FAR 52.204-27—Prohibition on a ByteDance Covered Application.
Plain-English Summary
FAR 52.204-27 implements the federal prohibition on TikTok and other ByteDance covered applications in the government contracting context. This clause defines the key terms, including what counts as a “covered application” and what counts as “information technology,” and then states the core prohibition: contractors may not have or use a covered application on government-owned or government-managed IT, or on contractor IT used or provided under the contract, including employee-provided devices used for contract performance, unless the contracting officer has granted a written exception under the applicable OMB guidance. The clause also ties the restriction to the No TikTok on Government Devices Act, OMB Memorandum M-23-13, and the statutory and regulatory framework that governs executive agency IT. Finally, it requires contractors to flow the clause down to all subcontracts, including commercial products and commercial services subcontracts. In practice, this section is about cybersecurity, supply-chain risk, and preventing prohibited apps from being present on devices and systems used to perform federal work.
Key Rules
Covered application definition
A covered application means TikTok or any successor application or service developed or provided by ByteDance Limited or an entity owned by ByteDance Limited. The definition is intentionally broad enough to capture replacements or related services, not just the current TikTok app.
Information technology scope
The clause uses the statutory definition of information technology from 40 U.S.C. 11101(6), which covers equipment and systems used to acquire, store, process, transmit, or manage data, including computers, peripherals, software, firmware, and related services. It excludes equipment a contractor acquires only incidentally to a federal contract.
General prohibition on use
Contractors are prohibited from having or using a covered application on government-owned or government-managed IT, and also on contractor IT used or provided under the contract. This includes contractor-furnished equipment and employee-owned equipment when that equipment is used for contract performance.
Exception only by written notice
The prohibition does not apply if the contracting officer provides written notification that an exception has been granted under OMB Memorandum M-23-13. Contractors should not assume an exception exists without written confirmation.
Mandatory subcontract flowdown
The contractor must insert the substance of the clause, including the flowdown requirement itself, in all subcontracts. This applies even to subcontracts for commercial products or commercial services.
Responsibilities
Contracting Officer
Ensure the clause is included when prescribed, and provide written notification only if an exception has been granted under the applicable OMB guidance. The contracting officer is the official source for any exception that would allow otherwise prohibited use.
Contractor
Do not have or use a covered application on government IT or on contractor IT used or provided under the contract, including employee-provided equipment used for performance. Monitor devices and systems used for contract work, and ensure compliance with any exception conditions if written approval is granted.
Subcontractor
Comply with the flowed-down prohibition if the clause is included in the subcontract. Subcontractors must avoid covered applications on relevant IT used for subcontract performance and follow any exception limits.
Agency / Executive Agency
Apply the statutory and OMB-based prohibition to executive agency information technology and manage exceptions consistent with OMB Memorandum M-23-13 and agency implementation guidance.
Practical Implications
Contractors should treat this as a device-and-system restriction, not just an app-installation issue; the rule can reach contractor-furnished laptops, phones, tablets, and employee-owned devices used for federal work.
A common pitfall is assuming that a personal phone or home computer is outside the rule. If the device is used or provided under the contract, the prohibition can apply even if the device is personally owned.
Another frequent mistake is relying on informal approval. Only written notification from the contracting officer confirming an exception under the OMB guidance is enough to permit use.
Contractors should review subcontract templates and vendor onboarding processes to make sure the clause is flowed down to all tiers, including commercial-item subcontracts.
Because the clause is tied to executive agency IT and OMB guidance, compliance should be coordinated with IT, security, HR, and contract administration teams to identify prohibited apps, remove them where necessary, and document any exception handling.
Official Regulatory Text
As prescribed in 4.2203 , insert the following clause: Prohibition on a ByteDance Covered Application (Jun 2023) (a) Definitions. As used in this clause— Covered application means the social networking service TikTok or any successor application or service developed or provided by ByteDance Limited or an entity owned by ByteDance Limited. Information technology , as defined in 40 U.S.C. 11101(6) — (1) Means any equipment or interconnected system or subsystem of equipment, used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency, if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency that requires the use— (i) Of that equipment; or (ii) Of that equipment to a significant extent in the performance of a service or the furnishing of a product; (2) Includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources; but (3) Does not include any equipment acquired by a Federal contractor incidental to a Federal contract. (b) Prohibition . Section 102 of Division R of the Consolidated Appropriations Act, 2023 (Pub. L. 117-328), the No TikTok on Government Devices Act, and its implementing guidance under Office of Management and Budget (OMB) Memorandum M-23-13, dated February 27, 2023, “No TikTok on Government Devices” Implementation Guidance, collectively prohibit the presence or use of a covered application on executive agency information technology, including certain equipment used by Federal contractors. The Contractor is prohibited from having or using a covered application on any information technology owned or managed by the Government, or on any information technology used or provided by the Contractor under this contract, including equipment provided by the Contractor’s employees; however, this prohibition does not apply if the Contracting Officer provides written notification to the Contractor that an exception has been granted in accordance with OMB Memorandum M-23-13. (c) Subcontracts . The Contractor shall insert the substance of this clause, including this paragraph (c), in all subcontracts, including subcontracts for the acquisition of commercial products or commercial services. (End of clause)