Fdi Compliance: When Does Cfius Trigger Mandatory Filings?

Defense Production Act of 1950 § 721 (50 U.S.C. § 4565) authorizes Committee on Foreign Investment in the United States (CFIUS) to review covered transactions involving foreign control of US business with national security implications. CFIUS is interagency committee chaired by Treasury Secretary with member agencies including DOD, DOJ, State, Commerce, DHS, USTR, and OSTP coordinating review and recommendation. Presidential authority to block or unwind transactions under § 721(d) provides ultimate enforcement mechanism with judicial review limited under Ralls Corporation v. CFIUS, 758 F.3d 296 (D.C. Cir. 2014). Executive Order 11858 (1975, as amended by EO 13456 and EO 14083) establishes CFIUS procedural framework with subsequent EOs targeting specific countries and technology sectors. Our CFIUS & US National Security practice handles covered transaction analysis, presidential decision strategy, and Ralls due process positioning across CFIUS engagements.

Foreign Investment Risk Review Modernization Act (FIRRMA, P.L. 115-232, 2018) expanded CFIUS jurisdiction beyond control transactions to "covered investments" in TID (critical Technology, critical Infrastructure, sensitive personal Data) US businesses. FIRRMA introduced mandatory filing requirements for covered transactions involving substantial foreign government interest and certain critical technology investments under 31 C.F.R. § 800.401. Part 802 real estate jurisdiction extends to acquisitions of real estate near military installations, airports, maritime ports, and other sensitive facilities even without operational business component. Streamlined Declaration filing (30-day review) under FIRRMA provides alternative to traditional Notice for simpler transactions seeking expedited clearance. Our foreign direct investment practice maps FIRRMA TID applicability, Part 802 real estate jurisdiction, and declaration vs notice strategy at the deal structuring stage.

Critical technology includes items on Commerce Control List (CCL), US Munitions List (USML), emerging and foundational technologies under ECRA 2018, and items subject to specific export licensing requirements creating mandatory filing triggers for non-controlling investments. Critical infrastructure under 31 C.F.R. § 800.214 covers Appendix A enumerated assets in 28 categories including electric grid, telecommunications, financial services, water systems, and defense industrial base. Sensitive personal data covers identifiable data on US persons in categories including financial, health, geolocation, and biometric data when collected on more than one million individuals. Foreign government substantial interest (49%+ voting interest or 51%+ board control by single foreign state) creates additional mandatory filing trigger under 31 C.F.R. § 800.401(c). Our foreign business registration practice handles TID classification analysis, critical technology identification, and sensitive personal data threshold determination across pre-closing diligence.

Mandatory filings under 31 C.F.R. § 800.401 require parties to file Declaration or Notice with CFIUS within deadline, with non-compliance penalties up to value of transaction. Voluntary filing strategy weighs CFIUS retroactive review risk against deal certainty cost, with voluntary notice typically advisable for any meaningful national security profile transaction. Declaration (short-form, 30-day review) suits straightforward transactions where parties anticipate clearance, while Notice (long-form, 45+ day review) accommodates complex transactions with potential mitigation discussions. Post-closing CFIUS notification (post-transaction) under 31 C.F.R. § 800.501 remains available but exposes parties to forced divestment if national security concerns identified. Our business investment law practice evaluates mandatory filing triggers, voluntary filing strategy, and parallel deal certainty positioning across cross-border investment structures.

Export Administration Regulations (EAR, 15 C.F.R. Parts 730-774) administered by Bureau of Industry and Security (BIS) restrict export, reexport, and deemed export of dual-use items on Commerce Control List (CCL). Deemed export rule under 15 C.F.R. § 734.13 treats release of controlled technology to foreign national in US (including by foreign acquirer's personnel) as export requiring license. Entity List (15 C.F.R. § 744 Supplement 4) restricts exports to designated parties with semiconductor manufacturer additions in 2022-2024 expanding China-related restrictions. ITAR (International Traffic in Arms Regulations, 22 C.F.R. Parts 120-130) administered by Directorate of Defense Trade Controls applies stricter controls to USML items requiring licensed manufacturer registration. Our export control law practice coordinates EAR/ITAR analysis, Entity List screening, and deemed export licensing alongside CFIUS review.

OFAC (Office of Foreign Assets Control) sanctions programs under IEEPA (50 U.S.C. § 1701 et seq.) prohibit transactions with Specially Designated Nationals (SDN List), embargoed countries, and sectoral sanctions targets. Pre-closing OFAC screening of foreign investor, ultimate beneficial owners, intermediate entities, and downstream customers creates standard cross-border investment diligence framework. Executive Order 14105 (August 2023) outbound investment regulation restricts US persons' investment in PRC entities developing advanced semiconductors, quantum technology, and AI systems (Treasury final rule effective January 2, 2025). Team Telecom (Executive Order 13913) review by DOJ, DHS, and DOD applies to FCC license transfers involving foreign ownership creating parallel national security review pathway. Coordinated cross-border data protection framework addresses parallel data sovereignty restrictions, ICTS supply chain orders, and downstream data transfer compliance.

Mitigation agreement negotiation, civil penalty defense, and presidential divestment order litigation form the resolution dimension. Each pathway requires specific procedural framework, evidence development, and parallel proceeding management.

CFIUS mitigation agreements address identified national security concerns through binding commitments including foreign personnel restrictions, board composition requirements, US government-approved trustees, security officer designations, and data access protocols. Network Security Agreements (NSAs) for telecom and IT transactions establish specific access, audit, and information sharing protocols with US government monitor. Proxy Agreements (PAs) provide most stringent structure with US government-approved proxy board controlling sensitive US business operations and limiting foreign owner influence to financial returns. CFIUS Monitoring Office tracks ongoing mitigation compliance with annual reporting, audit rights, and material breach consequences including unwinding orders. Our aerospace and defense practice negotiates NSA structures, Proxy Agreement terms, and Special Security Agreement (SSA) frameworks calibrated to underlying national security concerns.

CFIUS Enforcement and Penalty Guidelines (October 2022) authorize civil penalties up to value of transaction for material violations, with material breach of mitigation agreement creating ongoing exposure beyond closing. Presidential divestment orders under § 721(d) require foreign owner to divest US business within specified timeline, with TikTok divestment order (2020 and ongoing) and Ralls Corporation v. CFIUS (D.C. Cir. 2014) demonstrating enforcement framework. Ralls established due process protections for parties facing divestment with access to non-classified information and opportunity to respond, though deference to executive national security judgment remains strong. Recent 2023-2024 CFIUS enforcement actions targeted non-notification penalties, mitigation breach violations, and retroactive review of historic transactions in critical sectors. Coordinated data centers and AI cloud infrastructure counsel manages penalty defense, divestment order challenges, and parallel D.C. Circuit appellate strategy across CFIUS proceedings.

Mandatory CFIUS filings under 31 C.F.R. § 800.401 trigger when transaction involves (1) covered investment in TID US business with critical technology requiring export license to investor's country, or (2) substantial foreign government interest (49%+ voting or 51%+ board) in covered investment in any TID US business. Real estate transactions near sensitive facilities under 31 C.F.R. Part 802 trigger separate filing pathway. Non-filing penalties can reach value of transaction.

Declaration (short-form) review takes 30 days with possible request for full Notice filing. Notice (long-form) review is 45-day initial review plus 45-day investigation (with possible 15-day extension) plus 15-day presidential decision if referred. Total Notice timeline typically 90 to 120 days for cleared transactions and longer when mitigation negotiations or presidential review applies.

Yes, CFIUS can recommend presidential blocking or divestment under § 721(d) of Defense Production Act. Recent examples include TikTok divestment order (2020 ongoing), Broadcom/Qualcomm blocking (2018), and Ralls Corporation (2012). Post-closing transactions remain subject to retroactive CFIUS review and presidential divestment authority if national security concerns identified.