O’Melveny Worldwide

Biden Administration Issues Policy Directive on National Security Reviews of Foreign Investments in U.S. Businesses

September 23, 2022


The Biden Administration has issued an executive order directing the Committee on Foreign Investment in the United States (“CFIUS”) to consider certain national security factors when evaluating the risks of foreign investments. The Executive Order on Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States (“the E.O.”) identifies five specific sets of factors that, among others, can pose risks to U.S. national security: (1) supply chain resilience; (2) U.S. technological leadership; (3) industry investment trends; (4) cybersecurity risks; and (5) risks to U.S. person sensitive data. 

Importantly, while the E.O. is the first formal Presidential directive to CFIUS regarding national security risks since CFIUS was created in 1975, the E.O. does not change CFIUS processes for reviewing foreign investments or its jurisdiction. As the White House Fact Sheet accompanying the E.O. notes, CFIUS already has the authority to consider any national security risks that it identifies in its reviews. Indeed, the factors discussed in the E.O. have already been taken into consideration by CFIUS for a number of years across both Democratic and Republican administrations. Therefore, while the E.O. is an important statement regarding U.S. policy and helpful for foreign investors to understand the Biden Administration’s views of the national security threat landscape, the practical implications for parties to transactions subject to CFIUS review is limited.

National Security Factors for CFIUS Reviews

The E.O. describes five areas of national security risk for CFIUS to consider, including several that were explicitly identified in the 2018 Foreign Investment Risk Review Modernization Act (known as “FIRRMA”), which amended the statute governing CFIUS. These areas of risk are:

  • Supply Chain Resilience. The E.O. directs CFIUS to consider the effect of transactions on “supply chain resilience and security” related to manufacturing, services, critical mineral resources, and technologies, both within and outside the defense industrial base, in economic areas, including microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy (such as battery storage and hydrogen), climate adaptation technologies, critical materials (such as lithium and rare earth elements), and elements of the agriculture industrial base that have implications for food security. In particular, the E.O. directs CFIUS to consider the following factors in its risk assessments: the committee will analyze the following factors: (1) the diversification of suppliers in a supply chain, including the availability of alternative suppliers; (2) whether the U.S. business supplies the U.S. government, or the energy sector, or defense industrial bases; and (3) the concentration of ownership or control by the foreign investor in a given supply chain. 
  • U.S. Technological Leadership. The E.O. directs CFIUS to consider the importance of protecting U.S. technological leadership in many of the same areas in which there are concerns about supply chains, including microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies. Those areas, however, are not the only ones of concern and the E.O. also directs CFIUS to consider technologies in which future advancements and applications could undermine national security. 
  • Industry Investment Trends. The E.O. directs CFIUS to consider each investment in the context of previous transactions, both from the same investor and investors from the same country, to assess whether multiple investments or acquisitions are being made in the same sector or related to the same technology.
  • Cybersecurity Risks. The E.O. directs CFIUS to consider cybersecurity risks resulting from foreign investments, including investments by foreign persons with the capability to conduct cyber intrusions and other malicious cyber activities, in particular, related to elections, the operation of critical infrastructure, and communications systems in the United States.
  • Risks to U.S. Person Sensitive Data. The E.O. directs CFIUS to consider risks to sensitive data of U.S. persons, including health and biological data. In particular, the E.O. notes a concern that CFIUS has identified to practitioners in the past: “advances in technology, combined with access to large data sets, increasingly enable the re‑identification or de‑anonymization of what once was unidentifiable data.” 

Notably, for each of the risk factors described, the E.O. directs CFIUS to consider threats posed not only by the foreign investor to the transaction, but also “relevant third-party ties” of the foreign investor that could pose a threat to U.S. national security. The E.O. thus highlights that CFIUS will not only look at an investor and its country of domicile, but also entities and countries with which an investor has key business ties.


The E.O. provides foreign investors seeking to invest in the United States and U.S. businesses seeking foreign investment with useful insight into the Biden Administration’s view of the role of CFIUS, particularly within the context of the administration’s broader national security strategy. Consistent with that strategy, the E.O. focuses on risks from supply chains, advanced technology, cybersecurity, and personal data. From a practical standpoint, however, the E.O. is unlikely to result in significant changes to the CFIUS process as CFIUS has focused on these areas of risk for some time.

This memorandum is a summary for general information and discussion only and may be considered an advertisement for certain purposes. It is not a full analysis of the matters presented, may not be relied upon as legal advice, and does not purport to represent the views of our clients or the Firm. Greta Lichtenbaum, an O’Melveny partner licensed to practice law in the District of Columbia, David J. Ribner, an O’Melveny counsel licensed to practice law in the District of Columbia and New York, and Damilola G. Arowolaju, an O’Melveny associate licensed to practice law in the District of Columbia, contributed to the content of this newsletter. The views expressed in this newsletter are the views of the authors except as otherwise noted.

© 2022 O’Melveny & Myers LLP. All Rights Reserved. Portions of this communication may contain attorney advertising. Prior results do not guarantee a similar outcome. Please direct all inquiries regarding New York’s Rules of Professional Conduct to O’Melveny & Myers LLP, Times Square Tower, 7 Times Square, New York, NY, 10036, T: +1 212 326 2000.