On September 15, 2022, the Biden Administration issued a new executive order (“EO”) and accompanying fact sheet, designed to sharpen the current U.S. foreign investment screening process as administered by the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”).  This EO is the first to specifically identify certain additional national security factors for CFIUS to consider when evaluating transactions involving foreign investors.
While the EO does not expand the jurisdiction of CFIUS or establish new requirements, the EO formally directs CFIUS to focus on transactions that could give foreign parties access to U.S. technologies, data, or critical supply chains that the Biden Administration has identified as important for maintaining U.S. economic and technological edge. The EO does not mention any specific country, but underscores the threat posed by inbound investments “involving foreign adversaries or other countries of special concern,” which may appear to be only economic transactions for commercial purposes but could “actually present an unacceptable risk to United States national security due to the legal environment, intentions, or capabilities of the foreign person, including foreign governments involved in the transaction.” 
The View from Washington
CFIUS has been increasingly relied upon in recent years by the Obama, Trump, and now Biden Administrations as a tool to prevent foreign investment that poses a national security risk, often emanating from either Chinese or Russian parties. What CFIUS has determined to be a national security risk has varied broadly, ranging from the potential theft of American emerging technologies, to control of critical infrastructure, and to access to large quantities of U.S. persons’ data.
The EO is another step in formalizing the capabilities of CFIUS to mitigate such risk. A senior Biden Administration official noted that the goal of the EO is to prevent exploitation by foreign parties of the U.S.’s “open investment ecosystem to further their own national security priorities in ways that are directly contradictory to [U.S.]” values and interests.  Janet Yellen, the U.S. Secretary of the Treasury (“Treasury”) and chair of CFIUS, echoed the same message, noting that the EO “reaffirms CFIUS’s mission to protect America’s technological leadership and the security of our citizens’ sensitive data from emerging threats.” 
Background on CFIUS
CFIUS is an inter-agency committee chaired by the U.S. Department of the Treasury, that has the broad authority to review in-bound foreign investment in the United States for national security considerations. Other members include, among others, the U.S. Departments of Defense, Energy, Justice, Commerce, and Homeland Security.
CFIUS operates pursuant to Section 721 of the Defense Production Act of 1950 (the “CFIUS Statute”), most recently amended by the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”), which identifies various national security factors that CFIUS ought to consider when reviewing a specific investment transaction. The list in the CFIUS Statute is not exhaustive; CFIUS has the authority to consider any national security risks that it deems appropriate and has broad discretion in defining what constitutes a national security risk.
The CFIUS Statute also gives the President the authority to identify any additional factors that the President would like the Committee to take into consideration. This EO, the first EO directed at CFIUS since the Committee’s establishment in 1975, is the first to formally do so. The EO is not meant to supplant or change any of the existing CFIUS processes or legal jurisdiction but is instead meant to be used in conjunction with the national security factors already set out in the CFIUS Statute.
The Factors Identified in the EO
The EO elaborates on two existing factors listed in the CFIUS Statute and directs CFIUS to consider three additional sets of factors.
Elaboration on Two Existing Statutory Factors
First, the EO expands on two factors currently enumerated in the CFIUS Statute: (1) the resilience of critical supply chains; and (2) U.S. technological leadership.
- The Resilience of Critical Supply Chains: When assessing the effect of foreign investment on domestic capacity to meet national security requirements, the EO directs CFIUS to evaluate a given transaction’s effect on the resilience of critical U.S. supply chains that may have national security implications (e.g., supply disruptions of critical goods and services), including those outside of the defense industrial base. This requires a consideration of (i) the degree of diversification through alternative suppliers across the supply chain, including suppliers located in allied or partner countries is possible; (ii) supply relationships with the U.S. government; (iii) the concentration of ownership or control by the foreign person in a given supply chain; and (iv) any ties third-party ties of the acquirer. The EO identifies certain manufacturing capabilities, services, critical mineral resources, and technologies that are fundamental to the United States as critical to supply chain resilience and security.
- U.S. Technological Leadership: When assessing the potential effects of a proposed transaction on U.S. technological leadership, the EO directs CFIUS to evaluate a given transaction’s effect on areas affecting U.S. national security, including potential future advancement and technological applications, providing the examples of microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy (such as battery storage and hydrogen), climate adaptation technologies, critical materials (such as lithium and rare earth elements), elements of the agricultural industrial base that have implications for food security, and any other sectors identified in section 3(b) or section 4(a) of Executive Order 14017 that discussed supply chains. Similar to above, CFIUS will also consider any ties by the acquirer to any third parties.
CFIUS’s regulations do currently emphasize certain types of sensitive export-controlled “critical technologies”, but the EO provides for a much broader category of technologies for CFIUS to focus on. The EO also directs the White House Office of Science and Technology Policy (“OSTP”), a member of CFIUS, to periodically publish a list of technology sectors, include those identified herein, that it assesses are fundamental to U.S. technological leadership in areas relevant to national security for CFIUS reference.
Additional Three Factors to be Considered
In addition to expanding on the two existing factors above, the EO also identifies three additional factors for CFIUS to consider:
1. Industry Investment Trends: This consideration includes investments by a foreign person in a sector or technology that may appear to pose a limited threat when viewed in isolation, but when viewed in the context of previous transactions (e.g., multiple acquisitions in the same sector), reveal that such investments could facilitate sensitive technology transfer in key industries or otherwise harm national security. For example, if the same foreign investor is acquiring multiple U.S. businesses in the same sector or related sectors thus consolidating a stronger position. The EO also gives CFIUS the authority to request from the U.S. Department of Commerce’s International Trade Administration a report of the industry or industries in which the target U.S. business operates, and the cumulative control of, or pattern of recent transactions by a foreign person in that sector or industry.
2. Cybersecurity Risks: This factor includes investments by foreign persons with the capability and intent to conduct cyber intrusions or malicious cyber-enabled activity that threatens national security (e.g., interference with U.S. elections or sabotage of critical energy infrastructure including smart grids).It focuses on whether a given transaction may provide a foreign person, or their relevant third-party ties, with access to conduct such activities, in addition to the cybersecurity posture, practices, capabilities, and access of all parties to the transaction that could allow a foreign person, or their a third-party, to manifest such activities.
3. Risks to U.S. Persons’ Sensitive Data: While the CFIUS regulations implementing FIRRMA already included evaluation of a targeted U.S. business’ collection and maintenance of “sensitive personal data,” this factor reinforces CFIUS’s current practice of evaluating whether a given transaction involves a U.S. business that has access to the sensitive data of U.S. persons, and whether the foreign investor has, or the parties to whom the foreign investor has ties, have sought or have the ability to exploit such information to the detriment of national security, including through the use of commercial or other means. Of particular note is identification data that can be used for surveillance, tracing, tracking and targeting of U.S. persons.
Direction to Continually Review Practices
In addition to the five factors above, the EO emphasize the importance of continuous improvements to the foreign investment review process and directs CFIUS to continually review its regulations, processes and practices as the national security landscape evolves. The EO also instructs that CFIUS shall periodically provide a report to the Assistant to the President for National Security Affairs a report documenting the results of CFIUS’s review.
- The EO formalizes factors – supply chains, critical technologies, industry control, cybersecurity, and personal data – that CFIUS has already been intensely focused on over the past few years, especially with respect to Chinese and Russian investments.
- Even though there is no specific country mentioned in the EO, there has been increasing concern in the U.S. about Chinese access to U.S. technology, manufacturing, and personal data.
- The formalization of CFIUS comes at a time when other U.S.-allied countries are implementing their own foreign direct investment regimes as well, driving the need for foreign investors to determine whether a CFIUS (or another foreign investment) filing is required or warranted.
- It is possible that CFIUS may utilize this new EO as a potential pretext to reach out about prior transactions not previously filed with CFIUS (i.e., “non-notified transactions”).
- By publicly highlighting the issues that the President and CFIUS see as emerging threats, the EO will provide guidance and transparency for both U.S. businesses and foreign entities when deciding whether to undertake a particular transaction or investment, in a manner that has otherwise been private.