On September 15, President Biden signed an Executive Order clarifying the factors that the Committee on Foreign Investment in the US (“CFIUS”) may use to determine whether a transaction poses a risk to U.S. national security.1
The Executive Order outlines five factors CFIUS will consider in evaluating the national security risk of a particular transaction:
- Critical supply chains: CFIUS must consider the risk of transactions that include a transfer of ownership, rights, or control in industries critical to national security, including the defense-industrial base. The Order identifies the following industries as critical to national security: microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy such as battery storage and hydrogen, climate adaptation technologies, critical materials such as lithium and rare earth elements, elements of the agriculture industrial base that have implications for food security, and any other sectors identified in section 3(b) or section 4(a) of Executive Order 14017 of February 24, 2021.
- Technological leadership: CFIUS must consider whether an investment jeopardizes U.S. leadership in certain emerging technologies. The Order identifies the following technologies as ones of particular concern: microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies. It also directs the Office of Science and Technology Policy to publish follow up lists of technology sectors that are fundamental to U.S. technological leadership for CFIUS to consider in making future assessments.
- Aggregate investment trends: CFIUS must consider investment trends over time and the cumulative effect of multiple acquisitions and investments in the same or similar U.S. businesses in critical sectors. According to the Order, “In aggregate, these transactions may facilitate harmful technology transfer in key industries or otherwise harm national security through the cumulative effect of these investments.”2
- Cybersecurity: CFIUS must consider the cybersecurity impacts of transactions it reviews. Specifically, CFIUS must assess whether a transaction could (A) undermine the protection or integrity of data in storage or databases or systems housing sensitive data; (B) is designed to interfere with U.S. elections, U.S. critical infrastructure, the defense industrial base, or other cybersecurity national security priorities set forth in Executive Order 14028 of May 12, 2021; or (C) result in the sabotage of critical energy infrastructure, including smart grids.
- Sensitive personal data: CFIUS must consider the impact of a transaction on access to the personal data of U.S. persons, as this information may be used for surveillance activity that impacts national security. The Order identifies the following categories of data as particularly sensitive: health, digital identity, or other biological data of U.S. persons, and any data that could be identifiable or de‑anonymized and that could be exploited to distinguish or trace an individual’s identity.
As our previous articles have discussed, the number of transactions with ties to China reviewed by CFIUS is showing an upward trend.3 Parties interested in U.S. investments should carefully consider the Order’s implications and monitor its implementation by CFIUS, including in the context of heightened sensitivity surrounding China-related investments.