Parties to investment transactions involving U.S. businesses engaged in “critical technologies” activities will soon be subject to modified requirements for mandatory filings to the Committee on Foreign Investment in the United States (CFIUS). Following proposed rules issued in May 2020, the Department of the Treasury (“Treasury”) released a final rule that will take effect on October 15, 2020. As explained in our prior client alert, the new rule—which focuses on U.S. regulatory authorizations (generally, export licenses or approvals) applicable to the foreign investor and its owners—highlights the pivotal role that U.S. export controls and related regimes play in CFIUS’s review process, and in defining the technologies of greatest import to U.S. national security.
The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) introduced mandatory filing requirements to the CFIUS review process, beginning with the critical technologies pilot program initiated in November 2018. Since that time, parties to certain transactions involving U.S. businesses engaged in critical technologies activities have been required to make a filing to CFIUS before closing the transaction. This requirement carried over to the broader regulations implementing FIRRMA that became effective in February 2020, along with additional mandatory filing requirements for certain transactions in which a foreign government-owned investor would obtain a “substantial interest” in a U.S. company involving critical technologies, critical infrastructure, or sensitive personal data (a “TID U.S. business”).
To date, however, the critical technologies mandatory filing requirement has been limited to U.S. companies that use critical technologies in, or design critical technologies specifically for, one or more of 27 industries identified by reference to their North American Industry Classification System (NAICS) codes. This “industry prong” of the requirement drew criticism because it is relatively subjective and imprecise, and difficult to evaluate for companies that have not previously identified a NAICS code applicable to their business.
Further, the previous mandatory filing requirement did not address one of the key factors in evaluating the national security risk presented by foreign investments in U.S. critical technologies companies—the risk that may be associated with an investor from, or controlled by persons in, a country of national security concern to the U.S. government, as opposed to a closely allied country.
In response to these concerns, the new rule eliminates the “industry prong” of the critical technologies mandatory filing requirement. In its place, Treasury will require the parties to determine whether the foreign investor and other foreign entities in the investor’s ownership chain would require certain U.S. regulatory authorizations to receive or access the U.S. business’s critical technologies. The specific authorizations are:
1. Licenses or other approvals required for defense articles or defense services under the International Traffic in Arms Regulations (ITAR);
2. Licenses required for items controlled under the Export Administration Regulations (EAR);
3. Specific or general authorizations required for the export of certain controlled nuclear technology under the Department of Energy Regulations; or
4. Any specific license required by the Nuclear Regulatory Commission Regulations.
These regulatory authorizations are much more likely to be required for investors from countries subject to stricter U.S. export controls, such as China and Russia, and entities placed on restricted parties lists maintained by the U.S. government, such as the Department of Commerce (“Commerce”) Entity List and Denied Persons List. Thus, the new mandatory filing rule better aligns the critical technologies mandatory filing requirement with the goals stated in FIRRMA and broader U.S. national security and international trade policy. Additional details on the proposed changes to the mandatory filing requirements are provided in our prior client alert.
Following a public comment period that ended on June 22, 2020, Treasury announced the final rule implementing the changes to the critical technologies mandatory filing requirement, which will become effective on October 15, 2020. The final rule was substantially similar to the proposed rule issued in May, but Treasury’s comments on the final rule included some key clarifications:
The final rule clarifies what it means to be “eligible” for these EAR license exceptions. For example, in order for encryption items covered by EAR section 740.17(b)(2) or (3) to be eligible for License Exception ENC, the U.S. business must submit any required classification requests to Commerce’s Bureau of Industry and Security and observe a 30-day waiting period. However, critical technologies that are self-classified by a U.S. business as eligible for License Exception ENC pursuant to section 740.17(b)(1) would not be subject to the mandatory CFIUS filing requirement, regardless of whether the U.S. business has complied with the applicable EAR reporting requirements for such items under EAR section 740.17(e).
As we noted previously, we expect these changes to the critical technologies mandatory filing requirements to bring more clarity and certainty to transaction parties, as compared to the previous NAICS code-based requirements. It will be critical for investors and U.S. businesses, however, to conduct due diligence early in the transaction process to evaluate whether a mandatory CFIUS filing requirement will apply, and to plan accordingly. MoFo’s National Security team will continue to provide updates on significant developments affecting CFIUS and U.S. export controls.