The United States has enacted laws that expand U.S. government screening of certain transactions involving foreign companies and governments as well as regulation of the transfer and use of sensitive U.S. goods and technologies in the United States and abroad.
The impetus for this new legislation is the changed national security landscape resulting from the increased importance of critical technology (especially emerging and foundational technology), critical infrastructure, and cybersecurity, all primarily in response to perceived challenges to the United States posed by China.
The legislation culminates and reinforces an evolution in U.S. policy toward protecting an expanded scope of national security interests to include such considerations as technology, manufacturing leadership, and international competitiveness.
While these two laws largely codify practices that executive branch administrations have adopted in recent years, they also definitively confirm that there is no going back. United States and international businesses and investors must adapt to legal requirements that are more far-reaching and grounded in concepts of national security that depart from traditional notions based on military and intelligence considerations.
Taken together, these two statutes will result in more regulators, more regulation, and increased compliance risks—especially for companies dealing with leading-edge technology. The regulatory implications of these pieces of legislation are expected to be extensive.
What Transactions Might Be Subject to the New Laws on Foreign-Related Transactions?
The new laws potentially apply to these types of transactions:
- Acquisitions of U.S. companies holding “critical technology” by non-U.S. acquirers
- Minority investments by non-U.S. investors in U.S. companies holding “critical technology”
- Investment into U.S. venture capital funds by foreign investors
- Investment into U.S. private equity funds by foreign investors
- Sales, licenses, or export of technology to non-U.S. companies
- Acquisition or lease of certain types of U.S. real estate by foreign entities
Technology Transfer Restraints
In general, FIRRMA and ECRA will preserve the role of export controls as the principal means of restraining international transfers of U.S. advanced technology. The Congress ultimately rejected a proposal in earlier versions of the FIRRMA bill that would have instructed CFIUS to regulate transfer of technology abroad, even outside the context of foreign acquisitions of U.S. companies and investments in the United States.
CFIUS continues to screen a broad array of inward transactions, but the U.S. Commerce Department retains the lead in restricting outward technology transfers through its administration of export control regulations.
What Is CFIUS?
CFIUS is an interagency, cabinet-level committee within the U.S. government. It is tasked with examining the national security implications of foreign investments in U.S. companies or operations. CFIUS is chaired by the Secretary of the Treasury, and includes representatives from, among others, the Department of Homeland Security; the State, Defense, Energy, and Commerce departments; the intelligence community; and White House agencies.
A leading CFIUS concern is that technology important to the security of the United States might be transferred to a foreign entity in an acquisition or investment transaction. CFIUS has become increasingly important due to China’s initiatives (such as Made in China 2025) to develop and own critical technologies.
The “Exon-Florio” federal statute, which FIRRMA has amended, authorizes the U.S. president to block covered transactions, or order divestment in the case of completed transactions, if he or she finds that the transaction threatens U.S. national security. CFIUS normally examines a transaction when parties notify it of the transaction and request that CFIUS clear it (i.e., find that it does not threaten U.S. security or is not covered). Cleared transactions are insulated from adverse action under the Exon-Florio statute. If a covered transaction is not cleared by CFIUS, CFIUS could, at any time, engage the president to order that the foreign acquirer or investor sell its interest to a U.S. buyer.
With each major federal department having its own CFIUS bureaucracy, there are an enormous number of processes and requirements surrounding CFIUS, some for private party engagement with CFIUS and some internal to the government. The new legislation increases those processes significantly.
The CFIUS process typically starts when two companies wanting to do a transaction that is subject to CFIUS’s jurisdiction file a joint voluntary notice to the committee, explaining the transaction, the technology involved, the history of the companies, and providing other, more detailed information. The committee then scrutinizes the transaction in one or two time-limited phases mandated by law. If CFIUS does not clear the transaction, it normally refers it to the president with a recommendation that it be blocked or reversed through divestment.
CFIUS sometimes conditions clearance on commitments from the parties to mitigate perceived national security concerns. Mitigation commitments can be as limited as reporting requirements or as intrusive as partial divestment obligations. In some instances, CFIUS informally, but in effect, blocks transactions by advising the parties that it plans to refer a transaction to the president with a recommendation that it be blocked. In these circumstances, parties normally abandon the transaction.
Who Is a Foreign Person for Purposes of CFIUS Jurisdiction?
CFIUS is authorized to screen transactions only when the acquirer or investor is a “foreign person.” CFIUS’s regulations define “foreign person” to be:
- A foreign national
- A foreign government
- A foreign entity
- Any entity over which control is exercised or exercisable by any of the foregoing
The CFIUS rules define “control” as the ability to exercise certain powers over important matters affecting the entity. Specifically, “control” is defined to be the “power, direct or indirect, whether or not exercised, through the ownership of a majority or a dominant minority of the total outstanding voting interest in an entity, board representation, proxy voting, a special share, contractual arrangements, formal or informal arrangements to act in concert, or other means, to determine, direct, or decide important matters affecting an entity. . . .”
CFIUS has come to construe “control” broadly to essentially mean “influence.” CFIUS considers that two or more parties can simultaneously and independently control a company.
For purposes of CFIUS transaction screening, a “foreign person” can include a U.S. subsidiary of a foreign business or a U.S. based investment fund controlled by non-U.S. investors.
Thus, it’s important to understand the acquirer’s or investor’s ownership chain.
“Emerging and Foundational” Technology Initiative
As a major new initiative, ECRA instructs the president to form an interagency group to continually identify “emerging and foundational technologies”—technologies that are “essential to the national security of the United States” but not already subject to export license requirements. The Secretary of Commerce is to establish appropriate controls on such technology. Of particular significance, ECRA mandates that the Commerce Department require a license for the export, re-export, or in-country transfer of emerging and foundational technologies to a country that is subject to an arms embargo imposed by the United States. China is one such country subject to a U.S. arms embargo.
The interagency process to identify emerging and foundational technologies is to be informed by various sources, including information that CFIUS secures through its transaction-screening proceedings.
Defining these emerging and foundational technologies is a tall order. The government is not naturally equipped to identify and assess technologies as they are emerging from industry. To meet this challenging mandate, cautious U.S. officials can be expected to take a broad view in defining technology and transactions that require approval.
FIRRMA reinforces that CFIUS should be especially watchful for foreign, and especially Chinese, acquisitions and investment transactions that purportedly threaten U.S. national security by facilitating technology transfers. CFIUS has jurisdiction over foreign purchases of equity in U.S. companies that develop or have “critical technologies,” defined to include newly identified “emerging and foundational technologies,” unless those investments are relatively small and wholly passive. Such a passive investment provides the foreign investor with merely a financial interest in the investment target and no meaningful ability to influence its operations or activities.
What Transactions Are Now Within CFIUS’s Jurisdiction to Examine and the President’s Authority to Block?
In recent years, CFIUS has adopted ever broader views on the types of transactions that fall within its jurisdiction to examine and the president’s authority to block; that is, “covered transactions.” FIRRMA codifies these expanded interpretations of a covered transaction and in some respects further expands the scope of covered transactions. Following enactment of FIRRMA, covered transactions most notably include:
- Traditionally Defined Covered Transactions. As has always been the case, the Exon-Florio statute will continue to cover any transaction that could result in a foreign person gaining control over a U.S. business.
- Transactions Regarding Critical Technology and Critical Infrastructure. Under FIRRMA, covered transactions expressly include specified types of acquisition and investment transactions by a foreign person in any unaffiliated U.S. business that (1) owns, operates, manufactures, supplies, or services critical infrastructure; (2) produces, designs, tests, manufactures, fabricates, or develops one or more critical technologies; or (3) maintains or collects sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security.
Such transactions are defined as any investment that gives the foreign person access to material nonpublic technical information, or membership or observer rights on the board of directors. Also included are any transactions which accord the foreign person any involvement, other than through voting of shares, in substantive decision-making of the U.S. business regarding sensitive personal data of U.S. citizens, critical technologies, or critical infrastructure. Given how broadly CFIUS has construed its jurisdiction in recent years, CFIUS may not end up modifying its practice in response to this provision of the new statute.
- Real estate transactions. In a notable expansion of CFIUS’s jurisdiction, however, FIRRMA has changed the definition of “covered transaction” to authorize CFIUS to screen acquisitions and leases of real estate in close proximity to U.S. military or other sensitive national security facilities or that involve air or maritime ports.
- Bankruptcy-related transactions. Historically, CFIUS has focused on merger and acquisition transactions. FIRRMA now explicitly empowers CFIUS to scrutinize bankruptcy purchases of assets that otherwise qualify as covered transactions. Intensified CFIUS examination of bankruptcy sales involving advanced technology companies is expected.
- Routine Intellectual Property licensing transactions will not typically be covered. As indicated above, the new law has not given CFIUS jurisdiction to regulate technology licensing, and support transactions outside the context of foreign acquisitions or investment will not be subject to the new law. But the interagency review process on emerging and foundational technologies could lead to export control limitations on technology transfers.
New “Light” CFIUS Filings
Parties can now submit abbreviated “declarations” to CFIUS instead of standard lengthy transaction notices—an expedited process that could be most helpful for transactions that do not seem to present national security concerns. These declarations or “light” filings will be limited in length and, unlike notices, will not automatically trigger a CFIUS review. Within 30 days of receipt of a declaration, CFIUS is to request a conventional notice, initiate a unilateral review, and either inform the parties that review cannot be completed on the basis of the declaration or clear the transaction.
Mandatory CFIUS Filings
To date, whether to notify CFIUS of a foreign acquisition or investment transaction has been a matter of discretion for the parties involved. A filing with CFIUS has never been legally mandatory.
Under FIRRMA, in some instances, submission of the abbreviated declarations described above will now be mandatory. Parties to a covered transaction will be required to make a filing if the transaction involves an acquisition, directly or indirectly, of a substantial interest in U.S. critical infrastructure or critical technology businesses, or U.S. businesses that maintain or collect sensitive personal data by a foreign person in which a foreign government has, directly or indirectly, a substantial interest. In addition, CFIUS may mandate submission of a declaration for any covered transaction involving a U.S. business that produces or trades in “critical technologies” (including export-controlled items).
Special Treatment of Investment Funds
Investment fund transactions (such as investments in venture capital or private equity funds) may constitute covered transactions.
However, when a non-U.S. party invests through an investment fund as a limited partner and the investor becomes a member of a fund limited partner advisory body, the investment is not normally a covered transaction if (1) the fund is managed exclusively by a U.S. general partner, managing partner, or equivalent; (2) the advisory body does not have the ability to control the investment decisions of the fund or decisions made by the general partner or equivalent; (3) the foreign person does not otherwise have the ability to control the fund; and (4) the foreign person does not have access to material, nonpublic technical information as a result of its participation on the advisory board or committee.
International Coordination on Security Policy Under FIRRMA
FIRRMA reinforces and extends an expanding U.S. practice of seeking to induce U.S. allies to screen foreign acquisition and investment transactions in the same way that CFIUS does. The statute directs the Secretary of the Treasury to establish a formal process for the exchange of information important to the national security analysis or actions of CFIUS with governments of countries that are allies or partners of the United States. Among other things, the process should be designed to facilitate the harmonization of action with respect to trends in investment and technology that could pose risks to the national security of the United States and its allies and partners.
FIRRMA Implementation Dates
Some FIRRMA provisions already apply to covered transactions that are the subject of CFIUS screening proceedings commencing after August 13, 2018, when the president signed the statute into law. Some FIRRMA provisions, however, will not take effect until either 18 months following the statute’s enactment or 30 days after notice by the Secretary of the Treasury that the regulations, organizational structure, personnel, and other resources necessary to administer the new provisions are in place (whichever is earlier). Delayed implementation applies with regard to, among others, the above-described changes to the definition of “covered transaction” and the provisions regarding declarations. Much about how CFIUS administers FIRRMA will depend on implementing regulations for the statute.
CFIUS Process and Procedural Changes
FIRRMA effects a variety of CFIUS process and procedural changes. For example, although CFIUS does not presently require payment of filing fees, the new legislation authorizes CFIUS to collect a fee (not to exceed $300,000) with respect to covered transactions for which a written notice is submitted. In addition, FIRRMA extends the period of an initial “review” after submission of a notice from 30 to 45 days. The timeline for investigations will remain 45 days, and an investigation may be extended beyond its 45-day limit only once and only for 15 days.
BEA Disclosure Requirements Remain in Place
Apart from CFIUS, the Commerce Department’s Bureau of Economic Analysis continues to require that U.S. companies report to the U.S. government, among other things, acquisitions of 10% or more of their equity by foreign acquirers and investors. This reporting requirement applies even if the transaction triggering the reporting is not a covered transaction for CFIUS purposes.
What Are the Practical Implications of the New Regulation of Foreign Parties’ Investment in and Acquisition of U.S. Companies?
Some of the practical implications of these new laws include the following:
- Investments in and acquisitions of U.S. technology companies by Chinese parties (especially where China’s state-owned enterprises hold investment stakes in Chinese buyers), in particular, will often be more challenging and subject to greater uncertainty.
- Foreign—again, especially Chinese—investors and U.S. companies will need to evaluate a transaction’s sensitivity not just against traditional understandings of national security but also new considerations such as U.S. technology and manufacturing leadership and international competitiveness.
- CFIUS will continue to clear most foreign investments in and acquisitions of U.S. companies for those transactions that do not implicate expanded conceptions of national security threats.
- Transaction parties will need to devote more attention to CFIUS considerations earlier in transaction planning.
- Transaction and legal expenses will go up significantly as parties try to understand and mitigate the risks in dealing with foreign parties, especially China.
- Parties will need to negotiate who will bear the new filing fee burden with CFIUS (which can be up to $300,000).
- In acquisitions involving foreign buyers, U.S. sellers will more strongly insist on measures designed to shift CFIUS risk to these buyers, such as employing substantial “breakup” fees payable when closing of deals is delayed for an agreed time period due to CFIUS’s refusal to clear those transactions.
- Acquisitions will take longer to close, and heightened attention will be given to covenants limiting the seller’s ability to operate its business pending a closing.
- New rules will be promulgated by CFIUS, likely within the next year, which will further affect transactions.
When Congress first enacted legislation in 1988 authorizing transaction-screening by CFIUS, members stressed that screening arrangements were solely for extraordinary circumstances required to protect national security, and that the United States was not moving toward the type of general foreign investment review programs administered by other nations. With FIRRMA, for good or ill, the United States now has a general arrangement for screening foreign acquisition and investment transactions. While the arrangement accommodates most such transactions, foreign deployers and U.S. recipients of capital need to take it seriously as they plan transactions.