[Federal Register Volume 84, Number 202 (Friday, October 18, 2019)]
[Proposed Rules]
[Pages 55894-55897]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-22435]
=======================================================================
-----------------------------------------------------------------------
ENVIRONMENTAL PROTECTION AGENCY
48 CFR Parts 1539 and 1552
[EPA-HQ-OARM-2018-0743; FRL-10000-34-OMS]
Environmental Protection Agency Acquisition Regulation (EPAAR);
Open Source Software
AGENCY: Environmental Protection Agency (EPA).
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: The Environmental Protection Agency (EPA) is writing a new
EPAAR clause to address open source software requirements at EPA, so
that the EPA can share open source software developed under its
procurements.
DATES: Comments must be received on or before December 17, 2019.
ADDRESSES: Submit your comments, identified by Docket ID No. EPA-HQ-
OARM-2018-0743, at http://www.regulations.gov. Follow the online
instructions for submitting comments. Once submitted, comments cannot
be edited or removed from Regulations.gov. The EPA may publish any
comment received to its public docket. Do not submit electronically any
information you consider to be Confidential Business Information (CBI)
or other information whose disclosure is restricted by statute.
Multimedia submissions (audio, video, etc.) must be accompanied by a
written comment. The written comment is considered the official comment
and should include discussion of all points you wish to make. The EPA
will generally not consider comments or comment contents located
outside of the primary submission (i.e., on the web, cloud, or other
file sharing system). For additional submission methods, the full EPA
public comment policy, information about CBI or multimedia submissions,
and general guidance on making effective comments, please visit http://www2.epa.gov/dockets/commenting-epa-dockets.
FOR FURTHER INFORMATION CONTACT: Thomas Valentino, Policy, Training and
Oversight Division, Acquisition Policy and Training Branch (3802R),
Environmental Protection Agency, 1200 Pennsylvania Ave. NW, Washington,
DC 20460; telephone number: (202) 564-4522; email address:
[email protected].
SUPPLEMENTARY INFORMATION:
I. General Information
1. Submitting Classified Business Information. Do not submit CBI to
EPA website https://www.regulations.gov or email. Clearly mark the part
or all of the information that you claim to be CBI. For CBI information
in a disk or CD-ROM that you mail to EPA, mark the outside of the disk
or CD-ROM as CBI, and then identify electronically within the disk or
CD-ROM the specific information that is claimed as CBI. In addition to
one complete version of the comment that includes information claimed
as CBI, a copy of the comment that does not contain the information
claimed as CBI must be submitted for inclusion in the public docket.
Information so marked will not be disclosed except in accordance with
procedures set forth in 40 CFR part 2.
2. Tips for Preparing Your Comments. When submitting comments,
remember to:
[ssquf] Identify the rulemaking by docket number and other
identifying information (subject heading, Federal Register date and
page number).
[ssquf] Follow directions--The Agency may ask you to respond to
specific questions or organize comments by referencing a Code of
Federal Regulations (CFR) Part or section number.
[ssquf] Explain why you agree or disagree, suggest alternatives,
and substitute language for your requested changes.
[ssquf] Describe any assumptions and provide any technical
information and/or data that you used.
[ssquf] If you estimate potential costs or burdens, explain how you
arrived at your estimate in sufficient detail to allow for it to be
reproduced.
[ssquf] Provide specific examples to illustrate your concerns, and
suggest alternatives.
[ssquf] Explain your views as clearly as possible, avoiding the use
of profanity or personal threats.
[ssquf] Make sure to submit your comments by the comment period
deadline identified.
II. Background
The EPA is writing a new EPAAR clause to address open source
software requirements at EPA, so that the EPA can share custom-
developed code as open source code developed under its procurements, in
accordance with Office of Management and Budget's (OMB) Memorandum M-
16-21, Federal Source Code Policy: Achieving Efficiency, Transparency,
and Innovation through Reusable and Open Source Software. In meeting
the requirements of Memorandum M-16-21 the EPA will be providing an
enterprise code inventory indicating if the new code (source code or
code) was custom-developed for, or by, the agency; or if the code is
available for Federal reuse; or if the code is available publicly as
open source code; or if the code cannot be made available due to
specific exceptions.
III. Proposed Rule
The proposed rule amends EPA Acquisition Regulation (EPAAR) Part
1539, Acquisition of Information Technology, by adding Subpart 1539.2,
Open Source Software; and Sec. 1539.2071, Contract clause. EPAAR
Subpart 1552.2, Texts of Provisions and Clauses, is amended by adding
EPAAR Sec. 1552.239-71, Open Source Software.
1. EPAAR Subpart 1539.2 adds the new subpart.
2. EPAAR Sec. 1539.2071 adds the prescription for use of Sec.
1552.239-71 in all procurements where open-source software development/
custom development of software will be required.
3. EPAAR Sec. 1552.239-71, Open Source Software, provides the
terms and conditions for open source software code development and use.
IV. Statutory and Executive Orders Reviews
A. Executive Order 12866: Regulatory Planning and Review and Executive
Order 13563: Improving Regulation and Regulatory Review
This action is not a ``significant regulatory action'' under the
terms of Executive Order (E.O.) 12866 (58 FR 51735, October 4, 1993)
and is therefore not subject to review under the E.O.
B. Paperwork Reduction Act
This action does not impose an information collection burden under
the provisions of the Paperwork Reduction Act, 44 U.S.C. 3501 et seq.
Burden is defined at 5 CFR 1320.3(b).
[[Page 55895]]
C. Regulatory Flexibility Act (RFA), as Amended by the Small Business
Regulatory Enforcement Fairness Act of 1996 (SBREFA), 5 U.S.C. 601 et
seq.
The Regulatory Flexibility Act generally requires an agency to
prepare a regulatory flexibility analysis of any rule subject to notice
and comment rulemaking requirements under the Administrative Procedure
Act or any other statute; unless the agency certifies that the rule
will not have a significant economic impact on a substantial number of
small entities. Small entities include small businesses, small
organizations, and small governmental jurisdictions. For purposes of
assessing the impact of this proposed rule on small entities, ``small
entity'' is defined as: (1) A small business that meets the definition
of a small business found in the Small Business Act and codified at 13
CFR 121.201; (2) a small governmental jurisdiction that is a government
of a city, county, town, school district or special district with a
population of less than 50,000; or (3) a small organization that is any
not-for-profit enterprise which is independently owned and operated and
is not dominant in its field. After considering the economic impacts of
this rule on small entities, I certify that this action will not have a
significant economic impact on a substantial number of small entities.
In determining whether a rule has a significant economic impact on a
substantial number of small entities, the impact of concern is any
significant adverse economic impact on small entities, because the
primary purpose of the regulatory flexibility analyses is to identify
and address regulatory alternatives ``which minimize any significant
economic impact of the proposed rule on small entities'' 5 U.S.C. 503
and 604. Thus, an agency may certify that a rule will not have a
significant economic impact on a substantial number of small entities
if the rule relieves regulatory burden, or otherwise has a positive
economic effect on all of the small entities subject to the rule. This
action establishes a new EPAAR clause that will not have a significant
economic impact on a substantial number of small entities. We continue
to be interested in the potential impacts of the rule on small entities
and welcome comments on issues related to such impacts.
D. Unfunded Mandates Reform Act
Title II of the Unfunded Mandates Reform Act of 1995 (UMRA, Pub. L.
104-4, establishes requirements for Federal agencies to assess the
effects of their regulatory actions on State, Local, and Tribal
governments and the private sector. This rule contains no Federal
mandates (under the regulatory provisions of the Title II of the UMRA)
for State, Local, and Tribal governments or the private sector. The
rule imposes no enforceable duty on any State, Local or Tribal
governments or the private sector. Thus, the rule is not subject to the
requirements of sections 202 and 205 of the UMRA.
E. Executive Order 13132: Federalism
Executive Order 13132, entitled ``Federalism'' (64 FR 43255, August
10, 1999), requires EPA to develop an accountable process to ensure
``meaningful and timely input by State and Local officials in the
development of regulatory policies that have federalism implications.
``Policies that have federalism implications'' is defined in the
Executive Order to include regulations that have ``substantial direct
effects on the States, on the relationship between the national
government and the States, or on the distribution of power and
responsibilities among the various levels of government.'' This rule
does not have federalism implications. It will not have substantial
direct effects on the States, on the relationship between the national
government and the States, or on the distribution of power and
responsibilities among the various levels of government as specified in
Executive Order 13132.
F. Executive Order 13175: Consultation and Coordination With Indian
Tribal Governments
Executive Order 13175, entitled ``Consultation and Coordination
with Indian Tribal Governments'' (65 FR 67249, November 9, 2000),
requires EPA to develop an accountable process to ensure ``meaningful
and timely input by tribal officials in the development of regulatory
policies that have tribal implications.'' This rule does not have
tribal implications as specified in Executive Order 13175.
G. Executive Order 13045: Protection of Children From Environmental
Health and Safety Risks
Executive Order 13045, entitled ``Protection of Children from
Environmental Health and Safety Risks'' (62 FR 19885, April 23, 1997),
applies to any rule that: (1) Is determined to be economically
significant as defined under E.O. 12886, and (2) concerns an
environmental health or safety risk that may have a proportionate
effect on children. This rule is not subject to E.O. 13045 because it
is not an economically significant rule as defined by Executive Order
12866, and because it does not involve decisions on environment health
or safety risks.
H. Executive Order 13211: Actions That Significantly Affect Energy
Supply, Distribution, or Use
This action is not subject to Executive Order 13211, ``Actions
Concerning Regulations That Significantly Affect Energy Supply,
Distribution or Use'' (66 FR 28335 (May 22, 2001), because it is not a
significant regulatory action under Executive Order 12866.
I. National Technology Transfer and Advancement Act of 1995 (NTTAA)
Section 12(d) (15 U.S.C. 272 note) of the National Technology
Transfer and Advancement Act of 1995, Public Law 104-113, directs EPA
to use voluntary consensus standards in its regulatory activities
unless to do so would be inconsistent with applicable law or otherwise
impractical. Voluntary consensus standards are technical standards
(e.g., materials specifications, test methods, sampling procedures and
business practices) that are developed or adopted by voluntary
consensus standards bodies. The NTTAA directs EPA to provide Congress,
through OMB, explanations when the Agency decides not to use available
and applicable voluntary consensus standards. This action does not
involve technical standards. Therefore, EPA is not considering the use
of any voluntary consensus standards.
J. Executive Order 12898: Federal Actions To Address Environmental
Justice in Minority Populations and Low-Income Populations
Executive Order 12898 (59 FR 7629 (February 16, 1994) establishes
federal executive policy on environmental justice. Its main provision
directs federal agencies, to the greatest extent practicable and
permitted by law, to make environmental justice part of their mission
by identifying and addressing, as appropriate, disproportionately high
and adverse human health or environmental effects of their programs,
policies, and activities on minority populations and low-income
populations in the United States. EPA has determined that this proposed
rule will not have disproportionately high and adverse human health or
environmental effects on minority or low-income populations because it
does not affect the level of protection provided to human health or the
environment in the general public.
[[Page 55896]]
K. Congressional Review Act
The Congressional Review Act, 5 U.S.C. 801 et seq., as added by the
Small Business Regulatory Enforcement Fairness Act of 1996, generally
provides that before a major rule may take effect, the agency
promulgating the rule must submit a rule report, which includes a copy
of the rule, to each House of the Congress and to the Comptroller
General of the United States. Section 804(2) defines a ``major rule''
as any rule that the Administrator of the Office of Information and
Regulatory Affairs of the Office of Management and Budget finds has
resulted in or is likely to result in (1) an annual effect on the
economy of $100,000,000 or more; (2) a major increase in costs or
prices for consumers, individual industries, Federal, State, or local
government agencies, or geographic regions; or (3) significant adverse
effects on competition, employment, investment, productivity,
innovation, or on the ability of United States-based enterprises to
compete with foreign-based enterprises in domestic and export markets.
EPA is not required to submit a rule report regarding this action under
section 801 as this is not a major rule by definition.
List of Subjects in 48 CFR Parts 1539 and 1552
Environmental protection, Government procurement, Reporting and
recordkeeping requirements.
Dated: September 17, 2019.
Kimberly Y. Patrick,
Director, Office of Acquisition Solutions.
For the reasons set forth in the preamble, EPA proposes to amend
EPAAR parts 1539 and 1552 as follows:
PART 1539--ACQUISITION OF INFORMATION TECHNOLOGY
0
1. Authority: The authority citations for part 1539 continue to read as
follows:
Authority: 5 U.S.C. 301 and 41 U.S.C. 418b.
0
2. Part 1539, as proposed to be added at 84 FR 48856 (September 17,
2019), is proposed to be further amended by adding subpart 1539.2,
consisting of 1539.2071 to read follows:
Subpart 1539.2--Open Source Software
1539.2071 Contract clause.
(a) Contracting Officers shall use clause 1552.239-71, Open Source
Software, for all procurements where open-source software development/
custom development of software will be required; including, but not
limited to, multi-agency contracts, Federal Supply Schedule orders,
Governmentwide Acquisition Contracts, interagency agreements,
cooperative agreements and student services contracts.
(b) In addition to clause 1552.239-71, Contracting Officers must
also select the appropriate version* of Federal Acquisition Regulation
(FAR) clause 52.227-14, Rights in Data--General, to include in the
subject procurement in accordance with FAR 27.409. (*Important note:
Alternate IV of clause 52.227-14 is NOT suitable for open-source
software procurement use because it gives the contractor blanket
permission to assert copyright.)
PART 1552--SOLICITATION PROVISIONS AND CONTRACT CLAUSES
0
3. Authority: The authority citations for part 1552 continue to read as
follows:
Authority: 5 U.S.C. 301 and 41 U.S.C. 418b.
0
4. Add Section 1552.239-71 to read as follows:
1552.239-71 Open source software.
As prescribed in 1539.2071 insert the following clause:
Open Source Software (Date)
(a) Definitions.
``Custom-Developed Code'' means code that is first produced in
the performance of a federal contract or is otherwise fully funded
by the federal government. It includes code, or segregable portions
of code, for which the government could obtain unlimited rights
under Federal Acquisition Regulation (FAR) Part 27 and relevant
agency FAR Supplements. Custom-developed code also includes code
developed by agency employees as part of their official duties.
Custom-developed code may include, but is not limited to, code
written for software projects, modules, plugins, scripts, middleware
and Application Programming Interfaces (API); it does not, however,
include code that is truly exploratory or disposable in nature, such
as that written by a developer experimenting with a new language or
library.
``Open Source Software (OSS)'' means software that can be
accessed, used, modified and shared by anyone. OSS is often
distributed under licenses that comply with the definition of ``Open
Source'' provided by the Open Source Initiative at https://opensource.org/osd or equivalent, and/or that meet the definition of
``Free Software'' provided by the Free Software Foundation at:
https://www.gnu.org/philosophy/free-sw.html or equivalent.
``Software'' means:
(1) Computer programs that comprise a series of instructions,
rules, routines or statements, regardless of the media in which
recorded, that allow or cause a computer to perform a specific
operation or series of operations; and
(2) Recorded information comprising source code listings, design
details, algorithms, processes, flow charts, formulas and related
material that would enable the computer program to be produced,
created or compiled. Software does not include computer databases or
computer software documentation.
``Source Code'' means computer commands written in a computer
programming language that is meant to be read by people. Generally,
source code is a higher-level representation of computer commands
written by people, but must be assembled, interpreted or compiled
before a computer can execute the code as a program.
(b)(1) Policy. It is the EPA policy that new custom-developed
code be made broadly available for reuse across the federal
government, subject to the exceptions provided in (b)(3) of this
section. The policy does not apply retroactively so it does not
require existing custom-developed code also be made available for
Government-wide reuse or as OSS. However, making such code available
for government-wide reuse or as OSS, to the extent practicable, is
strongly encouraged. The EPA also supports the Office of Management
and Budget's (OMB) Federal Source Code Policy provided in OMB
Memorandum M-16-21, Federal Source Code Policy: Achieving
Efficiency, Transparency, and Innovation through Reusable and Open
Source Software, by:
(i) Providing an enterprise code inventory (e.g., code.json
file) that lists new and applicable custom-developed code for, or
by, the EPA;
(ii) Indicating whether the code is available for Federal reuse;
or
(iii) Indicating if the code is available publicly as OSS.
(2) Exemption: Source code developed for National Security
Systems (NSS), as defined in 40 U.S.C. 11103, is exempt from the
requirements herein.
(3) Exceptions: Exceptions may be applied in specific instances
to exempt EPA from sharing custom-developed code with other
government agencies. Any exceptions used must be approved and
documented by the Chief Information Officer (CIO) or his or her
designee for the purposes of ensuring effective oversight and
management of IT resources. For excepted software, EPA must provide
OMB a brief narrative justification for each exception, with
redactions as appropriate. Applicable exceptions are as follows:
(i) The sharing of the source code is restricted by law or
regulation, including--but not limited to--patent or intellectual
property law, the Export Asset Regulations, the International
Traffic in Arms Regulation and the federal laws and regulations
governing classified information.
(ii) The sharing of the source code would create an identifiable
risk to the detriment of national security, confidentiality of
government information or individual privacy.
(iii) The sharing of the source code would create an
identifiable risk to the stability, security or integrity of EPA's
systems or personnel.
[[Page 55897]]
(iv) The sharing of the source code would create an identifiable
risk to EPA mission, programs or operations.
(v) The CIO believes it is in the national interest to exempt
sharing the source code.
(c) The Contractor shall deliver to the Contracting Officer (CO)
or Contracting Officer's Representative (COR) the underlying source
code, license file, related files, build instructions, software
user's guides, automated test suites, and other associated
documentation as applicable.
(d) In accordance with OMB Memorandum M-16-21 the Government
asserts its unlimited rights--including rights to reproduction,
reuse, modification and distribution of the custom source code,
associated documentation, and related files--for reuse across the
federal government and as open source software for the public. These
unlimited rights described above attach to all code furnished in the
performance of the contract, unless the parties expressly agree
otherwise in the contract.
(e) The Contractor is prohibited from reselling code developed
under this contract without express written consent of the EPA
Contracting Officer. The Contractor must provide at least 30 days
advance notice if it intends to resell code developed under this
contract.
(f) Technical guidance for EPA's OSS Policy should conform with
the ``EPA's Open Source Code Guidance'' that will be maintained by
the Office of Mission Support (OMS) at https://developer.epa.gov/guide/open-source-code/ or equivalent.
(g) The Contractor shall identify all deliverables and asserted
restrictions as follows:
(1) The Contractor shall use open source license either:
(i) Identified in the contract, or
(ii) Developed using one of the following licenses:
(A) Creative Commons Zero (CC0);
(B) MIT license;
(C) GNU General Public License version 3 (GPL v3);
(D) Lesser General Public License 2.1 (LGPL-2.1);
(E) Apache 2.0 license; or
(F) Other open source license subject to Agency approval.
(2) The Contractor shall provide a copy of the proposed
commercial license agreement to the Contracting Officer prior to
contracting for commercial data/software.
(3) The Contractor shall identify any data that will be
delivered with restrictions.
(4) The Contractor shall deliver the data package as specified
by the EPA.
(5) The Contractor shall deliver the source code to the EPA-
specified version control repository and source code management
system.
(h) The Contractor shall comply with software and data rights
requirements and provide all licenses for software dependencies as
follows:
(1) The Contractor shall ensure all deliverables are
appropriately marked with the applicable restrictive legends.
(2) The EPA is deemed to have received unlimited rights when
data or software is delivered by the Contractor with restrictive
markings omitted.
(3) If the delivery is made with restrictive markings that are
not authorized by the contract, then the marking is characterized as
``nonconforming.'' In accordance with Federal Acquisition Regulation
(FAR) 46.407, Nonconforming supplies or services, the Contractor
will be given the chance to correct or replace the nonconforming
supplies within the required delivery schedule. If the Contractor is
unable to deliver conforming supplies, then the EPA is deemed to
have received unlimited rights to the nonconforming supplies.
(i) The Contractor shall include this clause in all subcontracts
that include custom-developed code requirements.
(End of clause)
[FR Doc. 2019-22435 Filed 10-17-19; 8:45 am]
BILLING CODE 6560-50-P