If it Ain’t Broke, Fix it Again: DoD Issues Final Rule Implementing Preexisting Limitation on Federal Contractor Confidentiality Agreements

I’m not sure why Congress tried to fix a problem that already had been fixed, but fix it again they did when they passed section 883 of the fiscal year 2021 National Defense Authorization Act (“NDAA”). That provision directed the Department of Defense (“DoD”) to refrain from awarding contracts to firms that have their employees sign confidentiality agreements that would prevent them from making reports of waste, fraud, or abuse to government officials authorized to receive such reports. DoD has issued a final rule implementing this, which can be found here.

I have to say this “new” rule made me scratch my head because I knew I had seen it before. Indeed, in the Consolidated and Further Continuing Appropriations Act for 2015, Congress passed section 743 which prohibited the award of contracts to contractors with similarly problematic confidentiality agreements.

Following the adoption of the 2015 prohibition, the FAR Council issued new provisions that went into effect in January 2017. Notably, they added a new section 3.909 entitled “Prohibition on contracting with entities that require certain internal confidentiality agreements.” It also added two new FAR contract clauses—FAR 52.203-18 and FAR 52.203-19 that Contracting Officers were required to add to all solicitations, new contracts and/or modifications that used FY2015 (or later) funds.

The “new” rule candidly recognizes that the 2021 NDAA requirement is nearly identical to the already-existent provision and contract clauses in the FAR that already applied government-wide. But, given that there was a new mandate from Congress, they issued a new DFARS provision confirming that it will apply FAR 3.909 and use the aforementioned clauses that (I will point out) it already was using. In other words, there’s nothing to see here folks.

That said, if all you know is the new rule and the preexisting provisions and you don’t regularly use your spare time to read regulatory preambles, you might miss a very important tip that the FAR Council included in its discussion of the rule. This tip, in the form of language that one could include in a confidentiality agreement, was included in the preamble in response to a comment submitted by the ABA Section of Public Contract Law. The comment (authored in part by me and a number of my colleagues in the section) recommended that the new rule include language that could be used in an agreement as a safe harbor. While the Council declined to include the proposed safe harbor language in the rule, they did quote it and state that it would be “appropriate” to use.

Here's the language:

Neither the confidentiality provision contained in the _________ [insert title of agreement, statement, policy], nor confidentiality provisions contained in any existing employment [agreement] or contract with _______ [insert name of contractor] shall be construed to prohibit or otherwise restrict you, as an employee or [sub]contractor of _________ [insert name of contractor] from lawfully reporting waste, fraud, or abuse to a designated investigative or law enforcement representative of a federal department or agency authorized to receive such information under the procurement.

See 82 Fed. Reg. 4717, 4719.

So, if your company, like many others, requires its employees or subcontractors to sign confidentiality agreements or nondisclosure agreements, I would encourage you to give them a look to make sure they don’t run afoul of FAR 3.909 and FAR clauses 52.203-18 and 52.203-19. If they do, your options are to modify them going forward (to add language such as that quoted above) and/or to issue a notice of that any provisions in existing confidentiality agreements that could be viewed as prohibiting reports of waste, fraud or abuse are no longer in effect. See FAR 52.203-19(c).