Legal briefing | |

CFIUS Update – US Treasury Department modifies filing requirements for critical technologies


Following a consultation undertaken by the US Treasury Department, a new rule will come in to force on 15 October 2020 altering the current mandatory Committee on Foreign Investment in the United States ("CFIUS") filing requirements. The amendment relates specifically to foreign direct investments ("FDI") into US businesses with a 'critical technology' focus.

This new rule changes the previous approach to critical technology filings by focussing on whether the products and/or technology in question supplied by the US business would need a license for export to the proposed foreign investor. These changes can be placed in the context of broader efforts made by the US administration over recent years to address numerous perceived national security-related trade and investment issues with foreign countries.

The Current Approach

In 2018, the Foreign Investment Risk Review Modernization Act ("FIRRMA") brought in mandatory filing obligations to the CFIUS review process, starting with the critical technologies pilot. Until the new changes come into effect, CFIUS requires a filing to be made in advance where a US business (including the international component of a wider international business) designs, produces, manufacturers, fabricates, develops and/or tests critical technologies connected to one or more of the 27 industries listed on the North American Industry Classification System ("NAICS"). These 27 categories were selected on the basis of being those which “certain strategically motivated" FDI could pose a perceived threat to US technological superiority and national security.

The New Rule

From the 15 October 2020, the '27' industries test will no long apply in the context of critical technologies. Instead, the relevant parties involved in the transaction will need to make a determination as to whether the critical technologies in question would require certain US government "regulatory authorisations" for export or re-export to certain transaction parties or foreign persons in their ownership chains. This will require consideration of how the U.S. business' products would be classified — even if the company does not currently export some or all of its products. The specific regulatory authorisations that are relevant are as follows:


  1. International Traffic in Arms Regulations ("ITAR") license or other authorisation (for defence articles or defence services);

  2. Export Administration Regulations ("EAR") license;

  3. A specific or general authorization from the Department of Energy; or

  4. A specific license from the Nuclear Regulatory Commission.


These changes represent a shift from an industry-level analysis of the U.S. business to instead focus on the export controls governing the target's sensitive technologies to the foreign parties to the transaction. The determination that needs to be made will be easier where analysis has already been undertaken in advance of a proposed transaction, and parties would be prudent to adjust due diligence procedures early to avoid unnecessary transaction delays near signing.

Of course, in many cases export control authorisations are only required in respect of parties based in jurisdictions subject to tighter U.S. export control requirements (e.g. China) and/or entities placed on restricted parties lists. Analysis carried out in advance may therefore not be sufficient, as the relevance of licenses and/or authorisations may be wholly dependent on who the potential investor and/or their beneficial owners. This may be a particular issue where there are multiple parties bidding for the same target.  

Exceptions and Failure to Notify

Although in most situations the mandatory filing requirement will be applicable, in limited instances, where the critical technologies involved are covered under certain EAR existing license exceptions (but not ITAR), they will be exempt. For instance, critical technologies that are self-classified by a U.S. business as eligible for License Exception 'ENC' (under EAR) would not be subject to mandatory filing requirement.

Failure to notify CFIUS of a transaction subject to a mandatory declaration requirement could result in CFIUS requesting a relevant filing, unilaterally initiating a CFIUS review post-closing, forcing a buyer to divest its interest in a U.S. business and/or imposing a fine on both the buyer and the seller up to the total value of the transaction.


The new rule is likely to expand the universe of critical technology mandatory filings by removing the requirement of a connection to certain specified NAICS industry codes. The rule may also provide greater clarity to businesses and investors as it leverages the existing U.S. export control regime and, in particular, the EAR licensing regime - which may be more familiar to the international business community. By removing the uncertainties of the 27 industries test, going forward, it should be easier for companies, investors and legal advisors to identify which transactions might be impacted by CFIUS at an earlier stage.


Read Doug Bryden Profile
Doug Bryden
Back To Top