Skip to Main Content

Introducing: The New CFIUS Requirements, as Approved by the U.S. House and Senate


The Committee on Foreign Investment in the United States (CFIUS) reform legislation, known as the Foreign Investment Risk Review Modernization Act (FIRRMA), attached to the 2019 National Defense Authorization Act, passed both the House and Senate as of August 1 and is now awaiting the President's signature. The new law casts a wider net over what type of transactions and investments will be subject to potential CFIUS review. Thus, dealmakers should carefully review the requirements and document their decisions if the parties decide not to file for CFIUS approval. Read on for an overview of key changes to the CFIUS legislation.

1. Deals Covered:

  • Real Estate Investments: The purchase or lease by, or a concession offered to, a non-U.S. person of a public or private piece of U.S. real estate that: (i) is located within, or will function as part of, an air or maritime installation; (ii) is in close proximity to a U.S. military installation or other national security facility; (iii) could offer a non-U.S. person the ability to collect information about the facility; or (iv) could otherwise put national security activities at risk of foreign surveillance.
  • Critical Technology, Critical Infrastructure, and Sensitive Personal Data Companies: Non-controlling foreign investments in critical technology and critical infrastructure companies and companies that maintain or collect sensitive personal data of U.S. citizens if the investment could offer the foreign person access to material, nonpublic technical information; board membership or observer rights, or the right to nominate a board member; or involvement (other through voting shares) in substantive decision making of the U.S. business.
  • Change in a Foreign Person's or Company's Rights: Any change in the rights that a foreign person has with respect to a U.S. business if the change could result in foreign control of the U.S. business or an investment in a critical technology company, a critical infrastructure company, or a company that maintains or collects sensitive personal data of U.S. citizens.
  • New "Sense of Congress" statutory factors to consider: When reviewing whether a transaction is covered, CFIUS will be able to consider (i) whether a transaction involves a country of special concern that has a strategic goal of acquiring technologies or critical infrastructure that would affect U.S. technological leadership in that area; (ii) the national security effects of potential cumulative market control by foreign persons; (iii) whether a foreign person involved in a transaction has a history of complying with U.S. law; (iv) how the control of U.S. industries and commercial activity affects the capability and capacity of the U.S. to meet the requirements of national security; (v) the extent to which a transaction is likely to expose sensitive or personally identifiable data of U.S. citizens to exploitation by foreign persons and governments; and (vi) whether a transaction exacerbates or creates new cybersecurity vulnerabilities, or allows a foreign government to gain new significant capabilities to engage in malicious cyber activities against the U.S.
  • Attempts to Evade CFIUS: Any transaction, transfer, agreement, or arrangement designed or intended to evade or circumvent CFIUS review.

2. Administrative Changes:

  • Extended Review Period: The review period will be extended from 30 days to 45 days and allows the Committee to extend an investigation for one additional 15-day period in "extraordinary circumstances."
  • Short Form Declaration: Companies can submit five-page, short-form "declaration" as opposed to filing a notice. CFIUS would have 30 days to decide whether to require a full formal filing or determine that no further action is necessary. Declarations will be mandatory for transactions that involve an investment that results in the direct or indirect acquisition of a substantial interest in a critical technology company, a critical infrastructure company, or a company that maintains or collects sensitive personal data of U.S. citizens by a foreign person in which a foreign government has a direct or indirect substantial interest.
  • Unilateral Review: CFIUS will be able to unilaterally initiate a review of a previously reviewed transaction if a company materially breaches a mitigation agreement or condition when there are no other "adequate or appropriate" remedies, even if the breach was unintentional.
  • Suspension Authority: CFIUS will be able to suspend a transaction during its review and investigation, and can short its investigation and refer the matter directly to the President for action. CFIUS also will have expanded authority to impose interim mitigation measures in the period of time that a transaction is before them.
  • Judicial Review: Companies will be permitted to challenge CFIUS actions and findings by bringing a civil action in the U.S. Court of Appeals for the D.C. Circuit and procedures will be established for the review of privileged or protected information in judicial proceedings.
  • Filing Fees: New filing fees based on the value of the transaction, taking into account the effect of the fee on small business concerns, the expenses of the Committee, the effect of the fee on the foreign investment, and other matters that the Committee deems appropriate. The filing fee will not exceed the lesser of $300,000 or one percent of the value of the transaction.

3. Export Control Reform:

The bill also includes the "Export Control Reform Act of 2018," which codifies the Department of Commerce's export control regime and directs the agency to establish an export control process that covers "emerging and foundational" technologies. This will be done through the creation of an interagency process where the Secretaries of Commerce, Defense, Energy, and State will identify emerging and foundational technologies "that are essential to the national security of the United States."

4. Timing and Next Steps

The bill is now awaiting signature from President Trump. Most of the key FIRRMA provisions will have to wait for implementing regulations to be published, and these will go into effect 30 days after the regulations are published in the Federal Register or 18 months after enactment of FIRRMA, whichever comes first. However, FIRRMA authorizes the Committee to implement pilot programs to institute the provisions earlier than this, as long as the relevant notices are published at least 30 days in advance. This can affect how foreign investment decisions should be reviewed and contemplated today. For example, the mandatory filing provisions will have to be considered, as well as the new types of transactions potentially subject to review. Keep in mind that the mandatory declarations will be required to be submitted to the Committee at least 45 days before a covered transaction is completed and that CFIUS can impose penalties for failure to notify. 

If you have any questions about CFIUS and how it will affect your business, please contact Julius Bodie, or any member of Baker Donelson's International Trade Team.

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept