New Articles

New CFIUS Regulations Formally Implemented: What Your Business Needs to Know


New CFIUS Regulations Formally Implemented: What Your Business Needs to Know

The Committee on Foreign Investment in the United States (CFIUS or the Committee) is an interagency government committee authorized to review, modify, and block foreign acquisitions of or investments in U.S. businesses that could adversely affect U.S. national security.

In 2020, new regulations went into effect that broadened the scope of foreign investment transactions subject to review by the Committee. Historically, CFIUS national security reviews were limited to transactions that could result in a foreign investor obtaining “control” of a U.S. business. However, the scope of transactions subject to potential CFIUS review has been expanded, and now includes certain non-controlling foreign investments in U.S. businesses involved in critical technologies, critical infrastructure, or sensitive personal data of U.S. citizens. In addition, CFIUS has instituted new mandatory filing requirements for specific types of foreign investment in U.S. critical technology companies.

It is now more important than ever for non-U.S. companies doing business with or investing in the U.S. to understand how their business can be impacted by the revised CFIUS regulations. If a non-U.S. company is considering buying or investing in a U.S. business, conducting an assessment of potential CFIUS risks and obligations must be included in the due diligence process. To assist with this assessment, below is an overview of CFIUS, as well as a breakdown of the key CFIUS regulatory changes implemented in 2020 that stand to impact your business.

Committee on Foreign Investment in the United States (CFIUS)

CFIUS is chaired by the U.S. Department of Treasury and has the authority to review any transaction by or with a foreign person which could result in control (or in certain non-controlling interests) of a U.S. business by a foreign person. This includes proposed or completed mergers, acquisitions, or takeovers by foreign governments, foreign entities, and those controlled by foreign governments and entities. When CFIUS has jurisdiction over a proposed transaction, parties can voluntarily notify the Committee of the transaction and its terms. CFIUS is authorized to commence reviews unilaterally, but it rarely uses this power.

Foreign investors often seek to file for CFIUS approval voluntarily because once a transaction is cleared by the Committee, it qualifies for a “safe harbor” and is generally considered cleared indefinitely, thereby eliminating CFIUS-related risks. On the other hand, if CFIUS does not clear a particular transaction prior to its closing, there is a chance that the Committee will unilaterally initiate an investigation and ultimately require divestiture of the foreign party, potentially even years after the transaction has closed.

If CFIUS determines that a covered transaction presents a national security risk, it has the authority to impose certain mitigating conditions before allowing the deal to proceed, and may also refer the transaction to the President, who has sole authority to block a proposed transaction or unwind a completed transaction. However, U.S. Presidents have rarely used their power to block transactions because CFIUS generally enters into mitigation agreements with the parties to high-risk transactions in order to alleviate any identified national security concerns.

If CFIUS opposes a foreign investment or acquisition, and mitigating measures cannot be implemented by the transacting parties, it is often the case that the foreign investor withdraws the deal prior to CFIUS escalating its recommendation to the President. While to date only five investments have ever been blocked by a President, numerous proposed transactions have been withdrawn by the parties involved to avoid the risk of having the transaction formally blocked.

CFIUS has become much more active in recent years, particularly under the Trump administration, where the Committee reviewed 697 transactions between 2017 and 2019. Recent high-profile examples include the following:

-In 2017, President Trump blocked the acquisition of Lattice Semiconductor Corp. by the Chinese investment firm Canyon Bridge Capital Partners due to national security and intellectual property concerns.

-In 2018, President Trump blocked the acquisition of U.S. telecommunications equipment company Qualcomm by the Singapore microchip maker Broadcom.

-In 2019, CFIUS raised concerns over Beijing Kunlun Company’s investment in Grindr LLC, an online dating site, over concerns of foreign access to personally identifiable information of U.S. citizens. The Chinese firm subsequently divested itself of Grindr.

-In 2020, President Trump announced plans to ban the popular social media platform TikTok based on its ownership by Chinese technology company ByteDance and its potential access to sensitive personal data of U.S. citizens. CFIUS and ByteDance are still in the process of negotiating the terms of prospective mitigating measures that would allow TikTok to continue its U.S. operations.

Changing Landscape: Foreign Investment Risk Review Modernization Act

In recent years, there has been a push for CFIUS reform by government officials who viewed the process as inadequate to face modern geopolitical threats to U.S. businesses and technologies posed by foreign direct investments into U.S. companies – particularly from Chinese foreign investment. This led to the passing of the broad CFIUS reform legislation known as the Foreign Investment Risk Review Modernization Act (FIRRMA) in August 2018.

FIRRMA was designed to expand the scope of foreign investment reviews conducted by the Committee, and overhauled the CFIUS review process to more effectively address modern U.S. national security concerns. The revised CFIUS regulations provided for in FIRRMA formally took effect in February 2020.

Historically, CFIUS reviews have been based on voluntary notice submissions by parties to a covered transaction. Only transactions that involved foreign control and that raised national security concerns would be filed by the transacting parties with the Committee for approval. Under FIRRMA, the Committee now also has the authority to review non-controlling “covered investments” by a foreign person in a U.S. critical technology, critical infrastructure or sensitive personal data company. These “TID Businesses” (i.e., U.S. Technology, Infrastructure and Data companies) include companies that engage in one of the following activities:

-Produces, designs, tests, manufactures, fabricates or develops one or more critical technologies;

-Owns, operates, manufactures, supplies or services critical infrastructure; or

-Maintains or collects sensitive personal data (e.g., health or financial data) of U.S. citizens that may be exploited in a manner that threatens national security.

A “covered investment” includes circumstances where a foreign investor obtains:

-Access to material non-public technical information;

-Membership or observer rights on the board of directors or an equivalent governing body of the business or the right to nominate an individual to a position on that body; or

-Any involvement, other than through voting of shares, in substantive decision making regarding sensitive personal data of U.S. citizens, critical technologies, or critical infrastructure.

CFIUS has also instituted new mandatory filing requirements involving inbound investment in U.S. companies involved with “critical technology.” When FIRRMA was initially implemented, filings became mandatory for certain transactions involving U.S. critical technology businesses that were included among 27 specified industries identified by their North American Industry Classification System (NAICS) codes.

However, beginning in October 2020, CFIUS implemented a new rule tying the “critical technology” definition to U.S. export control regulations. Now, filing a declaration with CFIUS is mandatory for covered transactions involving a U.S. business that “produces, designs, tests, manufactures, fabricates, or develops one or more critical technologies” where a “U.S. regulatory authorization” would be required for the export, re-export, or transfer of such critical technologies to the foreign investor. Accordingly, having a clear understanding of U.S. export control classification regimes and licensing requirements, including those promulgated under the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR), is now a significant component of any CFIUS analysis.

In addition, FIRRMA added mandatory filings requirements for certain types of foreign government investment. If a foreign government holds a “substantial interest” in a foreign investor that in turn obtains a “substantial interest” in a TID Business, a CFIUS filing is now mandatory. This filing requirement is triggered when a foreign government holds at least a 49% (direct or indirect) interest in the foreign investor, whereas a foreign person will obtain a “substantial interest” in a TID Business if it seeks to obtain at least a 25% (direct or indirect) interest. In such scenarios, the parties must file a mandatory declaration with CFIUS at least 30 days prior to the transaction’s closing.

Global Impact

In terms of global impact, U.S. businesses and foreign investors previously unfamiliar with the CFIUS filing process, or that were previously outside the jurisdiction for a covered transaction, will now have to analyze the potential implications of a mandatory or voluntary CFIUS filing when considering even passive forms of foreign investment. This includes businesses ranging from health care companies, telecommunications companies, technology start-ups, related infrastructure industries, venture capital funds, emerging technology companies and manufacturers, and any company that maintains or can access sensitive U.S. consumer personal or health data.

Robust due diligence on proposed foreign investments will be more important than ever to ensure compliance with any mandatory CFIUS requirements. This will result in cross-border deals becoming much more time-consuming processes that will require significant scrutiny and attention to detail when drafting contractual rights afforded to foreign investors. Importantly, this will also require increased “up-stream” due diligence on any proposed non-U.S. investor’s corporate structure and ultimate ownership.

The business decision that a potential non-U.S. investor will need to make regarding which type of filing (if any) should be made with CFIUS is based on factors such as the complexity of the transaction, the working relationship between the parties, the national security implications and risk-level of the U.S. business, the likelihood of a successful resolution with CFIUS, the economy of legal resources, the evolving definition of what constitutes a “national security concern,” and current CFIUS enforcement priorities.


Alan Enslen and Julius Bodie are attorneys at law firm Baker Donelson, they can be reached at and Jiri Mestecky, Takanori Nakajima and Yunosuke Hirano are are attorneys at Kitahama Partners. They can be reached at, and