On September 15, 2022, President Biden signed an executive order (EO) identifying economic sectors deserving of particular attention for review by the United States Committee on Foreign Investments (CFIUS or the Committee). While the EO does not change CFIUS’s jurisdiction to review foreign investments in U.S. companies, it is the first time a U.S. President has singled out certain factors the committee uses when assessing whether a transaction poses a threat to the country’s national security represents the United States should use. The EO will likely lead to an increase in the number of CFIUS screenings of foreign investments. It specifically directs CFIUS to conduct national security risk assessments with a view to the impact a transaction may have on supply chain security, US technology leadership, cybersecurity, access to sensitive personal data and the impact of incremental investments over time .
The EO reinforces a practical reality that has become increasingly apparent in recent years: foreign investment in large parts of the US economy may draw CFIUS’s attention. CFIUS is likely to particularly focus on investments by foreign companies in technologies considered important to US strategic leadership, such as semiconductors and microelectronics, quantum computing, batteries, autonomous vehicles, robotics and artificial intelligence. And the EO makes it clear that companies that may not consider themselves important to US strategic national security can still attract CFIUS’s attention, including companies in biotechnology and biomanufacturing, advanced clean energy, climate adaptation, critical materials and agriculture.
This EO lands amid a bipartisan focus on the national security concerns that foreign direct investment can raise. In August, CFIUS reported to Congress that the committee was reviewing a record number of transactions for national security risks, and the Biden administration and Congress are considering either an executive order or legislation to “reverse” outbound US investment in semiconductors and related technologies. to check CFIUS” process.
The administration “will continue to evaluate whether additional steps are needed to best position CFIUS to protect US investors from predatory foreign investment,” National Security Adviser Jake Sullivan said after the EO’s release.
EO Summary: Sharpening CFIUS Focus
The EO directs CFIUS to consider five groups of factors when conducting its reviews:
1. Supply Chains. CFIUS is designed to consider the impact of a transaction on “supply chain resilience and security both inside and outside the defense industry base.” Defense Industrial Base refers to the companies that the US Department of Defense relies on to provide military equipment. The EO highlights a wide range of civilian industrial supply chains for CFIUS to consider, including “microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy (such as battery storage and hydrogen), climate adaptation technologies, critical materials (such as lithium and rare earth elements )” and elements of the agricultural sector. The committee is set to examine how a transaction could leave the United States vulnerable to supply chain disruptions. CFIUS should also consider several factors that go into the supply chain itself, including its diversification with alternative suppliers, including allies and partners; whether the US government itself relies on the supply chain; and concentration of ownership or control of the supply chain by a foreign party.
The EO warns of the risks of foreign investment shifting control of critical supply chains to a foreign party, including to a foreign party that has “relevant third-party connections” that “could result in the transaction posing a threat to the national represents security. The emphasis on “third-party ties,” a phrase not further defined but repeated throughout the EO, suggests that the committee will be on the lookout for ties between the foreign investor and other foreign parties. While the EO doesn’t name any nations of particular concern, the government is extremely concerned about competitors like China and Russia, and CFIUS is likely to screen transactions for links to companies from those countries.
2. Technology leadership. The EO directs the committee to consider the impact of a transaction on US technology leadership. It enumerates specific problem areas, including critical minerals, “microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy and climate adaptation technologies.” CFIUS is to review relevant connections of the foreign buyer and its investors or other third parties “that could result in the transaction threatening to harm the national security of the United States.”
3. Investment trends. CFIUS accounts for incremental investment trends in a technology sector that may collectively cede “partial domestic development or control in that sector or technology” to a foreign person. “[A] A series of transactions over time can increase systemic vulnerability, potentially leading to a particular covered transaction posing a national security risk,” a senior administration official explained during a background press briefing, suggesting that CFIUS discuss the specific factors of the transaction National security risk assessment for broader industry trends.
4. Cybersecurity Risks. The EO directs CFIUS to consider the foreign investor’s cybersecurity capabilities and the domestic target’s cybersecurity practices. In particular, the committee should consider whether a transaction could provide a foreign party with “the ability and intent to engage in cyber intruders or other malicious cyber-assisted activities.” These activities include those attempting to influence the outcome of elections, the operation of critical US infrastructure, and the integrity of US communications. CFIUS must also consider the cybersecurity attitudes and practices of all parties to the transaction that could allow a foreign party to engage in such cyber activities. The EO notes that in the Foreign Investment Risk Review Modernization Act of 2018, which expanded CFIUS’ mandate and was passed with near-unanimous support, Congress identified “worsening or creating new cybersecurity vulnerabilities” as a relevant consideration for CFIUS.
5. Sensitive Data. The EO instructs CFIUS to consider sensitive data in a number of ways. First, CFIUS is supposed to check whether a covered transaction involves a US company that has done so Access to sensitive data of US persons, “including health, digital identity or other biological data of US persons and any data that may be identifiable or de-anonymized, which could be exploited to impersonate an individual in a threatening manner second, seemingly out of counterintelligence concerns, CFIUS is to check whether the target company has access to data on “subpopulations” that a foreign company could use to target individuals or groups “in a way that threatens national security.” Third, CFIUS must assess whether a transaction involves the transfer of sensitive information of US persons to a foreign entity “that may take actions that threaten to harm the national security of the United States,” including whether the foreign entity has ties to investors who could exploit the information, including by commercial means.
The EO directs the Committee to keep its practices under review and “continue to make any necessary and appropriate updates to ensure that the Committee’s consideration of national security risks remains robust alongside changes in the national security landscape”. CFIUS is to provide regular reports, including policy recommendations, to the White House.