By Yinan Guo
Law Student Editor
Under the Exon-Florio provision of the 1950 Defense Production Act, the President is authorized to block any foreign merger with, or acquisition of, a U.S. business that would endanger U.S. national security. That provision gives U.S. business firms the option of filing a voluntary, prior notification to the Committee on Foreign Investment in the United States (CFIUS) to determine if CFIUS has the intention of blocking the merger or acquisition.
In 2018, Congress passed the Foreign Investment Risk Review Modernization Act (FIRRMA), which created a class of mergers and acquisitions that triggered a mandatory notification requirement to CFIUS. Under FIRRMA, a U.S. business that has access to: (i) critical technology, (ii) critical infrastructure, or (iii) sensitive personal data of U.S. citizens is deemed a “TID U.S. business” and cannot be controlled or acquired by a foreign person without CFIUS approval.
On September 15, 2020, the Department of the Treasury published a Final Rule modifying the requirement for mandatory filing to the CFIUS before consummating foreign investments in U.S. businesses. Effective October 15th, whether a CFIUS filing is required depends on how the U.S. export control rules regulate the underlying critical technology of the U.S. business.
Under the new rule, a CFIUS filing is required when a foreign merger or acquisition would result in a foreign government acquiring a substantial interest in a TID U.S. business. In addition, the new rule mandates a filing when a private person seeks to acquire control or ownership of a U.S. business and the following requirements are met: (i) a TID U.S. business is involved, (ii) that business deals in critical technologies for which a “U.S. regulatory authorization” would be required for the export or reexport of such technology; and (iii) the foreign investor would have effective control over the business or access to its export-controlled technologies. The new rule would also require notification when the merger or acquisition is designed to evade or circumvent the mandatory notification requirement.
A “U.S. regulatory authorization” is defined as an export license required under any of the following U.S. export control regimes: (i) the International Traffic in Arms Regulations (ITAR); (ii) Export Administration Regulations (EAR); (iii) regulations governing assistance to foreign atomic energy activities; or (iv) regulations governing the export or import of nuclear equipment and material. Anyone holding at least 25% of voting interest in a foreign investor that would control a TID U.S. business, gain access to its export-controlled technologies, or attempts to evade mandatory notification requirement should be analyzed for export authorization purposes.
Previously, the access of a foreign person to regulated technologies was governed by the applicable export regulations (ITAR, EAR, etc.) and reviewed by the applicable regulatory agencies (Directorate of Defense Trade Controls, Bureau of Industry and Security, etc.). As of October 2020, foreign investments involving such technologies are also reviewed by CFIUS, regardless of whether an actual transfer of technology or actual foreign access to the technology will occur.