chevron-down Created with Sketch Beta.

The Business Lawyer

Winter 2023/2024 | Volume 79, Issue 1

Updates to the Defense Federal Acquisition Regulation Supplement

Joy Momin


  • Effective June 2, 2023, all federal government devices are prohibited from downloading TikTok due to security concerns.
  • The DFARS has been updated to clarify the definition of technical information and other terminology.
Updates to the Defense Federal Acquisition Regulation Supplement

Jump to:

The Federal Acquisition Regulation (FAR) is the set of rules and procedures that govern how agencies of the federal government buy goods and services. Published by the General Services Administration, FAR is updated on a regular basis, covering solicitation and award procedures, contractual performances, and dispute resolution concerning federally contracting businesses.

Effective as of June 2, 2023, all information technology devices employed in the carrying out of federal business, including the devices employed by a contracting business and its employees, are prohibited from downloading the short-form entertainment video platform, TikTok, and subsequent successor applications from TikTok owner, ByteDance, absent a granted exception.

The government concluded that TikTok poses a security risk because it is owned by a Chinese company and that the Chinese government could access user data. The government also concluded that TikTok has not been transparent about its data collection practices and that it has not been responsive to governmental requests for information. TikTok denied that it is a security risk and affirmed that it will comply with the ban. The company noted that it was in talks with the U.S. government to address the security concerns.

The Defense Federal Acquisition Regulation (DFARS) is a supplemental set of regulations that govern how the Department of Defense (DoD) acquires goods and services. Prescribing tailored requirements in cybersecurity, intellectual property, and foreign contracting, the DFARS—compared to the FAR generally—provides more stringent requirements, such as contractor ethics and conduct. With the DFARS continually receiving updates, DoD business contractors should remain in compliance with changing provisions. Below are the DFARS updates relevant to business contractors in the fields of information technology, and more specifically cybersecurity, effective January 31, 2023.

  • The definition of “Technical Information” where specifying technical data and computer software has been updated to “Other Than Commercial Products and Commercial Services” from “Non-Commercial Items.”
  • The DFARS clarified the change from “items” to “products and commercial services.”
  • The term “COTS” was revised to “commercially available off-the-shelf ” regarding subcontracts entered under NIST requirements.

The new definition of “technical information” is broader and includes technical information that is developed or used in connection with government contracts, as well as technical information that is developed or used in connection with research and development activities. The change in the terminology is significant because it clarifies that the government now has more control over the use and disclosure of technical information, as opposed to previous non-commercial items broadly. In practice, previous subcontractor and personally employed information technologies may fall within the scope of technical information if not under an exception. All other rules of law stand.