Any day now we expect to see President Trump’s signature on the Foreign Investment Risk Review Modernization Act (FIRMMA). On August 1, 2018, the Senate joined the House of Representatives in passing FIRRMA and introduced comprehensive changes to the law governing the Committee on Foreign Investment in the United States (CFIUS). Once enacted, certain provisions will take effect immediately; however, other provisions of the legislation (including the one that expands the scope of what constitutes a “covered transaction”) will be finalized over time via the rulemaking process.

Under the current framework, CFIUS has the jurisdiction to review almost any foreign investment transaction associated with a U.S. company that may have an impact on national security. Specifically, during the review process, CFIUS determines whether the foreign investment is a “covered transaction” and considers whether the transaction raises potential critical infrastructure implications or U.S. national security concerns, especially in regards to transferring technology or related funds to a sanctioned country, or a foreign competitor, as a result of a foreign person’s control over a U.S. business.

FIRRMA strengthens the acquisition review process of U.S. businesses, and also creates some new export control authority. Specifically, the new legislation expands the types of transactions that CFIUS may review to include additional categories of “covered transactions,” such as: (i) real estate transactions, (ii) changes in rights of foreign person with respect to its investment in a U.S. business, (iii) transactions structured to evade and circumvent CFIUS review, and (iv) many non-controlling investments into critical infrastructure companies, businesses that develop or make critical technologies, and companies that maintain or collect personal data of U.S. citizens.

As a result of this expansion, CFIUS would have the authority to review acquisition of a critical technology company, which is a business that “produces, designs, tests, manufactures , or develops one or more critical technologies, or a subset of such technologies, as defined by regulations prescribed by the Committee.” This is a very broad definition that encompasses certain articles and technologies controlled under the International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR). Further, FIRRMA gives the CFIUS authority over technology transfer transactions between U.S. companies and foreign entities outside the U.S. or in the U.S. – if the latter involves an entity owned or controlled by foreign persons. Critical technology also includes” emerging and foundational technologies” which were identified in the Export Controls Act of 2018 (ECA). The ECA primarily codified the U.S. Department of Commerce’s Export Administration Regulation, but the bill also required the Department of Commerce to establish export controls on “emerging and foundational technologies,” which are considered as sensitive technologies not currently captured under the regulations. Under the ECA, the Department of Commerce, Defense, State, and Energy, as well as any other relevant departments, will spearhead and establish an interagency process to identify emerging critical technologies through various avenues, such as a CFIUS review. Such technologies will likely be subject to export licensing requirements. The exact requirements and review process will be established in regulations to come.

Unlike the previous goal under Obama to simplify the export process, under FIRRMA, CFIUS in effect becomes an export control agency, adding additional complexity to the process. The Committee would be empowered to review any arrangement or contribution involving potential transfer of technology or intellectual property to a foreign person inside or outside the U.S. while FIRRMA adds a significant expansion of jurisdiction over, and review of domestic transactions. Under the ITAR and EAR, a “U.S. Person” includes “any corporation, business association, partnership, society, trust, or any other entity, organization or group that is incorporated to do business in the United States” – even if it is owned in whole or part by a foreign entity. Under the new legislation CFIUS would have jurisdiction over acquisitions and technology transfers between a U.S. company and a domestic company owned or controlled by a foreign entity. “Controlled” in this instance could be less than 50% foreign ownership.

As mentioned above, CFIUS would add companies dealing in emerging technologies to the definition of a critical technology company. Under FIRRMA this is any technology “essential for maintaining or increasing the technological advantage of the U.S. over countries of special concern, with respect to national defense, intelligence, or other areas of national security, or gaining such an advantage over such countries in areas where an advantage may not currently exist.” This is also a broad definition. It may include technologies such as robotics, artificial intelligence and biotechnology. Some of these technologies are currently either subject to minimal export controls, or no controls at all. CFIUS could possibly be reviewing technology transfers to companies in the U.S. that have controlling foreign ownership of technologies falling under ECCNs with AT controls or even EAR99.

None of the mechanisms for these controls have been worked out. First, the FIRRMA legislation must be signed by the President. Next, for certain provisions of the legislation, the relevant agencies must develop and implement regulations through the formal rulemaking process before making them final. This process could take a year or more. After that, companies should prepare for increased surveillance of foreign and domestic technology transfers and a greatly increased role of the Committee on Foreign Investment in the United States.