On August 13, 2018, President Donald Trump signed into law the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA). FIRRMA expands the jurisdiction and powers of the Committee on Foreign Investment in the United States (CFIUS or the Committee), the U.S. interagency committee that conducts national security reviews of foreign investment.

FIRRMA authorizes CFIUS to conduct pilot programs to implement provisions of the legislation that did not become effective immediately upon enactment. On October 10, the U.S. Department of the Treasury issued interim regulations to conduct a FIRRMA pilot program that addresses specific risks to U.S. critical technologies. Separately, CFIUS issued updated regulations formally implementing some of FIRRMA’s provisions that became effective upon enactment.

The FIRRMA pilot program expands the scope of transactions subject to review by CFIUS to include certain noncontrolling investments made by foreign persons in U.S. businesses involved in critical technologies related to specific industries. The program also makes mandatory the filing of a “declaration” (an abbreviated CFIUS notice) for all transactions that fall within its specific scope.

The pilot program, discussed in further detail below, will affect all transactions with a completion date after November 10, 2018. The text of the interim pilot program regulations is available here, and the updated regulations are available here.

FIRRMA Pilot Program Expands CFIUS Jurisdiction to Certain Investments in U.S. Businesses Involved in Critical Technologies in Sensitive Sectors

The pilot program expands CFIUS’s jurisdiction to give the Committee the authority to review certain investments made by any foreign persons in a Pilot Program U.S. Business (as defined below). Notably, the pilot program does not implement FIRRMA’s expanded jurisdiction for all investments in U.S. businesses involved in critical technologies nor the expanded jurisdiction for investments in real estate and critical infrastructure. However, it does cover all foreign persons from all countries, including both public and private persons. Included below are key terms and provisions of the pilot program and their definitions and applicability.

Pilot Program U.S. Businesses - The pilot program covers any U.S. business that produces, designs, tests, manufactures, fabricates or develops a critical technology that is (1) used in connection with the U.S. business’s activity in one or more pilot program industries or (2) designed by the U.S. business specifically for use in one or more pilot program industries. An overview of pilot program industries is included below.

Critical Technologies - Under FIRRMA, “critical technologies” are defined as1

  • defense articles or defense services included on the United States Munitions List;
  • items included on the Commerce Control List set forth in the Export Administration regulations and controlled (1) pursuant to multilateral regimes, including for reasons relating to national security, chemical and biological weapons proliferation, nuclear nonproliferation or missile technology; or (2) for reasons relating to regional stability or surreptitious listening;
  • specially designed and prepared nuclear equipment, parts and components, materials, software and technology relating to assistance to foreign atomic energy activities;
  • nuclear facilities, equipment and material relating to export and import of nuclear equipment and material;
  • select agents and toxins covered by 7 Code of Federal Regulations (CFR) part 331, 9 CFR part 121, or 42 CFR part 73; or
  • emerging and foundational technologies controlled pursuant to section 1758 of the Export Control Reform Act of 2018.

CFIUS has become increasingly concerned with the protection of sensitive U.S. technology as illustrated by the focus on critical technology in this pilot program. Although not covered by the pilot program at this time, FIRRMA also provides for the expansion of CFIUS jurisdiction over transactions involving critical infrastructure and sensitive personal data of U.S. citizens and contemplates mandatory declarations for certain critical infrastructure transactions. Regulations will implement these provisions at a later date.

Pilot Program Industries – The pilot program does not cover all U.S. businesses involved with critical technologies. Rather, the current pilot program covers U.S. businesses involved with critical technologies related to 27 specific industries, identified by their respective North American Industry Classification System (NAICS) code. The list of industries and their relevant NAICS codes is here. These industries are those where the Committee determined that “the threat of erosion of technological superiority from foreign direct investment in these industries require[d] immediate attention.”2 The Committee can reconsider the industries identified and revise the list in future regulations or in final regulations for the pilot program (if CFIUS decides to issue final regulations).3

Covered Investments – Importantly, the pilot program also does not cover every foreign investment in a Pilot Program U.S. Business. It covers only those investments in a Pilot Program U.S. Business by which a foreign person obtains control or in the absence of control obtains

  • access to any material nonpublic technical information in the possession of the target U.S. business;
  • membership or observer rights on the board of directors or equivalent governing body of the U.S. business, or the right to nominate an individual to a position on the board of directors or equivalent governing body of the U.S. business; or
  • any involvement, other than through voting of shares, in substantive decisionmaking of the U.S. business regarding the use, development, acquisition or release of critical technology.

The pilot program incorporates FIRRMA’s language that despite the provision regarding board rights, limited partner participation on an advisory board or committee for an investment fund would not subject the investment to CFIUS jurisdiction, so long as (1) the fund is exclusively managed by a U.S. general partner (or equivalent); (2) the general partner (or equivalent) is not a foreign person; (3) neither the advisory board nor the foreign person can approve, disapprove or otherwise control investment decisions or decisions of the general partner related to entities in which the fund is invested; (4) the foreign person cannot unilaterally remove the general partner (or equivalent); and (5) the foreign person does not have access to material nonpublic technical information.

FIRRMA Pilot Program Makes Filings Mandatory for Certain Investments in U.S. Businesses Involved in Critical Technologies in Sensitive Sectors

FIRRMA establishes a streamlined process for shorter notifications, called “declarations.” Declarations will not generally exceed five pages, and once received, CFIUS will have 30 days to take action. Such actions include requesting a formal notice, informing parties that the Committee cannot complete its review on the basis of a declaration, initiating a unilateral review or clearing the transaction. Most declarations will be voluntary, but FIRRMA grants CFIUS the authority to impose mandatory notification requirements for certain types of covered transactions involving critical technologies.

The pilot program establishes mandatory filings by written notice or declaration for transactions that fall within the scope of the pilot program. That is, if an investment by a foreign person (i) results in control of or the specified rights in a U.S. business that (ii) produces, designs, tests, manufactures, fabricates or develops one or more critical technologies (iii) in connection with a pilot program industry, the parties to the pilot-program-covered transaction are required to file a written notice or mandatory declaration notifying CFIUS of the transaction. This represents a significant change as, historically, filings have been ostensibly voluntary. There are also significant penalties associated with noncompliance with this requirement, discussed in detail below.

Content of Mandatory Declarations

Mandatory declarations are intended to serve as abbreviated versions of a written CFIUS notice. Per the interim pilot program regulations, mandatory declarations must include, inter alia:

  • information on parties to a transaction, the subject of the transaction and a brief description of the nature of the transaction and its structure, including the value of the transaction and what interests will be acquired
  • a statement as to whether a party to the transaction is stipulating that the transaction is a pilot-program-covered transaction; such a stipulation “would streamline certain aspects of CFIUS’s review of a declaration,” “potentially leading to a faster resolution for the submitting parties”
  • information about the Pilot Program U.S. Business’s activities, including critical technologies, as well as current and previous U.S. government contracts, grants and funding
  • information about the foreign person, its activities and its ownership structure, including an organizational chart of the foreign person and any parent entities
  • a description of all parties’ history with CFIUS

The Committee must take action on a declaration within 30 days of its receipt of the declaration from the CFIUS Staff Chairperson. During this time, CFIUS may request follow-up information from the parties submitting the declaration. The parties must provide information responsive to the request within two business days of the request or within a longer timeframe if the party or parties so request in writing and the Staff Chairperson grants that request in writing. If a party fails to answer within the specified time, the Committee may reject the declaration at any time.

For any noncontrolling investment, regardless of whether the Committee completes all action on the basis of a declaration or a written notice, the parties are not exempted from the requirement to file another declaration or notice for any subsequent or incremental investment or change in the rights of the foreign person that falls within the scope of the pilot program.4 Consistent with pre-FIRRMA regulations, controlling investments reviewed on the basis of a written notice will not require a subsequent filing for changes in the foreign person’s investment or rights.

Relevant Dates and Penalties

The pilot program does not affect any transaction

  1. completed prior to November 10, 2018, or
  2. for which, prior to October 11, 2018, (i) there is an executed binding written agreement, (ii) a party has made a public offer to shareholders to buy shares or (iii) a party has solicited proxies in connection with a board election.

For transactions covered by the pilot program, mandatory declarations must be submitted to CFIUS by

  1. November 10, 2018, if the completion date of the transaction is between November 10 and December 25, 2018, or
  2. 45 days before the completion date of the transaction, if the completion date of the transaction is after December 25, 2018.

Any party that fails to submit a mandatory declaration under the pilot program may be liable to the United States for a civil penalty not to exceed the value of the pilot-program-covered transaction.

Updated Regulations Implement Certain FIRRMA Provisions Already in Effect

Separately, CFIUS issued updated regulations formally implementing some of FIRRMA’s provisions. The updated regulations are effective as of October 11, 2018. Key updates:

  • Extension of review and investigation periods for written notices: The regulations formally extend the review periods for written notices.5 In accordance with FIRRMA, the initial review period is now 45 days. The default investigation period continues to be 45 days but may now be extended an additional 15 days in extraordinary circumstances.6

Stipulations as to CFIUS jurisdiction: The regulations allow parties submitting a written notice to stipulate that a transaction is subject to CFIUS jurisdiction and that the foreign party is a foreign-government-controlled entity.7 FIRRMA provides for the possibility that such a stipulation would streamline review of the written notice, but the regulations do not yet provide for any additional time limits placed on CFIUS review in these circumstances.

Changes to mitigation agreements: For all mitigation agreements entered into with CFIUS prior to October 11, 2018, parties are liable for violation of material provisions of said agreements only where the parties violated the agreement intentionally or through gross negligence. The new regulations remove the language “intentionally or through gross negligence” in the provisions allowing for the imposition of civil penalties for violations of CFIUS mitigation agreements without intent.8 That is, parties are strictly liable for any violation of a mitigation agreement entered into on or after October 11, 2018. The regulations also authorize the Committee to negotiate a remediation plan for lack of compliance with a mitigation agreement, require filings for future covered transactions or seek injunctive relief.9

Revised definitions: The new regulations revise the definitions of key terms to be consistent with FIRRMA.10