Smart cloud computing, driverless vehicles, and wireless-sensor networks are all examples of technologies that have two things in common: Internet of Things (IoT) protocols and artificial intelligence (AI), both fields of innovation set to be the epicenter of telecommunication innovation in 2018. Since they are classified as emerging technologies, deals involving these innovations and a Chinese partner might also put companies under the scrutiny of a little-known U.S. regulatory body, thanks to pending legislation.
The Foreign Investment Risk Review Modernization Act (FIRRMA), proposed in late 2017, is currently in the hearing stage and may soon become regulatory reality.1 The Act would significantly expand the power of the Committee on Foreign Investment in the United States (CFIUS), along with the Department of Commerce and the Office of the United States Trade Representative, to vet and veto foreign investment deals that might threaten national security, with a new focus on deals affecting critical technology.2 The bill will also increase the capacity of CFIUS to review transactions, likely resulting in a greater number of investigations each year.3 If CFIUS expresses concern with a deal, the parties are required to either reach a mitigation agreement with CFIUS, terminate the deal, or refile for review at a later time.4 FIRRMA presents two key challenges for U.S. tech companies considering telecom deals with Chinese firms given the unique security concerns surrounding U.S. technology deals involving China.
First, the bill’s focus on protecting critical and emerging technology—including artificial intelligence, robotics, and other communications-related innovations—increases the risk of CFIUS reviewing smaller transactions.5 The bill proposes an expansion of CFIUS’s scope of review that could include tech transfers, joint ventures, and even licensing deals. This change could subject deals ranging from Silicon Valley start-up buyouts to Kickstarter IoT projects to the kind of vetting currently faced only by multinational corporations in large M&A transactions, such as the current pending deal between Ant Financial Services Group, a Chinese company, and MoneyGram International, Inc., a U.S.-based company.6 While only large transactions, $500 million for state-owned enterprise transactions and $1 billion for other deals, would be subject to mandatory reporting, the bill gives CFIUS authority to investigate other unreported deals.7 In recent years, when CFIUS reviewed deals involving Chinese investors, nearly every deal that CFIUS approved faced mitigation requirements in order to receive approval.8
Second, the prevalence of State ownership in Chinese enterprises increases the risk that CFIUS will review China telecom deals.9 The bill would expand CFIUS’s power beyond reviewing deals that would allow a “foreign person” to gain control of a U.S. business to scrutinizing transactions that allow foreign persons to gain mere access to nonpublic technical information.10 Regulators have frequently expressed concerns over China’s acquisition of U.S.-developed technologies and the potential for China to overtake the United States’ technological capacity.11 Therefore, regulators are likely to scrutinize deals that could potentially give the Chinese state control of technologies impacting national security, particularly commercial technologies modifiable for military use. Recent Chinese cybersecurity legislation compounds these concerns: new Chinese laws that subject virtual private network (VPN) usage and encryption software to strict regulation and limitations pose new risks to data security in China. The new laws require most foreign enterprises to use State-approved internet service providers and Chinese-manufactured encryption software, potentially exposing data to interception by the state.12 Additionally, U.S. lawmakers remain deeply concerned about unfair Chinese technology transfer practices.13 U.S. technology companies, especially small start-up ventures, should exercise good practices to protect their intellectual property rights to avoid losing control of their technology to Chinese manufacturers.
In January 2018, an Australian college student noticed that he could use his fitness-tracking wearable, an inexpensive device used for tracking time and distance while jogging, to determine the location of military bases using the GPS heat map data.14 This stunning discovery emphasized a larger problem—even the most innocuous technologies can contain hidden national security implications. For government policymakers, big data means big risk. Since data protection and intellectual property rights vary by country, U.S. lawmakers see deals that handover information about U.S. emerging technologies to foreign-owned companies as increasingly risky. FIRRMA attempts to address these concerns by increasing the scope and power of CFIUS. For tech companies dealing with Chinese businesses, the proposed legislation may present new barriers to closing deals.