🎯Free 30-Day Trial — No Credit Card Required.Start Free →
HomeBlogSection 889 Compliance
Advanced Compliance

Section 889 Compliance: The Telecom Ban That Can Get You Removed From a Contract

Section 889 of the FY2019 NDAA prohibits federal contractors from using telecom and video surveillance equipment from five Chinese companies — and their subsidiaries. A false certification exposes you to the False Claims Act, contract termination, and potential debarment. Most contractors are one supply chain audit away from discovering a problem they didn't know they had.

By CapturePilot Team14 min readPublished July 3, 2026
01

What Section 889 Actually Prohibits

Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 does two distinct things. First, it bans the federal government from buying telecommunications equipment and video surveillance systems from five specific Chinese companies. Second — and this is where most contractors get tripped up — it bans the government from contracting with any company that uses that equipment, anywhere in their own business operations.

The second prohibition is not limited to what you deliver to the government. It covers your internal networks, your office security cameras, your phone system, your building access control — anything in your own environment. If your company runs a Hikvision camera over your server room, and you have a federal contract, you have a Section 889 problem.

The law defines covered equipment as “telecommunications equipment or services that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” That phrase “substantial or essential component” is important — a single banned component inside a larger system can make the entire system covered.

This isn't optional compliance

Section 889 isn't a reporting obligation with a grace period. Every time you submit a proposal or receive a contract modification, you certify compliance. A knowing false certification is a False Claims Act violation — not just an administrative error. The question isn't whether to comply; it's whether you can demonstrate that you already do.
02

The Five Banned Companies and Their Aliases

Section 889 names five companies and extends the prohibition to all their subsidiaries and affiliates. Knowing only the five parent names isn't enough — the OEM web is wide, and many of these companies manufacture products sold under dozens of other brand names.

CompanyPrimary ProductsCommon OEM / Alias Brands
Huawei TechnologiesNetworking equipment, routers, switches, 5G infrastructureHonor (mobile), various ODM/OEM networking brands
ZTE CorporationTelecom equipment, routers, mobile devices, network switchesVarious carrier-branded devices; ODM handsets
Hytera CommunicationsTwo-way radios, dispatch systems, body-worn camerasSold under carrier and reseller brands in the U.S. market
Hangzhou Hikvision Digital TechnologyIP cameras, NVRs, access control, video analyticsAnnke, Alibi, EZVIZ, Lorex (select models), numerous white-label brands
Dahua TechnologyIP cameras, NVRs, video surveillance, access controlAmcrest, Lorex (select models), Imou, numerous OEM/white-label brands

The OEM alias problem is the biggest compliance trap of 2025 and 2026. Hikvision and Dahua together produce a substantial portion of the world's IP camera hardware. Cameras bearing U.S. or European brand names are frequently manufactured by Hikvision or Dahua at the hardware layer. The Section 889 prohibition extends to “any subsidiary or affiliate of such entities” — which means the brand name on the box doesn't matter. What matters is who made the core hardware.

Brand name ≠ compliance

A camera labeled with an American brand purchased from a mainstream U.S. retailer may still be Hikvision or Dahua hardware underneath. The December 2026 deadline for facility audits means you need to verify the actual manufacturer of every surveillance device in your environment — not just the label on the front.
03

Part A vs. Part B: Two Separate Problems

Section 889 is divided into two sub-prohibitions, each with its own effective date, scope, and practical compliance requirements. Most coverage online conflates them. You need to understand both separately because they trigger different compliance obligations.

A

Section 889(a)(1)(A) — Part A

Effective: August 13, 2019

What it bans: The federal government from directly procuring covered telecommunications equipment or services.

Who it targets: Federal agencies, not contractors directly — but any contractor delivering covered equipment to the government violates this through their agency customer.

FAR clause: 52.204-25

B

Section 889(a)(1)(B) — Part B

Effective: August 13, 2020 (DoD: October 1, 2022)

What it bans: The federal government from contracting with any entity that uses covered telecom equipment or services anywhere in its own operations.

Who it targets: Every federal contractor and subcontractor. Your internal systems — not just what you deliver — must be clean.

FAR clause: 52.204-26

Part B is the one that surprises people. Under Part A, the question is whether you're delivering banned equipment to the government. Part B asks whether you're using banned equipment anywhere in your company. A router from Huawei in your IT closet. A Dahua camera over your warehouse loading dock. A ZTE handset issued to an employee. All of these can create a Part B violation — even if your government deliverables are spotless.

The DoD received a waiver from the Director of National Intelligence for Part B when it first took effect in August 2020. That waiver expired on October 1, 2022. Since then, full Part B compliance has been mandatory for all DoD contractors — no exceptions, no grace period.

Check your contract compliance posture free

CapturePilot's Quick Checker flags compliance requirements, certifications, and risk factors for your business profile — including NDAA and supply chain obligations.

Check your eligibility free
04

The Three FAR Clauses You're Already Certifying

Three FAR clauses implement Section 889 in contracts. If you have a federal contract issued after August 2019, at least one of these clauses is in it. Understanding what each one requires helps you understand exactly what you're certifying every time you sign a contract or submit a proposal.

FAR 52.204-24Representation and Disclosures Regarding Telecommunications and Video Surveillance

A representation clause included in solicitations. Before award, you certify whether your company provides or uses covered telecommunications equipment or services. This is the pre-award checkpoint. A false representation here is a False Claims Act exposure from the moment you sign the offer.

FAR 52.204-25Prohibition on Contracting for Certain Telecommunications and Video Surveillance (Part A)

The core Part A prohibition clause in the contract itself. It prohibits you from providing covered equipment or services to the government as part of contract performance. Requires you to report any discovery of covered equipment within 1 business day to the contracting officer, and submit a mitigation plan within 10 business days.

FAR 52.204-26Covered Telecommunications Equipment or Services — Representation (Part B)

The Part B representation. You certify that your company does not use covered telecommunications equipment or services in your own operations. Included in all solicitations that also include 52.204-25. This is what makes your internal IT environment a compliance issue, not just what you deliver.

One practical note: these clauses flow down to subcontractors. If you're a prime contractor, you must include equivalent provisions in your subcontracts, and your subcontractors must comply too. A subcontractor running banned equipment creates a prime contractor compliance problem. Your supply chain liability doesn't end at your company's walls.

05

The Certification Risk Every Bidder Faces

Every time you submit a proposal, you're making a representation in SAM.gov and in the solicitation response: you either use covered telecommunications equipment or you don't. That representation is your legal assertion. If it turns out to be wrong — even because you didn't know — you have a problem. If it turns out to be wrong and you did know, you have a False Claims Act problem.

The FCA is the federal government's primary anti-fraud tool. As of July 2025, civil penalties range from $14,308 to $28,619 per violation, plus three times the government's actual damages. In a contract worth $500,000, three times damages plus per-claim penalties can wipe out years of revenue. The DOJ reported nearly 1,000 qui tam (whistleblower) actions in FY2024 — a 37 percent increase from the prior year. Section 889 false certifications are exactly the kind of case these suits target.

Subcontractors can trigger FCA liability for primes

If your subcontractor certifies compliance and isn't, and you include their certification in your prime contract representations without independent verification, you share the exposure. The government doesn't just pursue the subcontractor — it pursues whoever signed the prime contract. Verify your subs' Section 889 status the same way you verify your own.

Beyond the FCA, non-compliance triggers two other consequences that matter practically: contract termination for default and suspension or debarment. Termination for default creates a negative CPARS performance record that damages every future proposal. Debarment removes you from the federal market entirely for years. The Section 889 exposure isn't a fine you absorb — it's a business-ending risk if mishandled. More on what happens in practice in Section 9.

06

How to Conduct a Reasonable Inquiry

The FAR standard for Section 889 compliance is a “reasonable inquiry” — not a full-scale third-party audit. A reasonable inquiry is defined as one “designed to uncover any information in the entity's possession about the identity of the producer or provider of covered telecommunications equipment or services used by the entity.” You don't have to hire an outside auditor. But you do have to do something documented and defensible.

Here's a six-step process that satisfies the reasonable inquiry standard and produces the documentation you'd need if someone ever questioned your certification:

1

Inventory all telecom and video surveillance equipment

Document every router, switch, IP camera, NVR, two-way radio, VoIP device, and building access control system your company uses. Include manufacturer, model number, and purchase date. Cloud-based systems count too — identify the hardware infrastructure your vendors use.

2

Identify manufacturers at the hardware level, not the brand level

For each device, research the actual manufacturer — not just the brand name on the label. Look up the model number against Hikvision, Dahua, Huawei, ZTE, and Hytera OEM/ODM product lines. A useful resource: IPVM's OEM tracker, which documents which brands source hardware from covered manufacturers.

3

Check subsidiaries and affiliates

The prohibition covers the named companies plus any subsidiary or affiliate. EZVIZ is a subsidiary of Hikvision. Imou is a brand of Dahua. If you identify equipment from an entity that might be affiliated with the five, research the corporate ownership chain before concluding it's compliant.

4

Flow down to subcontractors and suppliers

Send written inquiries to key subcontractors asking them to confirm their Section 889 status and provide documentation. Keep records of their responses. If a subcontractor can't confirm compliance, escalate or replace them before you certify on their behalf.

5

Document your process and findings in writing

Write a short memo summarizing what you checked, how you checked it, and what you found. Include dates. This is your defense if a contracting officer or auditor ever questions your representation. No documentation means your verbal assertion that 'we checked' is worthless.

6

Establish an ongoing monitoring procedure

Section 889 compliance isn't a one-time event. Equipment gets added. Vendors change their supply chains. New companies may be added to covered lists. Schedule a quarterly review of your inventory, and assign someone ownership of tracking regulatory updates.

Free tools help with the research step

The IPVM OEM database tracks which camera brands source from Hikvision and Dahua. The DoD's Defense Acquisition University has published a Section 889 resource page with vendor guidance. GSA also maintains Section 889 compliance resources at acquisition.gov/Section-889-Policies. Use these before spending money on consultants.
07

The White-Label Trap: Where Companies Get Caught

According to supply chain compliance reporting in 2025 and 2026, the most common source of Section 889 non-compliance findings isn't deliberate purchasing of Hikvision or Dahua cameras. It's inherited inventory: cameras installed before 2019, cameras acquired through business acquisitions, and cameras sold under U.S. or European brand names that are manufactured by Hikvision or Dahua as the original equipment manufacturer.

This isn't just a physical security camera problem. It applies across the entire covered product category: networking equipment that ships under a telecom carrier's brand but uses Huawei components internally, two-way radio systems that are Hytera hardware sold through a domestic reseller, and building automation systems with ZTE communication modules embedded inside.

The acquisition inheritance scenario

Your company acquires a competitor or a facility. The prior owner ran Hikvision cameras throughout the building. You now own that equipment — and you are now using covered telecommunications equipment. If you certify Section 889 compliance without auditing what you acquired, you're potentially making a false certification.

The pre-2019 installation scenario

Equipment purchased and installed before August 13, 2019 is still covered equipment. The law doesn't grandfather old purchases. If it's in your building and it's a covered product, you are 'using' it for purposes of Section 889(a)(1)(B). Age doesn't make it compliant.

The cloud and managed service scenario

If your security camera system is managed by a third-party provider — a physical security firm, a building management company — and they use Hikvision or Dahua infrastructure, you may be "using" covered equipment through that vendor relationship. Ask your managed service providers for their Section 889 compliance documentation.

The facility expansion scenario

When you open a new office or move into a co-working space or leased facility, the building's existing camera and communication systems may include covered equipment — even if your own company equipment is clean. Understand who controls the infrastructure at every location where your employees work.

If you find covered equipment in your environment, you have a path forward. You can disclose it to your contracting officer, develop a remediation plan with a realistic timeline, and in some cases obtain a waiver. Proactive disclosure is treated far differently from discovered concealment. The contractor who finds a problem and tells the government immediately is in a very different position than the contractor whose covered equipment is discovered during an audit.

08

2025–2026 Expansion: Drones and New Entities

Section 889's covered list has grown. On December 22, 2025, the FCC added all foreign-produced uncrewed aircraft systems (UAS) and UAS critical components to the covered list, acting under Section 1709 of the FY2025 NDAA. The FCC specifically named DJI Technologies (Shenzhen Da-Jiang Innovations) and Autel Robotics as covered entities — along with any subsidiary, affiliate, partner, joint venture participant, or licensee of either company.

The scope goes beyond just those two companies. The listing broadly covers UAS and UAS critical components “produced in” a foreign country — which captures a wide range of drone platforms and components. For government contractors that operate commercial drones for site surveys, mapping, inspections, or delivery — this is a new compliance obligation that wasn't there a year ago.

Aug 2019

Original ban effective

Part A: What you deliver

Oct 2022

Part B full effect

What you use internally

Dec 2026

Facility audit deadline

Cameras and surveillance

The practical implication for contractors: if your company uses DJI drones for any commercial purpose, you need to assess whether that use is consistent with your federal contract obligations. Companies that use DJI equipment for facility inspections, infrastructure monitoring, or aerial photography now have a Section 889 question to answer before submitting proposals.

What 'produced in a foreign country' means for UAS

The FCC's December 2025 listing creates some uncertainty about which specific components trigger coverage. A drone assembled in the U.S. with foreign-made components may still be covered depending on the component in question. If you operate any commercial UAS, document the manufacturing origin of the complete system and its communications components. The safe path is verified U.S. manufacture or explicit agency guidance that your specific platform is compliant.

The FCC update also maintains and expands restrictions on video surveillance equipment from the original five companies. Late 2025 and early 2026 saw significant enforcement action — major retailers facing delistings, availability changes, and intensified agency scrutiny of physical security infrastructure. The December 2026 facility audit deadline for contractors is directly tied to this escalating enforcement environment.

09

What Happens When You're Non-Compliant

Non-compliance paths have four distinct consequences, and they can stack. Understanding each one helps you calibrate the actual risk and prioritize your remediation efforts.

Contract award denial

If your Section 889 representation during proposal reveals covered equipment usage and you can't remediate before award, the contracting officer cannot award you the contract. This is the most common immediate consequence — not a penalty, but a lost opportunity.

Contract termination for default

If covered equipment is discovered during contract performance, the government can terminate for default. Unlike termination for convenience (which provides some cost recovery), termination for default gives the government the right to hold you liable for excess reprocurement costs and creates a negative performance record in CPARS that follows every future proposal.

False Claims Act civil action

A knowing false certification under FAR 52.204-24 or 52.204-26 is a False Claims Act violation. Civil penalties run $14,308 to $28,619 per violation (as of 2025), plus three times the government's damages. With DOJ FCA enforcement up 37 percent in FY2024 and qui tam actions at a record high, Section 889 is exactly the kind of case whistleblowers and the DOJ pursue.

Suspension or debarment

In serious cases — particularly where the non-compliance was knowing or repeated — the government can suspend or debar a contractor. Suspension is immediate removal from the market pending investigation. Debarment is a multi-year exclusion from all federal contracting. Either shows up in SAM.gov and is visible to every agency. See our full guide on avoiding debarment.

The good news: there is a waiver process. The heads of federal agencies can grant waivers in limited circumstances — where a contractor can demonstrate a compelling reason for needing additional time, provide a “laydown” (inventory) of covered equipment in their supply chain, and submit a credible phase-out plan. However, the agency-head waiver authority expired in August 2022. The only remaining waiver authority sits with the Director of National Intelligence (DNI), which is a high bar and a slow process. Waivers are emergency tools, not compliance strategies.

Proactive disclosure changes the calculus dramatically

The contractor who discovers covered equipment and reports it to the contracting officer within one business day — as required by FAR 52.204-25(d) — is in a fundamentally different position than one whose equipment is found in a government audit. Proactive disclosure enables a remediation conversation. Discovered concealment triggers enforcement. If you find something, report it.

Track compliance requirements alongside your opportunities

CapturePilot's intelligence engine surfaces regulatory requirements and compliance flags for each opportunity you're pursuing — so you know about Section 889, CMMC, and other obligations before you write the proposal, not after.

Start your 30-day free trial
10

Action Plan: What to Do Before Your Next Proposal

If you haven't done a formal Section 889 review, here's the sequence of steps to get compliant before your next federal proposal. These are prioritized by the most common failure modes — address them in order.

PriorityActionWhoTimeline
1Inventory all physical security cameras — identify manufacturer at hardware levelIT / FacilitiesThis week
2Audit networking equipment: routers, switches, VoIP systems for Huawei/ZTE componentsITWithin 2 weeks
3Audit two-way radio / dispatch systems for Hytera hardwareOperations / ITWithin 2 weeks
4Send Section 889 compliance inquiries to all subcontractors with written response requiredContracts / ProcurementWithin 30 days
5Assess any commercial drone programs for DJI / Autel equipment (post-Dec 2025 expansion)OperationsWithin 30 days
6Document findings in a written memo, signed and dated by responsible officerContracts / LegalBefore next proposal
7Remediate any found covered equipment — replace or obtain waiver if replacement isn't immediateIT / FacilitiesPer compliance deadline
8Update SAM.gov representations to reflect accurate Section 889 statusContractsAfter remediation
9Build a quarterly review cycle — assign ownership, calendar next reviewCompliance OwnerOngoing

The December 2026 facility audit deadline for video surveillance equipment means the clock is running. That deadline isn't the time to start your compliance review — it's the time to finish it. If you find covered cameras and need to replace them, physical security system replacements take weeks to procure and install. Starting now gives you time to replace without rushing.

Section 889 sits alongside CMMC 2.0 as one of the two major compliance requirements that DoD contractors must address before the end of 2026. The companies that get ahead of both will be better positioned for award — and the ones that get caught flat-footed will have more to explain to contracting officers than they want to.

Your proposal is only as strong as your compliance posture. A strong technical volume and competitive price mean nothing if your Section 889 representation is false. Build the compliance work into your pre-proposal checklist — alongside your bid checklist — so it's never an afterthought.

Ready to track compliance requirements with your pipeline?

CapturePilot flags Section 889 and other compliance obligations before you bid

Our intelligence engine surfaces regulatory requirements, compliance flags, and risk factors alongside every opportunity — so you know what you're getting into before you commit the proposal resources. No more finding out about Section 889 in the contract clause stack after award.