What Is the National Security and Investment Act and How to Comply?

A transaction triggers mandatory NSIA review when a foreign person acquires control of a U.S. .usiness, including real property in certain sensitive sectors, and the deal meets statutory thresholds for national security risk. The statute captures traditional M&A, minority investments, joint ventures, leases, and contractual arrangements that confer control or access to sensitive technology, critical infrastructure, or personally identifiable information. Deal counsel must evaluate whether the target operates in a covered sector (defense, energy, telecommunications, semiconductors, critical infrastructure), whether the acquirer is foreign, and whether the transaction structure effectively grants operational influence or board-level access.

Filing is mandatory for acquisitions of control; voluntary filings are permitted for transactions below the control threshold to obtain CFIUS clearance and reduce enforcement risk. The NSIA defines control broadly to include voting power, board representation, veto rights, or operational management authority. Corporate acquirers often face ambiguity about whether a minority stake with governance rights qualifies as control, and misjudging this threshold can result in a late or missing filing that exposes the deal to unwinding orders even after closing. Practitioners advise early consultation with CFIUS specialists to map the transaction against the statutory control definition and covered-sector rules before deal announcement.

A mandatory NSIA filing must be submitted to CFIUS before closing; voluntary filings may be submitted at any time, but are most effective when filed before closing to obtain an official clearance letter. The initial review phase runs 30 days from a complete filing, with CFIUS issuing either a notice of no national security concern, a request for additional information, or a notice that a secondary investigation will commence. If CFIUS initiates secondary investigation, the parties enter a 45-day period during which the transaction is suspended, and CFIUS may issue a final order prohibiting, conditioning, or clearing the deal.

A secondary investigation notice does not mean the deal will be cleared; it signals that CFIUS staff and inter-agency partners are evaluating whether the transaction poses genuine national security concerns. Parties cannot close during the secondary review period, and any attempt to close in violation of this suspension order exposes the acquirer to civil penalties, criminal liability, and mandatory divestment. Deal documents must include explicit closing conditions tied to CFIUS clearance, and parties should document receipt of all CFIUS notices in the transaction record.

An effective NSIA filing package includes a comprehensive narrative describing the transaction structure, the target's business operations and technology, the acquirer's foreign ownership and government ties, and a detailed national security risk analysis. The narrative must be precise and candid; CFIUS staff review filings against public databases of the acquirer's prior conduct, government relationships, and technology exports. Corporate counsel should engage outside CFIUS specialists to draft the filing and coordinate responses to information requests, as the quality of the initial submission often determines whether CFIUS clears the deal in initial review or escalates to secondary review.

Deal structuring choices directly influence NSIA risk. Acquirers sometimes attempt to avoid CFIUS review by acquiring only non-controlling assets or by structuring a transaction as a license rather than an acquisition, but CFIUS looks through form to economic substance. Transactions involving multiple foreign investors, foreign government-owned entities, or acquisitions of U.S. .usinesses with defense contracts or critical infrastructure ties face heightened scrutiny. Corporate boards should consider whether to propose voluntary mitigation measures (such as restricted board access, data security protocols, or technology export controls) as part of the initial filing to reduce CFIUS concerns and accelerate clearance. Our experience with CFIUS and U.S. national security reviews shows that early, transparent disclosure of foreign ownership and mitigation proposals often shortens the review timeline and reduces the risk of secondary investigation.

When CFIUS issues a secondary investigation notice or indicates national security concerns, the acquirer can propose mitigation measures designed to address the specific risk CFIUS has identified. Common mitigation strategies include restricting foreign access to sensitive technology or data, imposing contractual limitations on the acquirer's ability to transfer intellectual property to foreign entities, requiring security clearances for employees with access to sensitive information, or appointing a U.S.-controlled trustee to oversee compliance with national security safeguards.

If CFIUS proposes conditions that the acquirer cannot accept, the acquirer's options narrow significantly. The acquirer can attempt to negotiate revised conditions with CFIUS, but CFIUS is not obligated to modify its position. Alternatively, the acquirer can withdraw the transaction before CFIUS issues a final order, which avoids a formal prohibition but leaves the deal in limbo. If CFIUS issues a final order prohibiting the transaction, the acquirer can request presidential review under the NSIA, but presidential intervention is rare. In practice, corporate acquirers often restructure the transaction to reduce national security risk rather than pursue a transaction that CFIUS has signaled will face prohibition.

Corporate acquirers should begin NSIA risk assessment as soon as a transaction is contemplated, ideally before signing a letter of intent or exclusivity agreement. The acquirer should retain experienced CFIUS counsel to evaluate whether the target operates in a covered sector, whether the acquirer's foreign ownership structure triggers CFIUS jurisdiction, and whether the transaction structure can be modified to reduce national security risk. This early assessment allows deal counsel to build CFIUS compliance into the transaction timeline and to negotiate purchase agreement terms that allocate CFIUS risk between the parties.

Once the transaction is announced or enters due diligence, the acquirer must treat NSIA compliance as a material closing condition and should prepare preliminary CFIUS filing materials in parallel with other due diligence. The acquirer should document all steps taken to evaluate and mitigate national security concerns, including board approvals, legal opinions, and communications with CFIUS specialists. If the target is a U.S. .usiness with defense contracts, critical infrastructure ties, or sensitive technology, the acquirer should request that the target provide a summary of its government contracts and export licenses.

Corporate boards should consider whether to make a voluntary CFIUS filing even if the transaction may not be mandatory, to obtain an official clearance letter and reduce the risk of post-closing enforcement action. A voluntary filing that results in a clearance notice provides significant protection against later CFIUS challenges. Finally, the acquirer should ensure that all material facts about the acquirer's foreign ownership, prior transactions, and government relationships are accurately disclosed in the CFIUS filing, and should update CFIUS immediately if material facts change before closing. Our experience with international class actions and cross-border litigation involving blocked transactions underscores the importance of transparent CFIUS engagement and comprehensive deal documentation to minimize later disputes with regulators or other stakeholders.