Foreign Investment Screening — CFIUS, NSI, FDI Regimes

Cross-border mergers and acquisitions increasingly encounter scrutiny from foreign investment screening regimes. These regulatory frameworks, exemplified by the Committee on Foreign Investment in the United States (CFIUS), the UK's National Security and Investment (NSI) Act, and broader European Union (EU) mechanisms, are designed to protect national security interests by reviewing foreign investments. Their scope has expanded significantly in recent years, encompassing not only critical infrastructure and defense but also sensitive technologies, data, and supply chains. Understanding these regimes is paramount for participants in international M&A, as they can materially influence deal timelines, structuring, and execution risk. Non-compliance or an adverse determination can lead to transaction prohibition, divestiture orders, or severe penalties.

Committee on Foreign Investment in the United States (CFIUS)

CFIUS is an interagency committee authorized to review certain transactions involving foreign investment in the United States to determine their effect on U.S. national security. Its jurisdiction extends to any transaction that could result in foreign control, direct or indirect, of a U.S. business. The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) significantly expanded CFIUS's authority and introduced mandatory filing requirements. Notably, FIRRMA introduced covered investments involving certain types of foreign non-controlling investments in critically important businesses, referred to as TID (Technology, Infrastructure, and Data) businesses. Specific mandatory declarations are now required for investments by certain foreign persons in U.S. businesses that produce, design, test, manufacture, fabricate, or develop critical technologies, or which involve specific types of sensitive personal data or critical infrastructure. Additionally, a mandatory declaration is triggered if a foreign government holds a substantial interest, directly or indirectly, in the foreign person acquiring even a non-controlling interest in a U.S. TID business, provided specific control thresholds are met. Failure to file a mandatory declaration can result in penalties up to the value of the transaction. For transactions not subject to mandatory filing but still within CFIUS’s jurisdiction, parties may voluntarily file a notice to obtain a safe harbor, particularly if national security concerns are plausible. The review process involves an initial 45-day review period, which may be followed by a 45-day investigation period, with potential for further extensions under certain circumstances or for mitigation discussions. CFIUS operates with a broad interpretation of national security, encompassing economic security, technological leadership, and resilience of critical supply chains.

United Kingdom's National Security and Investment (NSI) Act

The NSI Act, which came into effect in January 2022, represents a significant shift in the UK's approach to foreign investment screening. It grants the government powers to intervene in acquisitions where there is a risk to national security. The Act introduces a mandatory notification regime for transactions in 17 sensitive sectors. These sectors include advanced materials, artificial intelligence, autonomous robotics, aviation, civil nuclear, communications, computing hardware, critical suppliers to government, cryptographic authentication, data infrastructure, defence, energy, national security and defence, quantum technology, satellite and space technologies, and synthetic biology. Within these specified sectors, an acquisition of control – defined as increasing a shareholding or voting rights above 25%, 50%, or 75%, or acquiring control of voting rights sufficient to pass or block resolutions – mandates a filing. The NSI Act also includes a voluntary notification mechanism, allowing parties to seek clearance for transactions not subject to mandatory notification but where national security concerns could foreseeably arise. Additionally, the government retains a 'call-in' power for up to five years post-completion, allowing it to scrutinize transactions that were not notified but raise national security concerns. The review process typically involves an initial 30 working day assessment period, which can be extended by a further 30 working days and potentially more with agreement from the transacting parties. The UK government has demonstrated a willingness to use its powers, issuing divestment orders and imposing conditions to mitigate perceived risks.

European Union Framework for the Screening of Foreign Direct Investments (FDI)

The European Union established a framework for foreign direct investment screening through Regulation (EU) 2019/452, effective October 2020. This EU framework does not create a supranational screening mechanism, nor does it mandate that member states implement their own FDI screening regimes. Instead, it facilitates cooperation and information sharing among member states and the European Commission regarding foreign investments that may affect security or public order. It enables the Commission or any member state to comment on foreign investments undergoing screening in another member state. Each member state retains sovereign authority to implement and enforce its own national FDI screening mechanisms. Many EU member states have robust individual regimes, such as Germany's Foreign Trade and Payments Ordinance (AWV), France's Decree No. 2005-1153, and Italy's Golden Power legislation. These national regimes typically define specific sectors, thresholds for investment, and review processes that can involve mandatory or voluntary notifications. Common sectors triggering scrutiny across EU member states include defense, energy, telecommunications, critical infrastructure, dual-use technologies, and sensitive data. The EU framework aims to promote a common minimum standard and greater consistency across the bloc, ensuring that member states consider the potential impact of investments on other member states and on EU projects or programs of particular interest.

Strategic Considerations for Acquirers

Navigating these diverse and expanding foreign investment screening regimes requires proactive planning. Early identification of potential national security risks is crucial. This involves a thorough analysis of the target company's products, services, customers, intellectual property, infrastructure connectivity, and supply chain dependencies, particularly in relation to the sensitive sectors identified by each relevant jurisdiction. Concurrently, the acquirer's ultimate beneficial ownership, along with any direct or indirect government ownership or control, must be meticulously mapped. The nationality of key investors and the location of their primary operations can significantly influence risk perceptions. For instance, an investor from a jurisdiction deemed a strategic adversary by the reviewing authority may face intensified scrutiny, even for seemingly innocuous transactions. Due diligence must extend beyond financial and legal aspects to include a comprehensive assessment of national security implications, potentially involving specialized consultants. This early assessment informs decisions regarding deal structure, timing, and whether to pursue a mandatory or voluntary filing.

Structuring the transaction to mitigate national security concerns is sometimes possible. This could involve limiting the scope of the acquired assets, ring-fencing sensitive parts of the business, establishing robust information barriers, or agreeing to specific ongoing operational restrictions. In situations where a known risk exists, pre-filing engagement with the relevant authorities can be beneficial. Such engagement allows parties to understand specific concerns, gauge the likelihood of a clearance, and potentially negotiate mitigation measures proactively before a formal filing. These mitigation agreements, often legally binding, can range from restrictions on information access and governance structures to commitments regarding supply chain diversification or continued R&D within the jurisdiction. The involvement of government agencies in ongoing operational aspects can introduce complexities and necessitate continuous compliance monitoring. Finally, the financial modeling and timeline for the transaction must explicitly account for the potential delays and complexities introduced by foreign investment reviews. This includes allocating sufficient time for pre-filing discussions, formal review periods, and potential negotiation of mitigation agreements, which can often extend beyond typical M&A closing timelines. The cost of navigating these processes, including advisory fees and potential foregone opportunities, should also be factored into the overall deal economics. The evolving and increasingly complex nature of these regimes necessitates a robust and adaptive strategy to ensure deal certainty and achieve strategic objectives in cross-border M&A.