skip to main content

May 27, 2020

Stroock Special Bulletin

By: Chris Griner, Shannon Reaves, Gregory Jaeger, Christopher R. Brewster, Erin Bruce Iacobucci

Section 1706 of the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”) provides the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) with authority to require the submission of a short-form “declaration” for any covered transaction involving a U.S. business that produces, designs, tests, manufactures, fabricates or develops one or more critical technologies. “Critical technologies” are defined in FIRRMA through definitions within relevant export control regimes such as the U.S. Munitions List under the International Traffic in Arms Regulations (“ITAR”), the  Commerce Control List under the Export Administration Regulations (“EAR”), and the “emerging and foundational technologies” controlled pursuant to Section 1758 of the Export Control Reform Act of 2018.[1]

On May 21, 2020, CFIUS published proposed rules that would modify key aspects of the  “critical technology” mandatory filing regime. The proposed rules would remove the current NAICS code-based industry test, and replace it with a “U.S. authorization test” that is based upon relevant U.S. export control regulations. The proposed rules, if implemented in their current form, may provide relief from the mandatory filing requirements for close U.S. allies. However, the proposed rules underscore the importance of confirming a target company’s export control classifications in determining whether a mandatory filing is necessary.

Under the current regulatory regime, covered transactions involving U.S. businesses producing critical technology are subject to a mandatory filing requirement if the critical technology was designed for (or utilized in) one of 27 industry sectors identified by the NAICS code industry test. The NAICS code industry test has been particularly challenging to apply in the context of a U.S. business that produces or tests critical technology falling under multiple NAICS code industry sectors not all of which were targeted by CFIUS.

The proposed regulations would remove the NAICS code industry test and replace it with a test based on whether a “U.S. regulatory authorization” would be required to export, re-export, transfer (in country) or retransfer the critical technology produced, designed, tested, fabricated, manufactured or developed by the target U.S. business (“U.S. regulatory authorization test”) to the foreign investor.[2] The new test effectively replaces the NAICS code screen, invoking established export control classifications to align CFIUS mandatory filing requirements with national security risk determinations made by the export control authorities.

The U.S. regulatory authorization test would apply both to the transaction parties as well as to foreign persons in the ownership chain. Under the proposed criteria, foreign persons with 25 percent of the voting interest, direct or indirect, in a U.S. business  would need to be assessed under applicable export control regulations. If a U.S. regulatory authorization is required, then the foreign investment could be subject to a mandatory filing requirement under CFIUS. If not, then the foreign investment transaction might still be subject to CFIUS’s voluntary review. Accordingly, it would be prudent to assess the potential national security risks arising from the transaction to determine whether a voluntary declaration or filing is advisable.

The proposed rule leaves in place several other exemptions from the CFIUS mandatory filing requirements, including those for Excepted Foreign Investors (see 31 C.F.R. §800.219) and transactions in which a foreign person’s interest is held through an entity that is subject to a foreign ownership, control or influence (“FOCI”) mitigation arrangement and holds a valid facility security clearance pursuant to the National Industrial Security Program Operating Manual (“NISPOM”).

Note that CFIUS does not adopt most of the license exceptions provided under the various export control regulations. Instead, a U.S. regulatory authorization is treated as being required – even if there is an applicable license exception available[3] for a particular foreign investor – unless  the foreign investor is eligible under:

  1. the license exception provided by subpart (b) of the EAR license exception ENC;
  2. the EAR license exception for technology and software-unrestricted (“TSU”); or
  3.  certain elements of the strategic trade authorization (“STA”) license exceptions.

Under the proposed rule, investors  are relieved from the Committee’s mandatory filing requirements if a separate U.S. regulatory authorization is not otherwise required for the release of the relevant technical data to the same foreign investor. This would bring the CFIUS regime closer in line with European foreign investment regimes that offer exemptions for members of the European Union and the European Economic Area. Of course, foreign investors would still be subject to CFIUS jurisdiction for voluntary review of controlling investments in U.S. businesses and (unless the foreign investor qualifies as an “Excepted Foreign Investors”[4])  for transactions that provide a foreign investor with certain non-controlling rights in a Technology, Infrastructure, Data (“TID”) US Business.[5]

From a practical standpoint, the proposed regulations underscore the importance of conducting appropriate export control due diligence regarding a target company’s technology. As part of that due diligence, investors should consider whether a potential target has classified its technology through self-classification, or through formal classifications by the Department of Commerce or the Department of State. It is always important for businesses to understand the treatment of their products under U.S. export control laws.  In particular, however, U.S. businesses engaged in the production of  critical technologies may deem it advisable to secure formal export control classifications to help identify potential regulatory issues, especially if they are looking for foreign investment.  Overall, the proposed rules provide a welcome change from the existing NAICS code -based test, and should work to encourage friendly foreign investment in the United States.

The proposed rules are subject to comments which are due by June 22, 2020. The proposed rules may be accessed at the following link: https://www.federalregister.gov/documents/2020/05/21/2020-10034/provisions-pertaining-to-certain-investments-in-the-united-states-by-foreign-persons.

For help in preparing applications for export classification reviews or for additional questions on the application of these proposed regulations to potential foreign investment please contact us.

______________________________

For more information:

Chris Griner

Shannon Reaves

Gregory Jaeger

Tatiana O. Sullivan

Christopher R. Brewster

Erin Bruce Iacobucci

[1] Although only one technology has been identified as “emerging and foundational,” see Stroock Special Bulletin, “CFIUS and Foreign Investment: 2020 Brings Changes to U.S. National Security Regulations,” Jan. 6, 2020, available at:  https://www.stroock.com/publication/cfius-and-foreign-investment-2020-brings-changes-in-u-s-national-security-reviews/, the Department of Commerce has published an Advanced Notice of Proposed Rulemaking describing 14 technology areas under consideration.  See Department of Commerce, Bureau of Industry and Security, Advance notice of proposed rulemaking (ANPRM), 15 CFR Part 744, “Review of Controls for Certain Emerging Technologies,” 83 Fed. Reg. 58201 (11/19/2018), available at: https://www.govinfo.gov/content/pkg/FR-2018-11-19/pdf/2018-25221.pdf.

[2] Such authorizations include a license or other approval issued under the ITAR or the EAR, a specific or general authorization from the Department of Energy, or a specific license from the Nuclear Regulatory Commission.

[3] 15 CFR 740.17.

[5] Transactions that provide a foreign investor with certain non-controlling rights in a “TID US Business” may trigger CFIUS review.  The term “TID U.S. Business” means any U.S. business that: (1) produces, designs, tests, manufactures, fabricates, or develops one or more critical technologies; (2) performs certain functions with respect to covered critical infrastructure; or (c) maintains or collects, directly or indirectly, sensitive personal data of U.S. citizens. 31 CFR § 800.248.

This Stroock publication offers general information and should not be taken or used as legal advice for specific situations, which depend on the evaluation of precise factual circumstances. Please note that Stroock does not undertake to update its publications after their publication date to reflect subsequent developments. This Stroock publication may contain attorney advertising. Prior results do not guarantee a similar outcome.