The Committee on Foreign Investment in the United States (CFIUS) has published its final regulations to fully implement the updated national security review process of foreign direct investments in the United States as set forth in the Foreign Investment Risk Review Modernization Act (FIRRMA). This law made various amendments to the CFIUS review process, including requiring regulations for the reporting of transactions involving certain non-controlling investments and certain real estate transactions that previously fell outside CFIUS’s jurisdiction. After issuing proposed rules in September 2019 (see Trump and Trade Update of September 24, 2019), the Department of the Treasury (Treasury) has recently finalized these regulations pertaining to “Certain Investments in the United States by Foreign Persons” and “Certain Transactions by Foreign Persons Involving Real Estate in the United States.” Consistent with the statutory requirements of FIRRMA, these final regulations will become effective on February 13, 2020. Treasury also released a fact sheet, “Final CFIUS Regulations Implementing FIRRMA.”

To a large extent, after a review of all public comments submitted from the September rulemaking notice, relatively few revisions were made. Below is a summary of key aspects of the final rules:

Certain Non-Controlling Investments in the United States

CFIUS now has jurisdiction to review certain non-controlling investments that allow foreign persons: (1) access to material nonpublic technical information in the possession of the U.S. business, (2) membership or observer rights on the board of directors (or equivalent corporate body) of the U.S. business, or (3) involvement in substantive decision-making regarding actions related to critical technologies, critical infrastructure, or sensitive personal data. Many of these terms and concepts are defined and discussed in the final rule, including the terms: “material nonpublic information”, “substantive decision-making,” “critical infrastructure”, and “critical technologies” (with these last two terms remaining broadly defined to allow CFIUS latitude in its reviews). However, in the final rule, CFIUS has provided a list of identifying covered investments in 28 critical infrastructure sectors that would be of concern in any national security review. For the first time, CFIUS has specific authority to review transactions in which a U.S. business maintains sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security. “Sensitive personal data” is defined to include 10 categories of data (including financial, geolocation, and health data) maintained or collected by U.S. businesses. The regulations also create an exception from “covered investments” for a foreign person defined as an “excepted investor,” so long as any such person is from an “excepted foreign state” (see below). Further, declarations will be required by CFIUS when a foreign government has a substantial interest (a voting interest of 25 percent or more by a foreign person or a voting interest of 49 percent or more by a foreign government in a foreign person) in a covered non-controlling investment transaction.

Certain Real Estate Transactions in the United States

CFIUS will now have the authority to review certain real estate transactions involving foreign persons when the public or private real estate is located near designated airports, maritime ports, military installations or sensitive government facilities. Review of such transactions could be warranted if the foreign person would have the ability to collect intelligence on activities being conducted at such sites or could otherwise expose national security activities to foreign surveillance. To be a covered real estate transaction, the involved foreign person would have to have certain property rights, such as (1) physical access to the real estate; (2) the right to exclude others from physically accessing the property; (3) the right to improve or develop the real estate; or (4) the right to attach fixed or immovable structures or objects to the property. CFIUS has provided a list of 190 military installations and sites that would be locations of concern in any national security review and will rely on the Department of Transportation to identify any airports and maritime ports of concern. There are certain exceptions for transactions in an “urbanized area” or “urban cluster,” as defined by the Census Bureau. Further exceptions will apply to real estate transactions involving a foreign person’s purchase or lease of a single housing unit, for transactions involving certain commercial office space in a multi-unit commercial office building, or for retail trade or food service establishments. While there will be no mandatory filing requirements for real estate transactions, CFIUS has cautioned that only by filing a voluntary notice or a short-form declaration providing notification of a covered real estate transaction will the involved parties potentially qualify for a safe harbor letter.

Excepted Foreign States

For both of the above-mentioned covered transactions, CFIUS has established the concept of “excepted foreign state[s],” defined as those states with compliance laws, orders and regulations similar to those of the United States concerning foreign investments assessed for national security purposes. CFIUS has initially identified Australia, Canada, and the United Kingdom (including Northern Ireland) as excepted foreign states due to their “robust intelligence sharing and defense industrial base integration mechanisms with the United States.” This list may be expanded in the future.  It is important to note that there remain certain criteria that investors from any excepted foreign state must meet in order to be eligible for exemption and that this concept does not apply in instances where the foreign direct investment would result in control of the U.S. business.

Pilot Program on Critical Technology and Assessment of CFIUS Filing Fees

CFIUS also announced that the pilot program requiring mandatory reporting of certain transactions involving critical technology will continue. However, a notice of proposed rulemaking will be issued in the near future proposing to revise the mandatory declaration requirement from one based upon North American Industry Classification System (NAICS) codes to one based on export control licensing requirements. Despite numerous commenters asking CFIUS to narrow the term “critical technologies,” no changes were made to this definition as FIRRMA does not give CFIUS “discretion to change this statutory definition through these regulations.” As such, these final rules do not “ independently define emerging and foundational technologies,” a term set forth under critical technologies. Instead, CFIUS will continue to defer to the Department of Commerce’s separate (and still pending) rulemaking as to the scope of emerging and foundational technologies. Finally, a separate proposed rule will be published at a later date regarding the authorization granted under FIRRMA for the Treasury Department to assess and collect fees with respect to CFIUS filings.