United States: Treasury Releases Proposed CFIUS Regulations To Implement FIRRMA

Key Points

  • The U.S. Department of Treasury released proposed rules implementing the Foreign Investment Risk Review Modernization Act (FIRRMA) on September 17, 2019. Among other measures, these rules would establish how the Committee on Foreign Investment in the United States (CFIUS) would expand its jurisdiction and impose mandatory reporting under FIRRMA. They also propose a “white list” process to exclude certain investors associated with excepted foreign states from the expanded jurisdiction.
  • The proposed rules capture certain noncontrolling investments in U.S. companies involved in “critical infrastructure” (including energy, telecommunications, finance, utilities, manufacturing and transportation) and U.S. companies that maintain or collect “sensitive personal data” of U.S. citizens. This latter category would apply to companies across a variety of industries (including insurance, technology, health care, financial, government contracting).
  • The proposed rules also include new regulations governing foreign investment in certain U.S. real estate that does not involve a U.S. business. This provision has the potential to capture certain “greenfield” investments in the United States and other real estate transactions that previously were not subject to CFIUS review.
  • Under the proposed framework, mandatory filing requirements apply to certain foreign government-backed investments subject to expanded jurisdiction related to companies involved in critical technology, critical infrastructure and sensitive personal data. In addition, filers would now have the option to submit a “short-form” declaration for all transactions.
  • Treasury will receive comments on the proposed regulations until October 17, 2019. We recommend that interested parties review the draft rules to assess their impact on potential investment activities and submit comments accordingly.


CFIUS is an interagency committee that reviews foreign investments in the United States to identify national security concerns. CFIUS has the authority to initiate reviews of transactions, impose mitigation measures, suspend transactions and recommend that the President block pending transactions or order divestitures of completed transactions. Historically, to mitigate against such risks, parties have filed voluntary notices with CFIUS seeking clearance (“safe harbor”) with respect to notified transactions.

On August 13, 2018, President Trump signed the Foreign Investment Risk Review Modernization Act (FIRRMA), a bipartisan bill that reforms the CFIUS process to address perceived gaps in the existing CFIUS review process (see our previous alert). Among other measures, this law expands the scope of CFIUS jurisdiction and imposes mandatory reporting requirements on certain transactions. Most of the substantive provisions of this law required implementing regulations to become effective, which the statute directed to occur no later than February 2020.

On November 10, 2018, as authorized under FIRRMA, CFIUS launched a pilot program that implemented particular provisions of FIRRMA by expanding the scope of CFIUS review to capture certain noncontrolling investments in certain companies involved in “critical technology” and requiring mandatory declarations for investments in such businesses (see our previous alert).

On September 17, 2019, the Department of the Treasury issued two proposed rules to implement most of the remaining provisions of FIRRMA, specifically (i) amendments to the existing CFIUS regulations in 31 C.F.R. Part 800 (“Part 800”) and (ii) the issuance of new rules governing real estate transactions in 31 C.F.R. Part 802 (“Part 802”). These rules will be published in the Federal Register on September 24, 2019. The proposed regulations exclude provisions governing new filing fees mandated by FIRRMA, as well as final regulations related to the pilot program (31 C.F.R. Part 801), each of which will be addressed separately.

This alert provides an overview of the two proposed rules. The comment period for the proposed rules will be open until October 17, 2019.

Overview of 31 C.F.R. 800

The proposed revisions to the existing CFIUS regulations implement most provisions of FIRRMA while leaving many sections essentially intact. In drafting the new implementing regulations, CFIUS apparently sought to narrowly construe FIRRMA’s statutory mandate to focus on specific national security concerns. As a result, the proposed regulations are significantly more complex than the pre-FIRRMA regime. Below is a summary of key modifications made by the draft regulations.

“Covered Investments” in Technology, Infrastructure and Data (“TID”)

In addition to maintaining the traditional “control” jurisdiction under the existing regulations, the proposed regulations would extend CFIUS jurisdiction to certain “covered investments” in unaffiliated “TID U.S. businesses.” “Covered investments” are defined as those that afford the foreign person: (1) access to material nonpublic technical information; (2) membership or observer rights on the board of directors (or equivalent) of the U.S. business; or (3) any involvement in substantive decision-making of the U.S. business regarding certain actions related to critical technologies, critical infrastructure or sensitive personal data.

As described further below, consistent with FIRRMA, the proposed regulations identify the following three categories of “TID U.S. businesses”: (1) critical technology, (2) critical infrastructure, and (3) sensitive personal data.

(1) U.S. Businesses Involving Critical Technology—Under the draft regulations, a TID U.S. business will include any U.S. business that “produces, designs, tests, manufactures, fabricates or develops one or more critical technologies.” Critical technologies consist of most items that are controlled under U.S. export controls, including any items to be identified as “emerging” or “foundational” technologies controlled pursuant to the Export Control Reform Act of 2018. As noted above, the proposed regulations do not revoke or modify the pilot program, which also applies to critical technology investments.

(2) U.S. Businesses Involving Critical Infrastructure—TID U.S. businesses would also include those that perform specific functions related to particular types of critical infrastructure, as identified in Appendix A to Part 800. The infrastructure captured includes the following items, systems and services:

  • Certain internet protocol networks and exchange points
  • Certain telecommunication and information services and fiber optic cable
  • Certain submarine cable systems and associated infrastructure
  • Satellites and satellite systems providing services directly to the Department of Defense (DOD)
  • Certain industrial resources (i) manufactured or operated for a Major Defense Acquisition Program, (ii) DX rated under the Defense Priorities and Allocations System regulation, or (iii) funded by certain DOD programs
  • Facilities that manufacture certain military-related materials
  • Certain electric generating and/or storage facilities
  • Any facility that provides electric power generation, transmission, distribution, or storage directly to or located on any military installation
  • Certain industrial control systems
  • Certain oil and gas systems, including refineries that meet certain size thresholds, certain liquefied natural gas (LNG) import or export terminals, and certain natural gas underground storage facilities or LNG peak-shaving facilities
  • Certain interstate oil and gas pipelines and industrial control systems utilized by such pipelines
  • Certain financial market utilities and exchanges
  • Technology service providers in the Significant Service Provider Program of the Federal Financial Institutions Examination council that provide core processing services
  • Rail lines and associated connector lines designated as part of the Department of Defense’s Strategic Rail Corridor Network
  • Certain airports and maritime ports
  • Certain public water systems and industrial control systems utilized by such water systems

With respect to the above-described infrastructure, the functions that may be captured include owning, operating, manufacturing, supplying and/or servicing such infrastructure, depending on the particular type of infrastructure at issue.

(3) Covered Investments Involving Sensitive Personal Data—A TID U.S. business would also include any business that “[m]aintains or collects, directly or indirectly, sensitive personal data of U.S. citizens.” Sensitive personal data includes genetic information as well as “identifiable data” (i.e., data that can be used to distinguish/trace an individual’s identity) that satisfies a two-tier test. First, the identifiable data must be maintained or collected by a U.S. business that (i) targets or tailors products or services to sensitive U.S. government personnel or contractors or (ii) maintains or collects such data on greater than one million individuals (or has demonstrated a business objective to do so).

Second, the data must fall within any of the following categories:

  • Financial data that could be used to determine if an individual is experiencing hardship
  • Information collected by consumer reporting agencies (with certain exceptions)
  • Information provided in personal insurance applications
  • Health-related data
  • Nonpublic electronic communications, if the U.S. business is a provider of such services for use by third parties
  • Geolocation data
  • Biometric data
  • Information related to government identification cards or personnel security clearance.


Sensitive personal data would not include identifiable data regarding a U.S. business’s own employees (except for employees who hold personnel security clearance) and data that is a matter of the public record.

Mandatory Filing Requirement

Under the draft regulations, certain foreign-government controlled investments in TID U.S. businesses would be subject to mandatory filing requirements. Specifically, mandatory filings apply to transactions in which a foreign government holds a substantial interest (defined here as a 49 percent or greater voting interest) in a foreign person that obtains a substantial interest (defined here as a 25 percent or greater voting interest) in a TID U.S. business. In the case of an entity organized as a limited partnership, a foreign government is considered to have a substantial interest in the partnership if it either (i) holds 49 percent or more of the voting interest in the general partner or (ii) is a limited partner and holds 49 percent or more of the voting interest of the limited partners.

As under the pilot program, parties subject to mandatory filing may choose to submit a declaration or full notice. Notably, mandatory filings must be submitted 30 days (compared to 45 days under the pilot program) prior to the completion of the transaction.

The mandatory declaration requirement contains an important carve-out for certain investment funds. Specifically, the requirement would not apply to an investment fund if the fund is managed exclusively by a U.S. general partner, a managing member or an equivalent; and with respect to any foreign person with membership as a limited partner on an advisory board or committee of the fund:

  1. The advisory board or committee does not have the ability to approve, disapprove or otherwise control investment decisions.
  2. The foreign person does not otherwise have the ability to control the investment fund.

Parties that fail to submit a mandatory filing may be liable for civil penalties up to $250,000 per violation or the value of the transaction, whichever is greater. The regulations stipulate that the amount of the penalty imposed for such a violation “shall be based on the nature of the violation.”

Excepted Foreign Investors

The draft regulations provide for a process for the exclusion of certain investors that would not be subject to the expanded jurisdiction for transactions involving TID U.S. businesses. Specifically, the regulations would exempt investors with certain relationships with “excepted foreign states” from the expanded jurisdiction.

The regulations do not provide a list of excepted foreign states, but rather describe a “two-factor conjunctive test” for CFIUS to identify such states. Under this test, the chairperson of CFIUS, with the agreement of two-thirds of the voting members of the Committee, would first add certain states to the list of eligible states, which would be published on Treasury’s website. Second, the chairperson, with the agreement of two-thirds of the voting members of the Committee, may determine that the foreign state has “established and is effectively utilizing a robust process to analyze foreign investments for national security risks and to facilitate coordination with the United States on matters relating to investment security.” In its discussion of the proposed rule, CFIUS explains that it is considering delaying implementation of the second factor for a certain period to allow eligible states time to enhance their foreign investment review processes and bilateral cooperation.

To qualify as an excepted investor, the foreign investor must be one of the following:

  • A foreign national (i.e., individual) who is a national of one or more excepted foreign states and is not also a national of any foreign state that is not an excepted for state.
  • A foreign government of an excepted foreign state.
  • A foreign entity that meets a number of specific requirements with respect to itself and each of its parents, which essentially require the entity to be very closely tied to the excepted foreign state or the United States.

To qualify as a foreign entity under the third prong, generally (i) the entity must be organized under the laws of and have its principal place of business located in an excepted foreign state or the United States; (ii) all board members and observers must be U.S. nationals or be nationals of or entities incorporated and located in an excepted foreign state; and (iii) all persons holding a five percent or greater voting, profit or dissolution right must be U.S. nationals or be nationals of or entities incorporated and located in an excepted foreign state. Entities must meet a certain threshold (50 percent for publicly traded companies and 90 percent for privately held companies) of ownership by nonforeign or excepted foreign state nationals, governments or entities. Lastly, even after meeting the tests above, the investor could be disqualified if it has violated certain U.S. laws (e.g., export controls and sanctions) or is otherwise subject to restrictions.

Effective Date of Regulations

The proposed revisions to Part 800 will apply beginning on the effective date established in the final rule. However, the existing regulations would continue to apply (and not the new rules) for transactions in which any of the following has occurred prior to the effective date of the final rule:

  • The completion of the transaction.
  • The parties to the transaction have executed a binding written agreement or other binding document establishing the material terms of the transaction.
  • A party has made a public offer to shareholders to buy shares of a U.S. business.
  • A shareholder has solicited proxies in connection with an election of the board of directors of a U.S. business or an owner or holder of a contingent equity interest has established the conversion of the contingent equity interest.

Additionally, special timing rules apply to mandatory filings for transactions that are completed within 30 days of the effective date of the final regulations. If a transaction is subject to mandatory filing requirements and closes within 30 days after the effective date of the final regulations, the mandatory filing must be submitted on the effective date of the final regulations or “promptly thereafter.”

Other Changes

The proposed regulations also provide a number of other modifications to the CFIUS regime to implement FIRRMA, including the following changes:

  • The regulations would allow parties to a transaction to submit either a declaration or full notice for all covered transactions, including both covered transactions based on control and covered investments.
  • The regulations would allow parties to stipulate that CFIUS has jurisdiction in a declaration or notice. If a party makes such a stipulation in a notice, CFIUS would be required to provide comments on, or accept the notice, no later than 10 business days after the date of the filing (accelerating the prefiling process).
  • The definition of “covered transaction” includes a change in rights of a foreign person with respect to a U.S. business in which that foreign person has an investment, if such change could result in a covered control transaction or a covered TID investment.

In addition to the foregoing, in the proposed rulemaking, CFIUS responds to a comment on the prior FIRRMA interim rule requesting additional information on what circumstances would warrant a 15-day extension of an investigation for “extraordinary circumstances.” CFIUS states that this would be a fact-specific determination and that the final rule will likely not provide a more detailed definition.

Overview of 31 C.F.R. 802

The proposed Part 802 regulations implement the real estate provision of FIRRMA. These regulations would expand CFIUS jurisdiction to capture the purchase, lease or concession of U.S. real estate to a foreign person that is located within, or will function as part of, an air or maritime port, or is in close proximity to a U.S. military or other sensitive U.S. government location. Notably, this jurisdiction applies to transactions that do not involve foreign investment in a U.S. business. In addition, Part 802 does not contain a mandatory filing requirement so all filings are voluntary.

Transactions completed prior to the effective date of the proposed regulations or for which parties executed a binding written agreement establishing the material terms of the transactions prior to that effective date are not subject to these regulations.

Jurisdiction over Real Estate Transactions

CFIUS jurisdiction only applies to “covered real estate,” which is real estate that (i) is located within, or will function as part of, an airport or maritime port or (ii) is located within “close proximity” (i.e., one mile from the boundary) to specific military installations; the “extended range” (i.e., in most cases 99 miles from the boundary) of a subset of those military installations; certain geographic areas identified in connection with other military installations; or any part of certain military installations that is located within 12 nautical miles seaward of the coastline of the United States. Each of these military installations and categories are identified specifically in an appendix to Part 802.

A transaction involving covered real estate is only subject to CFIUS review if it qualifies as a “covered real estate transaction.” This defined term captures any purchase or lease by, or concession to, a foreign person of covered real estate that affords the foreign person at least three of the specific “property rights” identified in the regulations. Property rights means any of the following rights or abilities, whether or not exercised:

  1. To physically access the real estate.
  2. To exclude others from physical access to the real estate.
  3. To improve or develop the real estate.
  4. To attach fixed or immovable structures or objects to the real estate.

A covered real estate transaction can include a change in rights that grants a foreign person at least three property rights as well as a transaction structured to evade or circumvent CFIUS jurisdiction.

The proposed regulations define “airport” and “maritime ports” in relation to existing federal statutory and regulatory authorities. Airports are defined as “large hub airports,” “any airport with annual aggregate all-cargo landed weight greater than 1.24 billion pounds” or any “joint use airport” as defined under statue and by the U.S. Federal Aviation Administration. Maritime ports are defined as “strategic seaports” or “top 25 tonnage, container or dry bulk port” as defined under statute and by the U.S. Department of Transportation.

The proposed regulations identify excepted real estate transactions to enumerate specific types of transactions that are not covered real estate transactions. Part 802 defines “excepted real estate investor,” “excepted real estate foreign state” and “minimum excepted ownership” in a manner consistent with Part 800 as described above. The proposed regulations also except certain real estate transactions involving certain urban clusters, single housing units, retail, accommodation or food serve establishments, commercial office space and American Indian land. Each of the exceptions contains specific guidelines so parties should review these exceptions to determine potential applicability to their respective transactions.

Filings: Declarations and Notices

Parties to a covered real estate transaction may submit voluntary declarations under the proposed regulations. Beyond excluding mandatory reporting requirements, the Part 802 filing process is largely the same as those outlined under Part 800. Note that parties filing under Part 802 must provide specific information related to the covered real estate transaction, including a description of the real estate and a summary of the rights related to the real estate.

Relation to 31 C.F.R. 800

Finally, the proposed regulations define the relationship between the two sets of regulations. Specifically, a covered transaction under Part 800 that includes the purchase, lease or concession of covered real estate is not a covered real estate transaction. Therefore, if a transaction is subject to Part 800, the parties should analyze whether to notify CFIUS of a transaction under those regulations and not under Part 802, even if it includes real estate. If the transaction is not subject to Part 800, parties should review Part 802 to determine potential CFIUS jurisdiction.


The proposed regulations implement the majority of FIRRMA’s required changes to CFIUS. In attempting to narrowly construe FIRRMA’s statutory mandate, these proposed regulations together create complex new requirements. We recommend that U.S. and non-U.S. businesses carefully review these proposed rules to determine how they may affect future transactions and investments. Interested parties may address concerns with the proposed regulations through comments, which are due on October 17, 2019.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions