As US toughens CFIUS oversight of foreign investments in sensitive sectors of the economy, we assess the key factors in play
President Biden recently issued an Executive Order on Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States (the Foreign Investment EO). It directs increased scrutiny by the Committee for Foreign Investment in the United States (CFIUS) of foreign acquisitions and investments in what the US Government has deemed particularly sensitive sectors of the US economy. In doing so, the Foreign Investment EO, signed 15 September 2022, also elaborates on several national security factors that CFIUS will consider in reviewing transactions under its jurisdiction. As a practical matter, many of these aspects are already addressed in any CFIUS review of non-US acquisitions of certain covered investments in US companies. While the Foreign Investment EO does not expand CFIUS jurisdiction nor change its review process, it nevertheless sends a clear signal to deal makers and their advisers that CFIUS will continue to scrutinize such foreign acquisitions/investments especially where the US target business operates in the technology or data sectors.
Background: New Foreign Investment EO part of broader effort to strengthen national security
The Biden administration has previously expressed concerns that US adversaries may exploit the US Government’s commitment to open investment, including foreign direct investment, in the US economy to undermine national security, including by enabling the transfer of critical technologies to adversaries and by undermining US technological leadership in sectors deemed strategically important.
The Foreign Investment EO, anticipated for months, essentially formalizes a new, broader interpretation of CFIUS’s review authority that has been underway since the 2018 enactment of the Foreign Investment Risk Review Modernization Act (FIRRMA). Among other notable provisions, FIRRMA expanded CFIUS’s jurisdiction to reach certain non-controlling investments in US technology, infrastructure or data-related businesses and imposed mandatory filing requirements in some cases.
New factors for CFIUS consideration
The Foreign Investment EO directs CFIUS to consider five specific sets of factors (as summarized in a White House fact sheet). These are set out below:
A given transaction’s effect on the resilience of critical US supply chains that may have national security implications, including those outside of the defense industrial base
The Foreign Investment EO states that CFIUS must consider, as appropriate, a covered transaction’s effect on supply chain resilience and security, both within and outside of the defense (and energy sector) industrial base. This directs consideration of the level of diversification through alternative suppliers across the supply chain, including suppliers located in allied or partner countries, the extent to which the target US business supplies the US Government; and the concentration of foreign ownership or control in a given supply chain.
A transaction’s effect on US technological leadership in critical/sensitive areas affecting US national security
The Foreign Investment EO identifies sectors that the US Government deems fundamental to US technological leadership and national security. This includes, but is not limited to: microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, climate adaptation technologies, and elements of the agricultural industrial base that have implications for food security. Further, the Foreign Investment EO instructs CFIUS to consider whether a covered transaction involves manufacturing capabilities, services, critical mineral resources, or related technologies.
In addition, CFIUS must assess: (i) whether a covered transaction could reasonably result in future advancements and applications in technology that could undermine national security; and (ii) whether a foreign acquirer or investor has ties to third parties that might cause the transaction to pose a security threat. One potential consequence of this second factor is that CFIUS is likely to test the national security implications of a transaction not only by reference to the deal parties themselves, but also by reviewing the deal parties’ business and information sharing relationships with other companies, investors or governments that are not part of the transaction under review, but in CFIUS’s view may nevertheless present security concerns.
While China (nor any other jurisdiction) is not specifically mentioned in the Foreign Investment EO or its provisions, the Foreign Investment EO may have the effect of making it more difficult for Chinese companies to obtain CFIUS approval for investments in the identified sectors of the US economy, given the US Government’s increased focus on Chinese investments in domestic businesses.
Industry investment trends with potential consequences for a transaction’s impact on US national security
The Foreign Investment EO explains that certain investments by a foreign person in a sector or technology may appear to pose a limited threat when viewed in direct isolation, but when viewed in the wider context of previous transactions, may serve to facilitate sensitive technology transfer in key industries or harm national security by incrementally ceding domestic control in such technologies or sectors. CFIUS is now expressly directed to assess the risks arising from a transaction in the context of multiple acquisitions or investments in a single sector or related sectors.
While this new instruction appears to expand the scope (but not jurisdiction) of a CFIUS review, the administration clarified that CFIUS can still maintain its transaction-by-transaction approach, while additionally looking at individual cases in the context of other aggregate or related transactions.
Cybersecurity risks that threaten to impair national security
The Foreign Investment EO directs CFIUS to consider whether a covered transaction may provide a foreign person, or their relevant “third-party ties,” with access to databases and systems to conduct malicious cyber activities against the US. Of particular (and stated) concern are cyber intrusions that could affect the outcome of a US election, the operation of critical US infrastructure or the confidentiality or availability of US communications systems.
Risks to US persons’ sensitive data
The fifth and final factor for CFIUS consideration focuses on sensitive data protection. The Foreign Investment EO states that CFIUS must consider whether a transaction involves a US business with access to US persons’ sensitive data (as part of the CFIUS vulnerability assessment), and if so whether the foreign investor, or its third party ties, has the ability to exploit such data to target individuals or groups within the US and thus adversely impact national security (as part of the CFIUS threat assessment).