- EO 14083 provides CFIUS updated guidance to address U.S. national security risk factors and aims to address evolving and emerging threats to U.S. technological leadership, U.S. supply chain resilience, cybersecurity and sensitive U.S. personal information. to ask citizens.
- While the EO does not change CFIUS’ existing legal jurisdiction or regulatory processes, and does not significantly change the way CFIUS has assessed national security risks over the past few years, it does provide a helpful roadmap for parties wanting to understand what CFIUS as a national security concern in the current environment. As such, this order may be helpful to parties evaluating whether voluntary filing is appropriate for a transaction where national security risks may not be readily apparent.
- In particular, the EO underlines that transactions with foreign investors from Allied and Partner countries may entail risks from “foreign adversaries” due to the “third party ties” (e.g. commercial, supply chain, non-economic) of these investors to other foreign parties. or “Countries of Special Concern”.
The Committee on Foreign Investments in the United States (“CFIUS” or the “Committee”) is the interagency mechanism through which the US government formally monitors and reviews foreign investments in the United States for potential national security concerns. CFIUS has the power to initiate transaction reviews, suspend transactions, impose mitigation measures, and recommend the President to block pending transactions or order divestitures of completed transactions when national security concerns cannot be mitigated. Parties may voluntarily apply to CFIUS for clearance to address the risk of CFIUS interfering with a pending or completed transaction. In certain cases, filing with CFIUS is mandatory.
On September 15, 2022, President Biden issued Executive Order 14083 (“EO”), titled “Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investments in the United States,” providing the CFIUS with formal presidential direction on Committee factors are to be considered when determining the US national security implications of a transaction. Significantly, this is the first time since 2008 that the US government has issued official national security guidance related to foreign direct investment.
A key objective of the EO is to guide the National Security Risk Committee’s standard assessment of a covered transaction, including identifying specific emerging and evolving threats that CFIUS should consider when assessing the foreign investor threat, the vulnerability of US business and potential US national security implications that could result from exploitation of these vulnerabilities by a threat actor.
New risk factors for national security
Supply chain resilience and security
The EO’s focus on supply chain resilience is based on the notion that foreign investment can make supply chains more vulnerable to future supply disruptions by transferring ownership, rights or control related to specific manufacturing capacity, services, critical natural resources or technology to a foreign investor with means and intent to harm US national security. To address this risk, the EO instructs CFIUS to assess the impact of the transaction on supply chain resilience and security in relation to the following sectors:
1. Microelectronics 2. Artificial intelligence 3. Biotechnology and biomanufacturing 4. Quantum computing 5. Advanced clean energy (such as battery storage and hydrogen) 6. Climate adaptation technologies 7. Critical materials (such as lithium and rare earth elements) 8. Agricultural industrial base elements.
Whether a particular transaction involving any of the above sectors poses a risk to US national security depends on facts such as (i) the degree of involvement of the foreign person in the relevant supply chain; (ii) US capabilities related to the relevant production capacity, service, critical resource or technology involved; (iii) degree of diversification from alternative suppliers throughout the supply chain (including suppliers in partner and allied countries); (iv) whether the US company that is the target of the transaction supplies directly or indirectly to the US government, energy sector industrial base or defense industry base; and (v) the concentration of ownership and control by the foreign investor in the given supply chain.
Technology leadership in the USA
The EO directs CFIUS to assess the impact of the transaction on US technology leadership, specifically manufacturing capacity, services, critical natural resources or technology related to:
1. Microelectronics 2. Artificial Intelligence 3. Biotechnology and Biomanufacturing 4. Quantum Computing 5. Advanced Clean Energy 6. Climate Change Adaptation Technologies.
The EO’s direction to consider whether the transaction could lead to “future advances and applications” of a particular technology shows that the parties should not limit their considerations only to the current commercial use of a particular product, but also whether there are potential military applications exist, for example. The EO also directs the White House Office of Science and Technology Policy to regularly update the above list with additional technology sectors deemed “fundamental” to US tech leadership.
Aggregated industry investment trends
The EO also directs CFIUS to consider whether the transaction is part of a series of acquisitions or investments in a single sector based on the potential for incremental acquisitions leading to a gradual cessation of domestic development or control in that sector over time sector or this technology that cannot be apparent from a transaction-specific request. The EO identifies the facilitation of technology transfer in key industries as a deleterious impact of such cumulative transactions. To assist in considering this potential risk factor, CFIUS may request the International Trade Administration to provide an analysis of the industry or industries in which the U.S. target company operates and the cumulative control or pattern of recent transactions by a foreign person therein sector or this industry.
Improving malicious cyber skills
In addition, the EO directs CFIUS to assess whether a transaction would enable malicious cyber activities that could (i) undermine the protection or integrity of data in storage or in databases or systems containing sensitive data; (ii) interfering with US elections, critical infrastructure or the base of the defense industry; or (iii) sabotage critical energy infrastructure, including smart grids. With respect to specific transactions, relevant facts include the foreign investor’s cybersecurity capabilities and the US target company’s cybersecurity practices.
Sensitive Personal Data
Building on the recent focus CFIUS has placed on transactions involving access to sensitive personal information of US citizens, the EO directs CFIUS to assess whether the transaction provides a foreign investor with access to sensitive information, particularly health and biological data. A transaction poses increased risks related to sensitive personal data if the relevant US company (i) has access to sensitive data of US persons, including health data, digital identity or other biological data of US persons or data that is identifiable or could be decipherable. anonymized, which “could be exploited to distinguish or track the identities of individuals” or (ii) has access to data about “subpopulations in the United States” that could be used to “target individuals or groups of individuals.” The EO’s emphasis on technological advances combined with access to large datasets that allow for the “re-identification” or “de-anonymization” of previously unidentifiable data shows that disaggregated or anonymized datasets are no longer a panacea to be avoided CFIUS- Test.
Third Party Connections
When assessing the threat posed by a foreign investor in a transaction, the EO directs CFIUS to consider the foreign investor’s “relevant third party connections” to other foreign persons and foreign governments as part of the Foreign Investor Committee’s standard threat assessment. As a result, even transactions with foreign investors from partner and allied countries may pose a higher threat profile based on commercial (e.g., customers and suppliers), investment (e.g., minority investors), and non-economic relationships (e.g., family Relationships). and political affiliations) to other foreign persons from “foreign adversaries” or “countries of particular importance” who may not be apparent from an investor’s formal ownership and control structure.
While the EO largely records CFIUS’ current practice in relation to the assessment of national security considerations in transactions, the EO highlights a few points that are particularly noteworthy. This includes emphasis on (i) the foreign investor’s third-party relationships with foreign adversaries or countries of very high concern; (ii) whether the transaction gives the foreign investor access to large sets of (even anonymized) sensitive data; and (iii) whether the transaction involves a sector identified as “fundamental” to US technology leadership – microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy and climate change adaptation technologies. In this sense, the EO provides a helpful roadmap for parties, particularly in terms of weighing the pros and cons of voluntary filing.