Ten Key Points About CFIUS and Export Control Reform

International Trade & Compliance Alert


Congress has agreed upon two pieces of legislation soon to be signed by the President that will provide for a major expansion in the (i) screening by the Committee on Foreign Investment in the United States ("CFIUS") of certain transactions involving foreign persons and (ii) regulation of the transfer and use of sensitive U.S. goods and technologies in both the United States and abroad. 

The impetus for the two pieces of legislation is the changed national security landscape resulting from the increased importance of critical technology, especially emerging and foundational technology, critical infrastructure and cyber security, all primarily in response to perceived challenges posed by China. 

Both pieces of legislation adopt an expanded scope of national security and foreign policy to include such considerations as technology and manufacturing leadership and international competitiveness.  The Foreign Investment Risk Review Modernization Act ("FIRRMA") expands the authority of CFIUS to analyze, monitor and budget for an extensive range of transactions that go beyond corporate acquisitions.  The Export Control Reform Act ("ECRA") provides sweeping statutory authority for regulation of commodities and technology, including in-country transfers and changes in an item's use in foreign countries.  By and large sustaining current agency practice, the ECRA wipes away decades of policy and organizational stalemate that have left U.S. export controls without a firm statutory basis. 

Taken together, these two statutes will result in more regulators, more regulation and increased compliance risks, especially for companies dealing with leading-edge technology.  The regulatory implications of these pieces of legislation are expected to be extensive and most deserving of industry participation.

Following our November 2017 assessment of the initial FIRRMA proposal, this alert summarizes 10 of the most significant considerations for advanced technology companies and non-U.S. investors that seek to deploy capital in the United States.

1. Technology Transfer Restraints

In general, FIRRMA and the ECRA will preserve export controls' role as the principal means of restraining international transfers of U.S. advanced technology.

Prior versions of FIRRMA would have had CFIUS go beyond its role of screening inbound investment to restrict technology transfers through U.S. companies' joint ventures with non-U.S. companies and similar outbound transactions.  Congress decided to continue limiting CFIUS to screening a broad array of inward transactions and letting the U.S. Commerce Department ("Commerce") lead in restricting outward technology transfers through its administration of export control regulations. 

As a major new initiative, the ECRA instructs the President to form an interagency group to continually identify "emerging and foundational technologies"—technologies that are "essential to the national security of the United States" but not already subject to export license requirements.  The Secretary of Commerce is to establish appropriate controls on such technology.  Of particular significance, the ECRA mandates that Commerce require a license for the export, reexport or in-country transfer of emerging and foundational technologies to a country subject to an arms embargo imposed by the United States.  China is subject to a U.S. arms embargo. 

The interagency process to identify emerging and foundational technologies is to be informed by various sources, including information that CFIUS secures through its transaction-screening proceedings.  

Defining these emerging and foundational technologies is a tall order.  The government is not naturally equipped to identify and assess technologies as they are emerging from industry.  To meet this challenging mandate, cautious U.S. officials can be expected to take a broad view in defining technology and transactions that require approval.

FIRRMA reinforces that CFIUS should be especially watchful for foreign, and especially Chinese, investment transactions that purportedly threaten U.S. security by facilitating technology transfer.  FIRRMA stresses that CFIUS has jurisdiction over foreign investment in U.S. companies that develop or have "critical technologies," defined to include newly identified "emerging and foundational technologies," unless those investments are relatively small and wholly passive.

2. Expanded and Clarified CFIUS Jurisdiction

FIRRMA provisions regarding critical technology and critical infrastructure clarify CFIUS's jurisdiction in these areas.  Under FIRRMA, the definition of covered transaction expressly includes, among other things, specified types of investments by a foreign person in any unaffiliated U.S. business that (i) owns, operates, manufactures, supplies or services critical infrastructure; (ii) produces, designs, tests, manufactures, fabricates or develops one or more critical technologies; or (iii) maintains or collects sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security. 

Such investments are defined as any investment that gives the foreign person (i) access to material non-public technical information; (ii) membership or observer rights on the board of directors; or (iii) any involvement, other than through voting of shares, in substantive decision-making of the U.S. business regarding sensitive personal data of U.S. citizens, critical technologies or critical infrastructure.  Given how broadly CFIUS has construed its jurisdiction in recent months, this provision may not create an expansion in practice.

In a notable expansion of CFIUS's jurisdiction, FIRRMA adjusts the definition of "covered transaction" to authorize CFIUS to screen acquisitions and leases of real estate in close proximity to U.S. military or other sensitive national security facilities or that involve air or maritime ports.


The ECRA provides authorization for and legitimization of expansions of requirements in export control regulations that Commerce has developed while the regulations have generally had an uncertain grounding in an international emergency statute.  In particular, it validates U.S. regulatory reach beyond exports and reexports to cover in-country transfers and changes in an item's use in a foreign country.  In addition, the ECRA makes the authority to issue license restrictions statutory.  Finally, the ECRA codifies the criminal and civil penalties applied to dual use export controls.

Companies and others working in early-stage technology development may suddenly find their technology subject to dual use export controls, and themselves subject to all the accompanying requirements.  In recognition of the complexity the regulations will impose on companies, especially small and start-up technology companies, the ECRA mandates various government outreach and training efforts. 

In addition, the ECRA mandates a review of license requirements relating to countries like China that are subject to comprehensive arms embargoes.

4. New "Light" CFIUS Filings

FIRRMA authorizes parties to submit abbreviated "declarations" to CFIUS instead of standard transaction notices – an expedited process that could be most helpful for routine transactions.  These declarations or "light" filings will be limited in length and, unlike notices, will not automatically trigger a CFIUS review.  Within 30 days of receipt of a declaration, CFIUS is to request a conventional notice, initiate a unilateral review, inform the parties that review cannot be completed on the basis of the declaration or clear the transaction.

5. Mandatory CFIUS Filings

To date, whether to notify CFIUS of a foreign investment transaction has been a matter of discretion for the parties.  A filing with CFIUS has never been legally mandatory.

Under FIRRMA, in some instances, submission of the abbreviated declarations described above will be mandatory.  Parties to a covered transaction will be required to submit a declaration with respect to the transaction if the transaction involves an acquisition, directly or indirectly, of a substantial interest in U.S. critical infrastructure or critical technology businesses or U.S. businesses that maintain or collect sensitive personal data by a foreign person in which a foreign government has, directly or indirectly, a substantial interest.  In addition, CFIUS may mandate submission of a declaration for any covered transaction involving a U.S. business that produces or trades in "critical technologies" (including export controlled items).  

6. Special Treatment of Investment by Funds Under FIRRMA

FIRRMA clarifies the circumstances in which investment fund transactions will constitute covered transactions.  A foreign person's indirect investment through an investment fund providing the investor membership as a limited partner on an advisory body is not normally a covered transaction if (i) the fund is managed exclusively by a U.S. general partner, managing member or equivalent; (ii) the advisory body does not have the ability to control the investment decisions of the fund or decisions made by the general partner or equivalent; (iii) the foreign person does not otherwise have the ability to control the fund; and (iv) the foreign person does not have access to material nonpublic technical information as a result of its participation on the advisory body.

7. Identification of Transactions for CFIUS Review

To address concerns that CFIUS is not learning about transactions considered to threaten national security, FIRRMA instructs CFIUS to establish a mechanism to identify covered transactions for which a notice or declaration was not filed and for which information is reasonably available. 

8. FIRRMA Implementation Schedule

While FIRRMA will in part take effect on the date of its enactment, some provisions will not take effect until the earlier of (i) 18 months following the statute's enactment or (ii) 30 days after notice by the Secretary of the Treasury that the regulations, organizational structure, personnel and other resources necessary to administer the new provisions are in place.  Provisions that will not immediately take effect include the above described changes to the definition of a covered transaction and the provisions regarding declarations.

9. International Coordination on Security Policy Under FIRRMA

FIRRMA reinforces and extends an expanding U.S. practice of seeking to induce U.S. allies to screen foreign investment in the same way that CFIUS does so.  The statute directs the Secretary of the Treasury to establish a formal process for the exchange of information important to the national security analysis or actions of CFIUS with governments of countries that are allies or partners of the United States.  Among other things, the process should be designed to facilitate the harmonization of action with respect to trends in investment and technology that could pose risks to the national security of the United States and its allies and partners. 

10. CFIUS Process and Procedural Changes

Finally, FIRRMA effects a variety of process and procedural changes.  For example, whereas CFIUS does not presently have filing fees, the legislation authorizes CFIUS to collect a fee with respect to covered transactions for which a written notice is submitted up to the lesser of (i) 1% of transaction value or (ii) $300,000.  In addition, FIRRMA extends the period of an initial "review" after submission of a notice from 30 to 45 days.  The timeline for investigations will remain 45 days, and an investigation may be extended beyond its 45-day limit only once and only for 15 days.

* * * * *

The Orrick International Trade and Compliance group has been a leader in dual use and military export controls for nearly four decades. In addition, the group has helped secure CFIUS clearance of some of the most challenging transactions to come before the committee since the screening process was established in 1989.