I. Overview

The U.S. Department of the Treasury proposed regulations on September 17, 2019 designed to further implement the Foreign Investment Risk Review Modernization Act ("FIRRMA").1 The proposed regulations most notably expand the jurisdiction of the Committee on Foreign Investment in the United States ("CFIUS") to review and potentially block or alter foreign non-controlling2 and real estate3 investments in the U.S. Comments to these regulations are due by October 17, 2019, and the final regulations will become effective no later than February 13, 2020.4

The proposed regulations will expand CFIUS's jurisdiction to cover investments by foreign persons in (1) certain non-controlling interests in U.S. businesses involved in critical technology, critical infrastructure, or sensitive personal data and (2) certain real estate transactions. Foreign persons may file a notice or short-form declaration notifying CFIUS of a covered non-controlling investment in a U.S. business or for covered real estate transactions. The proposed rules require a mandatory filing for a foreign person's covered non-controlling investment in a U.S. business when a foreign government has a substantial interest. The proposed regulations do not alter the pilot program that requires mandatory filings for certain transactions5 and also implement additional provisions of FIRRMA6 (including requiring mandatory filings for certain foreign government controlled investments in a U.S. business involved in critical technology, critical infrastructure, or sensitive personal data). CFIUS also continues to review voluntary notices regarding certain transactions that may result in a foreign person gaining control over a U.S. business that may affect national security.

II. Non-Controlling Investments

The proposed regulations expand CFIUS's jurisdiction to certain non-controlling investments by a foreign person that afford the foreign person: access to any material non-public technical information in the possession of the U.S. business; membership or observer rights on the board of directors or equivalent of a U.S. business or the right to nominate an individual to such position; or any involvement, other than through voting shares, in substantive decision-making of the U.S. business regarding critical technologies, critical infrastructure, or sensitive personal data. CFIUS's expanded jurisdiction over certain non-controlling investments only applies to U.S. businesses with critical technologies, critical infrastructure, or sensitive personal data:

1 John S. McCain National Defense Authorization Act of 2019, H.R. 5515, 115th Cong. (2018) (adopted as H.R. Rep. No. 115-847 at 540-608 (2018)).

2 31 C.F.R. part 800, https://home.treasury.gov/system/files/206/Proposed-FIRRMA-Regulations-Part-800.pdf. 3 31 C.F.R. part 802, https://home.treasury.gov/system/files/206/Proposed-FIRRMA-Regulations-Part-802.pdf. 4 U.S. Department of the Treasury, Fact Sheet: Proposed CFIUS Regulations to Implement FIRRMA (Sept. 17, 2019),

https://home.treasury.gov/system/files/206/Proposed-FIRRMA-Regulations-FACT-SHEET.pdf (last visited, Sept. 23, 2019) ("Fact Sheet"). 5 Click here for our November 7, 2018 discussion of the pilot program. 6 Click here for our August 16, 2018 discussion of FIRRMA.

80 Pine Street | New York, NY 10005 | t: +1.212.701.3000 | f: + | Cahill.com

Critical Technologies: CFIUS may review transactions related to U.S. businesses that design, test, manufacture, fabricate, or develop one or more critical technologies . . . . defined to include certain items subject to export controls and other existing regulatory schedules, as well as emerging and foundational technologies controlled pursuant to the Export Control Reform Act of 2018.

Critical Infrastructure: CFIUS may review transactions related to U.S. businesses performing specified functions--owning, operating, manufacturing, supplying, or servicing--with respect to critical infrastructure across subsectors such as telecommunications, utilities, energy, and transportation . . . .

Sensitive Personal Data: CFIUS may review transactions related to U.S. businesses that maintain or collect sensitive personal data that may be exploited in a manner that threatens national security."7

III. Real Estate Transactions

The proposed regulations address real estate transactions near sensitive U.S. facilities, such as certain airports, maritime ports, military facilities, and intelligence locations. Under the proposed regulations, CFIUS's jurisdiction extends to transactions for the purchase, lease, or concession of property near such locations if the transaction "affords the foreign person three or more of the following property rights: to physically access; to exclude; to improve or develop; or, to affix structures or objects."8

IV. Potential Exception

The proposed regulations create an exception from coverage for non-controlling investments in U.S. businesses and for real estate transactions by certain foreign persons based in certain identified countries and having not violated specified U.S. laws, orders, and regulations.9 This exception is not likely to be implemented for at least two years with respect to any specific country.

V. Conclusion

These proposed regulations provide clarity on the expanded jurisdiction of CFIUS under FIRRMA. Their guidance on the categories of the sensitive personal data that may be subject to CFIUS review is particularly helpful. Foreign investors should continue to monitor and consult counsel as the implementation of FIRRMA will continue to expand CFIUS's jurisdiction over a variety of transactions.