On September 15, 2022, President Biden issued an Executive Order directing the Committee on Foreign Investment in the United States (CFIUS) to consider additional national security factors when reviewing covered transactions in order to ensure that the foreign investment review process remains responsive to the evolving national security landscape.
The Executive Order elaborates on existing statutory factors contained in Section 721 of the Defense Production Act of 1950 (50 U.S.C.A. § 4565), as amended, that CFIUS is currently required to consider and identifies a number of national security factors for CFIUS to prioritize when evaluating covered transactions.
Specifically, the Executive Order directs CFIUS to consider and prioritize the following set of factors, in tandem with existing statutorily prescribed requirements, when reviewing covered transactions:
- A transaction’s effect on the resilience of critical U.S. supply chains that may have national security implications, including those outside of the defense industrial base;
- A transaction’s effect on U.S. technological leadership in areas affecting U.S. national security, including microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies;
- Industry investment trends that may have consequences for a given transaction’s impact on U.S. national security;
- Cybersecurity risks that threaten to impair national security; and
- Risks to U.S. persons’ sensitive data.
We discuss each of the five factors covered by the Executive Order in more detail below.
1.Resilience of Critical U.S. Supply Chains
The Executive Order directs CFIUS to consider a covered transaction’s effect on supply chain resilience and security, both within and outside of the defense sector because of the potential of certain foreign investments undermining supply chain resilience efforts and therefore national security by making the U.S. vulnerable to future supply disruptions.
According to the Executive Order, supply chain vulnerabilities may occur if an investment shifts ownership or control with respect to certain manufacturing capabilities, services, critical mineral resources, or technologies to a foreign person who might take actions to impair the national security of the U.S. as a result of the transaction.
Specific considerations that CFIUS is directed to take when reviewing a covered transactions effect on U.S. supply chains include: (i) the degree of diversification through alternative suppliers across the supply chain, including suppliers located in allied or partner countries; (ii) supply relationships with the U.S. government; and (iii) the concentration of ownership or control by the foreign person in a given supply chain.
2. S. Technological Leadership
CFIUS is currently statutorily required to consider the potential effects that a covered transaction may have on U.S. technological leadership. However, the Executive Order elaborates on existing statutory requirements and specifically identifies sectors that are fundamental to U.S. technological leadership, including microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, climate adaptation technologies, and elements of the agricultural industrial base that have implications for food security and instructs CFIUS to consider whether a covered transaction involves manufacturing capabilities, services, critical mineral resources, or technologies in such fields.
The Executive Order goes even further and instructs CFIUS to consider whether a covered transaction could result in future advancements and applications in technology that could undermine national security, and whether a foreign person involved in the transaction has ties to third parties that may pose a threat to U.S. national security.
3. Industry Investment Trends
The Executive Order directs CFIUS to consider the risks arising from a covered transaction in the context of multiple acquisitions or investments by a foreign company or country in a single sector or in related sectors that may facilitate the transfer of sensitive technology in key industries.
In order to effectuate this priority, the Executive Order calls upon CFIUS to request, as part of its review of covered transactions, that the Department of Commerce’s International Trade Administration provide CFIUS an analysis of the industry or industries in which a U.S. business operates, and the cumulative control of, or pattern of recent transactions by a foreign person or, directly or indirectly, by a foreign government, in that sector or industry.
4. Cybersecurity Risks
With respect to the fourth factor, the Executive Order directs CFIUS to consider whether a covered transaction may provide a foreign person, or their relevant third-party ties, with access to conduct cyber intrusions or other malicious cyber-enabled activity, in addition to the cybersecurity posture, practices, capabilities, and access of all parties to the transaction that could allow a foreign person, or their relevant third-party ties, to manifest such activities.
The Executive Order specifically calls on CFIUS to consider whether a covered transaction may provide a foreign person, or their third-party ties, with access to capabilities or information databases and systems on which actors could engage in malicious cyber‑enabled activities affecting the interests of the U.S., including:
- activity designed to undermine the protection or integrity of data in storage or databases or systems housing sensitive data;
- activity designed to interfere with U.S. elections, U.S. critical infrastructure, the defense industrial base, or other cybersecurity national security priorities set forth in Executive Order 14028 of May 12, 2021 (Improving the Nation’s Cybersecurity); and
- the sabotage of critical energy infrastructure, including smart grids.
5. Risks to U.S. Persons’ Sensitive Data
Existing statutory provisions require CFIUS to scrutinize investments made by foreign persons in U.S. businesses that maintain or collect sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security.
However, the Executive Order reemphasizes and directs CFIUS to continue considering whether covered transactions involve U.S. businesses that have access to or that store U.S. persons’ sensitive data, including health and biological data, and whether such transactions involve a foreign person who might take actions that threaten U.S. national security.
Further, the Executive Order instructs CFIUS to prioritize scrutinizing whether a foreign investor has, or the parties to whom the foreign investor has ties, have sought or have the ability to exploit the sensitive data of U.S. persons to the detriment of U.S. national security, including through the use of commercial or other means.
An illustrative example of this factor being scrutinized in real-life is currently unfolding through the negotiations between CFIUS and TikTok, the Chinese-owned video app. TikTok has been in negotiations with CFIUS for more than two years because of its Chinese ties and concerns about TikTok’s ability to protect the data of American users from Chinese authorities. The U.S. and TikTok have reportedly drafted a preliminary agreement to resolve such concerns and are being asked by CFIUS to store its American data solely on servers located in the U.S. as a remedy.
While the Executive Order does not alter CFIUS processes or its legal jurisdiction, the number of transactions reviewed by CFIUS will likely continue to grow as The White House increases its scrutiny of foreign investments in and acquisitions of U.S. businesses in certain critical technology sectors.
Parties to covered transactions, especially those transactions involving one of the five prioritized factors, reviewed by CFIUS should expect an increase in scrutiny of investments in U.S. businesses.