As a result of the 2019 National Defense Authorization Act, the Secretary of Defense implemented new disclosure obligations on software licensors whose software code has been reviewed or accessed by a foreign government. The Act was signed into law on August 13, 2018 and will significantly impact software licensors who engage with the federal government’s defense agencies relating to “obligations to foreign governments.”
Under the law, the Department of Defense is prohibited from using any “product, service, or system relating to information or operational technology, cybersecurity, an industrial control system, a weapons system, or computer antivirus provided by a ‘person’” unless that person has allowed a foreign government to review or access the code for the product or service or if that person is under any obligation “as a condition of entering into an agreement for sale or other transaction with a foreign government or with a foreign person on behalf of such a government” to do so.
Moreover, if the person is a US person or affiliate, the person must disclose whether he or she has ever sought or currently holds a license under the Export Administration Regulations (EARs) or International Traffic in Arms Regulations (ITARs), as such disclosures are exempt from FOIA or corresponding state access to information laws.
Finally, the government will revise its current procurement contracts to include a clause requiring that the above information be disclosed during the term of the agreement. This includes “any mitigation measures taken or anticipated.” The Secretary of Defense will determine any mitigation measures and may condition the procurement agreement.
Software licensors that are government defense contractors (even to US-only customers) should review their supply chains for compliance with these new disclosure obligations.
To learn more about recent developments impacting software licensors, please click here.