On September 15, 2022, President Biden issued a new executive order (EO), entitled “Executive Order on Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States,” that directs CFIUS to consider certain risk factors when reviewing covered transactions.  CFIUS-related executive orders are rare and have typically been used to establish procedures and processes, rather than provide substantive guidance to the Committee.  President Biden’s order is unusual in that it goes beyond process considerations and directs the Committee to consider specific substantive risks as part of its reviews.  According to a White House fact sheet, this is the first EO “since CFIUS was established in 1975 to provide formal Presidential direction on the risks that the Committee should consider when reviewing a covered transaction.”

The EO does not alter the legal powers granted to CFIUS, including the scope of transactions which it can review.  Nor does it contain any provisions regarding outbound investments (sometimes called “reverse CFIUS”), which was recently proposed in Congress and on which the Administration is considering taking executive action in the near term.

However, it provides important insight into the Administration’s thinking with respect to national security issues linked to foreign investment and puts both US businesses and foreign investors involved in certain industries, or engaged in certain activities, on notice that CFIUS may more closely scrutinize their deals.

Rationale for the Order

The Defense Production Act of 1950 (DPA), as amended, sets forth the statutory basis for CFIUS’s authority and includes a number of general factors the Committee should consider when reviewing transactions for national security concerns. Indeed, the DPA states the Committee may consider “such other factors as the President or the Committee may determine to be appropriate, generally or in connection with a specific review or investigation.”  Some of the factors set forth in the EO, such as sensitive data, are also specifically included in the DPA through recent amendments to the law under the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA).  Thus, CFIUS already has significant discretion to consider a wide range of factors related to national security. Therefore, the EO was not strictly necessary for CFIUS to consider the risks outlined below, as CFIUS has routinely considered many of these risks in reviewing transactions in recent years.

Some of the risks outlined below do, however, seem to capture new thinking and priorities on the part of the Biden Administration with respect to inbound foreign investment.  In particular, clean energy and climate adaptation technologies were not particularly salient national security risks under past administrations.  Biotechnology and biomanufacturing have been CFIUS interest areas for some time, but those risks have undoubtedly been enhanced by the COVID-19 pandemic.  On the other hand, some national security risks that have received significant discussion in the last 20 years, such as proximity to sensitive defense and national security facilities, do not appear in the EO.

The EO may also be intended, in part, to better coordinate and streamline how the different agencies comprising CFIUS assess risk, and provide them with more detailed guidance to point to during interagency deliberations on specific transactions.  Each CFIUS agency has its own particular expertise and set of issues to which it is most sensitive.  Agency priorities are also colored, of course, by the agency’s larger mission.  For example, certain CFIUS agencies with broader responsibilities for promoting international trade or commerce have historically been viewed as friendlier to foreign investors; agencies with explicit national security or law enforcement missions are viewed, by contrast, as more hostile.  Clear guidance from the White House may help to better align the respective missions of CFIUS agencies and lead to more predictability in Committee decision making.

Risk Factors Identified in the Order

The EO directs the Committee to consider five additional and more granular risk factors, including:

  1. A given transaction’s effect on the resilience of critical US supply chains that may have national security implications, including those outside of the defense industrial base

This includes foreign investment impacting US manufacturing capabilities, services, critical mineral resources, and technologies that are fundamental to national security and could make the US vulnerable to future supply disruptions.  The order directs CFIUS to consider supply chain issues both within and outside of the defense industrial base and to consider factors such as the degree of supply chain diversification (including from partner or allied countries), existing supply relationships with the US government, and the degree of concentration by a foreign person in a given supply chain.

  1. A given transaction’s effect on US technological leadership in areas affecting US national security, including but not limited to microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies

The order identifies certain sectors as fundamental to US technological leadership, including, among others, microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, climate adaptation technologies, and portions of the agricultural industrial base that may impact food security.  Under the order, CFIUS should consider if a transaction involves manufacturing capabilities, services, critical mineral resources, or technologies in the identified fields.

  1. Industry investment trends that may have consequences for a given transaction’s impact on US national security

The EO directs CFIUS to take a wholistic view when reviewing covered transactions and focus not just on the transaction immediately at hand, but also to place that transaction within the broader context of recent transactions by the same country or foreign company in the same sector or a related sector.  The White House fact sheet explains that, “Certain investments by a foreign person in a sector or technology may appear to pose a limited threat when viewed in isolation, but when viewed in the context of previous transactions, it may become apparent that such investments can facilitate sensitive technology transfer in key industries or otherwise harm national security.”

  1. Cybersecurity risks that threaten to impair national security

The order instructs CFIUS to consider whether a covered transaction could provide a foreign person or a related third party with the capability to conduct cyber intrusions or other malicious cyber-enabled activity that may pose a risk to national security.  It also instructs CFIUS to consider the cybersecurity “posture, practices, capabilities, and access” of all parties to a covered transaction.

  1. Risks to US persons’ sensitive data.

Finally, the EO directs the Committee to consider whether a covered transaction involves a US business with access to US persons’ sensitive data and whether the foreign investor has the ability and intent to exploit such information to the detriment of US national security, including “through the use of commercial or other means.”

Implications for Industry

The order provides an important window into the risks that are top of mind for the administration and, in light of the EO, are likely to be given even more careful consideration by the Committee.  It also serves to put industry on notice that CFIUS will be particularly interested in transactions implicating any of the above categories.  While CFIUS filings can be mandatory in certain situations, CFIUS operates under a largely voluntary regime whereby parties to covered transactions that believe CFIUS may have interest in their deal elect to file and seek approval from CFIUS, which provides safe harbor from later CFIUS interference in the deal, including, in the most serious cases, the unwinding of the transaction.  Under FIRRMA, CFIUS has recently been given additional resources to identify and review so-called “non-notified” transactions (i.e., covered transactions where the parties have elected not to make a voluntary filing).  Parties to transactions implicating one of the newly highlighted priority risk areas will want to carefully consider how the EO impacts the advisability of making a voluntary filing to the Committee and the prospects of CFIUS requiring mitigation as a condition of approval or, possibly, seeking to block the transaction.

A New Precedent?

While the EO reflects a number of risks that have been well-known to CFIUS practitioners for years, it also reflects some shifts in priority, reflecting both the Biden Administration’s specific outlook and the ever-changing nature of US national security risks.  For example, in just the four years since FIRRMA was enacted, the risk landscape has shifted, with a number of differences between the risks identified in FIRRMA (which was principally motivated by Chinese investment in certain US critical technology and infrastructure) and the EO.   It is safe to assume that the EO will eventually become outdated, either because a new administration takes over in 2025 or because national security risks continue to shift.  Given the inevitable need for updating, it is possible that future administrations will issue executive orders of their own, starting a new trend in the CFIUS space.


For additional information regarding the new executive order or advice with respect to a particular transaction please contact a member of our National Security and CFIUS Practice.