly, and includes acquiring, developing, selling, leasing, or operating equipment, facilities, personnel, products, services, personal property, real property, or any other apparatus of business or commerce.

This isn’t the first time we’ve seen the Federal Government actively leveraging its procurement power to affect policy change (see, e.g.Section 889 of the FY19 NDAA, the Federal Contractor Vaccine Mandate), but this legislation may be the most powerful attempt to use procurement policy as a substitute for more traditional warfare.

On April 7, 2022, the House Oversight and Reform Committee passed an amended version of the proposed legislation (which added details around the exceptions, rulemaking process, and adopted a process for “good faith extensions”). The legislation now will move to the full House for consideration. If the proposed legislation is signed into law, the Office of Management and Budget will have only 30 days to issue emergency regulations to implement the statute. Even if this particular legislation doesn’t become law, it is likely something similar impacting Federal contractors will be implemented (perhaps even via Executive Order), and therefore contractors currently conducting business in Russia should develop a proactive plan to mitigate the likely impact.

  1. Current and Proposed State Actions

From condemning Russia to banning the sale of Russian-origin liquor, more than 35 States also have exercised their Executive and Legislative powers to respond to Russia’s actions against Ukraine, all while encouraging private entities to do the same. Some actions largely are symbolic—such as lighting the State Capitol the color of Ukraine’s flag—but others may have significant impact on State economies, and, even more so, on contractors operating within or in conjunction with these States.

Most relevant to contractors, certain States (including California, Colorado, Florida, Massachusetts, Minnesota, Missouri, Mississippi, New Jersey, New York, North Carolina, Ohio, Texas, Vermont, and Washington, to name a few) have announced their intent to terminate all agreements with entities tied to Russia,[2] whether directly via Russian ownership or control, or indirectly by operating in Russia or providing Russian-origin goods. Though many of these State actions are short on specifics at the moment, Ohio is a bit ahead of the curve and already has made clear this prohibition likewise will extend to subcontracts and subcontractors. We expect other States to follow suit.

Certain states have indicated they intend to enforce this prohibition, at least in part, by requiring contractors to submit new representations and certifications regarding their business dealings in Russia (including the business dealings of their subcontractors). Ensuring these representations and certifications are accurate will be critical to mitigate risk in the States with False Claims Act statutes.

Other States have banned the sale, provision, or import of certain Russian-origin products. Though many of these bans involve the sale of Russian-made liquor, some States have extended these prohibitions to products that may more directly affect contractor performance, including oil and gas (Louisiana and Hawaii), and iron and steel (Louisiana). Other States, such as Texas, have taken a more sweeping approach, banning all Russian-origin products outright. The impact on each contractor’s supply chain will vary based on the specific State prohibitions, though given the widespread action across States, there’s certain to be some impact to every contractor’s supply chain.

We have compiled this table here as an overview of current and pending State actions impacting government contractors.[3]

  1. Proactive Steps to Mitigate Risk

In light of this flurry of activity across all levels of the U.S. Government, we’ve compiled this preliminary list of proactive steps government contractors should consider to help ensure compliance (and, maybe, recover additional costs). This is not an exhaustive list – but it’s a good start given the current state of actions against Russia.

  • Rely on your existing screening software to ensure you are not doing business with a sanctioned entity (including an analysis of the ultimate beneficial owner of your customer).
  • Track increased costs tied directly to Russian sanctions (e.g., fuel, iron, alternative sources of supply), and analyze whether you can seek an equitable adjustment for those costs.
  • Monitor whether customers are making unusual requests, like relocating shipments to countries neighboring Russia and Belarus.
  • Evaluate your corporate family’s business dealings in Russia. Given the public pressure against companies currently doing business in Russia, these efforts likely already are underway.
  • Begin assessing the entities in your supply chain (including your subcontractors) to determine if they conduct business operations in Russia. A multi-phased approach that first analyzes the principal place of business of each entity before progressing to certifications from suppliers seems to make the most sense. Where practical, begin to identify alternative suppliers.
  • Monitor Federal and State contracts for modifications incorporating new language restricting business with Russian entities and providing new representation or certification requirements.
  • Carefully review any new representation or certification provisions and ensure your company’s responses are current, accurate, and complete to minimize risks of False Claims Act liability at both the Federal and State levels.

FOOTNOTES

[1] https://encompass-europe.com/comment/securing-eu-critical-raw-material-supplies-after-russias-war#:~:text=Material%20bottlenecks&text=Russian%20supplied%20platinum%2C%20titanium%2C%20and,basic%20commodity%20in%20countless%20industries.

[2] In some instances even local and municipal governments have jumped in on the action. For example, on March 9, 2022, the Dallas City Council approved a resolution proposed by Mayor Eric Johnson that, inter alia, restricts the Council’s ability to approve future contracts with entities that have ties to Russia.

[3] In providing this table, we do not weigh in on the legality of any such action, especially where the Federal Government typically is tasked with primary authority over diplomatic relations and sanctions. Nor do we proclaim this table offers a comprehensive summary of every relevant State action—we not only expect additional resolutions in the days and weeks to come, but also expect that many actions may be amended as they make their way through State legislatures. In providing this summary, we only aim to assist contractors in identifying new and evolving restrictions and requirements impacting contractor performance in those named States.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.

Article By Reid Whitten, Ryan E. Roberts and Ariel Debin of
Sheppard, Mullin, Richter & Hampton LLP

For more articles on government contracts, visit the NLR Government Contracts, Maritime & Military Law section.

What We Know And Don’t About The Federal Court Order Enjoining EO 14042

In news that will be of interest to every federal contractor, including large and small businesses, universities, banks, and the health care industry, Executive Order 14042 (along with the related Task Force Guidance and contract clauses) has been ENJOINED in the states of Kentucky, Ohio, and Tennessee. U.S. District Court Judge Gregory F. Van Tatenhove of the Eastern District of Kentucky issued an order on November 30, 2021 granting Plaintiffs’ (a group including the states of Tennessee, Kentucky, and Ohio) motion for a preliminary injunction.

The decision most certainly will be appealed. In the meantime, contractors with employees performing in Kentucky, Ohio, or Tennessee are not required to comply with the Executive Order or FAR/DFARS clauses. Obviously, this creates a conundrum for federal contractors and subcontractors looking for a uniform way to implement the EO rules.

Background

Plaintiffs Kentucky, Ohio, and Tennessee filed suit in the U.S. District Court for the Eastern District of Kentucky on November 4, 2021, and four days later filed for a Temporary Restraining Order and Preliminary Injunction (“TRO/PI”). The TRO/PI motion asked the Court to enjoin the Government’s enforcement of EO 14042. Plaintiffs challenged the EO on 10 separate grounds, including that it violated the Federal Property and Administrative Services Act (“FPASA”), the Competition in Contracting Act (“CICA”), the Administrative Procedures Act (“APA”), and the U.S. Constitution. The Court held a conference among the parties on November 9 and a hearing on November 18.

The District Court Decision

Regardless of whether one likes the outcome or not, Judge Van Tatenhove’s decision is thoughtfully reasoned and well written. It is methodical and well cited. In sum, Judge Van Tatenhove enjoined the EO not because of the process by which the Administration implemented the mandate (i.e. not due to the lack of a meaningful notice-and-comment period or the unprecedented dynamic nature of the FAR clause), but rather because he found the Administration never had the authority to implement a vaccine mandate in the first place. In other words, the Court issued the injunction because the President of the United States purportedly lacks the statutory or constitutional authority to regulate public health via a contract clause issued pursuant to a procurement statute.

The decision, however, readily concedes that the Court’s view is the beginning, not the end, of the story. “Once again,” the Judge explained, “the Court is asked to wrestle with important constitutional values implicated in the midst of a pandemic that lingers. These questions will not be finally resolved in the shadows. Instead, the consideration will continue with the benefit of full briefing and appellate review. But right now, the enforcement of the contract provisions in this case must be paused.”

The Practical Impact (and Scope) of Kentucky v. Biden

While the Court’s decision is significant, it does NOT apply to all federal contractors. It enjoins the Government “from enforcing the vaccine mandate for federal contractors and subcontractors in all covered contracts in Kentucky, Ohio, and Tennessee.” Sadly, Judge Van Tatenhove does not explain this sentence. Does he mean to enjoin all federal contracts performed in those states, all federal contracts held by contractors operating in those states, or maybe even all federal contracts issued by agencies based in those states? It’s unclear. Adding to the confusion is his statement that the injunction “is properly limited to the parties before the Court” (i.e., the states of Kentucky, Tennessee, Ohio). Here again, we are left to guess what he means.

Subsequent to the Court’s decision, GSA took prompt steps to notify its contractors of the late breaking news. Here is GSA’s take on the scope of the injunction:

Update: On November 30, 2021, in response to a lawsuit filed in the United States District Court, Eastern District of Kentucky, a preliminary injunction was issued halting the Federal Government from enforcing the vaccine mandate for Federal contractors and subcontractors in all covered contracts in Kentucky, Ohio, and Tennessee.

GSA implemented the vaccine mandate stemming from Executive Order 14042 through Class Deviation CD-2021-13. Pursuant to the preliminary injunction, GSA will not take any action to enforce FAR clause 52.223-99 Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors in all covered contracts or contract-like instruments being performed, in whole or in part, in Kentucky, Ohio and Tennessee.

While GSA’s formulation is a bit more useful than the Court’s in that it focuses on contracts “being performed . . . in” the three states, it still does not answer the key question regarding scope.

We think the most common sense interpretation of the scope of the injunction is that it applies to covered employees performing work in Kentucky, Tennessee, and Ohio. That being said, GSA’s interpretation seems to indicate the analysis should be performed at the contract level, rather than the employee level (i.e., if you have even one employee performing on a contract in one of those three states, then the entire contract is exempt from enforcement).

We hope to receive updated Guidance from the Task Force providing a definitive answer to this question in the near future. Until then, Federal contractors and subcontractors are stuck between the proverbial rock and a hard place – having to decide whether to continue marching ahead pursuant to the EO or navigate different rules in different states.

In reaching their own interpretive decision, contractors should keep in mind that the Court order does not prohibit compliance with the EO, it simply enjoins the Government from enforcing the EO. Before a contractor decides to continue rolling out its existing compliance approach as planned, however, it would be well advised to consider this: Now that the EO has been enjoined in Kentucky, Ohio, and Tennessee, one can make a credible (and likely correct) argument the EO requirements are no longer mandatory in those states (both vaccination and making/distancing). This transition from a mandatory to a voluntary rule creates at least two new hurdles for contractors.

  • First, continuing to comply with the FAR/DFARS clauses could create state liability where a state has a law against a vaccine mandate. For example, on November 12, 2021 Tennessee passed TN HB 9077/SB 9014, which prohibits private businesses, governmental entities, schools, and local education agencies from compelling an individual, or from taking adverse action against the individual to compel them, to provide proof of vaccination. Previously, the Executive Order, as a federal law, would have trumped the conflicting state law. Now, however, the unenforceable EO no longer reigns supreme. Accordingly, continuing to impose the EO on a Tennessee workforce creates state risk.
  • Second, continuing to comply with the FAR/DFARS clauses in Tennessee, Kentucky, or Ohio could create problems with a company’s collective bargaining obligations. When the vaccine requirement was a legal obligation, it probably was not required to be collectively bargained. Now that the requirement is no longer a legal obligation (at least in the three states covered by the Court order), imposing a vaccine mandate on union employees may have to be collectively bargained.

Accordingly, while marching ahead with an existing EO 14042 company-wide compliance plan may make great sense from an efficiency and consistency standpoint, it could create unintended risks in at least three states (and certainly in Tennessee).

What Should Contractors Do Now?

The EO 14042 COVID safety contracting landscape (like COVID itself) is changing every day. We are hopeful the Task Force will issue new Guidance soon to help contractors navigate the new hurdles created by the Kentucky decision. Until then, here are a few thoughts for consideration:

  • If you have no employees performing in Kentucky, Ohio, or Tennessee, the Order has no impact on you. The EO still applies to your contracts in other states just as it did prior to the Court’s decision.
  • If you have employees performing in Tennessee, take a close look at TN HB 9077/SB 9014 before making any decision regarding implementation of the EO.
  • If you have employees performing in Kentucky or Ohio and do not have collective bargaining agreements, you may want to continue enforcing the EO to avoid having different rules in different locations. But if you have collective bargaining agreements, make sure you connect with your L&E lawyer before charting a path forward.
  • Consider putting together a communication to your employees who no doubt soon will read a headline and have questions about the Order.
  • For contractors with employees performing in Kentucky, Tennessee, or Ohio, update your current compliance plan.
  • In the absence of further Task Force Guidance, consider staying in close communication with your contracting officer regarding your implementation approach, especially in the three states implicated by the Order.

Additionally, stay on the lookout for additional updates (including from us) on the other pending litigation challenging the EO.

What’s Next?

Speaking of the “other pending litigation,” the docket still is full of challenges to the EO. By our count, there are motions for preliminary injunction pending in cases with 24 additional states as plaintiffs:

 

 

 

 

 

 

 

The judges in these cases are not bound by the Kentucky decision – either on the merits or the scope of any resulting injunction. Meaning, should a judge in one of the remaining cases also strike the EO as contrary to law or the Constitution, that judge could choose to issue a nationwide injunction covering all contractors in all states (or, as the Kentucky judge chose, limit the application to the specific state(s) involved). Only time will tell. As of the publication of this Alert, three of those cases have hearings scheduled for December 3, 6, and 7. We expect decisions shortly thereafter.

Importantly, as the Kentucky decision explicitly recognizes, it’s unlikely any of these district courts will be the final arbiter of the legality of EO 14042. We think it’s only a matter of time until we get the rarely seen, yet always celebrated Supreme Court government contracts decision. Stay tuned.

For Those Wanting A Bit More Detail . . .

For those interested in the details of the Kentucky decision, here is a brief summary:

After analyzing and concluding that the plaintiffs had standing to pursue this matter on behalf of their agencies and businesses operating in their states (a contrary outcome to the U.S. District Court’s recent decision in Mississippi), Judge Van Tatenhove jumped right in to analyzing the myriad arguments raised by Plaintiff. Briefly, here is what he found:

  • FPASA. Plaintiffs argued that the President exceeded his authority under FPASA in issuing the EO. The Court agreed, reasoning that FPASA was intended to give the President procurement powers, not unlimited powers. “FPASA does not provide authority to ‘write a blank check for the President to fill in at his will. . . .” The Court found an insufficiently close nexus between the EO and the need for economy and efficiency in the procurement of goods and services, reasoning that similar logic could authorize a president to outlaw overweight contractor employees since the CDC has concluded that obesity worsens the outcomes of COVID-19. While recognizing the breadth of FPASA and how it historically has been used to promote far-reaching social labor policies (e.g., EO 11246), for this judge at least, the COVID-19 mandate was just a bridge too far.
  • CICA. CICA requires agencies to provide “full and open competition through the use of competitive procedures” in federal procurements. The Court found that the EO violates CICA. According to Judge Van Tatenhove, “contractors who ‘represent the best value to the government’ but choose not to follow the vaccine mandate would be precluded from effectively competing for government contracts.” It seems to us this reasoning does not hold up under close scrutiny. Couldn’t one say the same thing about contractors precluded from contracts where they “choose not to follow” the Trade Agreements Act, Section 889, Executive Order 11246, or any other number of gating procurement rules? In any event, the Court found the argument compelling at least “at this early stage in the litigation.”
  • Non-Delegation Doctrine. The non-delegation doctrine precludes Congress from transferring its legislative power to another branch. Plaintiffs argued that “mandating vaccination for millions of federal contractors and subcontractors is a decision that should be left to Congress (or, more appropriately, the States) and is a public health regulation as opposed to a measure aimed at providing an economical and efficient procurement system.” In evaluating Plaintiffs’ argument, the Court looked to the OSHA rule recently struck down by the Fifth Circuit. “It would be reasonable to assume that a vaccine mandate would be more appropriate in the context of an emergency standard promulgated by OSHA,” Judge Van Tatenhove noted, and then went on to note that even the OSHA ETS was struck down as a violation of the non-delegation doctrine. If the ETS couldn’t withstand a non-delegation challenge, “the Court has serious concerns about the FPASA, which is a procurement statute, being used to promulgate a vaccine mandate for all federal contractors and subcontractors.” The Court acknowledged “that only twice in American history, both in 1935, has the Supreme Court found Congressional delegation excessive.” Nonetheless, Judge Van Tatenhove seems to believe he has found the third. He mused, however, that “it may be useful for appellate courts to further develop the contours of the non-delegation doctrine, particularly in light of the pandemic.”
  • Tenth Amendment. As we all will remember from high school civics (if not from law school), the Tenth Amendment states that “powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.” The Court expressed a “serious concern that Defendants have stepped into an area traditionally reserved to the States,” and held the Tenth Amendment provides an additional reason to enjoin the EO.

In short, Judge Van Tatenhove clearly believes the Plaintiffs, in this case, are likely to prevail on multiple statutory and constitutional bases.

The decision then goes on to discuss whether the President (through his delegated officials) failed to follow applicable administrative procedures in issuing the EO and the subsequent FAR clause. Here, the President fared better than he did with Plaintiffs’ constitutional arguments. The Court concluded that the Administration, while perhaps “inartful and a bit clumsy” at times, “likely followed the procedures required by statute.” The Court also concluded that the Administration did not act arbitrarily or capriciously (as defined by the APA). “The Court finds, based on the limited record at this stage in the litigation, that Defendants have followed the appropriate procedural requirements in promulgating the vaccine mandate.” But this all is little solace to the Administration as it would have been much easier to overcome a procedural error than a constitutional one — let alone the “serious Constitutional concerns” identified by Judge Van Tatenhove.

*Sheppard Mullin partners Jonathan AronieRyan RobertsAnne Perry, and associates Nikki SnyderEmily Theriault, and Dany Alvarado participated in drafting this Alert.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.

Article by the Government Contracts Practice Group with Sheppard, Mullin, Richter & Hampton LLP.

For more about federal court orders and federal contractors visit the NLR Government Contracts Maritime & Military Law type of law page.