Export controls have been used for decades to protect U.S. technology with military applications. In recent years, however, these controls have expanded to such an extent that some investments or acquisitions in certain U.S. companies may now be precluded. The U.S. government has long sought to control the export of defense articles and services, as well as "dual-use" U.S.-origin civilian products, materials, technology, technical data and software that have potential military applications. New legislation and regulations over the last several years have expanded that reach, making export controls an additional tool for controlling foreign direct investment. It is therefore important for foreign investors to examine this risk very early in the due diligence process by checking if an export license is required for access to a U.S. target's technology and whether such a license is likely to be granted.
The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), which overhauled the rules governing national security reviews undertaken by the Committee on Foreign Investment in the United States (CFIUS), was intended to protect the technological edge held by the United States by preventing companies from perceived geopolitical adversaries from gaining access to next-generation technologies. For this reason, Congress also enacted and substantively linked companion legislation, the Export Control Reform Act of 2018 (ECRA), which restored the statutory authority for export controls and significantly expanded the government's current practice in several important areas. FIRRMA includes the "Sense of the Congress" that "the national security landscape has shifted in recent years, and so has the nature of the investments that pose the greatest potential risk to national security, which warrants an appropriate modernization of the processes and authorities of [CFIUS] and of the United States export control system."
FIRRMA and its implementing regulations establish mandatory CFIUS filings for certain foreign investments in three categories of U.S. businesses. One of these categories includes certain transactions involving a foreign investment in a U.S. business that produces, designs, tests, manufactures, fabricates or develops a U.S. critical technology, which is defined as certain items controlled for export under various authorities including the following:
- U.S. Department of State International Traffic in Arms Regulations (ITAR);
- U.S. Department of Commerce Export Administration Regulations (EAR);
- U.S. Department of Energy regulations regarding the export and import of nuclear equipment and material, as well as assistance to foreign atomic energy activities;
- U.S. Department of Agriculture regulations on the possession, use and transfer of select agent and toxins; and/or
- Emerging and foundational technologies designated under ECRA.
By defining critical technology this way, FIRRMA clearly links the responsibilities of CFIUS with those CFIUS member agencies that administer U.S. export control laws, especially the U.S. Department of Commerce.
While early versions of FIRRMA would have given CFIUS broader authority to review technology transfers, export control reform was eventually carved out into companion legislation. ECRA requires interagency coordination among those departments that administer export control laws and with the Director of National Intelligence. It also adds the ability to control services related to certain dual-use controlled items and technology, similar to the ITAR. It increases the level of civilian fines and codifies the level of criminal fines and penalties. ECRA greatly expands enforcement authority to include, among other things, undercover investigations and investigations outside of the United States, the execution of subpoenas and search warrants, as well as the ability to inspect, search, detain, seize and carry firearms. And, finally, ECRA sets out the process, run by the U.S. Department of Commerce, for determining whether a technology is emerging or foundational and controlling it for export under EAR.
Implementation Under the Trump Administration
The Trump Administration began implementation of both FIRRMA and ECRA immediately after enactment and rolled out new regulations over the following two years.
- Pursuant to FIRRMA, CFIUS implemented, among other things, a mandatory declaration process for foreign investments in a U.S. business that deals with critical technologies when an export license is required for transfer of those critical technologies to the country of the foreign investor, a definition that is linked to ECRA and is always evolving.
- ECRA was implemented primarily through a series of mainly straightforward updates to the EAR.
- Emerging and foundational technologies deemed essential to the national security of the United States, however, are being identified and integrated into the EAR in an ongoing process spearheaded by the U.S. Department of Commerce. This process considers both public and classified information as well as information from CFIUS and the Emerging Technology Technical Advisory Committee, which includes representatives of the Departments of Commerce, Defense and State, the intelligence community and, as appropriate, other U.S. government departments and agencies. It also includes highly ranked and accomplished engineers and scientists from academia, industry and Federal laboratories. The focus is on emerging and foundational technologies that are "important to US national security for which effective controls can be implemented that avoid negatively impacting US leadership in the science, technology, engineering, and manufacturing sectors." The criteria for determining what constitutes a foundational technology is currently still in the proposed rule-making stage.
How This is Playing Out Under the Biden Administration
While many regulatory or policy actions that were pending before President Biden's inauguration were placed on hold for review by the incoming administration, those implementing ECRA have, so far, generally proceeded on schedule. For example, in its first 100 days, the Biden Administration:
- Implemented new restrictions on exports and reexports to Burma, and transfers (in-country) within Burma, of items controlled by the EAR in response to the military coup and escalating violence against peaceful protesters.
- Suspended certain license exceptions and began a review of pending license applications for exports to Russia under a presumption of denial for exports and reexports of items controlled for national security reasons, pursuant to a determination by the U.S. State Department that the Government of Russia has used chemical or biological weapons in violation of international law or lethal chemical or biological weapons against its own nationals.
- Allowed the implementation of the ECRA directive requiring licenses for military-intelligence end use or end users in certain countries as introduced by the Trump Administration.
- Proceeded with the remaining harmonizing changes to the EAR based on 2019 changes made to the Wassenaar Arrangement List of Dual-Use Goods and Technologies, reinforcing its commitment to a multilateral approach.
- Eliminated the reporting requirements for certain encryption items to reduce the regulatory burden for exporters while still fulfilling U.S. national security and foreign policy objectives.
- Added numerous entities found to be acting contrary to the national security or foreign policy interests of the United States to the Entity List, which is generally subject to additional license requirements with limited license exceptions for, exports, reexports and transfers (in-country) to the listed entities.
- Continued numerous enforcement actions begun under the Trump Administration.
Export controls have long been in effect and an important consideration in any cross-border investment. These new rules, which implement the government's view that export controls should be used to control foreign investment in addition to just controlling the technology, however, make it a critical component of due diligence and transaction planning:
- Will the investment be permitted?
- Will the necessary export licenses be granted?
- Does the transaction timeline provide for the required reviews?
Just as critical is ascertaining whether a mandatory notification to CFIUS is required, as it is in any transaction involving the critical technology discussed here. Failure to make a mandatory filing can result in a civil penalty up to $250,000 or the value of the transaction, whichever is greater, in addition to potential unwinding of the investment.
Special thanks to Lisa Raisner, Head of Government Relations, who co-authored this publication.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.