Gibson Dunn Discusses Proposed Changes to CFIUS Review

On November 8, 2017, a bipartisan group of lawmakers introduced a long-awaited bill that could significantly alter the process by which the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) reviews foreign investment in the United States.[1]

The proposed Foreign Investment Risk Review Modernization Act of 2017 (“FIRRMA”) would modernize the CFIUS review and approval process, which has struggled to keep pace with a surge of foreign investment in the United States over the last several years.  If passed, the bill would revamp the CFIUS review process and update the regulations to address the national security concerns implicated in the transfer of sensitive U.S. technology to countries of “special concern,” most notably China.  FIRRMA would also expand the Committee’s mandate to include certain joint ventures, minority position investments and real estate transactions near military bases or other sensitive government facilities.  The legislation, introduced as President Donald Trump was in Beijing for talks with Chinese President Xi Jinping, would increase the number of foreign investments in the U.S. that would be required to win CFIUS approval.


CFIUS is an inter-agency committee authorized to review the national security implications of transactions that could result in control of a U.S. business by a foreign person (“covered transactions”).[2]  CFIUS is authorized to block covered transactions or impose measures to mitigate any threats to U.S. national security.  Established in 1975 and last reformed in 2007, observers have pointed to an antiquated regulatory framework that hinders the Committee’s ability to review an increasing number of Chinese investments targeting sensitive technologies in the United States.

These concerns predate the administration of Donald Trump, who campaigned on a promise to stem foreign—particularly Chinese—investment in the United States.  In January 2017, a council of advisors formed under the Obama Administration pointed to a “concerted push” by China to distort the domestic semiconductor market in ways that “undermine innovation, subtract from U.S. market share, and put U.S. national security at risk.”[3]  A confidential Department of Defense report given to policymakers earlier this year reportedly concluded that the U.S. must ramp up its screening of Chinese investments in U.S. technology companies to protect economic and national security.[4]  On September 13, 2017, President Trump blocked a private equity firm backed by Chinese investors from acquiring U.S. Lattice Semiconductor Corporation.[5]  This one high-profile case notwithstanding, numerous other recent deals involving Chinese acquirers and the U.S. technology sector have been approved.

CFIUS Covered Transactions, Withdrawals, and Presidential Decisions (2009-2015)

Year Number of Notices Notices Withdrawn During Review Number of Investigations Notices
Withdrawn After Commencement of Investigation
Presidential Decisions
2009 65 5 25 2 0
2010 93 6 35 6 0
2011 111 1 40 5 0
2012 114 2 45 20 1
2013 97 3 48 5 0
2014 147 3 51 9 0
2015 143 3 66 10 0
Total 770 23 310 57 1

Source: CFIUS Annual Report to Congress for CY 2015 (September 2017).

Expanded Scope of Covered Transactions

The proposed bill would broaden the scope of transactions subject to CFIUS review to include:

  • any non-passive (even non-controlling) investment by a foreign person in any U.S. “critical technology” or “critical infrastructure” company;
  • any change in the rights that a foreign investor has with respect to a U.S. business if that change could result in foreign control of the U.S. business or a non-passive investment in a U.S. critical technology or critical infrastructure company;
  • any contribution (other than through an ordinary customer relationship) by a U.S. critical technology company of both intellectual property and associated support to a foreign person through any type of arrangement, such as a joint venture;
  • the purchase or lease by a foreign person of real estate that is in close proximity to a U.S. military installation or other sensitive U.S. government facility or property; and
  • any transaction or agreement designed or intended to evade or circumvent CFIUS review.[6]

FIRRMA updates the CFIUS definition of “critical technologies” to include emerging technologies that “could be essential for maintaining or increasing the technological advantage of the United States over countries of special concern with respect to national defense, intelligence, or other areas of national security, or gaining such advantage over such countries in areas where such an advantage may not currently exist.”[7]

Notably, FIRRMA would not expand the Committee’s mandate with regard to “greenfield” or start-up investments.  The current CFIUS regulations explicitly exclude transactions in which a foreign person “makes a start-up, or ‘greenfield’ investment in the United States [and that] investment involves such activities as separately arranging for the financing of and the construction of a plant to make a new product, buying supplies and inputs, hiring personnel, and purchasing the necessary technology.”[8]  The scope of the current “greenfield” exception is ambiguous and generally interpreted narrowly.  Prior to FIRRMA’s introduction, Members of Congress had expressed particular concerns about greenfield transactions involving real estate acquisitions close to military installations, an issue that is addressed in FIRRMA by expanding the scope of covered transactions to include the purchase or lease by a foreign person of private or public real estate in close proximity to a U.S. military installation or other sensitive government facility.[9]

“Light” Filings

In its current form, the CFIUS review process commences when the parties to a transaction submit a voluntary notice or CFIUS otherwise becomes aware of a covered transaction.[10]  The voluntary notice is a lengthy filing that must include detailed information about the transaction, the acquiring and target entities, the nature of the target entity’s products, and the acquiring entity’s plans to alter or change the target’s business moving forward.[11]

In practice, parties are expected to submit a “draft” notice to CFIUS prior to the commencement of the official 30-day review period, which provides the Committee and the parties with an opportunity to identify and resolve concerns before the official clock starts ticking.  In recent years, this informal review process has added a degree of unpredictability in terms of timing, as the “pre-filing” phase can consume several weeks.

The proposed bill would authorize parties to submit a voluntary “declaration” in lieu of the notice, which would be a streamlined filing with basic information about the transaction that would be required at least 45 days prior to the completion of a transaction.[12]  Such declarations would be mandatory for covered transactions involving the acquisition of a 25 percent or greater voting interest in a U.S. business by any foreign person in which a foreign government holds a voting interest of 25 percent or more.  The bill requires CFIUS to issue regulations that make mandatory declarations for additional transactions based on factors such as the U.S. technology or industry at issue, the difficulty for CFIUS of obtaining information through other means, and the difficulty associated with remedying any harm done to national security were the transaction to be completed.  Upon receipt of the declaration, CFIUS may either clear the transaction, request that the parties submit a written notice, initiate a unilateral review of the transaction, or inform the parties that it is unable to complete action with respect to the transaction based on the declaration alone.  The bill authorizes CFIUS to impose civil penalties on parties who fail to comply with these requirements.  The current CFIUS regulations do not contemplate mandatory filings.

FIRRMA would also permit CFIUS to assess and collect filing fees for any covered transaction, capped at one percent of the value of the transaction or $300,000, whichever is less.  Currently there is no filing fee for CFIUS notifications.

Notably, the bill establishes a “Committee on Foreign Investment in the United States Fund,” authorizing Congressional appropriations to cover the newly expanded operations of CFIUS.  Such moneys could be used to receive the filing fees collected by the Committee, and to increase the resources at the Committee’s disposal.

Review Process

As it stands, the CFIUS review process includes a 30-day initial review of a notified transaction, potentially followed by a 45-day investigation period, for a possible total of 75 days.  In certain circumstances, CFIUS may also refer a transaction to the President for decision, which must be made within 15 days.[13]  The initial 30-day phase begins one business day after the Committee determines that a notice is complete and satisfies regulatory requirements.  During this initial review period, CFIUS members examine the transaction in order to identify and address any national security concerns, which may involve seeking additional information from the parties.  If the review is not complete at the end of the initial 30-day review period, CFIUS may initiate a subsequent 45-day investigation.  As the volume of transactions before the Committee has increased, it has become more common for CFIUS to ask parties to refile notices at the end of the official 75-day review period, thereby restarting the clock.  This has added a significant degree of uncertainty to the CFIUS review, compelling some parties to abandon deals that languish in the review and investigation phases, or not to file at all.

FIRRMA would extend the initial review period from 30 to 45 days and authorize CFIUS to extend the 45-day investigation phase by 30 days in “extraordinary circumstances.”[14]  This measure effectively increases the maximum review period to 120 days, which is expected to reduce the need for parties to withdraw and refile notices at the end of the current, cumulative 75-day period if the Committee requires additional time to complete its review.

National Security Considerations

FIRRMA would update the list of factors used to determine whether a transaction poses a national security risk to include whether a country of “special concern”—meaning one that “poses a significant threat to the national security interests of the United States”—is seeking to acquire certain critical technologies; whether a transaction could reduce the United States’ technological and industrial advantage relative to such countries, and whether transactions could expose personally identifiable information, genetic information, or other sensitive data of U.S. citizens.[15]  This could have a profound impact on foreign transactions in the U.S. technology market, which is increasingly dependent on such data.

In a departure from past U.S. practice, which did not explicitly take into account U.S. strategic aspirations, the bill expands the definition of “critical technologies” to include those “that could be essential” for maintaining or gaining technological advantage over countries of “special concern” with respect to national defense, intelligence, or other areas of national security, or “gaining such an advantage over such countries in areas where such an advantage may not currently exist.”[16]

CFIUS would also be required to examine whether any covered transaction creates or exacerbates domestic cybersecurity vulnerabilities or allows a foreign government to gain a “significant new capability to engage in malicious cyber-enabled activities against the United States, including such activities designed to affect the outcome of any election for Federal office.”[17]  The term “malicious cyber-enabled activities” is defined in the bill to include any act, “primarily accomplished through or facilitated by computers or other electronic devices” that is “reasonably likely to result in, or materially contribute to, a significant threat to the national security of the United States” and that has the purpose or effect of:

  1. significantly compromising the provision of services by one or more entities in a critical infrastructure sector;
  2. harming, or otherwise significantly compromising the provision of services by, a computer or network of computers that support one or more such entities;
  3. causing a significant disruption to the availability of a computer or network of computers; or
  4. causing a significant misappropriation of funds or economic resources, trade secrets, personally identifiable information, or financial information.[18]

Other national security factors to be considered include the extent to which the transaction could increase the cost to the U.S. government of acquiring or maintaining equipment and systems necessary for defense, intelligence, or other national security functions and whether the transaction could increase U.S. reliance on foreign suppliers to meet national defense requirements.

Exempted Countries

The bill would allow CFIUS to exempt transactions involving parties from certain countries based on criteria such as whether the country has a mutual defense treaty in place with the United States, a mutual arrangement to safeguard national security with respect to foreign investment, or a parallel process to review the national security implications of foreign investment.  FIRRMA would also enhance collaboration with U.S. allies and partners by allowing for the disclosure of information regarding a transaction to any domestic or foreign government for national security purposes or to any third parties where the parties have consented to the disclosure.

Notably, parallel measures to review foreign investment have been proposed in a number of other countries.  In August, citing similar concerns with China’s technological investments, the European Union called for more rigorous screening of foreign acquisitions involving European companies.[19]  Germany increased the authority of its Ministry for Economic Affairs and Energy (“BMWi”) to review foreign investments.  On October 17, 2017, the United Kingdom published several legislative proposals that would increase its ability to review and intervene in transactions that raise national security considerations or involve national infrastructure.


Currently, if CFIUS finds that a covered transaction presents national security risks, it may enter into an agreement with, or impose conditions on, parties to mitigate such risks.[20]  FIRRMA would prohibit CFIUS from entering into any mitigation agreement or imposing any condition on a transaction unless the Committee first determines that the agreement or condition resolves any national security concerns raised by the transaction.

The bill would also require the Committee to formulate and follow a plan for monitoring compliance with any mitigation agreement or condition.  If any party fails to comply with such agreements or conditions, CFIUS could negotiate remedial measures, require the parties to submit future covered transactions to CFIUS review for a five-year period, or seek injunctive relief.

FIRRMA would provide the Committee with authority to negotiate or impose interim agreements or conditions on already-completed transactions while CFIUS conducts its review.  The bill would also authorize CFIUS to negotiate or impose agreements or conditions in order to mitigate any related national security risks, in cases where parties have voluntarily chosen to abandon the transaction (in practice CFIUS already sometimes imposes these conditions upon withdrawal).

Judicial Review

Although the current CFIUS statute already exempts actions and findings of the President from judicial review, FIRRMA would extend this exemption to most actions and findings of the Committee.  Petitions regarding Committee actions would be permitted only in cases where one or more parties to a covered transaction allege that the action is contrary to a constitutional right, power, privilege, or immunity.  Notably, only parties who initiated the review by filing a notice or declaration would be permitted to file such a petition, and only after the Committee has completed all action with respect to the transaction.  The U.S. Court of Appeals for the District of Columbia Circuit would have exclusive jurisdiction over such claims only to affirm the Committee action or remand the case to the Committee for further consideration.  Discovery in such cases would be limited to the administrative record.

These provisions are designed to clarify parties’ rights in the wake of the only  case in which a CFIUS decision was challenged in the courts, the D.C. Circuit’s 2014 decision in Ralls Corp. v. Committee on Foreign Investment in the United States.  After CFIUS and President Obama ordered the Chinese-owned Ralls Corporation to divest a wind-farm project in close proximity to a Department of Defense facility, the D.C. Circuit held that the Committee had violated Ralls’ due process rights by failing, prior to the order to divest, to provide Ralls with access to the unclassified information that the government had relied on, and to give Ralls the opportunity to rebut that unclassified information.


In a combative political season, FIRRMA has a rare amount of bipartisan support.  The Senate bill is backed by Republicans Marco Rubio of Florida, John Barrasso of Wyoming, James Lankford of Oklahoma and Tim Scott of South Carolina, along with Democrats Amy Klobuchar of Minnesota, Gary Peters of Michigan and Joe Manchin of West Virginia.  Companion legislation was introduced in the House of Representatives by North Carolina Republican representative Robert Pittenger, along with Republicans Devin Nunes of California, Chris Smith of New Jersey, and Sam Johnson and John Culberson of Texas, and Democrats Dave Loebsack of Iowa and Denny Heck of Washington.  Several administration officials have voiced support for reforming the CFIUS review process, including Treasury Secretary Steven Mnuchin, Defense Secretary James Mattis, and Commerce Secretary Wilbur Ross.

But despite its widespread support, FIRRMA’s progress through the legislative process could be hobbled by the volume of contentious issues on the legislative agenda for the remainder of the year, including tax and immigration reform, government funding and the debt limit.

FIRRMA is not the only legislative effort to overhaul the CFIUS review process.  On October 18, 2017, U.S. Senators Chuck Grassley (R-IA) and Sherrod Brown (D-OH) introduced the United States Foreign Investment Review Act, a legislative proposal to review the economic impact of any proposed foreign acquisition alongside the CFIUS national security review.  The Grassley/Brown measure would authorize the U.S. Department of Commerce to review transactions potentially resulting in the foreign control of a U.S. business based on a number of “economic factors.”  Despite the support of influential and bipartisan sponsors, it is less likely that the more protectionist Grassley-Brown measure will progress this year.


[1]        Press Release, U.S. Senator John Cornyn, Cornyn, Feinstein, Burr Introduce Bill to Strengthen the CFIUS Review Process, Safeguard National Security (Nov. 8, 2017), available at

[2]        CFIUS operates pursuant to section 721 of the Defense Production Act of 1950, as amended by the Foreign Investment and National Security Act of 2007 (FINSA) (section 721) and as implemented by Executive Order 11858, as amended, and regulations at 31 C.F.R. Part 800.

[3]        President’s Council of Advisors on Science and Technology, Ensuring Long-Term U.S. Leadership in Semiconductors (January 2017), available at sites/default/files/microsites/ostp/PCAST/pcast_ensuring_long-term_us_leadership_in_semiconductors .pdf (“Our core finding is this:  the United States will only succeed in mitigating the dangers posed by Chinese industrial policy if it innovates faster. Policy can, in principle, slow the diffusion of technology, but it cannot stop the spread. And, as U.S. innovators face technological headwinds, other countries’ quest to catch up will only become easier. The only way to retain leadership is to outpace the competition.”)

[4]        Doug Palmer, Cornyn debuts bill to reform CFIUS and stem tech transfers to China. Politico (November 8, 2017), available at

[5]        Press Release, The White House, Statement from the Press Secretary on President Donald J. Trump’s Decision Regarding Lattice Semiconductor Corporation (Sept. 13, 2017), available at

[6]        FIRRMA Section 3 (a)(5)(B)(i) – (vi).

[7]        FIRRMA Section (8)(B).

[8]        31 C.F.R. § 800.301(c), Example 3.

[9]        FIRRMA Section 3 (5) (B)(ii).

[10]      31 C.F.R. § 800.401(a), (b).

[11]      § 800.402(c).

[12]      FIRRMA Section (5).

[13]      31 C.F.R. § 800.506.

[14]      FIRRMA Section 8

[15]      FIRRMA Section 3 (a) (4) (defining country of “special concern”).

[16]      FIRRMA Section 3 (8).  The current CFIUS regulations define “critical technologies” as “critical technology, critical components, or critical technology items essential to national defense, identified pursuant to this section, subject to regulations issued at the direction of the President …” 50 U.S.C. § 4565 (a) (7).

[17]      FIRRMA Section 15

[18]      FIRRMA Section 3.

[19]      Jim Brunsden, Brussels seeks tighter vetting of foreign takeovers, Fin. Times, available at

[20]      U.S. Department of the Treasury, CFIUS Process Overview, available at (last visited November 9, 2017).

This post comes to us from Gibson, Dunn & Crutcher LLP. It is based on the firm’s memorandum, “Proposed Changes to the CFIUS Review Process,” dated November 10, 2017, and available here.