In August, Congress passed the Foreign Investment Risk Review Modernization Act (FIRRMA) as part of a $717 billion defense spending bill. FIRRMA focuses on the Committee on Foreign Investment in the United States (CFIUS), a group that reviews proposed foreign investment deals and evaluates them for potential national security risks. It expands the scope of CFIUS review to include transactions dealing with “critical technology,” “sensitive data belonging to United States citizens,” and cybersecurity. This expansion of CFIUS jurisdiction will have a strong impact on the development of technology companies in the United States.
The Role of CFIUS
CFIUS is an interagency committee that derives its authority from the executive branch. It has the authority to review “covered transactions,” which are defined by statute as “mergers, acquisitions, and takeovers by or with any foreign entity that could result in foreign ‘control’ of a U.S. business.” When CFIUS reviews a covered transaction, it is trying to determine what kind of effect the proposed deal would have on U.S. national security. If CFIUS decides that the proposed deal poses a risk to national security, it has two options. First, it can impose specific conditions or “require the parties to enter into a mitigation agreement to address the national security risks”. Second, CFIUS may refer the transaction to the president, who has the ability to suspend or terminate the deal. If the parties to the transaction believe that CFIUS will refer the transaction to the president, it is not uncommon for the parties to withdraw from the deal.
Why FIRRMA Matters for Technology Companies
FIRRMA represents a significant expansion of CFIUS’ jurisdiction, and as such it will have a significant impact on the state of foreign investment in the United States. By expanding the scope of covered transactions to include transactions dealing with critical technology, sensitive data on U.S. citizens, and cybersecurity, FIRRMA has brought Silicon Valley squarely into CFIUS jurisdiction. Additionally, the uncertainty surrounding the new regulations along with the new filing fees have placed both established and emerging technology companies on uncertain ground.
Expansion of Jurisdiction
Before FIRRMA, deals involving critical technology were not subject to CFIUS review unless they could result in foreign control of a U.S. business. This made it easier for technology startups to raise funding, since the Chinese, who tend to be subject to a high degree of CFIUS scrutiny, have also been “more willing to invest in more speculative technologies that are less likely to accrue big financial gains in the near term but require a lot of capital.” So long as foreign investors did not gain control over the business they did not have to worry about CFIUS review. However, under FIRRMA “non-passive but non-controlling investments in US businesses involving sensitive personal data, critical infrastructure, or critical technology” are now covered transactions. This shift away from looking at the nature of the transactions towards the subject of the transactions could have dramatic effects on how startups and venture capital firms are run in the United States.
Regulatory Uncertainty and Filing Fees
Beyond jurisdiction, there are other important changes that FIRRMA made in the CFIUS landscape. First, in order to pass this legislation, Congress left many of the “novel, difficult, or contentious issues” to the regulation-writing process. This means that some of FIRRMA’s key phrases, like “emerging technology” were left undefined within the act itself. So the true impact of FIRRMA’s provisions will not be known until CFIUS promulgates new regulations.
Additionally, FIRRMA imposed a new CFIUS filing fee. This fee is not yet required by CFIUS, but when it is implemented the filing fee will be set at one percent of the value of the transaction or $300,000, whichever is less. This could have a negative impact on startups that do not have a lot of capital to spare.
As it stands today, FIRRMA represents a significant change in how the United States will be approaching foreign investment in technology-related deals. Its focus on technology and data as a critical element of national security codifies some of the stances that CFIUS has already taken in response to recent proposed deals. However, until CFIUS creates its new regulations, the full extent of FIRRMA’s impact is yet to be seen.