What Section 889 Actually Prohibits
Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 does two distinct things. First, it bans the federal government from buying telecommunications equipment and video surveillance systems from five specific Chinese companies. Second — and this is where most contractors get tripped up — it bans the government from contracting with any company that uses that equipment, anywhere in their own business operations.
The second prohibition is not limited to what you deliver to the government. It covers your internal networks, your office security cameras, your phone system, your building access control — anything in your own environment. If your company runs a Hikvision camera over your server room, and you have a federal contract, you have a Section 889 problem.
The law defines covered equipment as “telecommunications equipment or services that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” That phrase “substantial or essential component” is important — a single banned component inside a larger system can make the entire system covered.
This isn't optional compliance
The Five Banned Companies and Their Aliases
Section 889 names five companies and extends the prohibition to all their subsidiaries and affiliates. Knowing only the five parent names isn't enough — the OEM web is wide, and many of these companies manufacture products sold under dozens of other brand names.
| Company | Primary Products | Common OEM / Alias Brands |
|---|---|---|
| Huawei Technologies | Networking equipment, routers, switches, 5G infrastructure | Honor (mobile), various ODM/OEM networking brands |
| ZTE Corporation | Telecom equipment, routers, mobile devices, network switches | Various carrier-branded devices; ODM handsets |
| Hytera Communications | Two-way radios, dispatch systems, body-worn cameras | Sold under carrier and reseller brands in the U.S. market |
| Hangzhou Hikvision Digital Technology | IP cameras, NVRs, access control, video analytics | Annke, Alibi, EZVIZ, Lorex (select models), numerous white-label brands |
| Dahua Technology | IP cameras, NVRs, video surveillance, access control | Amcrest, Lorex (select models), Imou, numerous OEM/white-label brands |
The OEM alias problem is the biggest compliance trap of 2025 and 2026. Hikvision and Dahua together produce a substantial portion of the world's IP camera hardware. Cameras bearing U.S. or European brand names are frequently manufactured by Hikvision or Dahua at the hardware layer. The Section 889 prohibition extends to “any subsidiary or affiliate of such entities” — which means the brand name on the box doesn't matter. What matters is who made the core hardware.
Brand name ≠ compliance
Part A vs. Part B: Two Separate Problems
Section 889 is divided into two sub-prohibitions, each with its own effective date, scope, and practical compliance requirements. Most coverage online conflates them. You need to understand both separately because they trigger different compliance obligations.
Section 889(a)(1)(A) — Part A
Effective: August 13, 2019
What it bans: The federal government from directly procuring covered telecommunications equipment or services.
Who it targets: Federal agencies, not contractors directly — but any contractor delivering covered equipment to the government violates this through their agency customer.
FAR clause: 52.204-25
Section 889(a)(1)(B) — Part B
Effective: August 13, 2020 (DoD: October 1, 2022)
What it bans: The federal government from contracting with any entity that uses covered telecom equipment or services anywhere in its own operations.
Who it targets: Every federal contractor and subcontractor. Your internal systems — not just what you deliver — must be clean.
FAR clause: 52.204-26
Part B is the one that surprises people. Under Part A, the question is whether you're delivering banned equipment to the government. Part B asks whether you're using banned equipment anywhere in your company. A router from Huawei in your IT closet. A Dahua camera over your warehouse loading dock. A ZTE handset issued to an employee. All of these can create a Part B violation — even if your government deliverables are spotless.
The DoD received a waiver from the Director of National Intelligence for Part B when it first took effect in August 2020. That waiver expired on October 1, 2022. Since then, full Part B compliance has been mandatory for all DoD contractors — no exceptions, no grace period.
Check your contract compliance posture free
CapturePilot's Quick Checker flags compliance requirements, certifications, and risk factors for your business profile — including NDAA and supply chain obligations.
Check your eligibility freeThe Three FAR Clauses You're Already Certifying
Three FAR clauses implement Section 889 in contracts. If you have a federal contract issued after August 2019, at least one of these clauses is in it. Understanding what each one requires helps you understand exactly what you're certifying every time you sign a contract or submit a proposal.
A representation clause included in solicitations. Before award, you certify whether your company provides or uses covered telecommunications equipment or services. This is the pre-award checkpoint. A false representation here is a False Claims Act exposure from the moment you sign the offer.
The core Part A prohibition clause in the contract itself. It prohibits you from providing covered equipment or services to the government as part of contract performance. Requires you to report any discovery of covered equipment within 1 business day to the contracting officer, and submit a mitigation plan within 10 business days.
The Part B representation. You certify that your company does not use covered telecommunications equipment or services in your own operations. Included in all solicitations that also include 52.204-25. This is what makes your internal IT environment a compliance issue, not just what you deliver.
One practical note: these clauses flow down to subcontractors. If you're a prime contractor, you must include equivalent provisions in your subcontracts, and your subcontractors must comply too. A subcontractor running banned equipment creates a prime contractor compliance problem. Your supply chain liability doesn't end at your company's walls.
The Certification Risk Every Bidder Faces
Every time you submit a proposal, you're making a representation in SAM.gov and in the solicitation response: you either use covered telecommunications equipment or you don't. That representation is your legal assertion. If it turns out to be wrong — even because you didn't know — you have a problem. If it turns out to be wrong and you did know, you have a False Claims Act problem.
The FCA is the federal government's primary anti-fraud tool. As of July 2025, civil penalties range from $14,308 to $28,619 per violation, plus three times the government's actual damages. In a contract worth $500,000, three times damages plus per-claim penalties can wipe out years of revenue. The DOJ reported nearly 1,000 qui tam (whistleblower) actions in FY2024 — a 37 percent increase from the prior year. Section 889 false certifications are exactly the kind of case these suits target.
Subcontractors can trigger FCA liability for primes
Beyond the FCA, non-compliance triggers two other consequences that matter practically: contract termination for default and suspension or debarment. Termination for default creates a negative CPARS performance record that damages every future proposal. Debarment removes you from the federal market entirely for years. The Section 889 exposure isn't a fine you absorb — it's a business-ending risk if mishandled. More on what happens in practice in Section 9.
How to Conduct a Reasonable Inquiry
The FAR standard for Section 889 compliance is a “reasonable inquiry” — not a full-scale third-party audit. A reasonable inquiry is defined as one “designed to uncover any information in the entity's possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity.” You don't have to hire an outside auditor. But you do have to do something documented and defensible.
Here's a six-step process that satisfies the reasonable inquiry standard and produces the documentation you'd need if someone ever questioned your certification:
Inventory all telecom and video surveillance equipment
Document every router, switch, IP camera, NVR, two-way radio, VoIP device, and building access control system your company uses. Include manufacturer, model number, and purchase date. Cloud-based systems count too — identify the hardware infrastructure your vendors use.
Identify manufacturers at the hardware level, not the brand level
For each device, research the actual manufacturer — not just the brand name on the label. Look up the model number against Hikvision, Dahua, Huawei, ZTE, and Hytera OEM/ODM product lines. A useful resource: IPVM's OEM tracker, which documents which brands source hardware from covered manufacturers.
Check subsidiaries and affiliates
The prohibition covers the named companies plus any subsidiary or affiliate. EZVIZ is a subsidiary of Hikvision. Imou is a brand of Dahua. If you identify equipment from an entity that might be affiliated with the five, research the corporate ownership chain before concluding it's compliant.
Flow down to subcontractors and suppliers
Send written inquiries to key subcontractors asking them to confirm their Section 889 status and provide documentation. Keep records of their responses. If a subcontractor can't confirm compliance, escalate or replace them before you certify on their behalf.
Document your process and findings in writing
Write a short memo summarizing what you checked, how you checked it, and what you found. Include dates. This is your defense if a contracting officer or auditor ever questions your representation. No documentation means your verbal assertion that 'we checked' is worthless.
Establish an ongoing monitoring procedure
Section 889 compliance isn't a one-time event. Equipment gets added. Vendors change their supply chains. New companies may be added to covered lists. Schedule a quarterly review of your inventory, and assign someone ownership of tracking regulatory updates.
Free tools help with the research step
The White-Label Trap: Where Companies Get Caught
According to supply chain compliance reporting in 2025 and 2026, the most common source of Section 889 non-compliance findings isn't deliberate purchasing of Hikvision or Dahua cameras. It's inherited inventory: cameras installed before 2019, cameras acquired through business acquisitions, and cameras sold under U.S. or European brand names that are manufactured by Hikvision or Dahua as the original equipment manufacturer.
This isn't just a physical security camera problem. It applies across the entire covered product category: networking equipment that ships under a telecom carrier's brand but uses Huawei components internally, two-way radio systems that are Hytera hardware sold through a domestic reseller, and building automation systems with ZTE communication modules embedded inside.
The acquisition inheritance scenario
Your company acquires a competitor or a facility. The prior owner ran Hikvision cameras throughout the building. You now own that equipment — and you are now using covered telecommunications equipment. If you certify Section 889 compliance without auditing what you acquired, you're potentially making a false certification.
The pre-2019 installation scenario
Equipment purchased and installed before August 13, 2019 is still covered equipment. The law doesn't grandfather old purchases. If it's in your building and it's a covered product, you are 'using' it for purposes of Section 889(a)(1)(B). Age doesn't make it compliant.
The cloud and managed service scenario
If your security camera system is managed by a third-party provider — a physical security firm, a building management company — and they use Hikvision or Dahua infrastructure, you may be "using" covered equipment through that vendor relationship. Ask your managed service providers for their Section 889 compliance documentation.
The facility expansion scenario
When you open a new office or move into a co-working space or leased facility, the building's existing camera and communication systems may include covered equipment — even if your own company equipment is clean. Understand who controls the infrastructure at every location where your employees work.
If you find covered equipment in your environment, you have a path forward. You can disclose it to your contracting officer, develop a remediation plan with a realistic timeline, and in some cases obtain a waiver. Proactive disclosure is treated far differently from discovered concealment. The contractor who finds a problem and tells the government immediately is in a very different position than the contractor whose covered equipment is discovered during an audit.
2025–2026 Expansion: Drones and New Entities
Section 889's covered list has grown. On December 22, 2025, the FCC added all foreign-produced uncrewed aircraft systems (UAS) and UAS critical components to the covered list, acting under Section 1709 of the FY2025 NDAA. The FCC specifically named DJI Technologies (Shenzhen Da-Jiang Innovations) and Autel Robotics as covered entities — along with any subsidiary, affiliate, partner, joint venture participant, or licensee of either company.
The scope goes beyond just those two companies. The listing broadly covers UAS and UAS critical components “produced in” a foreign country — which captures a wide range of drone platforms and components. For government contractors that operate commercial drones for site surveys, mapping, inspections, or delivery — this is a new compliance obligation that wasn't there a year ago.
Aug 2019
Original ban effective
Part A: What you deliver
Oct 2022
Part B full effect
What you use internally
Dec 2026
Facility audit deadline
Cameras and surveillance
The practical implication for contractors: if your company uses DJI drones for any commercial purpose, you need to assess whether that use is consistent with your federal contract obligations. Companies that use DJI equipment for facility inspections, infrastructure monitoring, or aerial photography now have a Section 889 question to answer before submitting proposals.
What 'produced in a foreign country' means for UAS
The FCC update also maintains and expands restrictions on video surveillance equipment from the original five companies. Late 2025 and early 2026 saw significant enforcement action — major retailers facing delistings, availability changes, and intensified agency scrutiny of physical security infrastructure. The December 2026 facility audit deadline for contractors is directly tied to this escalating enforcement environment.
What Happens When You're Non-Compliant
Non-compliance paths have four distinct consequences, and they can stack. Understanding each one helps you calibrate the actual risk and prioritize your remediation efforts.
Contract award denial
If your Section 889 representation during proposal reveals covered equipment usage and you can't remediate before award, the contracting officer cannot award you the contract. This is the most common immediate consequence — not a penalty, but a lost opportunity.
Contract termination for default
If covered equipment is discovered during contract performance, the government can terminate for default. Unlike termination for convenience (which provides some cost recovery), termination for default gives the government the right to hold you liable for excess reprocurement costs and creates a negative performance record in CPARS that follows every future proposal.
False Claims Act civil action
A knowing false certification under FAR 52.204-24 or 52.204-26 is a False Claims Act violation. Civil penalties run $14,308 to $28,619 per violation (as of 2025), plus three times the government's damages. With DOJ FCA enforcement up 37 percent in FY2024 and qui tam actions at a record high, Section 889 is exactly the kind of case whistleblowers and the DOJ pursue.
Suspension or debarment
In serious cases — particularly where the non-compliance was knowing or repeated — the government can suspend or debar a contractor. Suspension is immediate removal from the market pending investigation. Debarment is a multi-year exclusion from all federal contracting. Either shows up in SAM.gov and is visible to every agency. See our full guide on avoiding debarment.
The good news: there is a waiver process. The heads of federal agencies can grant waivers in limited circumstances — where a contractor can demonstrate a compelling reason for needing additional time, provide a “laydown” (inventory) of covered equipment in their supply chain, and submit a credible phase-out plan. However, the agency-head waiver authority expired in August 2022. The only remaining waiver authority sits with the Director of National Intelligence (DNI), which is a high bar and a slow process. Waivers are emergency tools, not compliance strategies.
Proactive disclosure changes the calculus dramatically
Track compliance requirements alongside your opportunities
CapturePilot's intelligence engine surfaces regulatory requirements and compliance flags for each opportunity you're pursuing — so you know about Section 889, CMMC, and other obligations before you write the proposal, not after.
Start your 30-day free trialAction Plan: What to Do Before Your Next Proposal
If you haven't done a formal Section 889 review, here's the sequence of steps to get compliant before your next federal proposal. These are prioritized by the most common failure modes — address them in order.
| Priority | Action | Who | Timeline |
|---|---|---|---|
| 1 | Inventory all physical security cameras — identify manufacturer at hardware level | IT / Facilities | This week |
| 2 | Audit networking equipment: routers, switches, VoIP systems for Huawei/ZTE components | IT | Within 2 weeks |
| 3 | Audit two-way radio / dispatch systems for Hytera hardware | Operations / IT | Within 2 weeks |
| 4 | Send Section 889 compliance inquiries to all subcontractors with written response required | Contracts / Procurement | Within 30 days |
| 5 | Assess any commercial drone programs for DJI / Autel equipment (post-Dec 2025 expansion) | Operations | Within 30 days |
| 6 | Document findings in a written memo, signed and dated by responsible officer | Contracts / Legal | Before next proposal |
| 7 | Remediate any found covered equipment — replace or obtain waiver if replacement isn't immediate | IT / Facilities | Per compliance deadline |
| 8 | Update SAM.gov representations to reflect accurate Section 889 status | Contracts | After remediation |
| 9 | Build a quarterly review cycle — assign ownership, calendar next review | Compliance Owner | Ongoing |
The December 2026 facility audit deadline for video surveillance equipment means the clock is running. That deadline isn't the time to start your compliance review — it's the time to finish it. If you find covered cameras and need to replace them, physical security system replacements take weeks to procure and install. Starting now gives you time to replace without rushing.
Section 889 sits alongside CMMC 2.0 as one of the two major compliance requirements that DoD contractors must address before the end of 2026. The companies that get ahead of both will be better positioned for award — and the ones that get caught flat-footed will have more to explain to contracting officers than they want to.
Your proposal is only as strong as your compliance posture. A strong technical volume and competitive price mean nothing if your Section 889 representation is false. Build the compliance work into your pre-proposal checklist — alongside your bid checklist — so it's never an afterthought.
Ready to track compliance requirements with your pipeline?
CapturePilot flags Section 889 and other compliance obligations before you bid
Our intelligence engine surfaces regulatory requirements, compliance flags, and risk factors alongside every opportunity — so you know what you're getting into before you commit the proposal resources. No more finding out about Section 889 in the contract clause stack after award.