The Guide To The NDAA Video Surveillance Ban / Blacklists

By Charles Rollet, Published Aug 24, 2020, 01:47pm EDT

This 25-page guide provides a reference to the NDAA ban and blacklist. The US government has implemented wide-ranging prohibitions on using, buying, and selling video surveillance products including Dahua, Hikvision, and Huawei (Hisilicon) based products.

IPVM Image

However, the bans and 'blacklisting' are not complete. In many areas, US businesses are free to buy, sell, and use these products.

The goal of this guide is to explain how these bans and 'blacklisting' work so that businesses can understand where and when they are applicable, including 11 major sections:

Primary Links Provided / Confirm With Government

This guide provides extensive links and citations to US government documentation so you can review them yourself. You should confirm with the relevant government agencies on the applicability to your own particular sale or usage.

NDAA Ban Background

IPVM Image

In August 2018, US Congress passed the John McCain National Defense Authorization Act (NDAA), which contained a section called Section 889: Prohibition on Certain Telecommunications and Video Surveillance Services or Equipment.

Ban Purpose/Reasoning

Join IPVM Newsletter?

IPVM is the #1 authority in video surveillance news, in-depth tests, and training courses. Get emails, once a day, Monday to Friday.

The ban was introduced in 2018 as an amendment by US Congresswoman Vicky Hartzler (R-MO) who explained that PRC equipment "exposes the US government to significant vulnerabilities":

IPVM Image

We must face the reality that the Chinese-government is using every avenue at its disposal to target the United States, including expanding the role of Chinese companies in the U.S. domestic communications and public safety sectors. Video surveillance and security equipment sold by Chinese companies exposes the U.S. government to significant vulnerabilities and my amendment will ensure that China cannot create a video surveillance network within federal agencies. [emphasis added]

Hartzler had previously called "very concerning" a WSJ investigation that Hikvision cameras were deployed at US Army base Fort Leonard Wood, which is in Rep. Hartzler's district (the cameras were removed after the WSJ report.)

Other factors contributing to the ban included serious Hikvision and Dahua backdoor vulnerabilities, with Hikvision's receiving the worst possible rating from DHS. Hikvision attracted particular scrutiny from the WSJ and others over its PRC Government Control.

The ban also came after the PRC passed its National Intelligence Law mandating that all PRC companies "support, assist, and cooperate" intelligence agencies and "protect national intelligence work secrets":

IPVM Image

The PRC declared non-domestic video surveillance "risks to national security" back in 2012.

NDAA Three Core Parts

Section 889 has three core parts:

  • the 'procurement ban', which bans federal procurement of covered equipment/service and went into effect in August 2019
  • the 'blacklist clause', which bans federal agencies from doing business with those who "use" covered equipment/services and went into effect in August 2020
  • the 'funding ban', which prohibits federal dollars from being spent on covered goods/services and went into effect in August 2020

In this post, we will examine each core aspect in detail, along with which entities and what products are affected.

Entities Affected: No Workarounds

IPVM Image

The ban names Hikvision and Dahua along with "any subsidiary or affiliate of such entities":

IPVM Image

This means there are no workarounds - i.e. Hikvision USA or Hikvision Brazil is covered just as well as Hikvision China gear. Huawei is also covered:

IPVM Image

This is not strictly limited to Huawei telecom gear as it explicitly includes "video surveillance services" or "such equipment" produced by Huawei as well:

IPVM Image

Risks Remaining For Non-Banned Products

In her reasoning for the NDAA ban, Congresswoman Vicky Hartzler stated that video surveillance equipment "sold by Chinese companies exposes the US government to significant vulnerabilities." However, the NDAA ban does not affect all PRC companies - just five specific ones (Hikvision/Dahua/Huawei/ZTE/Hytera.)

There is no current indication that other PRC manufacturers will be added to the NDAA ban. However, US-China relations remain tense and there is a wide body of PRC laws mandating all companies (not just Hikvision/Dahua) cooperate with PRC intelligence and police agencies.

In the long term, it remains possible that other PRC video surveillance companies will be targeted targeted by federal use bans or other sanctions. Outside the US, Taiwan's government announced this year a broad PRC tech usage ban that covers all PRC tech products, not just those from specific PRC companies.

'Covered Equipment/Services' Includes OEMs, COTS, Micro-transactions

OEMs are also covered, with the procurement ban requiring "original equipment manufacturer" disclosure:

IPVM Image

Refer to IPVM's Dahua OEM Directory and Hikvision OEM Directory for companies OEMing.

The blacklist clause requires disclosure of "whether the entity was the original equipment manufacturer" for "covered equipment":

IPVM Image

"COTS items" are also covered, with the government having determined this "is in the best interests of the Government":

IPVM Image

Finally, "all" federal contracts are covered "including micro-purchase contracts":

IPVM Image

All Cameras With Huawei HiSilicon Chips Also Covered

IPVM Image

The ban includes "any equipment, system, or service" which uses banned goods/services "as a substantial or essential component of any system":

IPVM Image

This is particularly important to video surveillance because many IP cameras today, particularly cheaper ones, are powered by Huawei HiSilicon SoCs and are therefore "covered" just like Hikvision or Dahua cameras.

Procurement Ban Summary

In effect since August 13, 2019, this bans federal agencies from trying to "procure or obtain or extend or renew a contract" to buy "any equipment, system, or service" that "uses covered" equipment/services:

IPVM Image

In plain English, this means the federal government cannot, in any way, buy banned equipment, nor can it obtain products which use banned equipment "as a substantial or essential component" e.g. cameras with Huawei HiSilicon chips.

Affects Every Federal US Agency

IPVM Image

This affects every "executive agency" of the federal government, which includes many organizations such as the FBI, the Coast Guard, the military, the VA, the State Department/USAID, the National Park Service, etc.

Bidders Must Represent

Contractors are "prohibited from providing to the Government" banned equipment/services:

IPVM Image

That means the onus is on contractors to comply; in order to do so, bidders "shall include" a "representation" to the government about whether they "will" or "will not" provide covered equipment/services "for all solicitations", per the implementing FAR Rule:

IPVM Image

UPDATE 9/3: In a second interim rule, the US government announced that starting on October 26 bidders will be required to "represent" on an annual basis in the System for Award Management (SAM) whether or not they use covered services:

IPVM Image

Prior to this, bidders were required to represent for each federal contract, so this should make compliance simpler. The government estimates "it will take 1 hour to complete the annual representation".

The annual representation requirement kicks in October 26 but is also required for solicitations "issued before the effective date, provided award of the resulting contract(s) occurs on or after the effective date".

Procurement Ban Examples

Below is a list of hypothetical scenarios that are prohibited under the procurement ban:

  • An integrator cannot renew his contract with a local Coast Guard base for a Hikvision camera system
  • A construction company cannot install Dahua NVRs for its local Veterans Administration office
  • A veteran-owned security firm cannot win a US Air Force contract if it plans to install Huawei HiSilicon-based IP cameras at one of the barracks

Blacklist Clause Summary

In effect since August 13, 2020, the blacklist clause says the federal government "may not" "enter into a contract" or "extend or renew a contract" with "an entity that uses" covered equipment and/or services:

IPVM Image

This means the federal government cannot do business with any prime contractor that "uses" banned equipment/services. Importantly, this applies "regardless of whether that use" is related to a federal contract:

IPVM Image

Blacklist Clause "Interim", Comments Possible

The government released the blacklist clause's interim rule on July 14, commencing a 60-day public comment period; filing comments can be done by searching for “FAR Case 2019-009 at Regulations.gov.

After this period, the government will decide whether to make any final revisions/clarifications and then publish the final rule. However, keep in mind, the interim rule is still legally in effect since August 13.

Affects Every Federal US Agency

Just like the procurement ban, every "executive agency" of the federal government is affected:

IPVM Image

Blacklist Clause Has No Definition of "Use" (Yet)

The blacklist clause bans the federal government from dealing with any prime contractor's "use" of banned equipment services. However, the clause does not specifically define "use", meaning it is unclear if a distributor who simply sells boxes of Hikvision cameras wholesale and has no meaningful interaction with them is considered a "user".

The GSA has urged those wanting clarity on this point to file public comments on the interim rule, stating in a recent webinar:

Does "use" include selling and or servicing equipment to private industry? Again, "use" is not defined, so it's unclear. I think that's a good question to include in your comments to the Federal Register to the FAR rule. [emphasis added]

Blacklist Clause Only Impacts Prime Contractors

The blacklist clause prohibition "applies at the prime contract level", per the interim rule:

IPVM Image

That means subcontractors can still used banned goods/services as long as they don't end up being used by the prime contractor.

Prime Contractors Must Still Examine Subcontractors

A prime contractors must still examine its "relationships with any subcontractor or supplier" to make sure it doesn't end up using the sub's covered goods/services:

IPVM Image

Some prime contractors may stop working with subcontractors who use banned equipment/services entirely, just to avoid the risk of such systems ending up in their own usage.

"Maintenance" is Covered

IPVM Image

"Maintenance" of a covered "item" is considered "covered services" and must be disclosed in the representation, i.e. leading to blacklisting:

IPVM Image

For any "covered service" that is "not associated with maintenance", then the Product Service Code (PSC) must be disclosed:

IPVM Image

"Reasonable Inquiry" Mandated

"Each offer" to a federal agency requires "conducting a reasonable inquiry" beforehand on whether banned equipment/services "are used by the offeror":

IPVM Image

"Reasonable inquiry" is defined as an "inquiry designed to uncover any information" about banned equipment usage; an internal or third party audit is not necessary:

IPVM Image

The government says DoD, GSA, and NSA are "currently working on updates" to System for Awards Management (SAM) to allow contractors "to represent annually after conducting a reasonable inquiry". The government estimates about "3 hours" of paperwork per representation.

One Business Day to Report Banned Equipment/Services Use

If a contractor discovers covered equipment/services usage after winning a federal contract, it "shall report" to the contract officer "within one business day" a host of details about the banned equipment "brand", "model", "item description", and any "readily available information about mitigation actions":

IPVM Image

Then, within ten business days after the initial report, the contractor will submit "any further information about mitigation actions undertaken or recommended":

IPVM Image

No Geographic Constraints On "Use"

IPVM Image

Nowhere in the NDAA itself or the implementing regulations are geographic constraints imposed/mentioned. If an integrator has an office in South Korea using Hikvision equipment, that counts as "use" of covered equipment/services. As GSA has explained, this applies even if there is no choice but to use such equipment in the foreign country:

What about situations where the contractor is located in a country such as Ethiopia, where the monopoly internet provider, the government of Ethiopia uses covered telecom and their infrastructure? Well, if that contractor uses that internet infrastructure, that's the use of covered telecom. And if you know about it, if your reasonable inquiry turns up that information, you have to represent to the government that you use covered telecom. [emphasis added]

Blacklist Clause Examples

The examples below are prohibited under the blacklist clause:

  • An integrator which no longer deals Hikvision but does still maintain a Hikvision camera network he installed at a pizza parlor three years ago, occasionally logging in to fix bugs. This is "maintenance" of a banned item, which is a "covered service", so this integrator will not be able to participate in a security contract for his local VA office, even though he only deals NDAA-compliant equipment now.
  • A Japanese construction company that uses Hikvision cameras in its Tokyo office to monitor its staff can no longer win State Department contracts because of its use of covered equipment.
  • A veteran-owned security firm that uses a wide variety of cheap cameras, some of them with Huawei HiSilicon SoCs, cannot win a simple contract for wire fencing at a nearby US Navy base.
  • A subcontractor installs relabeled Hikvision cameras at a prime contractor's new headquarters without disclosing that the cameras are Hikvision and thus NDAA-banned, meaning the prime contractor now risks being blacklisted from all federal contracts for using Hikvision cameras.

Because of how expansive the blacklist clause is, unlike the narrower procurement ban, it has raised significant opposition from groups like SIA, to no avail.

Federal Funding Ban Explained

In effect since August 13, 2020, the 'funding clause' is the NDAA's Prohibition on Loan And Grant Funds, which states the federal government "may not obligate or expend loan or grant funds" to "procure or obtain" any covered "equipment, services, or systems":

IPVM Image

Plainly put, this component bans any federal dollars from being spent on acquiring banned equipment/services, regardless of the entity spending those federal dollars.

The implementing rule for this clause is 2 CFR 200.216, which 'prohibits' any federal award "recipients and subricipients" from trying to "procure or obtain", "extend or renew a contract to procure or obtain", and "enter into a contract [...] to procure or obtain" covered equipment/services:

IPVM Image

Affects Entities Beyond Federal Contracting Community

The funding clause applies to "federal award recipients and subrecipients", which could be a local public school or a church or a private company or a charity etc.

Funding Clause Examples

As IPVM has reported, the examples are prohibited under the funding clause:

  • An integrator cannot sell Hikvision cameras to a local private school as part of a Department of Education-funded grant to expand security
  • A security firm cannot renew its DHS-funded contract with a local synagogue for a Huawei HiSilicon chip-powered surveillance system
  • A construction company cannot sell Dahua NVRs for a local rec center's expansion funded by the Veterans Administration

However, even with the funding clause in place, the examples below are not prohibited:

  • An integrator using Dahua cameras can sell NDAA-compliant Pelco systems for a local school's federal Department of Education grant to expand security
  • A security firm using Huawei HiSilicon chip-powered surveillance systems at its own warehouse can obtain a DHS-funded contract with a local mosque that does not include any covered equipment/services

Waiver Process Explained

Per the NDAA, a Section 889 waiver can be issued from either the head of an executive agency on a "one-time basis" or from the Director of National Intelligence:IPVM Image

In order to get a waiver from a federal agency head, an entity must submit "a compelling justification for the additional time" required to comply and "a full and complete laydown or description" of the covered equipment/services being used:

IPVM Image

The executive agency head then has "30 days" to consult with "appropriate Congressional committees" on the validity of the waiver request. Meanwhile, the submitter must also "notify and consult" with the DNI:

IPVM Image

Finally, a "phase-out plan to eliminate" the covered services/equipment must be provided:

IPVM Image

Waivers from federal agency heads "may only be provided" for a "period of not more than 2 years" after the effective date of Section 889's core components, meaning:

  • Procurement ban waivers from agency heads are possible until August 13, 2021
  • Blacklist clause waivers from agency heads are possible until August 13, 2022
  • There is no waiver provision for the funding ban.

This means, in effect, these waivers are "really delayed implementation", GSA has commented.

Separately, the DNI itself can issue waivers as well and they have no deadlines, i.e. they can be issued "on a date later" if deemed "in the national security interests" of the US:

IPVM Image

For background, the DNI is the federal agency that oversees the US' Intelligence Community (CIA, NSA, etc):

GSA Says Waiver Hurdles "High"

IPVM Image

Given all the steps and high levels of government approval required, the GSA has emphasized these waivers are difficult to obtain:

Section 889 in the NDAA and in the FAR rule does allow some waivers. However, the waivers are very narrow, and that, again, is to address the threats. These threats are real, and we need to protect the American government's supply chain.

The Director of National Intelligence may waive Section 899 Part A, Part B both for national security interests. Clearly, that's a very high bar.

And you can see the hurdles are quite high. A lot needs to be done before a waiver can be granted. [emphasis added]

Government Says Waivers Could Take "A Few Weeks"

In the interim rule, the government recognizes waivers "would likely take at least a few weeks" and if such time is not available, agencies can just "make award to an offeror that does not require a waiver":

IPVM Image

DoD Obtains Blacklist Delay But Not For Video Surveillance Sellers

IPVM Image

The Department of Defense has obtained a DNI waiver allowing it to delay implementation of the NDAA's "blacklist clause" until September 30, giving those who "use" Hikvision/Dahua/Huawei HiSilicon a temporary amount of relief.

However, the waiver only affects contractors' supply to the DoD of "low-risk" products such as "food, clothing, maintenance services, construction materials that are not electronic", the DoD told IPVM. Below are some examples, per IPVM's interpretation, of what is now allowed:

  • An integrator that uses Hikvision equipment can sell shovels to the US Air Force until September 30
  • A Japanese construction company that uses Dahua cameras to monitor its Tokyo headquarters can still sell concrete, bricks, and lumber to the US Navy base in Okinawa until September 30
  • A janitorial services company which also installs and maintains Huawei HiSilicon-powered cameras can continue mowing the lawns of its local US Army base until September 30

Below are some examples of what remains prohibited:

  • The integrator that uses Hikvision cameras cannot win contracts from NASA, the FBI, or any other federal agency apart from the DoD
  • The Japanese construction company cannot win any contracts from USAID, even if it's just for bricks, as USAID is part of the State Department (not the DoD)
  • The janitorial services company which uses Huawei HiSilicon cannot sell NDAA-compliant Pelco cameras to the US Army base as these are not "high-volume, low risk" items
  • On October 1, a veteran-owned integrator cannot sell canned goods to the US Navy base because the waiver will have expired by then

Exemptions for Certain Services/Equipment

The other exemption is for "backhaul, roaming, or interconnection arrangements" with a "third-party" along with telecom equipment that "cannot route or redirect user data traffic":

IPVM Image

During its recent webinar, GSA gave a few examples of such equipment/services, citing "cabling and copper wiring", Ethernet cables, and an WiFi provider's voice data package:

Internet wireless service provider providing customers voice data services for international calls. Electrical and communications, cabling and wiring copper Ethernet cables include terminations, I'm not sure if that's helpful, but those are the answers that we've come up with for examples of equipment that cannot route or redirect user data traffic. [emphasis added]

Penalties for Breaking the NDAA Ban

As GSA has noted, if someone violates the NDAA, there is no specific enforcement mechanism, "it just follows the normal enforcement" for federal contracts:

There's no additional enforcement that's specific to Section 899 [...] It just follows the normal enforcement for everything else under government contracts.

The government states that Section 889 violations are considered "breach of trust", stating that "failure to submit an accurate representation to the Government constitutes a breach of contract that can lead to cancellation, termination, and financial consequences":

IPVM Image

The False Claims Act allows the federal government to fine contractors $11,665 to $23,331 for each false claim made.

DoD On Who Handles Violations

There are few explicit announcements yet on who handles violations, however the DoD stated in recent guidelines that if a "contracting officer" doubts a contractor is being honest in their representation, the officer shall "consult with the program office" and "legal counsel":

IPVM Image

Compliant NDAA Products

100% NDAA-Compliant

The following companies told IPVM that all their products are compliant. Note that past models are not necessarily compliant:

  • Avigilon
  • Axis Communications. (Axis' discontinued Companion Line used HiSilicon chips)
  • BCD International
  • Clinton
  • Commend
  • FLIR
  • iryx
  • JCI/Tyco Security
  • Mobotix
  • Pelco
  • Rhombus Systems
  • Seek Thermal
  • Solink
  • WatchGuard

100% NDAA-Compliant for US-Listed Products

These companies said that US-listed products are compliant but that some products not intended for US sale are not compliant:

  • Bosch is in the process of dropping Dahua and, in the US, is discontinuing all models made by Dahua. Outside the US, those products will continue to be sold, for now.

Mostly Compliant

  • ACTi provided a list of NDAA-compliant products.
  • Digital Watchdog (DW) has a statement listing compliant products. It is a long list but they did not clarify which products were not so this requires carefully reviewing the list to see if the specific model is or is not included.
  • Hanwha provided a list of compliant products. Hanwha is dropping Huawei Hisilicon from its cameras, with most of its cameras already not using Hisilicon, instead using its own Wisenet chips and Ambarella.
  • Lilin provided a list of compliant products; however, Lilin did not provide a list of what products were not NDAA compliant.
  • March Networks directed IPVM to a statement on their site, and said their recently-launched the X-Series recorders are compliant. They report that the 8000 and 9000 series recorders are not compliant
  • Verkada referred us to a statement including a list of compliant products. Verkada's first product lines used Huawei Hisilicon.
  • Vivotek passed along this statement listing their compliant products.

Minority Compliant

Finding If Your Cameras Use HiSilicon

IPVM has also published a guide on How To Find If Your Cameras Uses Huawei HiSilicon. This video shows how to locate the SoC:

IPVM also showed how to find HiSilicon SoCs in models where the SoC is less easy to find such as Uniview:

2021 Update: Marketing NDAA Compliant Doesn't Mean Cybersecure

Starting in 2021, an increasing number of sellers are marketing their products as NDAA compliant. While this marketing is typically correct in that those products are not produced or using critical components from covered companies, it does not ensure that a product is free from any cybersecurity vulnerabilities. The NDAA currently targets national security risks from specific PRC companies, but does not test or guarantee that NDAA compliant products are free from vulnerabilities.

NDAA-compliant providers still regularly suffer from cybersecurity incidents. For more, read IPVM's Directory of Video Surveillance Vulnerabilities and Exploits.

Future Updates

IPVM will continue to update this guide as new developments emerge and as questions are asked. Please comment below or email us at info@ipvm.com and we will update the guide.

30 reports cite this report:

Hikvision Requests FCC To "Immediately Remove It From Covered List" on Nov 22, 2021
Hikvision requested the FCC "immediately remove" the company from the Covered...
UK Ministry of Defence "Guidance Is Not To Use / Install Hikvision" on Nov 22, 2021
The UK Ministry of Defence has quietly issued guidance "not to use/install...
Axis Discloses SoCs On Spec Sheets on Nov 19, 2021
In a rare move, Axis has begun disclosing camera SoCs directly on their spec...
President Signs Act Banning New FCC Authorizations of Dahua and Hikvision, Becomes Law on Nov 12, 2021
President Biden has signed the Secure Equipment Act into law, mandating the...
Bosch EOLing Many Models, Citing Undisclosed NDAA Component Risks on Oct 25, 2021
Bosch is discontinuing multiple camera lines "in light of NDAA requirements",...
Hikvision Has "Highest Level of Critical Vulnerability," Impacting 100+ Million Devices on Sep 20, 2021
Hikvision has admitted a 9.8 vulnerability that is "the highest level of...
Vietnam Manufacturer Bkav / AI View Enters Video Surveillance on Aug 26, 2021
While foreign companies are increasingly moving manufacturing to Vietnam,...
Taiwan Government Bans China Tech Including Dahua and Hikvision on Aug 17, 2021
Taiwan has banned using PRC China tech products across its government,...
Hikvision Quits SIA, Blames IPVM "Bullies" on Jul 22, 2021
Hikvision called IPVM "bullies" decrying that IPVM had "harassed and...
Snap One / AV IPO Filing Examined on Jul 08, 2021
Snap One, aka Snap AV is going public, disclosing extremely high revenue for...
FCC Explains Why They Plan To Ban Dahua And Hikvision on Jun 23, 2021
The FCC explained why they voted unanimously for a plan to ban Dahua,...
Banned Hidden Relabelled Hikvision Surveillance Purchased By US Embassy on Jun 15, 2021
A US Embassy is purchasing banned Hikvision OEMs, violating the NDAA ban. The...
The Security Industry Association Expels Dahua on Jun 08, 2021
The Security Industry Association (SIA) has expelled Dahua for ethics...
FCC Formally Proposes Prohibiting New Dahua and Hikvision Authorizations on Jun 01, 2021
The FCC is now proposing to ban new equipment authorizations of...
Uniview Favorability Statistics 2021 on May 07, 2021
With the US NDAA ban impacting China's #1 Hikvision and #2 Dahua, has...
Dahua OEM Directory on May 05, 2021
Updated for 2021, this directory includes US Government-banned Dahua OEMs for...
Video Analytics Manufacturer Performance Guide on May 04, 2021
This 25-page guide provides a reference for video surveillance analytic...
FCC Commissioner Urges Eliminating Dahua/Hikvision From USA on Apr 20, 2021
An FCC Commissioner is urging the FCC to take action that would, in his...
Huawei Favorability Statistics 2021 on Apr 06, 2021
Huawei has become China's largest technology company and the maker of the...
UK Warns Against China Security Tech on Mar 30, 2021
The UK Government has warned against PRC technology, citing Xinjiang and...
Hikvision Favorability Statistics 2021 on Mar 24, 2021
In the past decade, Hikvision has risen from obscurity to global controversy....
Digital Watchdog Favorability Statistics 2021 on Mar 23, 2021
Digital Watchdog (DW) has been around for many years but how has the American...
Dahua Favorability Statistics 2021 on Mar 22, 2021
Dahua has become one of the biggest and most controversial video surveillance...
US FCC: Dahua and Hikvision "Deemed A Threat" To National Security on Mar 15, 2021
The US FCC has "released a list of communications equipment and services that...
Provision-ISR IP Cameras Tested on Feb 15, 2021
Provision-ISR bills itself as an Israeli alternative and positions its new...
French Police Criticize Hikvision Body Cameras on Dec 29, 2020
French police are criticizing their Hikvision body cameras, with one police...
2021 Video Surveillance Cameras State of the Market on Dec 28, 2020
Each year, IPVM explains the main advances and changes for video surveillance...
TVT Revenue and Profits Up, Strengthened by Summer Fever Camera Boom on Nov 16, 2020
Many Western users may be unfamiliar with TVT, a Shenzhen company that OEMs...
Hikvision Q3 2020 Global Revenue Rises, US Revenue Falls on Oct 27, 2020
While Hikvision's global revenue rises driven by domestic recovery, its US...
Honeywell 30 Series and Vivotek NVRs Tested on Oct 21, 2020
The NDAA ban has driven many users to look for low-cost NVRs not made by...

Comments (29)

Only IPVM Subscribers may comment. Login or Join.

Thank you for compiling this all in one place. It was getting to be very difficult to track down all of the various articles and their current status.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Great article and a great tool for all of us.

Agree
Disagree
Informative
Unhelpful
Funny

Useful to have the authoritative sourves collected into one place. Good Job.

Agree
Disagree
Informative
Unhelpful
Funny

Could you please add Geutebrück to the list of 100% compliant manufacturers? A large portion of our U.S. business is in the Fed space. I believe we submitted a couple doc's to you in another forum recently.

Agree
Disagree
Informative
Unhelpful
Funny

Thank you very much for compiling all this information in one place, it's very helpful!

Agree
Disagree
Informative
Unhelpful
Funny

Can you comment on the Honeywell 30 series cameras? These are supposed to be NDAA compliant, even though other Honeywell lines are rebranded Vivotek which are banned. Does this disqualify all Honeywell products?

Agree
Disagree
Informative
Unhelpful
Funny

Honeywell 30 Series Cameras Tested Vs Dahua and Hikvision - Honeywell 30 is rebranded Vivotek which are not banned. Vivotek is a Taiwan company not related to Dahua and Hikvision. Does that make sense?

Agree
Disagree
Informative: 2
Unhelpful
Funny

Vivotek is a Taiwan company not related to Dahua and Hikvision.

However since Vivotek makes non-NDAA equipment as well, doesn’t that put them squarely in violation of the blacklist clause?

I know the exact meaning of the word “uses” is debatable in some instances, but if “uses” doesn’t at least cover people who “make” the stuff, what could it mean?

Agree
Disagree
Informative
Unhelpful
Funny

Good question. However, keep in mind the blacklist clause affects entities doing business with the federal government, i.e. 'prime contractors.'

If Vivotek uses covered equipment, it does indeed risk being blacklisted from being a prime contractor for any US federal government agency. However, it can still sell NDAA-compliant cameras to an integrator that is a prime contractor. This is what the government means when it says the blacklist clause does not 'flow down'/only directly affects prime contractors.

Given that Vivotek is a Taiwanese manufacturer that does not depend on large US federal agency contracts, it is not substantially impacted.

Agree
Disagree
Informative
Unhelpful
Funny

So then GeoVision might also be OK since they are also Taiwanese? Both are good low cost alternatives to Hikvision.

Agree
Disagree: 1
Informative
Unhelpful
Funny

Roger, be ware of Geovision, they have so far refused to respond to our requests for comment on their NDAA compliance and they have OEMed from Uniview, related from Derek on our testing team:

For those curious about Geovision's NDAA compliance, it is certainly not 100%. I tore down 2 current Geovision cameras, and found that the GV-EBD8711 uses a HiSilicon chip, while the GV-EVD2100 uses a Grain chip. I checked Geovision's website prior to posting this, and I do not see any NDAA-specific message from them yet.

IPVM Image

Agree
Disagree
Informative: 5
Unhelpful
Funny

Great info. These tear-downs are very interesting. Thanks for following up.

Agree
Disagree
Informative
Unhelpful
Funny

Amazing. Thanks for all the work you put into this.

Agree
Disagree
Informative
Unhelpful
Funny

UPDATE 9/3: In a second interim rule, the US government announced that starting on October 26 bidders will be required to "represent" on an annual basis in the System for Award Management (SAM) whether or not they use covered services:

IPVM Image

Prior to this, bidders were required to represent for each federal contract, so this should make compliance simpler. The government estimates "it will take 1 hour to complete the annual representation".

The annual representation requirement kicks in October 26 but is required for solicitations "issued before the effective date, provided award of the resulting contract(s) occurs on or after the effective date".

Agree
Disagree
Informative
Unhelpful
Funny

Has anyone yet had any experience in maintaining NDAA compliance for a global video surveillance system where one or more of the locations supported are in mainland China, or Hong Kong?

Thanks in advance.

Bill

Agree
Disagree
Informative
Unhelpful
Funny

Hello Bill,

We've just been engaged by a global client to look into this for them.

For one of our other clients, the bigger challenge is that they do work for both US and China governments so I can foresee that the "simple" act of technology selection is going to be one that goes well beyond our pay-grade.

Have you had any useful experience to share since posting?

Agree
Disagree
Informative
Unhelpful
Funny

Have you heard or read anything about what will be required for all of the existing banned systems in federal facilities? Will they have to be removed and made compliant? If so, on what time frame?

Agree
Disagree
Informative
Unhelpful
Funny

I looked at the hanwha ndaa compliant devices list and verified that the camera that was to be installed in our facility is compliant. Just in case, I opened the camera housing to see what ISP chip they are using and saw that it was Ambarella. The camera in question is LVN-6012R. The NVR is another story. There is no NVR on the Hanwha list. Does anyone know why that is? The NVR I want to check for compliance is QRN-1610S.

Agree
Disagree
Informative
Unhelpful
Funny

Just opened the box and found an IC+ network switch chip. It is a Taiwanese company so I think it is NDAA compliant.

Agree
Disagree
Informative
Unhelpful
Funny

Strike that. The most important component is hidden under a big heat sink. The compliance list does have WRN-1610 as being compliant so I am looking at an older model.

Agree
Disagree
Informative
Unhelpful: 1
Funny

Does compliance with the NDAA include cable and terminations?

During its recent webinar, GSA gave a few examples of such equipment/services, citing "cabling and copper wiring", Ethernet cables, and an WiFi provider's voice data package:

Internet wireless service provider providing customers voice data services for international calls. Electrical and communications, cabling and wiring copper Ethernet cables include terminations, I'm not sure if that's helpful, but those are the answers that we've come up with for examples of equipment that cannot route or redirect user data traffic. [emphasis added]

Agree
Disagree
Informative
Unhelpful
Funny

If I am reading this correctly, wired cables are exempted.

[2] The new rule also adds definitions for the following terms that are part of an exception under 889(a)(1)(A).

  • Backhaul – intermediate links between the core network, or backbone network, and the small subnetworks at the edge of the network (e.g., connecting cell phones/towers to the core telephone network). Backhaul can be wireless (e.g., microwave) or wired (e.g., fiber optic, coaxial cable, Ethernet).

FAR Council Publishes 2019 NDAA Section 889(a)(1)(B) Interim Rule Further Prohibiting Use of Huawei, ZTE, and Others’ Telecommunications Technology by Contractors | Government Contracts Legal Forum

Agree
Disagree
Informative
Unhelpful
Funny

If GSA was providing a briefing then the issue may not be NDAA compliance but TAA compliance. GSA requires that all materials be from TAA compliant countries. A product can be NDAA compliant but made in Thailand (or a number of other locations) which is non-TAA so the product should not be sold to the federal government. This is one of the reasons that Bosch moved their sensor manufacturing to Portugal.

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

Quick Question:

We have an opportunity where a state agency needs to replace their NVR. They currently have 32 cameras, 26 Axis & 6 HikVision. As we did not install the HIK cameras and they will not be covered under the NVR's warranty, are we still compliant if we do so? Reading through the language above, it appears that if we exclude "maintenance" on the HIK cameras we should be OK.

Thanks,

Agree
Disagree
Informative
Unhelpful
Funny

Hi, thanks for your question! "Maintenance" of a covered "item" is considered "covered services" and must be disclosed in the representation, leading to blacklisting. So there shouldn't be an issue if the new NVR fully excludes the Hikvision cameras.

However, if you were to replace the NVR but connect it to the existing Hikvision cameras, that may be considered "maintenance" of those "items" and you would risk federal blacklisting (in this scenario you would be, after all, helping maintain the usage of covered equipment).

Agree
Disagree
Informative
Unhelpful
Funny

Thank you for the clarification.

Agree
Disagree
Informative
Unhelpful
Funny

Rip and replace.

Agree: 3
Disagree
Informative
Unhelpful
Funny

As others have mentioned, rip and replace to maintain your eligibility to conduct business with government.

Agree: 1
Disagree
Informative
Unhelpful
Funny

I appreciate this ethical approach. My dilemma is a construction project that was awarded in 2018 that still hasn't been delivered. And, since it is significantly delayed with COVID and subsequent supply chain issues, the contracting team doesn't want to hear that the cameras are a problem. Anyone else working through this type of scenario? The last submittal we received for security surveillance equipment was in the fall of 2020 and I contend that the contractor had a responsibility at that point to correct the problem. Any insight would be appreciated.

Agree
Disagree
Informative
Unhelpful
Funny
Loading Related Reports