NDAA contracting requirements on telecoms and video surveillance

If your business engages with US contracts, you may have encountered clauses prohibiting the use of telecommunications or video surveillance equipment and services from companies like Huawei, ZTE, Hikvision, Dahua, or Hytera. These provisions are not incidental—they reflect critical legal, regulatory, and security imperatives driven by the National Defense Authorization Act (NDAA). Let’s explore the NDAA contracting requirements on telecoms and video surveillance.

Understanding the legal framework

The NDAA, particularly Section 889, establishes restrictions on procuring and using certain telecommunications and surveillance equipment by federal agencies and their contractors. This legislation aims to mitigate risks associated with:

1. National security threats: Companies like Huawei and ZTE are suspected of ties to foreign governments, potentially enabling espionage or cyber threats through their technologies.
2. Cybersecurity vulnerabilities: Equipment from these entities is seen as susceptible to manipulation, posing risks to data integrity and privacy.

Additionally, the NDAA prohibits procurement from companies that provide covered semiconductor products or services to banned entities like Huawei. This includes semiconductors, manufacturing equipment, and design tools, with limited waivers for critical national security purposes.

Why flow-down clauses matter

US companies involved in federal contracting often include “flow-down” clauses in their agreements to ensure compliance across their supply chain. These provisions require subcontractors, suppliers, and partners to adhere to the same restrictions, protecting the integrity of federal projects. Even businesses not directly engaged in federal contracts benefit from adopting such clauses by mitigating:

• Compliance risks: Avoiding unintentional violations when serving federal clients.
• Reputational harm: Aligning with trusted vendors and secure supply chains.
• Geopolitical complexities: Addressing challenges related to US-China relations and trade policies.

For example, Section 848 of the NDAA requires the Department of Defense (DoD) to develop policies incentivising contractors to monitor their entire supply chain for vulnerabilities and noncompliance risks, a practice known as “supply chain illumination”.

Export controls and broader sanctions

Beyond the NDAA, the US Department of Commerce’s Entity List imposes additional restrictions on collaborations with several of these companies. The NDAA’s provisions also complement efforts like the Federal Data Center Enhancement Act, which ensures secure and reliable operations for federal systems.

The American Security Drone Act further prohibits the use of unmanned aircraft systems manufactured by entities associated with foreign adversaries, with exceptions only in highly specific cases. These measures underscore the emphasis on mitigating risks across all sectors.

What this means for your business

For companies operating under these contractual obligations, compliance is non-negotiable. Failing to adhere to these requirements can lead to:

• Contract termination.
• Financial penalties and liability.
• Reputational damage that can affect future opportunities.

To mitigate these risks, businesses must perform thorough supply chain reviews, assess vendor risks, and implement robust compliance practices. Emerging requirements, like those targeting AI technologies, generative AI watermarking, and cybersecurity readiness, add further complexity to the compliance landscape.

How ITLawCo can support you

At ITLawCo, we understand the challenges of navigating complex regulatory landscapes. Our expertise lies in aligning your operations with legal requirements while safeguarding your interests. Our services include:

1. Contract review and drafting: Ensuring agreements meet all regulatory standards.
2. Supply chain risk assessments: Identifying and addressing vulnerabilities in your vendor relationships.
3. Regulatory compliance advisory: Offering tailored guidance on NDAA and related laws.
4. Training and education: Empowering your team to understand and manage compliance obligations effectively.
5. Technology-specific compliance strategies: Addressing unique challenges in areas like AI, semiconductors, and emerging technologies.

Don’t let regulatory complexity hold your business back. Contact ITLawCo today to ensure your contracts, supply chain, and operations are secure, compliant, and ready for growth.