On May 21, 2020, the Committee on Foreign Investment in the United States (CFIUS) published proposed rules (the Proposals) that fine-tune the recently implemented changes to the CFIUS rules. In particular, the Proposals adjust certain criteria for mandatory CFIUS filings, most notably for those companies that have "critical technologies." Three key takeaways on the Proposals in the form of a three-course meal are set forth immediately below, along with a suggestion of what investors and companies should remember when walking away from the table.
The Appetizer: Clarification of the Substantial Interest Definition
First, the Proposals clarify one piece of the definition of "substantial interest," and in so doing potentially make more investment funds subject to the new CFIUS mandatory filing rules. Under the CFIUS rules that took effect in February, if a foreign government holds a substantial interest in a foreign investor (i.e., 49 percent or more) and that foreign investor takes a 25 percent voting interest in certain kinds of U.S. businesses—those that deal with sensitive technologies, infrastructure, or data—that transaction will trigger a mandatory filing with CFIUS. The February rules stated that for funds and fund-like entities, the relevant inquiry was whether the foreign government held a 49 percent or greater interest in the general partner, managing member, or equivalent.
Under the Proposals, however, the existence of a foreign government substantial interest in an investment fund is only determined by the level of foreign government ownership of a general partner, managing member, or equivalent when that entity "primarily directs, controls, or coordinates the activities" of the investment fund. Otherwise, the existence of a foreign government substantial interest may be determined by reference to other entities that may control the investor—i.e., at CFIUS's discretion, by examining other potentially controlling parties, such as the limited partners in the fund. If, for example, a foreign government-owned limited partner has a majority economic stake in a fund and a seat on an advisory committee with unusually broad authority regarding the fund's investment decisions, the Proposals would seem to leave open the possibility that CFIUS could find a substantial interest in these circumstances. In other words, CFIUS has taken a clear test for foreign government ownership of funds, tied solely to voting ownership of the general partner or equivalent, and replaced it with a more traditional, nebulous, and subjective test related to "control."
The Main Course: Replacement of the "NAICS Test" for Mandatory Filings
Second, the Proposals revise the other CFIUS mandatory filing rule, the "critical technology" rule, to attempt to focus it more on specific countries of concern. However, the manner in which that change has been implemented may create more legal overhead for potential mandatory filers.
The "critical technology" mandatory filing rule establishes mandatory declaration requirements for certain investments in U.S. businesses that produce, design, test, manufacture, fabricate, or develop one or more critical technologies. Previously, in order to have a mandatory filing, the business that was the target of the foreign investment needed to use its critical technologies in connection with one or more of 27 sensitive industries identified by reference to the North American Industry Classification System (NAICS).
The Proposals leave the definition of "critical technology" unchanged but replace the NAICS test for sensitive industrial uses. In place of the NAICS test, parties would be required to determine the export control licensing requirements of the U.S. business's critical technology vis-à-vis the foreign investor. If U.S. regulatory authorizations would be required to export, re-export, transfer (in-country), or retransfer company technology to certain foreign persons, then a CFIUS filing would likely be required.
The universe of foreign persons who must be examined includes:
In sum, CFIUS has replaced the vague NAICS code portion of the critical technology filing test with a more specific alternative. Application of the new export control test—i.e., whether authorization would be required to export the relevant critical technology to the relevant foreign persons—likely will be clearer than application of the NAICS code test. However, assessing export control licensing requirements will require export control expertise and may be laborious, particularly if there are many foreign persons with respect to whom the export control analysis must be assessed.
The Dessert: Narrowing of the ENC Exception to Mandatory Filings, but New Exceptions Added
Third, and finally, CFIUS has readjusted one of the exceptions to the mandatory filing rules established in the February rules, limiting it in one area while offering a broader exception in others. Under the current rules, the mandatory filing requirement is relieved where the critical technology in question is encryption-related and is eligible for License Exception ENC. Because many commercial software products as well as certain hardware products are eligible for export under License Exception ENC, this valuable exception suggested that CFIUS planned to limit the applicability of the mandatory filing rules to many software products as well as encryption-related hardware items. The Proposals would limit the ENC exception, specifying that not all ENC-eligible products can avoid a mandatory filing requirement because export of such products to certain investors may require a U.S. regulatory authorization.
The Proposals also would add two additional exceptions from the Export Administration Regulations, the dual-use export control laws, that could, in certain cases, extinguish the mandatory filing obligation: where export to the foreign person would be eligible for a license exception for i) certain "unrestricted" technology and software or ii) certain types of "strategic trade." The utility of these exceptions is not yet clear; it will depend in part on how CFIUS approaches their implementation, as discussed below.
The Digestif: Potential Impacts for Companies and Investors
The second and third parts of the Proposals, both of which involve the critical technologies analysis, appear intended to focus on those cases involving countries of greater national security concern. In this regard, the Proposals represent a reasonable attempt by CFIUS to clarify mandatory filing obligations and focus on transactions presenting heightened risk. However, in practice, the Proposals would demand more legal analysis (in comparison to the current rules) in order to determine whether a mandatory filing applies. Accordingly, if implemented in their current form, the Proposals may unintentionally create a greater legal burden on filing parties.
Currently, parties are able to extinguish a "critical technology" mandatory filing obligation based on a conclusion that the U.S. business's activities are outside of the 27 NAICS-denominated sensitive industries. While this determination is often unclear, it is also relatively uncomplicated, since few rules apply to NAICS code categorizations and these categorizations historically have been left to the parties' discretion. Under the Proposals, with NAICS codes no longer a basis for determining that there is no mandatory CFIUS filing, it will become even more desirable to determine that there are no critical technologies at issue in the underlying business. If the presence of critical technologies cannot be ruled out, the parties may be forced to enumerate multiple foreign investing entities—not just the direct investing parties, but also their significant minority owners—and then to perform complex export control analyses on each such entity, merely to determine whether a CFIUS filing must be made.
Ultimately, we would expect the Proposals, if implemented in their current form, to lead to more required filings for investments from countries that are subject to more strict export controls (e.g., China, Russia), while loosening the requirements for other investors. We would also expect targets that possess critical technologies to more aggressively seek representations that investors are not involved with general partners, managers, or limited partners from countries for which export controls are more stringent. Even though the first part of the Proposals, on "substantial interests," addresses a separate issue and a wider set of sensitive target businesses, the end result will likely be similar—i.e., the need for the U.S. business to scrutinize the investor and its structure more closely. Ultimately, that may mean more legal overhead for investment into sensitive companies.
The public has until June 22, 2020 to comment, after which time CFIUS will review the public comments, revise the Proposals based on those inputs, and publish final rules. If you would like to discuss making comments to the Proposals, or if you have other questions about the new CFIUS rules, please contact Stephen Heifetz, Josh Gruenspecht, or any member of the firm's National Security/CFIUS practice.