FIRRMA directed the U.S. Department of the Treasury (“Treasury”), as the chair of CFIUS, to issue regulations that, among other things, address national security concerns arising from foreign investment in U.S. businesses with critical technologies, critical infrastructure, and personal data (referred to in the proposed regulations as “TID U.S. businesses”). The proposed CFIUS regulations implement these provisions of FIRRMA by (i) defining what constitutes a TID U.S. business and (ii) expanding CFIUS’s jurisdiction to include not only transactions that result in control of a TID U.S. business, but also “covered investments” that give a foreign person certain rights with respect to a TID U.S. business (together referred to as “covered transactions”). Life Sciences businesses who maintain or collect, directly or indirectly, sensitive personal data of U.S. citizens might fit the definition of a TID U.S. business and will benefit from learning more about these regulations.
The major takeaways from the proposed TID U.S. business regulations are:
- Risk-Based Analysis: Long-time CFIUS practitioners have heard the refrain that CFIUS undertakes a risk-based analysis of transactions presented for review, examining the threat, vulnerabilities, and consequences to U.S. national security of a particular action. The proposed regulations now articulate these specific elements of the analysis that form the basis for CFIUS’s review of a notified transaction.
- CFIUS Filings Mandatory for Some But Not All TID U.S. Business Covered Transactions: The CFIUS pilot program that became effective in November 2018 requires the submission of a declaration (or full CFIUS notice) for covered transactions involving pilot program U.S. businesses, and this program will remain in effect at least until the final FIRRMA-implementing regulations are published. The proposed regulations do not impose a mandatory CFIUS filing for a covered transaction involving a TID U.S. business (outside the current pilot program’s requirements), unless a foreign government has a “substantial interest” in the acquiring party (more to come on this issue in the next alert in our series).
- Critical Technologies Definition Unchanged: The proposed regulations contain the same definition for critical technologies in effect under the current pilot program. A key component of the critical technologies definition will take effect once the U.S. Department of Commerce (“Commerce”) issues regulations defining the scope of “emerging and foundational technologies.” Commerce took the first step in this process in November 2018 by issuing an Advanced Notice of Proposed Rulemaking identifying and requesting comments on the categories of emerging technologies to be covered. Commerce officials’ most recent informal statements indicate that proposed new regulations may be forthcoming before year-end.
- Critical Infrastructure for Covered Investments Defined by Form and Function: Appendix A to the proposed regulations sets forth 28 categories of critical infrastructure (Column 1) and specific functions related to each critical infrastructure category (Column 2). Only a U.S. business that performs one of the specified functions listed in Column 2 of Appendix A with respect to the infrastructure listed in Column 1 is a TID U.S. business for purposes of a critical infrastructure covered investment.
- Expanded (and Evolving) Definition of Sensitive Personal Data: FIRRMA expands CFIUS’s jurisdiction to include covered investments by a foreign person in a U.S. business that maintains or collects sensitive personal data of U.S. citizens that “may be exploited in a manner that threatens to harm national security.” To implement this provision, the proposed rule sets forth a detailed definition of “sensitive personal data” that includes not only traditional personal information (e.g., name, address, telephone number), but also health, financial, behavioral, and genetic information. The proposed regulations note that CFIUS anticipates periodically revising this definition (along with other aspects of the regulations).
John P. Carlin
John P. Carlin, former Assistant Attorney General for the U.S. Department of Justice’s (DOJ) National Security Division (NSD) and former Chief of Staff to then-FBI Director Robert S. Mueller, III, chairs Morrison & Foerster’s Global Risk and Crisis Management practice group and is co-chair of the National Security practice group. John, who served as a top-level official in both Republican and Democratic administrations prior More ›
Nicholas J. Spiliotes
Nicholas Spiliotes is Co-Chair of the firm's National Security Practice. He has over 25 years of in-depth experience in advising clients on a wide range of U.S. national security matters in the context of cross-border investments, acquisitions and joint ventures.
Mr. Spiliotes advises clients on U.S. foreign investment approvals (CFIUS); Department of Defense foreign ownership, control and influence mitigation under the National Industrial Security More ›
Panagiotis C. Bayz
Aki Bayz has a multidisciplinary practice covering national security regulatory compliance and transactional matters.
National Security. Mr. Bayz advises clients on compliance with the applicable trade sanctions and economic embargoes administered by the Treasury Department Office of Foreign Assets Control (OFAC), the export control and anti-boycott requirements of the Commerce Department Bureau of Industry and Security (BIS), and military items subject to the jurisdiction More ›
Charles L. Capito III
Charles Capito assists Government Contractors with a variety of litigation issues, with a focus on pre- and post-award bid protests, and contract claims and disputes. He has extensive experience at the Government Accountability Office, the Court of Federal Claims, the boards of contract appeals, and other judicial and administrative tribunals. Charles counsels clients on a variety of Government Contract issues, including prime- and subcontractor More ›
Amy S. Josselyn
Amy Josselyn is an associate in the National Security, CFIUS, Sanctions + Export Controls Group in Morrison & Foerster’s Washington, D.C. office.
Ms. Josselyn draws upon 15 years of experience in the U.S. Intelligence Community to advise clients on national security regulatory compliance and transactional matters. Ms. Josselyn’s practice focuses on U.S. foreign investment approvals involving the Committee on Foreign Investment in the United More ›
Joseph A. Benkert
Joseph Benkert is a senior advisor in Morrison & Foerster’s National Security practice group. He advises clients on critical national security matters pertaining to the Committee on Foreign Investment in the United States (CFIUS), export controls, and various regulatory and compliance issues.
Mr. Benkert previously served as a leading civilian official in the Department of Defense (DoD) from 2003-2009 under More ›