The U.S. Treasury Department has recently issued new regulations for review concerning the Committee on Foreign Investment in the United States (CFIUS). CFIUS reviews transactions implicating national security concerns. The Fact Sheet concerning the new proposed regulations from the U.S. Treasury Department states:
FIRRMA Provisions on Non-Controlling Investments
FIRRMA expands CFIUS’s jurisdiction beyond transactions that
could result in foreign control of a U.S. business to also include a
non-controlling investment, direct or indirect, by a foreign person that
affords the foreign person:
access to any material nonpublic technical information in the
possession of the U.S. business; membership
or observer rights on the board of directors or equivalent governing body of
the U.S. business or the right to nominate an individual to a position on the
board of directors or equivalent governing body; or any involvement, other than
through voting of shares, in substantive decisionmaking of the U.S. business
regarding— the use, development, acquisition, safekeeping, or release of
sensitive personal data of U.S. citizens maintained or collected by the U.S.
business; the use, development, acquisition, or release of critical
technologies; or the management, operation, manufacture, or supply of critical
infrastructure.
This new authority only applies to a non-controlling
investment in a U.S. business that: produces,
designs, tests, manufactures, fabricates, or develops one or more critical
technologies; owns, operates,
manufactures, supplies, or services critical infrastructure; or maintains or
collects sensitive personal data of U.S. citizens that may be exploited in a
manner that threatens national security.
FIRRMA also requires that CFIUS prescribe regulations that
further define the term “foreign person” in the context of non-controlling
investments by specifying criteria to limit its applicability over certain
categories of foreign persons.
Key Aspects of the Proposed Regulations Regarding “Covered
Investments”
Types of investments covered: Non-controlling investments that afford a
foreign person certain access, rights, or involvement in certain U.S.
businesses (referred to as “covered investments”).
Largely a voluntary process: Process remains largely voluntary, where
parties may file a notice or submit a short-form declaration notifying CFIUS of
a covered investment in order to receive a potential “safe harbor” letter
(after which CFIUS does not initiate a review of a transaction except in
certain limited circumstances). In some
circumstances, filing a declaration for a transaction is mandatory. In particular, FIRRMA creates a mandatory
declaration requirement for specified covered transactions where a foreign
government has a “substantial interest”.
Additionally, FIRRMA authorizes CFIUS to mandate declarations for
covered transactions involving certain U.S. businesses that produce, design, test,
manufacture, fabricate, or develop one or more critical technologies.
U.S. businesses covered:
The new provisions on covered investments only apply to investments in
U.S. businesses involved in specified ways with critical technologies, critical
infrastructure, or sensitive personal data—referred to as “TID U.S. businesses”
for technology, infrastructure, and data.
Critical
technologies: CFIUS may review
transactions related to U.S. businesses that design, test, manufacture,
fabricate, or develop one or more critical technologies. “Critical technologies” is defined to include
certain items subject to export controls and other existing regulatory schemes,
as well as emerging and foundational technologies controlled pursuant to the
Export Control Reform Act of 2018.
Critical
infrastructure: CFIUS may review
transactions related to U.S. businesses that perform specified
functions—owning, operating, manufacturing, supplying, or servicing—with
respect to critical infrastructure across subsectors such as
telecommunications, utilities, energy, and transportation, each as identified
in an appendix to the proposed regulations.
Sensitive personal
data: CFIUS may review transactions
related to U.S. businesses that maintain or collect sensitive personal data of
U.S. citizens that may be exploited in a manner that threatens national
security. “Sensitive personal data” is defined to include ten categories of
data maintained or collected by U.S. businesses that (i) target or tailor products
or services to sensitive populations, including U.S. military members and
employees of federal agencies involved in national security, (ii) collect or
maintain such data on at least one million individuals, or (iii) have a
demonstrated business objective to maintain or collect such data on greater
than one million individuals and such data is an integrated part of the U.S.
business’s primary products or services.
The categories of data include types of financial, geolocation, and
health data, among others. Genetic
information is also included in the definition regardless of whether it meets
(i), (ii), or (iii).
Foreign person and
excepted investor: The regulations
create an exception from “covered investments” for certain foreign persons
defined as “excepted investors” based on their ties to certain countries
identified as “excepted foreign states,” and their compliance with certain
laws, orders, and regulations. The
regulations do not except these persons from control transactions previously
subject to CFIUS jurisdiction; investments from all foreign persons remain
subject to CFIUS’s jurisdiction over transactions that could result in foreign
control of a U.S. business.
FIRRMA Provisions on Real Estate Transactions
In FIRRMA, Congress authorized CFIUS to review “the purchase
or lease by, or a concession to, a foreign person of private or public real
estate that”
“is, is located within, or will function as part of, an air
or maritime port…”
“is in close proximity to a United States military
installation or another facility or property of the United States Government
that is sensitive for reasons relating to national security;”
“could reasonably
provide the foreign person the ability to collect intelligence on activities
being conducted at such an installation, facility, or property; or”
“could otherwise
expose national security activities at such an installation, facility, or
property to the risk of foreign surveillance.”
Pursuant to FIRRMA,
this authority does not extend to “a single ‘housing unit.’” This authority also does not apply to “real
estate in ‘urbanized areas’ . . . except as otherwise prescribed by [CFIUS] in
regulations in consultation with the Secretary of Defense.” (emphasis added)
FIRRMA directs CFIUS
to “prescribe regulations to ensure that the term “close proximity” refers only
to a distance or distances within which the purchase, lease, or concession of
real estate could pose a national security risk.”
FIRRMA also requires
that CFIUS prescribe regulations that further define the term “foreign person”
for real estate transactions by specifying criteria to limit its applicability
over certain categories of foreign persons.
The full text of the regulations
is available, here.
No comments:
Post a Comment