When the Committee on Foreign Investment in the United States (CFIUS) introduced the critical technologies “pilot program” in 2018, many foreign investors and U.S. companies gained an appreciation for the pivotal role U.S. export controls and related regulatory regimes play in CFIUS’s national security review process. The definition of “critical technologies” itself depends on how items are classified under the International Traffic in Arms Regulations (ITAR), Export Administration Regulations (EAR), and other U.S. regulations relating to the control of other sensitive items, materials, and technologies.

Proposed regulations announced by the Department of the Treasury (“Treasury”) on May 21, 2020, place even greater significance on these U.S. export control regimes in the CFIUS process, and highlight the need for foreign investors and U.S. companies to conduct diligence early in the transaction process to understand how items are classified and controlled under these regimes. Under the proposed regulations, CFIUS’s mandatory filing requirements will be linked not only to whether a target company is engaged in critical technologies activities, but also to whether the foreign investor and other foreign entities in the investor’s ownership chain would require “U.S. regulatory authorizations” to receive or access these critical technologies.

These proposed changes will significantly affect foreign investors from countries subject to stricter U.S. export controls, such as China and Russia, as well as specific entities placed on restricted parties lists maintained by the U.S. government, such as the Department of Commerce (“Commerce”) Entity List and Denied Persons List. This formal distinction in the CFIUS rules between different types of investors based on nationality/country of origin is consistent with the goals stated in the Foreign Risk Review Modernization Act of 2018 (FIRRMA), and with broader U.S. national security and international trade policy.

These changes are not effective immediately; Treasury will issue final rules following a public comment period ending on June 22, 2020.

Background on CFIUS’s Focus on Critical Technologies

As the initial step in implementing FIRRMA, the critical technologies pilot program expanded CFIUS’s review jurisdiction to include certain non-controlling investments in U.S companies that produce, design, test, manufacture, fabricate, or develop one or more “critical technologies,” defined as:

1. Defense articles or defense services controlled under the ITAR;
2. Items controlled under the EAR pursuant to multilateral regimes or for reasons relating to regional stability or surreptitious listening;
3. Specially designed and prepared nuclear equipment, parts and components, materials, software, and technology covered by 10 CFR part 810 (the “Department of Energy Regulations”);
4. Nuclear facilities, equipment, and material covered by 10 CFR part 110 (the “Nuclear Regulatory Commission Regulations”);
5. Select agents and toxins covered by 7 CFR part 331, 9 CFR part 121, or 42 CFR part 73; or
6. Emerging and foundational technologies controlled pursuant to section 1758 of the Export Control Reform Act of 2018 (ECRA).[1]

The scope of U.S. businesses covered by the CFIUS pilot program was limited, however, to companies that used critical technologies in, or designed critical technologies specifically for, one or more of 27 industries identified by reference to their North American Industry Classification System (NAICS) codes. Parties to transactions covered by the pilot program were required to file a short-form declaration or a full written notice prior to closing. This was the first mandatory filing requirement under CFIUS’s regime.

This NAICS code-based “industry prong” of the critical technologies mandatory filing requirement carried over to the broader FIRRMA-implementing regulations that became effective on February 13, 2020, after which the pilot program was ended. The industry prong, however, was not an element in determining CFIUS’s expanded jurisdiction over non-controlling “covered investments” in U.S. companies involving critical Technologies, critical Infrastructure, or sensitive personal Data (so-called “TID U.S. businesses”), only in determining whether a mandatory filing is required.

NAICS codes are numeric classifications maintained by the U.S. Census Bureau that describe a particular U.S. business by industry and are used for statistical and other official purposes, including to identify businesses entering into contracts with the U.S. government. There is no formal process by which the U.S. Census Bureau assigns a NAICS code to a U.S. business; rather, businesses self-identify one or more NAICS codes that best describe the industries in which they operate. As a result, the current NAICS code-based industry prong is relatively subjective and imprecise, and parties to transactions have often raised concerns about how to evaluate this aspect of the critical technologies mandatory filing requirement, particularly in cases where the U.S. business has not previously identified NAICS codes or where the company’s activities are not clearly captured by a specific NAICS code.

In response to these concerns in comments to the recent FIRRMA-implementing regulations, Treasury noted that it intended to replace the industry prong of the mandatory filing requirement with criteria based on U.S. export control licensing requirements. The proposed rules announced on May 21 address this change.

New Requirements Based on “U.S. Regulatory Authorizations”

Under the proposed rules, the critical technologies mandatory filing requirement will depend on (1) whether the target U.S. business is engaged in critical technologies activities, and (2) whether certain “U.S. regulatory authorizations” would be required to export, reexport, transfer (in country), or retransfer the U.S. business’s critical technologies to the foreign investor and/or foreign persons in the investor’s ownership chain. The specific U.S. regulatory authorizations included in the proposed rules are:

1. Licenses or other approvals required for defense articles or defense services under the ITAR;
2. Licenses required for items controlled under the EAR;
3. Specific or general authorizations required for the export of certain controlled nuclear technology under the Department of Energy Regulations; or
4. Any specific license required by the Nuclear Regulatory Commission Regulations.

This U.S. regulatory authorization test would be applied to any foreign person that is a party to the transaction, as well as any foreign person that:

1. Could directly “control” the U.S. business as a result of the transaction (as defined in the CFIUS regulations);
2. Is directly acquiring certain “covered investment” interests in the U.S. business;
3. Has a direct investment in the U.S. business, the rights of such foreign person with respect to such U.S. business are changing, and such change in rights could result in control or a covered investment right;
4. Is a party to any transaction, transfer, agreement, or arrangement designed or intended to evade CFIUS jurisdiction; or
5. Individually holds, or is part of a group of foreign persons that, in the aggregate, holds, a direct or indirect “voting interest” of 25% or more in any entity that meets the criteria in items (i) through (iv) above.[2]

For any foreign investor meeting these criteria, the applicability of these U.S. regulatory authorizations would be based on the investor’s principal place of business (for entities) or nationality (for individuals). Under the recently updated definition in the CFIUS regulations, an entity’s principal place of business is “the primary location where an entity’s management directs, controls, or coordinates the entity’s activities, or, in the case of an investment fund, where the fund’s activities and investments are primarily directed, controlled, or coordinated by or on behalf of the general partner, managing member, or equivalent.” See 31 C.F.R. § 800.239. Any foreign investor meeting these criteria would also be considered an “end user” of the critical technology, where applicable, for the purposes of the U.S. regulatory authorizations.

With respect to licenses or other approvals required under the ITAR and EAR, in most cases the mandatory filing requirement applies regardless of whether a license exception under the EAR (except as noted below) or license exemption under the ITAR would be available to the foreign person involved. The proposed rules carry over most of the current exceptions for items eligible for License Exception ENC (applicable to certain encryption items), and add new exemptions for items eligible for License Exception TSU (covering certain unrestricted technology and software) or certain parts of License Exception STA (authorizing exports to certain U.S. allied countries as a strategic trade authorization).

These proposed changes to the critical technologies mandatory filing requirements will likely bring more clarity and certainty to U.S. businesses evaluating whether these requirements apply to their transactions, as compared to the NAICS code-based requirements. At the same time, it will be critical for investors and U.S. businesses to conduct diligence at an early stage in the transaction to evaluate how U.S. export controls and other applicable regimes would apply to the investors and the entities or persons in their ownership chain.

This shift to U.S. regulatory authorizations will have a greater impact on foreign investors from countries subject to stricter U.S. export controls, such as China and Russia. These requirements will also have a disproportionate impact on specific parties subject to export restrictions due to placement on restricted parties lists maintained by the Departments of Commerce (e.g., the Entity List), State (e.g., the Arms Export Control Act Debarred List), and the Treasury (e.g., the Specially Designated Nationals List). This reflects the increasing significance of U.S. export controls and the CFIUS review process as important tools of U.S. national security and international trade policy.

Other Clarifications to the CFIUS Mandatory Filing Requirements

The current CFIUS regulations include a second mandatory filing requirement for transactions where an investor in which a foreign government has a “substantial interest” will obtain a “substantial interest” in a TID U.S. business. The proposed rules make clarifying changes to the definition of “substantial interest” for the purposes of this requirement. Specifically, the proposed rules clarify that a foreign government’s interests in a general partner (or equivalent) of an entity only apply if that general partner (or equivalent) primarily directs, controls, or coordinates the activities of the entity. They also clarify that for the purpose of calculating indirect interests, all interests held by a parent (not just voting interests) will be considered a 100% interest in any entity of which it is a parent.

As noted above, Treasury is accepting public comments on the proposed rules through June 22, 2020. MoFo’s National Security team will continue to provide updates on the status of these new regulations and other significant developments affecting CFIUS and U.S. export controls.

[1] ECRA Section 1758 requires a U.S. interagency process to identify emerging and foundational technologies essential to U.S. national security and not covered in other regulations, and to establish appropriate controls under the EAR. Commerce issued an Advanced Notice of Proposed Rulemaking in November 2018, identifying and requesting comments on the categories of emerging technologies that could be subject to these regulations. Commerce has not further finalized the emerging and foundational technologies regulations.

[2] If an entity’s activities are primarily directed, controlled, or coordinated by or on behalf of a general partner (or equivalent), only interests in the general partner (or equivalent) would constitute a “voting interest” for the purposes of this item (v). For the purposes of calculating indirect voting interest, any interest of a parent would be deemed to be a 100% interest in any entity of which it is a parent. Finally, the voting interests of foreign investors would be aggregated where such investors are related, have formal or informal arrangements to act in concert, or are agencies or instrumentalities of, or controlled by, the same foreign government.

[View source.]