Background
The Federal Acquisition Regulation (FAR) Council published an interim rule and contract clause implementing the “No TikTok on Government Devices Act” which prohibits the use of TikTok or other applications by ByteDance on contractors’ information technology, including employee-owned devices. FAR 52.204-27, Prohibition on a ByteDance Covered Application (effective June 2, 2023), when incorporated into federal contracts states: “The Contractor is prohibited from having or using a covered application [TikTok] on any information technology owned or managed by the Government, or on any information technology used or provided by the Contractor under this contract, including equipment provided by the Contractor’s employees.”
Guidance
Pursuant to FAR 52.204-27, faculty are asked to instruct their lab staff, including students, who are working on a federal contract to uninstall the TikTok app from all university-owned and personal devices (including cellphones, laptops, tablets and desktop computers) on which they conduct any federal contract- related work (including emailing, calling, texting, using Duo-authentication, collecting data, etc.). Further, do not install TikTok on any related university-issued device. Additionally, it is prohibited to visit the TikTok platform via web browsers, on such applicable university-owned and personal devices over duration of impacted projects.
Process
Before accepting a federal contract or subcontract with this clause:
- The URA specialist must notify the primary contact person for the contract of the existence of the prohibition.
- The primary contact must require all covered individuals to remove all covered applications from devices provided or issued by the University of Chicago. Covered individuals should contact their local UChicago Information Technology representative with any questions about how to remove these applications.
- The primary contact person must require covered individuals to either (i) remove all covered applications from personally owned devices used in the performance of the contract or (ii) refrain from using personally owned devices in the performance of the contract.
- The URA specialist will send the PI the applicable attestation form and obtain a signed copy from all named key project personnel.
- Use the naming convention –[PI Last Name_AWDxxxxx_ByteDance Cert_mm-dd-yy] (example: Biden_AWD12345_ByteDance Cert_10-31-23)
- Attach the signed attestation forms for all key personnel in the AURA project record.
Completed attestation forms are required by URA for final award account activation. For modifications and amendments on existing awards, attestations must be returned in a timely manner so as not to impact project continuation. Note, UChicago may perform periodic audits to verify compliance with these requirements.
*For assistance on removal of the TikTok application from your device, contact the Division of Information Technology Help Desk or your local unit’s IT help desk.
**Note that an exemption is allowed for university-owned devices used as part of an active academic research project where the TikTok app is pertinent to the project. Those individuals may continue to use the TikTok app on university issued devices, only after an exemption is approved by the appropriate federal agency’s Contracting Officer. To seek an academic research exemption in accordance with OMB Memorandum M-23-13, please contact your Post-Award point of contact for an award modification request in AURA Grants.
For information about compliance with this federal regulation, please see FAR 52.204-27 here:
https://www.acquisition.gov/far/52.204-27