The Committee on Foreign Investment in the United States (CFIUS) has been in the headlines in recent weeks as the Trump administration, in consultation with CFIUS, has threatened a ban on Americans' access to TikTok, a popular video sharing mobile application, owned by China's ByteDance. CFIUS has also finalized new rules that amend the scope of transactions subject to CFIUS's mandatory review.

What you need to know

  • CFIUS's profile has grown as it seeks to coerce China's ByteDance to sell its popular TikTok app to U.S. owners. As of September 20, 2020, the U.S. government had tentatively approved a deal for minority U.S. ownership of TikTok, temporarily averting a ban on downloads and updates of the app within the United States.
  • CFIUS's new rules, effective October 15, 2020, rely on the U.S. export control regime to determine whether parties to a transaction will be required to submit a filing to CFIUS.

CFIUS on the front page

CFIUS has been investigating TikTok since 2019, particularly its collection and use of personal data, asserting jurisdiction over ByteDance's 2017 acquisition of a similar app called Musical.ly, for which the parties did not seek CFIUS approval. In an executive order issued on August 6, 2020, the U.S. government alleged that TikTok captures "vast swaths of information . . .  [which] threatens to allow the Chinese Communist Party access to Americans' personal and proprietary information—potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage". As such, the order prohibits all transactions with ByteDance by any person, or with respect to any property, subject to U.S. jurisdiction beginning on September 20, 2020. The order is intended to pressure ByteDance to sell TikTok to one or more U.S. owners.

As of September 20, the Trump administration had tentatively approved ByteDance's agreement to spin TikTok off into a separate business partly owned by U.S. software giant Oracle and retailer Walmart. Oracle would also serve as TikTok's "trusted technology provider" ostensibly to protect U.S. personal data. The U.S. government extended by one week its order that would block persons in the U.S. from downloading TikTok or receiving software updates. A broader ban on all use of TikTok in the U.S. has been threatened if a final deal acceptable to the government has not been reached by November 12, 2020.

The TikTok matter is the latest in a series of actions taken against Chinese-owned technology applications which neither sought nor received CFIUS's consent that such ownership did not implicate U.S. national security:

  • On August 6, 2020 (the same day as the TikTok executive order), the Trump administration issued an order against messaging, social media and electronic payment app WeChat, owned by China's Tencent Holdings, prohibiting any transaction "relating to WeChat" by a person, or with respect to property, subject to U.S. jurisdiction. The order would bar all use of the WeChat app in the U.S. (not just downloads and updates) but permit U.S. individuals and businesses to continue its use in China and elsewhere outside the U.S. Although the prohibition was set to take effect on September 20, 2020, a U.S. federal judge had temporarily enjoined it as of this writing.
  • On March 6, 2020, the Trump administration, on CFIUS's recommendation, ordered the divestiture of StayNTouch, a U.S. cloud-based hotel property management system, by its Chinese owner Shiji Group. A U.S. hotel owner-operator, MCR, agreed on August 31, 2020, to acquire StayNTouch.
  • In Spring 2019, CFIUS informed dating app Grindr that its Chinese owner Beijing Kunlun posed a threat to U.S. national security and directed its divestiture to a U.S.-based consortium, which was approved by CFIUS in June 2020.
  • Also  in Spring 2019, CFIUS required China's iCarbonX to sell PatientsLikeMe, an online service that helps patients find people with similar health conditions. UnitedHealth, a large U.S. health insurer, agreed to acquire PatientsLikeMe in June 2019.

These circumstances demonstrate that the current administration, wielding CFIUS's mandate to protect U.S. national security in connection with foreign investment in U.S. businesses, has specifically targeted Chinese ownership of technological applications that collect the personal data of U.S. persons.

In the near term, Canadian investors are advised to consider CFIUS jurisdiction over similar technology and data-intensive businesses, particularly when in connection with Chinese investment. CFIUS's focus on China, however, presents Canadian investors, many of whom are currently deemed "excepted investors" relieved of certain CFIUS requirements, with opportunities to facilitate their investments in the U.S.

While it remains to be seen whether CFIUS will continue to play an outsize, and politicized, role in the event the upcoming U.S. election results in a change of administration, scrutiny of Chinese investment in the U.S. accelerated under former President Obama and, therefore, can be expected to remain a priority for CFIUS well into the future. 

CFIUS in the fine print

Away from the headlines, CFIUS this week finalized new rules, to take effect October 15, 2020, that amend the scope of transactions subject to CFIUS's mandatory filing requirements. The final rules largely track those proposed in May 2020 (see our bulletin).

The new rules require a non-U.S. investor in a U.S. business to assess whether the business produces, designs, tests, manufactures, fabricates, or develops one or more critical technologies for which a "U.S. regulatory authorization" would be required for the export, reexport, transfer (in-country), or retransfer of such critical technology to the direct acquirer of the U.S. business, or to a person with 25 percent or more voting interest, direct or indirect, in such direct acquirer. The rules also clarify that, in certain circumstances, this 25 percent percentage threshold would apply up the ownership chain of the direct acquirer's general partner or equivalent.

A "U.S. regulatory authorization" includes the following:

  • A license or other approval issued by the U.S. Department of State under the International Traffic in Arms Regulations.
  • A license from the U.S. Department of Commerce under the Export Administration Regulations.
  • A specific license or authorization from the U.S. Department of Energy with respect to certain atomic energy activities or from the Nuclear Regulatory Commission with respect to nuclear equipment and material.

The amendments replace the mandatory filing provisions in place since October 2018 based on a U.S. business's connection with one or more of 27 designated industries identified by North American Industry Classification System code.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.