All questions

Overview

The United States has long favoured foreign investment and, historically, the US government has imposed few restrictions on foreign investment inflows.2 Scepticism about investment from China continues to be a notable – and bipartisan – exception to this general policy of openness to foreign investment.3 Foreign investment, however, is subject to review and remedial action on national security grounds by the Committee on Foreign Investment in the United States (CFIUS or the Committee). CFIUS's most recent piece of authorising legislation is the Foreign Investment Risk Review Modernisation Act of 2018 (FIRRMA). While notifying a transaction to CFIUS remains voluntary in most circumstances, FIRRMA created mandatory filing requirements for transactions involving certain types of US businesses and foreign investors. In addition to this general national security screening regime, the United States has some sector-specific limitations and review procedures that govern foreign investment in regulated industries.

Year in review

We highlight three important developments in the past year in this section. First, the Biden administration issued an Executive Order that endorsed and amplified CFIUS's national security risk policies. Second, CFIUS put investors on notice that it intends to start using its penalty authority more aggressively by issuing its first ever CFIUS Enforcement and Penalty Guidelines. Third, CFIUS clarified that 'springing rights' that vest only after CFIUS completes its review cannot be used as a workaround to the 30-day waiting period for mandatory filings.

i Biden administration confirms economic security is national security

CFIUS has broad discretion as to what constitutes a national security risk, and its review of transactions reflects broader US government policies with respect to national security risks posed by foreign investment. On 15 September 2022, President Biden signed Executive Order 14083 (the EO) directing CFIUS to take certain national security risk factors into consideration when analysing transactions.4 The EO did not change CFIUS's process or jurisdiction; rather, it reflects a formalisation in the CFIUS context of a broader US national security policy focus on economic security as a key driver of national security. The EO directs the Committee to consider risks to US technological leadership in specific areas and also makes clear that CFIUS has a role in addressing supply chain risks not only to the defence industrial base but also to areas that are important to economic security. It also instructs that transactions should be reviewed in the context of broader industry and investment trends to guard against longer-term risks to certain critical domestic capabilities. China is not mentioned by name in the EO, but, in a nod to CFIUS's persistent concern about China as a third-party threat in non-Chinese transactions, the phrase 'relevant third-party ties' appears 10 times. CFIUS was already factoring in these risks, but the EO effectively highlighted these considerations for transaction parties.

ii CFIUS issues enforcement and penalty guidelines

CFIUS can impose penalties for (1) failure to make a mandatory filing, (2) failure to comply with a CFIUS mitigation agreement and (3) making a material misstatement, omission or false certification to the Committee. Congress gave CFIUS the authority to impose penalties in 2008, but since then there have been only two publicly reported instances of CFIUS imposing penalties.5 This paucity of publicly reported enforcement actions has led some to question whether CFIUS had sufficient enforcement resources6 and motivated Congress to allocate money in FIRRMA to building out CFIUS's monitoring and enforcement capabilities. After several years of staffing up, on 10 October 2022, CFIUS issued its first ever Enforcement and Penalty Guidelines (the Guidelines).7 The Guidelines reflect factors that are common sense and generally consistent with enforcement guidelines under other similar regulatory schemes (e.g., self-report violations, remediate where possible and never try to hide the ball, etc.). However, more notable than what the Guidelines say is what they portend. Having put the investment world on notice, CFIUS will very likely ramp up enforcement in the coming years. CFIUS officials have indicated that they have issued penalties over the past year that have not yet been publicly reported. They expect to periodically publish information about penalty actions that CFIUS has taken to impress upon investors that CFIUS compliance is not optional.

iii Springing rights are no longer a viable solution to mandatory filing timing challenges

If a filing is mandatory, CFIUS requires that it be submitted 30 days before the 'completion date' of the transaction. In instances involving minority investments, particularly where time is of the essence, investors have sometimes elected to separate their economic interest from governance rights, closing on the investment but delaying the grant of rights until after CFIUS clears the transaction (what is sometimes referred to as a springing rights structure). Previously, it was generally believed that this was consistent with the required 30-day waiting period for mandatory filing because the rights that would grant CFIUS jurisdiction in the first instance would not attach until after CFIUS had concluded its review (and might not attach at all if CFIUS elected to impose mitigation that, effectively, prevented the investor from holding such rights). However, CFIUS has posted an FAQ on its website making clear that the closing even on the economic interest is subject to a 30-day advance notification requirement, even if the governance rights are made contingent on CFIUS clearance.8 This clarification has no impact on the use of springing rights in the context of a voluntary filing, which has no required waiting period.

Foreign investment regime

This section sets out the main details of the US national security review regime administered by CFIUS.

i Policy

US policy favours an open investment environment. Indeed, the 'sense of Congress' provision in CFIUS's authorising legislation states as follows:

foreign investment provides substantial economic benefits to the United States . . . [and] it should continue to be the policy of the United States to enthusiastically welcome and support foreign investment, consistent with the protection of national security.9

With the exception of the Trump administration, successive US adminstrations have strongly endorsed the United States's traditional open investment policy.10 While qualified by a reference to CFIUS reviewing transactions to ensure the protection of national security, President Biden pledged his 'administration's commitment to ensuring that the United States remains the most attractive place in the world for businesses to invest and grow'.11

The restrictions that the United States has imposed on foreign investment have been tailored to achieve primarily non-economic policy objectives, generally relating to national security. Significantly, the US foreign investment regime does not subject investments to an economic benefit test and, with limited exception, does not predicate jurisdiction on the national origin of the foreign investor. However, widely held policy concerns over US innovation, economic competitiveness and supply chain security have led to a blurring of the lines between the concepts of economic security and national security.12 Thus, far from being an idiosyncratic quirk of the Trump administration, the view that 'economic security is national security' appears to be both enduring and bipartisan.

ii Laws and regulations

The US national security review process for foreign investment is governed by Section 721 of the Defense Production Act and is generally referred to as 'the CFIUS process' after the interagency body that administers it. CFIUS is composed of nine voting members: Treasury (its chair), the White House's Office of Science and Technology Policy, the US Trade Representative and the Departments of Commerce (Commerce), Defense, Energy, Homeland Security, Justice and State. The Department of Labor and the Office of the Director of National Intelligence are ex officio non-voting members. Other executive branch agencies may be temporarily added as voting members on a case-by-case basis (e.g., the US Department of Agriculture might be added in an agribusiness transaction).13

Transaction parties will interact mostly with Treasury before and during a review, as Treasury manages the overall process, maintains the web portal that parties use to submit filing documents (the Case Management System or (CMS)) and communicates CFIUS's findings and decisions to the transaction parties on behalf of CFIUS. However, the lead agencies (namely, those with the strongest equities) will co-lead on substance, including negotiation of mitigation terms if warranted.

iii Scope

CFIUS reviews foreign investment in the United States for risks to national security. Its authorising legislation provides examples of national security issues that CFIUS may consider, but it does not provide a statutory definition of national security except to clarify that it includes homeland security and critical infrastructure.14 CFIUS has the authority to review three types of transactions (collectively referred to as 'covered transactions'):

  1. covered control transactions;
  2. covered investments; and
  3. covered real estate transactions.

Pure greenfield investments are excluded from CFIUS's jurisdiction. In foreign-to-foreign transactions, CFIUS can assert jurisdiction over any US businesses involved in the transaction, but its ability to require mitigation remedies or recommend prohibition will be limited, at least practically, to US businesses.

A key concept for understanding CFIUS's jurisdiction is the definition of a technology, infrastructure or data (TID) US business. Under CFIUS's regulations, a TID US business is one that:

  1. produces, designs, tests, manufactures, fabricates or develops one or more critical technologies;
  2. performs certain functions relating to critical infrastructure products or services; or
  3. maintains or collects, directly or indirectly, sensitive personal data (SPD) of US citizens.15

Critical technology is defined as any technology that is controlled for export under specified provisions of law and regulation or designated by Commerce as an emerging or foundational technology.16 CFIUS defines critical infrastructure through reference to specific functions relating to enumerated categories of products and services that are so vital that their incapacity or destruction would have a debilitating impact on national security.17

SPD is any:

  1. identifiable data maintained or collected by a US business that (1) targets or tailors products or services to any executive branch agency or military department with intelligence, national security or homeland security responsibilities or (2) has maintained or collected, or has a demonstrated business purpose to collect, specified types of data from more than one million individuals; or
  2. genetic data.18
iv Covered control transaction

A covered control transaction is any transaction that results in a foreign person obtaining direct or indirect control over a US business. CFIUS eschews bright line definitions of control, instead defining it as:

the power, direct or indirect, whether or not exercised, through the ownership of a majority or a dominant minority of the total outstanding voting interest in an entity . . . to determine, direct, or decide important matters affecting an entity.19

Consequently, CFIUS may find that a minority shareholder has 'control' if it possesses certain negative rights (e.g., the ability to veto board decisions). Control jurisdiction is not dependent on the industry or other characteristics of the US business, only that the transaction results in foreign control of the US business.

v Covered investments

A covered investment is a non-controlling direct or indirect investment by a foreign person, other than an excepted investor,20 in an unaffiliated TID US business that affords the foreign person:

  1. access to any material non-public technical information;
  2. board membership or observer rights; or
  3. any involvement, other than through voting of shares, in substantive decision-making of the TID US business regarding its critical technology, critical infrastructure products and services, or SPD.21

Thus, whereas control jurisdiction is not dependent on the nature of the US business, covered investment jurisdiction can apply only where the US business is a TID US business.

vi Covered real estate transactions

A covered real estate transaction is the purchase, lease or concession to a foreign party of 'covered real estate', whether proposed or completed. Covered real estate is as follows:

  1. real estate that 'is located within, or will function as part of, a covered port'; and
  2. real estate in close proximity to a US military installation or other property owned by the US government that 'is sensitive for reasons relating to national security'.22

For some installations, this latter proximity-based jurisdiction is triggered if the real estate is within one mile of the installation. In other instances, it is triggered if it is within 100 miles of the installation. Real estate within US census-designated 'urban clusters' and 'urban areas' is exempt from this proximity-based jurisdiction. Covered real estate transactions are distinguished from CFIUS's other two prongs of jurisdiction, in that the real estate need not constitute a US business to be covered. Thus, a greenfield business may not trigger covered control or covered investment jurisdiction, but it could trigger real estate jurisdiction.

In May 2023, Treasury proposed a rule that would add eight new military installations to Part 2 of Appendix A to 31 CFR Part 802, which contains the List of Military Installations and Other US Government Sites that can trigger CFIUS-covered real estate jurisdiction. This update was likely in response to controversy over CFIUS's determination that it did not have jurisdiction over the acquisition of land near Grand Forks Air Force Base in North Dakota by Chinese-owned Fufeng Group (Grand Forks Air Force Base is among the eight new facilities).23

vii Mandatory versus voluntary screening

Filing with CFIUS remains voluntary for most transactions. However, FIRRMA created two categories of mandatory filings (excepted investors, however, are not subject to mandatory filing requirements, see footnote 20). The first is a covered transaction, whether a covered control transaction or a covered investment, that results in the acquisition of a substantial interest in a TID US business by a foreign person in which the national or subnational governments of a single non-excepted foreign state have a substantial interest.24 The second is a covered transaction – irrespective of government ownership – involving a TID US business that produces, designs, tests, manufactures, fabricates or develops one or more critical technologies for which a US regulatory authorisation (i.e., an export licence) would be required to export the subject critical technology to the foreign investors, including certain entities in the ownership chain.25 Eligibility for any of three enumerated export licence exceptions, prior to consummating the transaction for items controlled under the Export Administration Regulations, provides an exemption to the critical technology mandatory regime.26 Failure to make a mandatory filing can result in a fine up to the value of the transaction, with buyer, seller and target bearing liability.27

If a transaction is not subject to a mandatory filing requirement, the parties must decide whether to voluntarily notify the transaction to CFIUS. The carrot for filing voluntarily is that if CFIUS reviews and clears the transaction with 'no unresolved national security concerns', the transaction receives safe harbour and cannot be rereviewed by the CFIUS except under limited circumstances relating to misstatements or omissions or failure to comply with clearance conditions. The stick is CFIUS's indefinite authority to use its call-in powers to review any covered transaction that it has not cleared with safe harbour ('non-notified transactions') and take the full range of mitigating actions, including the recommendation that the President suspend or prohibit the transaction.28

The decision to file voluntarily is thus a matter of risk tolerance that is generally informed by whether CFIUS is likely to use its call-in powers and, if it does, whether it is likely to take remedial action that might threaten to undermine the parties' commercial objectives for the transaction. The likelihood of CFIUS using its call-in powers and taking remedial action is inextricably linked to how it understands and assesses national security risk. CFIUS analyses national security risk using three variables:

  1. threat is the intent and capability of a foreign person to take action to impair national security;
  2. vulnerability is the extent to which the nature of the US business presents susceptibility to impairment of national security; and
  3. consequence is the effect on national security that could reasonably result from exploitation of identified vulnerabilities by a threat actor.29

A threat does not require or imply a vulnerability, and vice versa. For example, a deal involving a non-threatening investor may pose a risk if the US business is a highly vulnerable supplier of a critical defence component, whereas a transaction involving an investor not seen as entirely trustworthy may pose little to no risk because the US business has no exploitable vulnerabilities.

Considerations other than national security risk sometimes also factor into transaction parties' decision to file, including:

  1. the size of a transaction and amount of publicity that it is likely to attract;
  2. whether the parties are making other regulatory filings with individual committee members that might result in the transaction being identified;
  3. eliminating the risk of a call-in of a large or particularly significant deal; and
  4. building or maintaining a positive reputation with CFIUS.
viii Procedures

There are two types of CFIUS filings: a long-form 'notice' and a short-form 'declaration'. Parties may elect either regardless of whether filing voluntarily or on a mandatory basis. The mandatory filing obligation is satisfied by the submission of a filing not later than 30 days before closing (see Section II for a discussion of how this 30-day period interacts with springing rights).

Both types of filing are submitted to CFIUS using Treasury's CMS web portal and, once in process, CFIUS has the authority to submit supplemental requests for information that must be answered, absent extension, within two business days for a declaration or three business days for a notice, with failure to submit the response by the regulatory deadline constituting grounds for rejection of the filing. CFIUS can also reject a filing if it identifies material misstatements or omissions during its review. Once submitted, parties may withdraw a filing only with CFIUS's permission. The type of filing has an impact on the timing of the review, the range of possible administrative outcomes and the filing fee assessed by CFIUS. Parties should consider the benefits and drawbacks of each type of filing in the context of the timing and complexity of the transaction.

In the case of a submission of either a notice or a declaration, if CFIUS determines that the transaction is not a covered transaction (i.e., it is not subject to CFIUS jurisdiction), CFIUS will inform the parties of this determination and terminate the process. If CFIUS determines that it does have jurisdiction and clears the transaction, the parties will receive safe harbour for the transaction as filed, though safe harbour would not necessarily cover future additional investments or changes in investor rights.

ix Notice

Parties are encouraged to submit a draft notice and engage in a pre-notification period prior to submission of a final notice. This is why this form is used most often for complex transactions. Once a notice is accepted as complete, a 45-day review period begins. At the end of this period, CFIUS must either issue a clearance letter or initiate the 45-day investigation. In 2022, slightly more than half of covered transactions that were filed as notices required investigation.30 If CFIUS cannot conclude action by the end of the investigation period, by operation of law, the case enters a 15-day presidential review period within which the President must make a final decision.31 A complete, properly filed notice results in one of three outcomes:

  1. CFIUS concludes action (with or without mitigation) and grants the transaction safe harbour;
  2. CFIUS makes a recommendation to the President to suspend or prohibit the transaction or otherwise seek a decision from the President, and the President (1) prohibits the transaction, (2) conditionally prohibits the transaction (e.g., prohibits the transaction if the parties do not reach an agreement with CFIUS that meets certain criteria) or (3) announces that he or she will not take action (which grants safe harbour to the transaction); or
  3. the parties withdraw their notice and abandon the transaction. If time is running out in the 45-day investigation period and the transaction parties need additional time to continue discussions with CFIUS (e.g., regarding mitigation remedies), the parties can seek CFIUS's permission to voluntarily withdraw and refile the transaction, which will restart the CFIUS clock.

Filing a notice is most likely to be beneficial for parties that need safe harbour to satisfy a contractual term or anticipate that a transaction will require mitigation. Additionally, if a transaction is particularly complex or the foreign investor is unfamiliar to CFIUS, a notice is generally more suitable than a declaration. A notice also requires a filing fee calculated based on the overall transaction value.32

x Declaration

Submitting a declaration initiates a 30-day assessment period, after which CFIUS can:

  1. request that the parties submit a full notice so that it can continue its review;
  2. issue a no-action letter informing the parties that it was unable to conclude action and that, while it is not requesting a full notice, it reserves the right to do so in the future;
  3. unilaterally initiate a review; or
  4. clear the transaction with safe harbour.

Declarations are generally more suitable for transactions where (1) the foreign investor is known to CFIUS and has a successful filing record and (2) the transaction is not overly complex in terms of either structure (e.g., one direct acquirer versus a multi-fund consortium), subject matter (e.g., an established technology versus an emerging technology) or national security considerations (e.g., few or no defence contracts).

There are three main benefits of filing a declaration. The first is timing. In addition to the shorter review timeline, declarations generally require less pre-filing coordination with CFIUS (e.g., no draft). Second, declarations generally require less information than a full notice. Finally, declarations do not incur a filing fee. The main risk of a declaration is CFIUS requesting a full notice at the end of its review, in which case the parties will have added an additional 30 days on to what might be a 90-day notice process. In the event of a no-action letter, transaction parties will have to determine whether they are comfortable closing with the possibility of CFIUS requesting a filing or whether they want to voluntarily file a notice to get the assurance of safe harbour.

xi Prohibition and mitigation

Negotiated mitigation agreements and imposed orders are CFIUS's primary tools for mitigating national security risks. In 2022, approximately 18 per cent of notices that CFIUS reviewed required mitigation measures.33 CFIUS has broad discretion to implement whatever mitigation measures that it deems necessary, as long as they are supported by its risk-based analysis and do not duplicate the parties' obligations under otherwise already applicable law. Additionally, if CFIUS preliminarily identifies an ongoing risk to national security, it can impose an interim mitigation order that remains in effect until it concludes action, including through an order precluding closing pending completion of the CFIUS review.34 Potential mitigation terms include, for example, limiting transfer of certain intellectual property, establishing guidelines relating to US customer information, providing that only US citizens will conduct certain activities, notifying customers of the change in ownership composition, erecting firewalls or other security protocols, or requiring divestiture of select assets or businesses.35 In high-risk transactions that do not rise to the level of a prohibition, CFIUS may require passivity measures and limitations on governance, such as a proxy board. Violation of a CFIUS mitigation order or agreement can result in civil monetary penalties of up to the value of the transaction, damages or reopening of the review and imposition of further remedies.

If CFIUS identifies a risk requiring mitigation remedies, transaction parties should expect to receive a written communication from Treasury specifying the contours of measures that would resolve CFIUS's concerns. CFIUS may or may not provide insight into the specific nature of or basis for its concerns. CFIUS is generally willing to negotiate with parties over mitigation terms to ensure that the agreement will be effective over the long term and will not undermine the transaction. If CFIUS and the transaction parties are unable to reach a negotiated agreement, CFIUS can impose mitigation terms or recommend that the President suspend or prohibit the transaction.

Prohibiting or suspending a transaction is the sole, non-delegable authority of the President.36 If CFIUS concludes that it is unable to mitigate a risk arising from a transaction, it will inform the transaction parties of its conclusion in writing and state that it is prepared to make a recommendation to the President. At this stage, many parties will request CFIUS's permission to withdraw and abandon the transaction rather than have it be sent to the President for a decision. The President's decision is publicly announced, whereas the government is otherwise generally prohibited from disclosing information about proceedings before CFIUS. To suspend or prohibit a transaction, the President must find credible evidence that a foreign interest might take action that threatens to impair the national security and that other laws do not, in the President's judgement, 'provide adequate and appropriate authority' to protect that national security.37 Only seven transactions have been prohibited by presidential order, although many more have been withdrawn and abandoned in lieu of a prohibition.38

CFIUS has no administrative appeals process, and the President's findings and decision to suspend or prohibit a transaction are statutorily exempt from judicial review.39 The US Court of Appeals for the District of Columbia has held, however, that the statutory bar on judicial review of the President's findings did not preclude a challenge on due process grounds.40

Sector-specific requirements

i Prohibited sectors

Foreign investors generally are not prohibited from investing in any sectors of the US economy, although there are some sector-specific restrictions discussed below.

ii Restricted sectors

Separate from the CFIUS process, there are a few sector-specific regulatory regimes with oversight or restrictions on foreign investment. In many cases, these sectors also subject domestic investors to similar restrictions, for example requiring a licence to operate. Federal limitations and restrictions on foreign investment focus on sectors that involve public interest and public services.

iii Aviation

Foreign investment in the US airline industry is heavily restricted and is subject to control by the US Department of Transportation (DOT). There are domestic ownership requirements with respect to the issuance of aircraft registrations41 and air carrier certificates of public convenience and necessity.42 Overall foreign ownership of air carriers is capped at 25 per cent of the voting interests. Air carriers must also be under 'actual control' of US citizens.43 Minority investments under the 25 per cent ownership limit are not allowed if actual control is with any foreign owner. When evaluating whether a corporation is under the actual control of US citizens, the DOT considers factors such as any foreign owner's involvement in management and business decisions and its influence and control over the board of directors.

iv Banking

The US banking industry is heavily regulated at both federal and state level.44 Federal laws generally do not restrict foreign ownership or control of US banks, but the establishment or acquisition of a bank, branch, agency or commercial lending subsidiary in the United States by a foreign entity may be subject to review by federal or state regulators, including the Federal Reserve Board (FRB).45 Furthermore, under the Bank Holding Company Act (BHCA),46 FRB approval is also needed to operate as a bank holding company (BHC)47 or to acquire more than 5 per cent of the voting securities of a US bank or BHC.48 The FRB evaluates several factors when reviewing a foreign bank's application under the BHCA, including financial stability, competition, public convenience and whether the authorities in the foreign bank's home country exercise comprehensive consolidated supervision.49

v Communications

The Federal Communications Commission (FCC) is tasked with reviewing and authorising all radio and television broadcasting licences. The Telecommunications Act of 1996 restricts foreign governments and government representatives from holding various licences, including broadcast and common carrier licences.50 Furthermore, foreign ownership of FCC licensees is capped in certain instances or may result in a licence being withheld or revoked (or both capped and withheld or revoked).51 Team Telecom – formally known as the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector – provides input on the national security implications of foreign ownership and investment.52

vi Energy

Federal and state law heavily regulates energy resources in the United States. Under the federal Mineral Lands Leasing Act (and other laws), only US citizens and corporations organised under US law may obtain particular mineral, gas and oil leases, although there are exceptions if the investor's home country extends similar privileges to US citizens and companies.53

Under the Atomic Energy Act, a nuclear facility licence may not be acquired by an alien or corporation owned, controlled or dominated by an alien, foreign government or foreign corporation.54 The Nuclear Regulatory Commission has issued guidelines for determining whether an alien, foreign government or foreign corporation owns, controls or dominates a licence applicant.55 According to these guidelines, an applicant that is partially owned by a foreign entity may be eligible for a licence if it imposes certain conditions on the foreign investor, such as limiting nuclear material handling to US citizens.56

vii Shipping

Shipping between ports in the United States is limited to US-built, owned and registered vessels, with few exceptions.57 Only statutorily eligible entities can obtain a registration from the US Coast Guard to engage in this activity,58 and a registration generally is limited to US citizens or entities in which US citizens hold at least 75 per cent of the interests.59

Typical transactional structures

Briefly set out below are typical corporate structures and transactions pursuant to which a foreign investor may enter the US market. A series of state and federal laws govern investment of this kind. Generally, foreign investors are subject to the same corporate legal requirements and are required to follow the same corporate formalities as domestic investors.

i Choice of structure for new entities

Regulation on the formation, operation or dissolution of any structure is governed by state law, so foreign investors should be familiar with the laws of their respective jurisdictions. Foreign investors typically choose to incorporate in Delaware because its law is straightforward and well established. The choice of structure (e.g., corporation, partnership or limited liability company) is generally driven by tax and liability consequences and does not turn on whether the investor is foreign or domestic.

ii Acquisition of a majority or minority stake

Generally, there are no restrictions prohibiting a foreign investor from taking a majority or minority stake in, or acquiring 100 per cent of, a US private corporation or other legal entity, other than with respect to those entities operating in specific regulated sectors, as discussed in Section IV. Foreign investors need comply only with the laws that would be applicable to acquisitions by domestic investors (e.g., merger control laws).

iii Mergers

There are two primary methods of acquiring a company in the United States that are available to domestic and foreign investor alike: a stock acquisition directly from the stockholders or a merger. For public company acquisitions (and some private companies) where the stock is widely held by a disparate group of stockholders, an acquirer typically will use one of two methods: a tender offer followed by a squeeze-out merger (a 'two-step' process) or calling a stockholder vote to approve a merger (a 'one-step' process).

iv Asset acquisition

If an investor seeks to acquire certain or all the assets of a US target, in most cases, the law governing that acquisition generally will be the law of the contract and the law of the state in which the assets reside. Certain acquisitions of material assets, or all or substantially all a company's assets, may require stockholders' approval (and therefore be governed by the federal securities law and proxy rules) for certain public companies. No unique legal requirements govern the acquisition of assets by foreign investors and generally there are no restrictions on ownership by foreigners of US real property (except for certain restrictions on agricultural land and mineral lease rights).

Other strategic considerations

US policy has been focused in the recent term on addressing the perceived threat presented by Chinese technological advancement. That policy consideration, in particular, has resulted in a government-wide approach to shoring up laws and aggressively using existing authorities to block Chinese access to US technology, markets and money, and to ween critical US supply chains off their reliance on Chinese inputs. This effort reached far beyond the US national security review process to include restrictions on Chinese company access to US capital markets and restrictions on deploying certain Chinese components in the United States, in particular in the telecommunications industry. However, this policy has had a number of implications for the national security review process as well. For example, CFIUS often scrutinises the national security risks that China can pose as a third-party threat actor in transactions that do not directly involve a Chinese company, that is by exploring the commercial links that the non-Chinese acquiring person has with China and the vulnerabilities to China. Indeed, as discussed in Section II, President Biden's CFIUS EO makes repeated reference to threat posed by transaction parties' 'relevant third-party ties'. As a result, not only has direct Chinese investment in the United States come under greater scrutiny but so also have the ties that companies have to China. Additionally, the US government has sought greater cooperation and convergence with certain allied governments on the common threats they face (including China) and how to use foreign investment screening tools effectively to address such threats. This has allowed CFIUS to effectively extend its authority by tapping into enforcement mechanisms outside its jurisdiction, for example by working with an allied nation that might have a greater equity, jurisdictional basis or enforcement mechanism.

Outlook

The Biden administration has made clear that it intends to build out the US regulatory infrastructure to manage evolving national security risks and to maintain the US edge in technology. This will likely result in the continued blurring of the concepts of national security, economic security and supply chain security, as well as the attendant expansion of the number and variety of technologies and products that get swept up under the growing web of US investment security regulations. We expect this to manifest in three ways over the coming year.

First, strategic competition with China will continue to suffuse all aspects of investment security, particularly in regard to key technologies viewed as the essential building blocks of US technological (and thereby military and economic) competitiveness. The Biden administration's October 2022 National Security Strategy (NSS) identified geopolitical competition as one of the principal challenges that the United States faces, with China being 'the only competitor with both the intent to reshape the international order and, increasingly, the economic, diplomatic, military, and technological power to do it'. A key strategy to address the geopolitical challenge, according to the NSS, is to ensure that 'strategic competitors cannot exploit foundational American and allied technologies, know-how, or data to undermine American and allied security'.60 President Biden's National Security Advisor, Jake Sullivan, identified these foundational technologies in a September 2022 speech. Three 'families of technologies', he argued, will be force multipliers, the 20 per cent of technologies that will determine 80 per cent of success: (1) computing-related technologies, including microelectronics, quantum information systems and artificial intelligence (AI); (2) biotechnologies and biomanufacturing; and (3) clean energy technologies. Foreign investors involved in these and other key technologies will have to be increasingly cognisant of their commercial footprint in China if they wish to continue investing largely unimpeded in the United States.61

Second, the drive to secure and strengthen US supply chains will intensify. For example, shortly after taking office, President Biden issued an Executive Order directing the assessment and steps to strengthen the resilience of supply chains relevant to ensuring US 'economic prosperity and national security', covering semiconductors, high-capacity batteries, critical minerals and pharmaceuticals and, more generally, supply chains for the defence industrial base, public health and biological preparedness industrial base, information and communications technology industrial base, energy sector industrial base, and for production of agricultural commodities and food products.62

The concept of supply chain security will also continue to grow to encompass a wider range of products and services. For example, within months of taking office, the Biden administration allowed a Trump-era rule giving Commerce the authority to block or impose conditions on certain information and communications technology or services (ICTS) transactions with so-defined foreign adversaries to go into effect (the ICTS Rule). On 16 June 2023, Commerce published a final rule, implementing President Biden's 2021 Executive Order on Protecting Americans' Sensitive Data from Foreign Adversaries and amending the ICTS Rule.63 The amendments centre on definitions relating to 'connected software applications', which fall under the ICTS Rule and could be read as targeting apps such as TikTok and WeChat under the auspice of supply chain security. One reason both the Biden and Trump administrations may have seen it necessary to stretch the concept of supply chain security to include products that would not generally be considered to be part of national security-related supply chains, such as mobile apps, is that the United States lacks a comprehensive data protection regime (e.g., the General Data Protection Regulation), and the definition of supply chain is capacious enough that it can act as a sort of catchall for risks not addressed by existing authorities (e.g., CFIUS). The problem, of course, is that when everything is supply chain security, the concept begins to lose both meaning and focus. To wit, as at the time of writing this chapter, over two years after letting the ICTS Rule go into effect, Commerce still has not created a mechanism for companies to seek preclearance of covered ICTS transactions.64

Third, outbound investment restrictions are right around the corner. On 9 August 2023, President Biden issued Executive Order 14105, Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern (the Outbound Investment Order),65 which prohibits investments by US persons in Chinese companies or Chinese-owned companies as defined that are involved with certain technologies, and creates a notification requirement for others, in either case without a case-by-case US government review. The Treasury Department published an advance notice of proposed rulemaking66 to seek public comment on future regulations to operationalise the Outbound Investment Order. Sectors slated for prohibition include those involving leading-edge integrated circuit (IC) design and production, electronic design automation, manufacturing equipment and supercomputers. Transactions involving quantum information technology, such as quantum computers and components; quantum sensors for military, intelligence or mass surveillance purposes; and quantum networking and communication systems for secure communications are also slated for prohibition. It is contemplated that transactions involving AI products for military, intelligence or mass surveillance end uses will fall under the prohibition as well. Activities proposed for notification requirements include IC design and production that is not otherwise prohibited within the semiconductors and microelectronics sector and AI in products for cybersecurity applications, robot control, surreptitious listening and non-cooperative location tracking. The proposed regime would cover equity, convertible debt, greenfield, joint ventures, private equity and venture capital transactions. Investments in publicly traded securities, index or mutual funds and limited partnerships that meet certain criteria are proposed not to be covered. The proposed regulations would impose obligations on US persons (1) to ensure that their controlled foreign entities do not and (2) to avoid directing foreign persons to engage in transactions a US person would be prohibited from engaging in under the regulations. The requirements applicable to outbound investment will not become effective until the implementing regulations are finalised.