On September 15, President Biden issued Executive Order 14083 (EO) — "Ensuring Robust Consideration of Evolving National Security Risks by the Committee on Foreign Investment in the United States" — providing formal guidance to the Committee on Foreign Investment in the United States (CFIUS) on factors CFIUS must consider when conducting national security reviews. CFIUS is authorized to review covered investments and real estate transactions in the U.S. to determine whether they have an effect on national security. Notably, this is the first time an EO has been issued since CFIUS was established in 1975.

Specifically, the EO directs CFIUS to consider five specific factors when undertaking national security reviews:

1. A transaction's effect on the resilience of critical U.S. supply chains. The EO directs CFIUS to consider a covered transaction's effect on supply chain resilience and security, both within and outside of the defense industrial base. Such considerations include the degree of diversification through alternative suppliers across the supply chain, supply relationships with the U.S. government, and the concentration of ownership or control by the foreign person in a given supply chain. The EO illustrates the importance of the U.S. supply chain as a focus of CFIUS' review, and businesses and investors should thoroughly examine the relevant supply chains and the extent foreign investment would shift control of critical goods and services.

2. A transaction's effect on U.S. technological leadership. The EO directs CFIUS to consider whether a covered transaction involves manufacturing capabilities, services, critical mineral resources, or technologies fundamental to national security, including microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, climate adaptation technologies, critical materials, and elements of the agricultural industrial base that have implications for food security. While not an exhaustive list, the EO places these industries on notice that foreign investment in these areas will be met with greater regulatory scrutiny. CFIUS must further consider whether a covered transaction may bring about future advancements and applications in technology that might challenge national security, and whether a foreign person involved in the transaction is associated with third parties that may put U.S. national security at risk.

3. Industry investment trends. Certain transactions may implicate national security risks not apparent when the transaction is viewed in isolation. For this reason, the EO directs CFIUS to consider the risks arising from a covered transaction in the context of multiple acquisitions or investments in a single sector or related sectors, i.e.,CFIUS will also consider foreign direct investment trends in a given industry and not only the investment or transaction by the notifying foreign person.

4. Cybersecurity risks. The EO directs CFIUS to consider whether a covered transaction may provide a foreign person, or an associated third party, with access to conduct or manifest cyber intrusions or other malicious cyber-enabled activities. CFIUS will consider both the cybersecurity capabilities of the foreign person, as well as the U.S. business. Cybersecurity has been a continued focus of CFIUS, and the EO underscores that reality.

5. Risks to U.S. persons' sensitive data. The EO directs CFIUS to consider whether a covered transaction involves a U.S. business with access to U.S. persons' sensitive data, and whether the foreign investor, or the parties associated with the foreign investor, has sought or has the ability to exploit such information to the detriment of national security, including through the use of commercial or other means.

The EO does not change the legal or regulatory requirements currently in place. It intends to highlight CFIUS' focus on these particular risks and provide guidance to those considering a transaction to better identify national security risks possibly arising from a transaction early on and to assist businesses and investors in determining whether there is a need to disclose to CFIUS. The existence of any of these factors in the EO indicates that CFIUS will likely examine the transaction closely.

This is being released in conjunction with a series of legislative and regulatory efforts to improve the competitiveness and resilience of U.S. technology and supply chains, including a potential directive covering outbound technology transfers and capital. Prior to engaging in M&A activity or investments involving U.S. businesses operating within the sectors implicated by the factors outlined in the EO, transaction parties should carefully assess the likelihood of CFIUS review and the potential need to file a notice or declaration.