Proposed Regulations Set to Expand Authority of CFIUS

By: Olga Torres, Managing Member & Maria Alonso, Associate
Date: 01/16/2020

This article first appeared in the Newsletter of the International Law Section ( of the State Bar of Texas, and is reproduced with the Section’s permission. This article was written prior to the two final regulations issued by the U.S. Department of the Treasury on January 13, 2020.

  1. Introduction: New Regulations

On September 17, 2019, the U.S. Department of the Treasury (“Treasury”) issued two proposed rules that would expand the jurisdiction of the Committee on Foreign Investment in the United States (“CFIUS”).[1] The proposed regulations are implemented pursuant to the Foreign Investment Review Modernization Act of 2018 (“FIRRMA”), which was signed into law in August 2018. If enacted, these new proposed regulations could have major implications on foreign investment and real estate transactions in the United States and investors and companies must be aware of such potential impact.

Prior to FIRRMA, CFIUS’s authority included reviewing transactions that could result in the foreign control of a U.S. business. FIRRMA, which received bipartisan support in Congress, significantly expanded CFIUS’s authority. Notably, under FIRRMA, CFIUS is still authorized to review the “covered control transactions” but now also has jurisdiction over non-controlling investments in certain U.S. businesses and certain real estate transactions. The first set of proposed rules[2] would amend and expand CFIUS’s existing regulations at 31 C.F.R. Part 800, which include changes related to controlled investments, foreign investments in U.S. businesses involved in critical infrastructure sectors, and those that hold sensitive personal data of U.S. citizens. The second set of proposed rules[3] would create a new set of regulations at 31 C.F.R. Part 802, which implement CFIUS’s new jurisdiction over certain real estate transactions.

Final regulations implementing FIRRMA will formally take effect by February 2020. The October 2018 interim regulations for the existing Critical Technologies Pilot Program were not changed by the proposed regulations. For more information about FIRRMA and the Pilot Program, please see our previous article.

FIRRMA and the proposed regulations expand CFIUS’s jurisdiction based on two new grounds: 1) certain non-controlling investments in certain U.S. businesses involved with critical technology, critical infrastructure, or sensitive personal data, referred to as “TID U.S. businesses” for technology, infrastructure, and data; and 2) certain real estate transactions. The comprehensive proposed regulations provide detailed criteria that would trigger U.S. businesses or real estate transactions to fall under the purview of CFIUS’s jurisdiction. Both proposed frameworks are addressed below, with a particular focus on non-controlling investments and real estate transactions involving property within a certain proximity to specified sensitive sites.

  1. Non-Controlling Investments: From Control to Involvement

The nature of the investment and the nature of the target TID U.S. business are key to determining whether a certain non-controlling investment will fall under CFIUS’s jurisdiction. The nature of the investment was promulgated in FIRRMA—the investment must afford a foreign person[4] at least one of the following: 1) access to material non-public technical information in the possession of the TID U.S. business; 2) membership or observer rights on the board of directors or equivalent governing body of the TID U.S. business, or the right to nominate an individual to a position on the board of directors or equivalent governing body of the TID U.S. business; or 3) any involvement (other than through voting of shares) in substantive decision-making of the TID U.S. business regarding certain actions related to sensitive personal data, critical technologies, or critical infrastructure.[5]

Furthermore, the nature of the target TID U.S. business is further defined in the proposed regulations. The three categories of TID U.S. businesses include:

  • 1) Critical Technology TID U.S. business is one that produces, designs, tests, manufactures, fabricates, or develops a critical technology;[6]
  • 2) Critical Infrastructure TID U.S. business is one that owns, operates, manufactures, supplies, or services the subset of 28 types of critical infrastructure identified in Appendix A. Some of these include telecommunications, utilities, energy, and transportation; and
  • 3) Sensitive Personal Data TID U.S. business is one that maintains or collects sensitive personal data of U.S. citizens, which may be exploited in a manner that threatens national security. The proposed regulations provide two types of sensitive personal data: a) “identifiable data,” including data related to financial, geolocation, and health, among others, but only if the “category” and “collection” requirements are met (there are ten “categories” and three “collections”); and b) “genetic information” as defined in 45 C.F.R. § 160.103.

Excepted Investors

The proposed regulations do provide an exception from “covered investments” for certain foreign persons defined as “excepted investors” who will receive preferential treatment for having ties to certain countries identified as “excepted foreign states,” and their compliance with certain laws, orders, and regulations (including U.S. export controls and sanctions).[7] The proposed regulations do not list any countries and CFIUS has yet to publish a list of the countries that would be included within the “excepted foreign states.” Importantly, this exception does not apply to control transactions (e.g., foreign control of a U.S. business).

Furthermore, proposed § 800.220 sets out the complex criteria that a foreign person needs to meet to be an “excepted investor,” which is not determinative on the foreign person’s nationality. Even if a foreign person meets the “excepted investor” criteria, the foreign person may lose their excepted status if, among others, the foreign person or related entities: 1) violated U.S. sanctions laws or received a civil monetary penalty from the Office of Foreign Assets Control (“OFAC”); 2) entered into a settlement agreement with OFAC or the Commerce Department, Bureau of Industry & Security (“BIS”); 3) were debarred by the State Department, Directorate of Defense Trade Controls; or 4) listed on the BIS Unverified List or Entity List.[8] It is evident that the proposed regulations, significantly impact foreign companies who violate U.S. sanctions and export control regulations.

Mandatory Filings

Another key aspect of FIRRMA and the proposed regulations is that CFIUS filings remain primarily voluntary. There are two types of transactions that trigger the mandatory declaration requirement: 1) certain covered control transactions or covered investments in certain U.S. businesses involved with critical technologies, pursuant to the Pilot Program that went into effect in November 2018; and 2) the covered transactions where a foreign government has a substantial interest in a TID U.S. business. Under both the Pilot Program and the proposed regulations, parties can fulfil the mandatory declaration requirement by filing the short-form declaration or the full notice in lieu of the declaration.

  1. Real Estate Transactions: Proximity to Sensitive Locations

FIRRMA and the proposed regulations also make clear that, in the eyes of CFIUS, real estate transactions that involve foreign parties can also be a matter of national security. As a result, foreign real estate investors looking to buy or lease property in the United States must be aware of these rules and how to effectively comply with them.

The proposed regulations regarding certain real estate transactions are found at 31 C.F.R. Part 802, which apply to “covered real estate transactions” defined as “the purchase or lease by, or a concession to,” a foreign person of “covered real estate,”[9] either directly or indirectly, that affords the foreign person certain property rights, and that do not fall within the seven “excepted real estate transactions.” The “covered real estate transactions” include transactions in or around sensitive sites such as specific airports, maritime ports, and military installations. The airports and maritime ports are identified on lists published by the U.S. Department of Transportation, and the military installations are listed at Appendix A to Part 802.

Moreover, the proposed regulations focus on real estate properties located within: 1) “close proximity” (one mile) of any military installation identified in parts 1 and 2 of Appendix A; 2) the “extended range” (between one mile and 100 miles) of any military installation enumerated in part 2 of Appendix A; 3) the 24 counties or geographic areas associated with missiles fields listed in part 3 of Appendix A; and 4) the 23 off-shore range complexes and operating areas, located within 12 nautical miles of the U.S. coastline and listed in part 4 of Appendix A.

The proposed regulations provide seven exceptions in § 802.217, which include transactions: 1) by certain “excepted real estate investors” based on their ties to “excepted real estate foreign states”; 2) covered real estate transactions not already covered under CFIUS’s jurisdiction pursuant to 31 C.F.R. Part 800 (e.g., control transactions and non-controlling investments involving TID U.S. businesses); 3) real estate in an “urbanized area” or “urban cluster,” unless it is in “close proximity” to a military installation listed on part 1 or 2 of Appendix A, or located within, or will function as part of, an airport or maritime port; 4) single housing units; 5) retail establishments at airports or maritime ports; 6) commercial office space within a multi-tenant commercial office building; and 7) certain lands owned by Alaska Natives or held in trust by the United States for American Indians, Indian tribes, Alaska Natives, and Alaska Native entities.

Under the new proposed regulations, real estate transactions, unlike certain covered non-controlling transactions mentioned above, do not require a mandatory filing. Parties subject to a “covered real estate transaction” can decide to file a voluntary notice or submit the “short-form” declaration to CFIUS. It is important for parties to keep in mind that certain real estate could fall under CFIUS’s jurisdiction under Part 800, which trigger the mandatory declaration filing requirement.

  1. Conclusion

By expanding CFIUS’s authority through these new proposed regulations, Treasury is increasing its role in national security matters as it relates to foreign investment and real estate transactions. The potential effects of these new proposed rules remain uncertain moving forward. Could these changes lead to a decline in foreign investment in the United States? According to the Secretary of the Treasury, the proposed rules are aimed at better addressing national security concerns and provide “clarity and certainty” as to the role of CFIUS, but do not discourage investment in the United States.[10] Such an intention may be true, but until the new proposed rules are implemented, the future role of CFIUS and its impact on foreign investment in the United States remains to be known.


[1] The proposed rules were published in the Federal Register on September 24, 2019.

[2] Provisions Pertaining to Certain Investments in the United States by Foreign Persons, 84 Fed. Reg. 50,174 (Sept. 24, 2019) (to be codified at 31 C.F.R. pt. 800) [hereinafter Covered Investments Regulations].

[3] Provisions Pertaining to Certain Transactions by Foreign Persons Involving Real Estate in the United States, 84 Fed. Reg. 50,214 (Sept. 24, 2019) (to be codified at 31 C.F.R. pt. 802) [hereinafter Real Estate Investments Regulations].

[4] As discussed below, the proposed regulations provide certain exceptions for an “excepted investor.”

[5] See § 800.211 in the Covered Investments Regulations, 84 Fed. Reg. at 50,185-86.

[6] The proposed regulations do not change the existing Critical Technologies Pilot Program under 31 C.F.R. Part 801. In brief, “critical technologies” is defined to include five categories, related to certain items subject to export controls and other regulatory schemes, and emerging and foundational technologies controlled under the Export Control Reform Act of 2018.

[7] See §§ 800.219 and 800.220 in the Covered Investments Regulations, 84 Fed. Reg. at 50,186-87.

[8] See § 800.220 in the Covered Investments Regulations, 84 Fed. Reg. at 50,187.

[9] “Covered real estate” is defined in § 802.211 and Appendix A to Part 800 in the Real Estate Investments Regulations, 84 Fed. Reg. at 50,224, 50,239.

[10] Press Release, U.S. Dep’t of the Treasury, Treasury Releases Proposed Regulations to Reform National Security Reviews for Certain Foreign Investments and Other Transactions in the United States, (Sept. 17, 2019) (available at

Browse by Type

Browse by Practice Area