Anyone who procures network and IT hardware will sooner or later come across three letters in data sheets and tenders: TAA. The abbreviation stands for the Trade Agreements Act – a US law that may seem far removed at first glance, but which in practice also plays a role for many companies in German-speaking countries.
The Trade Agreements Act (TAA) is a US federal law that was passed by the US Congress on 26 July 1979 and brought into force. It regulates where the US government is permitted to source goods and services. The basic idea is that federal authorities – from the military and the General Services Administration (GSA) to individual ministries – may, above certain contract values, only purchase products that have been manufactured or ‘substantially transformed’ in the US itself or in a recognised partner country.
A product is therefore ‘TAA-compliant’ if its economic origin lies in an approved country. It is important to note that there is no official TAA certification. No one issues a seal of approval. Instead, it is a self-declaration by the supplier or contractor, who is liable for its accuracy. Anyone who falsely declares a product to be TAA-compliant bears the full risk – a point that is often underestimated.
The TAA does not apply to every purchase, but only once a threshold value is reached. This threshold is based on the World Trade Organisation’s Government Procurement Agreement (WTO GPA) and is adjusted approximately every two years to account for currency fluctuations. Since the last adjustment (effective from 13 March 2026), the threshold for supply contracts has been around 174,000 US dollars; significantly higher values apply to construction works.
One important exception concerns the so-called GSA Schedule contracts – the standard framework agreements through which US government agencies procure goods worth tens of billions of dollars annually. Here, products must be TAA-compliant regardless of the size of the individual order, because the total value of the contract almost always exceeds the threshold.
For IT providers wishing to enter the US government market, TAA compliance is therefore effectively the ticket in. Once the TAA applies, it supersedes an older law, the Buy American Act (BAA). The difference is significant: the BAA requires a specific proportion of US domestic content, whereas the TAA only checks the country of origin. Under the TAA, a device manufactured entirely in Germany is just as eligible for procurement as a US product – without any minimum domestic content requirement.
At the heart of TAA compliance lies the concept of “substantial transformation”. A product is considered to have undergone substantial transformation if, through a processing step, it becomes a new commercial good with its own name, character or intended use – in other words, something different from the individual components from which it was made.
A large proportion of global production of switches, routers and transceivers takes place in countries not on the TAA list – notably China, Malaysia, Thailand and Vietnam – which makes assessing TAA compliance for IT hardware particularly complex. The key question then is: is what happens afterwards sufficient to constitute a substantial transformation?
Some practical guidelines from the US Customs and Border Protection (CBP):
For buyers, this means in concrete terms: the dispatch warehouse says nothing about the origin. A product dispatched from a warehouse in Texas or Frankfurt may still have been manufactured in a non-approved country. What is always decisive is the place of manufacture or the substantial transformation – not the location of the final shelf.
The eligible countries – referred to as ‘designated countries’ in the FAR text – fall into four categories: WTO GPA members, countries with free trade agreements (FTAs) with the US, least developed countries, and countries in the Caribbean basin. In total, there are around 120 countries. The list rarely changes: The most recent addition was North Macedonia in November 2023; prior to that, there had been seven years without any changes.
The following examples are particularly relevant for IT procurement:
This list has been deliberately abbreviated – the binding list is set out in FAR clause 52.225-5 and should always be cross-checked there before any specific procurement, as political conditions may change.
| Status | Countries (selection) |
|---|---|
| TAA-compliant (approved) | USA, Germany and the rest of the EU, Switzerland (not an EU member, but part of the WTO GPA), United Kingdom, Japan, Canada, Mexico, Taiwan, South Korea, Israel, Norway |
| Not TAA-compliant | China, Malaysia, Thailand, Vietnam, India, Indonesia, Brazil, Russia |
What is striking is the gap: the very countries where the majority of network hardware is physically manufactured are missing from the list. The world map below shows all the countries that are TAA-compliant and approved under the Trade Agreements Act.
At first glance, the TAA appears to be purely a US issue. In fact, there are several points of contact that are important for companies in Germany, Austria and Switzerland:
Germany and the EU are approved countries. ‘Made in Germany’ or ‘Made in the EU’ meets the TAA’s origin requirement. Anyone who manufactures or substantially modifies products here thus has a tangible advantage if the product is ultimately intended for government agencies in the US.
Domestic customers with close ties to the US. US military bases in Germany, subsidiaries of American corporations or suppliers for US federal projects may require TAA compliance – even for deliveries within Europe. The requirement follows the contract, not the national border.
Supply chains and resale. Any retailer or distributor sourcing hardware that will later enter the US government market (including via third parties) should be aware of the TAA status of their products. A data sheet with a clear indication of origin is a real selling point here.
Distinction from EU issues. TAA has nothing to do with CE marking, the GDPR or the EU Supply Chain Act, nor does it replace them. It is purely a US procurement rule. Confusing it with European compliance issues leads to misunderstandings.
In the field of TAA-compliant IT hardware, numerous leading manufacturers offer specialist product lines or SKUs that meet the requirements of the Trade Agreements Act. These are mostly selected ranges specifically designed for government agencies, public sector clients and internationally regulated procurement projects.
Eaton offers one of the most comprehensive portfolios of TAA-compliant power and infrastructure products. Particular focus is placed on UPS systems, PDUs and specialised power distribution solutions, amongst others. Many of these products are available in various TAA-compliant SKUs and are frequently used in data centres and critical infrastructure.
Typical TAA-compliant product series include:
Juniper Networks offers a wide range of networking and security products in TAA-compliant versions. These are particularly common in enterprise and government environments and are often identified by specific SKUs.
Typical TAA-compliant series include:
Cisco Systems provides TAA-compliant versions of its enterprise network solutions via specific configurations and part numbers. These are not always immediately apparent from the product name, but are listed via the Cisco Commerce Workspace (CCW) or authorised distributors.
Typical product families with TAA-compliant options:
HPE Aruba offers high-performance switches that are available in TAA-compliant variants. These are used in particular in corporate and government networks.
Typical TAA-relevant product line:
Note on TAA compliance and product labelling
Please note that not all products within the series mentioned are automatically TAA-compliant. TAA-compliant variants can usually be clearly identified by the suffix ‘TAA’ in the product name or SKU code.
If you have any questions regarding TAA-compliant products or specific configurations, please feel free to contact us at any time via our contact form. We will be happy to assist you in selecting the right solution.
There are other abbreviations associated with the TAA that are easily confused:
“TAA-compliant means ‘Made in the USA’.” No. Products from Germany, Japan or Canada are also TAA-compliant. “Made in the USA” is a separate, stricter FTC label.
“A TAA certificate proves compliance.” There is no official certificate. What counts is a reliable self-declaration accompanied by proof of origin.
“Shipping from an approved country is sufficient.” No – the place of manufacture or transformation is decisive, not the place of dispatch.
“Once compliant, always compliant.” If a manufacturer changes its production site, a previously compliant product may lose its status. The information must be kept up to date.
The Trade Agreements Act specifies which IT hardware may be procured by US federal agencies. This is advantageous for companies in Germany and the EU, as their products can generally originate from approved countries of origin. The decisive factor is not the dispatch warehouse, but where a product was manufactured or substantially modified.
Generally speaking, no – unless your customer supplies US government agencies or requires compliance under the terms of a contract.
Not necessarily. If it is substantially modified in an approved country (e.g. through complex integration or the installation of function-critical firmware), it can become compliant. Simply repackaging it is not sufficient.
In clause FAR 52.225-5, available via acquisition.gov. It rarely changes, but should be checked before major procurements.
The TAA regulates the country of origin of the end product, whilst the NDAA (Section 889) prohibits certain high-risk components. A product may comply with one but fail to meet the requirements of the other.
