If you’re a federal contractor and you haven’t yet audited your facilities for Hikvision, Dahua, Huawei, ZTE, or Hytera surveillance equipment, the December 2026 compliance deadline is approaching faster than most large organizations can execute a full camera replacement across all facilities.
This post explains what NDAA Section 889 Part B actually requires, why the surveillance equipment question is more complex than it first appears, and what the practical compliance path looks like for contractors managing large or distributed facilities.
This post provides general information only and does not constitute legal advice. Consult qualified legal counsel and your contracting officers for guidance specific to your contracts and facilities.
The Specific Problem With Section 889 Part B
NDAA Section 889 is discussed in two distinct parts. Part A is simple: federal agencies cannot buy covered equipment. Most federal contractors understood this as “the government won’t buy it, so we won’t sell it to them.”
Part B is where many contractors have been caught unprepared. Part B prohibits the federal government from contracting with any entity that uses covered telecommunications equipment or services — including for the contractor’s own internal operations. This is not about what you sell to the government. It’s about what cameras are in your own offices, warehouses, data centers, and manufacturing facilities.
A defense contractor with Hikvision cameras in its corporate headquarters, while holding a federal contract, may have a Part B compliance issue regardless of whether those cameras have any connection to the government work being performed.
The “Reasonable Inquiry” Requirement
FAR clause 52.204-25 requires contractors to make “a reasonable inquiry” to determine whether they use covered equipment. A reasonable inquiry is defined as not necessarily requiring an audit, but it does require reviewing information in your possession about your technology inventory.
For most contractors, conducting a reasonable inquiry for surveillance equipment specifically means:
- Reviewing existing technology asset inventories for known covered brands
- Surveying facilities management and IT teams about what camera systems are installed
- Checking with security integrators who installed or maintain your camera systems
- Reviewing invoices and procurement records for camera purchases
- Examining OEM or private-label cameras for manufacturing provenance (the brand on the exterior may not reflect the manufacturing origin)
The OEM provenance issue is significant: many cameras sold under private-label or white-label brands were manufactured by Hikvision or Dahua. If the underlying hardware is a covered product, the brand name on the exterior doesn’t change the compliance analysis.
Reporting Obligations After Discovery
If a contractor discovers covered equipment after certifying compliance — whether during a reasonable inquiry or afterward — reporting to the contracting officer is required within one business day. The faster this happens, and the more documentation exists showing a good-faith compliance effort, the better the contractor’s position in any subsequent contracting discussion.
Discovering covered equipment and not reporting it, or delaying reporting, creates significantly greater contracting and reputational risk than immediate disclosure and a documented remediation plan.
What Full Compliance Migration Requires
For federal contractors, NDAA Section 889 compliance is a camera replacement problem — not a VMS platform problem. Replacing the NVR or VMS software while keeping covered cameras in your facilities does not satisfy Part B. The cameras themselves are the covered equipment.
A compliance-complete migration for federal contractors involves:
- Complete camera inventory across all facilities with manufacturer identification
- Legal review to confirm scope of compliance obligation for your specific contracts
- Procurement plan for NDAA-compliant replacement cameras (Axis, Hanwha, Bosch, Uniview, etc.)
- Phased replacement schedule that achieves compliance by December 2026
- Cloud VMS or new NVR deployment for replacement camera infrastructure
- SAM.gov certification update upon completion
- Documentation of the full migration for contracting records
Where Cloud VMS Fits in the Compliance Migration
Cloud VMS — specifically iFovea cloud VMS — fits into the compliance migration as the management platform for the new, compliant camera infrastructure. When covered cameras are replaced with NDAA-compliant alternatives, cloud VMS provides:
- Remote access to all facilities from a single browser-based platform without VPN complexity
- AI video analytics — people counting, ALPR, AI forensic video search, behavioral detection — capabilities that local NVR infrastructure cannot provide
- Multi-site unified management — critical for contractors with distributed facilities
- Role-based access controls and audit logging that support governance documentation requirements
- No local NVR hardware at facilities — removing a maintenance burden and failure risk
Cloud VMS does not make covered cameras compliant. But for contractors planning the compliance migration, cloud VMS on NDAA-compliant replacement cameras is the recommended deployment architecture — it provides better operational capabilities than the local NVR systems being replaced, with less on-site hardware complexity across distributed facilities.
Managing the Scope Across Multiple Facilities
For contractors with large or distributed facility footprints, the scale of the camera inventory problem is worth confronting early. A mid-size defense contractor with 20 facilities and an average of 30 cameras per facility has 600 cameras to identify, assess, and potentially replace — and the procurement lead time for NDAA-compliant cameras at that scale, combined with installation scheduling, means December 2026 is a tight timeline, not a comfortable one.
Prioritization typically means:
- Facilities directly involved in federal contract performance first
- Facilities where SAM.gov certification review is most likely to be scrutinized
- Facilities where existing camera systems have the most known vulnerabilities or operational failures
- Remaining facilities completed in scheduled phases within the compliance window
The multi-site VMS migration checklist and the cloud VMS cost calculator are practical planning tools for large-scale compliance migrations.