Will the New “Buy American” Executive Order Impact Federal IT Contractors?

Key Takeaways:

• The FAR Council will be evaluating the commercial item exception to Buy American laws for IT and making recommendations on whether or not to reign in the exception.
• The need to continually improve federal cybersecurity is a primary driver for increasing domestic sourcing of IT products and services in the federal government, regardless of FAR Council findings and recommendations.
• Federal IT contractors should continue to limit and ramp down foreign-sourced parts, components, products and services, not only to comply with the Buy American Act, Trade Agreements Act and any new regulations stemming from the EO, but also for supply chain security and cybersecurity.

Last week, President Biden signed an Executive Order (EO) to promote the buying of American-made products and services by the federal government, entitled “Ensuring the Future Is Made in All of America by All of America’s Workers.” The EO’s intent is to funnel more federal spending to U.S. companies and employees by reigning in waivers and exemptions to Buy American regulations. The EO also creates a director of Made in America at OMB to oversee the all-of-government Made in America initiative. Additionally, the EO requests that the FAR Council review existing constraints on the extension of “Made in America Laws to information technology that is a commercial item and develop recommendations for lifting these constraints.”

From the perspective of creating U.S. jobs and bolstering the U.S. economy, federal contract spending is a small fraction of U.S. GDP, which according to the World Bank totaled $21.4 trillion in 2019. Total federal prime contract spending, or obligations, for federal FY 2019 totaled $525 billion, or only 2.4% of U.S. GDP, and only 4.3% of total federal prime contract spending for FY 2019 went to foreign businesses and 5.3% in FY 2020. 

Federal spending on IT products and services is even a smaller fraction of these totals when compared to U.S. GDP, totaling $93 billion in FY 2019 and $115 billion in FY 2020, with even smaller percentages being supplied by foreign businesses, at 2.4% and 3% respectively.

These numbers do not take into account parts, assemblies, and products supplied to federal contractors from foreign entities and then sold to the federal government by U.S. companies, but it gives us some idea of scale. 

Even though any shift to narrowing the exception for foreign purchase of commercial IT items will have little effect on the U.S. economy as a whole, the industry is already moving in this direction for a very different reason, cybersecurity. IT contractors are being held more accountable for the security of their supply chains from not only an availability perspective but even more so, from a cybersecurity perspective.

Shoring up cybersecurity on federal networks and systems is a priority government-wide, especially in light of breaches such as that with Solarwinds. In August, changes to the FAR were implemented to prohibit contracting for certain Chinese telecommunications and video surveillance services or equipment.

DOD continues to keep moving toward firming up the defense supply chain by developing domestic (and trusted foreign) sources for sensitive materials and technologies such as heavy metals, drones and network communication components. The most recent National Defense Authorization Act (NDAA) contains provisions that ramp down the allowable percentage of foreign-produced circuit board components over time. Beginning in FY 2023, DOD will require contractors and subcontractors that provide printed circuit boards, to certify the total percentage of the value of boards manufactured and assembled within the US, or in an approved foreign country, must be at least 50% from FY 2023-2027. The percentage increases to 100% by FY 2033.

As far the recent Buy American EO is concerned, there may be limits to the FAR Council’s authority to change a statutory requirement, such as the commercial item IT exception. In a recent Federal News Network interview, Larry Allen, an industry marketing consultant, stated that the EO along with the Buy American Act and Trade Agreements Act “… can get very complicated. Right now, it’s the case that either Buy American applies or Trade Agreements applies, you don’t really have the situation where both acts apply at one time.”

The Trade Agreements Act (TAA) prohibits federal procurement of products from non-designated countries unless the product at issue has been “substantially transformed” in the U.S. or in a designated country. The Act can be applied to software and even cloud computing.

I believe cybersecurity risks rather than Biden’s new EO are driving federal agencies and their IT contractors to be more diligent about the IT products and services they are sourcing for government contracting work. In my opinion, we will continue to see a shift to more domestically sourced IT products and services due to cybersecurity risks, regardless of how the FAR Council weighs in on the IT commercial item exception in the Buy American Act.

Federal IT contractors should continue to limit and ramp down foreign-sourced parts, components, products and services, not only to comply with the Buy American Act, Trade Agreements Act and any new regulations stemming from the EO, but also for supply chain security and cybersecurity.