CFIUS Proposes Revision to Mandatory Declaration Requirement for Foreign Investments in US Businesses Involved with Critical Technologies

On May 20, 2020, the Committee on Foreign Investment in the United States (“CFIUS”) issued a proposed rule that would modify the criteria triggering a mandatory declaration requirement for certain foreign investment transactions in US businesses involved with critical technologies. Mandatory declarations would no longer be based on the US business’s North American Industry Classification System (“NAICS”) codes, but instead turn on the sensitivity of the US business’s technology. As discussed in our prior alert, Treasury Finalizes New CFIUS Regulations, CFIUS previewed this change in January 2020 when it issued the final regulations implementing the Foreign Investment Risk Review Modernization Act (“FIRRMA”). The proposed rule is subject to a 30-day comment period, and we do not expect a final rule to become effective until later this year.

If adopted in its proposed form, the new rule would heighten the need for parties to foreign investments involving critical technologies to conduct appropriate export control due diligence.

Current Regulations

Under the current regulations, a mandatory declaration is required for “covered control transactions” or “covered investments” in US businesses that produce, design, test, manufacture, fabricate, or develop one or more “critical technologies” used in connection with 27 industries identified by NAICS codes. “Critical technologies” means items controlled pursuant to: (1) the International Traffic in Arms Regulations (“ITAR”); (2) certain controls of the Export Administration Regulations (“EAR”); (3) nuclear-related equipment and materials; (4) select agents and toxins; and (5) “emerging and foundational technologies.”

The NAICS was developed for use by federal agencies for classifying US businesses for statistical purposes and was not designed for national security in mind. As a result, both practitioners and investors expressed frustration with its use as a reference point for the mandatory declaration requirement, in part, because of potential over-inclusion of US businesses that do not pose national security risks.

Proposed Regulations

The proposed rule addresses those concerns by removing the NAICS code criteria. Instead, the mandatory declaration requirement related to critical technologies would be based on whether regulatory licenses or authorizations would be required for the export of the specific critical technology of the US business. Specifically, mandatory declarations would apply only to the extent that a US business produces, designs, tests, manufactures, fabricates, or develops “critical technologies” that would (1) require a “regulatory authorization” to export to a foreign person; and (2) the foreign person is directly involved in the transaction or, individually or in aggregate with other foreign persons, holds a direct or indirect voting interest of 25% or more.

“Regulatory authorization” is defined as a license, approval, or authorization from the State Department under the ITAR, the Commerce Department under the EAR, the Energy Department, or the Nuclear Regulatory Commission, as applicable. Importantly, the proposed rule expressly states that the determination of whether a “regulatory authorization” is required is based on whether the export would subject to a control for the foreign investor’s country without regard to eligibility for a license exemption under the ITAR or a license exception under the EAR. (The only exception in the proposed rule is for certain EAR license exceptions for encryption (“ENC”), technology and software unrestricted (“TSU”), and strategic trade authorization (“STA”). If the only reason for a “regulatory authorization” is an export eligible for one of those three license exceptions, then the transaction would be exempt from the mandatory declaration requirement.)

The proposed rule, if implemented, will make it more important for parties assessing the application of CFIUS rules to a proposed transaction to ensure that the US business’s technology is classified properly under applicable export control regulations. Without an accurate assessment of the technology, the parties risk failing to comply with mandatory declaration requirements, which can subject the transaction parties to significant fines.

This memorandum is a summary for general information and discussion only and may be considered an advertisement for certain purposes. It is not a full analysis of the matters presented, may not be relied upon as legal advice, and does not purport to represent the views of our clients or the Firm. Greta Lichtenbaum, an O’Melveny partner licensed to practice law in the District of Columbia, Theodore W. Kassinger, an O’Melveny of counsel licensed to practice law in the District of Columbia and Georgia, Mary Pat Dwyer, an O’Melveny counsel licensed to practice law in the District of Columbia and Pennsylvania, and David J. Ribner, an O’Melveny counsel licensed to practice law in the District of Columbia and New York, contributed to the content of this newsletter. The views expressed in this newsletter are the views of the authors except as otherwise noted.

© 2020 O’Melveny & Myers LLP. All Rights Reserved. Portions of this communication may contain attorney advertising. Prior results do not guarantee a similar outcome. Please direct all inquiries regarding New York’s Rules of Professional Conduct to O’Melveny & Myers LLP, Times Square Tower, 7 Times Square, New York, NY, 10036, T: +1 212 326 2000.