TAA and NDAA Compliance Explained – What It Means for Your Teltonika Deployment

Federal procurement rules around networking equipment have tightened considerably over the past few years. Two regulations define what can and cannot be deployed on a federal network: NDAA Section 889 and the Trade Agreements Act.

The first bans equipment from specific Chinese vendors. The second governs where products are manufactured. Getting either wrong can mean contract disqualification, equipment replacement costs, or funding clawback – none of which are easy problems to fix after a deployment is live.

This guide breaks down what both regulations require, how they differ, and where they overlap. It also covers how Teltonika networking devices are positioned against these requirements, and what documentation procurement teams should request before finalising any compliant deployment.

WHAT IS NDAA COMPLIANCE?

The John S. McCain National Defense Authorization Act for Fiscal Year 2019 was signed into law on August 13, 2018. Section 889 of that act introduced a significant restriction on how federal agencies and their partners procure telecommunications equipment.

Specifically, Section 889 prohibits federal agencies, their contractors, and recipients of federal grants or loans from procuring or using "telecommunications and video surveillance equipment or services" from five named Chinese companies, where that equipment serves as "a substantial or essential component of any system, or as critical technology as part of any system."

The banned vendors are:

• Huawei Technologies Company – telecommunications equipment

• ZTE Corporation – telecommunications equipment

• Hytera Communications Corporation – video surveillance and telecommunications

• Hangzhou Hikvision Digital Technology Company – video surveillance and telecommunications

• Dahua Technology Company – video surveillance and telecommunications 

  
  

The law operates in two parts. Section 889(a)(1)(A) prohibits agencies from procuring equipment from these vendors directly. Section 889(a)(1)(B) extends that prohibition to contractors and grant or loan recipients – meaning even private organisations receiving federal funding must comply.

This is not a voluntary standard or a procurement preference. It is a legal requirement. Non-compliance can result in contract termination, suspension from federal contracting, and in some cases repayment of federal funds.

WHAT IS TAA COMPLIANCE?

The Trade Agreements Act (TAA) is a US federal law that governs where products sold to the federal government may be manufactured. Products procured under General Services Administration (GSA) schedules and most other federal contracts must either be manufactured in the United States or "substantially transformed" in a TAA-designated country.

Substantial transformation is a legal standard: a product is considered substantially transformed in a country if it undergoes a fundamental change there that creates a new and different article with a distinctive name, character, and use. Simply assembling imported components does not qualify. 

TAA-designated countries include most of the European Union, as well as Canada, Australia, Japan, South Korea, and a number of others established through US trade agreements. Notably, China is not a TAA-designated country, nor is Russia, India, or Malaysia – countries where significant electronics manufacturing takes place.

TAA compliance is primarily relevant to:

• Direct US government procurement via GSA schedules

• Federal contracts requiring FAR (Federal Acquisition Regulation) compliance

• State and local government contracts that incorporate federal funding 

  
  

Unlike NDAA, TAA is about origin – not the brand. A product from any manufacturer can be TAA non-compliant if it is manufactured in a non-designated country, regardless of whether the manufacturer appears on any banned list.

NDAA VS TAA – KEY DIFFERENCES

Both regulations apply to federal procurement of networking and telecommunications equipment, but they address different risks and impose different requirements. Procurement teams frequently need to satisfy both simultaneously.

The two regulations overlap significantly in practice. A device manufactured in China would fail both – it would likely incorporate components from banned vendors (NDAA) and would be ineligible under country-of-origin rules (TAA). 

WHY NETWORKING EQUIPMENT IS A COMPLIANCE PRIORITY

Routers, cellular gateways, and other IoT devices occupy a sensitive position in network architecture. They sit at the edge of infrastructure, routing traffic, handling authentication, and in many deployments, transmitting operational or sensitive data back to central systems.

This is precisely why Section 889 focuses on telecommunications equipment rather than, say, office furniture. A compromised router can intercept traffic, create backdoor access, or exfiltrate data without any visible sign of intrusion. The 2019 NDAA was drafted with this threat model in mind – the concern is not just about brand loyalty but about embedded firmware, undisclosed remote access capabilities, and supply chain integrity.

For industrial IoT deployments specifically, the risk surface is broader. Cellular routers used in critical infrastructure, utilities, transportation, or public safety networks are high-value targets. A single non-compliant device in a federally funded network can create contract liability for the entire deployment.

TELTONIKA'S POSITION ON NDAA AND TAA COMPLIANCE

Teltonika is a Lithuanian manufacturer of industrial networking devices. Its products are engineered in Lithuania, an EU member state and a TAA-designated country.

Teltonika has formally stated that its equipment is compliant with NDAA Section 889(a)(1)(A) and 889(a)(1)(B) and does not contain any telecommunications equipment or services from Huawei, ZTE, Hytera, Hikvision, or Dahua. This position is backed by component-level documentation available to customers on request.

Key compliance facts:

• NDAA banned component status: None present in declared product list

• Compliance scope: Sections 889(a)(1)(A) and 889(a)(1)(B)

• Documentation: Available via Teltonika Networks Wiki and compliance attachments provided on request 

  
  

For organisations working on federal contracts or federally funded infrastructure, Teltonika's EU origin and component transparency make its devices a viable option where both TAA and NDAA compliance are required.

WHICH TELTONIKA PRODUCTS ARE TAA AND NDAA COMPLIANT?

Teltonika's NDAA-compliant product list covers its core industrial networking portfolio, including routers and cellular gateways designed in Lithuania. For the complete and current list of compliant devices with model numbers and full documentation, visit the Teltonika NDAA compliance page. 

STAYING COMPLIANT STARTS AT PROCUREMENT

NDAA and TAA compliance is not something that can be changed after a deployment is complete. The time to verify equipment eligibility is before purchase orders are raised, not after a contract audit. For procurement teams and systems integrators working on federal or federally funded projects, that means confirming country of origin, requesting Section 889 declarations, and matching device models against published compliance lists.

Teltonika devices, are built to meet these requirements. The documentation exists, the compliance declarations cover both parts of Section 889, and the team can support project-specific requests. If you are planning a deployment that requires verified compliance, reaching out early in the procurement process will save significant time later.