Trade groups seek relief from China-sourcing rules

A group of technology trade associations wants Congress to ease restrictions on the ability of several government agencies to acquire IT sourced from China.

The restrictions, which were written into the fiscal 2013 continuing resolution that is funding the federal government through Jan. 15, 2014, require NASA, the Justice Department, the Commerce Department and the National Science Foundation to certify that new IT products don't come from "entities that are owned, directed or subsidized by the People's Republic of China."

The technology industry fought the provision when it was included in the continuing resolution at the insistence of Rep. Frank Wolf (R-Va.), who leads the appropriations subcommittee that funds the affected agencies, and industry leaders hope to keep it out of any new short-term spending bill. The language is included in a House appropriations bill that was reported out of Wolf's committee in July.

More significantly, with Congress poised to pass a budget deal and then pivot to full-year appropriations, vendors are concerned that the restrictions could be reauthorized with the imprimatur of regular order, making them more likely to remain a permanent fixture of funding bills.

In a Dec. 10 letter to House Appropriations Committee leaders, a coalition of 13 trade associations urged Wolf and others not to include the China-specific language and instead use a provision from the Senate version of the Commerce-Justice-Science spending bill that directs agencies to evaluate supply-chain risks based on federal standards developed by the National Institute of Standards and Technology.

The letter from the U.S. Chamber of Commerce, the IT Industry Council (ITIC), the Professional Services Council and others asserts that the restrictions in the current continuing resolution have "unnecessarily slowed federal purchases of needed security technologies, putting key federal agencies behind the technology cycle and leaving them vulnerable," while making it difficult for agencies to allocate security resources where needed.

Wolf has said in the past that the restrictions are intended to apply to known bad actors, in reference to companies that have strong ties to the Chinese military. His office did not respond to inquiries for this story.

Implementation of the law has been uneven, but some rules are spelled out in NASA's Solutions for Enterprise-Wide Procurement (SEWP) contract vehicle. Under that contract, vendors are required to attest that IT components and software code have not passed through companies underwritten by the Chinese government at any point along the supply chain. Companies that get such information wrong are potentially subject to liabilities, said Maryam Cope, director of government relations at ITIC, adding, "It's difficult language to work with."

The questions companies have to answer to satisfy the SEWP requirements "have nothing to do with cybersecurity," Cope told FCW. "They have to do with country of origin."

Although industry has not put a price tag on compliance, companies are concerned that the provision is affecting their ability to sell products to the U.S. government and to compete in global markets. Other governments, including China, have been critical of the rules and threatened to retaliate against U.S. companies.

If Congress passes a budget deal struck earlier this week, country-of-origin rules will likely take center stage as a technology policy issue early next year as lawmakers hammer out final versions of fiscal 2014 appropriations bills.