United States

The United States’ foreign direct investment review mechanism is the Committee on Foreign Investment in the United States, an intergovernmental entity known as CFIUS (or the Committee). CFIUS serves as the US government’s gatekeeper for any foreign investment in the United States that could pose national security concerns.

History and composition (1975 to 2020)

CFIUS is an interagency committee comprised of 16 US federal agencies. The Secretary of the Treasury serves as the CFIUS chairperson, and key support is provided by the Departments of Defense, Commerce, State, Justice and Energy. Substantively, the CFIUS review involves the federal agencies collectively reviewing a transaction, assessing both the ‘vulnerability’ presented by the US business being acquired and the ‘threat’ posed by the acquiring non-US entity. ‘Vulnerability’ measures how sensitive the US business is from a national security perspective, weighing factors such as the defence, high-tech and infrastructure uses of its products and services, any US government dependencies on its production and its overall market share in sensitive sectors. ‘Threat’ examines the ownership of the non-US investor, its ties to non-US governments, its likely commercial and non-commercial interests in the transaction, and its intentions with respect to the US business, among other factors.

The basic structure of the Committee was established in 1975 by Executive Order 11858. The founding premise of CFIUS remains the same, as it was initially designed as a mechanism within the US government’s executive branch to monitor the effects of foreign investment in the United States.[2] The Committee adopted a more active role in 1988 with the passing of the Exon-Florio amendment to the Defense Production Act of 1950 (Exon-Florio). Exon-Florio granted the President the authority to block foreign mergers, acquisitions and takeovers that threatened the national security of the United States.[3] The 1993 Byrd Amendment further expanded the scope of CFIUS to include a specific focus on the threat from foreign government investment, including state-owned and controlled entities.[4] The CFIUS regime underwent another major overhaul and expansion in the wake of Dubai Ports World’s attempted purchase of certain US commercial port operations in 2006.[5] The enactment of the Foreign Investment and National Security Act of 2007 (FINSA) overhauled the existing CFIUS regime and significantly expanded CFIUS’s authority and presence.

After the enactment of FINSA, the focus of the national security discourse in the United States gradually shifted to the question of China.[6] These trends culminated in the passage of the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), which brought yet another expansion in CFIUS’s authority, and significant changes to the regulatory process itself. Among other changes, FIRRMA formally expanded CFIUS’s jurisdiction and implemented mandatory filing requirements, as well as penalties for failure to file. The new mandatory filing requirements constituted a significant departure from the historically voluntary CFIUS notification process.[7]

The review process – anatomy of a CFIUS filing

Although CFIUS review is mandatory in some cases, most reviews are sought voluntarily by the parties to a transaction to seek comfort that the US government cannot unwind or alter the transaction post-closing. In instances where the parties do not voluntarily seek CFIUS review, CFIUS has the authority to initiate a review directly.

In the event that the parties to a transaction make a CFIUS filing, the length of the review process is largely dictated by the type of filing: whether the parties submit a short-form declaration or a long-form notice (joint voluntary notification). The review process timelines for each type of filing are established under statute. For both types, the process begins with the collection and submission of information about the transaction and the involved parties, including the US business’s products, services and customers, and the non-US buyers’ ownership, intentions and connections to non-US governments.

For full notices, the initial review period is 45 days; for declarations, the initial review period is 30 days. During the review period, CFIUS will usually pose two or three rounds of questions to the parties that focus on the key national security issues raised by the transaction. For notices, at the end of the 45-day period, CFIUS may clear the transaction or initiate a secondary review known as a national security investigation.[8] For declarations, at the end of the 30-day period, CFIUS can close the review and clear the transaction, direct the parties to the full notice process, or close the review without taking action, not granting a safe harbour but leaving the parties to make a full notice filing if desired.[9]

For full notice reviews, the national security investigation is 45 days, added to the initial 45-day review period for a total review period of 90 days, plus a potential 15-day extension by CFIUS in some cases. This additional review has often been used to give CFIUS more time to conduct its due diligence. CFIUS may pose additional rounds of questions during this time or initiate discussions regarding potential mitigation measures. Typically, the 15-day extension is only used in ‘extraordinary’ circumstances and is usually reserved for final negotiation of mitigation measures.

The potential outcomes of a CFIUS review are limited in number. If the Committee does not identify any national security concerns, it will ‘clear’ a transaction and issue an official letter notifying the parties that the review has concluded and no national security concerns have been identified. If CFIUS identifies national security concerns with a transaction, the Committee will likely seek to negotiate measures to mitigate those concerns. These mitigation negotiations, if successful, result in the parties, and CFIUS, entering into a mitigation agreement. In very rare cases, notably, in which a mitigation agreement has not been reached or the national security concerns identified by CFIUS cannot be resolved through mitigation, the Committee may recommend to the President to block or unwind a transaction.

CFIUS – jurisdiction and filing criteria

The CFIUS regulations are set out in 31 CFR Part 800 (Regulations Pertaining to Certain Investments in the United States by Foreign Persons) and 31 CFR Part 802 (Regulations Pertaining to Certain Transactions by Foreign Persons Involving Real Estate in the United States).[10] Under these regulations, CFIUS has jurisdiction (i.e., the legal authority) to review transactions in which a non-US person or entity acquires ownership or control, either directly or indirectly, of a US business or real estate. In certain limited instances, non-controlled investments by foreign persons that confer specific access to US entities may also fall within CFIUS’s jurisdiction. Note that CFIUS’s jurisdiction does not necessarily mean that a notification is required or mandatory. As discussed herein, most CFIUS filings are voluntary and the Committee is notified by the parties seeking comfort that their proposed transaction may close without the US government raising national security concerns that require mitigation.

Specifically, CFIUS has jurisdiction to review covered control transactions, covered investments and covered real estate transactions.

Covered control transaction

This applies to any acquisition by a non-US entity that could result in ‘control’, whether directly or indirectly, over any US business (a business engaged in interstate commerce in the United States) by a non-US person.[11] ‘Control’ is broadly defined and is not limited to majority ownership, but rather includes any:

power, direct or indirect, whether or not exercised, through the ownership of a majority or a dominant minority of the total outstanding voting interest in an entity, board representation, proxy voting, a special share, contractual arrangements, formal or informal arrangements to act in concert, or other means, to determine, direct, or decide important matters affecting an entity.[12]

Covered investment

This is any acquisition by a non-US entity, whether directly or indirectly, of a non-controlling investment in a technology, infrastructure and data (TID) US business[13] if that investment could provide a non-US investor with (1) access to any material non-public technical information in the possession of the TID US business, (2) membership, observer or nomination rights for the board of directors or equivalent governing body of the TID US business, or (3) any involvement in substantive decision-making of the TID US business regarding critical technology, critical infrastructure or sensitive personal data.[14] TID US businesses are discussed in more detail below.

Covered real estate transaction

This pertains to any acquisition by a non-US entity, whether directly or indirectly, of rights in real estate that functions as part of a covered port or airport or is located within close proximity (less than one mile) or the extended range (between one and 99 miles) of certain specified military and other sensitive US government installations as identified in the Part 802 regulations.[15] Real estate located in a designated urban area is only subject to the close proximity threshold, and covered real estate jurisdiction does not apply in certain cases, such as leases and concessions of real estate that ‘may be used only for the purposes of engaging in the retail sale of consumer goods or services to the public’.[16]

TID US businesses – CFIUS’s primary national security concern

With the passage of FIRRMA in 2018, specific areas of national security concern were expressly codified in the regulations. Specifically, CFIUS identified US businesses engaged in critical technologies, critical infrastructure and sensitive personal data, and thus introduced the concept of the TID US business.[17] A TID US business is defined as any US business that produces, designs, tests, manufactures, fabricates or develops any critical technology; is involved with critical infrastructure; or maintains or collects sensitive personal data.[18]

Critical technologies

Critical technologies are defined primarily through reference to the United States’ export controls laws and regulations, notably the International Traffic in Arms Regulations[19] (ITAR) and the Export Administration Regulations[20] (EAR). Critical technologies are defined as (1) defence articles or services included on the United States Munitions List set forth in the ITAR, (2) items included on the Commerce Control List set forth in the EAR and controlled pursuant to multilateral regimes (including for reasons of national security, chemical and biological weapons proliferation, nuclear non-proliferation, or missile technology) or for reasons concerning regional stability or surreptitious listening, (3) certain nuclear equipment, facilities, components, materials, software and technologies, and (4) certain agents and toxins.[21] Critical technologies also include emerging and foundational technologies controlled under Section 1758 of the Export Control Reform Act of 2018, which to date have been designated through multilateral and unilateral export controls on items such as geospatial imagery, hybrid additive manufacturing and sub-orbital spacecraft.[22]

Critical infrastructure

Critical infrastructure is defined as being ‘so vital to the United States that the incapacity or destruction of such systems or assets would have a debilitating impact on national security’ and is codified in Appendix A to 31 CFR Part 800.[23] In general, critical infrastructure includes ‘traditional’ critical infrastructure such as public utilities and transportation installations, airports and marine ports. CFIUS’s expansive view of critical infrastructure also includes communications network infrastructure, businesses that provide priority products and services to the US government, and highly regulated systemic infrastructure such as certain financial entities.[24]

Sensitive personal data

Sensitive personal data is personally identifiable data maintained or collected by a US business that may be exploited in a manner that threatens national security. Examples of sensitive personal data, for CFIUS purposes, include certain types of financial data, biometrics, personal health data and geolocation data, among other categories.

To constitute a TID US business, the sensitive personal data in question must be identifiable such that the data ‘can be used to distinguish or trace an individual’s identity’ and includes ‘aggregated or anonymized data’ where ‘the ability to disaggregate or de-anonymize’ is preserved.[25] Further, the CFIUS regulations stipulate that, to constitute a TID US business, the entity engaged with the sensitive personal data must (1) target or tailor products or services to national security-oriented US government agencies or contractors, (2) except for identifiable genetic data (for which there is no threshold volume), maintain or collect such data on more than a million individuals at any point during the preceding 12 months, or (3) have a demonstrated business objective to maintain or collect such data on more than a million individuals. Further, the data collected must be an integrated part of the US business’s primary products or services. Sensitive personal data does not include data maintained or collected by a US business concerning its employees unless the employees are US government contractors with personnel security clearances. Additionally, data contained in the public record is exempt.[26]

CFIUS notification requirements: mandatory versus voluntary

Whether a CFIUS filing is mandatory or voluntary is based on a given trans­action’s specific circumstances and nature, including its nexus to certain areas of national security concern.

Mandatory filings

Mandatory CFIUS filings are generally required in one of two instances: control of a critical technology TID US business (investments by non-US entities in TID US businesses that produce, design, test, manufacture, fabricate or develop critical technologies in connection with certain sensitive industries) or substantial government interest (minority investments, directly or indirectly, by foreign government entities that result in the foreign government gaining a substantial interest in the TID US business).

There are two aspects of the ‘control’ analysis: (1) if a US regulatory authorisation, such as a licence under the ITAR or EAR, would be required for the non-US entities involved in the transaction to receive the critical technology; and (2) a non-US person would gain certain rights, powers or access to the TID US business. These rights not only include the ability to control the US business but also lesser rights such as board membership, access to non-public technical information, or critical technology-related decision-making.[27]

A ‘substantial interest’ would be an investment by a non-US entity of which 49 per cent or more is owned by a non-US government that results in the investing entity gaining an interest of 25 per cent or more in a TID US business. For non-US entities organised as a partnership or similar entity, the 49 per cent analysis is applied to the general partner, managing member or equivalent of that non-US entity.[28]

Failure to file for transactions that meet the mandatory filing criteria may result in a civil penalty of US$250,000 or the value of the transaction, whichever is greater.[29] It can also result in an elevated risk that CFIUS will initiate a post-closing review of the transaction, unwind the transaction or cause significant financial disruption and reputational damage to the parties.

Only transactions involving TID US businesses are subject to CFIUS’s mandatory filing requirement. Investments in or acquisitions of non-TID US businesses and covered real estate transactions are not subject to mandatory filing requirements and, accordingly, absent a CFIUS directive to file, may only be notified voluntarily.

Voluntary filings

As noted above, even when a mandatory filing is not required, a voluntary filing may be advisable and appropriate in certain circumstances, depending on the nature of the transaction and potential national security concerns. The decision whether to make a voluntary CFIUS filing is fundamentally a calculated analysis of evaluating the burden, cost and intrusiveness of securing CFIUS clearance through the review process against the commercial risks of a potential post-closing CFIUS intervention. In a voluntary filing situation, there is no statutory penalty for choosing not to notify CFIUS. However, CFIUS has the authority to direct a review of non-notified transactions, even after a transaction closes. CFIUS-initiated reviews of non-notified transactions can result in, among other things, the Committee directing the parties to submit a CFIUS notice, negotiation of mitigation measures or, in extreme cases, blocking or unwinding a trans­action after it has closed.

Mitigation measures

In the event that the Committee identifies national security concerns, the parties may negotiate mitigation measures with CFIUS to address those concerns. The details of mitigation agreements rarely become public, but the Committee’s approach to negotiating agreements is driven by the US business’s ‘vulnerability’ and the ‘threat’ posed by the non-US investor. For example, if the US business is a ‘single qualified source’ for a US government contract, then the Committee may seek to establish a supply assurance to secure the provision of the contracted good or service.[30] Mitigation agreements that focus on the ‘threat’ posed by the non-US investor often draw from the Defense Counterintelligence and Security Agency’s framework to mitigate foreign ownership, control or influence, guided by the National Industrial Security Program Operating Manual.[31] The Committee can apply a variety of measures from this framework, including limiting access to certain facilities to US citizens only, limiting supervision or management of certain contracts or business units to US citizens and mandating cybersecurity measures in areas such as access controls, user controls and credential management. Mitigation agreements, or national security agreements, are negotiated and executed by all parties to the underlying CFIUS notification, as well as the US government. The duration of the agreements is dictated by the specific national security concern identified but most are in place for at least several years.

Key CFIUS topics in 2021

Effect of the covid-19 pandemic

The covid-19 pandemic initially caused a slowdown with respect to the CFIUS process, with a global reduction in deal flows during the course of 2020.[32] Further, in the early stages of the pandemic, CFIUS, parties and outside counsel were all forced to adapt to the challenges of the remote working environment. Transactions involving classified information posed special challenges for the purposes of review and discussion. Ultimately, however, the CFIUS process itself was largely unaffected, with the Committee and its member agencies adapting to a remote working environment as necessary.

Special purpose acquisition companies

Special purpose acquisition companies (SPACs) are shell companies that are formed by ‘sponsors’ to raise capital in an initial public offering (IPO), with the intent of using the IPO proceeds to acquire an unidentified private company within a specified time frame (typically 18 months to two years) and effectively take that private company public. The IPO proceeds are held in a trust account until the SPAC identifies and acquires a target. A ‘de-SPAC’ occurs when the SPAC and target complete a business combination. Generally, a CFIUS assessment should be conducted for any SPAC IPO or de-SPAC involving a non-US sponsor, a substantial government interest or a target with a TID US business. As noted above, even when the one of the parties (including the SPAC or the target) is a non-US incorporated entity, any US business being targeted could implicate CFIUS jurisdiction. Failure to account properly for the possible effects of national security risk on a transaction can have a negative effect on the aims of a SPAC and bring unwelcome publicity, scrutiny and reputational damage.

Private equity and venture capital investment funds

Private equity and venture capital investment funds can raise issues from a CFIUS perspective, such as whether a fund is a non-US entity or would otherwise qualify for an exemption from CFIUS jurisdiction. From a CFIUS perspective, these structures can potentially be challenging in terms of complex ownership structures, transparency and minority investor rights. An investment fund is not a ‘foreign person’ under the CFIUS regulations if (1) the ‘fund’s activities are primarily directed, controlled, or coordinated by or on behalf of the general partner, managing member, or equivalent’ from a location in the United States, or (2) US nationals ultimately own a majority of the equity interest in the fund.[33] Notably, the CFIUS regulations include an investment funds exception for certain indirect investments in a TID US business.[34] The exception is available only with respect to passive investment by non-US limited partners (or their equivalent) on an advisory board or a committee of the fund and only if all the criteria are met. The criteria include, among other things, that a general partner or equivalent exclusively manages the fund, and that a limited partner, by nature of its advisory board or committee membership, has no ability to control the fund, no involvement in decision-making, and no access to material non-public technical information. This is one of the few exemptions from CFIUS jurisdiction that is statutorily codified in the regulations.

Joint ventures

While the scope and operations of cross-border joint ventures (JV) can lie entirely outside the United States, JVs have long been expressly within CFIUS’s jurisdiction. In the context of a JV, contributing a ‘US business’, which as noted above is broadly defined under the CFIUS regulations, could include ‘intellectual property and other intangible assets required to manufacture’ goods.[35] As with all CFIUS analyses, whether to notify CFIUS of a proposed JV is an intensely fact-intensive inquiry. A recent example of the CFIUS risk posed by a JV is the Ekso-Zhejiang matter, in which CFIUS blocked a joint venture between Ekso Bionics, a US exoskeleton robotics development company, and Chinese investors.[36]

Excepted foreign investors and the proliferation of national security-based investment regimes

While CFIUS has not officially identified specific countries as posing heightened risk, interestingly, the modern CFIUS process provides some accommodations for investors from US allies, specifically, ‘excepted investors’ from ‘excepted foreign states’. As of 13 February 2020, the Treasury Department designated Australia, the United Kingdom and Canada as excepted foreign states.[37] Investors from these three countries may benefit from a limited exemption in CFIUS’s jurisdiction, provided significant criteria are met. CFIUS has not granted a permanent exemption, however. Starting in 2022, excepted foreign states will have to satisfy CFIUS’s determination that the country ‘is utilizing a robust process to assess foreign investments for national security risks and to facilitate coordination with the United States on matters relating to investment security’.[38]

Excepted foreign investors are exempted from CFIUS’s ‘expanded’ jurisdiction over non-controlling covered investments in TID US businesses and covered real estate transactions and are only subject to CFIUS’s ‘control’-based jurisdiction discussed above.[39] The excepted foreign investor criteria require that the investor’s legal organisation and principal place of business be in the United States or an excepted foreign state, and thresholds to be set for the investor’s board seats and ownership interests to be held by nationals or entities from the United States or an excepted foreign state.[40]

CFIUS’s increased focus on non-notified transactions

FIRRMA greatly increased CFIUS’s resources to identify non-notified transactions. Specifically, the Treasury Department’s Office of Investment Security Monitoring and Enforcement, which is responsible for identifying transactions not notified to CFIUS, but which may pose national security concerns, was established.[41] The Office uses various means to identify transactions, including tips from the public, interagency referrals, media reports, commercial databases and congressional notifications.[42]

This increased scrutiny is evidenced by CFIUS’s 2020 Annual Report, in which for the first time, CFIUS included information about covered transactions that were not notified to CFIUS. In 2020 alone, 117 non-notified transactions were identified; of these, the parties in 17 transactions were directed to submit a post-closing filing. The CFIUS is committed to proactive monitoring and enforcement and, as a result, the continued aggressive pursuit of non-notified transactions appears likely.[43] The Annual Report also noted that potential methods for improving identification of non-notified and non-declared transactions include increasing training of staff across CFIUS member agencies to enhance coordination as well as increasing public awareness of the CFIUS ‘tip’ mailbox.[44]

Case studies

Critical technology

Boston Dynamics Inc

In late 2020, Hyundai Motor Group, a South Korean entity, entered into an agreement with SoftBank Group Corp, the Japanese investment company, to acquire a controlling interest in Boston Dynamics for US$1.1 billion.[45] Boston Dynamics is an American robotics company based in Waltham, Massachusetts, and focused on commercial robotics, including warehouse and public safety operations. Post-closing, Hyundai Motor Group and SoftBank held stakes in Boston Dynamics of, respectively, approximately 80 per cent and approximately 20 per cent.[46] Notably, CFIUS approval was a closing condition of the transaction between the parties.[47]

Robotics is an example of an ‘emerging technology’ of interest to CFIUS. When designated under formal export controls, emerging technologies can trigger CFIUS’s mandatory filing requirement as critical technology. However, transaction parties should expect CFIUS to turn its attention to any trans­action involving technologies identified in the Commerce Department’s November 2018 advanced notice of proposed rule-making (ANPRM). The ANPRM specifically notes biotechnology, artificial intelligence and robotics as examples of such technologies. Transaction parties in robotics and other ‘emerging’ technology areas should monitor regulations and developments to properly account for the possible national security risk posed by such transactions.

Critical infrastructure

Competitive Power Ventures Group

Kenon Holdings Ltd (Kenon), a subsidiary OPC Energy Ltd (OPC), announced the execution of an agreement to acquire Competitive Power Ventures group (CPV) from Global Infrastructure Management, LLC.[48] Kenon, a Singaporean holding company, includes in its portfolio OPC Energy, an operator of power generation facilities in the United States and Israeli power markets.[49] CPV is an electric power generation and asset management company that is ‘engaged in the development, construction and management of renewable energy and conventional energy (natural gas-fired) power plants in the United States’.[50] Kenon filed the proposed acquisition with CFIUS in October 2020 and the Committee approved it in January 2021. Critical infrastructure has been a core national security concern for CFIUS for decades, notably, dating back to the Dubai Ports World matter.[51]

CFIUS is not only concerned with public utilities and transportation installations but also communications network infrastructure, businesses that provide priority products and services to the US government, and highly regulated systemic infrastructure such as certain financial entities.[52] Transaction parties in which critical infrastructure may be implicated should conduct rigorous due diligence regarding their investors and be prepared to file a notice with the Committee.

Sensitive personal data

Grindr LLC

In 2019, the Committee raised concerns about China’s harvesting of US citizens’ personal data through the popular dating app Grindr LLC (Grindr).[53] The app is one of the largest social networking apps and is used by more than three million daily users.[54] Grindr collects a variety of sensitive personal data that could ultimately pose privacy and security risks, including private chats, photographs, information about sexual orientation, HIV status and geolocation of the user’s mobile device.[55] A Chinese company, Beijing Kunlun Tech Co Ltd (Kunlun), acquired a majority stake in Grindr in 2016 and the remaining interest in 2018 without notifying CFIUS of the transaction.[56] In 2019, the Committee independently investigated the acquisition and raised concerns about Kunlun’s access to sensitive personally identifiable data of US citizens collected through the app.[57] Ultimately, Kunlun divested itself from Grindr because of the Committee’s concerns.[58]

The Committee’s response to the acquisition of Grindr reflects concerns that such personally identifiable data could be used to exploit US citizens, in particular those in sensitive national security positions.[59] More broadly, companies that collect data should remain alert to the evolving definition of sensitive personal data, threats associated with it and how it affects foreign direct investment. Grindr also serves as a warning to companies that closed transactions are not off-limits to CFIUS.

Conclusion

CFIUS has evolved significantly during the past 50 years to maintain its role in safeguarding US national security interests in the foreign investment space. The Committee has grown significantly from its roots as a mechanism focused primarily on transactions involving defence-related companies, to encompassing robotics, social media and telecommunications infrastructure. Further, CFIUS’s jurisdiction and resources have expanded significantly to keep pace with changes in the structure and complexity of foreign investment vehicles. Transaction parties, investors and companies should consult their CFIUS counsel to gain a fulsome understanding of CFIUS, the review process and how to account effectively for national security risk in their transactions. When transaction parties are properly guided through the process by their CFIUS counsel, the safe harbour acquired through the CFIUS process can eliminate a significant source of commercial risk and uncertainty.


Notes

1 Karina A Bashir, Christine L Chen and Holly E Bauer are associates, Laurence R Hull is a senior associate and Renée A Latour is a partner at Clifford Chance.

2 James K Jackson, ‘The Committee on Foreign Investment in the United States, Congressional Research Service’, 1, 5 (2020), https://sgp.fas.org/crs/natsec/RL33388.pdf.

3 id. at 7.; 50 U.S.C. app. § 2170 (1988).

4 P.L. 102–484, 23 October 1992.

5 Jonathan Weisman and Bradley Graham, ‘Dubai Firm to Sell U.S. Port Operations’, The Washington Post (10 March 2006), p. A1.

6 Senator John Cornyn, one of the authors and sponsors of the Foreign Investment Risk Review Modernization Act of 2018 [FIRRMA], speaks on this issue and how the 2017 version of the report on Defense Innovation Unit Experimental (established by the US Ministry of Defense) influenced the earlier versions of the bill’s text. See Kate O’Keeffe and Siobhan Hughes, ‘Congress to Toughen Foreign Investment Reviews Amid Trade Fight With China’, Wall Street Journal (19 July 2018), https://www.wsj.com/articles/congress-to-step-up-curbs-on-chinese-deals-with-sweeping-changes-to-u-s-foreign-investment-reviews-1532025093.

7 Federal Register, Vol. 83 No. 197 (11 October 2018), p. 51322.

8 31 CFR 800.503.

9 31 CFR 800.405.

10 This does not include the now defunct Pilot Program to Review Certain Transactions Involving Foreign Persons and Critical Technologies (31 CFR Part 801), which was incorporated in the general CFIUS regulations.

11 31 CFR 800.301.

12 31 CFR 800.208.

13 A TID (technology, infrastructure and data) business is defined as any US business that produces, designs, tests, manufactures, fabricates or develops any critical technology; is involved in certain specified ways with critical infrastructure; or maintains or collects sensitive personal data. 31 CFR 800.401.

14 31 CFR 800.211.

15 id.

16 31 CFR 802.216.

17 The US Treasury Department implemented the current version of the CFIUS regulations on 13 February 2020. These regulations incorporated the former Critical Technology Pilot Program, which identified 27 industries deemed to be ‘critical technologies’ and required mandatory CFIUS filings for foreign investments in those industries. James K Jackson, ‘The Committee on Foreign Investment in the United States’, Congressional Research Service (14 February 2020), https://sgp.fas.org/crs/natsec/RL33388.pdf; 31 CFR 800.401.

18 31 CFR 800.401.

19 22 CFR, Parts 120–30.

20 15 CFR, Parts 730–74.

21 31 CFR 800.215.

22 See 85 FR 459, 85 FR 62583.

23 See 31 CFR 800.214. FIRRMA and the Foreign Investment and National Security Act of 2007 [FINSA] borrowed the language of ‘critical infrastructure’ from the PATRIOT Act of 2001 and the Homeland Security Act of 2002, which defines ‘critical industries’ as ‘systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters

24 31 CFR 800.214.

25 31 CFR 800.226.

26 31 CFR 800.241.

27 31 CFR 800.401, 800.211.

28 id.

29 31 CFR 800.901.

30 31 CFR 800.502(c)(3)(v)(B).

31 32 CFR 117.

32 Fareed Sahloul, ‘Coronavirus Pandemic Drags Global M&A to Lowest Level Since 2012’, Bloomberg (30 June 2020), https://www.bloomberg.com/news/articles/2020-06-30/coronavirus-pandemic-drags-global-m-a-to-lowest-level-since-2012.

33 31 CFR 800.220, 800.224, 800.239.

34 31 CFR 800.307.

35 31 CFR 800.302, Example 10.

36 Katy Stech Ferek, ‘U.S. Panel Orders Breakup of California Exoskeleton Firm’s Venture With Chinese Investors’, Wall Street Journal (20 May 2020), https://www.wsj.com/articles/u-s-panel-orders-breakup-of-california-exoskeleton-firms-venture-with-chinese-investors-11590019513.

37 US Department of the Treasury, ‘CFIUS Excepted Foreign States’, https://home.treasury.gov/policy-issues/international/the-committee-on-foreign-investment-in-the-united-states-cfius/cfius-excepted-foreign-states; see also, ‘Five Eyes Intelligence Oversight and Review Council (FIORC)’, Office of the Director of National Intelligence, https://www.dni.gov/index.php/ncsc-how-we-work/217-about/organization/icig-pages/2660-icig-fiorc.

38 31 CFR 800.1001, 800.218.

39 31 CFR 800.219. CFIUS’s jurisdiction is discussed below.

40 id.

42 id.

44 id.

45 Press Release, Boston Dynamics, ‘Hyundai Motor Group to Acquire Controlling Interest in Boston Dynamics from SoftBank Group’ (11 December 2020), https://www.bostondynamics.com/hyundai-press-release.

46 Press Release, Boston Dynamics, ‘Hyundai Motor Group Completes Acquisition of Boston Dynamics from SoftBank’ (21 June 2021), https://www.bostondynamics.com/hyundai-motor-group-completes-acquisition.

47 Brian Heater, ‘Following Hyundai Acquisition, Boston Dynamics’ CEO Discusses the Robotics Pioneer’s Future’, TechCrunch (16 December 2020), https://techcrunch.com/2020/12/16/following-hyundai-acquisition-boston-dynamics-ceo-discussing-the-robotics-pioneers-future/.

48 Kenon Holdings Ltd, ‘Kenon’s Subsidiary OPC Announces Agreement to Acquire CPV Power Business in the United States’ (12 October 2020), https://www.prnewswire.com/il/news-releases/kenons-subsidiary-opc-announces-agreement-to-acquire-cpv-power-business-in-the-united-states-301150027.html.

51 Jonathan Weisman and Bradley Graham, ‘Dubai Firm to Sell U.S. Port Operations’, The Washington Post (10 March 2006). p. A1.

52 31 CFR 800.214.

53 Yuan Yang and James Fontanella-Khan, ‘Grindr sold by Chinese Owner After US National Security Concerns’, Financial Times (7 March 2020), https://www.ft.com/content/a32a740a-5fb3-11ea-8033-fa40a0d65a98.

54 Kori Hale, ‘Grindr’s Chinese Owner Sells Gay Dating App Over U.S. Privacy Concerns For $600 Million’, Forbes (26 March 2020), https://www.forbes.com/sites/korihale/2020/03/26/grindrs-chinese-owner-sells-gay-dating-app-over-us-privacy-concerns-for-600-million/?sh=2d6b2237551c.

55 Robert Kim, ‘Analysis: CFIUS Scrutiny Forces Chinese Sale of Grindr’, Bloomberg Law (16 April 2019), https://news.bloomberglaw.com/bloomberg-law-analysis/analysis-cfius-scrutiny-forces-chinese-sale-of-grindr.

56 Carl O’Donnell, et al. ‘Exclusive: Told U.S. security at risk, Chinese firm seeks to sell Grindr dating app’, Reuters (27 March 2019), https://www.reuters.com/article/us-grindr-m-a-exclusive/exclusive-told-u-s-security-at-risk-chinese-firm-seeks-to-sell-grindr-dating-app-idUSKCN1R809L.

57 James K Jackson, op. cit. (footnote 2, above).

58 id.

59 James K Jackson, op. cit. (footnote 2, above).

Unlock unlimited access to all Global Competition Review content