On September 15, 2022, President Biden signed an executive order (EO) directing consideration of certain national security factors by the Committee on Foreign Investment in the United States (CFIUS or "the Committee") when reviewing inbound foreign investment. The EO marks the first time since 1975 that the president has provided formal direction on specific national security risks that CFIUS should take into account when reviewing a transaction with foreign investors. The EO emphasizes the critical role that CFIUS plays in supporting U.S. national security interests and underscores the risk that "some countries use foreign investment to obtain access to sensitive data and technologies" to undermine U.S. security.

Although the EO is not intended to expand the legal jurisdiction of CFIUS, it is intended to further target the Committee's review on hot-button priorities of the current administration, including supply-chain resilience, sensitive data on Americans, and U.S. technological leadership in the coming decades. The new factors provide not only further direction to CFIUS itself, but also guidance to investors and businesses for assessing potential security risks from proposed transactions.

CFIUS has broad discretion to define risks to U.S. national security and to take into account any such risks that it views as relevant. Even so, the federal statute that authorizes CFIUS, Section 721 of the Defense Production Act of 1950, as amended most recently by the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), sets forth specific national security factors that CFIUS should consider in its review. With the new EO, the Biden administration elaborates on two of the review factors already set forth in the statute and recognizes three additional ones. These are summarized below.

Clarifying two existing statutory factors related to resilience of critical U.S. supply chains and U.S. technological leadership

  1. Impact of a transaction on the resiliency of critical U.S. supply chains. CFIUS should consider whether the transaction potentially exposes the United States to future supply-chain vulnerabilities for critical goods and services that may have national security implications (e.g., manufacturing capabilities, services, critical mineral resources, technologies fundamental to national security because of their importance for supply chain resilience, etc.).

    Note that the focus of this factor is very much in line with the EO on critical U.S. supply chains that President Biden issued in February 2021 shortly after taking office, and with the ensuing supply-chain reviews by the administration.

  2. Impact of a transaction on U.S. technological leadership in key sectors fundamental to national security. Examples of key sectors include, but are not limited to, microelectronics, artificial intelligence, biotechnology, advanced clean energy (such as battery storage and hydrogen), climate adaptation technologies, critical materials (such as lithium and rare earth elements), and elements of the agricultural base that impact food security. In particular, the Committee shall take into consideration such factors as:

    1. The degree of the foreign person's involvement

    2. The United States' capabilities with respect to the critical sector and the degree of diversification across the supply chain in that sector; whether the U.S. party to the covered transaction supplies, directly or indirectly, the U.S. government, the energy sector industrial base, or the defense industrial base; and the concentration of ownership of control by the foreign person in the supply chain

The Committee shall take into account the following national security considerations:

  • Whether the covered transaction involves manufacturing capabilities, services, critical mineral resources, or technologies fundamental to U.S. technological leadership and therefore national security.
  • Whether a covered transaction could result in future technological advancements that could undermine national security.

Finally, the Committee, in consultation with the Office of Science and Technology Policy, is directed to periodically publish a list of technology sectors that are fundamental to U.S. technological leadership.

Recognizing three additional national security factors for CFIUS consideration during the review process with respect to aggregate industry investment trends

  1. Aggregate industry foreign investment trends. CFIUS should review proposed transactions in the context of previous transactions and consider whether these investments, collectively, may "facilitate sensitive technology transfer in key industries or otherwise harm national security." Thus CFIUS should look at covered transactions in the context of multiple acquisitions or investments in a single sector or in related manufacturing capabilities, services, critical mineral resources, or technologies, since review of a single transaction may not clearly demonstrate the potential security risks posed by a foreign investor. The Committee may request the Department of Commerce's International Trade Administration to provide an analysis of U.S. industries and recent transactions by a foreign person or foreign government.

  2. Cybersecurity threats. CFIUS should consider whether a covered transaction may provide access for cyber-intrusions or other malicious cyber activities. For example, the Committee should consider whether a covered transaction would give a foreign person the ability to undermine the integrity of databases or systems housing sensitive data; interfere with U.S. elections, critical infrastructure, or the defense industrial base; sabotage critical energy infrastructure; or conduct other activities that pose a threat to U.S. security.

  3. Risks to U.S. persons' sensitive data. Given in particular that sensitive data can be used for surveillance, tracing, tracking, and targeting of U.S. persons, CFIUS should continue its current practice of reviewing covered transactions to consider whether the foreign investor or its third-party ties pose a risk of exploiting such data in a manner that is detrimental to national security. Examples of sensitive data include health and biological data (including data that could be identifiable or de-anonymized) and data on sub-populations in the United States.

Emphasizing the need for continuous enhancements to the existing process and directing CFIUS to regularly review and update its processes, practices, and regulations, as needed

Finally, the EO directs that a review should be conducted on an ongoing basis, and the results should be reported to the Assistant to the President for National Security Affairs, along with any policy recommendations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.