The U.S. government continues to increase scrutiny over certain foreign investments in the United States and critical supply chain security. On 15 September 2022, President Biden signed the “Executive Order on Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States” (the CFIUS EO or the EO).1 The EO, which details the specific areas where the Biden administration and CFIUS are currently focused, is meant to send “a very clear message, a public message, to the private sector” and to the “corporate community and the public as a whole, as well as foreign governments, allies, and partners around the world.”2
Why This Is Important
Given recent legislative and executive actions and broad bipartisan concern regarding various threats and risks related to China, both branches of the government will continue to address the national security implications of foreign investments in U.S. businesses and seek to enhance protections around U.S. critical technologies. The private sector and markets should expect an increasing number of CFIUS reviews, as well as new legislative proposals and presidential directives concerning outbound investments and technology transfers, enhanced protections for personal data of U.S. persons, and an aggressive push for enhanced export controls by the Department of Commerce.3
While the EO directs CFIUS to consider certain additional risk factors when reviewing a covered transaction—focusing on the integrity of U.S. supply chains and maintaining U.S. technological leadership—the EO does not expand CFIUS’s jurisdiction or its review process. As such, the EO is intended to signal to the public and investors that the Biden administration has prioritized certain areas of national security concern. This is especially true regarding proposed transactions emanating from China.
The EO comes at a time of increasing concern regarding investments from China in the U.S. technology sector and other industries. The private sector has grown more sensitive to Chinese-related investments that could come under CFIUS scrutiny. Despite this enhanced scrutiny, the annual CFIUS report published by the U.S. Department of the Treasury in August 2022 highlights that investors from China/Hong Kong accounted for the second-largest number of transactions in 2021 (10%), including 44 Notices (16% of all Notices), but just one Declaration (less than 1% of all Declarations). Overall, the number of filings by Chinese investors increased 105% from 2020 levels (and is up 61% from 2019). This represents a notable departure from the trend in recent years, which saw Notices involving Chinese investors decline from 55 in 2018 to 26 in 2019 and just 17 in 2020.
Although the annual CFIUS report does not confirm how many China/Hong Kong Notices were approved, the low number of Notices withdrawn and abandoned indicate that CFIUS approved many of the China/Hong Kong Notices (with or without mitigation agreements). Only nine Notices were withdrawn because national security concerns effectively could not be resolved through mitigation.
The jump in Chinese investment is consistent with larger trends concerning the amount of foreign investment in the United States potentially subject to CFIUS review. Foreign direct investment in the U.S. increased to $4.98 trillion at the end of 2021 from $4.47 trillion at the end of 2020, an increase of $506.1 billion.4 In 2021, CFIUS saw a significant increase in the number of filings for covered transactions, reviewing a total of 436 transactions, up from 313 in 2020.
Congress acted to address widespread concerns that Chinese companies improperly obtain critical technologies,5 intellectual property, and other sensitive information from the United States with the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), which expanded the definition of covered transactions under CFIUS’s jurisdiction subject to mandatory notifications to CFIUS; enhanced the emphasis on mitigation and compliance agreements with transacting parties; and changed the procedures regarding the filing process of certain foreign transactions.6
Despite FIRRMA’s broader reach and expanded notification requirements, however, the U.S. national security community and Congress remain concerned that foreign investors still use joint ventures and minority stakes in ventures to gain access to sensitive information and critical technologies.
The EO is part of a larger effort by successive administrations and Congress to enhance supply chain resiliency and domestic manufacturing capacity. In addition to FIRRMA, Congress passed the Export Control Reform Act of 2018 (ECRA) and, more recently, the Creating Helpful Incentives to Produce Semiconductors for America Act of 2022 (the CHIPS Act), which establishes investments and incentives to support U.S. semiconductor manufacturing, research and development, and supply chain security.7 Importantly, the CHIPS Act imposes certain restrictions on the use of the funding and prohibits recipients from expanding semiconductor manufacturing in China and countries defined by U.S. law as posing a national security threat to the United States.8
Considerations for the Private Sector
- The CFIUS EO reflects continued U.S. concerns about strategically important technologies on a global basis, particularly those put at risk by Chinese investments, and those from other adversaries. Investors and transacting parties should expect more scrutiny concerning Chinese investments, customers, counterparties, and supply vulnerabilities.
- Those involved in international trade, investments, and mergers and acquisitions need to understand that there is a growing suite of national economic security risks and requirements that could impact deals and operations. It is especially important for the investment and technology sectors to understand the fundamental complexities—and potential application and reach—of CFIUS’s authority and processes and how these interact with export controls and sanctions lists, while recognizing how these rules may change in the coming months.
- Investors and transacting parties should carefully assess how contemplated transactions may be implicated by the areas of risk highlighted by the Biden administration, particularly if these involve the participation of non-U.S. investors. Parties should ensure that they conduct thorough national security-related diligence on a transaction to anticipate potential CFIUS risks, and, if potential risks are identified, that they consult with experts to assess potential mitigation terms. Parties that do not notify transactions to CFIUS may be subject to the non-notified process in which CFIUS can request that parties file a transaction after the fact, with the downside that CFIUS may require specific mitigation conditions, or even the unwinding of a completed covered transaction.
The EO demonstrates there is a continued and focused interest in the review of foreign investment in the United States at the highest levels of the government, and that CFIUS continues to present increased challenges for foreign investments. It will not be the last word on CFIUS, export controls, or foreign investments, whether they be inbound to, or outbound from, the United States.
Summary of CFIUS Executive Order
The Defense Production Act sets forth a number of illustrative factors that CFIUS may consider when assessing whether a “covered transaction” may pose a risk to national security.9 The EO reinforces those authorities, expands upon two national security factors in the Defense Production Act, and directs CFIUS to consider three additional national security factors.
- CFIUS directed to focus on the resilience of critical U.S. supply chains. Although CFIUS has historically considered supply chains related to the defense industrial base, the COVID-19 pandemic highlighted weaknesses and dependencies in the U.S. supply chain for a variety of critical goods and inputs, including those outside of the defense industrial base. To address this risk, the EO directs that U.S. supply chains should be a focus of CFIUS reviews both inside and outside the defense context and specifically mentions risks related to food security. This move is one part of a whole-of-government supply chain assessment undertaken by the Biden administration in response to Executive Order 14017.10 The reference to food security likely is intended to address concern among some lawmakers that the U.S. Department of Agriculture does not have a permanent seat on the committee.
- CFIUS directed to focus on U.S. technological leadership in areas affecting U.S. national security. The EO calls out several sensitive areas critical to maintaining U.S. technological leadership, including microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies.11 While CFIUS previously considered the impact of covered transactions on maintaining U.S. technological leadership in critical or emerging technologies, this affirms that leadership in any industry (not just defense) is important to CFIUS. The EO also directs the Office of Science and Technology Policy—a member of CFIUS—to periodically publish a list of technologies that it considers to be fundamental to U.S. technology leadership, thereby ensuring CFIUS’s continued focus on transactions involving specified emerging and critical technologies going forward.
- CFIUS directed to consider aggregate investment activity in particular industries. The EO directs CFIUS to consider a covered transaction in the context of other investments in that same sector. This new directive requires CFIUS to analyze investment trends that may have consequences for a given transaction’s impact on U.S. national security such as “whether a specific foreign actor is acquiring or investing in multiple companies in a sector that, in the aggregate, could impact U.S. national security.” Although CFIUS previously considered transactions on a case-by-case basis, this direction gives CFIUS a new responsibility to look beyond single transactions to consider broader, systemic threats to an industry. As such, CFIUS may seek to incorporate industry-level analyses in its risk assessments more frequently.
- CFIUS directed to consider cybersecurity risks that threaten to impair national security. The EO directs CFIUS to consider the impact of a covered transaction on the cybersecurity of the United States, including whether the covered transaction would permit a foreign person or third parties with access to sensitive data or systems. In addition, the EO also directs CFIUS to consider the cybersecurity posture, practices, capabilities, and access of the U.S. business. This reflects CFIUS’s ongoing focus on risks that may arise in relation to third-party vendors that may provide a foreign person with unauthorized access to sensitive data or systems of a U.S. business.12
- CFIUS directed to consider risks to U.S. persons’ sensitive data. The EO directs CFIUS to consider whether a covered transaction involves a U.S. business with access to U.S. persons’ sensitive data, an area of potential risk that CFIUS has previously focused on in several high-profile cases, such as TikTok.13 CFIUS is increasingly concerned about any kind of personal data of U.S. persons, even if the volume of data does not reach the threshold of “sensitive personal data” under the FIRRMA’s implementing regulations. Going forward, CFIUS will consider the ability to exploit that data through commercial or other means to the detriment of U.S. national security in the context of recent technologies that are able to de-anonymize personal data via gathering and analyzing large data sets.
1 Executive Order on Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States (15 September 2022), available at https://www.whitehouse.gov/briefing-room/presidential-actions/2022/09/15/executive-order-on-ensuring-robust-consideration-of-evolving-national-security-risks-by-the-committee-on-foreign-investment-in-the-united-states/. It is the first-ever related Executive Order since the Committee on Foreign Investment in the United States (CFIUS or the Committee) was established in 1975. CFIUS is an interagency committee currently drawn from 16 departments and agencies that reviews foreign investments in U.S. businesses, identifying and addressing U.S. national security concerns. CFIUS has the authority to initiate reviews of “covered transactions,” suspend transactions, impose conditions and mitigation measures, and recommend that the President of the United States block pending transactions or order divestures of completed transactions that raise such concerns. The Committee is chaired by the Secretary of the Treasury. To address identified national security risks, parties to a transaction can voluntarily file information with CFIUS to obtain clearance for the transaction to proceed or identify potential mitigation measures to allow the transaction to proceed. In certain circumstances, prescribed by regulations, filing with CFIUS is mandatory and failure to file may be subject to significant penalties—including fines up to the value of the underlying transaction.
2 The White House, “Background Press Call on President Biden’s Executive Order on Screening Inbound Foreign Investments” (14 September 2022), available at https://www.whitehouse.gov/briefing-room/press-briefings/2022/09/15/background-press-call-on-president-bidens-executive-order-on-screening-inbound-foreign-investments/.
3 Section 1758 of the Export Control Reform Act of 2018 (ECRA) authorizes the Department of Commerce, Bureau of Industry Security to control the export, reexport, or transfer (in-country) of emerging and foundational technologies that are essential to the national security of the United States. ECRA was enacted as part of the John S. McCain National Defense Authorization Act for Fiscal Year 2019.
4 See Department of Commerce, Bureau of Economic Analysis report re Direct Investment by Country and Industry (21 July 2022), available at https://www.bea.gov/news/2022/new-foreign-direct-investment-united-states-2021.
5 In 2020, CFIUS, published a final rule that changed the rules defining “critical technology” transactions subject to mandatory filing requirements. It changes the circumstances where a “critical technology” investment will trigger a mandatory filing requirement by ending the use of North American Industry Classification System (NAICS) codes to identify specific industries subject to mandatory “critical technology” filings, in favor of a filing requirement based on U.S. export controls. In brief, a mandatory “critical technology” filing requirement is triggered under the final rule when a “U.S. regulatory authorization” would be required for the export, reexport, or transfer (in country) of the U.S. target company’s goods or technologies to the foreign investor or certain other foreign persons involved in the transaction.
6 Foreign Investment Risk Review Modernization Act of 2018, Pub. L. No. 115-232 (2018); 31 C.F.R. Parts 800 to 802. FIRRMA expanded CFIUS’s authority to review certain transactions, joint ventures, minority stakes, and certain real estate purchases near military bases or other sensitive national security facilities.
7 The White House, “FACT SHEET: CHIPS and Science Act Will Lower Costs, Create Jobs, Strengthen Supply Chains, and Counter China” (9 August 2022), available at https://www.whitehouse.gov/briefing-room/statements-releases/2022/08/09/fact-sheet-chips-and-science-act-will-lower-costs-create-jobs-strengthen-supply-chains-and-counter-china/; U.S. House of Representatives, “CHIPS and Science Act of 2022,” available at https://science.house.gov/imo/media/doc/the_chips_and_science_act.pdf. The CHIPS Act provides $52.7 billion in federal subsidies allocated to support chip manufacturing. Nearly three-quarters of the funding to be allocated over the next five years ($39 billion) is earmarked for the construction of semiconductor fabrication plants, or “fabs,” including $2 billion specifically designated for mature semiconductors essential to the military as well as the automotive and manufacturing industries, including research and development and workforce cultivation.
8 These restrictions would apply to any new facility unless the facility produces legacy semiconductors predominately for that country’s market. Further, these restrictions—which would apply to funding recipients for 10 years from the date of funding—could shift. To make sure the restrictions remain current with the status of semiconductor technology and U.S. export control regulations, the law states that the Secretary of Commerce, in coordination with the Secretary of Defense and the Director of National Intelligence, would be required to regularly reconsider, with industry input, which technologies are subject to this prohibition.
9 See Section 721(f) of the Defense Production Act of 1950, 50 U.S.C. § 4565(f).
10 The White House, “Executive Order on America’s Supply Chains” (24 February 2021), available at https://www.whitehouse.gov/briefing-room/presidential-actions/2021/02/24/executive-order-on-americas-supply-chains.
11 The specific technologies identified in the CFIUS EO align with the most recent list of Critical and Emerging Technologies (CET) published by the U.S. National Science and Technology Council. See National Science and Technology Council, Critical and Emerging Technologies Update List (Feb. 2022), available at https://www.whitehouse.gov/wp-content/uploads/2022/02/02-2022-Critical-and-Emerging-Technologies-List-Update.pdf.
12 Although unstated, this provision is almost certainly inspired by the SolarWinds cybersecurity breach of 2020 and will likely inspire enhanced CFIUS scrutiny of vulnerabilities and risks posed by third-party vendors working with U.S. government contractors.
13 Lauren Hirsch, David McCabe, Katie Benner, and Glenn Thrush, “TikTok Seen Moving Toward U.S. Security Deal, but Hurdles Remain,” New York Times (26 September 2022), available at https://www.nytimes.com/2022/09/26/technology/tiktok-national-security-china.html.