On October 15, 2020, CFIUS will officially tie mandatory filings to U.S. export control regimes, including the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR).  While that change may draw a clearer line of what constitutes a mandatory filing, it also pulls your CFIUS review into the complex (and somewhat nerdy) world of export regulations.

The Committee on Foreign Investment in the United States (CFIUS) has the authority to review, mitigate, and even unwind certain foreign acquisitions of, and investments in, U.S. businesses. A majority of such investments are not required to be notified to CFIUS for review. However, many investors and targets choose to submit a notice or declaration to CFIUS because, once CFIUS clears their transaction, the parties can rely on a safe harbor that protects their transaction from future intercession by the Committee.

In 2018, however, the Foreign Investment Risk Review Modernization Act (FIRRMA) created categories of foreign investments that were required to be notified to CFIUS. The addition of mandatory filings was critical because the potential penalty for failure to file may be up to and including the amount of the investment (emphasis added because that is a staggering potential penalty for what could be an administrative oversight).

Prior to October 15, 2020, the categories of transactions requiring mandatory CFIUS filings included investments in U.S. companies involved in the development, production, or testing of “critical technologies” for use in certain industries, determined by the industry’s North American Industrial Classification System (NAICS) code. However, NAICS codes are not uniformly assigned to businesses and it is not always clear whether a business fits under a certain NAICS code description.

Enter The New Critical Technologies Mandatory Filing Rule

Under the most recent Final Rule (85 FR 57124), the NAICS code will no longer be used to determine whether a declaration is mandatory. Instead, as of October 15, parties must submit a CFIUS filing for an investment or acquisition subject to CFIUS jurisdiction where:

1. The target produces, designs, tests, manufactures, fabricates, or develops one or more technology (“critical technologies”) that

2. Requires a “US regulatory authorization” for the export, re-export, transfer (in-country), or retransfer of that technology to either:

3a. The party making the investment that is subject to CFIUS’s jurisdiction, or

3b. Any person that, individually, or as part of a group of foreign persons, holds a voting interest, direct or indirect, of 25 percent or more in the party making the investment subject to CFIUS jurisdiction.

“US regulatory authorizations” include:

  1. Licenses or other approvals required for defense articles or defense services under the International Traffic in Arms Regulations (ITAR);
  2. Licenses required for items controlled under the Export Administration Regulations (EAR);
  3. Specific or general authorizations required for the export of certain controlled nuclear technology under the Department of Energy Regulations; or
  4. Any specific license required by the Nuclear Regulatory Commission Regulations.

Therefore, whether a CFIUS declaration or notice is mandatory for a transaction depends on whether a U.S. regulatory authorization would be required to export, re-export, transfer (in country), or retransfer the target’s technology or technologies to the foreign parties to the transaction.

A Few Exceptions

The coverage of EAR license requirements is vast. Technology related to everything from commercial aircraft parts, to cell phones, to oil and gas exploration equipment is controlled for export and may be subject to license requirements.

However, the Final Rule does provide a few exceptions.[1] The revised CFIUS regulations specify that parties may be exempted from the mandatory filing requirement if the U.S. business has satisfied all of the requirements under the EAR that must be met prior to export (even if no export is to be made) for one or more of the following license exceptions:

  1. Technology and software – unrestricted (TSU) (15 CFR 740.13);
  2. Encryption commodities, software, and technology (ENC) (15 CFR 740.17(b)); or
  3. Strategic Trade Authorization (STA) (15 CFR 740.20(c)(1)).

Each of these exceptions warrants its own chapter in a book,[2] so for now, we will set aside further detail and suffice it to say these exceptions may exempt from mandatory CFIUS filings many encryption technologies as well as many technologies that will be invested in by NATO countries plus Australia, Japan, New Zealand and South Korea (the “NATO Plus” countries).

The Finishing Touches

Under the new rule, please also note the following on timing, eligibility, and excepted investors:

Timing for Mandatory Declarations Involving Critical Technology. The assessment of what constitutes a critical technology in connection with a given transaction shall be made as of the first date on which one of the following occurs:

→ The completion date of the transaction,

→ The parties have executed a binding written agreement establishing the material terms of the transaction,

→ A party has made a public offer to shareholders to buy shares of the U.S. business, or

→ A shareholder has solicited proxies in connection with an election of the board of directors of the U.S. business or an owner or holder of a contingent equity interest has requested the conversion of the contingent equity interest.

“Eligibility” for EAR License Exceptions. In response to requests for clarification of the meaning of “eligible” for the qualifying EAR license exceptions, the final rule clarifies that eligibility for the enumerated EAR license exceptions, and thus exemption from the mandatory filing requirement, refers to any requirements imposed by the EAR that must be satisfied prior to export even if no export is to occur.

Excepted Investor Exemption. Investors from “excepted foreign states” (Australia, Canada, and the UK at the time of this publication) that satisfy various requirements are exempt from the mandatory CFIUS filing requirements as they were prior to this change in the regulations.

The Takeaway

By tying mandatory filings to U.S. export control regimes, CFIUS has put its thumb on the scales. Our export control systems are based on national, technological, and economic security priorities and, therefore, require fewer licenses from allies and more licenses from rivals and adversaries. Therefore, the changes may facilitate foreign investments from NATO Plus countries, while requiring more CFIUS filings with respect to investment from others, such as China and Russia.

The most significant takeaway by far in this scenario is that any prospective investor in a U.S. company should include export compliance counsel in their CFIUS considerations.


[1] We give you fair warning here that we are entering that nerdy world of export control details about which we warned you earlier. You will be forgiven if you choose to skip this section, join us at the conclusion of the article, and leave these details to your export compliance counsel.

[2]  For example, the forthcoming WorldECR book on encryption for which we have written the chapter on encryption.