Washington Seeks New Regulation of Technology Investments: What You Need to Know Now About the Proposed CFIUS Legislation

November 9, 2017

On November 8, 2017, a bipartisan coalition in Congress introduced the Foreign Investment Risk Review Modernization Act (FIRRMA), which would greatly expand the reach and consequence of the Committee on Foreign Investment in the United States (CFIUS).

FIRRMA would impose mandatory reporting and government review of a broad swath of foreign investments in, and other foreign arrangements with, U.S. companies. In particular, FIRRMA would affect foreign investments in technology companies, including raising the possibility that investments by U.S. venture capital funds with foreign limited partners could be subject to lengthy CFIUS reviews. Given its bipartisan congressional support and its support from the Trump administration, enactment of FIRRMA appears possible.


FIRRMA would alter the CFIUS regulatory regime, which historically has governed investments by foreign entities that may acquire "control" of any U.S. business that implicates national security. Under current law, the touchstone for "control" is a stake of 10 percent or more and/or some ability to direct the business, such as through board seats or veto rights. FIRRMA seeks to expand the scope of CFIUS to include a wide swath of other investments, including:

  1. smaller investments in U.S. businesses, including transactions where an otherwise passive foreign investor receives access to (a) nonpublic technical information about the company, or (b) other company information not available to all investors;
  2. other collaborative arrangements between foreign entities and U.S. businesses, beyond acquisitions and investments, such as joint ventures; and
  3. mandatory CFIUS reviews (rather than voluntary filings) for certain categories of transactions, specifically (a) where a foreign government has a significant stake, or (b) where the transaction is covered by rules that CFIUS is directed to prescribe, with an eye to protecting technology of potential importance to U.S. national security.

These gatekeeping issues, which are the focus of this WSGR Alert, are those likely to be of most critical importance to companies and investors. It is important to note that FIRRMA also would change CFIUS in myriad other ways, including extending the length of the CFIUS process; changing the amount of information that must be provided to CFIUS; elevating the role of the U.S. intelligence community; limiting the ability of parties to challenge CFIUS decisions; and increasing the costs of making a CFIUS filing.

While some of these changes would become effective upon enactment of FIRRMA, including the lengthening of the initial CFIUS review period from 30 to 45 days, much of what is most critical for businesses and investors would not be effective immediately. Rather, many new regulations would be needed to interpret and implement the statute, and these regulatory interpretations would affect dramatically much of the new CFIUS regime.

As enactment of FIRRMA would put in flux much of the regime until promulgation of the regulations, this advisory focuses on the gatekeeping issues of whether and under what circumstances FIRRMA, if enacted, would require parties to pay attention to CFIUS when making investments or acquisition decisions.


Earlier this year, a paper drafted by the U.S. Department of Defense's Silicon Valley-based acquisitions team expressed alarm about the acquisition of U.S. technology by China. FIRRMA responds to that alarm. New requirements, however, generally would apply broadly to investments by (and other arrangements with) non-U.S. individuals and businesses, not only to Chinese investments. CFIUS may choose to exempt certain arrangements with U.S. allies designated by CFIUS, but FIRRMA would not require CFIUS to make these carve-outs.

CFIUS long has conducted national security reviews of foreign investments. As noted above, under existing law, a transaction is subject to CFIUS review if it could result in foreign "control" of a U.S. business. Such transactions are "covered transactions." While "control" under current regulations is defined very broadly—e.g., a single board seat or an investment of more than a 10 percent equity stake may constitute control—FIRRMA would broaden CFIUS jurisdiction. Moreover, while current law makes CFIUS review voluntary (but often recommended in order to receive a "safe harbor" against a divestment order), FIRRMA would make it mandatory to file some types of covered transactions with CFIUS.

Broader Scope of Review

FIRRMA would broaden the scope of CFIUS jurisdiction to include, among other covered transactions:

  • virtually any investment by a foreign person in a U.S. "critical technology company" or "critical infrastructure company" (both defined broadly and amorphously) unless it is a "purely passive" investment (and "purely passive" investments are defined very narrowly);
  • the contribution by a U.S. critical technology company of intellectual property and support to a foreign person, whether via joint venture or other arrangement (except for an ordinary customer relationship); and
  • a purchase or lease by a foreign person of real estate close to a military installation or other sensitive site.

Furthermore, the proposed legislation requires certain categories of transactions to undergo mandatory reviews. Currently, filing with CFIUS is not mandatory—rather, parties file covered transactions with CFIUS to safeguard against the risk that CFIUS might determine, post-closing, that the deal adversely affects national security and must be unwound. Historically, many deals involving foreign investors have ignored CFIUS, particularly deals involving early stage companies.

Under the proposed legislation, however, filing covered transactions with CFIUS would be mandatory if there were a covered transaction in which:

  • the foreign investor acquires an interest in a U.S. business of 25 percent or more, when a foreign government owns—directly or indirectly—25 percent or more of the foreign investor; or
  • other factors to be determined by CFIUS are implicated.

The first category of transactions raises questions as to how foreign government involvement will be determined. This issue will be particularly important regarding Chinese investment, as the U.S. government generally has viewed virtually all Chinese investment as tied directly or indirectly to the Chinese government.

The second category of mandatory filings has the potential to be broadly consequential. FIRRMA directs CFIUS to require mandatory filings for certain types of covered transactions based on "appropriate factors," including:

  • the technology in which the U.S. business trades or the industry of which it is a part;
  • the difficulty of remedying the harm to national security that may result from the transaction; and
  • the difficulty of obtaining information about the covered transaction.

Changing the Silicon Valley Model?

For decades, a basic proposition in Silicon Valley has been that all bets are welcome: anyone can learn about and invest in innovative companies and reap the benefits if those companies thrive. Many other regions (but not all countries) have followed this model. FIRRMA aims to regulate and constrain that model in the name of national security. FIRRMA suggests that not everyone should have access to ideas hatched in the United States.

Whether the FIRRMA constraints will be imposed is not yet clear, but the implications for companies and investors are potentially momentous. We will continue to monitor developments.

For more information about FIRRMA or any other CFIUS-related matter, please contact Stephen Heifetz (; Melissa Mannino (; Beth George (; or any member of the national security practice at Wilson Sonsini Goodrich & Rosati.

John Lynch and Thu Hoang contributed to the preparation of this WSGR Alert.