August 8, 2018 – On August 1, 2018, following action by the House of Representatives, the U.S. Senate passed the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (“NDAA”).  The legislation is now before President Trump, who is widely expected to sign it into law.  In addition to providing funding for U.S. defense, the legislation includes landmark reforms to the process used by the Committee on Foreign Investment in the United States (“CFIUS”) to review foreign acquisitions and investments in the United States and makes significant changes to the dual-use export control regime.  The bill also takes aim at major Chinese firms, with a ban on U.S. government procurement of certain telecommunications equipment manufactured by Huawei, ZTE, and other suppliers.

While the NDAA’s proposed CFIUS reforms include a new short-form declaration option that is expected to streamline foreign investment review involving countries friendly to the United States, other provisions in the NDAA highlight a broader and growing concern among U.S. lawmakers regarding China.  Among other changes, the NDAA would expand CFIUS’s authority to review foreign investments involving sensitive real estate in close proximity to U.S. military sites (China’s activity with similar real estate transactions has previously drawn concern from U.S. lawmakers), and would enhance export licensing requirements for exports to countries subject to arms embargos (including China).  The NDAA’s prohibition on government procurement from major Chinese contractors expands on a similar Department of Defense policy announced in May of this year.

Foreign Investment Review

CFIUS is an inter-agency body authorized to review the national security implications of proposed foreign investments in the United States.  If CFIUS concludes that an acquisition of a U.S. business threatens to impair U.S. national security, it can ultimately recommend that the President use statutory authority to block the acquisition.  The current push for CFIUS reform was prompted, in part, by concerns that the existing regulatory framework was inadequate to allow for the meaningful review of national security implications of the increase in Chinese investments in the U.S. technology sector. 

The Foreign Investment Risk Review Modernization Act (“FIRRMA”), contained in §§ 1701-1728 of the NDAA, expands the scope of transactions subject to CFIUS review, reforms the procedures through which the Committee conducts its reviews, clarifies the process for seeking judicial review, and authorizes CFIUS to charge filing fees, as follows:

  • Expanded scope of transactions subject to CFIUS review: CFIUS retains its existing jurisdiction to review “any merger, acquisition, or takeover that is proposed or pending… by or with any foreign person that could result in foreign control of any United States business” (section 721 of the Defense Production Act of 1950 (“DPA”), codified as 50 U.S.C. § 4565), but will now have an expanded list of “covered transactions” to review, including: 
    • The purchase or lease of real estate near a U.S. port or military facility, in addition to other “sensitive” government property;
    • Non-passive investments in any U.S. business that deals with “critical technology,” “critical infrastructure,” or “sensitive personal data of United States citizens that may be exploited” in a manner adverse to U.S. national security interests, even if such investments do not confer control;
    • Changes in existing ownership rights that could result in foreign ownership or control of a U.S. business; and
    • Any other transactions structured to evade CFIUS review.
  • Procedural amendments: FIRRMA amends CFIUS timeframes for conducting reviews and investigations, makes certain filings mandatory, and expands CFIUS’s enforcement powers.
    • Amended timeframes: The current process for reviewing transactions starts with the parties to a covered transaction filing a notice with CFIUS.  Once the Committee accepts the filing, it has an initial 30-day period to complete its review, with an additional period of up to 45 days for those transactions warranting further investigation.

      FIRRMA sets the initial review and investigation periods at 45 days apiece, and allows CFIUS to extend the investigation period once, for a 15-day period, on the basis of a self-assessment of “extraordinary circumstances.”  The current “shot clock” on CFIUS’s review of a voluntary filing does not begin until CFIUS formally accepts a filing, which in practice can allow the Committee to delay a review.  However, FIRMMA requires CFIUS to determine whether to accept a filing within 10 business days, curtailing what can, at times, be an open-ended pre-review process.
    • Expedited filing process: FIRRMA allows parties to submit a short-form declaration, which FIRRMA states should “not generally exceed 5 pages in length,” for certain transactions in lieu of the more voluminous notices discussed above.  FIRRMA directs CFIUS to establish regulations regarding the information required in the declaration.

      Any party to a covered transaction may submit a short-form declaration (and certain transactions, as described below, require a short-form declaration), and CFIUS is required to take action on such declarations within 30 days of receipt.  CFIUS may direct the parties to file a full written notice, inform the parties that CFIUS cannot evaluate the transaction on the basis of the declaration, initiate a unilateral review of the transaction, or clear the transaction.  It is anticipated that this process will allow CFIUS to clear transactions involving friendly countries much more quickly, and with much less burden to the parties, than the full CFIUS voluntary notice process.
    • Mandatory notifications: Parties will be required to file short-form declarations for all transactions involving the acquisition of a “substantial interest” in a U.S. business involved in critical infrastructure, critical technology, or sensitive personal data by a foreign person in which a foreign government has a “substantial interest.”  Such declarations must be filed no later than 45 days before the proposed transaction is completed (or 90 days prior, if the parties opt to file a notice instead). 
    • Greater enforcement powers: FIRRMA directs CFIUS to issue regulations to formalize the requirement for parties to submit with their notices all relevant side agreements to a transaction, including partnership and integration agreements. CFIUS is also authorized to conduct unilateral reviews where parties submit a short-form declaration, and in the case of any breach of a mitigation agreement (mitigation agreements are a tool used by parties to address concerns raised by CFIUS so as to allow a transaction to proceed).  Further, CFIUS is authorized to impose mitigation conditions on a party that has abandoned a transaction, and to suspend proposed or pending transactions that may pose a risk to U.S. national security interests.  
  • Judicial Review: FIRRMA explicitly makes certain Committee actions subject to judicial review by providing for a civil cause of action to challenge an action or finding of the Committee before the U.S. Court of Appeals for the D.C. Circuit.  If the production of privileged material is necessary to resolve such action, such material will be reviewed in camera and maintained under seal.

    The FIRRMA judicial review provisions do not disturb the existing bar against judicial review of the President’s substantive determinations, under the DPA, of whether a transaction threatens U.S. national security interests, and what action is necessary to address such threats.
  • Filing fees: The Federal Government does not currently charge fees for CFIUS filings.  However, FIRRMA authorizes CFIUS to charge filing fees that may not exceed an amount equal to the lesser of 1 percent of the value of the transaction, or $300,000, as adjusted annually for inflation. 

Export Controls

The Export Controls Act of 2018 (“Act”), contained in §§ 1751-1768 of the NDAA, provides permanent statutory authority for the Export Administration Regulations (“EAR”), which control the export of dual-use goods and technology that have both civilian and military uses.  The most notable changes that would be required by the Act include a requirement that the U.S. Department of Commerce (“Commerce”) control “emerging and foundational technologies,” the adoption of new procedures for license applications, and an increase for the maximum civil penalty for violations of the EAR to $300,000 or twice the value of the transaction (thereby matching the penalty scheme that currently applies to the EAR under the International Emergency Economic Powers Act, or “IEEPA”).

  • Permanent Statutory Authority:  The Export Administration Act of 1979, which originally provided statutory authority for the EAR, lapsed in 1994.  Since then, every U.S. president has declared the lack of statutory authority for the EAR to be a national emergency under the IEEPA, and has temporarily reauthorized the EAR on that basis.  The Act will provide permanent statutory authority for the EAR.  
  • Controls on “Emerging and Foundational Technologies”:  Recognizing that the normal processes for making changes to the U.S. export control regime do not always keep pace with the development of new technologies, the Act requires the President, the Secretaries of Commerce, State, Defense, and Energy, and the heads of other agencies as appropriate to institute an “ongoing interagency process to identify emerging and foundational technologies.”  While the Act does not specifically define the term “emerging and foundational technologies,” the interagency process applies only to such technologies that are essential to the security of the United States and are not “critical technologies” already subject to control (including technologies identified on the United States Munitions List or Commerce Control List).  The Act requires a notice and comment period as part of the interagency process.  Subject to certain exceptions, the Secretary of Commerce will be required to establish controls under the EAR for any “emerging and foundational technologies” identified as part of the process.  At a minimum, the Secretary of Commerce must require a license for the export or transfer of any such technology “to or in a country subject to an embargo, including an arms embargo, imposed by the United States,” including China.  The Secretary of Commerce is further required to report to CFIUS and Congress every 180 days on actions pertaining to “emerging and foundational technologies.”

    Although it is unclear at this time what technologies will be deemed to be “emerging and foundational technologies” subject to EAR controls, the legislation’s requirement for a notice and comment period indicates that Congress intends for industry stakeholders to have a role in the process.  Companies involved in technology research and development that could be affected by the interagency review process should monitor the Federal Register for notice that certain technologies may be under review, and be prepared to submit comments to inform the agencies on the development status, potential, and availability of such technologies.   
  • Reforms to Licensing
    • License application review timing:  The Act advises, but does not require, that the Commerce Secretary “should make best efforts” to evaluate and process license requests within 30 days.  Though aspirational, this provision is largely in line with Commerce’s current practices – between 2012 and 2016, Commerce had average license processing times between 23 and 26 days. 
    • Consideration of an export’s impact to the defense industrial base:  The Act requires the Commerce Secretary to include in the consideration of a license request an “assessment of the impact of a proposed export of an item on the United States defense industrial base” and to deny an application for an export that would have a “significant negative impact” on the defense industrial base.  Applicants will be required to provide information relevant to the industrial impact assessment. 
    • Interagency review for countries subject to arms embargo:  The Act also requires an interagency review within 270 days of (1) the scope of EAR controls applicable to countries subject to a comprehensive United States arms embargo (e.g., China) and countries subject to a United Nations arms embargo, and (2) items on the Commerce Control List that do not currently require a license for destinations subject to a Untied States arms embargo.  The interagency review is to be conducted by the Secretaries of Commerce, State, Defense, and Energy, and the heads of other federal agencies as appropriate. 
    • Notification Requirements for Exports to Terror Supporting Countries: The Act empowers the Secretary of State to designate, upon publication in the Federal Register, countries that had repeatedly provided support for international terrorism.  Exports of controlled items to such destinations will require a license, and the Secretaries of State and Commerce must notify Congress at least 30 days before Commerce issues the license.  Further, the Secretary of State may not rescind a designation that a country supports terrorism unless the President provides Congress with justification for the rescission, including a report finding that the country has not supported terror for the preceding 6-month period, at least 45 days in advance of the rescission. 
  • Increased Maximum Civil Penalty:  The Act slightly increases the maximum civil penalty for the violation of the EAR to the greater of $300,000 or twice the amount of the transaction.  Criminal penalties for willful violations will remain at the same amount as they were under IEEPA: $1,000,000 and, for individuals, imprisonment up to 20 years. 

Chinese Procurement Ban

Additionally, the NDAA includes a statutory ban on the procurement by U.S. government agencies of telecommunications equipment or services sold by Huawei Technologies Company or ZTE Corporation (or any of their subsidiaries or affiliates), or video surveillance and telecommunications equipment or services sold by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any of their subsidiaries or affiliates).  The prohibition becomes effective one year after enactment of the NDAA.  Further, starting two years after enactment of the NDAA, federal agencies will be prohibited from contracting with any entity that uses telecommunications or video surveillance equipment or services acquired from any of these Chinese firms. 

Earlier this year, Commerce penalized ZTE for violating U.S. sanctions against Iran and North Korea.  In June, Commerce announced that it had reached a deal to lift most of those penalties, leading many lawmakers to voice frustration that the firm had escaped accountability.  The NDAA stops short of restoring those penalties, but clearly puts Chinese technology firms into the cross hairs, and signals Congress’s readiness to take bipartisan action to sanction firms perceived to pose a threat to U.S. national security.