On September 17, 2019, the US Department of Treasury proposed regulations to comprehensively implement the Foreign Investment Risk Review Modernization Act (FIRRMA) – a law signed in August 2018 intended to strengthen the Committee on Foreign Investment in the United States (CFIUS) to more effectively guard against certain risk to US national security posed by certain types of foreign investments. The proposed regulations comprehensively implement the changes that FIRRMA made to CFIUS jurisdiction and its review process, but do not address CFIUS's authority to impose filing fees and do not modify the interim regulations governing the critical technologies pilot program (31 C.F.R. Part 801). The pilot program will remain in effect until Treasury publishes its final regulations, no later than February 13, 2020.
Interested parties may submit comments to CFIUS on the proposed regulations through October 17, 2019.
The proposed regulations largely address two new forms of "covered transactions": (1) certain non-controlling investments involving critical technologies, critical infrastructure, and sensitive personal data; and (2) certain transactions involving real estate in close proximity to US military or other sensitive national security facilities.
The proposed regulations also address the mandatory declaration requirement for foreign government-controlled transactions, and the new option for parties to submit a voluntary declaration.
New covered transactions
Non-controlling investments involving critical technologies, critical infrastructure, and sensitive personal data (31 C.F.R. Part 800)
Similar to the critical technologies pilot program, the proposed regulations expand CFIUS jurisdiction to include non-controlling investments in specific industries that afford a foreign person (1) access to material nonpublic technical information,1 (2) membership on the board of directors, or (3) substantive decision-making rights (other than through voting shares), involving a US business that:
- produces, designs, tests, manufactures, fabricates, or develops critical technologies
- owns, operates, manufactures, supplies or services critical infrastructure, such as telecommunications, utilities, energy, and transportation (and as further described in Appendix A to the proposed regulations) or
- maintains or collects sensitive personal data (including financial, geolocation, electronic communication, and health data) that may be exploited to threaten national security, such as data that targets sensitive populations (ie, US military members) or data on over one million individuals.
The proposed regulations refer to these entities as "TID US businesses" - technology, infrastructure and data.
In the same way that the critical technologies pilot program extends CFIUS jurisdiction to transactions that may not have previously been covered by the CFIUS regulations, including (for example) a relatively small investment made by a venture capital firm with foreign limited partners in a pilot program US business that affords the firm a board seat, these proposed regulations extend CFIUS jurisdiction to similar investments made in US businesses involved in critical infrastructure and sensitive personal data. However, unlike the critical technologies pilot program, whether to make a filing in connection with such an investment generally remains voluntary.
Exceptions. Certain foreign persons are exempt from the proposed regulations on non-controlling investments, largely based on their ties to certain countries 2 and their compliance with certain laws and regulations. This exception does not extend to controlling transactions that are otherwise subject to CFIUS jurisidiction.
Passive, indirect investments made in a TID US business by a foreign person as a limited partner through an investment fund may also be exempt based on the same set of factors set forth in the critical technologies pilot program.
Purchase, lease by, or concession to a foreign person of certain US real estate (31 C.F.R. Part 802)
The proposed regulations also authorize CFIUS to review the purchase, lease by, or concession to a foreign person in real estate that affords a foreign person the ability to (1) physically access the property, (2) exclude others from accessing the property, (3) improve or develop the property, and/or (4) attach fixed or immovable structures/objects to the property,3 if the real estate:
- is located within, or will function as part of, an air or maritime port (as identified by the Transportation Department)
- is in close proximity (ie, within one mile) to a US military installation or another sensitive US government property
- could reasonably provide the foreign person the ability to collect intelligence on activities being conducted at a sensitive US government property or
- could otherwise expose national security activities at a sensitive US government property to the risk of foreign surveillance.
The proposed regulations contain extensive detail in Appendix A about military installations, as well as specific counties and geographic areas associated with missile fields and offshore ranges, that are subject to the new rule.
While real estate transactions have, in many cases, already been considered within the jurisdiction of CFIUS, FIRRMA and the proposed regulations explicitly deem the aforementioned types of real estate transactions to be "covered transactions" subject to the CFIUS voluntary filing process. However, the proposed regulations on real estate do not contemplate any mandatory filing requirement.
Exceptions. The proposed regulations create a number of exceptions, including for real estate transactions:
- in an "urbanized area" or "urban cluster" (as defined by the Census Bureau), except those relating to relevant ports and those within one mile of a military installation or another sensitive US government property
- involving a single "housing unit" (as defined by the Census Bureau) and
- involving certain commercial office space in a multi-unit commercial office building.
Finally, and consistent with the exemption for non-controlling investments described above, certain foreign persons may be exempt largely based on their ties to certain countries (to be separately identified by Treasury).
New mandatory and voluntary declarations
The proposed regulations create a mandatory declaration requirement for foreign-government controlled transactions and outline the parameters for parties to submit voluntary declarations. Such declarations would mirror the standard fillable declaration form that is currently in place for the critical technologies pilot program.
The process would involve a 30-day CFIUS review period and the same potential review outcomes as the pilot program – CFIUS may (1) issue a safe harbor letter, (2) inform the parties that CFIUS was unable to conclude its review and the parties may file a voluntary notice, (3) request that the parties file a voluntary notice, or (4) initiate unilateral review of the transaction.
Unlike the pilot program, the proposed regulations explicitly provide that CFIUS may invite parties to a declaration to discuss and clarify issues pertaining to the transaction in a meeting with CFIUS.
Mandatory declaration requirement for foreign governments
The proposed regulations require mandatory declarations for acquisitions by a foreign person of a "substantial interest" (a 25 percent or greater voting interest) in TID US businesses, where a foreign government holds a "substantial interest" (a 49 percent or greater voting interest) in the foreign person. Such declarations would have to be submitted at least 30 days prior to closing.
In addition, the proposed regulations establish a process for allowing parties to submit abbreviated filings through a declaration form for any covered transaction, as an alternative to a voluntary notice. This gives parties the option to submit a short-form declaration to CFIUS for review of a transaction in a more abbreviated time frame (30 days) than the traditional voluntary notice (45 days for review, an additional 45 days for investigation, and, under extraordinary circumstances, with a 15-day extension).
A summary Fact Sheet is available here.
Frequently Asked Questions are available here.
1 The proposed regulations define material nonpublic technical information as information that: (1) provides knowledge, know-how, or understanding not available in the public domain, of the design, location, or operation of critical infrastructure, including without limitation vulnerability information such as that related to physical security or cybersecurity; or (2) is not available in the public domain and is necessary to design, fabricate, develop, test, produce, or manufacture a critical technology, including without limitation processes, techniques, or methods.
2 These countries are to be separately identified by Treasury based on an assessment of whether the foreign state has established and is effectively utilizing a robust process to assess foreign investments for national security risks, and to facilitate coordination with the United States on matters relating to investment security.
3The foreign person must have three or more of these property rights.