National Defense Authorization Act: Safeguarding Emerging US Technologies

0
314
Aerial view of the Pentagon.

Foreign Investment and Export Control Reform Update (Part 1 of Series)

The John S. McCain National Defense Authorization Act for Fiscal Year 2019 (“NDAA”), signed into law by President Trump on August 13, 2018, brings together several key Congressional efforts to update and reform U.S. controls on foreign investment and to safeguard emerging U.S. technologies in a single piece of legislation that will reverberate globally across M&A, private equity, and in particular venture capital activity and sovereign wealth fund investments. The NDAA both empowers the Committee on Foreign Investment in the United States (“CFIUS”) to review and restrict if necessary, broad categories of transactions under new powers and mandatory review processes, and establishes multiple mechanisms for the identification and protection of crucial emerging technologies in order to safeguard U.S. security.

Key elements of the NDAA discussed in this series of Alerts include:

  • Foreign Investment Risk Review Modernization Act (“FIRRMA”): both a “modernization of the processes and authorities” of CFIUS and a dramatic expansion of the Committee’s potential jurisdiction and resources.
  • Export Control Reform Act (“ECRA”): will create an interagency process to identify “emerging and foundational technologies” that should be subject to export control due to their national security implications.
  • Chinese Investment Activity Report: FIRRMA codifies a requirement for CFIUS to issue a biannual report to Congress on foreign direct investment in the United States by Chinese entities, including breakdowns by government vs. private funds, investment type and industry, and an analysis of patterns of investment.
  • Establishment of National Security Commission on Artificial Intelligence: will conduct a national review of advances in AI and machine learning, address national security needs related to AI, and make recommendations including on how the U.S. can maintain a technological advantage in AI.

Much remains unknown about the details of the implementation of these initiatives, but impacts will be felt immediately in investor diligence, U.S. company scrutiny of foreign funding sources, and potentially in increased execution risk in a broad array of deal types.

CFIUS Jurisdiction Expanded: Focus on Personal Data, Critical Technology, Critical Infrastructure, and Real Estate

Under the prior CFIUS regime, a “covered transaction,” i.e. a transaction that could be subject to CFIUS review, was “any merger, acquisition or takeover… by or with any foreign person that could result in foreign control of any United States business.” FIRRMA expands the scope of “covered transaction” to include:

  • certain types of real estate transactions by foreign persons involving sensitive locations such as ports, airports, or government or military installations;
  • non-controlling (minority), non-passive investments in companies involved with so-called “critical technology” or “critical infrastructure,” including producing, testing, designing, manufacturing, fabricating, or developing critical technologies, or owning, operating, manufacturing, supplying, or servicing critical infrastructure;
  • non-controlling, non-passive investments by foreign persons in companies that maintain or collect sensitive personal data of U.S. citizens; and
  • changes in the existing rights of foreign persons in U.S. businesses. These may have been within CFIUS jurisdiction in the prior regime, but are now clearly covered if those changes in rights result in foreign control.

“Critical technologies,” a crucial term in the new legislation, will include so-called “emerging and foundational technologies” as defined by a new interagency review to be established under the ECRA. That review will be tasked with identifying those emerging and foundational technologies which are essential to the national security of the United States and are not otherwise subject to export controls. Once identified, these technologies will be regulated by the Department of Commerce and acquisitions involving such technologies will be subject to heightened scrutiny by the newly empowered CFIUS.

Finally, FIRRMA expands the definition of when a target is a “U.S. business” that may be subject to CFIUS jurisdiction. Previously, the regulations limited CFIUS jurisdiction to review of a transaction transferring control of a business to the extent of the business’s activities in U.S. interstate commerce. A covered transaction would now be one that involves persons engaged in interstate commerce in the United States. This could, depending on how the new regulations are drafted, permit CFIUS to review transactions globally, as long as an investment by a foreign person in an entity engaged in business in the United States is involved.

CFIUS Filings Restructured: Filing Fees, Mandatory Declarations, and Updated Timelines

In addition to the jurisdictional changes to CFIUS review powers, FIRRMA also aims to improve clarity and efficiency of the application and review process. This does not mean, however, that reviews will be more rapid.

Currently, filings with CFIUS are voluntary (although the Committee has the power to review and block transactions that were not voluntarily submitted), no filing fee is required, and the timelines established in the regulations are aspirational, at best. Under FIRRMA, certain transactions will be subject to mandatory filing, filing fees will be required, and timelines have been revised that may lengthen total predicted review time (to as much as 135 days in some cases).

CFIUS is required to issue regulations that will permit (in some cases) and mandate (in others) the filing of an abbreviated “declaration” that would be not more than five pages in length and permit CFIUS to review the submitted transaction either to clear it, request a full filing regarding the transaction, or commence a review of the transaction on the basis of the declaration. Declarations will be mandatory if the foreign investor is substantially owned by a foreign government and the U.S. business relates to critical infrastructure, critical technologies, or collects sensitive data of U.S. persons. CFIUS may also choose to require mandatory declarations in other types of investments in “critical technology” businesses.

Although FIRRMA incorporates some carveouts from mandatory declarations for traditional passive private equity investing (to be detailed in another installment of this series of Alerts), the implementation of these carveouts will be defined in the forthcoming regulations. However, sovereign wealth funds and newer fund structures (including those favored by many Chinese investors) which give more participation rights to investors, will not be exempt from CFIUS jurisdiction.

The new timelines set forth for CFIUS review in FIRRMA are potentially much longer than those under the current regulations (but may actually be realistic): 30 days for the review of a “declaration,” 45 days for the review of a full submission, and 45-60 days for an investigation by the Committee of a filing which warrants further scrutiny.

In order to provide resources to CFIUS to help facilitate review of the expanded scope of covered transactions (and hopefully meet the timelines described above), FIRRMA also authorizes CFIUS to impose application fees, not to exceed the lesser of 1% of the value of the transaction and $300,000.

Immediate Impacts and Action Items

The changes to CFIUS under FIRRMA will have broad impacts across many areas including fund formation, financing and M&A practices across a broad array of industries, real estate investing, and licensing and technology transfer agreements. The vast majority of the detail necessary to predict FIRRMA’s impact on a particular transaction or situation is not yet available pending the issuance of regulations. One of the few concrete changes now is that the new, longer timeline to review filings (45 days) is effective immediately with respect to any notice accepted after FIRRMA’s effective date.

We do not know, for example, the precise contours of the key terms “critical technologies” and “critical infrastructure,” or the extent to which a foreign person may have ties to a foreign government before their involvement in a transaction will trigger a mandatory filing. Nonetheless, CFIUS’s expanded jurisdiction is effective immediately – and will be more clear as soon as it is able to issue regulations to define its reach. Any transaction that was not completed prior to FIRRMA’s effective date is potentially subject to this enhanced scrutiny and scope.

Starting now:

  • Any transaction involving foreign funding at any level, including a financing, must now be analyzed through the cloudy lens of FIRRMA – most crucially any transaction even potentially involving “critical technology” or “critical infrastructure” companies, or those with access to sensitive U.S. person data.
  • Parties should review their standard transaction structures that would not formerly have come within the scope of CFIUS review, for vulnerability under FIRRMA.
  • Parties should thoroughly analyze to what extent a transaction involves foreign funding, including foreign government funding, clearly understand the structures and control mechanisms of investment funds that may provide transaction financing, and determine to what extent the granting of customary rights to investors may bring a transaction within the scope of CFIUS review.
  • Parties should carefully consider how changes to the rights of existing foreign investors, may trigger CFIUS scrutiny.
  • Parties should focus on the export control status of the technologies that may be utilized by the target of a transaction, and review whether this may bring it within the uncertain scope of the concept of “critical technologies.”

While it is not yet possible for parties to prepare completely for the requirements of the forthcoming regulations, it is clear that foreign investment, in particular from China, is now squarely in the spotlight of Congress, as well as the newly empowered CFIUS.

Read the original post here.