Import with Care       9

America’s mixed sentiments about economic globalization are fully reflected in the complex set of rules that control the federal government’s procurement of foreign products or services.

The law with greatest relevance to information technology companies is the Trade Agreements Act and thankfully not the Buy American Act.¹ Buy American is a Great Depression legacy—it became law in 1933—and it would eviscerate the federal IT market if not for the fact that it’s pretty much been neutralized.

Buy American Act

Under the Buy American Act (BAA), the government favors the purchase of domestic end products, defined as goods that result from a manufacturing process occurring in the United States and outlying areas and of which more than 50 percent of the component value also originates in the United States and outlying areas.² The component test doesn’t apply to commercial-off-the-shelf items.³ Buy American doesn’t apply to procurements below the micro-purchase threshold, nor to products bought for use outside the United States.⁴

The BAA enforces preference for domestic end products in civilian procurements through a price evaluation penalty for any foreign products offered. The penalty is 6 percent or 12 percent, depending on whether the second-lowest price comes from a large or small company selling domestically made products.⁵ If a large company proposing to sell domestically made products to a civilian agency is directly underpriced by 6 percent or less by a company selling foreign products, the price difference is considered not to exist, letting the large company selling domestic products win.⁶ If the second-lowest-priced bidder happens to be a small business selling domestic products, then the price evaluation penalty for the lowest-price seller of foreign goods is 12 percent. In the Defense Department, the price penalty is a constant 50 percent.

This is stern stuff, which is why over the years a number of exceptions to the BAA have accumulated, including a blanket exception from its strictures for commercial-item information technology.⁷

But even before the implementation of that blanket exception, Congress in the 1970s approved what’s known as the Trade Agreements Act, which trumps the Buy American Act more often than not, while laying down its own set of international trade restrictions.

Trade Agreements Act

The Trade Agreements Act (TAA) comes into effect for federal procurements worth at least a variable threshold, which is typically $202,000 in calendar years 2012 and 2013. What the TAA does is allow the government to buy goods and services worth at least the threshold that originate from designated countries that have agreed to a procurement trade relationship whereby they likewise grant U.S. companies access to an open, competitive government procurement system.

There are exceptions to the TAA access guarantee, the biggest one being for national security systems, which we discuss in the context of foreign ownership, control, or influence (FOCI) later in this chapter. Small business set-asides are also exempt, as we discuss below. So are certain services, which we cover shortly.

The TAA openness guarantee also has a flip side: prohibition. The government cannot buy products and services from nondesignated countries for any procurement worth more than the applicable threshold (we discuss thresholds below).

This can be confusing, since the TAA is both a guarantor of and obstacle to free trade. Today, the most notable nondesignated countries are India, Thailand, Malaysia, the Philippines, and the People’s Republic of China.⁸ (In what amounts to a pretty big caveat, components originating from nondesignated countries that are later made into a new item in a designated country are just fine, thanks to something called substantial transformation, which we cover later in this chapter.)

There are two main ways for a country to gain inclusion under the TAA: sign a bilateral or regional free trade agreement with the United States, or join the World Trade Organization Agreement on Government Procurement (WTO GPA). The most common, mutually open government procurement trade relationship the United States has with other countries is negotiated via the WTO GPA, a club of countries that have agreed to liberalize international access to their government markets.

The federal government treats products and services from member nations the same as products and services from U.S. companies (unless an exception applies) for any federal procurement worth at least a threshold set through the WTO, which is currently $202,000.⁹ The most recent signee of the WTO GPA is Taiwan, which joined in July 2009.

The government also treats countries designated as “least developed countries” and those that are part of the Caribbean Basin Trade Initiative the same as those that have signed the WTO GPA.

Countries with which the United States has a bilateral or regional free trade agreement are likewise guaranteed access to the government procurement market, and the thresholds of their guaranteed access are often lower than the WTO GPA threshold (see sidebar for a list of the countries and their thresholds). Since the Buy American Act doesn’t apply to commercial-item information technology, the thresholds are mostly of theoretical interest to most readers.

Which brings us to the strange case of a dozen services excluded from the WTO GPA and from the guarantee of equal access in some free trade agreements (see Table 9-1).¹⁰

The theoretical effect of exclusion of a service is to simultaneously abrogate the guarantee of foreign company access and lift the prohibition against companies from nondesignated countries because there exists no equivalent for the Buy American Act for services. At first look, this seems somewhat bizarre since many services are those the government would rather not have, say, a Chinese firm perform, such as providing telecommunications network services.

What’s happening with these services is a simple paradox. The government opens wide the theoretical aperture restricting participation by companies from certain countries in order to more tightly snap it shut later on. Removing the prohibition on companies from nondesignated countries from bidding on an exempted service also nullifies the guarantee that designated-country companies will be treated equally to domestic companies. Thus the government can ensure that only U.S. companies qualify to propose—without running afoul of the TAA. In government, it’s often opposite day, where in order to go up, one starts going down until down becomes up.

TAA applicability to GSA schedules and IDIQs

A condition of attaining a General Services Administration (GSA) schedule contract is solemnly certifying to abide by the TAA designated-country list, even if individual orders fall below the WTO GPA threshold.¹¹ GSA’s position is that the collective value of orders will total to a value above all TAA thresholds, therefore rendering a schedule contract subject to the nondesignated country prohibition.

Table 9-1: Services Excluded from or Not Covered by the WTO GPA or Other Government Market Access Guarantees (FAR 25.401(b))

There was a time, not too long ago, when GSA certification was considered pro forma. But in 2005 a few big office-supply companies were hit with successful multimillion-dollar False Claims Act lawsuits for selling the government products from nondesignated countries, so these days the certification is taken seriously.

Other governmentwide or departmentwide acquisition vehicles have similar provisions, but some are different in a key way. Many such vehicles allow sellers to list products from non-TAA countries in their federally approved catalogs, so long as the seller makes it clear where the products originate. That allows agencies to freely buy commercial IT products from nondesignated countries when the order is below the applicable threshold. (Agencies can also buy those products even if the value of the order is above the WTO GPA threshold if the procuring contracting officer signs a nonavailability determination justifying it, although that rarely happens.)

Domestic Preferences for Defense Department Contractors

The Defense Department (DoD), thanks to an especially intense and complicated relationship to the private sector, has the most complex, and in places most stringent, set of rules regarding domestic product preferences. Where civilians mess around with mere 6 or 12 percent price penalties in applying the Buy American Act, Defense assigns a 50 percent price penalty to foreign-made products.¹²

Thankfully, apart from the national security strictures applicable to classified work (and relevant not just to DoD contractors but to classified work at any federal agency), most readers of this book can safely conduct business without being tormented by Defense-specific domestic preferences. The Buy American exception for information technology applies equally to DoD contracts. And while it’s true that the Pentagon has carved out exceptions for itself from the TAA, such carve-outs don’t include information technology.¹³

Also thankfully, the most mind-twisting domestic preference of them all—a DoD restriction on the country of origin of certain specialty metals, including steel—doesn’t apply to information technology. Manufacturers of aircraft, missile and space systems, ships, tanks and automotive items, weapons systems, and munitions do have to grapple with this preference, but thanks to the IT exception, electronic components—not just commercial-item components, but all electronic components—within those systems are exempt from metal country-of-origin requirements (unless the Pentagon classes a component as critical to national security).¹⁴

After having loosened up restrictions on foreign-made products, Defense is starting to worry about the extent to which manufacturing has become globalized. While it is not reacting by reverting to domestic preferences, the Pentagon is nonetheless adding conditions regarding the purchase of some products manufactured abroad. See the section about supply chain management later in this chapter for more.

Determining Country of Origin of a Product or Service

For all of the international trade treaty language floating around, you might think that determining the country of origin of a product or a service would be a settled matter. But, of course, it’s not.

For services, country of origin is based on where the company is “established.”¹⁵ If that seems vague, it is, especially in an era when a company can be headquartered almost anywhere. Origin of services emphatically does not depend on where services are performed, so some federal contractors have indeed headquartered themselves in the United States while making use of offshore workers in nondesignated countries. The regulations are silent on whether those workers need to be fully fledged employees or whether they can merely be independent contractors. Some acquisition officials told us they’ve sought clarification from the U.S. Trade Representative about what constitutes country establishment, only to be rebuffed.

Outsourcing workers to nondesignated countries for government work is a marginal activity, even if current regulations appear to allow it (except for anything related to a national security system, of course). Many services contracts require personnel to be located within a government facility. And, outsourcing to a nondesignated country is unpopular, carrying the risk of low customer satisfaction and a bad past performance evaluation.

For products, country of origin for purposes of government procurement hinges on the concept of substantial transformation, should that product contain components made in more than one country.¹⁶ For a product to be substantially transformed, an article, or collection of components, must be made into a new and different article having a distinctive name, character, or use.¹⁷ If a product is wholly the output of a single country, the substantial transformation test doesn’t apply—but complex products are rarely pure in that way.

Nowhere in the Federal Acquisition Regulation (or the Defense supplement) is there guidance or examples of what constitutes substantial transformation. However, about a century’s worth of substantial transformation case law and administrative decisions have established guidelines. Factors include time and resources expended on product design and development, the extent and nature of post-assembly inspection procedures, and worker skill required during the actual manufacturing process.

Whenever a device is coded into something that changes or defines its use, it has typically undergone substantial transformation.¹⁸ In a touchstone decision from the early 1980s, the U.S. Court of International Trade ruled that a programmable read-only chip uploaded in the United States with software developed in the United States is a U.S. country-of-origin product, despite the chip itself being a foreign product.¹⁹

During hardware manufacturing, separate components should lose their separate identity to become integral parts of a new article.²⁰ A motherboard missing a central processing unit chip, for example, is not substantially transformed by the insertion of a third-party manufactured CPU.²¹ A CPU-less motherboard is merely a motherboard with a missing component.

Customs and Border Protection final determinations

If asked, there is a federal agency that will issue a decision on whether your product has been substantially transformed, and that’s Customs and Border Protection (CBP), a component of the Homeland Security Department.²²

Two main types of CBP country-of-origin judgments exist. There are transactional rulings, which the agency issues for purposes of import duty calculation; when asked for in advance, they’re prospective rulings because the act of importation is, well, prospective.

More important for readers are final determination rulings, which are judicially reviewable decisions issued by CBP in response to a written request for a binding ruling on where substantial transformation has taken place for purposes of government procurement. By binding, CBP means binding on the company—other government agencies aren’t compelled to accept CBP final determinations.

In some cases, CBP might issue a nonbinding advisory ruling when asked to come up with a final determination. Advisory rulings simply reiterate well-established law or interpretation; they don’t apply to particular circumstances. CBP will issue one if it becomes apparent that an application for a final determination doesn’t supply enough information or otherwise suggests that general information is in fact what’s being requested.

For the most part, it’s up to companies to initiate a CBP ruling. CBP doesn’t tackle areas of substantial transformation ambiguity on its own. Interested parties go to CBP for prophylactic reasons, mostly out of concern that their products will be challenged as noncompliant with the TAA. Should you feel compelled to get a CBP ruling, consult a trade attorney before doing so, since a negative ruling would immediately halt your government business. The only reason to go to CBP is to get a favorable decision.

Given the large role software plays in determining country of origin, you might be wondering how CBP assesses country of origin for something as intangible as software. Does it consider locally based project management of foreign coders to be sufficient? Or should all of the design and execution occur within one country? Can at least some modules be programmed abroad? How many foreign-programmed modules are acceptable?

CBP officials ask the same questions, and maybe one day they will have answers to them; currently, the organization doesn’t know. No software firm has gone to CBP for a final determination.

When asked to rule on importation of software for customs duty purposes (a different kind of CBP decision from government procurement final judgments), CBP has treated software as a matter of the medium on which it’s delivered. Software, when imported on a CD-ROM, is considered just a CD-ROM for customs purposes, and software modules downloaded from abroad via the Internet are duty-free.²³ Customs duty rulings probably would have no effect on a government procurement final determination ruling, however.

The current haze of uncertainty has permitted at least one software salesman, as he told us, to circumvent an agency’s probably improper requirement for domestic software by burning his foreign-coded application onto U.S.-made compact discs.

Although the current state of ambiguity regarding country of origin suits most vendors, the DoD in particular has been increasingly unhappy with it when it comes to national security systems. Given that it can’t depend on CBP to demarcate clear limits on the extent to which software can be programmed abroad and yet be considered a domestic product, DoD has acted with Congress’s help to impose its version of order on its suppliers’ hardware, software, and firmware outsourcing habits. The oversight DoD has moved to implement is premised not so much on the country of origin of a product per se but in cybersecurity practices undertaken while producing them. Given that, we’ll defer a full discussion for the section on supply chain management.

“Made in USA”

There’s no law that requires domestic IT products for sale inside the United States to be labeled “Made in USA.” Automobile parts, and textile, wool, and fur products, yes—but computers or software packages? No.

Companies that do affix such a label onto anything other than clothes and cars do so for marketing purposes only. The Federal Trade Commission (FTC) regulates when it’s permissible to do so. Unlike the CBP, the FTC doesn’t review country-of-origin claims in advance. But companies and individuals who falsely label products can be banned from the federal market.

In order for the FTC to agree that a product has been “Made in USA,” it must be “all or virtually all” from the United States.²⁴ That means that all significant parts and processing should be completely of U.S. origin. Foreign content should be negligible. It’s certainly possible that a product the CBP considers to be substantially transformed in the United States would be ineligible for a “Made in USA” label.

Domestic Preferences for Small Business Set-Asides

Only American products and services made by U.S.-based companies are permitted under small business set-asides, no matter the value of the procurement.²⁵ The Small Business Administration (SBA) can so decree because the Trade Agreements Act specifically excludes small business set-asides from its scope.²⁶ As we’ve seen, exemption from the TAA removes the international guarantee of access, allowing the government to be open to being closed. (There is a small exception to this rule known as the nonmanufacturer rule that we discuss in Chapter 11.)

Because little is as simple as it could be in government procurement, the SBA relies on its own definition of what constitutes U.S.-based companies and U.S.-made products, independent of the substantial transformation standard.

Small business set-aside products must be “manufactured” in the United States or its outlying areas.²⁷ A manufacturer, according to the SBA, is a firm that with its own forces “transforms inorganic or organic substances including raw materials and/or miscellaneous parts or components into the end product.”²⁸ A manufactured end item “must possess characteristics which, as a result of mechanical, chemical or human action, it did not possess before the original substances, parts or components were assembled or transformed.”²⁹

Hardware firms whose products primarily consist of components—such as motherboards, memory chips, and storage—must install at least 51 percent of the total value of the end item.³⁰ When one firm adds parts or components to an existing item in cases where the original manufacturer itself does those same modifications in its own facilities, the copycat firm isn’t considered a manufacturer by the SBA.

A similar prohibition applies to services companies: services must be performed by U.S.-based companies.

Foreign Ownership, Control, or Influence

The federal government naturally has concerns about foreign companies conducting work that involves national security systems. It even has an acronym for companies deemed potentially distant from U.S. national interests: FOCI (pronounced fo-kai), meaning that they’re under foreign ownership, control, or influence.

A FOCI company is ineligible for a contract that requires personnel with security clearances or a secure company-owned facility where classified information can be seen and discussed without fear of unauthorized dissemination.

It takes only a small foreign presence in a company to arouse the suspicion of the Defense Security Service (DSS), the Pentagon agency that handles FOCI matters on behalf of the entire federal government. A foreign entity having completely indirect, unexercised, miniscule amounts of power over company operations can be enough for the DSS to classify a company as a FOCI organization. Foreign ownership greater than 5 percent or a voting interest greater than 10 percent are thresholds at which DSS is guaranteed to have its interest piqued regarding the internal governance structure of a company. And the more the U.S. government dislikes the government of a foreign owner, the more likely DSS is to find evidence of FOCI.

In fact, a company can be completely American-owned and still be classed as FOCI, should DSS determine that it is overly indebted to foreign sources, has contractual arrangements with foreign companies, or even depends too much on foreign sales.

A company classed as FOCI need not necessarily retreat from the national security market. DSS permits companies to mitigate foreign influence, the severity of the mitigation depending on the extent of foreign presence. FOCI arising from matters other than ownership are dealt with in a straightforward way. For example, if the problem is too many foreign sales, DSS will tell the company to diversify. If the problem is foreign indebtedness, the company will have to settle the debt.

With foreign ownership, matters are a little more complicated. Mitigation requires at the very least the identification of foreign shareholders. Where that’s not possible, for example with hedge funds that refuse to disclose investor identity, the DSS may not permit mitigation.

Possible mitigation measures against FOCI

A company classed as FOCI may have several options available to it.

Board resolution

If a foreign interest lacks enough heft to elect company board members, it might be enough for the board to pass a resolution certifying that the foreign owner shall not have access to classified or export-controlled information.³¹ The resolution must identify foreign shareholders, and the company must annually recertify that the resolution remains in effect and is effective. The export of defense-related and dual-use goods and services is controlled by two regulations known as the International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR). A discussion of those regulations is beyond the scope of this book, but companies with foreign operations or contracts should be aware of them, since technical data counts as an export. The agency in charge of administering ITAR is the State Department; the Commerce Department handles EAR.

Security control agreement

When a foreign interest doesn’t effectively own or control a company but is nonetheless entitled to representation on the company board, the company can mitigate matters by executing a security control agreement (SCA).³² Under it, the company must appoint at least one U.S. citizen as an outside director to the board and giving that director chairmanship of a government security committee charged with safeguarding classified information. In addition, the board must pass a resolution to the effect that foreign shareowners will be isolated from classified information. Also, the company must submit a technology control plan that prohibits unauthorized disclosure or export of controlled unclassified information. SCAs require annual reviews and certifications.

Special security agreement

A company outright owned or controlled by a foreign interest can sign a special security agreement (SSA) in which it appoints a separate board to oversee classified business.³³ This board must have three outside directors who are U.S. citizens, one or two representatives of the parent company who don’t have a security clearance, and one or two U.S.-citizen company officers who do have a security clearance.

The company must also set up a government security committee, and also file a technology control plan and an electronic communications plan in which it clearly defines which networks will be shared with the foreign parent. Under an SSA, classified business units can share parent electronic communications infrastructure, provided that none of the shared networks are used for purposes pertaining to classified work. The scope of the electronic communications plan covers telephones, teleconferencing, video conferencing, faxes, mobile devices, emails, and server access.

In addition, in order for a business unit with an SSA to gain access to any classified information stronger than “secret,” a government program manager (or nearest equivalent) must sign a national interest determination (NID). A NID is required for each separate program for which the company becomes a contractor, and possibly for each individual contract. Such determinations aren’t rare, though sometimes take a while to conclude.

SSAs are the second most common mitigation type—the most common is a board resolution—and they often suffice. SSAs last ten years and require annual review and certification.

Voting trust or proxy agreement

When the government wants to be particularly strict when working with foreign-owned or controlled companies, it requests that the foreign owners essentially relinquish their rights associated with ownership. Ownership without much of the responsibility is the end result of having signed a voter trust or proxy agreement.

Voting trusts and proxy agreements are practically indistinguishable; the upshot of both is that a foreign company must create a U.S. company structured and financed in a way as to be viable on its own, independent of foreign investors.³⁴ That means creating an independent board with no foreign representation and no shared infrastructure. The only things the U.S.-citizen-run business unit can’t do are sell assets, make encumbrances on the capital stock, merge with another company, dissolve itself, or file for bankruptcy. On the plus side, program officers of the U.S. company aren’t compelled to sign a national interest determination since there is no foreign influence left to mitigate. (The U.S. company must nonetheless file a technology control plan and an electronic communications plan.) Voting trusts and proxy agreements both last a maximum of ten years and also require annual review and certification.

The Committee on Foreign Investment in the United States

Any time a company undergoes a material change in ownership—for example, if foreign ownership now exceeds 5 percent—companies must report the change to the DSS. In addition, proposed mergers, acquisitions, and takeovers of U.S. businesses are subject to review by the Committee on Foreign Investment in the United States (CFIUS, pronounced see-fi-us).³⁵ The committee is chaired by the Treasury Department.

Technically, a CFIUS review is a voluntary review instigated by U.S. companies before consummation of business deals that involve significant new foreign ownership of a company involved with matters that impact national security. In reality, it’s voluntary the way paying your electricity bill is voluntary—you are free not to pay it so long as you don’t mind the dark. The president of the United States has executive powers to unilaterally block proposed mergers for national security purposes and also to seek court-ordered divestiture of completed acquisitions in cases where companies didn’t ask for a CFIUS review.

Companies involved in a CFIUS transaction should concurrently notify the DSS of the proposed deal. Should a merger be finalized before DSS has arrived at a new FOCI mitigation plan, then the service revokes the company’s security clearance until the new plan is ready.

Supply chain management

Because substantial transformation allows components manufactured anywhere on earth to end up in final products used in all manner of systems, and because counterfeit items have been discovered inside federal agencies, the government is increasingly apprehensive about the supply chain practices of its vendors.

In 2012, Congress enacted a requirement requiring the Defense Department and its contractors and subcontractors to buy whenever possible electronic parts from “trusted suppliers,” defined as original equipment manufacturers (OEMs), authorized dealers, or resellers that buy parts from OEMs or authorized dealers only.³⁶ The Pentagon is supposed to maintain a list of which companies qualify as trusted suppliers. The law also says defense contractors can put together their own list of trusted suppliers, but in doing so, they court the risk of an audit on the process they went through to do so.

In addition, contractors or subcontractors must notify Defense in writing within 60 days if they become aware or even have reason to suspect that DoD has bought counterfeit electronics. So long as the company writing the report made a “reasonable effort” to detect counterfeit parts on its own, the law says it shall not be subject to civil liability. But if a contractor repeatedly fails to detect counterfeit electronics, it is subject to possible debarment.

In 2011, Congress gave the Pentagon the power to exclude companies from national security system procurements (as a prime or subcontractor) on the basis that their supply chain introduces the potential for an adversary to subvert the “design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of the system.”³⁷

The law allows the Pentagon to notify other federal agencies subject to the same or similar supply chain risk. Such exclusions are typically meant to stay confidential. The flip side to confidentiality is that such decisions are final and not reviewable by the Government Accountability Office (GAO) or the Court of Federal Claims (or any court).

What effect federal scrutiny over the commercial supply chain will ultimately have on government vendors is difficult to predict as of this writing. A spasm of Sinophobia in 2006 led by Rep. Frank Wolf (R-Va.) prevented the State Department on security grounds from using purchased Lenovo computers in its classified network, despite the fact that the machines were made in North Carolina. Lenovo is based in China and the Chinese Academy of Sciences, a Chinese government agency, owns about 27 percent of it. (Public shareholders account for about 50 percent and private equity for most of the balance.) But the fact—and fear—of Chinese-linked parts in commercial IT isn’t about to go away.

At a minimum, both hardware and software companies can expect the government to more firmly insist on chain of custody controls, testing, and authentication through manufacturing and distribution and into the government’s supply chain.

Final Note

The line between an unacceptable and acceptable foreign or domestic product made with foreign parts isn’t a scientific one—and with services, the line can be even more imprecise. In fact, federal officials themselves have tripped over it.

In May 2011, GSA issued a request for quotations for cloud-based email, office suite applications, and records management services, stating that data centers, if located outside the United States, had to be located in a TAA-designated country. A few months later, GAO issued a protest decision telling GSA to recompete the solicitation, since the criteria by which the TAA establishes the country of origin of a service depends (as we’ve seen) on where the services company itself is established, not where the service is performed. In seeking to purchase computing capacity as a service, GSA lost the ability to specify the location of data centers without a compelling reason to do so, the GAO said.

International trade law in real life is messy, in other words. Unfortunately, there’s little else to do except grapple with the regulations, since the only thing that could fully resolve the ambiguity within them would be for America to stop being ambiguous about world trade. And short of our becoming an autarky or totally eliminating trade barriers, that will never happen.

ENDNOTES

1. 41 USC 10a-10d, codified into the FAR as 25.1-25.2 25.2 and into the DFARS at 225.1-225.2.

2. Outlying areas of the United States are Puerto Rico, the U.S. Virgin Islands, American Samoa, Guam, and the Northern Mariana Islands.

3. FAR 25.101(a) and DFARS 252.225-7001(a).

4. FAR 25.100(b).

5. FAR 25.105.

6. FAR 25.502(d).

7. FAR 25.103(e).

8. Contracting officers can override the Trade Agreements Act prohibition by finding that offers of goods or services from designated countries are either “not received or are insufficient to fulfill the requirements” (FAR 25.403(c)). This nonavailability determination override allows contracting officers to buy products from a country outside the Trade Agreements Act umbrella—although the override is rarely exercised.

9. All of the dollar thresholds referenced in this section are reviewed about every two years by the U.S. Trade Representative (USTR) so that new trade thresholds become effective during even-numbered years. There’s usually a few months’ lag between when the USTR updates the dollar amount and when new amounts become active in federal procurement regulations, which is typical federal government behavior.

10. FAR 25.401(b).

11. FAR 52.225-6.

12. DFARS 225-105.

13. DFARS 225.401-70.

14. U.S. Department of Defense. Defense Procurement and Acquisition Policy. Class Deviation—Implementation of New Specialty Metals Restriction. DARS Tracking Number, 2008-O0002. January 29, 2008.

15. FAR 25.402(a)(2).

16. FAR 25.003.

17. FAR 25.001 (c)(2).

18. U.S. Customs and Border Protection. Office of International Trade. HQ H090115. August 2, 2010.

19. Data General Corporation v. United States. Slip Op. 82-93. Court of International Trade. October 29. 1982.

20. U.S. Customs and Border Protection. Office of International Trade. HQ 559255. August 21, 1995.

21. U.S. Customs and Border Protection. Office of International Trade. HQ 734518. June 28, 1993.

22. In 2008, CBP tried doing away with the substantial transformation test in favor of another method for determining country of origin called tariff shift. Pushback from industry was so strenuous that the proposal was buried somewhere near Jimmy Hoffa’s corpse. That’s not to say that tariff shift won’t rise, zombie-like, again, since the tariff shift methodology is used to calculate import duty payments for about 40 percent of all U.S. imports, including all of those from Canada and Mexico.

23. U.S. Customs and Border Protection. Office of International Trade. N013471. July 16, 2007; U.S. Customs and Border Protection. Office of International Trade. HQ 114459. September 17, 1998.

24. U.S. Federal Trade Commission. Enforcement Policy Statement on U.S. Origin Claims. December 1997.

25. “American” includes outlying areas of the United States, including Puerto Rico and others listed in note 2.

26. FAR 25.401(a)(1).

27. FAR 19.102(f)(1).

28. FAR 19.102(f)(1).

29. 13 CFR 121.406(a)(2).

30. Ibid.

31. U.S. Department of Defense Defense Security Service. National Industrial Security Program Operating Manual, DoD 5220.22-M. February 28, 2006. Section 2-303(a).

32. Ibid. Section 2-303(c)(1).

33. Ibid. Section 2-303(c)(2).

34. Ibid. Section 2-303(b).

35. Ibid. Section 2-310.

36. National Defense Authorization Act for Fiscal Year 2012. P.L. 112-81. December 31, 2011. 818.

37. Ike Skelton National Defense Authorization Act for Fiscal Year 2011. P.L. 111-383. January 7, 2011. 806.