Content Assessment: Review Process Update? Executive Order Defines Additional National Security Factors for CFIUS
Information - 91%
Insight - 89%
Relevance - 90%
Objectivity - 91%
Authority - 95%
A short percentage-based assessment of the qualitative benefit of the post highlighting the recent Executive Order on additonal national security factors for CFIUS reviews
Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.
To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.
Background Note: From audits and investigations to cyber and legal discovery, there are many areas of focus for the tools, techniques, and tactics used regularly by eDiscovery experts and providers in the conduct of their professional duties. One specialized area of focus is supporting reviews and investigations based on requirements from the Committee on Foreign Investment in the United States (CFIUS). The following Executive Order from President Biden on CFIUS may be beneficial for cybersecurity, information governance, and legal discovery professionals seeking to better understand the objective, reasoning, and requirements for the specialized task of advising and supporting CFIUS reviews and investigations.
President Biden Signs Executive Order to Ensure Robust Reviews of Evolving National Security Risks by the Committee on Foreign Investment in the United States
First-Ever Presidential Directive Defining Additional National Security Factors for CFIUS to Consider in Evaluating Transactions
The United States’ commitment to open investment is a cornerstone of our economic policy, benefits the millions of American workers employed by foreign firms operating in the United States, and helps to maintain our economic and technological edge. However, the United States has long recognized that certain investments in the United States from foreign persons, particularly those from competitor or adversarial nations, can present risks to U.S. national security. The United States therefore maintains a robust foreign investment review process to identify and address such risks. As the national security environment, including the behavior of countries and individuals that seek to impair U.S. national security, evolves, the review process of the Committee on Foreign Investment in the United States (CFIUS, or the Committee) also must evolve.
This Executive Order (E.O. or the Order) is the first E.O. since CFIUS was established in 1975 to provide formal Presidential direction on the risks that the Committee should consider when reviewing a covered transaction. The Order explicitly recognizes that some countries use foreign investment to obtain access to sensitive data and technologies for purposes that are detrimental to U.S. national security, and seeks to ensure that CFIUS remains an effective tool to combat these threats now and in the future. More broadly, this Order explicitly ties CFIUS’ role, actions, and capabilities with the Administration’s overall national security priorities—including preserving U.S. technological leadership, protecting Americans’ sensitive data, and enhancing U.S. supply chain resilience—to ensure that the United States’ national security tools and objectives are consistent and mutually reinforcing.
Specifically, this E.O. provides direction to CFIUS by elaborating on existing statutory factors and adds several national security factors for CFIUS to consider during its review process. The Order also acknowledges the importance of continuous improvements to the foreign investment review process and directs CFIUS to continue to regularly review its processes, practices, and regulations to ensure that they remain responsive to evolving national security threats.
This E.O. does not change CFIUS processes or legal jurisdiction. It should be read in conjunction with the national security factors already set out in section 721(f) of the CFIUS statute, and with the understanding that these lists of factors are illustrative. CFIUS may consider any national security risk arising out of a transaction over which it has jurisdiction.
The E.O. directs the Committee to consider five specific sets of factors:
- A given transaction’s effect on the resilience of critical U.S. supply chains that may have national security implications, including those outside of the defense industrial base. Foreign investment that shifts ownership, rights, or control to a foreign person in certain manufacturing capabilities, services, critical mineral resources, or technologies that are fundamental to national security may make the United States vulnerable to future supply disruptions of critical goods and services. The Order states that the Committee shall consider, as appropriate, a covered transaction’s effect on supply chain resilience and security, both within and outside of the defense industrial base. These considerations include the degree of diversification through alternative suppliers across the supply chain, including suppliers located in allied or partner countries; supply relationships with the U.S. government; and the concentration of ownership or control by the foreign person in a given supply chain.
- A given transaction’s effect on U.S. technological leadership in areas affecting U.S. national security, including but not limited to microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies. Although foreign investments can in many circumstances help to foster domestic innovation, it is vital to protect U.S. technological leadership, especially when foreign investments involve sectors that are critical to U.S. national security. The Order specifically identifies sectors that are fundamental to U.S. technological leadership and therefore national security, including but not limited to microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, climate adaptation technologies, and elements of the agricultural industrial base that have implications for food security, and instructs the Committee to consider whether a covered transaction involves manufacturing capabilities, services, critical mineral resources, or technologies in such fields. The Committee shall consider whether a covered transaction could reasonably result in future advancements and applications in technology that could undermine national security, and whether a foreign person involved in the transaction has ties to third parties that may pose a threat to U.S. national security.
- Industry investment trends that may have consequences for a given transaction’s impact on U.S. national security. Certain investments by a foreign person in a sector or technology may appear to pose a limited threat when viewed in isolation, but when viewed in the context of previous transactions, it may become apparent that such investments can facilitate sensitive technology transfer in key industries or otherwise harm national security. For example, there may be a comparatively low threat associated with a foreign company or country acquiring a single firm in a sector, but a much higher threat associated with a foreign company or country acquiring multiple firms within the sector. To respond to such threats, the Order states that the Committee shall consider, as appropriate, the risks arising from a covered transaction in the context of multiple acquisitions or investments in a single sector or in related sectors.
- Cybersecurity risks that threaten to impair national security. Investments by foreign persons with the capability and intent to conduct cyber intrusions or other malicious cyber-enabled activity may pose a risk to national security. The Order states that the Committee shall consider whether a covered transaction may provide a foreign person, or their relevant third-party ties, with access to conduct such activities, in addition to the cybersecurity posture, practices, capabilities, and access of all parties to the transaction that could allow a foreign person, or their relevant third-party ties, to manifest such activities.
- Risks to U.S. persons’ sensitive data. Data is an increasingly powerful tool for the surveillance, tracing, tracking, and targeting of individuals or groups of individuals, with potentially adverse impacts on national security. Moreover, advances in technology, combined with access to large data sets, increasingly enable the re‑identification or de-anonymization of what once was unidentifiable data. The Order states that the Committee shall consider whether a covered transaction involves a U.S. business with access to U.S. persons’ sensitive data, and whether the foreign investor has, or the parties to whom the foreign investor has ties, have sought or have the ability to exploit such information to the detriment of national security, including through the use of commercial or other means.
Today’s Executive Order is a part of the Biden-Harris Administration’s broader strategy to maintain U.S. economic and technological leadership, specifically with respect to protecting national security. This involves both strengthening domestic investments and competitiveness at home and in partnership with our allies, while using all available tools to protect America’s edge and prevent our competitors and adversaries from undermining our national security.
- A Specialized Type of Discovery? The Committee on Foreign Investment in the United States (CFIUS)
- [Webcast Transcript] CFIUS Compliance: Your Approach May Be A Matter of National Security (HaystackID)
- [On-Demand Webcast] CFIUS Compliance: Your Organization’s Growth and Investment Strategy May Be A Matter of National Security (HaystackID)
- Investments in eDiscovery (A Running Listing)
- An Abridged Look at the Business of eDiscovery: Mergers, Acquisitions, and Investments
Have a Request?
If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.
ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.
ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.