On Thursday, September 15th, President Biden signed Executive Order 14083 instructing the Committee on Foreign Investment in the United States (CFIUS) to consider five new sets of factors when reviewing transactions with foreign parties. A fact sheet released by the White House notes that the order is the first of its kind “to provide formal Presidential direction on the risks that the Committee should consider when reviewing a covered transaction.”
CFIUS, which was established in 1975 under the aegis of the U.S. Department of the Treasury, is an interagency committee that reviews transactions involving investment in the U.S. by foreign parties and identifies any national security threats posed by such transactions. The Committee has gained greater authority in the past few years, namely with the enaction of the Foreign Investment Risks Review Modernization Act of 2018 (FIRRMA), which became effective on February 13, 2020. This act served as an update to CFIUS regulations in response to evolving national security concerns and significantly expanded the agency’s jurisdiction to include transactions that could potentially give foreign parties access to (or control over) U.S. critical technologies, critical infrastructure or sensitive personal data.
The order and the fact sheet highlight various factors related to current national security concerns that the Committee should take into account during its review process
Certain supply chains are responsible for the production and processing of items that are crucial to U.S. stability and security, such as pharmaceuticals, semiconductors, microelectronics, high-capacity batteries, minerals and other raw materials. If a covered transaction involves a business connected to such supply chains, the order instructs the Committee to consider factors such as whether the supply chain has alternate supplier options (as opposed to being reliant on a single source) and whether suppliers are servicing sensitive areas such as the energy sector or defense industrial base.
Similar to the first point, the order drills down further, specifying that CFIUS should carefully scrutinize whether certain transactions will affect the supply chains that are needed to allow the U.S. to maintain a technological advantage over other countries. This would include supply chains needed for the production and advancement of “microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies.”
The order emphasizes that the Committee should not just weigh the risks of acquisitions in isolation, but rather should take a comprehensive view when multiple investments by a foreign party are made in a single business sector or several related sectors. While the acquisition of one business in a U.S. security-adjacent sector may not pose a significant threat, these types of acquisitions in the aggregate can tip the balance of cumulative control in favor of foreign bad actors.
The Committee should also take care to discern what investment activities would give foreign parties the ability to “conduct cyber intrusions or other malicious cyber-enabled activity” that would compromise national security. Such malicious cyber activities could include interfering with U.S. elections, impeding the operations of critical infrastructure (e.g., the energy grid) or hampering communications systems.
As an extension of a general heightened vigilance surrounding the United States’ cybersecurity, the order directs the Committee to also take into account potential access to Americans’ personal data. Many businesses hold large quantities of citizens’ sensitive information, such as biological information, financial information or other personal identifying information. In the wrong hands, such data can be used to target, exploit or surveil certain groups of individuals in ways that threaten national security.
The recent efforts to strengthen and broaden the scope of CFIUS should be front-of-mind for companies that are interested in foreign investors. Companies in industries and sectors specifically mentioned in the executive order should carefully consider whether an investment by a foreign party might require notice to be given to CFIUS. Going forward, companies should expect a foreign investment review process that encompasses a greater swath of transactions.
If you have any further questions regarding the new executive order or CFIUS compliance in general, please contact William Newman.