On September 15, 2022, President Biden signed an executive order (EO) directing consideration of certain national security factors by the Committee on Foreign Investment in the United States (CFIUS or "the Committee") when reviewing inbound foreign investment. The EO marks the first time since 1975 that the president has provided formal direction on specific national security risks that CFIUS should take into account when reviewing a transaction with foreign investors. The EO emphasizes the critical role that CFIUS plays in supporting U.S. national security interests and underscores the risk that "some countries use foreign investment to obtain access to sensitive data and technologies" to undermine U.S. security.
Although the EO is not intended to expand the legal jurisdiction of CFIUS, it is intended to further target the Committee's review on hot-button priorities of the current administration, including supply-chain resilience, sensitive data on Americans, and U.S. technological leadership in the coming decades. The new factors provide not only further direction to CFIUS itself, but also guidance to investors and businesses for assessing potential security risks from proposed transactions.
CFIUS has broad discretion to define risks to U.S. national security and to take into account any such risks that it views as relevant. Even so, the federal statute that authorizes CFIUS, Section 721 of the Defense Production Act of 1950, as amended most recently by the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), sets forth specific national security factors that CFIUS should consider in its review. With the new EO, the Biden administration elaborates on two of the review factors already set forth in the statute and recognizes three additional ones. These are summarized below.
Clarifying two existing statutory factors related to resilience of critical U.S. supply chains and U.S. technological leadership
- Impact of a transaction on the resiliency of
critical U.S. supply chains. CFIUS should consider
whether the transaction potentially exposes the United States to
future supply-chain vulnerabilities for critical goods and services
that may have national security implications (e.g., manufacturing
capabilities, services, critical mineral resources, technologies
fundamental to national security because of their importance for
supply chain resilience, etc.).
Note that the focus of this factor is very much in line with the EO on critical U.S. supply chains that President Biden issued in February 2021 shortly after taking office, and with the ensuing supply-chain reviews by the administration.
- Impact of a transaction on U.S. technological
leadership in key sectors fundamental to national
security. Examples of key sectors include, but are
not limited to, microelectronics, artificial intelligence,
biotechnology, advanced clean energy (such as battery storage and
hydrogen), climate adaptation technologies, critical materials
(such as lithium and rare earth elements), and elements of the
agricultural base that impact food security. In particular, the
Committee shall take into consideration such factors as:
- The degree of the foreign person's involvement
- The United States' capabilities with respect to the critical sector and the degree of diversification across the supply chain in that sector; whether the U.S. party to the covered transaction supplies, directly or indirectly, the U.S. government, the energy sector industrial base, or the defense industrial base; and the concentration of ownership of control by the foreign person in the supply chain
- The degree of the foreign person's involvement
The Committee shall take into account the following national security considerations:
- Whether the covered transaction involves manufacturing capabilities, services, critical mineral resources, or technologies fundamental to U.S. technological leadership and therefore national security.
- Whether a covered transaction could result in future technological advancements that could undermine national security.
Finally, the Committee, in consultation with the Office of Science and Technology Policy, is directed to periodically publish a list of technology sectors that are fundamental to U.S. technological leadership.
Recognizing three additional national security factors for CFIUS consideration during the review process with respect to aggregate industry investment trends
- Aggregate industry foreign investment
trends. CFIUS should review proposed transactions in
the context of previous transactions and consider whether these
investments, collectively, may "facilitate sensitive
technology transfer in key industries or otherwise harm national
security." Thus CFIUS should look at covered transactions in
the context of multiple acquisitions or investments in a single
sector or in related manufacturing capabilities, services, critical
mineral resources, or technologies, since review of a single
transaction may not clearly demonstrate the potential security
risks posed by a foreign investor. The Committee may request the
Department of Commerce's International Trade Administration to
provide an analysis of U.S. industries and recent transactions by a
foreign person or foreign government.
- Cybersecurity threats. CFIUS should
consider whether a covered transaction may provide access for
cyber-intrusions or other malicious cyber activities. For example,
the Committee should consider whether a covered transaction would
give a foreign person the ability to undermine the integrity of
databases or systems housing sensitive data; interfere with U.S.
elections, critical infrastructure, or the defense industrial base;
sabotage critical energy infrastructure; or conduct other
activities that pose a threat to U.S. security.
- Risks to U.S. persons' sensitive data. Given in particular that sensitive data can be used for surveillance, tracing, tracking, and targeting of U.S. persons, CFIUS should continue its current practice of reviewing covered transactions to consider whether the foreign investor or its third-party ties pose a risk of exploiting such data in a manner that is detrimental to national security. Examples of sensitive data include health and biological data (including data that could be identifiable or de-anonymized) and data on sub-populations in the United States.
Emphasizing the need for continuous enhancements to the existing process and directing CFIUS to regularly review and update its processes, practices, and regulations, as needed
Finally, the EO directs that a review should be conducted on an ongoing basis, and the results should be reported to the Assistant to the President for National Security Affairs, along with any policy recommendations.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.