United States: CFIUS Takes Centre Stage Amid Surge in Activity

This is an Insight article, written by a selected partner as part of GCR's co-published content. Read more on Insight

Overview

The Committee on Foreign Investment in the United States (CFIUS) is an interagency committee, chaired by the US Department of the Treasury, that has broad powers to review foreign investments in and acquisitions of US businesses to determine the potential impact on US national security. The Committee has a heightened focus on specific investments in certain US businesses that involve critical technology, critical infrastructure, and sensitive personal data.

Committee Structure

The Committee is composed of the heads of nine departments and offices, including the Departments of the Treasury, Justice, Homeland Security, Commerce, Defense, State, and Energy, and the Offices of the US Trade Representative and Science & Technology Policy. Certain White House offices also observe and participate in CFIUS reviews, and the Director of National Intelligence and the Secretary of Labor are non-voting members of the Committee.

Legislative and Regulatory Framework

Section 721 of the Defense Production Act of 1950, as amended (Section 721),[2] governs CFIUS, which has been implemented by several executive orders and regulations at Chapter VIII of Title 31 of the Code of Federal Regulations (CFR). Section 721 gives the US President the authority to review, modify, suspend, or prohibit certain ‘covered’ transactions in accordance with national security concerns.

Informally and through executive orders, the Biden administration has instructed CFIUS to protect key sectors, including those involving sensitive personal data of US citizens, critical technology, and infrastructure, as well as the resilience of critical supply chains. This has resulted in CFIUS looking at national security risk more broadly, though its mandate has not changed.

Jurisdiction

There are two sets of implementing regulations for CFIUS. The first (at 31 CFR Part 800) covers the majority of CFIUS’ jurisdiction to review majority and minority investments in US businesses. The second (at 31 CFR Part 802) covers CFIUS’ jurisdiction to review certain real estate transactions.

31 CFR Part 800 implements CFIUS’ jurisdiction to review majority and certain minority investments, which are considered ‘covered transactions’. The CFIUS regulations cover two types of covered transactions: ‘covered control transactions’ and ‘covered investments’.

A covered control transaction means ‘any transaction . . . by or with any foreign person that could result in foreign control of any US business, including such a transaction carried out through a joint venture’.[3] In determining whether a transaction constitutes a ‘covered control transaction’, CFIUS will assess whether a non-US person will have the ability ‘to determine, direct, take, reach, or cause decisions’ related to certain ‘important matters affecting an entity’. The control determination is a fact-specific analysis, and no single factor is dispositive for determining control. Additionally, depending on the governance and other rights to be acquired, minority investments also can be seen as affording a non-US person ‘control’ and therefore can be subject to CFIUS’ jurisdiction for review as a covered control transaction. It is possible (and common) for CFIUS to determine that an investment confers ‘control’ for CFIUS purposes at levels of investment (on a percentage basis) that would not be considered to confer control as that term is commonly understood.

The CFIUS regulations include a detailed discussion of rights that CFIUS considers to be indicia of control. They include the power, direct or indirect, whether or not exercised, to determine, direct, or decide important matters affecting an entity, such as:

  • the sale, lease, mortgage, pledge, or other transfer of any of the tangible or intangible principal assets of the entity;
  • the reorganisation, merger, or dissolution of the entity;
  • major expenditures or investments, issuances of equity or debt, or dividend payments by the entity, or approval of the operating budget of the entity;
  • the selection of new business lines or ventures that the entity will pursue;
  • the entry into, termination, or non-fulfilment by the entity of significant contracts; or
  • the appointment or dismissal of officers or senior managers.[4]

In contrast, there are also certain rights (described as ‘minority shareholders protections’ in the CFIUS regulations) that will not in themselves be deemed to confer control for purposes of determining CFIUS jurisdiction. They include:

  • the power to prevent the sale or pledge of all or substantially all of the assets of an entity or a voluntary filing for bankruptcy or liquidation;
  • the power to prevent an entity from entering into contracts with majority investors or their affiliates;
  • the power to prevent an entity from guaranteeing the obligations of majority investors or their affiliates; and
  • the right to purchase an additional interest in an entity to prevent the dilution of an investor’s pro rata interest in that entity in the event that the entity issues additional instruments conveying interests in the entity.[5]

The CFIUS regulations make clear that the Committee will consider on a case-by-case basis rights or powers that are not formally listed in the regulations for purposes of assessing control. In addition, no one right or power is dispositive for purposes of a control analysis, and CFIUS has broad discretion in this regard.

CFIUS also has jurisdiction to review ‘covered investments’, which are certain non-controlling investments in US companies involved in ‘critical technologies’, ‘critical infrastructure’ or ‘sensitive personal data’ (each such US business is termed a ‘TID US business’). More specifically, a TID US business is defined to include US businesses that:

  • produce, design, test, manufacture, fabricate, or develop one or more critical technologies;[6]
  • perform certain functions related to critical infrastructure;[7] or
  • maintain or collect, directly or indirectly, sensitive personal data[8] of US citizens.

In addition to investments in US businesses, CFIUS is authorised to review certain real estate transactions, including foreign investments in or acquisitions of real estate that is: (i) located within, or will function as part of, an air or maritime port; or (ii) in close proximity to a US military installation or another facility or property of the US government that is sensitive for national security reasons.

Importantly, CFIUS’ jurisdiction includes ‘covered real estate transactions’, which includes:

  • any purchase or lease by, or concession to, a non-US person of ‘covered real estate’ that affords the non-US person at least three of four defined ‘property rights’;
  • any change in the rights that a non-US person has with respect to ‘covered real estate’ in which the non-US person has an ownership or leasehold interest or concession arrangement, if that change could result in the non-US person having at least three ‘property rights’; or
  • any other transaction, transfer, agreement, or arrangement, the structure of which is designed or intended to evade or circumvent the application of the CFIUS regulations as they relate to real estate.

There are two categories of ‘covered real estate’, one of which is narrow and one of which is broad. Specifically, the real estate in question either must be:

  • located within, or will function as part of, a ‘covered port’ (i.e., large hub airports, joint use airports, airports with annual aggregate all cargo landed weight of greater than 1.24 billion pounds, commercial strategic seaports within the National Port Readiness Network, and the top 25 tonnage, container, or dry bulk ports); or
  • located within a specified proximity to certain US military installations.

To be a ‘covered real estate transaction’, the transaction must involve ‘covered real estate’ and the non-US person must be afforded at least three of four ‘property rights’. The four defined ‘property rights’ (whether or not they are exercised) are:

  • the right to physically access the real estate;
  • the right to exclude others from physical access to the real estate;
  • the right to improve or develop the real estate; and
  • the right to attach fixed or immovable structures or objects to the real estate.

CFIUS’ authority to review real estate transactions, particularly those involving agricultural land, may expand in the coming years as Congress, expressing concerns about food security, already has proposed bills that would expand CFIUS’ powers in this regard.[9]

Jurisdiction Exceptions and Exemptions

Under 31 CFR Part 800, there are four primary exceptions to CFIUS’ jurisdiction for review: solely ‘passive’ investments, certain transactions by ‘excepted investors’ from ‘excepted foreign states’, transactions by US investment funds and investors with a principal place of business in the United States, and certain transactions by investment funds with non-US limited partners.

CFIUS does not have jurisdiction to review a transaction that is ‘solely for the purposes of a passive investment’ and in which the US investor will acquire an interest of 10 per cent or less of the outstanding voting interest in the US business. However, passivity is determined by the Committee, and CFIUS has broad discretion to determine whether a proposed transaction is truly passive. As provided above, CFIUS will consider on a case-by-case basis rights or powers afforded to a non-US person for purposes of assessing control (and jurisdiction).

With respect to excepted investors from excepted foreign states, there is a mechanism by which investors from certain countries may qualify for exemptions from CFIUS’ jurisdiction. Such countries are identified based on their robust intelligence-sharing and integration of their defence-industrial base with the United States. Under certain circumstances, ‘excepted investors’ from such excepted foreign states will not be subject to CFIUS mandatory filing requirements (which are described in detail below) and are exempt from CFIUS’ jurisdiction over covered investments and certain US real estate transactions. The current list of excepted foreign states includes Australia, Canada, New Zealand and the United Kingdom. Other countries may join the list of excepted foreign states in the future. In order to qualify as an ‘excepted investor’, the non-US investor must be a:

  • foreign national of an excepted state (and not also a foreign national of a non-excepted state);
  • a foreign government of an excepted state; or
  • a foreign entity which meets several conditions with respect to itself and each of its parents (if any), including that the entity is organised under the laws of an excepted foreign state or in the United States and has its principal place of business in either jurisdiction.

In general, investments by US persons are excluded from CFIUS’ jurisdiction. However, defining what does and does not constitute a non-US entity therefore has important implications. Under CFIUS regulations, a non-US entity is ‘any branch, partnership, group or sub-group, associate, estate, trust, corporation or division of a corporation, or organization organised under the laws of a foreign state if either its principal place of business is outside of the US or its equity securities are primarily traded on one or more foreign exchanges’.

‘Principal place of business’ is defined as the ‘primary location where an entity’s management (i) directs, (ii) controls, or (iii) coordinates the entity’s activities’. This means that US private equity funds and investors with a principal place of business in the United States, but with non-US investment vehicles, can rely on the position that their US investments are not subject to CFIUS’ jurisdiction. However, there is one important caveat: if an entity has represented in an official filing that its principal place of business is outside of the United States, CFIUS will deem that non-US location to be the fund’s principal place of business unless it can be demonstrated that the facts have changed.

Certain transactions by US investment funds with non-US limited partners are also exempt from CFIUS jurisdiction. An indirect investment by a non-US person through a US investment fund in which the non-US investor is a limited partner is not considered a covered transaction subject to CFIUS jurisdiction for review as long as certain requirements are met, including that:

  • the fund is managed by a US general partner (or equivalent);
  • the fund board or committee on which the non-US limited partner sits (if any) does not have control over the US fund’s management or investment decisions; and
  • the non-US limited partner does not have access to material non-public technical information of the target US business.

Accordingly, investments in US businesses by a fund in which one or more non-US limited partners hold an indirect, non-controlling interest will not be subject to CFIUS jurisdiction simply because a non-US limited partner (or a designee) is given membership or observer rights regarding advisory boards or committees of the fund as long as the fund otherwise meets the above criteria. However, if a non-US person has control over the fund’s management/investment decisions, and/or has access to material non-public technical information of the target US business, CFIUS would not consider such an investment to meet the above exception. In addition, investments through funds controlled by non-US persons are subject to CFIUS’ jurisdiction for review.

Mandatory CFIUS Filings

The CFIUS regime includes both mandatory filing requirements and the option to submit voluntary filings. A CFIUS filing is mandatory for a covered transaction involving a critical technology TID US business or for a covered investment in which non-US government owned/controlled investors acquire a ‘substantial interest’ in a TID US business. The CFIUS regulations define a substantial interest as either (i) a voting interest, direct or indirect, of 25 per cent or more in a US business, or (ii) in the case of an entity with a general partner (GP), a 49 per cent or more interest in the GP.

Where a transaction involves a US business that produces, designs, tests, manufactures, fabricates, or develops certain types of critical technologies, a CFIUS filing is mandatory where US regulatory authorisation would be required to provide such technology to the non-US persons involved in the transaction. US regulatory authorisation includes:

  • licences or other approvals or authorisations from:
    • the Department of State under the International Traffic in Arms Regulations (ITAR);
    • the Department of Commerce under the Export Administration Regulations (EAR);
    • the Department of Energy under the regulations governing assistance to foreign atomic energy activities at 10 CFR part 810, other than the general authorisations described in 10 CFR Section 810.6(a); and
  • specific licences from the Nuclear Regulatory Commission under the regulations governing the export or import of nuclear equipment and material at 10 CFR part 110.5.

Note, however, that the CFIUS regulations take into consideration the availability only of certain licensing exceptions or general licences (both of which are export authorisations published in regulations and made applicable to any transaction meeting the published criteria) and not others.

Review Process

Transactions typically are brought to the Committee’s attention through joint filings between the parties that take the form of either ‘notices’ or ‘declarations’. Notices contain detailed descriptions of the transaction and parties that result in a four- to six-month review process and possible investigation. Declarations typically are no longer than five pages and present a simplified method of informing CFIUS of a transaction, including (but not only) when a filing is mandated. All filings must be submitted through the online CFIUS Case Management System.

As compared to long-form notices, short-form declarations are easier to prepare, more likely to be accepted quickly by CFIUS, and receive a response more quickly. Within 30 days, CFIUS must respond to a short-form declaration in one of four ways:

  • requesting parties to submit a full notice;
  • informing parties that CFIUS is not able to complete action based on the declaration and that the parties have the option to submit a full notice to seek confirmation that the Committee has no concerns;
  • initiating a unilateral review of the transaction; or
  • informing the parties that it does not intend to review the transaction (effectively clearing the transaction).

Although declarations provide an opportunity for parties to receive relatively quick initial reactions from CFIUS about whether their transaction is seen to raise national security concerns, their use can also add time to the overall CFIUS review process if the Committee:

  • requests the submission of a formal notice;
  • initiates a unilateral review; or
  • informs the parties that it is not able to complete action, and the parties desire clarity in this regard (whether or not they have made CFIUS clearance a condition to close the transaction) and thus feel impelled to submit a full notice.

The Committee has 45 days in which to review a full notice. If it needs longer, it may use a 45-day investigation period (with an option for a 15-day extension) and, as needed, a 15-day presidential review period. CFIUS’ annual reports show that average review times have been increasing, with approximately half of reviews advancing to the investigation period. During the review and investigation periods, the Committee may submit questions to the parties, to which they must respond within three business days. If the Committee cannot reach a decision within the full review period, it may ask the parties to withdraw and refile the notice. Typically, though, the Committee provides resolution in one of three ways:

  • it clears the transaction to proceed;
  • it clears the transaction subject to mitigating factors undertaken by the parties; or
  • the President blocks or mandates the unwinding of the transaction.

A presidential decision is not subject to judicial review and cannot otherwise be appealed. However, presidents have only taken such action a handful of times since the Committee’s inception decades ago.

Enforcement and Penalties

CFIUS is authorised to impose penalties or seek other remedies in response to violations of Section 721, related regulations, and mitigation agreements, orders, or conditions imposed upon transaction parties. There are three general categories of violation, as outlined in the CFIUS regulations and as described in enforcement guidance released in late 2022:

  • failure to timely submit a mandatory filing;
  • non-compliance with CFIUS mitigation; and
  • material misstatement, omission, or false certification in information filed with CFIUS.

For each violation, CFIUS is authorised to impose a civil penalty up to US$250,000 or the value of the transaction (whichever is greater). In imposing penalties, CFIUS will consider certain aggravating and mitigating factors, including the harm caused, the level of awareness and intent of the violators, and their response and remediation.

CFIUS historically has revealed little with respect to its enforcement actions. The most recent publicly disclosed actions were a single action in each of 2018 and 2019. The 2018 enforcement action concerned what was described as a ‘repeated’ breach of a mitigation agreement, including failure to establish the necessary security policies and provide the necessary reports thereunder to CFIUS, and resulted in a US$1 million penalty. The 2019 enforcement action involved the violation of the terms of an interim order (i.e., the immediate mitigating measures put in place while a formal mitigation agreement was negotiated) and resulted in a US$750,000 penalty. CFIUS officials have made clear that additional penalties will be announced in the near future.

Mitigation

CFIUS may impose mitigation measures on covered transactions to achieve US national security objectives and address national security risks. Such mitigation measures may include, but are not limited to, the following:

  • guidelines for handling existing and future contracts with the US government;
  • the appointment of a US government-approved security officer or director, at the US company’s expense, who is responsible for compliance with security policies, submission of annual reports to CFIUS, and other tasks;
  • the requirement of prior notification to and approval by CFIUS in connection with the non-US acquirer’s increase in ownership or rights;
  • prohibiting or limiting the transfer or sharing of certain intellectual property or trade secrets by the US business to or with the non-US investor or non-US persons;
  • excluding (e.g., via divestiture) certain sensitive assets from the proposed transaction; and
  • excluding the non-US investor from involvement in the US business’ cyber and data security practices.

The list above is illustrative; the mitigation measures ultimately imposed on transaction parties vary based on the nature of the risks identified by the Committee. The Committee ensures the obligations created by mitigation measures are upheld and enforceable through mitigation agreements such as national security agreements (NSAs). NSAs typically bind the non-US investor, the US business, and the relevant CFIUS monitoring agencies, and their execution is a necessary precursor to receiving CFIUS clearance. CFIUS officials have (tacitly) acknowledged in recent remarks the increased use of NSAs in connection with clearing proposed transactions.

In certain instances, CFIUS may determine that it is impossible to mitigate the national security risks associated with a covered transaction. Typically, transaction parties will have the opportunity to withdraw the transaction from consideration so that it can be amended and re-submitted or else abandoned. In the alternative, CFIUS will refer the transaction to the President, who may issue an order that blocks the transaction or mandates that it be unwound. Over the last 50 years, there have been only seven transactions that resulted in such orders (six of which were issued between 2012 and 2020).

Insights, Proposals and Trends

CFIUS continues to review more transactions each year and to require ever more time to do so. The longest possible review timeline spans 105 days, comprising a 45-day initial review period, 45-day investigation period (if determined necessary in CFIUS’ sole discretion), and, in extraordinary circumstances, an additional 15-day extension of the investigation period. CFIUS’ annual reports show that each year the average investigation length continues to increase; the average length of a review in the past year was 80 calendar days, up 15 calendar days from the prior year. What’s more, approximately half of CFIUS’ transaction reviews advance to the investigation period. Moreover, as part of these reviews, CFIUS is increasing its use of mitigation measures. The most recent publicly available data showed that 67 per cent more transactions were mitigated in 2022 than in 2021 (in line with upward trends from prior years), signalling that the imposition of mitigation measures may remain on an upward trajectory for some time as well.

CFIUS also features a non-notified transactions team, which researches and analyses covered transactions that are not submitted to CFIUS for review. In 2022, CFIUS requested information regarding 88 ‘non-notified’ transactions. Although this is less than the number of non-notified transactions identified in 2021 (135), it still demonstrates CFIUS’ ability (and willingness) to bring parties before the Committee for inquiry even if the Committee ultimately does not request a formal CFIUS filing. Furthermore, CFIUS officials have made clear that CFIUS member agencies review thousands of non-notified transactions a year; the lack of a formal request for information from CFIUS does not indicate a lack of interest from the US government.

One key driver for CFIUS’ increased activity is the Biden administration’s national security policies. The Biden administration has been forward-leaning in calling upon CFIUS to safeguard certain key sectors of mounting security interest, including the protection of sensitive personal data of US citizens, critical technology, and infrastructure. CFIUS’ view of sensitive personal data has evolved since the concept was first introduced in 2018. Traditionally, sensitive personal data included, among other things, financial, health and location data. However, CFIUS has taken an interest in where data rich US businesses are storing their data, who may access such data, and how such data may be vulnerable to or managed by artificial intelligence, especially when non-US investors from certain countries (such as China) are involved.

The covid-19 pandemic exposed the need to protect supply chains. In September 2022, President Biden signed executive order 14083, titled Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States, which called upon CFIUS to scrutinise covered transactions involving non-US investors in which a supply chain could be negatively affected. The executive order specifically identifies sectors that are fundamental to US technological leadership and therefore national security, including but not limited to:

  • microelectronics;
  • artificial intelligence;
  • biotechnology and biomanufacturing;
  • quantum computing;
  • advanced clean energy;
  • climate adaptation technologies; and
  • elements of the agricultural industrial base that have implications for food security.

While the existing CFIUS regulations arguably capture many of these sectors as TID US businesses already, the executive order highlights the need to consider future technological advancements and applications, especially if a potential non-US investor (or third parties with whom a non-US investor has ties) poses a potential threat to US national security. Among other points, one should consider whether a transaction involves manufacturing capabilities, services, critical mineral resources, or technologies in the sectors identified above.

As CFIUS and the US government adjust their mission to protect US national security in a constantly evolving risk landscape and an increasingly anxious world, transaction parties contemplating covered transactions by non-US investors in US businesses always should evaluate CFIUS considerations early in the transaction process to avoid surprises and delays on their preferred path to closing.

The Biden administration also is pursuing a new type of national security review regime for US investments: the establishment of a US Outbound Investment Program. On 9 August 2023, President Biden signed executive order 14105, titled Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern, which directed the US Secretary of the Treasury to develop and establish a US Outbound Investment Program. The US Outbound Investment Program will:

  • prohibit certain types of investment by US persons into certain entities with a principal place of business in or organised under the laws of a country of concern, and entities 50 per cent or more owned by persons of a country of concern, with capabilities or activities related to defined technologies and products that pose a ‘particularly acute threat’ to US national security; and
  • require notification to the Treasury by US persons into certain entities with a principal place of business in or organised under the laws of a country of concern, and entities 50 per cent or more owned by persons of a country of concern, with capabilities or activities related to defined technologies and products that ‘may contribute to the threat’ to US national security.

The relevant advanced technologies pertain (at present) to semiconductors, microelectronics, quantum information technology, and artificial intelligence with persons from ‘countries of concern’ (currently defined as China and the Special Administrative Regions of Hong Kong and Macau).

In connection with the executive order, the Treasury initiated a rulemaking process to develop and implement a regime to address the national security threat posed by countries of concern seeking to exploit advanced technologies to enhance their military, intelligence, surveillance, or cyber-enabled capabilities. The US Outbound Investment Program will not be implemented until the rulemaking process has been completed (which is likely to be sometime in 2024). However, the Treasury may begin inquiring about covered transactions that occur after 9 August 2023. Although such covered transactions will not retroactively become subject to the prohibitions or reporting requirements under the US Outbound Investment Program once it is implemented (and thus will not be subject to potential penalties), such activity could pose potential reputational exposure if information becomes public through this request process.

The Treasury is not contemplating a CFIUS-like process for the US Outbound Investment Program. There will be no case-by-case consideration of whether prohibited covered transactions may proceed on a specific basis (eg, after the implementation of mitigation measures to reduce any identified risk to national security); in fact, the outbound programme will not involve any review and approval mechanism. The US Outbound Investment Program is also not intended broadly to impede US investment in a country of concern or impose sector-wide restrictions on certain US investment activity. Rather, it is intended to be narrowly tailored to restrict and allow for monitoring of US investment (and related capital flows) into specific areas of advanced technologies that countries of concern can use to undermine US national security.

However, although the Biden administration has expressed a goal of balancing the United States’ commitment to open investment with the desire to disrupt strategic military, intelligence, surveillance, and cyber advancements in countries of concern, striking this balance may be difficult in practice. For example, the current proposal provides that certain investments that otherwise would be considered covered transactions will be excepted from the prohibitions and notification obligations of the US Outbound Investment Program (such as certain activities of key importance to US funds and service providers). The full scope of such exceptions is unclear under the current proposal (e.g., whether the exception for publicly traded securities extends to secondary market transactions), and clarification will be needed from the Treasury to understand if the relief provided by the exceptions is meaningful in practice.


Notes

1 Jeremy B Zucker, Darshak Dholakia and Hrishikesh Hari are partners, and Brooklynn Moore, Betsy Feuerstein and Amy Jicha are associates at Dechert LLP.

2 Codified at 50 USC Section 4565. Section 721 was amended most recently by the Foreign Investment and National Security Act of 2007 (FINSA) and by the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA).

3 31 CFR Section 800.210.

4 31 CFR Section 800.208(a).

5 31 CFR Section 800.208(a).

6 Critical technology means items that require US regulatory authorisation to export, re-export, transfer (in-country), or retransfer to a non-US person that could meet certain requirements (e.g., defence items, certain items on the Commerce Control List, items related to the nuclear energy industry, select agents and toxins and ‘emerging and foundational technologies’).

7 Critical infrastructure refers to systems and assets ‘whether physical or virtual, so vital to the US that the incapacity or destruction of [them] would have a debilitating impact on national security’. Covered critical infrastructure has a wide range, including, among other sectors, the defence-industrial base, energy, telecommunications, utilities and financial services.

8 Sensitive personal data is defined as ‘identifiable data’ across 10 categories which is maintained or collected by a US business that: (i) targets or tailors products or services to any US executive branch agency or military department with intelligence, national security or homeland security responsibilities; (ii) maintains or collects sensitive personal data of more than one million individuals at any point in a given 12-month period; or (iii) has a demonstrated business objective to maintain or collect sensitive personal data of more than one million individuals and such data is an integrated part of the US business’ products or services. ‘Identifiable data’ means sensitive personal data through which an individual can be distinguished or traced, including the use of any personal identifier. The 10 categories of sensitive personal data enumerated in the CFIUS regulations include genetic, biometric and medical data as well as data pertaining to personal finances, personal communications and security clearances. These examples demonstrate that some sectors of the economy not traditionally considered sensitive from a national security perspective are still subject to CFIUS scrutiny.

9 A growing number of US state governments have passed their own laws restricting foreign investment in certain real estate, primarily motivated by a desire to protect agricultural land (among other reasons).

Unlock unlimited access to all Global Competition Review content