Skip Repeated Content

CFIUS Pilot Program Requires Mandatory Filings for Certain Transactions Involving “Critical Technologies”

October 12, 2018

On October 10, 2018, CFIUS published what may be only its first set of interim rules implementing specific provisions of the Foreign Risk Review Modernization Act (FIRRMA).  These rules:  (1) create a pilot program both expanding CFIUS jurisdiction to include certain non-controlling investments by foreign persons in U.S. businesses involved in critical technologies related to identified industries and requiring parties to notify CFIUS about such transactions before they occur (Pilot Program); and (2) update the existing CFIUS regulations to account for particular provisions of FIRRMA that went into account upon that law’s enactment.

Historically, reporting to CFIUS was voluntary in most instances, but parties who chose to submit a notice to CFIUS could take advantage of a statutory “safe harbor” in which a transaction was sheltered from further review provided that the contents of the notice and any additional provided information were accurate.  Of course, by reporting a transaction, the parties could face further investigation, a demand by CFIUS for mitigation, or even an order from the President to suspend or effectively unwind the transaction in light of national security concerns.  FIRRMA, however, introduced mandatory reporting to CFIUS for transactions in which a foreign government has a “substantial interest” in an entity that would acquire a “substantial interest” in a U.S. business that involves critical infrastructure, critical technologies, or that maintains or collects sensitive personal data.  The Pilot Program appears to expand significantly the requirement for mandatory reporting to include potentially a wide range of transactions by foreign entities (even where a foreign government does not have a “substantial interest”) in any U.S. business involved in or “necessary to design, fabricate, develop, test, produce or manufacture” the “critical technologies” related to a delineated list of industry sectors.  Failure to comply with mandatory reporting requirements may be punishable by civil monetary penalties up to the value of the transaction.

CFIUS states this expansion is necessary in order to “assess and address ongoing risks to the national security of the United States resulting from two urgent and compelling circumstances: (1) The ability and willingness of some foreign parties to obtain equity interests in U.S. businesses in order to affect certain decisions regarding, or to obtain information relating to, critical technologies; and (2) the rapid pace of technological change in certain U.S. industries.”

Scope of the Pilot Program

Covered U.S. Businesses

The coverage of the Pilot Program is potentially enormous, but a complex set of definitions contained in the program make this somewhat unclear at least until CFIUS, through enforcement actions or further clarification, makes these terms less ambiguous.  In many instances, a foreign investor may not have reason to know that a U.S. business in which it may invest falls under the parameters of the Pilot Program.  For now, parties considering investment in potentially covered industries should proceed with great caution.

The Pilot Program covers any U.S. business that produces, designs, tests, manufactures, fabricates, or develops a “critical technology” that is:  (1) utilized in connection with the U.S. business’s activity in one or more designated “ Pilot Program Industries”; or (2) designed by the U.S. business specifically for use in one or more of those industries.  Such businesses are designated “Pilot Program U.S. Businesses.”  Thus, if a business that merely uses critical technology that it received from others, it may be able to argue that it does not fit within the definition of a Pilot Program U.S. Business.

The Pilot Program designates 27 specific business sectors, identified by their respective North American Industry Classification System (NAICS) code.[i]  This list is quite broad and includes aircraft manufacturing, certain computer manufacturing, military-related manufacturing, semiconductor and related device manufacturing, certain chemical technologies, and nuclear power generation.

 FIRRMA broadly defines “critical technologies” to generally include:  (i) Defense articles or services included on the U.S. Munitions List set forth in the International Traffic in Arms Regulations (ITAR); (ii) items that are civilian/military dual-use technologies subject to Export Administration Regulations export controls, either (a) pursuant to multilateral regimes relating to national security, chemical and biological weapons proliferation, nuclear nonproliferation or missile technology; or (b) for reasons relating to regional stability or surreptitious listening; (iii) specified nuclear equipment, parts and components, materials, software, technology, and facilities; (iv) select agents and toxins; and (v) emerging and foundational technologies controlled pursuant to the Export Control Reform Act of 2018.

Notably, the Pilot Program does not address issues involving critical infrastructure or the maintenance or collection of sensitive personal data, both areas of additional, specific concern in FIRRMA.  This may signal the possibility that CFIUS could initiate future pilot programs to address those concerns.

Covered Investments

A foreign investment may be subject to the mandatory filing requirement of the Pilot Program even if it would not gain “control” over the relevant U.S. business if the foreign investor would thereby gain:  (1) access to material non-public technical information[ii]; (2) membership or observer rights to the governance of the U.S. business or the right to nominate an individual onto the board or other governing body of the U.S. business; or (3) any other ability, except through voting shares, to substantively direct the substantive decision making of the US business with respect to critical technology. 

No Country-Specific Treatment

FIRRMA includes neither a list of countries subject to increased scrutiny nor a list of countries from which foreign direct investments could be excluded from CFIUS review, but it does authorize CFIUS to publish regulations identifying “certain categories of foreign persons” that may be subject to varying levels of review.  The Pilot Program does not contain any country-specific provisions, and, by its terms, applies to all foreign investors.  This preserves the greatest amount of discretion for CFIUS, which may review and act upon transactions involving investors from any country outside the U.S.  It also may position CFIUS to defend any “black” or “white” lists it issues in the future, to the extent that it can point to country-specific data it collects during the life of the Pilot Program.

Mandatory Filings

Parties to a transaction subject to mandatory reporting may choose to file either a full notice or a new short-form declaration, but parties should note that there may be limitations to the safe harbor treatment provided to transactions submitted only by declaration.   The declaration is intended to be an abbreviated version of a formal CFIUS notice, but it must include much of the same information regarding the transaction required in a notice, including descriptions of the transaction, its structure, and the interest to be acquired, sources of funding for the transaction and information regarding both the U.S. target and the proposed foreign investor(s).  In addition, a declaration must include statements acknowledging the applicability of the Pilot Program parameters to the transaction; that is, parties filing a declaration appear to give up the option at a later time to claim the transaction is not subject to CFIUS jurisdiction. Theoretically, a declaration may be limited to five pages, and CFIUS is developing an online declaration template to facilitate such filings.

Generally, the parties must submit a declaration at least 45 days before they intend to finalize the transaction, and CFIUS must respond within 30 days of receiving the declaration.[iii]  If CFIUS is not able to resolve any concerns regarding the transaction within that time, it will inform the parties and may:  (1) Request the parties file a formal notice; (2) inform the parties that CFIUS cannot complete action on the basis of the declaration, and that they must file a notice in order to receive a final determination from CFIUS as to the transaction; or (3) unilaterally initiate a review of the transaction through an agency action.  Filing a formal notice presumably would set in motion a new set of deadlines once the notice is accepted by CFIUS.

Key Dates

The Pilot Program is scheduled to go into effect on November 10, 2018, but it will not apply to transactions:

(1) Completed prior to November 10, 2018; or

(2) for which the following occurred before October 11, 2018:

(i) The parties to the transaction have executed a binding written agreement or other document establishing the material terms of the transaction;

(ii) a party has made a public offer to shareholders to buy shares of a Pilot Program U.S. business; or

(iii) a shareholder has solicited proxies in connection with an election of the board of directors of a Pilot Program U.S. business or has requested the conversion of convertible voting securities.

The Pilot Program is expected to remain in place pending the final regulations implementing FIRRMA, which must be issued by early 2020.  CFIUS will accept written comments on the interim rules until November 10, 2018, though it may not respond to those comments until it releases the final regulations. 

In summary:  CFIUS review, particularly under the Pilot Program, is a fact-specific inquiry and the recent expansion of CFIUS jurisdiction underscores the importance and difficulty of due diligence on both sides of a transaction.  Parties should not underestimate the potential for CFIUS to conclude there are national security concerns in non-U.S. investments in U.S. business, even for investors from NATO countries or other U.S. allies, in areas that may not be facially connected to U.S. security or infrastructure, and even when the parties involved are not facially U.S. businesses. 

For more information about this update, or if you have any questions, please contact Jennifer Kies Mammen or Daniel C. Schwartz in Washington, D.C., at 202-508-6000, or any member of Bryan Cave Leighton Paisner’s National Security Team.

Related Practices

This document provides a general summary and is for information/educational purposes only. It is not intended to be comprehensive, nor does it constitute legal advice. Specific legal advice should always be sought before taking or refraining from taking any action.