The White House Office of Management and Budget has given federal agencies 30 days to get TikTok off of government issued devices used by federal employees.
The use of TikTok, the video sharing app owned by ByteDance Limited, a Chinese IT company based in Beijing, was recently banned on government devices as a part of the 2023 omnibus spending bill signed into law by President Biden. This means that federal employees who use any of the applicable devices, such as government issued smartphones, are banned from using TikTok on the devices.
According to a memo issued by OMB on Monday, February 27, 2023, “the social networking service TikTok or any successor application or service of TikTok developed or provided by ByteDance Limited or an entity owned by ByteDance Limited” must be removed within 30 days from the date the memo was issued, except in instances of approved exceptions. The memo states:
No later than 30 days following the issuance of this memorandum, agencies shall:
- Identify the use or presence of a covered application on information technology;
- Establish an internal process to adjudicate limited exceptions, as defined by theAct and described in Section IV;
- Remove and disallow installations of a covered application on IT owned oroperated by agencies, except in cases of approved exceptions; and,
- Prohibit internet traffic from IT owned by agencies to a covered application,except in cases of approved exceptions.
Within 90 days, federal agencies must do the following:
- Ensure that any new contracts issued do not contain requirements that may include the use of a covered application in the performance of the contract, except in cases of approved exceptions; and,
- Cease use of contracts that contain requirements that may include use of a covered application in performance of the contract or modify those contracts to conform with the prohibition on covered applications, except in cases of approved exceptions.
Within 120 days, the memo states that federal agencies must:
- For contracts whose performance may involve use of IT by the contractor, ensure that any modification that extends the period of performance, including through exercise of an option, includes a requirement to conform with the prohibition on covered applications; and,
- Ensure that each agency solicitation requires conformance with the prohibition on covered applications if the solicitation meets both of the following criteria: (1) the solicitation is issued on or after the date that is 120 days after the date of this memorandum; and (2) a contract issued based on the solicitation may involve use of information technology by a contractor.
Federal agencies are required to notify OMB within 90 days that they have completed all actions to eliminate TikTok as outlined in the memo.
What are the Exceptions?
The memo states that there are some exceptions under which TikTok can still be used on government issued devices. It states:
The Act permits limited exceptions to the restrictions outlined in this memorandum for law enforcement activities, national security interests and activities, and security
research. Agencies should limit the use of exceptions outlined within this section to instances in which use of a covered application is critical to their mission and alternative approaches are not viable.
Blanket exceptions applying to an entire agency are not permitted, and any exceptions must be granted by an agency head who is responsible for ensuring that anyone authorized to use the application takes “all necessary actions to mitigate risk posed by covered applications.”