Continuing Increase in U.S. Regulation of Foreign Direct Investment

Impacts of Encryption Regulation and Strategic Competition Act on CFIUS

The last two years have seen the passage and expedited implementation of the Foreign Investment Risk Review Modernization Act (FIRRMA) – arguably the largest change in U.S. regulation of foreign investment since the 1975 creation of the Committee on Foreign Investment in the U.S. (CFIUS).

Significant changes to U.S. Foreign Direct Investment (FDI) related laws and regulations continue. Recent changes by the U.S. Department of Commerce, Bureau of Industry & Security (BIS) should remove open source and mass market encryption as “emerging” technologies subject to CFIUS review under FIRRMA. Conversely, the Strategic Competition Act of 2021 (“SCA”), passed by the Senate and headed to the House, will expand CFIUS coverage to U.S. universities, colleges, and research institutes.

A March 29, 2021 BIS amendment to the Export Administration Regulations (EAR) will eliminate most reporting requirements related to open source encryption software and certain mass market encryption items. The amendments modify several Export Control Classification Numbers (ECCNs) in CCL Categories related to encryption, namely Categories 0-3, 5 (Part 2), 6, and 9. The collateral effect of these changes will be to likely remove such items from the scope of CFIUS review under Part 801, as no longer being an “emerging” technology. It will also reduce the export control requirements on businesses wishing to export such technologies.

If passed into law, the SCA will have the opposite effect and will increase the scope of coverage and authority of CFIUS over certain U.S. universities, colleges, and research institutes.

As background for these changes, CFIUS was historically limited to technologies, industries and infrastructure directly involving national security. It was also a voluntary filing. FIRRMA expanded CFIUS to cover U.S. businesses involved with emerging technologies, critical infrastructure, or sensitive personal data — referred to as “Technology, Infrastructure and Data” or simply “TID.”

FIRRMA requires that a U.S. business engaged in emerging technologies be analyzed to determine whether a particular transaction will trigger a CFIUS declaration. More specifically, FIRRMA Part 801 dictates the application of CFIUS based on whether U.S. export licenses would be required to export, reexport, or transfer critical technologies produced, designed, tested, manufactured, fabricated, or developed in the U.S. As a result, TID diligence became an integral part of any FDI transaction following the passage of FIRMMA.

FIRRMA Section 800.401 requires an analysis to determine if an investor is a “foreign investor,” based principally on the following criteria:

  • Foreign control transaction investors are those that can directly control the covered U.S. business, or a change in rights of foreign investors where such change can result in a control transaction or a covered investment.
  • Foreign covered investment investors are those that directly acquire an equity interest in the covered U.S. business and that obtain access to any “material nonpublic technical information;” membership, participation, or nomination rights to the board of directors or equivalent governing body; and/or “involvement” or participation in “substantive decision making” regarding the use, development, manufacture, supply, acquisition, storage or release of TID.

If the SCA passes the House and is signed into law, it would expand the jurisdiction of CFIUS to include “institutions of higher education” if they receive $1 million or more in funding or contracts from a foreign person or entity, 1) which relates to research, development, or production of critical technologies, and provides the foreign person potential access to any material nonpublic technical information in the possession of the institution; or 2) is a restricted or conditional gift or contract that establishes control as defined by the Higher Education Act of 1965.

The SCA defines ‘institution of higher education’ as any institution, public or private in any State that 1) is legally authorized to provide education beyond secondary school, 2)  awards a bachelors or advanced degree, and 3) is accredited by a nationally recognized accrediting agency or association; and obtains Federal financial assistance, or receives support from Federal financial assistance. The definition will necessarily cover most U.S. colleges, universities, and research institutes.

The implications of the recent BIS encryption changes and proposed  Strategic Competition Act evidence the need to remain up-to-date on changing FDI requirements for mergers, acquisitions, and changes in foreign ownership, control or influence, and to timely file any resulting FDI disclosures.