U.S. Department of Commerce proposes to regulate transactions involving Information and Communications Technology and Services
Prior articles in this series have focused on the expansion of CFIUS under FIRRMA and ECRA. The latest expansion of U.S. oversight of “Foreign Direct Investment” was promulgated by the U.S. Department of Commerce (DoC).
The day before Thanksgiving, November 27, 2019, the DoC published a proposed set of regulations intended to further protect critical U.S. infrastructure, including the U.S. digital economy. The “Securing the Information and Communications Technology and Services (ICTS) Supply Chain” regulations propose a process and procedures for identifying, assessing and addressing transactions that pose a risk to critical infrastructure, digital economy, national security or citizens of the U.S.
The ICTS regulations were issued pursuant to Executive Order 13873, granting the Commerce Secretary the authority to prohibit any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or service subject to U.S. jurisdiction that poses “an undue risk to critical infrastructure or the digital economy in the United States, or an unacceptable risk to U.S. national security or the safety of United States persons.”
More specifically, the Executive Order and proposed ICTS regulations are intended to prohibit any transaction that:
- Involves property in which a foreign country or national has an interest;
- Includes information and communications technology or services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary; and
- Poses certain undue risks to critical infrastructure or the digital economy in the United States or certain unacceptable risk to U.S. national security or U.S. persons.
If adopted the regulations would cover any transaction that:
- Is conducted by any person subject to the jurisdiction of the United States or involves property subject to the jurisdiction of the United States;
- Involves any property in which any foreign country or a national thereof has an interest (including through an interest in a contract for the provision of the technology or service); and
- Was initiated, pending, or completed after May 15, 2019.
Per the Executive Order, the ICTS regulations provide for the Office of the Director of National Intelligence (ODNI) and the Department of Homeland Security (DHS) to produce an initial threat and vulnerability assessment for US ICTS and analysis for a covered transaction. Similar to CFIUS, a prohibited transaction will be subject to mitigation, prohibition or unwinding.
The ICTS regulations propose a deliberative “case-by-case” application and review process to permit DoC to target and prohibit transactions that meet the criteria established by the Executive Order, but with the goal of avoiding precedential determinations that could result in overly broad limitations on transactions that do not rise to the stated level of risk – the ultimate objective being to balance the protection of U.S. ICTS against impairing U.S. innovation or access to U.S. technology.
Unlike CFIUS, Foreign Investment Risk Review Modernization Act (FIRRMA) or Export Control Reform Act (ECRA), the currently proposed ICTS regulations do not propose specific ICTS technologies or participants as covered or excluded from the Executive Order -- but expressly reserve the right to do so going forward.
As background, CFIUS is the Committee on Foreign Investment in the US, which was created by Executive Order in 1975 and was later codified in 2007 by the Foreign Investment and National Security Act. The act broadened the definition of national security and required scrutiny for certain types of foreign direct investment. In general, CFIUS has been limited to technology, industries and infrastructure directly involving national security. It was also a voluntary filing. CFIUS changed dramatically on August 13, 2018, with passage of FIRRMA. FIRRMA is intended to close loopholes exploited by China and others, and to better protect critical U.S. technologies, assets and businesses. In doing so, FIRMMA dramatically increased the authority of CFIUS and the remedies available to it.
The U.S. Treasury Department implemented a “Pilot Program” for FIRRMA in October 2018, and then issued proposed final regulations for FIRRMA on September 17, 2019. For the first time FIRRMA covers 1) real estate proximate to government installations or with risk of foreign surveillance, or critical U.S. infrastructure (e.g. airports and ports); 2) sensitive personal data of U.S. citizens (i.e., U.S. businesses engaged in collection, use, development, acquisition, maintenance or safekeeping of personal data); and 3) bankruptcy section 363 asset sales involving covered technologies and parties. Significantly, FIRRMA also created the first mandatory CFIUS filing – with a failure to do so resulting in a reversal of the deal, divestiture and/or civil penalties up to the value of the transaction.
ECRA applies to “critical, foundational emerging” technologies of U.S. origin, including but not limited to AI, AR, Additive Manufacturing, AVs, Batteries, Big Data, Encryption, Fuel Cells, Gene editing, Nanotech, Miltech, Semiconductors, Superconductors and Robotics. ECRA also includes additional restrictions on international licensing and distribution of technology. ECRA is still in the rule-making phase, which will likely be formalized in Q1 of 2020.
CFIUS, FIRRMA, ECRA and now the DOC ICTS regulations all commonly pertain to ”Foreign Direct iInvestment or “FDI”) -- terms which are becoming widely used in the U.S. and abroad to reference regulations governing non-domestic investment in countries around the world.
Based upon the continuing expansion of FDI related regulations and filings, best practices should now include early pre-deal diligence for investments, acquisitions, mergers and transactions to determine the:
- Existence of foreign investors
- Critical or export controlled technologies
- Correct classification of the products and businesses involved
- U.S. classified information, facilities personnel or contracts
Such early diligence is necessary to appropriately determine the applicability of FDI regulations, any related filing requirements and the likely impact of such on the permissibility and timing of a prospective transaction.
David Vance Lucas is a Partner in the Huntsville office of Bradley Arant Boult Cummings LLP, where he is a member of the firm’s Intellectual Property Practice Group and leads the International Services team. Much of David’s experience was accumulated as general counsel for Huntsville-based Intergraph Corporation (now Hexagon AB Group), where he garnered extensive experience in a variety of U.S. and foreign legal environments. He now advises both U.S. and foreign clients on the harmonized application of U.S., U.K. and European laws, and represents clients in various proceedings in the U.S. and abroad.