Reprinted with permission, © 1999
I. INTRODUCTION
The Year 2000 problem - the failure of computer systems and programs to distinguish the appropriate date based on the use of two digits in the date field - affects every facet of business, including contracting with the federal government. The final scope of the problem remains uncertain, and likely will not be fully known until after December 31, 1999. The failure of computer systems would have a broad impact - systems responsible for payments might stop issuing disbursements after December 31, 1999; a contractor's material management system might cease functioning properly; and the government's systems tasked with contractor performance and monitoring could stop operating.
In August 1997, the Department of Defense, the General Services Administration and the National Aeronautics Administration issued Year 2000 compliance regulations, with which all government contractors must be familiar.2 Like other regulations with which contractors must comply when doing business with the federal government, the Year 2000 regulations seek to make uniform the rights and duties of parties to all government contracts. The provisions, set forth in Part 39 of the Federal Acquisition Regulation ("FAR"), however, create uncertainty regarding the parties' obligations, and vary from Year 2000 standards utilized by the private sector. For example, the final FAR rule introduces a reference to "time" data in its definition of Year 2000 compliance, while such definitions generally are restricted to "date" data. In addition, while the rule requires federal agencies to determine whether existing systems that may interoperate with new systems are Year 2000 compliant, it does not require that the agency provide such information to the contractor. Furthermore, the rule lacks any standard contract clause in FAR Part 52, which contains contract language to be incorporated in agreements with the government. The lack of such language gives the government leeway in drafting contract requirements and subjects contractors to uneven standards. Any contractor that sells the government goods or services requiring Year 2000 compliance must be aware of the regulations and their effect on the contractor's rights and obligations.
II. GOVERNMENT REGULATORY RESPONSE TO YEAR 2000
The federal government's first steps in response to Year 2000 concerns included drafting Year 2000 contract language on an agency-to-agency basis, resulting in a variety of clauses that often conflicted. Following meetings between industry groups and the federal government, the General Services Administration ("GSA") released a recommended warranty clause in September 1996.3 Under such clause, the contractor warranted that delivered hardware and software would be able to process date data accurately "provided that all listed or unlisted products (e.g. hardware, software, firmware) used in combination with such listed product properly exchange date data with it."4 The duration of the warranty and the remedies available to the government for its breach are defined by the standard terms and limitations of other warranty provisions of the contract, except that the remedies for breach of the Year 2000 warranty include repair and replacement of any listed product whose noncompliance is discovered within 90 days of acceptance.5
A. Interim Rule on Year 2000 Compliance
On January 2, 1997, the FAR Council, which is charged with formulating federal regulations, issued FAC 90-45, which contained an interim rule on Year 2000 compliance.6 The interim rule contained a definition of "Year 2000 compliant" and a section addressing Year 2000 compliance requirements. The interim rule, however, was problematic in that it introduced new terminology and sought to shift a majority of the compliance burden onto contractors.
The definition of "Year 2000 compliant" at FAR § 39.002, as introduced in the interim rule, stated:
Year 2000 compliant means information technology that accurately processes date/time data (including, but not limited to, calculating, comparing, and sequencing) from, into, and between the twentieth and twenty-first centuries, and the years 1999 and 2000 and leap year calculations. Furthermore, Year 2000 compliant information technology, when used in combination with other information technology, shall accurately process date/time data if the other information technology properly exchanges date/time data with it.7
The FAR Council eschewed the use of the traditional reference to date data, and, for reasons that the Council did not articulate, introduced an additional reference to time data. It is difficult to determine the relationship that time has to the function of a computer's date field, apart from the passage of one day to the next. The additional term would appear to create a heightened requirement that contractors must meet in dealing with the government.
The interim rule also shifted from the government to the contractor the responsibility for determining whether a federal agency's existing computer systems were Year 2000 compliant. The GSA clause required the contractor to warrant that the products delivered could process date data accurately "provided that all listed or unlisted products (e.g. hardware, software, firmware) used in combination with such listed product properly exchange date data with it."8 Industry groups requested the insertion of such a clause to deal with the exchange of noncompliant data between systems. The GSA clause therefore placed the responsibility on the federal agency to determine the Year 2000 compliance of its existing system and to inform the contractor of its status.
The interim rule published in the FAR, however, imposed that obligation on the contractor. The interim rule contained an initial obligation for the contractor to ensure that "information technology . . . accurately processes date/time data."9 The shift in burden occurred in the second part of the definition, which required the contractor to ascertain the compliance level of the existing system: "Furthermore, Year 2000 compliant information technology, when used in combination with other information technology, shall accurately process date/time data if the other information technology properly exchanges date/time data with it."10 The shift in compliance determination from the government to the contractor raised objections from industry groups. One commentator stated that the interim rule "is unsustainable, by logic - since it would require the vendor to know everything about every Federal customer's existing IT installation and its communications with external systems - and by practice - since it places the financial risk of non-performance of any government computer system on the back of vendors who have no ability to inventory, assess or remedy the date handling capabilities or status of the installed base."11
The shift in burden was compounded by the lack of any formal requirement for the agency to provide the contractor with information regarding the existing agency systems that would interface with the new systems. The FAR Council suggested that such information be provided to prospective contractors "as appropriate." The introductory commentary to the interim rule, however, stated that the disclosure of such information was "recommended" rather than required.12
B. Final Rule on Year 2000 Compliance
The FAR Council published its final rule regarding Year 2000 compliance on August 22, 1997.13 The final rule reflected certain changes from the interim rule, but failed to correct other deficiencies. The final rule also lacked any standard language for use in contracts with the government.
The final rule retained the "date/time" data reference, but, like the interim rule, failed to provide any explanation for this seemingly heightened requirement. Discussions between government officials and industry representatives after the issuance of the interim rule suggested that certain federal agencies may have data processing requirements that include a time element. The use of a time data reference, however, remains contrary to industry standards. For example, the Institute of Electrical and Electronic Engineers, an international standards body that is developing an industry standard for Year 2000 terminology, omits any reference to "time" data in its standards.14 The majority of contractors that have developed, tested and implemented Year 2000 fixes have focused on changes in date, rather than time. The inclusion of the time data standard in the FAR provision therefore creates an additional burden on federal contractors, both in efforts and expense, to ensure compliance with the provision.
While the final rule shifts the burden of determining Year 2000 compliance of existing systems from the contractor back to the government, the rule's explanatory language introduces a level of uncertainty. The final rule states:
Year 2000 compliant, as used in this part, means, with respect to information technology, that the information technology accurately processes date/time data (including, but not limited to, calculating, comparing, and sequencing) from, into, and between the twentieth and twenty-first centuries, and the years 1999 and 2000 and leap year calculations, to the extent that other information technology, used in combination with the information technology being acquired, properly exchanges date/time data with it.15
The final rule's replacement of the word "furthermore" with the phrase "to the extent that" requires the government agency to assume responsibility for ascertaining the Year 2000 compliance status of its existing systems. The introductory language to the final rule, however, would appear to remove some of the protections that such a shift in responsibility would afford a contractor. The rule states that "[i]f proper date/time data is provided, the Year 2000 compliant information technology must be able to process the data accurately. If it cannot process proper date/time data accurately, its failure will not be excused because of noncompliance of another information technology product."16 Interpretations of such a statement vary. One reading may be that the failure of a new system to exchange data with an existing system is not excused by preexisting flaws in the existing system. Another interpretation of the language, however, places more focus on the contractor's duty to create a system that is independently Year 2000 compliant. The government's exercise of the provision likely will be the ultimate means of discerning the government's interpretation.
The final rule fails to mandate an agency's disclosure of the Year 2000 compliance of its existing systems. The introductory language states that the "rule also recommends that agency solicitations describe existing information technology that will be used with the information technology to be acquired and identify whether the existing information technology is Year 2000 compliant."17 A GSA White Paper on the final rule suggests that agency disclosure of such information is routine. The White Paper notes that the final rule "[r]equires that when agencies acquire IT to be used in a system or interconnected to other computers, that the agencies identify whether the existing IT is Year 2000 compliant."18 Despite the view of the GSA, however, the final rule omits any language specifying mandatory disclosure.
The final rule also fails to include any standard contractual language in FAR Part 52. The standard contracts clauses at FAR Part 52 serve as a uniform means of guidance to the government and the contractor as to the specific requirements of a solicitation. Despite the importance of standard Year 2000 compliance in federal contracting, the FAR Council failed to promulgate any standard contract language. The absence of such a standard clause allows the agency freedom in tailoring a contract clause that either meets its needs for the specific procurement or addresses its overall policy on Year 2000 compliance. An agency may include a contract clause that follows the minimum requirements of the Year 2000 compliance regulations, or could adopt language following the GSA warranty provision.
The absence of standard language, however, presents an opportunity for the contractor. The contracting officer may have a greater opportunity to craft Year 2000 language that allows some sharing of the risk between the contractor and the government. An agreement between the parties that recognizes the pervasiveness of the Year 2000 problem and that allocates risks and associated costs fairly increases the likelihood of constructive problem solving. The contractor should avail itself, if possible, of the lack of standard language to share such risks with the government.
III. RECOMMENDATIONS FOR CONTRACTORS
Contractors with current or future government contracts involving Year 2000 compliance issues should familiarize themselves with the regulations. Contractors should devote particular attention to the following issues:
ENDNOTES
2. FAC 97-01, item XVII, 62 Fed. Reg. 44830 (Aug. 22, 1997). The regulations are set forth at FAR Part 39.
3. The warranty language can be found at the GSA Information Technology Policy website: http://www.itpolicy.gsa.gov/mks/yr2000/y2kfnl.htm.
4. Id.
5. Id.
6. FAC 90-45, item XIV, 61 Fed. Reg. 273 (Jan. 2, 1997).
7. FAR § 39.002 (61 Fed. Reg. 273, 274 (Jan. 2, 1997)).
8. See footnote 5.
9. FAR § 39.002 (61 Fed. Reg. 273, 274 (Jan. 2, 1997)).
10. Id. (emphasis added).
11. Comments of the Information Technology Association of America, Computing Technology Industry Association, Professional Services Council and the Electronic Industries Association on FAC 90-45, FAR Case 96-607, at 3.
13. FAC 97-01, item XVII, 62 Fed. Reg. 44830 (Aug. 22, 1997).
14. IEEE Std 2000.1-1998, passed Oct. 16, 1998. The standards are available at the IEEE website, http://grouper.ieee.org/groups/2000/2000.1-1998.pdf.
15. FAR § 39.002 (62 Fed. Reg. 44830, 44830 (Aug. 22, 1997)) (emphasis added).
16. 62 Fed. Reg. 44830, 44830 (Aug. 22, 1997).
17. Id.
18. White Paper on Application and Implementation of Year 2000 Federal Acquisition Regulation Guidance (Aug. 1997).
For more information, please contact:
Lino S. Lipinsky de Orlov - Denver