On November 10, the U.S. government’s pilot program regulations aimed at monitoring and controlling foreign investment in certain “critical technologies” became effective. How might the program, which follows on the recent statutory expansion of CFIUS review, affect tech companies’ ability to raise investment capital from foreigners?

Companies in the technology sector—including telecommunications, software, manufacturing and biotechnology—are likely familiar with potential CFIUS review of transactions where foreign persons’ acquisition of control of U.S. businesses raises national security concerns. Notably, the concept of “control” goes well beyond having a majority voting interest and includes governance rights and significant economic stakes that would give the foreign investor leverage over the U.S. business. “National security concerns,” in turn, are triggered by controlling investments in “critical infrastructure,” which would include communications networks and equipment. Such concerns also were raised by foreign controlling investments in “critical technologies,” which—until now—have essentially been defined to include defense articles, weapons, missiles, nuclear equipment and facilities and toxins. Submitting a notice for review by CFIUS generally has been voluntary.

On August 13, 2018, President Trump signed into law the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”), expanding the scope of CFIUS review to include certain types of other (i.e., noncontrolling) foreign investments. FIRRMA also meaningfully broadens the definition of “critical technologies.” Under the recently issued pilot program regulations, moreover, CFIUS review of foreign controlling and other covered investments in critical technologies will now be subject to a mandatory, rather than voluntary, filing.

First, under FIRRMA, any foreign equity (or contingent equity) investment (no matter how small a stake) may be subject to voluntary CFIUS review if it is in a U.S. business that:

• Produces, designs, tests, manufactures, fabricates or develops a “critical technology”
• Owns, operates, manufactures, supplies or services “critical infrastructure”
• Maintains or collects sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security

The transaction is “covered,” for purposes of CFIUS review, however, only if the foreign person satisfies one of three triggers:

• The foreign person has access to material nonpublic technical information in the possession of the U.S. business (which, for these purposes, is information not in the public domain regarding the critical technologies—including as to processes, techniques or methods—or the critical infrastructure)
• The foreign person is a member or has observer rights on the board of the U.S. business or the right to nominate directors to the board
• The foreign person is involved in substantive decision making in the following areas:
• The use, development, acquisition or release of critical technologies
• Management, operation, manufacture or supply of critical infrastructure
• The use, development, acquisition, safekeeping or release of sensitive personal data of U.S. citizens maintained or collected by the U.S. business

FIRRMA terms these noncontrolling investments that are now subject to CFIUS review “other investments.” By excluding passive foreign investments from “other investments” that are subject to CFIUS review, FIRRMA creates incentives—fully intended by both Congress and the U.S. government—for U.S. businesses to structure those investments in a way that ensures that the investors are walled off from having access to sensitive, nonpublic information or playing a meaningful decision-making role in the business.

Similarly, FIRRMA also includes an investment fund safe harbor provision for foreign investors who are passive limited partners. Investment by a foreign person in one of the three types of U.S. businesses described above is not subject to CFIUS review if the investment is made through a fund managed exclusively by a U.S. general partner, where the foreign investor has no governance or other special rights and has no say in the fund’s investment decisions or decisions regarding the portfolio company. The safe harbor is a potentially important mechanism for taking foreign equity without being subject to CFIUS review.

Second, FIRRMA expands “critical technologies” to include “emerging or foundational technologies.” These have not yet been specified, although there is much speculation about what they might encompass. There will be an ongoing, Commerce Department-managed interagency process for identifying them. They will be included on the list if they are deemed to be “essential” to national security, based on public and classified information and, perhaps, rulemakings. Undoubtedly, the process of identifying these technologies will be subject to political jockeying, lobbying and other outcome-affecting techniques.

CFIUS’s newly issued pilot program regulations require the filing of a mandatory declaration (or, alternatively, a full notice) 45 days before the completion of controlling or “other investments” in a U.S. business that produces, designs, tests, manufactures, fabricates or develops a critical technology that is used in, or is designed specifically for use in, a “pilot program industry.” The “pilot program industries” are set out in an Appendix to the regulations and include research and development in nanotechnology and biotechnology as well as the manufacturing of computer storage devices, electronic computers, wireless communications equipment, semiconductor and related devices, and telephone apparatus. Once the “emerging and foundational technologies” have been identified, the pilot program may have real bite.

Although FIRRMA provides that the declaration is short—about five pages—the pilot program regulations ask for considerable detail regarding the transaction, including whether and which of the triggers for “other investments” are present, the foreign person’s control rights, a statement as to which critical technologies are at issue and a listing of government contracts and grants as well as organizational charts and descriptions of the parents of each foreign person.

Whether the pilot program or, indeed, all of FIRRMA, has a chilling effect on foreign persons making “other investments” in U.S technology businesses remains to be seen. Over the last few years, CFIUS review has continued to evolve, tighten and pose real challenges to investors from at least some countries. It can reasonably be anticipated that this trend will continue—if not accelerate—for the foreseeable future, reflecting heightened concerns in the U.S. government about foreign persons having access to technologies in which the U.S. has, or would like to have, the position of global preeminence.

This post comes to us from Debevoise & Plimpton LLP. It is based on the firm’s memorandum, “CFIUS Launches Pilot Program Targeted at Technology,” dated November 9, 2018, and available here.