The Critical Role of CFIUS in Safeguarding U.S. National Security: Insights and Implications for Technology and Legal Professionals
Editor’s Note: The Committee on Foreign Investment in the United States (CFIUS) plays a pivotal role in regulating foreign investments in American companies, particularly those that could impact national security. This article aims to provide a thorough understanding of CFIUS, its functions, and its implications for international investors and U.S. businesses.
Given the increasing complexity of global economic interactions and the heightened emphasis on cybersecurity and data privacy, understanding the nuances of CFIUS is essential for cybersecurity, information governance, and eDiscovery professionals. This overview will be invaluable for understanding the regulatory landscape, ensuring compliance, and strategizing foreign investments in the U.S. market.
The Critical Role of CFIUS in Safeguarding U.S. National Security: Insights and Implications for Technology and Legal Professionals
By HaystackID Staff*
In the complex intersection of international investments and national security, the Committee on Foreign Investment in the United States (CFIUS) serves as a pivotal entity. This multi-agency committee, led by the Department of Treasury, scrutinizes foreign investment ownership, ensuring that such investments do not compromise U.S. national security. Established over 50 years ago, CFIUS has gained renewed relevance in today’s geopolitical climate, particularly concerning countries like China, Russia, and Iran.
Historical Context of CFIUS
CFIUS’s origin dates back to a period of growing global economic interdependence, necessitating the monitoring of foreign investment for national security implications. Its evolution has been marked by significant legislative milestones, including the Foreign Investment Risk Review Modernization Act (FIRRMA) of 2018, which broadened its scope to include minority investments and critical technologies. Specific changes brought about by FIRRMA include:
- Expanded Scope of Transactions: FIRRMA broadened the types of transactions subject to CFIUS review. Previously, CFIUS primarily focused on transactions resulting in foreign control of a U.S. business. FIRRMA expanded this to include certain non-controlling investments, particularly in companies involved in critical technologies, critical infrastructure, and sensitive personal data of U.S. citizens.
- New Category of Covered Transactions: FIRRMA introduced a new category called “Other Investments” in specific types of U.S. businesses. These are businesses that produce, design, test, manufacture, fabricate, or develop critical technologies; own, operate, manufacture, supply, or service critical infrastructure; or maintain or collect sensitive personal data of U.S. citizens, data that could be exploited in a way that threatens national security.
- Mandatory Declarations for Certain Transactions: Under FIRRMA, some transactions require mandatory filings with CFIUS. This requirement represents a shift from the previous voluntary nature of CFIUS reviews. Mandatory declarations are typically required for transactions involving critical technologies and certain investments in which a foreign government has a substantial interest.
- Real Estate Transactions: FIRRMA authorizes CFIUS to review certain real estate transactions involving foreign investment, particularly those near military or other critical infrastructure facilities (ex., transportation, energy, water, agriculture, communications, etc.). This requirement was in response to concerns about foreign entities gaining access to sensitive locations that could be used for surveillance or other activities detrimental to U.S. national security.
- Enhanced Authorities for CFIUS: FIRRMA provided CFIUS with enhanced tools and authorities, including the ability to impose interim mitigation measures during its review of a transaction, greater access to information by expanding the range of stakeholders that CFIUS can reach out to, and the authority to suspend transactions pending the completion of a review.
- Greater Emphasis on Technology and Data: Reflecting the growing significance of technological supremacy and data security, FIRRMA specifically focused on transactions involving critical technologies and businesses that handle sensitive personal data, recognizing the national security risks associated with foreign access to such assets.
- Increased Resources and Timeline for Review: FIRRMA extended the initial review period from 30 to 45 days, providing CFIUS more time to assess transactions thoroughly. It also allowed for an additional 15-day period for investigations in extraordinary circumstances. FIRRMA also authorized additional resources for CFIUS to carry out its expanded responsibilities effectively.
- International Coordination: FIRRMA emphasized the need for coordination with international allies on investment security matters, acknowledging the global nature of investment flows and the shared interest in protecting national security.
By enacting these changes, FIRRMA significantly strengthened the U.S. government’s ability to address national security risks arising from foreign investment in a broader range of sectors and transaction types. This evolution reflects the changing landscape of global trade, technology, and security concerns.
CFIUS’s Current Composition and Functioning
Comprising nine U.S. departments, CFIUS operates under a mandate to review transactions that might have implications for national security. This review includes critical technology, infrastructure, and real estate transactions. The committee’s power extends to blocking, unwinding, or imposing restrictions on transactions that violate U.S. security interests.
Insights from Expert Matt Miller
In a recent interview with ComplexDiscovery staff and focused on industry education and support efforts regarding CFIUS, Matt Miller, an information governance and data privacy expert from specialized eDiscovery services provider HaystackID, provided valuable insight into CFIUS’s expanded role since FIRRMA. During the interview, he also highlighted the committee’s increased focus on minority investments, critical technologies, and the alignment of its operations with U.S. export control laws.
The Rigorous Review Process and Timeline
The CFIUS review process, as explained by Miller, is both rigorous and accelerated. Transactions are typically filed about seven weeks post-merger agreement, and CFIUS has a median review period of 97 calendar days. While the committee has a 45-day review deadline, extendable by another 45 days, actual decision-making often takes longer, reflecting the complexity and sensitivity of these cases.
CFIUS in the Biden Era
Under President Biden’s administration, according to Miller, CFIUS’s scrutiny has intensified. The recent executive order directs the committee to consider factors such as critical supply chains, technological leadership in sectors like AI and biotechnology, investment trends, cybersecurity risks, and data privacy. This move signaled a more robust approach to reviewing foreign investments.
CFIUS Interventions: Trends and High-Profile Cases
From 2017 to 2021, CFIUS reviewed 1,156 notices, with notable interventions in the semiconductor and financial services sectors. Miller highlighted that actual prohibitions are rare, but the committee’s impact is profound, often leading to abandoned mergers. Chinese entities have been particularly prominent in these interventions. Examples of CFIUS interventions include:
- Broadcom’s Attempted Acquisition of Qualcomm (2018): This proposed deal was one of the most high-profile cases involving CFIUS. Broadcom, then based in Singapore, attempted to acquire Qualcomm, a U.S. semiconductor company. CFIUS intervened, citing national security concerns, particularly the potential for the U.S. to fall behind in the 5G technology development race. The deal was eventually blocked by an executive order from President Trump, reinforcing the notion of protecting critical technology from foreign control.
- Chinese Acquisition of Grindr (2019): Beijing Kunlun Tech Co Ltd, a Chinese gaming company, acquired the popular dating app Grindr in 2016. However, CFIUS raised concerns over the potential misuse of personal data by a foreign entity, especially given the sensitive nature of the information involved. In 2019, under pressure from CFIUS, Kunlun agreed to sell Grindr by June 2020.
- Divestment by COSCO at the Port of Long Beach (2019): Chinese state-owned shipping giant COSCO was required to divest its interest in a container terminal in Long Beach, California, as a condition for U.S. approval of its acquisition of shipping company OOIL. The concern centered on the strategic importance of the port and the potential for Chinese government influence in a critical U.S. infrastructure asset.
- ByteDance’s Acquisition of Musical.ly (TikTok) (2020): ByteDance, a Chinese company, acquired Musical.ly (later integrated into TikTok) in 2017. CFIUS reviewed the acquisition due to concerns over data privacy and national security, given the app’s access to extensive data on U.S. citizens. The case gained widespread attention amidst broader U.S.-China tensions and discussions around data privacy and cybersecurity.
These examples illustrate the diverse scenarios in which CFIUS intervenes, ranging from technology and personal data to infrastructure and proximity to sensitive U.S. sites. They demonstrate CFIUS’s broad mandate to address various national security concerns related to foreign investments in the U.S.
The Impact on International Investors
CFIUS’s operations have significant implications for international investors. The committee’s scrutiny extends to social media, defense supply chains, and educational platforms. Miller stressed the importance of safeguarding these sectors against foreign manipulation, underlining CFIUS’s role in protecting national security.
Post-Closing Investigations and Divestments
CFIUS’s power extends to post-closing investigations, particularly targeting acquisitions involving Chinese entities. These investigations often result in divestments or the imposition of security measures, underscoring the committee’s proactive stance in safeguarding national security.
CFIUS and Educational Institutions
During the interview, Miller also drew attention to an emerging area of CFIUS focus investments in U.S. educational institutions. The potential influence of foreign gifts and contracts on sensitive research and data privacy in universities is increasingly being scrutinized, reflecting the strategic value of academic research in national security.
The Role of eDiscovery Providers and Industry Experts in Supporting CFIUS Efforts
The complexity and sensitivity of CFIUS’s work necessitates the involvement of specialized expertise, particularly from eDiscovery providers and industry experts like Matt Miller. These professionals play a crucial role in supporting CFIUS’s efforts by offering:
- Expert Analysis and Compliance Guidance: They provide in-depth analysis of the data involved in foreign investment transactions, ensuring compliance with CFIUS requirements is meticulously followed.
- Risk Assessment and Mitigation Strategies: eDiscovery experts help in identifying potential risks in transactions and develop strategies to mitigate these risks in line with CFIUS guidelines.
- Forensic and Investigative Services: In cases of post-closing investigations, these experts conduct thorough forensic analysis to uncover any violations of national security agreements.
- Technology-Driven Solutions: Leveraging advanced technologies, eDiscovery experts streamline the review and analysis process, enabling efficient handling of complex data sets and transactional details.
- Educational and Advisory Roles: Industry experts like Miller provide valuable insights and education to corporations and legal entities, preparing them to navigate the intricate requirements of CFIUS compliance.
A Critical Role for eDiscovery Providers and Experts
CFIUS, with its expanded authority under FIRRMA, plays an indispensable role in the oversight of foreign investments in the U.S. Its rigorous review process, heightened in the current administration, and its focus on sectors of strategic importance highlight its crucial function in safeguarding national security. The involvement of eDiscovery providers and industry experts, like Matt Miller, is essential in ensuring that CFIUS’s mandates are effectively met, providing the expertise and technological support necessary for comprehensive national security protection.
News Sources
- The Committee on Foreign Investment in the United States (CFIUS)
- CFIUS Monitoring and Enforcement | U.S. Department of the Treasury
- CFIUS Interventions Focus on Semiconductors, Financial Services
- Congress Focuses on China Risk at U.S. Colleges and Universities
- Miller, Matthew. “Considering CFIUS: An Interview.” ComplexDiscovery OÜ (Transcript), January 10, 2024.
*Shared with permission of authors. Originally published on ComplexDiscovery.
Assisted by GAI and LLM technologies.
Source: HaystackID