HIGHLIGHTS:

  • The U.S. Senate agreed on Nov. 16, 2017, to a conference report with respect to H.R.2810 – National Defense Authorization Act for Fiscal Year 2018. The bill provides for a review regarding the applicability of Foreign Ownership, Control or Influence (FOCI) requirements of the National Industrial Security Program (NISP) to national technology and industrial base companies.
  • Within Section 1712, the bill would provide statutory authority to the U.S. Secretary of Defense to maintain a list of eligible companies for exemption from FOCI mitigations (FOCI Whitelist).
  • If the program is thoughtfully implemented, it is expected that many cases will present opportunities to review foreign investments from a new perspective, and result in an increase in international collaboration beneficial to U.S. national security.

The U.S. Senate agreed on Nov. 16, 2017, to a conference report with respect to H.R.2810 – National Defense Authorization Act for Fiscal Year 2018. Section 1712 of this version of the bill provides for a review regarding the applicability of Foreign Ownership, Control, or Influence (FOCI) requirements of the National Industrial Security Program (NISP) to national technology and industrial base companies. Within that section, the bill would provide statutory authority to the U.S. Secretary of Defense to maintain a list of eligible companies for exemption from FOCI mitigations (FOCI Whitelist).

Eligibility for inclusion on the FOCI Whitelist would be limited to those companies whose ownership is based in countries that are part of the national technology and industrial base (as defined by Section 2500 of Title 10, United States Code). As a result of a 2016 amendment, that statute defines "national technology and industrial base" to mean the persons and organizations that are engaged in research, development, production, integration, services or information technology activities conducted within the United States, the United Kingdom, Australia and Canada. As such, many if not most of existing FOCI-mitigated companies with ownership based in those countries would be eligible for something equivalent to national treatment under the NISP.

Section 1712 would specifically direct the Secretary of Defense, with the concurrence of the U.S. Secretary of State and consultation with the Director of the Information Security Oversight Office (ISOO), to review whether organizations whose ownership or majority control is based in a country that is part of the national technology and industrial base should be exempted from "one or more" of the FOCI requirements of the NISP and report findings to relevant congressional committees. The section goes on to authorize the Secretary of Defense to establish a program and, with the concurrence of the Secretary of State and consultation with the ISOO Director, to maintain a list of organizations that are eligible for an exemption. Authorized eligibility determinations would be on a case-by-case basis, limited to the national technology and industrial base, and granted upon a determination that the exemption:

  • is beneficial to improving collaboration within countries that are a part of the national technology and industrial base
  • is in the national security interest of the United States
  • will not result in a greater risk of the disclosure of classified or sensitive information consistent with the NISP

The new authority would become effective 60 days after the Secretary of Defense submits the required program report. And, if a FOCI Whitelist program is established, each subsequent case-by-case determination could be made effective 30 days after the Secretary of Defense submits to the appropriate congressional committees a written notification of that determination, including a discussion of the issues related to the foreign ownership or control of the organization that were considered as part of the determination.

To the extent that the Secretary of Defense chooses to establish and implement a program under this authority, it has the potential to become a useful feature of a risk-based industrial security program. That is, a FOCI Whitelist would help prioritize and focus government resources responding to foreign investment cases. The FOCI requirements seek to simultaneously reduce the risks of foreign espionage and supply chain dependence. In lower risk cases, having to choose between outright denial of clearance and burdensome mitigation may leave the government with too few options.

There may be legitimate concerns about granting a company's application if, for example, the government suspected that the applicant has used a front company to "rent" a favorable sovereignty, that the company had a questionable record of legal compliance or if approval required a level of continuous oversight that would overly burden government resources. Still, the bill's decision factors regarding collaboration, U.S. national security interests and risk neutrality appear to be workable parameters for building an effective program.

Discretion is typically broad in national security decisions, which explains the statutory preference for case-by-case decisions and a piecemeal approach to exempting "one or more" of the FOCI requirements. So moving forward, a thoughtful and effective program designed with rule of law protections such as decision accountability, transparency and predictability, proportionality and nondiscrimination will be important. Program integrity will be key for the government to successfully grant exceptions to one apparently eligible company while denying them to another. If the program is thoughtfully implemented, it is expected that many cases will present opportunities to review foreign investments from a new perspective, and result in an increase in international collaboration beneficial to U.S. national security.