by Donald Gross
The incoming Biden-Harris administration is highly likely to keep in force a recent Treasury Department rule requiring parties that are negotiating foreign investments in any “critical technology” controlled by US export control laws or regulations to report pending transactions to the Committee on Foreign Investment in the United States (CFIUS).
The new rule significantly increases the number of companies across a full range of industries which will be scrutinized by CFIUS and are subject to investigation for their technology transactions – in the fields of biotechnology, life sciences, pharmaceuticals, artificial intelligence, microprocessors, quantum computing, robotics and advanced surveillance technologies, among others.
Until the new rule became effective on October 15, 2020, mandatory filings with CFIUS were required for only two types of narrower transactions. The first such transaction occurs when a foreign government obtains a “substantial interest” in a US “Technology, Infrastructure or Data” (TID) business – based on a “foreign person” acquiring a 25 percent or greater voting interest directly or indirectly in a US business where theforeign governmentin turn holds a 49 percent or greater voting interest, directly or indirectly, in that foreign person.
The second type of transaction in which a mandatory CFIUS notification has been required is a foreign investment in companies that produce, design, test or manufacture “critical technologies” if the foreign investor obtains 1) “control” of the US business; 2) any significant governance rights; or 3) business information rights. However, this mandatory notification requirement is only triggered if the technology is used or designed for use in one of 27 specific industries.
The new rule announced on October 15, 2020 calls for mandatory notification to CFIUS of any investment in a US company involving the development, testing, production or use of any technology which needs a license to export. Importantly, foreign investors in this controlled technology must notify CFIUS if the foreign investment they seek meets or exceeds the 25 percent voting interest threshold.
The term “export”, for purposes of the rule, includes any sharing of information about the technology with a person who is not a US citizen or US permanent resident – regardless of whether the technology is ever actually transferred to another country.
The new Treasury approach is a mechanism for implementing two laws passed with broad bipartisan support to protect sensitive US technology from acquisition by potential adversaries: the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) and the Export Control Reform Act of 2018 (ECRA).
The final rule became effective on the same day the Trump administration released its “National Strategy for Critical and Emerging Technologies” which laid out a comprehensive approach for closely monitoring the possible transfer to other countries of cutting-edge technologies that have military or security applications while simultaneously protecting US global technological leadership in a variety of industries.
The Biden-Harris campaign laid out its stance on this issue when it pledged to “take aggressive trade enforcement actions” in a document titled The Biden Plan to Secure the Future is ‘Made in All of America’ by All of America’s Workers: “From cyberattacks to forced technology transfer to talent acquisition, American ingenuity and taxpayer investments are too often fueling the advances in other nations.”
For parties making investments in a US technology business, it is now essential to determine the export control status of all products, technology and software that are developed or manufactured by that US business. This entails a process of assessing the potential end-users of the technology, ascertaining the applicable licensing requirements, and conducting an export control review.
The assessment process must occur prior to 1) completing the investment transaction, 2) executing a binding written agreement which describes material terms of the transaction, 3) making a public offer to buy shares of a US business or 4) soliciting shareholder proxies for an election to the Board of Directors – whichever is earliest.
It is also necessary to check possible exceptions that would allow sharing information about critical technology with a foreign investor. Exceptions exist if the technology is encrypted, broadly available, or destined for certain allies of the United States – at present, Australia, Canada and the United Kingdom. If any of these exceptions apply, parties to the investment transaction are not subject to the mandatory CFIUS notice requirement.
The new Treasury rule clearly increases the burden on parties that are negotiating foreign investments in US “critical technology” to exercise the utmost due diligence to ensure they’re cognizant of whether the technology is controlled by the US Government.
Nearly all corporate transactions with foreign investors deserve to undergo CFIUS risk analysis to establish whether the transaction requires a mandatory CFIUS filing and whether CFIUS is likely to investigate.
Taking this prudent approach is far better than simply accepting a high degree of risk that CFIUS or other US export control agencies will impose serious penalties on companies for their violations. Criminal penalties can include up to 20 years of imprisonment and up to $1 million in fines for each violation. Civil monetary penalties can reach up to $300,000 per violation or twice the value of the transaction, whichever is greater. Violators can also suffer denial of their export privileges.