On September 15, President Biden issued a new Executive Order (E.O.) titled, “Executive Order on Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States.” This is the first E.O. since CFIUS was established in 1975 to provide presidential direction on the factors that CFIUS is required to consider when evaluating foreign investments in U.S. businesses. Specifically, the E.O. states that CFIUS is required to consider the following four factors when evaluating transactions: (1) the transaction’s effect on supply chain resilience and security, both within and outside of the defense industrial base; (2) the transaction’s effect on U.S. technological leadership in areas affecting U.S. national security; (3) cybersecurity risks that may impair national security; and (4) risk to U.S. persons’ sensitive data. The E.O. also clarifies that if a foreign person has made multiple investments in an industry or sector, CFIUS will not look at each new investment in a vacuum, but rather will consider the cumulative effect of all of a foreign person’s investments in a particular industry or sector when evaluating the national security risks arising from each new investment. Finally, the E.O. requires CFIUS to provide regular reports to the White House’s National Security Advisor regarding its regulations, processes, and procedures.
Here’s what business leaders should know about the new CFIUS E.O.
I. The Factors Outlined in the Executive Order Are Not New
When evaluating transactions, CFIUS has always considered multiple factors, including potential supply chain risks, technology transfer risks, cybersecurity risks, and data security risks. In addition, the Committee has never ignored the cumulative effect of a foreign person’s investments in a particular industry or sector. By requiring CFIUS to consider these factors, the E.O. is not forcing CFIUS to make wholesale changes to its operations. Rather, to a large extent, the E.O. is simply documenting what CFIUS is already doing.
II. The Executive Order Provides More Transparency About CFIUS’s Operations
CFIUS’s legal authorities provide a significant amount of information about the Committee’s processes and procedures. But the authorities do not explain how CFIUS determines whether a national security risk arises from a transaction. To be sure, the statute governing CFIUS’s operations—Section 721 of the Defense Production Act of 1950, as amended—contains a generic list of factors that CFIUS should consider when analyzing a transaction. But the factors listed in the statute are broad and not particularly useful in helping to understand exactly how CFIUS case officers go about analyzing transactions. The new E.O.—which was likely drafted primarily by the policy team in the Department of Treasury’s Office of Investment Security—represents the most comprehensive guide ever published by the U.S. government on how the Committee evaluates transactions. If business leaders want a good understanding of what CFIUS case officers are thinking about when they analyze transactions, the new E.O. is the best available resource.
III. The Executive Order Provides a List of Key Industries/Sectors
The E.O. makes clear that CFIUS is focused on transactions involving U.S. businesses in the following industries/sectors:
- Artificial intelligence
- Biotechnology and biomanufacturing
- Quantum computing
- Advanced clean energy (such as battery storage and hydrogen)
- Climate adaptation technologies
- Critical materials (such as lithium and rare earth elements)
- Elements of the agricultural industrial base that have implications for food security
This is the first time that CFIUS has identified key industries/sectors of concern. If business leaders want to know what areas CFIUS is focused on, this is it. In addition, the E.O. directs the Office of Science and Technology Policy (OSTP) to publish, in consultation with other members of the Committee, a list of technology sectors that it assesses are “fundamental to United States technological leadership.” Thus, going forward, it appears there will be even more transparency on the industries/sectors where CFIUS is most focused.
IV. The Executive Order May Give CFIUS Member Agencies a Basis to Mitigate/Block Risks Based on (Highly) Speculative Risk Assessments
When considering technology transfer risks, the E.O. states that the Committee shall consider whether a transaction could result in “future advancements and applications” in technology that could undermine national security. The E.O. also states that the Committee is required to consider third-party ties that “might” cause the transaction to impair the national security of the United States. Moreover, when considering data risks, the E.O. notes that it is important for the Committee to consider “potential risks” posed by foreign persons who “might” exploit access to certain data on U.S. persons. There has always been debate within the Committee about how speculative a risk assessment can be and still serve as a basis for mitigating or blocking a transaction, and it is too early to know how the Committee will interpret the E.O. But member agencies may try to use some of the E.O.’s broad language as a basis to mitigate or block transactions based on risk assessments about what foreign companies might do in the future, even if those risk assessments are (highly) speculative.
V. China Transactions Probably Aren’t Going to Get Easier
The E.O. notes that Congress has previously stated that national security risks may arise from foreign investments involving “a country of special concern that has a demonstrated or declared strategic goal of acquiring a type of critical technology or critical infrastructure that would affect United States leadership in areas related to national security.” The E.O. also states that “[w]ith respect to investments directly or indirectly by foreign adversaries or other countries of special concern, what may otherwise appear to be an economic transaction undertaken for commercial purposes may actually present an unacceptable risk to United States national security due to the legal environment, intentions, or capabilities of the foreign person, including foreign governments, involved in the transaction.” Finally, the E.O. states in multiple places that when evaluating supply chain risks, technology transfer risks, cybersecurity risks, and data security risks, the Committee should consider whether the transaction involves a foreign person who has “relevant third-party ties” that might cause the transaction to pose a threat to U.S. national security. The E.O. never expressly identifies any “foreign adversaries,” “countries of special concern,” or “relevant third-party ties,” but it’s hard to read the E.O. and believe those terms aren’t focused squarely on China.
VI. More White House Supervision of CFIUS’s Operations?
At the very end of the E.O., there is a provision stating that the Committee is required to provide regular reports to the White House’s National Security Advisor regarding its processes, practices, and regulations. It is not clear why this provision was included, but it appears to encroach on the Secretary of Treasury’s prerogatives as Chair of the Committee to direct the Committee’s processes and procedures. The National Security Council (NSC) is permitted to have a representative attend and participate in Committee meetings, but in general, the NSC has not interfered in the Committee’s operations until a transaction is forwarded to the president. It will be interesting to track whether this is just standard E.O.-type language, or whether it signals that the NSC intends to play a more active role in supervising the Committee’s operations.
You can find the link to the E.O. here.