New Buy America Guidance Starts on October 23, 2023. Are You Ready?

Kevin Cosgrove

The administrations of Presidents Biden and Trump have very little in common. On one issue, however, they have moved almost in lockstep. That issue is expanding “Buy America” requirements in federal procurements. Both administrations – as well as Congress – have made this matter a priority. This article will explain the current status of Buy America requirements, how we got to this place, and what federal contractors should expect in the future.

Trump’s Efforts

On April 18, 2017, President Trump issued Executive Order (“E.O.”) 13788, titled “Buy American and Hire American.” The Order focused on increased enforcement of the nation’s immigration laws. The rationale for the Order was a belief that illegal immigrants were taking jobs that rightfully should be performed by American workers. Other Executive Orders soon followed. E.O. 13858 was issued on January 31, 2019 and was titled “Strengthening Buy America Preferences for Infrastructure Projects.” Later that year, President Trump issued E.O. 13881, which was titled, “Maximizing Use of American-Made Goods, Products & Materials.” While Buy American statutes and regulations have been on the books for many decades, the Trump administration made them a focal point for federal procurement.

Biden Continues Trump’s Approach

Shortly after his inauguration in January, 2021, President Biden issued E.O. 14005, titled “Ensuring the Future is Made in America by All of America’s Workers.”  This E.O. consisted of several parts. First, it gutted the parts of President Trump’s E.O. 13788 that focused on illegal immigration. This was a harbinger of the Biden administration’s position on immigration.

But E.O. 14005 also continued and expanded the Trump administration’s goal of spending federal dollars for the purchase of products made in the United States. It also changed the waiver process for Buy American compliance. Waiver authority was restricted to senior agency leadership and most waiver applications were to be published on agency websites and in the Federal Register. The goal was to make the waiver process much more difficult. As we shall see, that goal has been achieved.

E.O. 14005 paved the way for the bipartisan Infrastructure Investment & Jobs Act that was passed by Congress on November 15, 2021. Included within that Act was the Buy America Build America (“BABA”) Act. BABA applied to all federally funded infrastructure projects. It created various domestic content requirements for iron and steel products, manufactured products and construction materials. Federal agencies were given six months to promulgate regulations to interpret and support the following requirements.

  • All iron and steel products used in a project had to be produced in the United States. This means that all manufacturing processes, from beginning to end, occurred in the United States.
  • All manufactured products had to be produced in the United States. That means that the product was manufactured in the United States and the cost of American components incorporated into the product is greater than 55% of the total cost of all the components.
  • All construction materials had to be produced in the United States.

There have been several documents that have purported to provide guidance to federal agencies and contractors about how to interpret these requirements. But on August 23, 2023, the Office of Management &Budgets (“OMB”) issued a document optimistically captioned “Final Guidance” for interpreting the requirements imposed by BABA. The document is 162 pages long. A detailed analysis is far beyond the scope of this article. However, the following points are significant.

  • The requirements for iron and steel products are unchanged. Every step of the manufacturing production process – from initial melting to final coating – must take place in the United States. If you are using iron or steel products it is your responsibility to verify the status of these products with your supplier. An iron or steel product is one that contains “predominantly” iron or steel. OMB considered identifying a required percentage of iron or steel, but decided to use the word “predominantly.” It seems reasonable to assume that “predominantly” will be interpreted as greater than 50%.
  • Prior guidance, and BABA itself, did not attempt to define the phrase “manufactured product.” The prior guidance simply stated that if an item was not an iron or steel product or a construction material, then it was a manufactured product. But the new guidance states that a manufactured product is an “article, material or supply that has been (i) processed into a specific form and shape; or (ii) combined with other articles, materials or supplies to create a product with different properties than the individual articles, materials or supplies.

When calculating the 55% cost requirement for American components of a manufactured product, use the following test:

  • If you purchased the product, include the acquisition cost, transportation cost to the project site and any applicable duty.
  • If you manufactured the product, include all manufacturing costs, transportation cost and allocable overhead costs. Profit is excluded from this calculation.

This guidance raises many questions. Prior case law took differing views of the definition of manufacturing. This guidance uses the word “processed.” But what does that mean? If one simply assembles individual components into a specific form or shape has it been “processed?” What does “combined” mean? And the list goes on.  This is one of the reasons why I suggested earlier that calling this document “Final Guidance” was optimistic. You can be sure that we will hear more from OMB on this topic.

  • As for construction materials, the text of BABA identified non-ferrous metals, plastic and polymer-based products, glass, lumber and drywall as construction materials. The new guidance added fiber optic cable, optical fiber and engineered wood to the list. It is important to note that, under the revised guidance, a construction material is comprised of only one of the listed items. If two or more construction materials are somehow combined (or processed or manufactured), the resulting object will be deemed a manufactured product and subject to the cost test explained above.


If you have gone through your contract, checked with your supplier and the government, and determined that you cannot comply with Buy America requirements, then you must seek a waiver. Broadly speaking, there are three types of waivers.

  • Public Interest Waiver – Very few granted and none for individual projects.
  • Non-Availability Waiver – These are the vast majority of waiver applications. You must show that the product you need is not available or does not comply with Buy America requirements.
  • Unreasonable Cost Waiver -- Very hard to obtain – you must show that complying with Buy America requirements will increase the cost of the entire project by 25%.

Your waiver application must be detailed and thorough. OMB has published Memorandum M-22-11 which contains all of the information that must be included in the application. Once it has been submitted to your agency, expect to receive a series of questions asking you to justify your request. There is no set timeline for the agency review process. Some periods are as short as three or four months. Others drag on for years.

If the agency makes a preliminary determination to grant the waiver, the request must be publicized and opened for comment. Expect a host of negative comments. Somebody might claim that it can provide the product. If that occurs, reach out to that company to determine whether it can in fact provide the product you need. If it can, you will be expected to do business with that company. If it cannot, you need to notify your agency of that fact.

Once all of these steps have been completed you may receive a waiver. But even that is not the end of the road. If you obtained a waiver in order to be awarded a contract, the waiver itself can be the subject of a bid protest. It is reasonable to assume that – despite its laudable purpose – these requirements will add time, expense and complexity to the procurement process.


The Buy America process is cumbersome and onerous. It is also required. If you familiarize yourself with the process – and do business with reputable suppliers that understand their obligations – you can safely navigate these tricky waters. But rocks and shoals are everywhere, so do not be afraid to ask for help.


Fraud Enforcement Regarding SBA Pandemic-Assistance Loans Will Continue For Many Years
Kevin Cosgrove

Most of us are eager to put the pandemic behind us. There are many things we would like to forget. Heartbreaking stories of people dying far too young. The endless debates over the worth of vaccines. Avoiding other people for weeks or months at a time. We’d all like to forget these things. But if you received a Paycheck Protection Program (“PPP”) loan or an Economic Injury Disaster (“EIDL”) loan, you cannot afford to lose, misplace or destroy those records. The government’s effort to recover fraudulently obtained SBA pandemic assistance funds is just getting started.

On June 27, 2023, the Inspector General for the Small Business Administration reported that as much as $200 billion might have been improperly or illegally obtained via the PPP and the EIDL programs. COVID-19 Pandemic EIDL and PPP Loan Fraud Landscape, White Paper Report 23-09, June 27, 2023. Since the amount distributed under the programs was approximately $1.2 trillion, that means $1 out of every $6 distributed through those programs are suspect.

Last year, Congress extended the limitations period for bringing enforcement actions in these matters from six years to 10 years.[1] So all companies that received a PPP or an EIDL loan will remain vulnerable to enforcement litigation until 2031. The tool of choice for such enforcement litigation is the False Claims Act, which provides for fines, treble damages and an award of attorney fees against parties found liable.

It is important to remember that virtually every person that you know has a financial incentive to bring a False Claims Act lawsuit against suspected wrongdoers. The plaintiff could be a disgruntled former (or even current) employee. An ex-spouse or significant other could file a lawsuit. A successful qui-tam plaintiff can be awarded between 15 to 25% of the award or settlement proceeds if the government intervenes and 25-30% if the government does not intervene. That provides a powerful incentive for someone to file that lawsuit. Indeed, the potential awards are that high for exactly that purpose. In this context, whistle blowers are viewed as heroes.

The takeaway from this is clear. Hold onto your PPP and EIDL loan records. Additionally, hold onto your corporate books and records that will justify your need for the loan. If there are communications between you and third-party consultants, make sure they are preserved as well. The government is within its rights to review your loan records. Alternatively, a whistleblower can force you to disclose those records in discovery. It is important that they be in order. If they are not, the consequences could be severe.

[1] See H.R. 7352, “PPP and Bank Fraud Enforcement Harmonization Act of 2022” and H.R. 7334, the “COVID-19 EIDL Fraud Statute of Limitations Act of 2022.” And H.R. 7334, the “COVID-19 EIDL Fraud Statute of Limitations Act of 2002.” Both measures passed with strong bipartisan support.


Are You in Compliance With Cybersecurity Rules? Are you sure?
Kevin Cosgrove

The stakes for complying with the Government’s cybersecurity rules have never been higher. Beginning in June, 2021, the Department of Justice (“DOJ”) announced a civil cyber-fraud initiative. As stated by Deputy Attorney General Lisa Monaco, DOJ intends to “use all legal authorities in our reach to make sure that (whistleblowers) are protected and compensated.” A number of recent examples demonstrate that these are not just empty words.

  • In March of last year Comprehensive Health Services LLC, a business located in Florida, agreed to pay $932,000 to settle allegations that it had not complied with cybersecurity requirements regarding the storage of patient records.
  • In July of last year Aerojet Rocketdyne paid $9 million to settle a whistleblower lawsuit which alleged that Aerojet had wrongly certified compliance with various cybersecurity requirements. Aerojet is a large defense contractor that provides motors and power systems for military use. The whistleblower’s share of the settlement was $2.61 million.
  • Earlier this month, Verizon agreed to pay $4.1 million for failing to comply with cyber requirements relating to protection of federal data and information. The settlement figure would likely have been much higher, but Verizon self-reported the problem, shared its investigation results with DOJ, and instituted remedial measures designed to solve the problems.

All three of these matters – and numerous others not listed here – share a common cause. A government contractor sent a bill which impliedly certified that it was in compliance with all significant cyber protocols when it was not. That improper certification triggered liability under the Federal False Claims Act (“FCA”). The result was an enormous settlement. Contractors are strongly incentivized to settle these matters. An adverse judgment can result in a treble damages award as well as fines and an award of attorney fees. An award of that size could destroy the company. Further, if the verdict did not cripple the company, a subsequent debarment proceeding would almost certainly do the trick.

Making matters worse for defendants – and better for the Government and corporate whistleblowers – is the recent United States Supreme Court case of United States ex rel. Schutte v. SuperValu, Inc., 143 S.Ct. 1391 (2023). In SuperValu, a unanimous Court ruled that FCA liability can be imposed if a contractor subjectively believed it was not complying with its obligations. Before SuperValu, some courts took the position that the FCA did not punish defendants if their conduct was objectively reasonable, regardless of their actual belief. By expanding the factual inquiry to defendants’ subjective beliefs, SuperValu has made it much harder to dismiss these cases early in the proceedings. Plaintiffs will be permitted to engage in extensive pre-trial discovery to determine the actual mind-set of defendants. The result is that we can expect more FCA litigation asserting failure to comply with cybersecurity obligations. If you are a government contractor, this means your life has become more difficult.

The key, of course, is to avoid these cyber issues.  But how does a company do that?

The first and most obvious step is to figure out the level of security you are required to provide. Different contractors are required to have different levels of cyber-security. Also, review your contracts to determine the appropriate safeguards imposed by those agreements. If you don’t know what protocols you are required to have in place, you cannot possibly comply with those protocols.

Once you know what needs to be done, the next step is to train your people to do it. Many companies proclaim that “people are our most important asset.” But in the world of cybersecurity, people are often the weakest link. As you train your employees, keep records of that training. Encourage strong passwords. Discourage clicking on suspicious links. Build a corporate culture of cyber awareness. Take employee complaints seriously and investigate them if necessary. Do not hesitate to engage cyber-security professionals that can evaluate your safeguards.

None of this is new. We have heard it all before. But that familiarity with these points should not breed contempt. Quite the contrary. Given the increasing sophistication of hackers and the very human desire to cut corners, cybersecurity is more important than ever. Whether the risk is improper protocols which can lead to FCA liability or employee negligence which can lead to ransomware attacks or data theft, cybersecurity should be front and center to your business. If it is not now, it certainly will be after a problem arises.


Bid Protest Corner
Kevin Cosgrove

You are a subcontractor on a multi-award contract. Your agency issues a solicitation on that same contract, and you submit a response seeking an award as a prime. The agency selects another respondent to receive the contract. Do you have standing to protest that award? The recent General Accountability Office (“GAO”) decision in Allegheny Science & Technology Company, B-421699.2, September 1, 2023 ruled that you do not.

GAO observed that, as a general rule, “where a solicitation contemplates multiple awards, another awardee of the same contract is not an interested party to challenge the award of that contract to another firm.” Allegheny, p. 4; see also National Air Cargo Group, Inc., B‑411830.2, Mar. 9, 2016, 2016 CPD ¶ 85 at 4. The reason for this rule is straight-forward. The function of bid protests is to foster open competition. So “generally, we will not review a protest that has the purpose or effect of reducing competition to the benefit of the protestor.” Allegheny, p. 4; see also Ingersol-Rand Co., B-236495, Dec. 12, 1989, 2 CPD ¶ 542 at 4. “Our office does not consider such arguments as stating a valid ground for protest.” Allegheny, p. 4; see also Morpho Detection, Inc., B‑410876, Mar. 3, 2017, 2015 CPD ¶ 85 at 7 n.4.

So you get to work on your matters, and others get to work on theirs. That way we all succeed. As President Kennedy noted, “A rising tide lifts all boats.” 

The Willcox & Savage, P.C. website is for informational purposes only and should not be treated as legal advice. Neither reviewing the website nor corresponding with us through the website will create an attorney-client relationship between you and the firm. An attorney-client relationship and a corresponding duty to maintain confidentiality do not arise until Willcox & Savage, P.C. has determined that no conflicts of interest exist and has informed you that it is willing and able to represent you. Do not send confidential information or substantive details about your case or transaction to us until you speak with one or our attorneys and receive authorization. Information we receive will not be treated as confidential until we establish an attorney-client relationship with you and authorize you to send us confidential information.

By hitting "Agree" below, you agree that you have read and accept these terms.