The 2018 Foreign Investment Risk Review Modernization Act (FIRRMA), which replaced existing CFIUS regulations that authorize national security reviews of foreign investments in U.S. businesses, was fully implemented in February 2020, building off of a pilot program that had been in effect since late 2018. FIRRMA overhauled CFIUS to more effectively address modern U.S. national security concerns, including by broadening the authorities of the Committee to review and take action to address national security concerns arising from certain non-controlling foreign direct investments in U.S. companies that manufacture critical technologies, critical infrastructure, or that maintain and collect sensitive personal data of U.S. citizens.
The focus on U.S. critical technologies has been a focal point of FIRRMA implementation. Under the CFIUS pilot program that began in 2018 (as subsumed into the February 2020 final regulations), parties to a covered transaction are required file a mandatory declaration with the Committee if the foreign investment transaction involves a U.S. business that produces, designs, tests, manufactures, fabricates, or develops one or more critical technologies that are used by the U.S. business in one of 27 industries, identified by reference to their North American Industry Classification System (NAICS) code. CFIUS has the authority to impose penalties on parties who fail to file a mandatory covered transaction.
Proposed "Critical Technology" Mandatory Filing Criteria
On May 21, 2020, the Department of Treasury (which chairs the inter-agency Committee) issued a proposed rule that would overhaul these mandatory filing requirements by abandoning the NAICS code-based criteria in response to industry concerns that they were difficult to accurately and consistently apply, and that would instead base the filing requirements on U.S. export control regulations.
The new rules propose to require the mandatory declaration filing for foreign investment in a "critical technology" company when that company produces, designs, tests, manufactures, fabricates, or develops a technology that would require "U.S. regulatory authorization" to otherwise export, re-export, transfer (in-country), or retransfer such technology to certain transaction parties and foreign persons in the ownership chain. "U.S. regulatory authorization" is defined to include the four main U.S. export control licensing regimes, including:
- The International Traffic in Arms Regulations (ITAR) administered by the Department of State;
- The Export Administration Regulations (EAR) administered by the Department of Commerce;
- The Department of Energy licensing regulations at 10 CFR Part 810; and
- The Nuclear Regulatory Commission licensing regulations at 10 CFR Part 110.
While the proposed rule does not modify the definition of "critical technologies," the expanded focus on U.S. export control regulations stands to fundamentally change the types of transactions within the Committee's jurisdiction to review. When considering foreign investment, U.S. technology companies would have to consider whether a license from one of the four regulators referenced above would be required for an export, re-export, transfer (in-country), or retransfer to the foreign party of any one of the critical technologies it produces, manufactured, fabricates, or develops.
Eliminating the NAICS-code based system will bring more clarity to what types of critical technologies are impacted. However, it will be more important than ever for U.S. technology companies to evaluate and identify the export jurisdiction and classification for their products, particularly those considering foreign investment. Because of the broad reach of U.S. export control regulations, especially within the EAR, classifying products for export and understanding the implications of the nationality of the end-user and destination of the end-use will be a necessary part of any due diligence process for considering the impact of a potential foreign investor. The proposed rules do take into consideration certain license exceptions within the EAR that would limit mandatory filing requirements, again underscoring the importance of having a working knowledge of U.S. export control regulations in connection with any CFIUS analysis.
Export Control Reform and "Emerging" and "Foundational" Technologies
FIRRMA was passed simultaneously with the Export Control Reform Act of 2018 (ECRA), and both acts sought to reinforce and enhance U.S. export controls and investment restrictions to address national security concerns regarding U.S. critical technologies. ECRA required the Department of Commerce's Bureau of Industry and Security (BIS) to identify and establish additional export controls for certain "emerging" and "foundational" technologies through an interagency determination process. Importantly, these emerging and foundational technologies will be included under the "critical technologies" definition that subject companies that produce such products to CFIUS' jurisdiction when a covered foreign investment is involved.
BIS initially published certain proposed criteria for identifying "emerging" technologies in late 2018. On August 27, 2020, BIS published an advance notice of proposed rulemaking seeking public comment on how to identify, define, and describe "foundational technologies" essential to U.S. national security, highlighting the "security importance" of U.S. leadership in science, technology, engineering, and manufacturing. BIS is seeking industry input on how to define commodities and software that should fall under the "foundational" technology definition and warrant increased export controls, including items that are currently subject to control by BIS for military end use or military end user reasons, such as semiconductor manufacturing equipment and associated software tools, lasers, sensors, and underwater systems, as well as items that are being utilized in developing conventional weapons, enabling foreign intelligence collection activities, or weapons of mass destruction applications.
The implementation of FIRRMA and ECRA is part of a series of measures by the U.S. in recent years to protect U.S. national security and economic interests through a variety of statutory mechanisms. While many of the updated policies and prohibitions are China-focused, the integration of U.S. export control regulations and foreign investment restrictions is indicative of broader efforts by U.S. regulators to synthesize overlapping regulatory regimes in order to maximize their efficiency and efficacy.
Ultimately, U.S. technology companies contemplating foreign investment must understand how regulatory licensing regimes and export controls affect their products, as well whether or not such investment will potentially trigger the mandatory filing requirements of the CFIUS review process.