Changes to CFIUS’s Mandatory Pre-closing Filing Requirements for Critical Technology Businesses

Key developments in U.S. export control laws are expected to further complicate the October 2020 regulation which changed the assessment for whether a mandatory CFIUS filing would be triggered for non-U.S. investments in certain U.S. sensitive technologies. Through these changes, U.S. Congress’ scrutiny of non-U.S. investors gaining access to U.S. sensitive technologies looks set to continue – and further expansion of U.S. export controls is ongoing, enlarging the number of items that will qualify as critical technologies.

The Three Steps Leading to CFIUS Review

A three-step test is used to assess whether a mandatory filing is required for foreign investments in U.S. critical technology businesses. The first step of the mandatory filing test involves determining that the investment target be a U.S. business that “produces, tests, manufactures, fabricates, or develops one or more critical technologies.” Under CFIUS regulations, “critical technologies” are defined as:

  • military technology and services subject to the International Traffic in Arms Regulations;
  • dual-use (civilian/military) technologies that are controlled by the Export Administration Regulations (EAR) for various reasons relating to national security, non-proliferation regimes, regional stability, or surreptitious listening;
  • other items subject to U.S. export controls such as nuclear materials, facilities, or equipment or as select agents and toxins; and
  • “emerging and foundational technologies” designated by the Department of Commerce pursuant to the Export Control Reform Act of 2018.

Once the U.S. business is ascertained to involve a critical technology, the second step requires a determination that the non-U.S. investor is receiving one of the following rights with respect to this business, including:

  • control;
  • access (even if not used) to any material non-public technical information in the business’s possession;
  • voting or observer rights with respect to the board of directors or similar governing body; or
  • any involvement, other than through the voting of shares, in substantive decision making with respect to the business’s use, development, acquisition, or release of critical technology.

Under the new third prong of the mandatory filing test, the assessment for critical technology business is tied to whether U.S. export authorization is required for the non-U.S. investor or its owner. Specifically, CFIUS looks to the export authorization requirement of (i) the non-U.S. investor receiving the governance or information access rights described above, or (ii) anyone directly or indirectly holding a 25 percent or greater voting interest in the non-U.S. investor (or its general partner or equivalent manager, if applicable). The relevant country for determining export license requirements is based on the principal place of business (if an entity) or nationality (if an individual) of the non-U.S. investor or its 25 percent owner.

EAR license exceptions are not generally considered as part of this test, except for (i) certain types of operating and mass market software, (ii) certain encryption technologies, and (iii) transfers under Strategic Trade Authorizations for software exports to certain listed countries.

Expansion of U.S. Critical Technologies - Coming Soon

Additional restrictions in exports of U.S.-developed technologies can be anticipated in the coming year, which in turn, will further expand the types of technologies that may be subject to mandatory CFIUS filing requirements as a U.S. critical technology.

As mandated under the Export Control Reform Act of 2018, the Commerce Department must identify and impose export controls regarding emerging and foundational technologies, which targets dual-use technologies that would not be covered under existing regulations. The Commerce Department’s release of its final list of technologies that will fall under this new reform is expected in the near term.

Another relevant update is the February 24, 2020, executive order issued by President Biden, directing federal agencies to review security risks to U.S. critical supply chains. This review could result in expanded use of export controls aimed at ensuring continued U.S. capabilities and leadership in relevant industry sectors.

Key takeaways

The assessment of critical technology businesses can be particularly challenging for early-stage U.S. businesses with immature export compliance programs. It may also present issues for non-U.S. investors that are less accustomed to dealing with export controls or their application to prospective non-U.S. investors and their owners.

With more export restrictions on the horizon, it is increasingly becoming important for non-U.S. investors doing business in the U.S. or investing in U.S. companies to start their CFIUS assessment early in a transaction.