TikTok Rule Guidance for Emory University Compliance
*Updated: 4-9-2024*
In June 2023, the federal government released an interim rule Federal Acquisition Regulation (FAR 52.204-27) that prohibits federal contractors and subcontractors from “having or using” the social networking service TikTok or any “successor application” developed by ByteDance, a Chinese internet technology company headquartered in Beijing, on any information technology equipment or device used or provided by the contractor in the performance of a government contract. This ruling applies to Emory as a contractor/subcontractor on applicable federally funded projects.
The rule affects not only institutionally owned and managed devices used to conduct these projects, but potentially personally owned devices, when those devices are used to conduct business related to the projects.
The Federal Government will determine which contracts, cooperative agreements and/or grants should include the FAR clause or a similar requirement. When included as part of award terms and conditions, Emory must comply with the requirements of the clause.
The Office of Research Administration (RCRA and OSP) and OIT Information Security teams have drafted a plan with a tiered approach (with benchmarking for comparable solutions other organizations and institutions have put in place) for good-faith effort for compliance with this interim ruling.
Emory is taking the following steps to act in accordance with FAR 52.204-27:
- Emory will use the technical capabilities of Emory’s endpoint management software to block TikTok and related applications on Emory-owned/managed devices where possible.
- Local IT units within schools, in collaboration with Office of Sponsored Programs, will assess Emory-owned devices used by personnel working on federal contracts to ensure TikTok and/or other ByteDance applications are uninstalled.
- The Office of Sponsored Programs will have PIs and their respective research personnel on applicable contracts/subawards sign an attestation to ensure none of the equipment (Emory-owned or personal) used by project personnel for work done on the contract has, or will have, ByteDance applications installed or accessed.
Business Network Block (effective April 22, 2024)
Another aspect of compliance with the federal ruling will be to block TikTok and other ByteDance applications at a network level to the extent possible on all Emory business networks.
- Note: ResNet (the network for all Emory students) and the Emory Guest network are excluded from the block. Cellular networks are not affected.
Emory-approved TikTok accounts for teaching and other academic and business operations will be allowed to access them via Emory business networks on a case-by-case basis with the approval of an academic dean (or senior business leader in non-academic divisions). Evidence of these approvals, such as an email or letter, must be provided and attached/uploaded with the request form below. These exemptions will be provided on a best effort basis, and reliability cannot be guaranteed.
Emory is committed to ensuring compliance with applicable federal regulations and to educating the campus regarding changes in regulations. The Office of Research Administration will provide additional updates on the TikTok rule as they become available.
FAQs for the Emory Community
Below are answers to questions you may have related to the federal interim rule prohibiting TikTok use on devices used in conducting federally-funded projects. If you have additional questions not answered here, please contact researchsecurity@emory.edu.
TikTok Rule FAQ
The Federal government has issued an interim rule (known as the TikTok ban) that broadly prohibits contractors (awardees of federal funding) from having or using TikTok or other applications owned by ByteDance Limited, a privately held company headquartered in Beijing, China, on any device used in the performance of a government contract.
The rule has a broad reach. It applies to any device used in such work regardless of whether the technology is owned by the government, Emory, or Emory’s employees, faculty, staff, visiting scholars, students, or exchange students.
FAR 52.204-27 must be included in all solicitations issued after June 2, 2023. Many existing contracts are likely to be amended to include the clause in future options and orders.
The rule does not apply to federal grants. The rule applies to federal contracts issued on or after the effective date of June 2, 2023, or modifications to existing contracts on or after that date to extend the length of the contract (period of performance). This also includes subcontracts issued off of federal awards and contracts.
The new restriction does not apply automatically to existing federal contracts and subcontracts. If you receive an amendment after June 2, 2023, to your federal contract or subcontract you should read the amendment carefully to determine if FAR 52.204–27 has been added. It is not uncommon for individual agencies to begin including a new FAR clause in all amendments or to issue an amendment for the sole purpose of applying the new FAR clause even when the agency is not specifically required to do so. It is important, as always, that you review the terms of your contract or subcontract and any subsequent amendments.
The interim rule targets those devices used in the performance of a covered federal contract, including uses such as checking email related to the federally funded project. For example, the rule covers employee-owned devices used as part of an employer “bring your own device” (“BYOD”) program – including cellphones, laptops, iPads, tablets, etc.—when they are used in such work.
If you read or send emails on your personal device related to an applicable federally funded contract, then your device is covered by this rule.
However, personally owned mobile devices that are not used in the performance of a government contract are exempted. The rule does not prohibit the use of TikTok on a personal device that is not used for such work.
While not specifically defined in this new rule, activities such as collecting or analyzing data and/or receiving/sending email specific to the project/contract could be considered performing work on a device.
Emory is taking a multifaceted approach to ensure good faith effort in complying with the interim rule. The university will:
- Use the technical capabilities of Emory’s endpoint management software to block TikTok and related applications on Emory owned/managed devices where possible.
- Local IT units will assess Emory-issued devices to ensure Tik Tok and/or any other ByteDance applications are uninstalled.
- The Office of Sponsored Programs will have PIs and their respective research personnel on applicable grants/contracts/subawards sign an attestation to ensure none of the equipment (Emory-owned or personal) used by project personnel for work done on the contract has, or will have, ByteDance applications installed or accessed.
For impacted research projects, Office of Sponsored Programs (OSP) will notify the PIs and their respective research teams. Individual lab or team members working on applicable federal projects, including students, will be asked to attest to their understanding of and compliance with the ruling.
The app needs to be deleted on both Emory-owned and personal devices belonging to individuals who use them in any way to conduct business related to a covered federal contract. This applies even if you are only using your personal device to check Emory email related to the project.
Yes, any software developed by ByteDance or its subsidiaries is included in the rule. From the regulation: “...TikTok or any successor application or service developed or provided by ByteDance Limited or an entity owned by ByteDance Limited.”
As of August 2023, the following countries have banned TikTok on government owned devices because they believe the app poses a national security threat. There are other countries that banned the app years ago, but they cite shielding citizens from viewing inappropriate content as their reason for the ban.
- Taiwan
- The US and more than half of its state governments
- Canada and its provinces
- The European Union's governing bodies
- Belgium
- Denmark
- New Zealand
- The UK
- Australia
As of August 2023, the following universities have banned TikTok:
Alabama
- Auburn University
Arkansas
- Arkansas State University
- Arkansas Tech University
- University of Arkansas system
Florida
- All public colleges and universities
Idaho
- Boise State University
- Idaho State University
Indiana
- Purdue University
Maryland
- University of Maryland Baltimore
Michigan
- Mott Community College *Accessible on guest network
Mississippi
- University of Mississippi
Montana
- All Montana private and public education institutions
North Dakota
- North Dakota State University system
Oklahoma
- Langston University
- Northwestern Oklahoma State University
- Oklahoma State University
- University of Central Oklahoma
- University of Oklahoma
South Carolina
- Coastal Carolina University
- Clemson University
- Horry-Georgetown Technical College
Tennessee
- All public colleges and universities
Texas
- Lamar University
- Laredo College
- McLennan Community College
- Texas A&M University system
- Texas State Technical College
- Texas State University
- University of Texas at Arlington
- University of Texas at Austin
- University of Texas at Dallas
- University of Houston – Downtown
- University of North Texas
- University of Texas Rio Grande Valley
- University of Texas at San Antonio
Virginia
- University of Virginia *Only for students employed by the university
Wisconsin
- University of Wisconsin-Madison
ByteDance applications will be blocked on Emory business networks beginning April 22, 2024.
All Emory business networks on all campuses are included, except the guest network and the Residential Network (ResNet) used by all Emory students (including undergraduate and graduate students on all campuses, regardless of residential status).
Access via cellular networks will not be impacted.
Yes, TikTok will be blocked on Emory Healthcare networks as well, except for the guest network used by visitors and patients. Emory’s guest network has additional restrictions that make it inappropriate for use by employees.
Emory-approved TikTok accounts for teaching and other academic and business operations will be allowed to access them via Emory business networks on a case-by-case basis with the approval of an academic dean (or senior business leader in non-academic divisions). Evidence of these approvals, such as an email or letter, must be provided and attached/uploaded with the request form below. These exemptions will be provided on a best effort basis, and reliability cannot be guaranteed.
You can request approval to be able to continue accessing and using your TikTok account via Emory business networks. See above for details.
Yes, as long as the use is not related to a federal contract. However, TikTok will not be accessible on Emory business networks (used primarily by faculty and staff). Student access from the Emory Residential Network (ResNet), which used by Emory undergraduate and graduate students on all campuses regardless of residential status, will continue to be permitted. Also, access via cellular networks will not be affected by the block.