Flash Brief: FAR (Federal Acquisition Regulation) Semiconductor Prohibition

Event Type: FAR Update

Severity: HIGH

Date Issued: 2025-01-23

Effective Date: December 23, 2027

---

TL;DR

The FAR Council is proposing amendments to prohibit federal agencies from procuring products or services containing covered semiconductor products or services, effective December 23, 2027. This implements Section 5949 of the FY2023 NDAA (National Defense Authorization Act) and will fundamentally reshape supply chain compliance requirements across the entire federal contracting base. Contractors must immediately audit their semiconductor supply chains, identify covered products, and prepare mitigation strategies before the 2027 deadline. This is not optional—non-compliance will result in contract ineligibility across all executive agencies.

---

Key Points

• What Happened: The FAR Council published a proposed rule prohibiting executive agencies from procuring or obtaining products/services that include covered semiconductor products or services, implementing FY2023 NDAA Section 5949.
• Who Is Affected: All federal contractors, subcontractors, and vendors across every agency—particularly those in IT hardware, telecommunications, defense systems, IoT devices, automotive systems, medical devices, and any product containing semiconductors in their supply chain.
• Timeline: Proposed rule is open for comment now; final rule expected 12-18 months before the December 23, 2027 hard deadline. Contractors have approximately 34 months to achieve full compliance.
• Immediate Action Required: Conduct comprehensive semiconductor supply chain audits within 30 days, map all products containing semiconductors, identify country-of-origin for all chips, establish supplier certification protocols, and begin engaging alternate suppliers for any covered semiconductors.

---

Who Is Affected

All Federal Contractors — This is a government-wide prohibition affecting every executive agency. No contract vehicle, agency, or NAICS code is exempt.

High-Impact Sectors (NAICS Codes):

• 334111 — Electronic Computer Manufacturing
• 334210 — Telephone Apparatus Manufacturing
• 334220 — Radio and Television Broadcasting and Wireless Communications Equipment Manufacturing
• 334290 — Other Communications Equipment Manufacturing
• 334413 — Semiconductor and Related Device Manufacturing
• 334511 — Search, Detection, Navigation, Guidance, Aeronautical, and Nautical System and Instrument Manufacturing
• 336411 — Aircraft Manufacturing
• 336412 — Aircraft Engine and Engine Parts Manufacturing
• 541512 — Computer Systems Design Services
• 541519 — Other Computer Related Services

Affected Agencies:

All executive agencies, with highest exposure at:

• Department of Defense (DoD (Department of Defense))
• General Services Administration (GSA (General Services Administration))
• Department of Homeland Security (DHS (Department of Homeland Security))
• Department of Energy (DOE)
• NASA
• Intelligence Community agencies

Contract Vehicles:

• GSA Multiple Award Schedules (MAS)
• GSA OASIS+
• NASA SEWP
• NIH CIO-SP4
• All DoD IDIQ (Indefinite Delivery/Indefinite Quantity) vehicles (STARS III, Alliant 3, etc.)
• Agency-specific BPAs and GWACs

Critical: This applies to prime contractors AND subcontractors. Flow-down clauses will be mandatory.

---

Frequently Asked Questions

Q: What qualifies as a "covered semiconductor product or service"?

The proposed rule defines covered semiconductors as those designed, fabricated, packaged, tested, or assembled in countries of concern (primarily China and Russia, though the final rule will specify). This includes integrated circuits, microprocessors, memory chips, and system-on-chip (SoC) components. The prohibition extends to services that rely on covered semiconductors, meaning cloud services, managed IT services, or SaaS platforms running on infrastructure with covered chips may also fall under scope. Contractors must trace semiconductor provenance through their entire supply chain, including third-party components and COTS products.

Q: Does this apply to existing contracts or only new awards after December 2027?

The proposed rule indicates the prohibition applies to new procurements made on or after December 23, 2027. However, contractors should anticipate that contract modifications, option exercises, and task order competitions under existing vehicles may trigger the new requirements. Agencies will likely issue class deviations or vehicle-specific guidance 12-24 months before the deadline. Prudent contractors should assume any contract action after December 2027 will require certification of semiconductor compliance, regardless of the base contract award date.

Q: How will contractors prove compliance?

The FAR Council is expected to require contractor representations and certifications (reps & certs) at the time of offer and potentially ongoing compliance attestations during performance. Contractors will need to establish supply chain traceability systems that document semiconductor country-of-origin for every component. This means obtaining supplier declarations, conducting audits of subcontractors and COTS vendors, and maintaining audit-ready documentation. The compliance burden mirrors DFARS (Defense Federal Acquisition Regulation Supplement) 252.204-7012 (cybersecurity) and CMMC (Cybersecurity Maturity Model Certification) requirements—expect similar rigor. Reference the Secure Operations Guide (/insights/secure-operations-guide) for frameworks on building audit-ready compliance systems.

Q: What happens if we can't eliminate covered semiconductors by December 2027?

Non-compliance means contract ineligibility. Agencies will not be permitted to award contracts to vendors who cannot certify their products/services are free of covered semiconductors. For contractors heavily reliant on Chinese-manufactured chips (common in commercial electronics), this requires immediate supply chain diversification. Options include: (1) re-sourcing to U.S., EU, Japan, South Korea, or Taiwan fabrication; (2) redesigning products to use compliant components; (3) obtaining waivers (if the final rule includes a waiver process, which is uncertain); or (4) exiting federal markets that cannot be served with compliant products. This is an existential issue for some contractors.

Q: Will there be a waiver process?

The proposed rule does not currently specify a waiver mechanism, though public comments will likely advocate for one. Contractors should not assume waivers will be available or easy to obtain. Even if included in the final rule, waivers will likely require demonstrating: (1) no alternative suppliers exist, (2) the product/service is critical to national security, and (3) a concrete plan to transition to compliant sources. Waiver reliance is a high-risk strategy.

---

Definitions

• Covered Semiconductor Products: Integrated circuits, microprocessors, memory chips, and related components that are designed, fabricated, packaged, tested, or assembled in countries designated as adversarial or of concern (expected to include China, Russia, and potentially others as specified in the final rule).
• Covered Semiconductor Services: Services that rely on or incorporate covered semiconductor products, including cloud computing, managed IT services, telecommunications services, and software-as-a-service platforms running on infrastructure containing covered semiconductors.
• FAR Council: The Federal Acquisition Regulatory Council, composed of the Office of Federal Procurement Policy (OFPP), Department of Defense (DoD), General Services Administration (GSA), and NASA, responsible for maintaining and amending the Federal Acquisition Regulation.
• Section 5949 (FY2023 NDAA): The statutory provision in the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 that mandates this prohibition, aimed at reducing federal government dependence on semiconductors from adversarial nations.
• Supply Chain Traceability: The documented ability to track the origin, manufacturing location, and custody chain of semiconductor components through all tiers of suppliers, subcontractors, and COTS vendors.
• Flow-Down Clause: A contract provision requiring prime contractors to impose the same requirements on their subcontractors, ensuring compliance cascades through all tiers of the supply chain.

---

Intelligence Response

Cabrillo Signals War Room detected this proposed FAR amendment within minutes of Federal Register publication and automatically escalated it to HIGH severity based on government-wide scope and hard compliance deadline. The War Room continuously monitors FAR cases, agency-specific supplements, NDAA implementation timelines, and related supply chain security rulemakings to ensure no regulatory shift goes undetected.

Immediate Platform Actions:

1. Cabrillo Signals Match Engine — Automatically rescored all active opportunities and pipeline pursuits to flag those involving semiconductor-dependent products or services. Contractors should review rescored opportunities within 24 hours to identify at-risk pursuits and adjust bid/no-bid decisions. The Match Engine will continue monitoring for follow-on guidance, agency-specific implementations, and solicitations that reference the new FAR clause.

2. Cabrillo Signals Intelligence Hub — Activated tracking on all affected NAICS codes (334xxx series, 336xxx, 541512, 541519) and flagged contract vehicles with high semiconductor exposure (GSA MAS, SEWP, OASIS+). Set up saved searches to alert when agencies issue class deviations, solicitation amendments, or pre-solicitation notices requiring semiconductor compliance certifications. The Intelligence Hub will monitor SAM.gov (System for Award Management) for early adopters implementing the rule before the 2027 deadline.

3. Proposal Studio (Proposal OS) — Updated compliance matrices to include semiconductor supply chain traceability as a new evaluation criterion. Contractors should immediately add this to their win theme library and begin developing boilerplate compliance narratives. The bid/no-bid decision engine now flags opportunities where semiconductor compliance cannot be certified, preventing pursuit of unwinnable contracts.

4. Proposal Studio Workflow Tracker — Added a new gate in the 9-gate capture process: "Semiconductor Supply Chain Audit Complete" must be checked before Gate 4 (Proposal Development). This ensures compliance verification occurs before resource investment in proposal writing.

Who Needs to Know (Notification Chain):

• Chief Compliance Officer / General Counsel — Immediate notification. Responsible for interpreting the proposed rule, assessing legal risk, and coordinating with outside counsel on comment submission strategy.
• VP of Contracts / Capture Management — Notified within 2 hours. Must assess impact on active pursuits, pipeline opportunities, and existing contract vehicles. Responsible for bid/no-bid recalibration.
• Supply Chain Director / Procurement Lead — Notified within 4 hours. Must initiate supplier audits, identify covered semiconductors in current products, and begin alternate sourcing analysis.
• Engineering / Product Development — Notified within 8 hours. Must assess technical feasibility of redesigning products to eliminate covered semiconductors and estimate re-engineering timelines and costs.
• Business Development / Capture Managers — Notified within 12 hours. Must update capability statements, adjust positioning strategies, and prepare customer communications on compliance roadmap.
• Finance / CFO — Notified within 24 hours. Must model financial impact of supply chain changes, potential contract losses, and compliance investment requirements.

First 48-Hour Playbook:

Hour 0-4 (Immediate Response):

• Executive leadership convenes emergency supply chain security meeting
• Legal team downloads full proposed rule from Federal Register and begins detailed analysis
• Contracts team exports all active opportunities and existing contracts from Cabrillo Signals Intelligence Hub
• Supply chain team initiates inventory of all products/services containing semiconductors
• Communications hold: no external statements until internal assessment complete

Hour 4-12 (Assessment Phase):

• Supply chain team requests country-of-origin declarations from top 20 suppliers
• Engineering team identifies products with highest semiconductor content and Chinese/Russian sourcing exposure
• Contracts team uses Cabrillo Signals Match Engine to identify at-risk opportunities (filter by NAICS 334xxx, 336xxx, 541512)
• Legal team drafts internal compliance assessment memo with risk tiers (high/medium/low exposure products)
• Finance team models worst-case scenario: cost of full supply chain transition by December 2027

Hour 12-24 (Strategic Planning):

• Executive team reviews assessment and establishes compliance task force with weekly cadence
• Supply chain team identifies alternate suppliers (U.S., EU, Japan, South Korea, Taiwan fabrication)
• Engineering team scopes re-design projects for high-exposure products and estimates timelines
• Contracts team updates bid/no-bid criteria in Proposal Studio to require semiconductor compliance certification
• Legal team drafts comment letter for FAR Council submission (due 60 days after publication)

Hour 24-48 (Operationalization):

• Supply chain task force established with defined workstreams: (1) Supplier Audits, (2) Alternate Sourcing, (3) Product Redesign, (4) Compliance Documentation
• Cabrillo Signals Intelligence Hub configured with saved searches for: "semiconductor" + "FAR clause" + affected NAICS codes
• Proposal Studio compliance matrices updated with new semiconductor traceability requirements
• Customer outreach plan drafted: proactive communications to key agency customers on compliance roadmap
• Internal training scheduled for capture managers and proposal teams on new compliance requirements
• 30-day supplier audit deadline established; non-responsive suppliers flagged for replacement

Critical: Treat this as a compliance transformation program, not a one-time policy response. The December 2027 deadline is firm, and agencies will not grant extensions. Contractors who delay action until 2026 will face supply chain bottlenecks as the entire federal contracting base simultaneously seeks compliant components.

Related Compliance Frameworks: This semiconductor prohibition parallels existing supply chain security requirements. Contractors should integrate semiconductor traceability into existing compliance programs documented in the CMMC Compliance Guide (/insights/cmmc-compliance-guide) and CUI (Controlled Unclassified Information)-Safe CRM Guide (/insights/cui-safe-crm-guide). The same audit-ready documentation standards apply.

---