Federal Acquisition Regulation: Reporting of Nonconforming Items to the Government-Industry Data Exchange Program, 64680-64696 [2019-24960]

Agencies

• DEPARTMENT OF DEFENSE
• General Services Administration
• National Aeronautics and Space Administration

[Federal Register Volume 84, Number 226 (Friday, November 22, 2019)]
[Rules and Regulations]
[Pages 64680-64696]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-24960]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

GENERAL SERVICES ADMINISTRATION

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

48 CFR Parts 1, 2, 7, 46, and 52

[FAC 2020-02, FAR Case 2013-002; Docket No. FAR-2013-0002, Sequence No. 
1]
RIN 9000-AM58


Federal Acquisition Regulation: Reporting of Nonconforming Items 
to the Government-Industry Data Exchange Program

AGENCY: Department of Defense (DoD), General Services Administration 
(GSA), and National Aeronautics and Space Administration (NASA).

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: DoD, GSA, and NASA are issuing a final rule amending the 
Federal Acquisition Regulation (FAR) to require contractors and 
subcontractors to report to the Government-Industry Data Exchange 
Program certain counterfeit or suspect counterfeit parts and certain 
major or critical nonconformances.

DATES: Effective: December 23, 2019.

FOR FURTHER INFORMATION CONTACT: Ms. Marilyn E. Chambers, Procurement 
Analyst, at 202-285-7380, or by email at [email protected], for 
clarification of content. For information pertaining to status or 
publication schedules, contact the Regulatory Secretariat Division at 
202-501-4755.

[[Page 64681]]

Please cite FAC 2020-02, FAR Case 2013-002.

SUPPLEMENTARY INFORMATION: 

I. Background

    DoD, GSA, and NASA published a proposed rule at 79 FR 33164 on June 
10, 2014, in the Federal Register, to implement sections 818(c)(4) and 
(c)(5) of the National Defense Authorization Act (NDAA) for Fiscal Year 
(FY) 2012 (Pub. L. 112-81, 10 U.S.C. 2302 Note), which required DoD 
contractors and subcontractors to report counterfeit or suspect 
counterfeit electronic parts purchased by or for DoD to the Government-
Industry Data Exchange Program (GIDEP).
    The Presidential Memorandum on Combating Trafficking in Counterfeit 
and Pirated Goods, issued April 3, 2019, states that ``[c]ounterfeit 
trafficking . . . may threaten national security and public safety 
through the introduction of counterfeit goods destined for the 
Department of Defense and other critical infrastructure supply 
chains.'' Accordingly, the Federal Government must improve coordinated 
efforts to protect national security from the dangers and negative 
effects of the introduction of counterfeit goods. This rule furthers 
that aim by requiring contractors to screen for and report critical 
nonconformances, including counterfeits and suspect counterfeits, which 
may impede the performance of mission critical systems, where high 
level quality standards are essential to protect the integrity of 
systems requirements, and are necessary for national defense or 
critical national infrastructure.
    The U.S. Intellectual Property Enforcement Coordinator's Annual 
Intellectual Property Report to Congress, dated February 2019, 
reiterated: ``Counterfeiting is a significant challenge that can impair 
supply chains for both the public and private sectors. In the context 
of the U.S. Government, acquiring products or services from sellers 
with inadequate integrity, security, resilience, and quality assurance 
controls create significant risks, from a national security and mission 
assurance perspective as well as from an economic standpoint (due to 
the increased costs to American taxpayers). Counterfeiting can have 
particularly significant consequences for the Department of Defense 
(DoD) supply chain, by negatively affecting missions, the reliability 
of weapon systems, the safety of the warfighter, and the integrity of 
sensitive data and secure networks.'' (Appendix, p.51.) This rule is 
likely to have a positive impact on national security and critical 
infrastructure where the Government procures elements of the 
infrastructure, for example, Federal Aviation Administration air 
traffic control systems, Department of Agriculture food safety 
equipment, all national defense programs, Department of Transportation 
monitoring of transportation systems, Department of Energy monitoring 
of power generation and distribution networks, etc.
    By reporting in GIDEP, contractors are able to share knowledge of 
counterfeits and critical nonconformances which reduces the risk of 
counterfeit and other nonconforming items entering the supply chain and 
being used in high value, mission critical defense, space, or critical 
infrastructure systems where system failure could threaten national 
security through the loss of satellite-based critical information, 
communication and navigation systems, or other systems resulting in the 
loss of the ability to control connected systems or secure information 
within those systems. Counterfeits are not produced to meet higher-
level quality standards required in mission critical applications and 
are a significant risk in causing failures to systems vital to an 
agency's mission. For weapons, space flight, aviation, and satellite 
systems, these failures can result in the death, severe injuries, and 
millions of dollars in system damage or loss. For example, if 
counterfeits are installed in a missile's guidance system, such missile 
may not function at all, may not proceed to its intended target, or may 
strike a completely unintended location resulting in catastrophic 
losses. Critical nonconforming and counterfeits items may cause 
failures in navigation or steering control systems, planes and flight 
control. Counterfeits can create ``backdoors'' into supposedly secure 
programmable devices which could be exploited to insert circuit 
functions to steal information and relay it to third parties or command 
or prevent the device from operating as designed. Defense, space, and 
aviation systems in particular must meet rigorous component 
specifications; failure of even a single one can be catastrophic 
causing serious problems and placing personnel and the public in harm's 
way.
    GIDEP is a widely available Federal database. Timely GIDEP 
reporting and screening allows all contractors to promptly investigate 
and remove suspect parts from the supply chain and to ensure that 
suspect parts are not installed in the equipment which would result in 
experiencing high failure rates. With this knowledge, contractors can 
also avoid costs resulting from production stoppage, high failure 
rates, rework, or lost time due to maintenance turnaround to remove and 
replace failed parts. This effect is magnified by the fact GIDEP 
permits contractors to learn from the experiences of others across 
industry.
    This rule concentrates on complex items with critical applications 
where the failure of the item could injure personnel or jeopardize a 
vital agency mission. In accordance with the Office of Federal 
Procurement Policy (OFPP) Policy Letter 91-3, all Government agencies 
use GIDEP as the central data base for receiving and disseminating 
information about nonconforming products. Contractor participation has 
been largely voluntary. This rule requires contractors to screen and 
report major or critical nonconformances in order to reduce the risk of 
counterfeit and other nonconforming items entering the supply chain and 
impacting the performance of mission critical items where item failure 
could result in loss of high value items or loss of life.
    GIDEP is a cooperative activity between government and industry 
participants seeking to reduce and ultimately eliminate expenditures of 
resources by sharing technical information essential during research, 
design, development, production and operational phases of the life 
cycle of systems, facilities and equipment. Since GIDEP's inception, 
participants have reported over $2.1 billion in cost avoidance. That 
means without GIDEP, participants could have potentially realized 
additional expenses of over $2.1 billion. In many cases, these costs 
could have been passed on to the U.S. Government. In addition to 
reporting cost avoidance, participants also reported how the 
information helped keep production lines running, preserved readiness 
or avoided dangerous situations. This reporting by GIDEP participants 
is for the purpose of illustrating the value of sharing information 
when common items have issues that could impact safety, reliability, 
readiness and ownership costs.
    Proper utilization of GIDEP data can materially improve the total 
safety, quality and reliability of systems and components during the 
acquisition and logistics phases of the life cycle and reduce costs in 
the development and manufacture of complex systems and mission critical 
equipment.
    Examples of the value of this reporting include discovery of 
counterfeiting operations that supplied parts to many defense and other 
Government contractors and removal from the supply chain of--

[[Page 64682]]

     Faulty rivets that could have caused military aircraft 
failure in flight;
     Counterfeit electronic parts that would have caused a 
$100M failure of a satellite in orbit;
     Counterfeit bolts securing overhead gantry cranes in a 
Government industrial facility;
     Counterfeit raw stock materials (aluminum, steel, and 
titanium) supplied over a decade and used in structural applications 
across defense and civil systems and infrastructure;
     Counterfeit refrigerant with explosive properties that led 
to explosions and fire on several commercial ships;
     Uncertified electronic connectors that shut down large 
parts of the defense and space industrial base production for 6 months 
until solutions to certification could be devised.
    What all these examples have in common is that the items in 
question are largely commercially available common piece parts or small 
assemblies that are used throughout the industrial base and in most 
defense, space, and critical infrastructure programs and can easily 
enter any supply stream.
    In the proposed rule, the FAR Council extended coverage outside of 
DoD to other Government agencies, other types of parts, and other types 
of nonconformance. The FAR Council proposed this because the problem of 
counterfeit and nonconforming parts extends far beyond electronic parts 
and can impact the mission of all Government agencies, such as NASA and 
the Department of Energy, and mission critical systems such as 
avionics, satellites, space flight systems, and nuclear facilities. The 
final rule still applies across all agencies and to parts other than 
electronics, but there was some reassessment of costs and benefits, so 
that rather than applying to all supplies, in addition to the 
requirements for section 818(c)(4) with regard to electronic parts for 
DoD, the rule focuses on supplies that require higher-level quality 
standards or are determined to be critical items (definition added). 
This and other de-scoping efforts (see preamble sections II.A. and 
II.B.1.) reduced the estimated responses from 474,000 to 5,166 
responses, and reduces the estimated burden hours from 1,422,000 hours 
to 30,986 hours, so that information is obtained where it is most 
critically needed.
    A public meeting was held June 16, 2014. Public comments were 
received from 14 respondents (including respondents who provided 
written statements at the public meeting).

II. Discussion and Analysis

    The Civilian Agency Acquisition Council and the Defense Acquisition 
Regulations Council (the Councils) reviewed the comments in the 
development of the final rule. A discussion of the comments and the 
changes made to the rule as a result of those comments are provided as 
follows.

A. Summary of Significant Changes From the Proposed Rule

    1. Applicability. The final rule is significantly descoped.
     It does not apply to contracts and subcontracts for the 
acquisition of commercial items, including commercially available off-
the-shelf (COTS) items.
     Section 818(c)(4) of the NDAA for FY 2012 will not apply 
to contracts and subcontracts at or below the simplified acquisition 
threshold (SAT).
     Rather than applying to all supplies, in addition to the 
requirements for section 818(c)(4) with regard to electronic parts for 
DoD, the rule focuses on supplies that require higher-level quality 
standards or are determined to be critical items (definition added).
     The rule also exempts medical devices that are subject to 
the Food and Drug Administration reporting requirements at 21 CFR 803; 
foreign corporations or partnerships that do not have an office, place 
of business, or paying agent in the United States; counterfeit, suspect 
counterfeit, or nonconforming items that are the subject of an on-going 
criminal investigation, unless the report is approved by the cognizant 
law-enforcement agency; and nonconforming items (other than counterfeit 
or suspect counterfeit items) for which it can be confirmed that the 
organization where the defect was generated (e.g., original component 
manufacturer, original equipment manufacturer, aftermarket 
manufacturer, or distributor that alters item properties or 
configuration) has not released the item to more than one customer.
     Flowdown to subcontracts is similarly descoped. The 
contractor is prohibited from altering the clause other than to 
identify the appropriate parties.
    2. Definitions. In FAR 46.101 and the FAR clause 52.246-26, 
Reporting Nonconforming Items, the definition of ``quality escape'' is 
deleted. A definition of ``critical item'' is added.
    3. Prohibited disclosures. The FAR clause 52.246-26 states 
explicitly the GIDEP policy that GIDEP reports shall not include trade 
secrets or confidential commercial or financial information protected 
under the Trade Secrets Act, or any other information prohibited from 
disclosure by statute or regulation.
    4. Timeframe for notification to the contracting officer. In 
paragraph (b)(2) of FAR 52.246-26, the timeframe for contractor 
notification to the contracting officer of a counterfeit or suspect 
counterfeit item is revised from 30 to 60 days, for consistency with 
the statute.

B. Analysis of Public Comments

1. Scope/Applicability
a. Limit Scope to Statutory Requirement, or at Least Exclude 
Nonconformances
    Comment: Sections 818(c)(4) and (c)(5) of the National Defense 
Authorization Act (NDAA) for Fiscal Year (FY) 2012 apply to all defense 
contractors and subcontractors who become aware, or have reason to 
believe, that any item purchased by or for DoD may contain counterfeit 
or suspect counterfeit electronic parts. The proposed rule applied the 
reporting requirements Governmentwide to all supplies (not just 
electronic parts) and addressed all major or critical nonconformances 
as well as counterfeit or suspect counterfeit items.
     Multiple respondents recommended limiting scope of the 
mandatory reporting rule to the statutory requirement: Counterfeit 
electronic parts and suspect counterfeit electronic parts from defense 
suppliers. Some respondents thought the rule should only apply to 
contractors/subcontractors covered by the cost accounting standards 
(CAS). One respondent recommended that FAR Case 2013-002 be withdrawn 
and a DFARS case be proposed instead. Another respondent stated that 
significant research has identified the problems and risks of 
counterfeit electronic part infiltration into the defense supply chain, 
but is concerned whether the benefits of such broad expansion of the 
scope of the rule justify the additional burdens and costs it will 
impose, not just on industry, but on the Government as well.
     Several respondents questioned the statutory authority for 
extending requirements to contractors for items that are not 
counterfeit. These respondents indicated that GIDEP reporting should be 
strictly limited to counterfeit items. These respondents stated that 
counterfeiting and nonconformance are two distinct problems that 
require different solutions. Another respondent indicated that 
expanding GIDEP reporting to include quality issues could also reduce

[[Page 64683]]

the overall effectiveness of the GIDEP system for combating 
counterfeit-part proliferation and recommended ``deleting the 
requirement for contractor reporting of nonconformances into GIDEP and, 
instead, continuing the process of deferring to the contracting officer 
to make the determination regarding which nonconformances should be 
reported to GIDEP''.
    Response: As stated in the preamble to the proposed rule, the 
problem of counterfeit and other nonconforming parts extends far beyond 
electronic parts and can impact the mission of all Government agencies. 
The Councils note that, despite an erroneous statement in the preamble 
to the proposed rule, the statutory requirement for reporting to GIDEP 
is not limited to CAS-covered contractors and subcontractors but 
applies to all defense contractors and subcontractors. By requiring 
contractors to report to GIDEP counterfeit or suspect counterfeit 
items, as well as common items that have a major or critical 
nonconformance, the rule will reduce the risk of counterfeit items or 
items with major or critical nonconformance from entering the supply 
chain. Reducing the risk of potential damage to equipment, mission 
failure, and even injury or death of personnel is a matter of national 
security, particularly for DoD and NASA, improving operational 
readiness of personnel and systems. It supports the national security 
pillars of readiness, safety and reliability of systems and personnel. 
The FAR Council has the authority under 40 U.S.C. 101 and 121, and 41 
U.S.C. 1303, to prescribe Governmentwide procurement policies in the 
FAR.
    However, in response to public comments, after weighing the risks 
of failure against the cost of compliance with this rule, the final 
rule has significantly descoped the applicability (see FAR 46.317) of 
FAR clause 52.246-26, so that it applies only to acquisition of--
     Items that are subject to higher-level quality standards 
in accordance with the clause at FAR 52.246-11, Higher-Level Contract 
Quality Requirement;
     Items that the contracting officer, in consultation with 
the requiring activity, determines to be critical items (see FAR 
46.101) for which use of the clause is appropriate;
     Electronic parts or end items, components, parts, or 
assemblies containing electronic parts, if this is an acquisition by, 
or for, the Department of Defense, as provided in paragraph (c)(4) of 
section 818 of the NDAA for FY 2012 (Pub. L. 112-81) that exceeds the 
SAT; or
     Services, if the contractor will furnish, as part of the 
service, any items that meet the above-specified criteria.
    The clause will not be required in contracts for the acquisition of 
commercial items (see paragraph II.B.1.b.) or the acquisition of 
medical devices that are subject to the Food and Drug Administration 
reporting requirements at 21 CFR 803 (see paragraph II.B.5.e.).
    Even if the clause is included in the contract, the contractor is 
not required to submit a report to GIDEP (see FAR 52.246-26(c)) if--
     The Contractor is a foreign corporation or partnership 
that does not have an office, place of business, or fiscal paying agent 
in the United States (see paragraph II.B.3.b.);
     The contractor is aware that the counterfeit suspect 
counterfeit or nonconforming item is the subject of an on-going 
criminal investigation, unless the report is approved by the cognizant 
law-enforcement agency (see paragraph II.B.7.b.); or
     For nonconforming items (other than counterfeit or suspect 
counterfeit items), it can be confirmed that the organization where the 
defect was generated (e.g., original component manufacturer, original 
equipment manufacturer, aftermarket manufacturer, or distributor that 
alters item properties or configuration) has not released the item to 
more than one customer.
b. Exclude Commercial Items, Including Commercially Available Off-the-
Shelf (COTS) Items
    Comment: Multiple respondents commented that the proposed rule is 
overly burdensome for commercial item providers, both prime contractors 
and subcontractors. One respondent stated that application of the 
regulation to commercial-item contractors is inconsistent with the 
Federal Acquisition Streamlining Act of 1994 (FASA) and FAR part 12, 
because the regulation is not required by statute or Executive order 
and is not consistent with customary commercial practice. One 
respondent commented that the proposed rule appears intended to build 
on the contractor inspection systems already required by the FAR, but 
that this assumption may not be reasonable for commercial item 
contractors.
    Response: Based on public comments the clause is no longer 
prescribed for use in contracts for the acquisition of commercial items 
using FAR part 12 procedures.
c. Extent of Flowdown
    Comment: Several respondents opposed the mandatory flowdown of the 
reporting requirement clause to all subcontractors and suppliers to all 
tiers within the supply chain. One respondent suggested that even the 
process of communicating its provisions to those required to comply 
will be significant. Another respondent stated that the rule should not 
flow down to providers of COTS items.
    Response: The flowdown in the final rule has been significantly 
reduced. Consistent with the criteria for application of the clause at 
the prime level, the clause only flows down to subcontracts for--
     Items subject to higher-level quality standards in 
accordance with the clause at FAR 52.246-11, Higher-Level Contract 
Quality Requirement;
     Items that the contractor determines to be critical items 
for which use of the clause is appropriate;
     Electronic parts or end items, components, parts, or 
materials containing electronic parts if the subcontract is valued at 
more than the SAT, and if this is an acquisition by, or for, the 
Department of Defense, as provided in paragraph (c)(4) of section 818 
of the NDAA for FY 2012 (Pub. L. 112-81); or
     The acquisition of services, if the subcontractor will 
furnish, as part of the service, any items that meet the above-
specified criteria.
    The clause does not flow down to subcontracts for--
    (i) Commercial items; or
    (ii) Medical devices that are subject to the Food and Drug 
Administration reporting requirements at 21 CFR 803.
d. Exclude Acquisitions Below the Micro-Purchase Threshold
    Comment: One respondent suggested that the way the proposed rule 
was written, it is overly broad in its applicability. To mitigate this, 
the respondent suggested making the reporting requirements inapplicable 
to acquisitions for which the value of the acquired supplies is at or 
below the micro-purchase threshold.
    Response: The proposed rule was not applicable to supplies at or 
below the micro-purchase level. This continues to be the case in the 
final rule.
e. Exclude ``Consumable'' Supplies
    Comment: One respondent was concerned that the proposed clause at 
FAR 52.246-26, Reporting Nonconforming Items, will be required in all 
contracts for supplies and services. Therefore, the respondent 
recommended adding the word ``non-consumable'' to the texts of FAR 
7.105(b)(19), 12.208, 46.102(f), 46.202-

[[Page 64684]]

1, and 46.317, hence reducing the scope and application of the rule.
    Response: In response to the widespread concern that the rule was 
too broad and burdensome, the application and scope of the final rule 
have been significantly reduced so that it is not applicable to all 
supplies and services. However, the requirements of section 818(c)(4) 
of the NDAA for FY 2012 require application to all electronic parts or 
end items, components or materials containing electronic parts in 
acquisitions by or for DoD, (except for acquisitions of commercial 
items or at or below the simplified acquisition threshold). Electronic 
parts are often consumable items. Therefore, ``consumables'' cannot be 
removed as a group from the final rule's reporting requirements. Class 
IX consumables encompass many electrical and electronic parts, 
components, and subassemblies used on today's military systems.
f. Exclude ``Suspect Counterfeit'' Items
    Comment: One respondent requested elimination of the requirement to 
report ``suspect counterfeit'' items from the rule if COTS items were 
not excluded from the rule.
    Response: The Councils have excluded COTs items from the rule, but 
retained the requirement to report ``suspect counterfeit'' items within 
the scope and applicability of this rule. At the time of the initial 
report to GIDEP, most items are still in the category of suspect 
counterfeit items and the fact that an item is suspected of being 
counterfeit is useful information for the Government and industry to 
have because suspect counterfeits have the potential to impact safety, 
performance, and reliability and as such pose a risk.
g. Exclude ``Major Nonconformance''
    Comment: One respondent indicated concern that the definition of 
``major nonconformance'' includes language that could be read to reach 
run-of-the-mill warranty issues. The respondent questioned what types 
of nonconformances are of such significant concern as to warrant 
imposition of the reporting requirement on every supplier at any tier 
in the supply chain. The respondent proposed that the reporting 
obligation be limited to critical nonconformances. Even if this 
limitation is adopted, the respondent is still concerned that a lower-
tier supplier would not have sufficient information about the intended 
use of a part to be able to determine whether a nonconformance is 
``critical.''
    Response: The application of the final rule is not limited to 
critical nonconformances as requested by the respondents, but also 
includes major nonconformances because it is difficult to draw the 
distinction between a major nonconformance and a critical 
nonconformance. Whether a nonconformance is major or critical depends 
on the application. What constitutes only a major nonconformance for 
one application may constitute a critical nonconformance for another 
application. Therefore, it is important to also share the data on major 
nonconformances in GIDEP. Some of the respondent's concerns may be 
alleviated by the overall reduced scope of the rule, e.g., excluding 
commercial items, including commercially available off-the-shelf (COTS) 
items, and reducing flowdown to subcontracts (also see paragraphs 
II.B.2.a. thru c.)
h. Report When Counterfeit Items Are Offered for Sale by Nonauthorized 
Distributors
    Comment: One respondent proposed that the GIDEP program be expanded 
to allow manufacturers the ability to report instances in which 
companies become aware that potentially counterfeit items are offered 
for sale by nonauthorized distributors.
    Response: The final rule has not been changed and the GIDEP program 
has not been expanded to allow manufacturers the ability to report 
instances in which they become aware that potentially counterfeit items 
are offered for sale by nonauthorized distributors. The fact that a 
part is provided by an unauthorized distributor may indicate that a 
part is ``potentially'' counterfeit, but credible evidence (including 
but not limited to visual inspection and testing) is required to 
determine that a part is ``suspect counterfeit.''
i. Embedded Products, Such as Binary Code or Downloaded Apps
    Comment: One respondent was concerned that DoD rules for 
counterfeit and suspect counterfeit electronic parts now include 
``embedded software or firmware'' within their ambit. The respondent 
therefore requested clarification of the applicability of reporting on 
binary code or downloaded apps that are stored in a contractor's data 
system. This respondent suggested that the ability to discover flaws in 
embedded ``products'' was not part of section 818 and its inclusion in 
the detection and avoidance systems rules will cause gaps in the 
reporting process.
    Response: The concern of the respondent with regard to 
applicability to embedded software or firmware is no longer a problem 
because in response to comments at a public meeting held on June 16, 
2014 (after the submission of this comment), the subsequent final DFARS 
rule published on August 2, 2016 (81 FR 50635), under DFARS Case 2014-
D005 entitled ``Detection and Avoidance of Electronic Parts--Further 
Implementation,'' removed the statement about ``embedded software or 
firmware'' from the definition of ``electronic part.'' The FAR rule 
does not address embedded software or firmware in the definition of 
counterfeit or suspect counterfeit items.
2. Definitions
a. ``Nonconformance''
    Comment: Two respondents requested more clarity as to what 
constitutes nonconformance, especially in regard to electronic parts. 
One respondent opined that the rule must identify what types of 
``nonconformances'' are of such significant concern as to warrant 
imposition of this reporting obligation on every supplier at any tier 
in the Government supply chain. Without sufficient clarity regarding 
what constitutes a ``major nonconformance,'' there is risk that 
suppliers will err on the side of over reporting.
    Response: The respondent's concern with regard to imposing the 
reporting obligation on every supplier at any tier is no longer valid 
because the rule no longer applies to all supplies. The clause 
prescription has been revised in the final rule so that the clause will 
not be included in a contract except as provided in the response in 
paragraph II.B.1.a.
    With regard to the meaning of the terms ``critical nonconformance'' 
and ``major nonconformance,'' these terms are not new to this rule, but 
have been used in the FAR for many years and are commonly understood in 
the quality assurance field. FAR 46.101, defines a ``critical 
nonconformance'' as a nonconformance that is likely to result in 
hazardous or unsafe conditions for individuals using, maintaining, or 
depending upon the supplies or services; or is likely to prevent 
performance of a vital agency mission. It defines a ``major 
nonconformance'' to mean a nonconformance, other than critical, that is 
likely to result in failure of the supplies or services, or to 
materially reduce the usability of the supplies or services for their 
intended purpose. As with other items, a nonconforming electronic part 
is one which does not meet the requirements for its intended use. 
Quality standards for electronic parts are widely understood in the 
industry. No further

[[Page 64685]]

explanation of the terms has been added to the final rule.
    Comment: According to one respondent, the final DFARS rule 
published on May 6, 2014, defines a ``counterfeit electronic part'' as 
a knowingly misrepresented part and defines a ``suspect counterfeit 
electronic part'' as an item that a (presumably) higher-tier supplier 
had credible evidence to believe was knowingly misrepresented by a 
lower-tier supplier or the counterfeit maker. The respondent believed 
that same standard, i.e., an intent to deceive, should be applied to 
reporting a nonconforming item because the qualifiers to the 
definitions add no substantive information to allow a supplier to adopt 
a useful model to identify when a nonconforming part must be reported.
    Response: The FAR definitions in the final rule were not changed in 
response to this comment because the intent to deceive only applies to 
counterfeit parts. The FAR proposed rule definitions of ``counterfeit 
item'' and ``suspect counterfeit item'' are similar to the DFARS 
definitions of ``counterfeit electronic part'' and ``suspect 
counterfeit electronic part.'' The definition of ``counterfeit item,'' 
where misrepresentation is an element, is distinct from the definitions 
of an item with a critical or major nonconformance, which do not 
address misrepresentation. The nonconformance definitions purposely do 
not include an ``intent to deceive'' and are based solely on whether 
there is a major or critical nonconformance. It does not matter what 
the contractor's intent was, but only what the quality of the item is.
    Comment: One respondent stated that the criticality of 
nonconformance is often application-specific and industry has no way to 
determine with certainty if another contractor is using a part in a 
manner that might cause a major or critical nonconformance. The 
respondent believes the rule mandates that Government contractors 
understand the design, relevance, and impact of nonconformance(s) on 
all other systems and Government contracts.
    Response: The contractor is not required to determine how a part 
might be used in another application by another contractor. The rule 
creates a contract clause, which will be included in appropriate 
contracts requiring contractors to report under specific conditions 
where the item is being used in a specific application being purchased 
under the contract. No change has been made in the final rule as a 
result of this comment.
b. ``Common Item''
    Comment: Several respondents opined that the definition of ``common 
item'' is overbroad, susceptible to many interpretations, and needs 
further clarification. One respondent noted the current definition 
stated that it is difficult to imagine any item (other than a one-of-a-
kind part) that would not be a ``common item.''
    Response: FAR 46.203(c)(1) currently notes that a ``common item'' 
has multiple applications whereas, in contrast, a peculiar item has 
only one application. In the proposed rule, the term was defined in the 
clause at 52.246-26 to make it more prominent and easier to find, with 
added examples. In the final rule, the Councils have retained the 
definition in the clause, but removed the examples from the definition 
of ``common item'' as they were not necessary and may have caused 
confusion.
c. ``Quality Escape''
    Comment: Two respondents stated that the term ``quality escape'' 
was broad and confusing, did not serve to clarify what would rise to 
the level of being a reportable event, and may result in duplicative 
reporting.
    Response: Based on the comments received, the Councils have removed 
the term ``quality escape'' from the rule.
d. ``Substance of the Clause''
    Comment: One respondent contended that the indefinite meaning of 
the phrase ``substance of this clause'' threatens to introduce enormous 
complexity into already difficult negotiations between higher-tier and 
lower-tier contractors regarding the scope of reporting obligations 
that such lower-tier subcontractors are required to assume. Higher-tier 
contractors could justifiably insist on imposing quality-control and 
reporting requirements that go well beyond those specified in the 
proposed clause to ensure that they fulfill their own obligations under 
the clause.
    Response: The Councils removed the phrase ``substance of the 
clause'' and added language at paragraph (g)(3) of the clause to state 
that the contractor shall not alter the clause other than to identify 
the appropriate parties. In addition, the Councils revised the flowdown 
language to add specificity on how the clause requirements are to be 
flowed down to applicable subcontracts and listed circumstances, such 
as for commercial items, where the clause would not flow down.
e. ``Becomes Aware''
    Comment: One respondent noted that there is no definition of the 
term ``becomes aware,'' so a standard needs to be established that 
recognizes that there are many touch points in a supply chain where a 
counterfeit or suspect counterfeit part could potentially be discovered 
and thus potentially many points where the reporting requirement might 
legitimately surface.
    Response: The Councils have revised paragraph (b)(2) of the clause 
to specify that written notification is required within 60 days of 
``becoming aware or having reason to suspect through inspection, 
testing, record review, or notification from another source (e.g., 
seller, customer, third party)'' that an item is counterfeit or suspect 
counterfeit. A similar change was made in paragraph (b)(4), with regard 
to notification to GIDEP.
3. Government-Industry Data Exchange Program (GIDEP)
a. Access for Contractors to Government-Only Reports
    Comments: Two respondents expressed concern regarding the 
Government's submission of GIDEP reports that are shared exclusively 
with other Government agencies and not with industry. They are 
requesting that these reports be shared with industry to improve 
industry's ability to avoid and detect counterfeits.
    Response: This comment did not result in a change to the final 
rule, because information considered sensitive by DoD concerning 
nonconforming or suspect counterfeit items may need to be temporarily 
withheld from the broader GIDEP industry membership and published in 
GIDEP with the distribution limited only to U.S. Government activities. 
However, to minimize the impact of restricting access to this 
information, DoD activities responsible for these reports are expected 
to release information when deemed appropriate.
b. Access for Foreign Contractors
    Comments: Several respondents expressed concern regarding the 
current limits of GIDEP membership and the crucial need for their 
foreign suppliers to have access to GIDEP data.
    One respondent expressed concern that by not including foreign 
suppliers in GIDEP that this rule would create a barrier to trade since 
foreign suppliers could not comply with the GIDEP related requirements.
    Response: The Councils have determined that the inclusion of 
foreign contractors reporting into GIDEP would

[[Page 64686]]

be beyond the manageable scope of this rule. Therefore, the final rule 
states that foreign contractors and subcontractors are not required to 
submit or screen GIDEP reports. As a result, the applicability of the 
rule has been further reduced.
    However, it is possible for a foreign contractor or subcontractor 
to work through a U.S. contractor that is a member of GIDEP and can act 
as a liaison between the foreign contractor and GIDEP.
c. Capacity
    Comments: One respondent questioned whether GIDEP is sufficiently 
resourced to meet the demands of the increased participation that this 
rule would require.
    Response: In anticipation of increased participation as a result of 
this rule, GIDEP has done an internal assessment of how it will handle 
this increase. For the near term, GIDEP will redirect current in-house 
resources and will reprioritize current workload to accommodate the 
estimated demand. For the long term, GIDEP is modernizing its policies, 
procedures, and information technology to increase capacity to meet 
this and future needs. In addition the rule has been descoped to reduce 
reporting requirements.
d. Search Capability And Screening
    Comments: One respondent expressed concern with the GIDEP search 
capability to identify all suspect counterfeit reports in the GIDEP 
database based on a specific identifier. Request was made for GIDEP to 
provide a specific data field to be included in all suspect counterfeit 
reports that would serve as a unique identifier to facilitate the 
search process.
    One respondent opined that reviewing, or screening, of GIDEP 
reports for suspect counterfeit electronic parts by contractors and 
Government is often geared ``not to find'' affected parts, stating if 
only the exact part number and lot/date code is checked for impact, 
there is little chance of detecting all counterfeit parts. The 
respondent suggested the rule be revised to instruct contractors to 
screen for similar parts purchased or installed from the named 
supplier.
    Response: The search capability of GIDEP is outside the scope of 
this rule and no change to the rule has been made. It should be noted 
that GIDEP search capability, although dated, is very powerful and 
accesses a fully indexed database. GIDEP members are able to perform 
searches based on simple keywords, phrases, or on specific discrete 
fields such as manufacturer, part number, and supplier. GIDEP also 
provides a service for its members called Batch Match. A GIDEP member 
can provide a list of parts, which GIDEP will use to automatically 
search the database for an exact match to any reference that meets the 
provided criteria. If an applicable document is found, the member is 
provided with a list of document references. This matching can be 
performed one time or on an ongoing daily basis.
e. Reporting
i. Guidance To Limit Duplicative Reports, i.e., Who in the Supply Chain 
Reports
    Comments: Several respondents expressed concern that the proposed 
rule as written would require multiple parties in the same supply chain 
to create duplicate reports of the same counterfeit, suspect 
counterfeit or nonconforming part discovery.
    One respondent recommended that the reporting obligation be imposed 
upon only the organization that delivered the nonconforming item, not 
the entity or entities that received the nonconforming item. Another 
respondent recommended that the first point in time in the supply chain 
where ``actual knowledge'' can be established may be the proper point 
for disclosure and reporting to GIDEP.
    Response: The organization that becomes aware or has reason to 
suspect, such as through inspection, testing, record review, or 
notification from another source (e.g., seller, customer, third party), 
that an item purchased by the contractor for delivery to, or for, the 
Government is counterfeit or suspect counterfeit, or that a common item 
has a major or critical nonconformance, is responsible for ensuring a 
GIDEP report is prepared and submitted. Duplicative nonconformance or 
counterfeit reports in GIDEP are defined as events that have the same 
part number, manufacturer, or supplier, the same lot or date code, and 
same technical facts. To save resources in the dispositioning of 
duplicate reports any event deemed to be a duplicate of a previously 
reported incident will be referenced in the ``Comment'' area of the 
GIDEP report. Events involving the same part number and manufacturer 
that had previously been reported to GIDEP may be documented with a new 
GIDEP report having a reference to that earlier report so that GIDEP 
users may reevaluate the disposition previously taken. This type of 
documentation also provides opportunities for Federal agencies to 
better understand issues within their supply chains. No changes were 
made to the final rule as a result of this comment.
ii. Inaccurate or False Reports
    Comments: Several respondents stated the need to ensure that any 
inaccurate or improper information is corrected or removed from the 
GIDEP reports.
    Response: The mechanics of how GIDEP corrects or removes inaccurate 
reports is outside the scope of this rule and no change to the rule has 
been made. Once a report is submitted to GIDEP and entered into the 
database so that it is visible to the GIDEP community it becomes a 
permanent record in the GIDEP information system. Once the record is 
visible to the community, users begin to make decisions and take action 
based on the report's content. In order to facilitate its use, the 
report becomes a historical record that can be referenced for as long 
and as frequently as needed. If an error or an inaccuracy is discovered 
the originator of the document can correct it through the use of an 
amendment record. The amendment is displayed with the original record 
and is made part of the document's history. This way, the most current 
and accurate information is made available and preserved for the GIDEP 
community's use.
iii. Nonconformance Reports
    Comments: Two respondents expressed ``uncertainty about when the 
60-day clock starts running'' for submitting GIDEP reports. The 
respondents questioned whether nonconforming items are to be reported 
immediately, or only after failure analysis is performed by the 
manufacturer. Another respondent recommended that the ``Government 
maintain current GIDEP reporting requirements for key information to 
include in nonconformance reports.''
    Response: The final rule has modified the proposed rule to state 
that the contractor shall submit a report to GIDEP within 60 days of 
``becoming aware or having reason to suspect, such as through 
inspection, testing, record review, or notification from another source 
(e.g., seller, customer, third party) that an item purchased by the 
contractor for delivery to, or for, the Government is ``counterfeit or 
suspect counterfeit item'' or ``a common item that has a major or 
critical nonconformance''. The 60-day period begins when the contractor 
first becomes aware or has reason to suspect that an item is a 
counterfeit or suspect counterfeit item or has a major or critical 
nonconformance.

[[Page 64687]]

iv. Reports to Contracting Officer Versus Reports to GIDEP
    Comments: Several respondents expressed concern about the creation 
of dual and duplicate reporting requirements, i.e., reporting 
counterfeit or suspect counterfeit parts to the contracting officer as 
well as to GIDEP. One respondent recommended that the rule only address 
GIDEP reporting. One respondent stated that the rule gives no guidance 
on what information is to be provided to the contracting officer. The 
respondent asked whether a copy of the GIDEP form would suffice. 
Another respondent requested further clarification on the rationale for 
the dual reporting with regard to counterfeit or suspect counterfeit 
parts.
    Response: In the proposed rule, paragraph (b)(2) of the clause at 
FAR 52.246-26 required the contractor to report counterfeit or suspect 
counterfeit items to the contracting officer. This requirement has been 
retained in the final rule because section 818(c)(4) requires 
contractors and subcontractors to report counterfeit or suspect 
counterfeit electronic parts to ``appropriate Government authorities 
and the Government-Industry Data Exchange Program.'' The contracting 
officer needs to be aware of issues that arise on the contract. With 
regard to content of the report, a copy of the GIDEP report would 
suffice.
v. Automatic Bulletins
    Comments: One respondent recommended that ``GIDEP should be 
configured to automatically issue bulletins to industry when reports 
are input into the system in order to provide the maximum opportunity 
for contractors to reduce the real-time risk of counterfeit, suspect 
counterfeit or nonconforming items entering the supply chain.''
    Response: This is outside the scope of this rule and no change to 
the rule has been made. However, GIDEP provides a number of ways to 
inform industry of recently published reports:
     A Batch Match service allows users to load their parts 
into GIDEP and to be informed via email whenever new published reports 
may impact their parts.
     Weekly report summaries and part numbers are pushed out to 
industry via email links.
     A daily XML feed of data tailored to meet industry's 
specific data requirements is also available.
    GIDEP training emphasizes the capabilities of the various 
notifications systems available to industry.
vi. Instructions, Training, and Assistance
    Comment: One respondent requested clarification as to how GIDEP 
reporting for counterfeit and suspect counterfeit electronic parts will 
work. Several respondents expressed concern that many contractors do 
not currently use the GIDEP database and will not be familiar with how 
to report to GIDEP.
    Response: The operation of GIDEP is outside the scope of this rule 
and no change to the rule has been made. However, it should be noted, 
to better understand how GIDEP reporting works and become familiar with 
how to report to GIDEP, support is provided in a variety of ways to 
assist users.
    Instructions: To assist GIDEP users in submitting suspect 
counterfeit reports, Chapter 7 of the GIDEP Operations Manual ``Failure 
Experience Data'' provides detailed instructions on how to complete a 
suspect counterfeit report. Appendix E ``Instruction for Reporting 
Suspect Counterfeit Parts'' provides detailed instructions on 
completing each field of the GIDEP Forms 97-1 and 97-2. Chapter 7 is 
available for download from the GIDEP public website.
    Training:
     Various GIDEP instructional modules are provided as online 
web-based training.
     Training clinics are held where GIDEP members can attend 
to get personal hands-on training by GIDEP Operations Center personnel.
     Quarterly classroom training is held at the GIDEP 
Operations Center.
     Training is also available remotely through web-
conferencing.
    Help Desk: For the day-to-day issues and questions that may come 
up, the GIDEP Operations Center has a Help Desk.
f. Contractor Responses to Reports
    Comments: One respondent expressed the need for industry to be able 
to provide feedback to GIDEP Reports.
    Response: The operation of GIDEP is outside the scope of this rule 
and no change to the rule has been made. However, it is the standard 
GIDEP process for suppliers and/or manufacturers named in GIDEP reports 
to be given 15 working days to provide their response. Their response 
is then included in the release of the GIDEP report. If anyone should 
take issue with a report or believe they have additional information 
regarding a given report, they are free to discuss their information 
with the original submitter who, in turn, can amend their submitted 
report if they believe it is warranted. The GIDEP database also allows 
for the capture of individual GIDEP member comments in the comment 
field associated with each report.
4. Potential Adverse Impact
a. Increased Costs May Outweigh Benefits
    Comment: Several respondents were concerned that the expansion of 
the statutorily mandated reporting and review requirements creates an 
unnecessary burden on industry that will result in increased costs to 
the Government with benefits unlikely to outweigh those increased 
costs. One respondent stated that the added compliance burdens will 
likely make future contracting opportunities cost-prohibitive for 
businesses of all sizes. Several respondents were concerned that the 
significant burden of the proposed rule may dissuade new companies 
(both prime and subcontractors) from entering the public sector market 
or cause companies to remove themselves from the Federal market place. 
Particularly commercial and COTS suppliers at the lower-tier may choose 
to exit the market.
    Response: The final rule has been significantly descoped, including 
removal of applicability of FAR 52.246-26 to commercial prime contracts 
and exclusion of flowdown to subcontracts for commercial items. In 
addition, the rule no longer applies to all supplies. (See response in 
paragraph II.B.1.a.).
    Furthermore, the information collected during normal quality 
assurance inspection, testing, record review, or notification from 
another source (e.g., seller, customer, third party) is the information 
that is needed for a GIDEP report. Therefore, no changes are required 
to existing quality-assurance systems. In fact, the information 
required is a subset of that collected for the quality assurance 
contract compliance efforts and so only excerpts from the Quality 
Assurance system report are needed in the GIDEP report. The benefits of 
sharing this information will be the reduction of risks presented by 
counterfeit and nonconforming items in the supply chain. In turn, this 
will protect mission critical items and avoid failures impacting 
national security.
b. Expanded Acquisition Planning Requirements
    Comment: One respondent was concerned by the expanded acquisition 
planning requirements proposed at FAR 7.105(b)(19). According to the 
respondent, there are multiple quality standards in various sectors of 
the

[[Page 64688]]

marketplace and, in still others, there are no standards at all. If 
this rule were to apply only to major systems, it might be possible to 
identify the standards in the various industry sectors involved, but 
this would require a number of levels of expertise that individual 
acquisition shops may not possess. The respondents foresee that the 
Government will face challenges in implementation.
    Response: The final rule has amended the proposed text at FAR 
7.105(b)(19), since the rule no longer applies to all supplies or 
service contracts that include supplies. The final rule requires that 
the acquisition plan address whether high-level quality standards are 
necessary in accordance with FAR 46.202, and whether the supplies to be 
acquired are critical items in accordance with FAR 46.101, rather than 
requiring that the acquisition plan address for all supplies ``the 
risk-based Government quality assurance measures in place to identify 
and control major and critical nonconformances''.
c. Civil Liability
    Comment: Various respondents commented on the ``safe harbor'' from 
civil liability that may arise as a result of reporting to GIDEP, 
provided that the contractor made a reasonable effort to determine that 
the items contained counterfeit electronic parts or suspect counterfeit 
electronic parts. This safe harbor in the proposed rule is provided by 
section 818(c)(5) of the NDAA for FY 2012, applicable only to contracts 
awarded by or for the Department of Defense, and only applicable to 
reporting of counterfeit electronic parts or suspect counterfeit 
electronic parts.
    Several respondents supported the safe harbor provisions, but had 
some concern that it may encourage contractors to err on the side of 
reporting to GIDEP, rather than analyzing whether the nonconformance is 
a critical or major nonconformance, and whether the nonconformance is 
genuine.
    Some respondents, expressed concern that expanding the rule beyond 
the original Congressional intent leaves industry open to significant 
civil liability, which Congress could not have intended. According to 
two respondents, the rule should not be extended beyond the original 
statutory scope until Congress provides safe harbor for the expanded 
scope of the rule. Some respondents recommended that the rule should 
afford civil immunity to all contractors covered by the rule, or even 
legal indemnification.
    According to one respondent, lack of safe harbor may disincentivize 
contractors from reporting. Several other respondents were concerned 
that, absent safe harbor provisions for authorized supply chains, the 
Government may find its access to authorized sellers limited.
    Response: With regard to concern that contractors or subcontractors 
will be ``erring on the side of reporting to GIDEP'' because of 
protection against civil liability, the contractor or subcontractor is 
only exempted from civil liability provided that the contractor or 
subcontractor ``made a reasonable effort to determine that the report 
was factual.''
    Section 818(c)(5) of the NDAA for FY 2012 is limited by its 
language to immunity from civil liability to defense contractors and 
subcontractors, only with regard to reporting of counterfeit or suspect 
counterfeit electronic parts. It does not provide a legal basis to hold 
civilian agency contractors immune from civil liability in accordance 
with the plain language of the statute. Immunity is an exemption from 
liability that is granted by law to a person or class of persons. There 
has to be a legal basis to release a contractor from liability either 
under the contract, pursuant to a statute, or in accordance with common 
law. Granting an immunity from liability is achieved by law--either by 
the legislature pursuant to statute, or by the courts under common law 
(e.g., a common law defense to a lawsuit that the contractor asserts 
before the courts), or in accordance with contract terms and 
conditions. The FAR Council is not authorized to expand the statutory 
liability provisions (in this case immunity from civil liability) 
beyond the statutory language, or to include indemnification. 
Therefore, there were no changes from the proposed rule as a result of 
these comments.
d. De Facto Debarment or Suspension
    Comment: One respondent was concerned that reporting of contractors 
and subcontractors may include reporting of third-party items. The 
respondent is concerned that the entity whose item is reported to GIDEP 
is effectively debarred or suspended from Government contracting unless 
and until cleared.
    Response: The focus of suspension and debarment is on the 
responsibility of the contractor or subcontractor. The focus of GIDEP 
is on the conformance of a part, which may or may not reflect badly on 
the contractor or subcontractor. Before a report is submitted to GIDEP 
for publication, the manufacturer of the item or the supplier of the 
suspect counterfeit part is given the opportunity to provide their 
perspective on the issues presented in the report. Often, the 
information presented includes how the part manufacturer is being 
improved to resolve the concerns or how the supplier who provided the 
suspect counterfeit part is improving their quality assurance processes 
or procurement practices. Most GIDEP reports provide an opportunity for 
a positive perception of the entity. There were no changes from the 
proposed rule as a result of this comment.
5. Conflicts or Redundancies
a. Mandatory Disclosure Requirements at FAR 52.203-13
    Comment: Several respondents were concerned about differentiation 
between expanded GIDEP reporting and mandatory disclosure under FAR 
clause 52.203-13. One respondent stated that it is their understanding 
that the DoD Inspector General (DoDIG) Office of Contract Disclosure 
has taken the position that contractors are obliged to report ``any 
discovery of counterfeit electronic parts and non-conforming parts.'' 
This respondent noted that if the FAR clause is in the contract and if 
they find credible evidence of fraud committed somewhere in the supply 
chain, they would report it to the DoDIG via the contract disclosure 
process. However, it is not clear to the respondent that when these 
conditions are not present, that they must still report to the DoDIG. 
One respondent asked for clarification of the obligation of contractors 
under the contemplated expanded reporting requirement and the 
requirement at FAR 52.203-13. Another respondent requested that the FAR 
Council ``expressly state that any reporting required under the rule 
does not implicate or trigger any requirements to notify the IG under . 
. . FAR part 3.10.'' Two respondents cited to the DoD statement in the 
preamble to the final DFARS rule for DFARS case 2012-D055 that the 
mandatory disclosure process suggests that the contractor has committed 
an ethical code of conduct violation, whereas the GIDEP reporting is 
not meant to imply a violation of this nature.
    Response: Counterfeit or suspect counterfeit parts, by definition, 
probably involve fraud at some tier of the supply chain. The evidence 
that led to the conclusion that the part was counterfeit or suspect 
counterfeit should provide the credible evidence required by FAR 
52.203-13 that would require disclosure to the IG. Nonconforming parts, 
on the other hand, do not necessarily involve the fraud or other 
criminal violations or

[[Page 64689]]

civil false claims violations listed at FAR 52.203-13, and therefore 
may, but do not necessarily, trigger the disclosure requirement under 
FAR 52.203-13.
    The fact that the clause is not in the contract may relieve the 
contractor from the specific requirement to report the credible 
evidence of fraud to the IG. However, although the clause at FAR 
52.203-13 is only included in contracts in accordance with the clause 
prescription at FAR 3.1004, the requirements at FAR 3.1003(a)(2) state 
that, whether or not the clause is applicable, a contractor may be 
suspended and/or debarred for knowing failure to timely disclose to the 
Government, in connection with the award, performance, or closeout of a 
Government contract performed by the contractor or a subcontract award 
thereunder, credible evidence of a violation of Federal criminal law 
involving fraud or a violation of the Civil False Claims Act.
    Although the mandatory disclosure under FAR 52.203-13 indicates an 
ethical code of conduct violation at some tier by some entity, that 
does not equate to an ethical violation by the contractor that is 
reporting the violation. Therefore, there was no change from the 
proposed rule as a result of these public comments.
b. FAR Part 46 Quality Assurance Conflicts or Redundancies
    Comment: Two respondents expressed concerns that the additional 
reporting is redundant and extending reporting to other areas 
duplicates controls already in place. One respondent stated that 
contractors are already required to report uncorrected nonconformances.
    Response: While quality management systems standards require 
reporting of nonconformances in some instances, GIDEP reporting is not 
redundant because the GIDEP reporting is to the larger acquisition 
community thereby providing other acquisition activities an opportunity 
to mitigate disruptions caused by suspect and known counterfeit items. 
FAR part 46 and the Quality Management Systems Standards require 
reporting to the customer only. Therefore, there was no change from the 
proposed rule as a result of these public comments.
c. DI-MISC-81832, Data Item Description: Counterfeit Prevention Plan 
(21 Jan 2011) Issued by National Reconnaissance Office (NRO)
    Comment: One respondent stated that the proposed rule is in 
conflict with Data Item Description, DI-MISC-81832 COUNTERFEIT 
PREVENTION PLAN (21 JAN 2011). The contractor is not required by the 
DID to notify the suppliers that the items are suspect counterfeit.
    Response: The clause does not require the contractor to notify the 
suppliers. It requires reporting to the contracting officer and GIDEP. 
Therefore, there was no change from the proposed rule as a result of 
these public comments.
d. GIDEP Failure Experience Data (FED) Operations Manual
i. Notifying More Than One Customer on Single-Use Item
    Comment: One respondent noted that the proposed rule is in conflict 
with the GIDEP Operating Manual. The respondent stated that the GIDEP 
Operating Manual does not require reporting of items ``acquired for a 
specific application or use, and known not to be used by anyone else,'' 
whereas the rule conflicts with this.
    Response: The GIDEP Operations Manual does not conflict with either 
the proposed or the final rule. The rule requires reporting of major or 
critical nonconformances to GIDEP only for ``common items,'' which term 
is defined at FAR 46.101 to mean an item that has multiple applications 
versus a single or peculiar application. The Operations Manual states 
``Items and services uniquely acquired for a specific application or 
use, and known not to be used by anyone else, will not be reported 
through GIDEP. If you are unsure whether the item may be similar to one 
used for another application modified only by the color or slight 
change of form or fit, you should report the nonconforming item or 
service using the applicable form.''
    If parts are procured from sources open to or available to the 
broader industrial base, then it is likely others have procured the 
same part and it should be reported.
ii. GIDEP Community Collaboration
    Comment: Two respondents stated that the GIDEP manual already 
contains a reporting process that many involved with Federal 
contracting already use. One respondent does not support changes to the 
reporting process documented in the manual. According to the 
respondent: ``All enhancements and changes to reporting requirements 
should be implemented through the GIDEP membership community where 
Government and industry advisory groups collaborate, pilot, and execute 
reporting requirement changes.''
    Response: This FAR rule is not changing the GIDEP process. In some 
instances the rule now requires mandatory reporting, rather than 
voluntary reporting, but does not change how to report. No change from 
the proposed rule is required as a result of these comments.
e. Food and Drug Administration MedWatch Database
    Comment: One respondent stated that the intent of the rule is for 
information to be exchanged among agencies about nonconformance. This 
goal is served by the Food and Drug Administration MedWatch database 
for products regulated by the Food and Drug Administration that present 
a risk to health.
    Response: The final rule no longer applies to acquisition of items 
reported in the Food and Drug Administration's MedWatch database due to 
the change to the clause prescription at 46.317(b)(2) and the change to 
the clause flowdown at 52.246-26(g)(2)(ii).
6. Safeguards
a. Proprietary Data Under Trade Secrets Act
    Comments: One respondent expressed concern whether adequate 
measures and processes are in place to ensure that proprietary data or 
information protected under the Trade Secrets Act shall not be 
reported.
    Response: It is GIDEP policy that submitted reports should not 
contain proprietary data. To make this prohibition explicit, the final 
rule adds a new paragraph (d) to the clause at FAR 52.246-26, which 
states that submitted reports are not to include ``trade secrets or 
confidential commercial or financial information protected under the 
Trade Secrets Act.'' It is the practice of GIDEP that all GIDEP reports 
are screened upon receipt for information labelled as proprietary data 
or information protected under the Trade Secrets Act. If this data is 
found, it is brought to the attention of the submitter. If the 
submitter of the report is insistent upon including the proprietary 
data, a written release is obtained.
b. Impact on Ongoing Criminal Investigation
    Comments: One respondent recommended that the proposed rule should 
provide ``clear guidance as to when a report should not be made if a 
criminal investigation is in-process and reporting could impact such 
investigation.''
    Response: The final rule has been modified at FAR 52.246-26(c)(2) 
to add the statement that a GIDEP report should not be submitted when 
the contractor is aware that the issue it is reporting is being 
investigated unless

[[Page 64690]]

the report has been approved by the cognizant law enforcement agency.
c. Export-Controlled Data
    Comments: One respondent expressed concern whether adequate 
measures and processes are in place to ensure that ``export controlled 
data is not inadvertently released to unauthorized parties.''
    Response: The final rule revised the clause at 52.246-26(b)(1) and 
(c)(1) to clarify that the GIDEP reporting and screening requirement 
does not apply if the contractor is a foreign corporation or 
partnership that does not have an office, place of business, or fiscal 
paying agent in the United States. Since foreign corporations will not 
be allowed to screen or submit GIDEP reports, export-controlled data 
will not be inadvertently released to unauthorized parties as a result 
of this rule. Further, when applying for access to GIDEP, all 
applicants are required to agree to the GIDEP Operations Manual, 
Chapter 2, Appendix A, ``GIDEP Terms and Conditions'' that include the 
following--``Safeguard GIDEP data in accordance with the Security and 
Technology Transfer regulations of the U.S. and Canadian Governments. 
The U.S. regulations are located at 15 CFR chapter VII, subchapter C 
``Export Administration Regulations''. For example, these regulations 
include rules covering access by and disclosure to foreign nationals 
employed at the businesses within the United States or Canada.
7. Additional Guidance
a. Disposition of Counterfeit Parts
    Comments: One respondent recommended that the Government establish 
and communicate--
    (1) An official position about what a recipient of suspect/actual 
counterfeit parts should do with the material when it discovers/
determines that it may be counterfeit;
    (2) Procedures the Government would prefer industry follow in 
securing suspect counterfeit electronic parts and preserve the chain of 
custody; and
    (3) Guidance addressing how long after a company notifies the 
Government of its conclusion that industry should retain suspect 
counterfeit electronic parts.
    Response: FAR 46.407(h) provides that the contracting officer shall 
provide disposition instructions for counterfeit or suspect counterfeit 
items in accordance with agency policy. Agency policy may require the 
contracting officer to direct the contractor to retain such items for 
investigative or evidentiary purposes. Also, FAR 52.246-26(b)(3) 
directs the contractor to retain counterfeit or suspect counterfeit 
items in its possession at the time of discovery until disposition 
instructions have been provided by the contracting officer. Therefore, 
no changes from the proposed rule are required.
b. Law Enforcement Lead
    Comments: One respondent noted that industry would prefer a single 
Federal law enforcement agency as a point of contact for questions, 
understanding best practices, referrals, etc. Industry would look to 
this agency for purposes of reporting and investigation of events such 
as discovery of counterfeit electronic parts and recommended that GIDEP 
be the mechanism by which notification to such law enforcement is 
conducted.
    Response: This recommendation is outside the scope of this case and 
no change is made to the final rule.
c. Cooperation Between Original Component Manufacturers (OCMs) and 
Contractors
    Comments: One respondent addressed difficulties with obtaining 
sufficient information from the OCM to suspect an item is counterfeit. 
The respondent indicated that industry benefits, under certain 
circumstances, from attempting to authenticate electronic parts 
procured from other than ``trusted suppliers'' when the OCM cooperates. 
Such circumstances include--
    (1) The parts in question are electronic components for items 
contained in fielded systems previously sold to the Government years 
earlier and are now needed to support replacement or additional 
requirements for those same systems;
    (2) The OCM no longer manufactures the part in question;
    (3) Neither the OCM nor its authorized distributors have the part 
in stock; and
    (4) There is not enough time or inventory to engage authorized 
aftermarket manufacturers.
    According to the respondent, OCMs occasionally refuse to verify 
such information as lot number, date code, and trademark of suspect 
counterfeit parts citing that (1) the reporting company did not 
purchase the part in question from the OCM; (2) taking time to assess 
the part costs the OCM money; and (3) the risk to the OCM involved in 
terms of liability to the seller of the part if the OCM's input to the 
reporting company is incorrect. The respondent recommended that the 
Government allow industry to bring its requests for such information 
from OCMs to Federal law enforcement to obtain the information from the 
OCM or encourage OCMs to cooperate with industry in the collective 
public good.
    Response: It is outside the scope of this case and the authority of 
the Councils to require OCMs to provide information to another entity 
with regard to suspect counterfeit parts; therefore, no change is made 
to the final rule.
8. Technical Corrections/Comments
    Comment: According to one respondent, the FAR text should reference 
12.301(d)(5) rather than 12.301(d)(4) for the requirement to include 
the clause FAR 52.246-26, Reporting Nonconforming Items.
    Response: The respondent is correct. However, this issue is no 
longer relevant, as this clause is no longer required for acquisitions 
of commercial items.
    Comment: One respondent commented that if the proposed rule is 
intended to require flowing down FAR 52.246-26 to commercial-item 
subcontracts awarded under commercial-item prime contracts, then the 
FAR Council should propose corresponding amendments to FAR 52.212-5(e).
    Response: The respondent is technically correct. However, the final 
rule no longer applies to contracts for the acquisition of commercial 
items using FAR part 12 procedures, nor does the rule flow down to 
subcontracts for commercial items.
    Comment: One respondent stated that the proposed rule and clause 
use the term ``contractor'' at some points and ``Contractor'' at other 
points.
    Response: In accordance with FAR drafting conventions, the term 
``contractor'' is not capitalized in the FAR text, but in a clause it 
is capitalized to indicate the prime contractor.
9. Phased Implementation
a. Adequate Time To Develop Practices, Processes, and Tools
    Comment: One respondent proposed a phased implementation approach 
to allow adequate time for the supply base to develop practices, 
processes, and tools to comply with the requirements. This would allow 
for system access and training needs of companies newly reporting in 
GIDEP and for existing participants' to establish internal protocols to 
ensure accurate, timely and complete GIDEP reporting.
    Response: The Councils do not agree that a phased implementation 
approach is necessary and no change is made to the final rule. The 
GIDEP system is well

[[Page 64691]]

established and support is provided in a variety of ways to assist 
users. Instructions are provided in the GIDEP Operations Manual found 
on the GIDEP website, along with information on instructional modules 
and web-based training. Additionally, the GIDEP Operations Center has a 
Help Desk to assist users. These tools will assist with compliance and 
reduce the need to develop extensive practices, processes, and internal 
protocols.
b. Limit Reporting Requirement
    Comment: Two respondents proposed a phased-in approach initially 
limited to reporting counterfeit and suspected counterfeit parts and 
only later expanded once the processes for implementing such systems 
are established and functioning.
    Response: Because the final rule has been significantly descoped 
there is no need for a phased-in approach and no change was made to the 
rule concerning a phased-in approach.
c. Expanded Access to GIDEP
    Comment: One respondent proposed the FAR Council delay 
implementation of the rule or make GIDEP participation voluntary until 
access to GIDEP is more broadly available, specifically to non-U.S. and 
non-Canadian companies who do not presently have access to the system.
    Response: The final rule does not extend access to foreign 
contractors. It has been determined that the inclusion of foreign 
contractors would be beyond the manageable scope of this rule. 
Therefore, the final rule adds the statement in paragraphs (b)(1) and 
(c)(1) of the clause at 52.246-26 that foreign contractors are not 
required to submit or screen GIDEP reports.
d. Commercial Item Contractors' Exemption
    Comment: One respondent proposes to exempt commercial item 
contractors, their subcontractors and suppliers from the initial 
applicability of the rule.
    Response: The final rule was revised to no longer apply to 
acquisition of commercial items and does not require flowdown to 
subcontracts for the acquisition of commercial items.
10. ``Major Rule'' Under 5 U.S.C. 804
    Comment: One respondent disagreed with the statement in the 
preamble to the proposed that this is not a major rule under 5 U.S.C. 
804. The respondent cites the value of current industry investments to 
secure supply chains and ensure product integrity, increased costs to 
the Government customer for compliance, and the additional liability 
costs imposed on the Government industrial base and information and 
communication technology sectors.
    Response: It is not the decision of the FAR Council whether a rule 
is a major rule, but it is, by the definition at 5 U.S.C. 804, the 
decision of the Office of Information and Regulatory Affairs (OIRA). 
OIRA determined that the proposed rule was not a major rule. This final 
rule has significantly less effect than the proposed rule (e.g., 
estimated burden hours reduced from 1,422,000 to 30,966 hours), so is 
even less likely to be considered a major rule. As defined in 5 U.S.C. 
804, ``major rule'' means any rule that the Administrator of the Office 
of Information and Regulatory Affairs of the Office of Management and 
Budget finds has resulted in or is likely to result in--
    (A) An annual effect on the economy of $100,000,000 or more;
    (B) A major increase in costs or prices for consumers, individual 
industries, Federal, State, or local government agencies, or geographic 
regions; or
    (C) Significant adverse effects on competition, employment, 
investment, productivity, innovation, or on the ability of United 
States-based enterprises to compete with foreign-based enterprises in 
domestic and export markets.
    Quality assurance systems already have methods of analyzing and 
dealing with nonconformances; therefore, the bulk of the process in 
gathering information on nonconforming parts is already happening 
(e.g., FAR 52.246-2, Inspection of Supplies--Fixed Price; or 52.246-3, 
Inspection of Supplies--Cost-Reimbursement).
11. Small Business Impact
    Comment: One respondent asserted the analysis of the costs and 
impacts of the proposed rule are greatly underestimated and that small 
businesses most assuredly will be impacted as the proposed rule 
requires a system for ongoing review of GIDEP, audit, investigation, 
and reporting; and investigation and reporting to GIDEP and the 
contracting officer. The respondent pointed out that small businesses 
have limited resources--both in terms of personnel and financial 
resources--to establish systems necessary to engage in these kinds of 
continuous monitoring, auditing, investigating, and reporting 
activities.
    Another respondent stated that, although the proposed rule 
addresses an important objective--to mitigate the threat that 
counterfeit items pose when used in systems vital to an agency's 
mission--the rule imposes significant new monitoring and reporting 
requirements that will pose particular challenges for small businesses. 
The respondent stated that the proposed rule was likely to increase 
costs for smaller businesses. The respondent cited examples, such as by 
requiring them to significantly increase quality assurance and 
compliance investments in order to remain at some tier in the 
Government supply chain, increasing liability costs associated with 
compliance failures, and increasing costs associated with the 
heightened risk of application of the exclusionary authority. This 
respondent also opined that in the section 818 regulatory process, the 
rulemakings have had the net effect of higher-tiered Federal 
contractors trimming their supply chains to eliminate companies unable 
or unwilling to implement flowdown policies or that cannot immediately 
demonstrate well in advance of entering supplier agreements that they 
have the capabilities demanded by the various section 818 rules. 
Ultimately, the by-product of this and other section 818 rulemakings is 
that they disproportionately and negatively impact small businesses 
through reduced participation in the Federal market and reduced Federal 
funding.
    Response: The significant descoping of the applicability of this 
rule both at the prime and subcontract level, including removal of the 
applicability of the clause to commercial prime contracts, and removal 
of the flowdown requirements to subcontracts for commercial items (see 
paragraphs II.B.1.a. through II.B.1.c.) will greatly reduce the impact 
on small businesses. Additionally, the rule does not require 
application of section 818(c)(4) to DoD contracts and subcontracts that 
do not exceed the SAT. Furthermore, while this rule may require small 
businesses to implement new business practices, these practices will 
have the beneficial effect of making the business more competitive as 
potential prime contractors and business partners see the firm has 
instituted practices to avoid passing on counterfeits and items with 
major or critical nonconformances.
    The Councils have revised the rule to lessen burden and reduced 
reporting requirements to the maximum extent while still getting 
information necessary to protect items that require higher-level 
quality standards, critical items, and electronic parts for DOD from 
counterfeit parts and major or critical nonconformances. Changes to the 
rule include: Focusing on supplies that require higher-level quality 
standards or are determined to be critical items, excluding foreign 
contractors and commercial items. Commercial items

[[Page 64692]]

include COTS items. This and other descoping efforts (see preamble 
sections II.A. and II.B.1.) reduced the estimated responses from 
474,000 to 5,166 responses, and reduces the estimated burden hours from 
1,422,000 hours to 30,986 hours, so that information is obtained where 
it is most critically needed.
    Comment: One respondent was concerned that adding negotiations over 
quality assurance may further distort the playing field to hurt small 
businesses attempting to retain a degree of control in their operations 
when negotiating with prime contractors. Conversely, lower-tier 
subcontractors, particularly commercial item contractors and small 
business entities, may assert that they do not have (and cannot afford 
to have) the sophisticated internal control systems necessary to detect 
and categorize the types of nonconforming conditions that require 
reporting to GIDEP. Neither the proposed clause nor the proposed 
regulation offers any guidance for resolving such conflicts.
    Response: Part of the concern of the respondent was that higher-
tier contractors could insist on imposing quality control and reporting 
requirements that go well beyond those specified in the proposed clause 
to ensure that they fulfill their own obligation under the clause. In 
the final rule, paragraph (g)(3) of the clause at 52.246-26 revises the 
flowdown language to restrict changes to the clause (see paragraph 
II.B.2.d.).
12. Information Collection Requirements
    Comment: Various respondents commented on the estimate of the 
information collection requirement in the preamble to the proposed 
rule.
    Several respondents stated that the burden is currently 
underestimated. According to a respondent, the estimate of 474,000 
reports underestimates the potential burden of the expanded reporting 
requirements because it failed to account for the growth in GIDEP 
reporting entities and relies on the number of companies currently 
participating in GIDEP.
    Various respondents commented that 3 hours per report was 
substantially underestimated. One respondent noted that any incident 
must be identified, investigated, and reported. Procedures need to be 
followed, individuals with expertise need to be consulted, tests need 
to be performed and reports to memorialize findings of the review need 
to be prepared and filed. Another respondent noted that a single report 
can take up to 100 hours to complete, including significant legal 
review. Another respondent commented that the ``very low estimate'' 
seems to ignore the significant time and costs associated with 
training, implementation, and the risks of liability.
    Response: DoD, GSA, and NASA have completely revised the estimated 
number of reports per year because the rule has been significantly 
descoped and data was also reviewed regarding the current number of 
participating contractors and the current number of reports submitted, 
resulting in an estimate of 51,657 participating contractors submitting 
5,166 reports per year.
    Industry already has all the information necessary to prepare a 
GIDEP report, based on existing quality assurance systems and 
procedures. However, in response to the industry comments and after 
discussions with subject matter experts, DoD, GSA, and NASA have 
reconsidered the number of estimated hours to prepare, review, and 
submit the report at an average of 6 hours per report (see section VII 
of this preamble).

III. Applicability to Contracts at or Below the Simplified Acquisition 
Threshold (SAT) and for Commercial Items, Including Commercially 
Available Off-the-Shelf (COTS) Items

A. Applicability to Contracts at or Below the SAT

    41 U.S.C. 1905 governs the applicability of laws to contracts or 
subcontracts in amounts not greater than the SAT. It is intended to 
limit the applicability of laws to such contracts or subcontracts. 41 
U.S.C. 1905 provides that if a provision of law contains criminal or 
civil penalties, or if the FAR Council, which includes DoD, makes a 
written determination that it is not in the best interest of the 
Federal Government to exempt contracts or subcontracts at or below the 
SAT, the law will apply to them. The FAR Council has not made this 
determination. Therefore, section 818(c)(4) of Public Law 112-81 will 
not be applied below the SAT at either the prime or subcontract level. 
However, the Governmentwide policy, which is not required by statute, 
with regard to items that require higher level quality standards and 
critical items (including electronic parts), will be applied below the 
SAT, because for such parts, counterfeit or nonconforming parts of any 
dollar value can still cause hazardous or unsafe conditions for 
individual using the equipment and can lead to mission failure.

B. Applicability to Contracts for the Acquisition of Commercial Items, 
Including COTS Items

    41 U.S.C. 1906 governs the applicability of laws to contracts and 
subcontracts for the acquisition of commercial items, and is intended 
to limit the applicability of laws to contracts and subcontracts for 
the acquisition of commercial items. 41 U.S.C. 1906 provides that if a 
provision of law contains criminal or civil penalties, or if the FAR 
Council makes a written determination that it is not in the best 
interest of the Federal Government to exempt commercial item contracts, 
the provision of law will apply to contracts for the acquisition of 
commercial items.
    Likewise, 41 U.S.C. 1907 governs the applicability of laws to the 
acquisition of COTS items, with the Administrator for Federal 
Procurement Policy serving as the decision authority in determining 
whether it is not in the best interest of the Government to exempt 
contracts for COTS items from a provision of law.
    The FAR Council and the Administrator for Federal Procurement 
Policy have not made these determinations with regard to application of 
section 818(c)(4) of Public Law 112-81 to contracts and subcontracts 
for the acquisition of commercial items and COTS items, respectively. 
This final rule will not apply the requirements of section 818(c)(4) of 
Public Law 112-81 or the Governmentwide policy to prime contracts for 
the acquisition of commercial items using FAR part 12 procedures and 
will not flow the clause FAR 52.246-26 down to subcontracts for the 
acquisition of commercial items.

IV. Expected Costs

    DoD, GSA, and NASA have performed a regulatory cost analysis on 
this rule. The following is a summary of the estimated public and 
Government costs. Currently, there is no FAR requirement for 
contractors to exchange information about counterfeit, suspect 
counterfeit or major or critical nonconforming items in a 
Governmentwide database. This final rule establishes the requirement 
for contractors to search for and share information on such items in 
GIDEP. Specifically, the rule adds a new FAR clause at 52.246-26, 
Reporting Nonconforming Items, that includes a requirement for 
contractors to: (1) Screen GIDEP for items which may have critical or 
major nonconformances or items that are counterfeits or suspect 
counterfeits; and (2) report to GIDEP and the contracting officer 
within 60 days of becoming aware or having

[[Page 64693]]

reason to suspect--such as through inspection, testing, record review, 
or notification from another source (e.g., seller, customer, third 
party)--that an end item purchased by the contractor for delivery to, 
or for, the Government is counterfeit or suspect counterfeit. These 
screening and reporting requirements apply to contracts that are: (1) 
Subject to higher-level quality standards in accordance with the clause 
at FAR 52.246-11, Higher-Level Contract Quality Requirement; (2) for 
critical items; or (3) for acquisitions over the simplified acquisition 
threshold of electronic parts or end items, components, parts, or 
assemblies containing electronic parts, by, or for the Department of 
Defense.
    By sharing this information in GIDEP, both the Government and 
contractors will benefit from knowing about and avoiding items with 
critical or major nonconformances, or items that are counterfeits or 
suspect counterfeits. Sharing this information in GIDEP will reduce the 
risk of having such items in the supply chain for mission critical 
items where failure would endanger an agency mission, cause 
catastrophic failures, or endanger human health and the environment. 
Although unable to quantify the benefits of this rule, the Government 
expects reduction in the high costs of potential damage to equipment, 
mission failure, and even injury and death of personnel.
    The following is a summary of the estimated public and Government 
cost savings calculated in perpetuity in 2016 dollars at a 7-percent 
discount rate:

----------------------------------------------------------------------------------------------------------------
                        Summary                                Public           Government           Total
----------------------------------------------------------------------------------------------------------------
Present Value..........................................    $209,045,344.99      $4,007,342.86    $213,052,687.85
Annualized Costs.......................................      14,633,174.15         280,514.00      14,913,688.15
Annualized Value Costs (as of 2016 if Year 1 is 2019)..      11,945,028.99         228,982.98      12,174,011.97
----------------------------------------------------------------------------------------------------------------

    To access the full regulatory cost analysis for this rule, go to 
the Federal eRulemaking Portal at https://www.regulations.gov, search 
for ``FAR Case 2013-002,'' click ``Open Docket,'' and view ``Supporting 
Documents.''

V. Executive Orders 12866 and 13563

    Executive Orders (E.O.s) 12866 and 13563 direct agencies to assess 
all costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distributive impacts, and equity). E.O. 
13563 emphasizes the importance of quantifying both costs and benefits, 
of reducing costs, of harmonizing rules, and of promoting flexibility. 
This is a significant regulatory action and, therefore, was subject to 
review under section 6(b) of E.O. 12866, Regulatory Planning and 
Review, dated September 30, 1993. This rule is not a major rule under 5 
U.S.C. 804.

VI. Executive Order 13771

    This rule is an E.O. 13771 regulatory action. The total annualized 
value of the cost is $14,913,688.15. Details on the estimated costs can 
be found in section IV. of this preamble.

VII. Regulatory Flexibility Act

    DoD, GSA, and NASA have prepared a Final Regulatory Flexibility 
Analysis (FRFA) consistent with the Regulatory Flexibility Act, 5 
U.S.C. 601, et seq. The FRFA is summarized as follows:

    This rule partially implements section 818 of the National 
Defense Authorization Act (NDAA) for Fiscal Year (FY) 2012 (Pub. L. 
112-81, 10 U.S.C. 2302 Note), requiring regulations regarding the 
definition, prevention, detection and reporting of actual or 
suspected counterfeit electronic parts in the Government-Industry 
Data Exchange Program (GIDEP) system. Section 818(c)(4) was directed 
specifically at the reporting of counterfeit or suspect counterfeit 
electronic parts by Department of Defense (DoD) contractors and 
subcontractors; however, the Civilian Agency Acquisition Council and 
the Defense Acquisition Regulations Counsel (the Councils) consider 
the problem of nonconforming and counterfeit parts to be significant 
across the Federal Government and, therefore this rule applies to 
all applicable Federal contracts.
    Respondents expressed concern about the scope of the proposed 
rule and the potential difficulty of tracking and reporting, 
especially for small businesses.
     One respondent asserted that the analysis of the costs 
and impacts of the proposed rule were greatly underestimated and 
that small business most assuredly will be impacted as the proposed 
rule requires a system for ongoing review of GIDEP, audit, 
investigation, and reporting to GIDEP and the contracting officer. 
The respondent pointed out that small businesses have limited 
resources--both in terms of personnel and financial resources--to 
establish systems necessary to engage in these kinds of continuous 
monitoring, auditing, investigating, and reporting activities.
     Another respondent stated that the proposed rule was 
likely to increase cost for smaller businesses. The respondent cited 
examples, such as by requiring them to significantly increase 
quality assurance and compliance investments in order to remain at 
some tier in the Government supply chain, increasing liability costs 
associated with compliance failures, and increasing costs associated 
with the heightened risk of application of the exclusionary 
authority.
    In response to these concerns, the Councils significantly 
descoped the rule, both at the prime and the subcontract level. The 
final rule no longer applies to contracts or subcontracts for the 
acquisition of commercial items. Additionally, the rule does not 
require application of section 818(c)(4) to DoD contracts and 
subcontracts that do not exceed the simplified acquisition threshold 
(see FAR 46.317(a) and 52.246-26(g)(1)).
    The removal of the flowdown requirements will greatly reduce the 
impact on small businesses. While this rule may require small 
businesses to implement new business practices involving screening 
GIDEP reports or reporting in GIDEP if a mission critical 
nonconforming item is discovered, we do not expect the incident of 
finding mission critical nonconformances to be frequent. These 
practices will have the beneficial effect of making the business 
more competitive as potential prime contractors and business 
partners see that the firm has instituted practices to avoid passing 
on counterfeit parts and items with critical nonconformances.
    One respondent was concerned that adding negotiations over 
quality assurance may further distort the playing field to hurt 
small businesses attempting to retain a degree of control in their 
operations when negotiating with prime contractors. Conversely, 
lower-tier subcontractors, particularly commercial-item contractors 
and small-business entities, may assert that they do not have (and 
cannot afford to have) the sophisticated internal control systems 
necessary to detect and categorize the types of nonconforming 
conditions that require reporting to GIDEP. Neither the proposed 
clause nor the proposed regulation offers any guidance for resolving 
such conflicts.
    Part of the concern of the respondent was that higher-tier 
contractors could insist on imposing quality control and reporting 
requirements that go well beyond those specified in the proposed 
clause to ensure that they fulfill their own obligation under the 
clause. This issue has been resolved through amendment of the 
flowdown language to restrict changes to the clause.
    The rule applies to contracts that have higher-level quality 
assurance requirements (FAR 52.246-11), contracts for critical 
items, and DoD contracts for electronic parts that exceed the 
simplified acquisition threshold (other than commercial items). The 
total number of contractors and subcontractors to which the rule 
will apply is estimated to be

[[Page 64694]]

51,657. Of this number, it is estimated 42,153 or 82 percent will be 
small businesses, of which approximately 10 percent may be required 
to submit a GIDEP report in a given year.
    This rule requires screening of GIDEP reports; written notice to 
the contracting officer within 60 days of becoming aware through 
inspection or testing of counterfeit or suspect counterfeit parts 
for delivery to, or for, the Government; and reporting of 
counterfeit and suspect counterfeit items and common items that have 
a critical or major nonconformance into GIDEP.
    The Government vitally needs a program to protect its critical 
assets from the threat of loss and especially where failure of the 
item could injure personnel or jeopardize a vital agency mission. 
The Councils carefully weighed the stated concerns of businesses 
against the serious impact parts with major or critical 
nonconformances may have on critical items.
    As described above, the Councils minimized the economic impact 
on small entities consistent with the stated objects of the rule by 
descoping the rule significantly to the maximum extent possible 
while maintaining the ability to track and avoid counterfeit, 
suspect counterfeit items and common items that have a critical or 
major nonconformance.

    Interested parties may obtain a copy of the FRFA from the 
Regulatory Secretariat Division. The Regulatory Secretariat Division 
has submitted a copy of the FRFA to the Chief Counsel for Advocacy of 
the Small Business Administration.

VIII. Paperwork Reduction Act

    The Paperwork Reduction Act (44 U.S.C. chapter 35) applies. The 
rule contains information collection requirements. OMB has cleared this 
information collection requirement under OMB Control Number 9000-0187, 
titled: ``Reporting of Nonconforming Items to the Government-Industry 
Data Exchange Program.'' Due to the major descoping of the final rule, 
the approved estimated number of responses is substantially less than 
the estimated responses in the preamble to the proposed rule. However, 
the number of hours per response has been increased to 6 hours.
    Respondents: 5,166.
    Responses per respondent: 1.
    Total annual responses: 5,166.
    Preparation hours per response: 6.
    Total response burden hours: 30,996.

List of Subjects in 48 CFR Parts 1, 2, 7, 46, and 52

    Government procurement.

William F. Clark,
Director, Office of Government-wide Acquisition Policy, Office of 
Acquisition Policy, Office of Government-wide Policy.

    Therefore, DoD, GSA and NASA are issuing a final rule amending 48 
CFR parts 1, 2, 7, 46, and 52 as set forth below:

0
1. The authority citation for parts 1, 2, 7, 46, and 52 continues to 
read as follows:

    Authority:  40 U.S.C. 121(c); 10 U.S.C. chapter 137; and 51 
U.S.C. 20113.

PART 1--FEDERAL ACQUISITION REGULATIONS SYSTEM

0
2. In section 1.106 amend the table by adding in numerical sequence, 
the entry for ``52.246-26'' to read as follows:


1.106  OMB approval under the Paperwork Reduction Act.

* * * * *

------------------------------------------------------------------------
            FAR segment                        OMB control No.
------------------------------------------------------------------------
 
                                * * * * *
                  52.246-26                            9000-0187
 
                                * * * * *
------------------------------------------------------------------------

PART 2--DEFINITIONS OF WORDS AND TERMS

0
3. Amend section 2.101 in paragraph (b) by revising the definition 
``Common item'' to read as follows:


2.101   Definitions.

* * * * *
    (b) * * *
    Common item means material that is common to the applicable 
Government contract and the contractor's other work, except that for 
use in the clause at 52.246-26, see the definition in paragraph (a) of 
that clause.
* * * * *

PART 7--ACQUISITION PLANNING

0
4. Amend section 7.105, in paragraph (b)(19) by adding a new sentence 
to the end of the paragraph to read as follows:


7.105   Contents of written acquisition plans.

* * * * *
    (b) * * *
    (19) * * * In contracts for supplies or service contracts that 
include supplies, address whether higher-level quality standards are 
necessary (46.202) and whether the supplies to be acquired are critical 
items (46.101).
* * * * *

PART 46--QUALITY ASSURANCE

0
5. Amend section 46.101 by adding, in alphabetical order, the 
definitions ``Counterfeit item'', ``Critical item'', ``Design 
activity'', and ``Suspect counterfeit item'' to read as follows:


46.101   Definitions.

* * * * *
    Counterfeit item means an unlawful or unauthorized reproduction, 
substitution, or alteration that has been knowingly mismarked, 
misidentified, or otherwise misrepresented to be an authentic, 
unmodified item from the original manufacturer, or a source with the 
express written authority of the original manufacturer or current 
design activity, including an authorized aftermarket manufacturer. 
Unlawful or unauthorized substitution includes used items represented 
as new, or the false identification of grade, serial number, lot 
number, date code, or performance characteristics.
    Critical item means an item, the failure of which is likely to 
result in hazardous or unsafe conditions for individuals using, 
maintaining, or depending upon the item; or is likely to prevent 
performance of a vital agency mission.
* * * * *
    Design activity means an organization, Government or contractor, 
that has responsibility for the design and configuration of an item, 
including the preparation or maintenance of design documents. Design 
activity could be the original organization, or an organization to 
which design responsibility has been transferred.
* * * * *
    Suspect counterfeit item means an item for which credible evidence 
(including but not limited to, visual inspection or testing) provides 
reasonable doubt that the item is authentic.
* * * * *

0
6. Add section 46.317 to read as follows:


46.317   Reporting Nonconforming Items.

    (a) Except as provided in paragraph (b) of this section, the 
contracting officer shall insert the clause at 52.246-26, Reporting 
Nonconforming Items, in solicitations and contracts--as follows:
    (1) For an acquisition by any agency, including the Department of 
Defense, of--
    (i) Any items that are subject to higher-level quality standards in 
accordance with the clause at 52.246-11, Higher-Level Contract Quality 
Requirement;
    (ii) Any items that the contracting officer, in consultation with 
the requiring activity determines to be critical items for which use of 
the clause is appropriate;
    (2) In addition (as required by paragraph (c)(4) of section 818 of 
the National Defense Authorization Act for

[[Page 64695]]

Fiscal Year 2012 (Pub. L. 112-81)), for an acquisition that exceeds the 
simplified acquisition threshold and is by, or for, the Department of 
Defense of electronic parts or end items, components, parts, or 
materials containing electronic parts, whether or not covered in 
paragraph (a)(1) of this section; or
    (3) For the acquisition of services, if the contractor will 
furnish, as part of the service, any items that meet the criteria 
specified in paragraphs (a)(1) through (a)(2) of this section.
    (b) The contracting officer shall not insert the clause at 52.246-
26, Reporting Nonconforming Items, in solicitations and contracts when 
acquiring--
    (1) Commercial items using part 12 procedures; or
    (2) Medical devices that are subject to the Food and Drug 
Administration reporting requirements at 21 CFR 803.
    (c) If required by agency policy, the contracting officer may 
modify paragraph (b)(4) of the clause at 52.246-26, but only to change 
the responsibility for the contractor to submit reports to the agency 
rather than to Government-Industry Data Exchange Program (GIDEP), so 
that the agency instead of the contractor submits reports to GIDEP 
within the mandatory 60 days.

0
7. Amend section 46.407 by adding paragraph (h) to read as follows:


46.407   Nonconforming supplies or services.

* * * * *
    (h) The contracting officer shall provide disposition instructions 
for counterfeit or suspect counterfeit items in accordance with agency 
policy. Agency policy may require the contracting officer to direct the 
contractor to retain such items for investigative or evidentiary 
purposes.

PART 52--SOLICITATION PROVISIONS AND CONTRACT CLAUSES

0
8. Add section 52.246-26 to read as follows:


52.246-26   Reporting Nonconforming Items.

    As prescribed in 46.317, insert the following clause:

Reporting Nonconforming Items (Dec 2019)

    (a) Definitions. As used in this clause--
    Common item means an item that has multiple applications versus 
a single or peculiar application.
    Counterfeit item means an unlawful or unauthorized reproduction, 
substitution, or alteration that has been knowingly mismarked, 
misidentified, or otherwise misrepresented to be an authentic, 
unmodified item from the original manufacturer, or a source with the 
express written authority of the original manufacturer or current 
design activity, including an authorized aftermarket manufacturer. 
Unlawful or unauthorized substitution includes used items 
represented as new, or the false identification of grade, serial 
number, lot number, date code, or performance characteristics.
    Critical item means an item, the failure of which is likely to 
result in hazardous or unsafe conditions for individuals using, 
maintaining, or depending upon the item; or is likely to prevent 
performance of a vital agency mission.
    Critical nonconformance means a nonconformance that is likely to 
result in hazardous or unsafe conditions for individuals using, 
maintaining, or depending upon the supplies or services; or is 
likely to prevent performance of a vital agency mission.
    Design activity means an organization, Government or contractor, 
that has responsibility for the design and configuration of an item, 
including the preparation or maintenance of design documents. Design 
activity could be the original organization, or an organization to 
which design responsibility has been transferred.
    Major nonconformance means a nonconformance, other than 
critical, that is likely to result in failure of the supplies or 
services, or to materially reduce the usability of the supplies or 
services for their intended purpose.
    Suspect counterfeit item means an item for which credible 
evidence (including but not limited to, visual inspection or 
testing) provides reasonable doubt that the item is authentic.
    (b) The Contractor shall--
    (1) Screen Government-Industry Data Exchange Program (GIDEP) 
reports, available at www.gidep.org, as a part of the Contractor's 
inspection system or program for the control of quality, to avoid 
the use and delivery of counterfeit or suspect counterfeit items or 
delivery of items that contain a major or critical nonconformance. 
This requirement does not apply if the Contractor is a foreign 
corporation or partnership that does not have an office, place of 
business, or fiscal paying agent in the United States;
    (2) Provide written notification to the Contracting Officer 
within 60 days of becoming aware or having reason to suspect, such 
as through inspection, testing, record review, or notification from 
another source (e.g., seller, customer, third party) that any end 
item, component, subassembly, part, or material contained in 
supplies purchased by the Contractor for delivery to, or for, the 
Government is counterfeit or suspect counterfeit;
    (3) Retain counterfeit or suspect counterfeit items in its 
possession at the time of discovery until disposition instructions 
have been provided by the Contracting Officer; and
    (4) Except as provided in paragraph (c) of this clause, submit a 
report to GIDEP at www.gidep.org within 60 days of becoming aware or 
having reason to suspect, such as through inspection, testing, 
record review, or notification from another source (e.g., seller, 
customer, third party) that an item purchased by the Contractor for 
delivery to, or for, the Government is--
    (i) A counterfeit or suspect counterfeit item; or
    (ii) A common item that has a major or critical nonconformance.
    (c) The Contractor shall not submit a report as required by 
paragraph (b)(4) of this clause, if--
    (1) The Contractor is a foreign corporation or partnership that 
does not have an office, place of business, or fiscal paying agent 
in the United States;
    (2) The Contractor is aware that the counterfeit, suspect 
counterfeit, or nonconforming item is the subject of an on-going 
criminal investigation, unless the report is approved by the 
cognizant law-enforcement agency; or
    (3) For nonconforming items other than counterfeit or suspect 
counterfeit items, it can be confirmed that the organization where 
the defect was generated (e.g., original component manufacturer, 
original equipment manufacturer, aftermarket manufacturer, or 
distributor that alters item properties or configuration) has not 
released the item to more than one customer.
    (d) Reports submitted in accordance with paragraph (b)(4) of 
this clause shall not include--
    (1) Trade secrets or confidential commercial or financial 
information protected under the Trade Secrets Act (18 U.S.C. 1905); 
or
    (2) Any other information prohibited from disclosure by statute 
or regulation.
    (e) Additional guidance on the use of GIDEP is provided at 
https://www.gidep.org/about/opmanual/opmanual.htm.
    (f) If this is a contract with the Department of Defense, as 
provided in paragraph (c)(5) of section 818 of the National Defense 
Authorization Act for Fiscal Year 2012 (Pub. L. 112-81), the 
Contractor or subcontractor that provides a written report or 
notification under this clause that the end item, component, part, 
or material contained electronic parts (i.e., an integrated circuit, 
a discrete electronic component (including, but not limited to, a 
transistor, capacitor, resistor, or diode), or a circuit assembly)) 
that are counterfeit electronic parts or suspect counterfeit 
electronic parts shall not be subject to civil liability on the 
basis of such reporting, provided that the Contractor or any 
subcontractor made a reasonable effort to determine that the report 
was factual.
    (g) Subcontracts.
    (1) Except as provided in paragraph (g)(2) of this clause, the 
Contractor shall insert this clause, including this paragraph (g), 
in subcontracts that are for--
    (i) Items subject to higher-level quality standards in 
accordance with the clause at FAR 52.246-11, Higher-Level Contract 
Quality Requirement;
    (ii) Items that the Contractor determines to be critical items 
for which use of the clause is appropriate;
    (iii) Electronic parts or end items, components, parts, or 
materials containing electronic parts, whether or not covered in 
paragraph (g)(1)(i) or (ii) of this clause, if the subcontract 
exceeds the simplified

[[Page 64696]]

acquisition threshold and this contract is by, or for, the 
Department of Defense (as required by paragraph (c)(4) of section 
818 of the National Defense Authorization Act for Fiscal Year 2012 
(Pub. L. 112-81)); or
    (iv) For the acquisition of services, if the subcontractor will 
furnish, as part of the service, any items that meet the criteria 
specified in paragraphs (g)(1)(i) through (g)(1)(iii) of this 
clause.
    (2) The Contractor shall not insert the clause in subcontracts 
for--
    (i) Commercial items; or
    (ii) Medical devices that are subject to the Food and Drug 
Administration reporting requirements at 21 CFR 803.
    (3) The Contractor shall not alter the clause other than to 
identify the appropriate parties.
    (End of clause)

[FR Doc. 2019-24960 Filed 11-21-19; 8:45 am]
 BILLING CODE 6820-EP-P