January 29, 2020

The Department of Treasury has released the final regulations implementing the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”), which contain significant changes to the process by which the Committee on Foreign Investment in the United States (“CFIUS”) reviews foreign investment in U.S. businesses. It is important that both foreign investors and U.S. businesses considering foreign investment or sale understand these new rules and how U.S. Government national security concerns can impact proposed transactions.

The President of the United States has the statutory authority to block or unwind foreign investment that he or she believes impairs the national security. Authority to review transactions and proposed transactions for national security purposes is vested in CFIUS, which is an inter-agency committee housed in the Department of Treasury. CFIUS’ traditional jurisdiction was over “covered transactions,” generally defined as transactions that could result in the “control” of a U.S. business by a foreign person. Prior to FIRRMA, the decision of whether or not to undertake the CFIUS process was primarily voluntary, unless the Committee elected to undertake a review of its own initiative.

Through FIRRMA, Congress sought to modernize the CFIUS process to reflect both the expanded concept of the country’s national security and the increasingly complex way that foreign businesses and governments invest in the U.S. As a result, more transactions – and more types of transactions – now fall within CFIUS’ regulatory purview. Further, FIRRMA and the new regulations impose a mandatory “declaration” requirement on certain classes of transactions. The highlights of the new regulations are summarized below.

A. Expansion of CFIUS’ Jurisdiction to “Covered Investments”

CFIUS has jurisdiction to review “covered transactions.” Pre-FIRRMA, only a foreign investment that could result in control of a U.S. business constituted a covered transaction. The final FIRRMA regulations formally expand CFIUS’ jurisdiction to include certain non-control transactions that nonetheless may have national security implications. The new definition of “covered transaction” includes the following: (1) a “covered control transaction”; (2) a “covered investment”; (3) a change in the rights of a foreign investor that results in a covered control transaction or covered investment and (4) transactions designed to evade coverage of the rules.

 The definition of a “covered control transaction” remains essentially the same as a “covered transaction” under the pre-FIRRMA CFIUS regime: any transaction that may result in the control of a U.S. business by a foreign person. The new regulations do not materially modify CFIUS’ expansive definition of “control,” which encompasses the power to decide or direct any important matters affecting the U.S. business.

The important change comes in the addition of “covered investments,” which constitute a significant expansion of CFIUS’ jurisdiction. Under the new regulations, effective February 13, 2020, a “covered investment” is one that gives a foreign party any of the following in a “TID U.S. business” (defined below): (1) access to material, non-public information in the possession of the TID U.S. business; (2) a seat or observer rights on the board of directors (or equivalent) of the TID U.S. business and (3) involvement (other than through shareholder voting) in the TID U.S. business’ decision-making regarding: (a) U.S. person sensitive personal data; (b) “critical technologies” or (c) “covered investment critical infrastructure.”

As noted above, only a transaction involving a “TID U.S. business” meets the definition a “covered investment.” A TID U.S. business is one that:

1.  produces, designs, etc. one or more “critical technologies”; 

  • Critical technologies are: (a) items subject to control under the International Traffic in Arms Regulations; (b) items subject to specified higher-level controls under the Export Administration Regulations; (c) items subject to specified nuclear controls; (d) select agents and toxins, as defined by regulation and (e) “emerging and foundational technologies,” which will be defined in the future under the Export Control Reform Act.

2. performs one of the designated functions with respect to “covered investment critical infrastructure”;

  • Covered investment critical infrastructure are the assets and features specified in the new Appendix A to Part 800 of the CFIUS regulations. Examples include public utilities, communication systems and defense assets. Appendix A also specifies the functions relating to the infrastructure that result in TID U.S. business status.

3. maintains or collects “sensitive personal data” regarding U.S. citizens.

  • Sensitive personal data has an extensive regulatory definition, which includes personally-identifiable financial, health, biometric and geolocation information collected on more than one million individuals. This provision is consistent with CFIUS’ recent actions against and investigations of, Chinese investment in websites that store personal data, such as Grindr and Tik Tok. 

B. Mandatory Declarations

FIRRMA also introduced mandatory filings into the CFIUS review process. The concept behind “mandatory declarations” is that the parties will submit a shorter-form of information regarding the transaction, which will enable CFIUS to determine if additional review is necessary. CFIUS first implemented this process through an October 2018 “Pilot Program” for certain types of transactions involving critical technologies. In practice, many of the transactions that triggered a mandatory declaration under the Pilot Program resulted in the parties electing to file a full notification with the Committee.

Unless an exception applies, the new FIRRMA regulations provide for mandatory declarations in two circumstances:

1.  A “covered transaction” (which includes both covered control transactions and covered investments) resulting in the acquisition of a “substantial interest” in a TID U.S. business by a foreign party in which a foreign government other than an “excepted foreign state” (defined in the next section) have a substantial interest.

  • In the context of a foreign party’s acquiring an interest in a U.S. business, a substantial interest is at least 25% of the voting securities;
  • In the context of a foreign government’s holding an interest in the acquiring foreign person, a substantial interest is at least 49% of the voting securities.

2.  A covered transaction involving an investment in a TID U.S. business that produces, designs, etc. one or more critical technologies that are utilized in connection with, or specifically designed for, one or more of the industries identified in the new Appendix B to Part 800 of the CFIUS regulations.

There are several exceptions to the mandatory declaration requirement, which vary depending on the type of transaction. The key exceptions include:

  • No declaration is required for a foreign government “substantial interest” transaction where: (a) the purchaser is an investment fund; (b) the fund is managed by a general partner or managing member who is not a foreign person and (c) with respect to any foreign person who is a limited partner, advisory board member, etc., that person does not have the ability to control the fund or its investment decisions.


  • Some of the key exceptions to the declaration requirement for an investment in a TID U.S. business that operates in an Appendix B industry are: (a) it is a “covered control transaction” by an “excepted investor” (discussed in the following section); (b) it is a “covered transaction” in which the investor is subject to a special security agreement (or equivalent) and holds a facility security clearance; (c) the purchaser is an investment fund meeting the requirements listed in the preceding paragraph and (d) the investment is in a U.S. business that qualifies as a “TID U.S. business” solely on the basis of critical technologies that eligible for license exception ENC (for encryption technology) under the Export Administration Regulations.

The new regulations provide certain additional exceptions (e.g., for transactions involving air carriers) and examples to illustrate the new rules.

C. Excepted Investors and Excepted Foreign States

While the final FIRRMA regulations impose new burdens and scrutiny on foreign investors and U.S. businesses in several ways, they do include relief for a certain class of foreign entities. Where the foreign purchaser is an “excepted investor,” the transaction is excluded from the definition of a “covered investment.” In addition, no mandatory declaration is required for “covered control transactions” involving excepted investors. Therefore, excepted investor status will be advantageous for foreign businesses and may become a sought-after feature in trade negotiations.

The regulations governing excepted investors are complicated, but the basic requirements are that the foreign party be: (a) an individual who is a national only of one or more “excepted foreign states”; (b) the government of an excepted foreign state or (c) a business that is organized under the laws of and has a principal place of business in, an excepted foreign state or the U.S. and has ownership and board of directors make-ups that meet the thresholds specified in the regulations. There are also several exceptions to excepted investor status, particularly for foreign entities that have faced substantial penalties under U.S. export control laws.

The initial “excepted foreign states” are Australia, Canada and the United Kingdom. However, CFIUS is expected to expand that list over time and other allied countries will likely lobby for inclusion.