Biden Executive Order directs a broader national security focus on foreign investments

On September 15, 2022, President Biden issued an Executive Order (EO)[1] providing formal presidential direction on the scope of national security risks for review by the Committee on Foreign Investment in the United States (CFIUS or the Committee).

This marks the first time since CFIUS was established in 1975 that a president has publicly issued such direction.  Until now, the national security factors that form CFIUS’s mandate have been defined by Congress in the Defense Product Act of 1950 (DPA) and more recent legislation including the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA).

President Biden has now provided CFIUS – and the global investor community – with more specific guidance on the Administration’s major national security priorities.  The EO will establish precedent for the Administration to guide CFIUS’s foreign investment review priorities going forward.

Background

CFIUS is a standing interagency committee chaired by the US Department of the Treasury.  The Committee’s members include the US Departments of Commerce, Defense, Energy, Homeland Security, Justice and State as well as the Offices of the US Trade Representative and Science and Technology Policy.  CFIUS is authorized to review foreign acquisitions and certain minority investments in US businesses and real estate to assess and mitigate risks to US national security presented by the transactions.

CFIUS has become a foundational consideration for cross-border transactions in recent years, particularly since FIRRMA expanded CFIUS’s jurisdiction to review a much wider range of transactions. The EO does not change the scope of transactions that may be subject to review under CFIUS’s current legal authority.

Although many of the risks outlined in the EO are already considered by CFIUS in its review of foreign investments, the EO instructs CFIUS to take a more holistic view of potential national security risks and is expected to result in greater scrutiny on foreign investments in certain sectors. 

Key takeaways for companies and investors

While the adage that “everything is national security, whether you know it or not” remains 1, the EO provides helpful guidance on the Administration’s top national security priorities.  It remains to be seen how the EO may shift CFIUS’s review priorities or information requests, but the unprecedented move suggests the following:

• CFIUS will increasingly focus on the potential impacts of a transaction on global market share, offshoring risk and supply chain resiliency across a broad range of sectors. Transactions involving the following sectors are likely to see CFIUS undertake a deeper market and economic impact assessment: microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, climate adaptation technologies, critical materials (including lithium and rare earth metals) and elements of the agriculture industrial base that have implications for food security.
• All of the above-referenced industries are part of the Chinese government’s “Made in China 2025” plan – a ten-year plan to update China’s manufacturing capabilities.  While the EO does not explicitly mention China and a White House spokesperson was careful to emphasize that “there’s nothing that’s sort of China-specific about this order,” competition with China in military and technology spheres was likely a major driver of the Administration’s stated concerns.  In this sense, the EO aligns closely with the policy goals of the recently enacted C.H.I.P.S. Act,[2] which is aimed at reducing US dependence on Chinese critical technologies.
• CFIUS will not limit its assessment of national security risk solely to whether US technology involved in a particular transaction is export-controlled and therefore a “critical technology.” Specifically, the EO directs CFIUS to anticipate the impact to national security presented by current and future technological advancements and applications, regardless of whether they fit within the definition of critical technologies. While the EO does not change CFIUS’s current mandatory filing requirements, we may soon see revisions to the CFIUS regulations governing such requirements to better capture advances in emerging technologies.
• CFIUS will continue to evaluate the potential threats posed by a foreign party’s formal and informal third-party ties – not only the party’s country of origin – as they relate to supply chain resilience, technological leadership, the impact of incremental investments, and data and cybersecurity capabilities and intent.
• CFIUS will increasingly take a holistic view of investments by a particular party, sector or country to better assess patterns and expose risk presented by incremental or complimentary acquisitions.As a result, private equity, venture capital and other repeat foreign investors – including US funds with foreign limited partners – should evaluate their existing CFIUS risk exposure from prior investments that have not been approved by CFIUS.

Identified national security risk factors

The EO elaborates on existing statutory risk factors and adds new factors for CFIUS to consider in its review of transactions, as well as in identifying non-notified transactions for review.

1.  Domestic supply capacity and supply chain resilience

The EO directs CFIUS to focus on potential vulnerabilities in the US supply chain and domestic capacity for manufacturing, services, critical mineral resources and technologies that are fundamental to national security, including microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, climate adaptation technologies, critical materials (including lithium and rare earth metals) and elements of the agriculture industrial base that have implications for food security. 

CFIUS has historically prioritized its review of supply chain and domestic capacity vulnerabilities to those directly impacting the defense industrial base. The EO recognizes that the importance of domestic capacity and supply chain resilience goes well beyond the materials and services that support our military defense capabilities.  For example, the COVID-19 pandemic highlighted several supply chain weaknesses in agriculture, medical supplies and pharmaceutical manufacturing, among other areas that had not previously been a primary focus of the Committee.  Similarly, the offshoring of semiconductor development and production expertise and increased risk to national security presented by US dependence on other countries for critical supply were motivating factors behind legislation such as the C.H.I.P.S. Act and CFIUS’s enhanced focus on transactions in the sector.

The EO instructs CFIUS to consider a foreign party’s involvement in the US supply chain, the diversification of suppliers, supply relationships with the US government, and the concentration of ownership or control by the foreign party in a given supply chain. 

2.  Protecting US technological leadership

Protecting US technological leadership across sectors is a cornerstone of US national security policy and continues to be a focus area for CFIUS.  The EO enumerates priority technologies that are fundamental to US technological leadership and therefore US national security, including microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies.  The EO directs the White House Office of Science and Technology Policy, in consultation with other members of CFIUS, to periodically publish a list of technology sectors fundamental to US technological leadership, ensuring that CFIUS’s focus remains responsive to the evolving technological landscape.

Although CFIUS is already focused on several technology sectors deemed to be “critical” to US national security, the EO seems to acknowledge that the definition of “critical technologies” in the CFIUS regulations lags technological advancement.  Consequently, the EO directs CFIUS to anticipate the impacts to national security presented by future technological advancements and applications.  In part, this may be a response to perceived inadequate implementation of new export controls on “emerging and foundational” technologies, as envisioned by FIRRMA and the Export Control Reform Act of 2018.

3.  Incremental and aggregate investment activity

The EO builds on FIRRMA’s mandate to consider the cumulative effects and investment patterns of specific investors and countries in certain sectors of the US economy by more explicitly directing CFIUS to evaluate a foreign party’s investment strategy and take a holistic view of their investment history and known plans.  For example, the EO instructs CFIUS to request the Department of Commerce’s International Trade Administration to provide an analysis of the relevant industry and the cumulative control of, or pattern of recent transactions by, a foreign person or foreign government in the particular industry. These efforts are a recognition that, while an individual transaction may not, on its face, present material national security concerns, the risk may become apparent when viewed in the context of other acquisitions or investments involving complimentary manufacturing capabilities, services, critical mineral resources or technologies. 

As a consequence, we expect that CFIUS will more often request information on a foreign party’s investment history and future investment plans, as well as more closely scrutinize an investor’s or country’s market share and overall economic and industrial policy trends.

4.  Cybersecurity risks

Consistent with a number of other recent executive actions in the wake of heightened cybersecurity threats, the EO directs CFIUS to prioritize cybersecurity risks in the context of foreign investment.  CFIUS will consider whether the foreign party has the capability or intent to conduct cyber intrusions or other malicious cyber-enabled activity, including malicious activity related to the protection or integrity of data, election integrity and the impact of a transaction on US critical infrastructure (including critical energy infrastructure and telecommunications) and the defense industrial base. 

Evaluating these risks will require an assessment of the foreign party to a transaction and its third-party ties that might present a threat due to direct or indirect access to capabilities or information databases and systems. While CFIUS already requests the cybersecurity plan of the US business during a review, we now expect additional scrutiny of these policies and their implementing procedures.

5.  Sensitive data on US persons

FIRRMA previously directed CFIUS to more closely scrutinize US businesses that collect or maintain sensitive personal data on US citizens.  However, the scope of the relevant definition in the current FIRRMA regulations is narrow.  For example, in many cases, such data is only considered “sensitive personal data” under the regulations if it is identifiable and not anonymized.

The EO directs CFIUS to consider additional factors regarding access to US persons’ sensitive data, highlighting the government’s focus on protecting personal data against surveillance, tracing, tracking and targeting.  Specifically, CFIUS is directed to consider whether the US business has access to sensitive data, including a US person’s health, digital identity or other biological data, with a focus on whether any data could be made identifiable or de‑anonymized through advancing techniques.  CFIUS officials recently expressed similar concerns[3] that anonymized data do not necessarily mitigate national security risk given the increasing ease by which anonymized data can be de-anonymized.  As advances in artificial intelligence and machine learning that allow for identification and exploitation of an individual or group of persons continue to progress, we expect foreign access to large data sets on US citizens – anonymized or not – to be an area of increased concern.

DLA Piper will continue to monitor and report on the practical impacts of the EO as CFIUS incorporates these directives into its review process.

Our firm maintains a robust, cross-disciplinary CFIUS practice consisting of corporate, regulatory and government affairs professionals. Please feel free to contact any of our CFIUS attorneys should you have any questions.