New Articles

New Foreign Investment Restriction Regulations Cement CFIUS Reform

foreign investment

New Foreign Investment Restriction Regulations Cement CFIUS Reform

One of the emerging focal points of the U.S.-China trade war involves the implementation of updated foreign investment restrictions in key U.S. industries. 

On September 17, 2019, the Department of the Treasury issued proposed regulations to implement the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), legislation that sought to reform and expand the scope of foreign investment reviews conducted by the Committee on Foreign Investment in the United States (CFIUS). CFIUS, an inter-agency committee chaired by the Treasury Department with the authority to review, modify and potentially reject certain types of foreign investment that could adversely affect U.S. national security, has undergone a significant overhaul during the past year in the wake of FIRRMA becoming law in August 2018. It is now more vital than ever that companies understand how their business can be affected by the updated CFIUS regulations when they are seeking or negotiating a merger, acquisition, real estate investment or even a non-controlling investment from a foreign investor.

Typically, CFIUS reviews are voluntary and are conducted for merger or acquisition transactions where a non-U.S. company or a foreign government-controlled entity obtain a controlling interest in a U.S. company. If CFIUS determines that a covered transaction presents a national security risk, it has the authority to impose certain mitigating conditions before allowing the deal to proceed and can refer the transaction to the President for an ultimate decision. 

However, FIRRMA updated and expanded the scope of CFIUS jurisdiction to authorize reviews of additional types of non-controlling foreign investments based on the type of U.S. company involved. The implementing regulations proposed in September 2019 are set to take effect February 13, 2020, and while the CFIUS reform regulations are motivated by concerns directly related to China, the impact of FIRRMA will be felt globally and the new rules will not be tied to or affected by impending trade negotiations. U.S. businesses, particularly those involved in critical technologies, real estate, infrastructure and data collection or maintenance, must take heed of how the updated rules will affect their global business decisions moving forward.

New Regulations for TID Companies Effective February 2020

Effective February 13, 2020, CFIUS will be authorized to review “covered control transactions,” (all foreign acquisitions resulting in direct control in a U.S. business, which CFIUS already had jurisdiction over), as well as non-controlling “covered investments” by a foreign person in a U.S. critical technology, critical infrastructure or sensitive personal data company. The new rules refer to these as “TID U.S. Businesses” (Technology, Infrastructure and Data), or to be more specific, a company that engages in one of the following categories of activity: 

-produces, designs, tests, manufactures, fabricates or develops one or more critical technologies;

-owns, operates, manufactures, supplies or services critical infrastructure; or

-maintains or collects sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security.

“Critical technologies” include defense articles or defense services under the International Traffic in Arms Regulations, certain nuclear-related products regulated by the Nuclear Regulatory Commission Controls and certain technologies on the Commerce Control List under the Export Administration Regulations. In addition, “critical technologies” will include certain “emerging technologies” that are yet to be defined, and the Commerce Department’s Bureau of Industry and Security is currently reviewing at least 17 technology areas that are anticipated to result in new controls (including bio-tech, artificial intelligence, microprocessors, positional navigation and timing technology, quantum computing and additive manufacturing (3D printing)). 

“Critical infrastructure” includes key industry subsectors such as telecommunications, utilities, energy and transportation. “Sensitive personal data” is defined to include ten categories of data maintained or collected by U.S. businesses that (i) target products or services to sensitive populations (including U.S. military members and federal national security employees); (ii) collect or maintain such data on at least one million individuals; or (iii) have a business objective to collect such data on greater than 1 million individuals and such data is an integrated part of the U.S. business’s primary product or service. The categories of data include types of financial, geolocation and health data. 

Non-Controlling Covered Investments

Under the new regulations, CFIUS will be authorized to review non-controlling covered investment in TID U.S. Businesses. A “covered investment” includes scenarios where a foreign investor obtains:

-access to material non-public technical information;

-membership or observer rights on the board of directors or an equivalent governing body of the business or the right to nominate an individual to a position on that body; or

-any involvement, other than through voting of shares, in substantive decision making regarding sensitive personal data of U.S. citizens, critical technologies, or critical infrastructure.

Filing a CFIUS declaration for a non-controlling covered investment will remain a largely voluntary process, and parties will be able to file a notice or submit a short-form declaration notifying CFIUS of a covered investment in order to receive a potential “safe harbor” letter (after which CFIUS in most scenarios will not initiate a review of a transaction). 

However, if a foreign government holds a “substantial interest” in the foreign investor that obtains a “substantial interest” in a TID U.S. Business, a CFIUS filing will be mandatory. The updated regulations provide that a foreign government is considered to have a substantial interest in the foreign investor if it holds a 49% direct or indirect interest, whereas a foreign person will obtain a substantial interest in a TID U.S. Business if it obtains at least a 25% direct or indirect interest. CFIUS is also authorized to mandate declarations for transactions involving certain types of critical technology companies. 

The proposed rules also include a “white list” provision providing CFIUS the authority to designate certain “excepted investors” and “excepted foreign states” that may be eligible for an exclusion in connection with non-controlling covered investments. 

Global Impact: How Does This Affect My Business? 

The most important practical effect of the updated regulations is the breadth of U.S. companies standing to be impacted or affected by new foreign investment restrictions. U.S. businesses and industries that have previously never had to consider filing a CFIUS declaration, including healthcare companies, tech start-ups, related infrastructure industries, venture capital funds, emerging technology companies and manufacturers, and any company with access to sensitive consumer data, will now have to contemplate the implications of a CFIUS review when considering even passive foreign investment. Robust due diligence on potential investors will be more important than ever to ensure compliance with both mandatory and voluntary CFIUS declaration filings. Cross-border deals will be a costlier and more time-consuming process that will require acute attention to detail when drafting the contractual rights afforded to foreign investors. 

If you have any questions about the impact of the updated CFIUS regulations or how they may affect your company, please contact a member of Baker Donelson’s Global Business Team for additional information.


Joe D. Whitley is a shareholder at Baker Donelson, chair of the Firm’s Government Enforcement and Investigations Group and former General Counsel at the Department of Homeland Security. He can be reached at

Alan Enslen is a shareholder with Baker Donelson and leads the International Trade and National Security Practice and is a member of the Global Business Team. He can be reached at

Julius Bodie is an associate with Baker Donelson who assists U.S. and foreign companies across multiple industries with international trade regulatory issues. He can be reached at



Economic Espionage and the U.S.-China Trade War

Combatting Chinese theft of U.S. intellectual property (IP) has been a principal policy focus of the Trump Administration, including through the utilization of the Section 301 investigation process, the subsequent imposition of tariffs on Chinese-origin goods, via challenges in international regulatory bodies such as the World Trade Organization, updated foreign investment restrictions and through targeted legal designations of entities such as the leading Chinese telecommunications and consumer electronics company Huawei. IP and trade secret theft are to this day some of the largest economic and national security threats facing the U.S. and American businesses. Apart from the international trade remedies implemented by the Administration, the U.S. legal system has been another critical theatre for countering theft of IP and trade secrets from American businesses, and prosecutions have ramped up over the last half decade using civil and criminal enforcement mechanisms. 

The Economic Espionage Act of 1996 (“EEA”), 18 U.S.C. § 1831 et seq., is an act that makes theft or the misappropriation of trade secrets, especially through acts of industrial espionage, a federal crime. Such trade secret theft can lead to both civil and criminal enforcement actions. The EEA currently defines “trade secrets” broadly to include “all forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes.”1

Penalties under the EEA can be severe. In 2012, Congress revised the EEA to increase the penalties for organizations and individuals, and sentencing guidelines were increased for trade secret theft that seeks to benefit a foreign government or agent. A violation of the EEA can result in an individual being fined up to $500,000 and facing up to 10 years in prison, and a corporation found guilty can be fined up to $5,000,000. These penalties increase greatly if the trade secret theft or misappropriation benefits a foreign country or foreign agent. 

In 2016, the EEA was again amended when Congress passed the Defend Trade Secrets Act (“DTSA”). The DTSA established for the first time a private cause of action for the theft or misappropriation of trade secrets, which prior to its enactment had largely been addressed under individual state laws. 

The EEA and DTSA have been critical enforcement mechanisms for the U.S. government and private businesses in recent years to combat theft of corporate IP and trade secrets, in particular that of Chinese origin. A 2017 report from the independent Commission on the Theft of American Intellectual Property found that the annual cost to the U.S. economy from Chinese IP theft could be as high as $600 billion. More recently, a March 2019 survey found that one in five North American-based corporations on the CNBC Global CFO Council says Chinese companies have stolen their IP within the last year.2 And in April, the Department of Justice proclaimed that since 2011, more than 90 percent of the Department’s economic espionage prosecutions involve China, and more than two-thirds of all federal trade secret theft cases during that period have had at least a geographical nexus to China.3

The largest companies in the U.S. are not immune to such theft, and the EEA has been utilized in several recent high-profile prosecutions, including against a former Chinese national software engineer of IBM for the theft of proprietary source code4, a former Chinese national employee of Apple for the theft of a confidential circuit board schematic drawing designed for autonomous vehicles5 and a Chinese Ministry of State Security intelligence officer for his attempt to steal trade secrets from multiple U.S. aviation and aerospace companies, including GE Aviation.6

Beyond the government’s use of the EEA, the broad reach of the DTSA makes it important for every U.S. business to understand its nuances. The DTSA protects trade secrets if a company has taken reasonable measures to keep such information secret and “the information derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, another person who can obtain economic value from the disclosure or use of the information.”7 Trade secret misappropriation and the implications of the DTSA are therefore also prevalent in everyday business matters, including employment contracts and areas such as non-disclosures, non-compete, or confidentiality contractual provisions. The DTSA further provides important civil remedies for victims of trade secret theft, including the possibility of injunctive relief and even seizure of the allegedly stolen trade secrets. 

The EEA and DTSA are significant enforcement mechanisms for both the U.S. government and private businesses, which has been further underscored in recent years in light of ongoing malevolent Chinese industrial espionage activity. Conducting robust due diligence on new employees, foreign investors, and supply chain entities is more important than ever for U.S. businesses and their research and development entities. The effects of the U.S.-China trade war are a global concern, and problems such as securing future U.S. telecommunications networks from supply chain threats, eliminating foreign direct investment calculated to obtain proprietary U.S. trade secrets and technology,  and continuing to fight industrial cyberespionage must remain a top priority for the U.S. moving forward. 

Julius Bodie is an associate with Baker Donelson who assists U.S. and foreign companies across multiple industries with international trade regulatory issues, including identifying import/export licensing strategies, advising on global anti-corruption compliance, and counseling on Office of Foreign Assets Control (OFAC) economic sanctions programs.

Joe Whitley is a shareholder with Baker Donelson who represents national and international clients in various white-collar criminal matters including regulatory enforcement, corporate internal investigations and the Foreign Corrupt Practices Act (FCPA). During the Ronald Reagan and George H.W. Bush administrations, he served as Acting Associate Attorney General, the third-ranking position at Main Justice.

Alan Enslen is a shareholder with Baker Donelson who works with clients in international trade and national security matters, as well as government enforcement and investigations and trade remedy disputes. Enslen represents clients in numerous areas of international trade including economic/trade sanctions programs and global anti-corruption laws.

This article includes the following references:

118 U.S.C. § 1839(3).

2Eric Rosenbaum, 1 in 5 corporations say China has stolen their IP within the last year: CNBC CFO survey, CNBC (March 1, 2019)

3Deputy Assistant Attorney General Adam S. Hickey of the National Security Division Delivers Remarks at the Fifth National Conference on CFIUS and Team Telecom, Department of Justice (April 24, 2019)

4Chinese National Sentenced for Economic Espionage and Theft of a Trade Secret From U.S. Company, Department of Justice Press Release (January 18, 2018)

5Former Apple Employee Indicted On Theft Of Trade Secrets, Department of Justice Press Release (July 16, 2018)

6Chinese Intelligence Officer Charged with Economic Espionage Involving Theft of Trade Secrets from Leading U.S. Aviation Companies, Department of Justice Press Release (October 10, 2018)

718 U.S.C. § 1839.