David Crocker looks at the special hoops that must be jumped through before selling software to the US government.
In June 2007, Tony Blair and George Bush signed the US-UK Defense Trade Cooperation Treaty. Although the exact details have yet to be fleshed out, the treaty is designed to speed the export of US dual-use technologies to be used by British defense forces and provide for closer cooperation in defense research. Currently, the US Bureau of Industry and Security (BIS) requires individual licences for each and every export to the British military. I won’t try to defend BIS, except to say that it is probably a slight improvement over its predecessor, the Bureau of Export Administration.
Those of you who’ve ever dealt with BIS (or BXA) have my sincere condolences – it ranks as one of the most brain-dead of all bureaucracies, past or present, and is only exceeded by the Department of Homeland Security. This new treaty comes in the nick of time, as the frustrations expressed by the UK Defence Ministry with US export policy were leading to a serious family row. Let’s hope the US Congress does the right thing and ratifies the treaty without delay. Given the current political environment in Washington, one can only hope.
But let’s talk about the obverse side of the export coin. If you think Washington is obtuse on technology exports, selling IT to Uncle Sam can be slow madness as well. Not only do you have to put up with the whole mechanism of the Federal Acquisition Regulation (FAR) (a Byzantine ordeal in itself) but you probably have to sell your stuff through the reseller market due to the difficulties in going door to door. But the fun really begins when the product or service contains ‘foreign’ content.
Now, let’s think this one over: in a global, outsourced IT industry, everything is bound to have ‘foreign’ content, especially software. Increasingly, software development is moving to contract companies in countries like India and Russia. This is especially true with commodity coding jobs that require few higher architectural skills. In both countries, highly qualified developers can be had for a pittance compared to their UK or American co-religionists. Yet, US law requires the government to spend its trillions on US goods. Anyone in the UK or the US who wishes to sell to the rich Uncle has to reckon with two bad pieces of federal legislation: the Buy-American Act and the Trade Agreements Act.
The Buy-American Act
The BAA, 41 USC §§ 10a-10d, has been around since 1933, when oats were still a popular fuel. The BAA requires Washington to buy for use in the US ‘manufactured articles, materials and supplies’ from US sources unless such articles are not readily available in sufficient quantity in the US. To satisfy the BAA, an ‘end product’ must be manufactured in the US and the cost of the domestic components (or, for Defense Department purposes, qualifying countries’ components) must exceed 50% of the cost of all components included.
Now, the ‘50% requirement’ is not found in the statute, mind you, but in that great repository of bureaucratic insight, the US Code of Federal Regulations, 48 CFR § 52-225-1. The CFR arguably restricts the BAA’s meaning beyond the wording of the statute itself (and this point has been roundly criticized as well as the blatantly protectionist character of the BAA itself). Be that as it may, however, the CFR requires a certificate of compliance for every prime contractor, 48 CFR § 52-225-2. Although subcontractors nominally escape the BAA, to the extent that their contribution to a prime contractor’s end product pushes it below the 50% threshold, the BAA, like excreta in general, does flow downhill.
Fortunately for the world’s geeks, there is some light in a very dark room. For items acquired with monies appropriated by Congress during 2004-2006, there is an exception for ‘information technology’ and ‘commercial items.’ 40 U.S.C. § 11101(6) defines ‘information technology’ for BAA purposes as:
‘ . . . . any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency, if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency that requires the use—
(i) of that equipment; or
(ii) of that equipment to a significant extent in the performance of a service or the furnishing of a product;
(B) includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources; but
(C) does not include any equipment acquired by a federal contractor incidental to a federal contract'.
Ah, there’s nothing like a good statute for a relaxing afternoon, eh? Scintillating prose aside, the exemption does cover just about everything that clicks, whirrs or crashes for no particular reason. And 41 U.S.C. § 403(12)(A), which defines ‘commercial item’, is also a real page-turner:
‘Any item, other than real property, that is of a type customarily used by the general public or by nongovernmental entities for purposes other than governmental purposes, and that—
(i) has been sold, leased, or licensed to the general public; or
(ii) has been offered for sale, lease, or license to the general public’.
But this exception, such as it is, must be written into every successive appropriations bill. The US Defense Department, with a bit of urging from the Information Technology Association of America, pushed through a change to the military version of the FAR or DFARS (Defense Federal Acquisition Regulation Supplement) that would automatically implement any such appropriations exception now and in the future for commercial information technology (71 FR 58539). The ITAA’s letter in June 2006 was a model of politesse, but it still conveyed the essential get-your-head-out-of-your-own-fundament sentiment for which Washington lobbyists are justly famous. When it comes to DoD sales, UK companies have for some time enjoyed an exemption from BAA under the president’s authority to waive the statute for reasons of need and public interest, 48 CFR § 225-872-1.
The Trade Agreements Act
But even if you can skate on the BAA, you must necessarily contend with the Trade Agreements Act of 1979, 19 U.S.C. §§ 2501-2582, if a UK sale to Washington exceeds the current threshold of $193,000.00. Under the TAA and the regulations, 48 CFR § 52.225-5, a supplier has to certify that the end-product sold to Washington (1) is US-made, or (2) originates from a ‘designated country’, ‘Caribbean Basin Country’ or ‘NAFTA country.’ The good news for you lot is that the UK is a ‘designated country’ by virtue of the fact that it is a ‘World Trade Organization Government Procurement Agreement country’. Don’t strain yourself trying to figure this out. Just accept it on faith.
Looking under the bonnet, the same regulations tell us that a ‘WTO GPA country end product’ means an article that:
(1) is wholly the growth, product, or manufacture of a WTO GPA country; or
(2) in the case of an article that consists in whole or in part of materials from another country, has been substantially transformed in a WTO GPA country into a new and different article of commerce with a name, character, or use distinct from that of the article or articles from which it was transformed.
It is the ‘substantial transformation’ element that has the IT industry scratching its head. The UK, like the US, is a top-tier country for the production of finished IT products. And like every other top-tier player, UK IT companies – particularly software companies - source their development work to the lands of borsch and curry. No, neither Russia nor India is ‘designated’ (and trust me, Moscow bears no resemblance to the Caribbean).
While there are a couple of trade cases dealing with hardware (HRL 734518, June 28, 1993 – merely installing a CPU on a motherboard does not ‘substantially transform’ the foreign-manufactured motherboard; HRL 553945, March 5, 1986 – implanting numerous components on a partially completed circuit board results in substantial transformation), they are not very illuminating. In fact, they’re not illuminating at all. And there is literally no guidance at all about the substantial transformation of software. And here’s where the fun begins.
When it comes to figuring out whether code has been ‘substantially transformed’ into a product fit for Washington’s consumption, we’re left with a whole lot of Kentucky windage. For the uninitiated, ‘Kentucky windage’ is an American shooting term that signifies a shooter’s best (and roughly estimated) compensation while shooting in a crosswind. When it comes to hitting this particular bulls eye, that’s about all we have. In the spirit of guesswork, ask yourself the following questions:
First, where is the advanced conceptual work done? Is the architecture designed in the UK? What about the higher-level systems engineering?
Second, where are the specifications written? Programmers work off the specs they are given.
Third, where is the code combined, shaped and QA’ed?
Fourth, is there some important bit of code that’s added in the UK?
Using Kentucky windage, if the first two factors happen in the UK, then you probably have a ‘WTO GPA country end product’ from the outset. If the other two take place in the UK, then you probably have ‘substantial transformation’. When trying to sort out whether there is ‘substantial transformation’ or not, it probably doesn’t come down to the sheer number of lines of code that are added in the UK. Rather, it probably has more to do with the function and quality of the code. Say, for example, you have a package with a million lines of code and you add 100,000 lines that are crucial to the whole, then you may have substantial transformation. If you have a 50-50 split, then you probably would too. But don’t hold me to it.
Bottom line: UK companies (and everyone else who wants to sell to Uncle Sugar) should develop their code with this issue in mind. Essentially, you have to be able to pass the ‘straight faced’ test and develop code in a way that end-runs the TAA. In the final analysis, there’s no ‘bright line.’ You simply have to make an informed judgment call. It doesn’t appear that anyone from BIS is actually running around busting software companies these days, but if they ever do, don’t be the one they catch. When you sell to Washington, you will be required to certify that your product meets the requirements of the TAA.
The reality is that the outsourcing dilemma is becoming more acute and Washington needs the software. It needs a few other things as well, but that’s a subject for another article. Rest assured, however, the Congress, due to hometown pressure, probably won’t be amending either the BAA or TAA anytime soon, so we’re all probably stuck with Kentucky windage for now.
David P. Crocker manages an international law practice in licensing, intellectual property, information technology and business law. He is currently qualified to practice in the United States and England and Wales. He advises United States, United Kingdom and Commonwealth clients in intellectual property, technology and business matters: www.davidcrocker.com