By Douglas Brent, KY APEX Accelerator Procurement Consultant
This article was originally published in our monthly KY APEX Accelerator Newsletter. If you have any questions about this topic, your KY APEX Accelerator consultant is here to help! Not a client? Sign up here.
If you’re not an active TikTok user, you’ve probably heard about it. A seemingly irresistible social media phenomenon, TikTok has amassed more than a billion users worldwide in only a few years. Implemented via a mobile app, TikTok enables users to create short videos enhanced with music and a variety of special effects. In some ways, TikTok is comparable to other social media platforms such as YouTube, Instagram, Facebook and X/Twitter, yet it has surpassed most of them in popularity.
As The New York Times explained during the pandemic, when usage of the app exploded, “TikTok might be rewiring entertainment, giving the next generation of activists new ways to tell stories and challenging the global internet order.”
However, TikTok is more than just another benign recreational pursuit for the screen-addicted. It has spawned a wave of controversy in the United States and other countries, including explicit regulatory activity with a direct effect on government contracting. In this article, we’ll take a dive into whether you can keep enjoying TikTok and working as a federal contractor.
TikTok has spawned regulatory action in the U.S. as far back as 2019. That year, the company (then known as Musical.ly) agreed to pay a $5.7 million fine by the Federal Trade Commission for violating the Children’s Online Privacy Protection Act, which limits the types of information online services can collect from children under thirteen years of age. After this controversy, regulators and lawmakers began to express concerns about the Chinese ownership of the company, with many arguing that the TikTok app was essentially a data-mining operation for the Chinese Communist Party.
TikTok is owned by ByteDance Ltd., a privately held company headquartered in Beijing, China. ByteDance, like all technology companies doing business in China, is subject to Chinese laws that require companies operating in the country to turn over user data when asked by the Chinese government. For this reason, its growth in popularity led to increasing scrutiny by the U.S. government as a potential privacy and security risk to U.S. citizens.
Among U.S. government agencies expressing cybersecurity concerns about TikTok is the Federal Bureau of Investigation. FBI Director Christopher Wray testified in 2022 that Beijing could use the app to "control software on millions of devices," giving it the opportunity to "technically compromise" those devices.
The Federal Communications Commission, which has undertaken several regulatory actions to limit Chinese-owned companies from exploiting access to U.S. telecommunications infrastructure, has weighed in on the issue as well. One Commissioner has claimed TikTok surveils the U.S. military, while noting “multiple U.S. military branches have banned TikTok from government-issued devices due to national security risks, including the Navy, Army, Air Force, Coast Guard and Marine Corps.”
This groundswell of concern about TikTok led to a direct impact on federal contracting. In December 2022, Congress passed the “No TikTok on Government Devices Act” within an Appropriations Bill (Pub. L. 117-328). The Act required the Director of the Office of Management and Budget, in consultation with the Administrator of General Services, the Director of the Cybersecurity and Infrastructure Security Agency, the Director of National Intelligence and the Secretary of Defense, to develop standards and guidelines for the removal of TikTok from government devices. This statutory change triggered regulatory action affecting TikTok users who are not using government devices but are involved in government contracts related to “Information Technology” as defined under federal law.
The Office of Management and Budget issued guidance in February 2023 to prohibit the presence or use of a “covered application,” i.e., TikTok, on information technology, including certain equipment used by federal contractors. This prohibition applies to the presence or use of a covered application on any information technology owned or managed by the federal government, or on any information technology used or provided by the contractor under a contract, including equipment provided by the contractor’s employees, unless an exception is granted. FAR Subpart 4.2202 codifies this prohibition, and the FAR has been amended to include the restrictions in contract clauses (see FAR 4.2203).
In June 2023, FAR 52.204-27(b) was added to explicate the restrictions affecting federal contractors. Under the rule, “the Contractor is prohibited from having or using a covered application on any information technology owned or managed by the Government, or on any information technology used or provided by the Contractor under [the] contract, including equipment provided by the Contractor’s employees; however, this prohibition does not apply if the Contracting Officer provides written notification to the Contractor that an exception has been granted in accordance with OMB Memorandum M-23-13.”
These restrictions also flow to subcontracts, per FAR 52.204-27(c).
So, as a federal contractor, may you use TikTok?
Maybe. In the Federal Register summary of the interim rules published by the Department of Defense, the General Services Administration and the National Aeronautics and Space Administration, the agencies state: “This prohibition applies to devices regardless of whether the device is owned by the Government, the contractor, or the contractor's employees (e.g., employee-owned devices that are used as part of an employer bring your own device (BYOD) program).” But the notice further explains that “a personally-owned cell phone that is not used in the performance of the contract is not subject to the prohibition.”
If, as a federal contractor, you use a mobile device in any aspect of contract performance, including something as common and simple as responding to emails from a contracting officer, do not install the TikTok app on that device, and advise employees and subcontractors about the explicit prohibition in the FAR. If you can’t resist the viral lure of TikTok, you may need to buy another phone!
If you need support in understanding and navigating the regulations mentioned in this article, please reach out to your KY APEX Accelerator procurement consultant. You can also request assistance from our team by contacting us at kyapex@kstc.com or by registering as a client on our website.