Earlier this month, United States President Joe Biden signed an executive order (E.O.) that announced focus areas for consideration by the Committee on Foreign Investment in the United States (CFIUS) in evaluating foreign investments into the US. According to a Fact Sheet regarding the E.O. released by the White House, “This E.O. does not change CFIUS processes or legal jurisdiction.” Instead, “this E.O. provides direction to CFIUS by elaborating on existing statutory factors and adds several national security factors for CFIUS to consider during its review process.” The order has identified five areas of focus for the CFIUS process.
- Impact on Supply Chain
- Effect on US Technological Leadership
- Aggregate Investment Trends
- Cybersecurity Threats
- Protection of Sensitive Data of US Persons
Impact on Supply Chain
The E.O. directs the Committee to consider the “domestic capacity to meet national security requirements, including those requirements that fall outside of the defense industrial base. In particular, the resilience of certain critical United States supply chains may have national security implications.” The E.O. highlights the need to protect “certain manufacturing capabilities, services, critical mineral resources, or technologies that are fundamental to national security—including because they are critical to United States supply chain resilience” from possible foreign endangerment.
Effect on US Technological Leadership
In an effort to maintain the US’s technological leadership, the E.O. directs the Committee to consider the impact of a transaction on “manufacturing capabilities, services, critical mineral resources, or technologies” that specifically involve “microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies.”
Aggregate Investment Trends
Instead of looking at foreign investments in isolation, the Committee is directed to consider a transaction “in the context of transactions that preceded it.” The aim is to watch out for “incremental investments over time in a sector or technology may cede, part-by-part, domestic development or control in that sector or technology.”
The E.O. directs the Committee to specifically be on the lookout for “investments by foreign persons with the capability and intent to conduct cyber intrusions or other malicious cyber-enabled activity.
Protection of Sensitive Data of US Persons
According to the E.O., “data is an increasingly powerful tool for the surveillance, tracing, tracking, and targeting of individuals or groups of individuals, with potential adverse impacts on national security.” Therefore, the Committee is directed to consider threats by “foreign investments in United States businesses that have access to or that store United States persons’ sensitive data, including health and biological data.
It is unclear what if any impact, including tightening restrictions, the promulgation of these criteria will have on the actual CFIUS process as much of the areas outlined in the E.O. have assumed to have been in the Committee’s cross-hairs for some time. However, having this additional guidance will likely be helpful for investors contemplating regulatory risk for their inbound transactions.
It is important to note that CFIUS is an agency of the executive branch and the president does not need to publish an executive order to inform CFIUS what its priorities should be. So why publish an executive order?
CFIUS has operated essentially as a black box since it was established almost 50 years ago. CFIUS proceedings are entirely confidential and the public generally does not learn about how it makes its determinations (except by drawing conclusions, after the fact, based on direct interactions and media reports).
At the National Conference on CFIUS earlier this year, members of the Committee seemed to suggest that after the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) revisions to the CFIUS regulations were released, the Committee expected to receive more voluntary filings than it actually received in 2021. That was in spite of the fact that CFIUS reported a 10-year high in the number of transactions it reviewed in 2021.
This Order appears to be another signal to the inbound foreign investment community that transactions involving US businesses that concern the supply chain, manufacturing capabilities, services, critical mineral resources, or technologies that are fundamental to United States technological leadership and therefore national security, are a high priority for CFIUS. It further highlighted that the following technologies: microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies, would be on CFIUS’s short list for non-notified reviews. This significantly expands the universe of foreign investments in US technology companies that will likely “require” a “voluntary” filing.
The E.O. also authorized the Office of Science and Technology Policy (“OSTP”) to periodically assess and publish a list of fundamental technologies. Connecting the dots here, this lines up with the Department of Commerce Bureau of Industry and Security (“BIS”) pronouncement in May 2022 that it found it difficult to define emerging and foundational technologies and going forward would not draw a distinction between emerging and foundational technologies. In addition, BIS does not classify technologies broadly for export control purposes. It more narrowly classifies these technologies (which have broad applicability) in the context of their specific application. Consider machine learning and artificial intelligence for example; in 2020, BIS classified the use of machine learning and artificial intelligence as applied to geospacial imaging in ECCN 0D521, but it did not seek to broadly control all applications of the technology. So this leaves a gap in terms of timing because BIS needs time to learn about the new applications of foundational and emerging technologies before it can classify them. It also leaves a void in terms of the more general question of what categories of technologies should be considered emerging and foundational for national security purposes. It would appear that through this executive order, OSTP will step in to try to fill the gap to identify the emerging and foundational technologies that should be considered critical technologies under section 800.215(f) of the CFIUS regulations. In light of BIS’s failed attempt to do just that, it remains to be seen whether OSTP will be successful.
Nixon Peabody will continue to monitor future changes to CFIUS activities.