The National Defense Authorization Act (NDAA), the federal government’s annual defense funding, continues to evolve since it was signed into law in 2018 with regard to procuring electronic parts, products and services of certain Chinese semiconductors. As the law expands, systems integrators need to understand the effects of NDAA on the video surveillance equipment, systems and services they select and the suppliers they do business with.
The 2023 NDAA includes Section 5949, with new rules and regulations relating to the procurement of these parts, although exact definitions are still being decided. The updated law also bans federal contracting with any entity that procures or obtains these components or parts from the specific manufacturers and their subsidiaries, affiliates or successors.
“There’s still lack of clarity for many installers and contractors, as well as end-users, many of whom incorrectly assumed that NDAA compliance only impacts federal institutions,” said Jason Burrows, sales director at IDIS America, Coppell, Texas. The initial NDAA grace period has ended, and was quickly followed by the Federal Communications Commission’s (FCC) Secure Equipment Act with similar restrictions.
“These rulings make it imperative that electrical contractors implement NDAA-compliant cameras, recorders and video management solutions that meet security, safety and operational needs while ensuring they still deliver the best value for their customers,” Burrows said.
NDAA regulations encompass an organization’s new contracts and the renewal and extension of existing ones, he said.
“They also apply regardless of whether the contractors utilize cameras and other associated surveillance equipment for government contract work, whereby if companies are selling and installing unlawful equipment in a local convenience store, this makes them noncompliant for other initiatives that involve federal dollars,” he said.
That’s particularly important for electrical contractors that win surveillance projects through partnerships with IT, other security integrators or construction firms, he added, and companies will begin asking for evidence of compliance and assurances they are working with trustworthy service providers, supply chains and manufacturers.
Background and evolution
In 2019, the NDAA included Section 889, a prohibition on federal agencies and federal grant recipients from procuring certain Chinese telecommunications and video surveillance equipment. Section 889 restrictions went into effect in August 2020, prohibiting federal grant recipients from obtaining telecommunications equipment produced by Huawei Technologies Co. or ZTE Corp. (or any subsidiary or affiliate).
Additionally, video surveillance and telecommunications equipment produced by Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. or Dahua Technology Co. (or any subsidiary or affiliate) used for public safety, security of 16 government facilities, physical security surveillance of critical infrastructure and other national security purposes is prohibited equipment under Section 889.
“These surveillance systems were found to have cybersecurity vulnerabilities, which can easily be exploited by bad actors. In addition, there’s concern that back doors can be detected and used for nefarious purposes by the People’s Republic of China—not only in federal facilities, but to monitor and observe American citizens in offices and public spaces for corporate espionage and other intelligence gathering purposes,” Burrows said.
Another compelling reason for contractors to check the surveillance systems they specify is that unlawful security equipment is now covered by the Secure Equipment Act. This legislation prohibits the FCC from reviewing or issuing new equipment authorizations to companies on its “covered list” of organizations with equipment considered a threat to national security.
Compliance at the manufacturing level
With NDAA Section 889 as a precedent—where the ban on specific Chinese companies shifted to adjacent industries outside the initial scope—it is probable that the ban on Chinese semiconductors, semiconductor products and services identified in Section 5949 will follow the same path, said James Marcella, director of industry associations at Axis Communications Inc., Chelmsford, Mass.
“Since the burden of compliance falls on the integrator, as well as the costs associated with replacing noncompliant product, system integrators should begin auditing manufacturers—specifically the products they currently supply, or intend to supply to the government,” he said. “As the government’s definitions and requirements for Section 5949 become clearer—and the five-year grace period concludes with the law taking effect—integrators should consider mitigating risk by adding language to their supplier contracts that mandates compliance at the manufacturing level.”
“All organizations that already benefit from or are looking to seek federal funding, grants and loans need to ensure their video surveillance equipment is compliant,” Burrows said. “If not, and they are in receipt of any type of federal funding, they may face legal action, including fines and penalties.”