Parties to investment transactions involving U.S. businesses engaged in “critical technologies” activities will soon be subject to modified requirements for mandatory filings to the Committee on Foreign Investment in the United States (CFIUS). Following proposed rules issued in May 2020, the Department of the Treasury (“Treasury”) released a final rule that will take effect on October 15, 2020. As explained in our prior client alert, the new rule—which focuses on U.S. regulatory authorizations (generally, export licenses or approvals) applicable to the foreign investor and its owners—highlights the pivotal role that U.S. export controls and related regimes play in CFIUS’s review process, and in defining the technologies of greatest import to U.S. national security.
Background on the New Critical Technologies Mandatory Filing Rule
The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) introduced mandatory filing requirements to the CFIUS review process, beginning with the critical technologies pilot program initiated in November 2018. Since that time, parties to certain transactions involving U.S. businesses engaged in critical technologies activities have been required to make a filing to CFIUS before closing the transaction. This requirement carried over to the broader regulations implementing FIRRMA that became effective in February 2020, along with additional mandatory filing requirements for certain transactions in which a foreign government-owned investor would obtain a “substantial interest” in a U.S. company involving critical technologies, critical infrastructure, or sensitive personal data (a “TID U.S. business”).
To date, however, the critical technologies mandatory filing requirement has been limited to U.S. companies that use critical technologies in, or design critical technologies specifically for, one or more of 27 industries identified by reference to their North American Industry Classification System (NAICS) codes. This “industry prong” of the requirement drew criticism because it is relatively subjective and imprecise, and difficult to evaluate for companies that have not previously identified a NAICS code applicable to their business.
Further, the previous mandatory filing requirement did not address one of the key factors in evaluating the national security risk presented by foreign investments in U.S. critical technologies companies—the risk that may be associated with an investor from, or controlled by persons in, a country of national security concern to the U.S. government, as opposed to a closely allied country.
In response to these concerns, the new rule eliminates the “industry prong” of the critical technologies mandatory filing requirement. In its place, Treasury will require the parties to determine whether the foreign investor and other foreign entities in the investor’s ownership chain would require certain U.S. regulatory authorizations to receive or access the U.S. business’s critical technologies. The specific authorizations are:
1. Licenses or other approvals required for defense articles or defense services under the International Traffic in Arms Regulations (ITAR);
2. Licenses required for items controlled under the Export Administration Regulations (EAR);
3. Specific or general authorizations required for the export of certain controlled nuclear technology under the Department of Energy Regulations; or
4. Any specific license required by the Nuclear Regulatory Commission Regulations.
These regulatory authorizations are much more likely to be required for investors from countries subject to stricter U.S. export controls, such as China and Russia, and entities placed on restricted parties lists maintained by the U.S. government, such as the Department of Commerce (“Commerce”) Entity List and Denied Persons List. Thus, the new mandatory filing rule better aligns the critical technologies mandatory filing requirement with the goals stated in FIRRMA and broader U.S. national security and international trade policy. Additional details on the proposed changes to the mandatory filing requirements are provided in our prior client alert.
Key Clarifications in the Final Rule
Following a public comment period that ended on June 22, 2020, Treasury announced the final rule implementing the changes to the critical technologies mandatory filing requirement, which will become effective on October 15, 2020. The final rule was substantially similar to the proposed rule issued in May, but Treasury’s comments on the final rule included some key clarifications:
- Eligibility for License Exceptions: In most cases, the mandatory filing requirement will apply regardless of whether a license exception under the EAR or license exemption under the ITAR would be available to the foreign person involved. However, the final rule states that the mandatory filing requirement will not apply if the critical technologies involved are eligible under certain provisions under the EAR’s License Exception ENC (applicable to certain encryption items), License Exception TSU (covering certain unrestricted technology and software), and License Exception STA (authorizing exports to certain U.S. allied countries as a strategic trade authorization).
The final rule clarifies what it means to be “eligible” for these EAR license exceptions. For example, in order for encryption items covered by EAR section 740.17(b)(2) or (3) to be eligible for License Exception ENC, the U.S. business must submit any required classification requests to Commerce’s Bureau of Industry and Security and observe a 30-day waiting period. However, critical technologies that are self-classified by a U.S. business as eligible for License Exception ENC pursuant to section 740.17(b)(1) would not be subject to the mandatory CFIUS filing requirement, regardless of whether the U.S. business has complied with the applicable EAR reporting requirements for such items under EAR section 740.17(e).
- Timing Rule for Critical Technologies: In response to a public comment, the timing rule for the mandatory filing requirement was changed so the determination of whether the target U.S. company is engaged in critical technologies activities is assessed as of the earliest date when the transaction meets any of the conditions set forth in the CFIUS regulations’ applicability rule (e.g., execution of a binding written agreement for the transaction), and not the completion date of the transaction. This addresses concerns about the possibility that, for example, applicable export control regulations could change, with immediate effect, between the signing and closing of a transaction.
- Applicability to Foreign Persons in the Investor’s Ownership Chain: There were no significant changes to the final rule with respect to how the specified regulatory authorizations would be applied to entities in the foreign investor’s ownership chain. Treasury’s responses to the public comments, however, highlight the importance of evaluating a foreign investor’s full ownership chain for regulatory authorization requirements, including any individuals or entities that have a 25% or greater voting interest in any of the investor’s parent entities.
- Excepted Investor Exemption Not Affected: As discussed in our prior client alert, investors from “excepted foreign states” (currently Australia, Canada, and the United Kingdom) that satisfy various requirements are exempt from the mandatory CFIUS filing requirements. The final rule does not affect the availability of this excepted investor exemption.
As we noted previously, we expect these changes to the critical technologies mandatory filing requirements to bring more clarity and certainty to transaction parties, as compared to the previous NAICS code-based requirements. It will be critical for investors and U.S. businesses, however, to conduct due diligence early in the transaction process to evaluate whether a mandatory CFIUS filing requirement will apply, and to plan accordingly. MoFo’s National Security team will continue to provide updates on significant developments affecting CFIUS and U.S. export controls.