Confronting China through CFIUS Reform: Improved, But Still Problematic



In the last quarter century of China’s rise, few issues have stirred more anxiety in the United States than China’s increasing technological prowess and the evidence that state-backed strategic investments abroad and the exploitation or even theft of American technology by Chinese entities—including its government, private firms, and state-owned companies—are behind it. Republicans and Democrats in Congress have been deeply concerned with the issue, long before President Trump focused on it, and aimed last year to address it with new legislation. This summer, Congress appears poised to enact a major change to curb Chinese investment in the United States—and also to limit the ability of US companies to invest in China if such activities risk transferring sensitive technologies to their Chinese partners.

Lawmakers say that their approach, embodied in the Foreign Investment Risk Review Modernization Act (FIRRMA), has a good chance of passing this year. The legislation would strengthen the power of the Committee on Foreign Investment in the United States (CFIUS), the interagency executive branch body that reviews a foreign investment if it “threatens to impair the national security of the United States.” Though FIRRMA is clearly motivated by concerns about China, its passage would affect investment with entities from a broad swath of countries, including US allies. More broadly, the legislation would set up an interagency group to monitor the transfer of “foundational” technologies and products—American companies’ “crown jewels”—to entities from China and other countries considered potential security risks.

No doubt the objectives of this legislation are laudable. Moreover, the authors have made changes that improved the bill’s earlier version, which would have been cumbersome to enact and dangerously intrusive into the affairs of private business while establishing opaque standards all but guaranteeing arbitrary and unfair government behavior. But for all these improvements, the legislation still embodies many risks, as outlined in this posting.


The Chinese government and Chinese firms have many ways to obtain technology developed by American firms:

While theft is the most problematic and likely pervasive method of transfer, it is a law enforcement and intelligence matter that CFIUS cannot effectively address. FIRRMA’s first draft instead tried to address the first three methods. In a blog post and congressional testimony on the initial proposal, PIIE Senior Fellow Gary Hufbauer argued that the bill’s expansion of CFIUS authority to include reviews of outbound investment would put American technology companies at a disadvantage for partnerships abroad. Amendments to the draft since then have eliminated the power to review outbound investments, and FIRRMA has unanimously passed committees in the House and the Senate. However, the CFIUS process and its form if FIRRMA passes remain opaque and grant excessive discretion to the executive branch.

The Good

Improved export control regime. In the latest version, Congress has opted to rely on an addition to the existing export control regime for the review of outbound transactions of US companies. With its experience limited to reviewing inbound investments on a case-by-case basis, CFIUS would have been ill-equipped to take on the responsibility of scrutinizing entire sets of technologies and how they are transferred abroad. By contrast, the export control regime has decades of experience regulating exports of sensitive technology like those for dual-use (military and civilian) purposes. FIRRMA as amended creates a new interagency process headed by the Bureau of Industry and Security (BIS) at the Department of Commerce to set rules for the export or transfer of “foundational technologies” that are not on export control lists but pose emerging national security concerns.

Both the House and Senate versions of the bill also call for modernizing the multilateral export control regime. In a globalized world, any given product or technology is unlikely to be produced solely by an American firm in America, and American firms are developing technology all over the world with local partners. Thus, only multilateral solutions can be truly effective in controlling the spread of sensitive technology.

Increased resources. The bill also authorizes increased resources, currently limited to what individual agencies are willing to supply, to ensure that CFIUS has the staff and tools necessary for its reviews, crucially including the development of a mechanism to monitor transactions that are not voluntarily submitted for review.[1] Monitoring and increased resources would go a long way to ensuring smaller transactions with complicated webs of ownership that might include the Chinese government do not slip through the cracks. Another important but unrelated improvement in the Senate bill would allow firms to appeal CFIUS decisions and provide a check on overly broad readings of its authority.

Focuses the mission of CFIUS. The bill also includes a “sense of Congress” section to concentrate attention on the kind of practices CFIUS is aimed at preventing. The first point considers whether the country in question has a “strategic goal of acquiring a type of critical technology or critical infrastructure that would affect [U.S.]…leadership…in areas related to national security.” This provision is likely motivated by the Made in China 2025 program and other aspects of Chinese industrial policy that may use state companies and other methods to obtain US technology for strategic/security, rather than commercial, purposes. The second considers whether the firm involved has a “history of complying with [U.S.] laws and regulations,” which seems aimed at increased scrutiny for investments by firms like ZTE that have repeatedly violated US sanctions.

The Bad

Criteria and definitions still vague. A persistent criticism of the CFIUS process is that its evaluation criteria and explanations of its decisions are opaque. Yet even as amended FIRRMA would exacerbate this issue. The key terms “critical technology” and “countries of special concern” remain vague, and businesses cannot be sure if their potential investors’ country of origin will require a CFIUS review.[2] Overly broad legislative definitions already effectively allow CFIUS to determine its own jurisdiction, which is flexible enough to expand, and has been doing so recently, without legislative action like FIRRMA. The Trump administration's recent executive actions under other statutes, such as the use of national security concerns to justify imposition of tariffs on steel and aluminum from allies including the European Union, Canada, and Mexico, demonstrate the danger of unchecked authority to use national security as a tool in economic policy. Some argue that more specific wording could allow threats to slip through the cracks, but it may be even more dangerous to increase the already extensive discretion of the executive branch to intervene in the US and world economies.

The same is true of the new export control process, which is supposed to oversee “foundational” and “emerging” technologies. A technology as broadly defined as artificial intelligence could be named a foundational technology and require special licenses to export, which would bog down US firms with red tape and meetings with bureaucrats to explain their technology, while China, with increasing prowess in these fields, gains market share elsewhere. To illustrate the absurdity of the potential breadth, Netflix could face restrictions on use of its movie recommendation algorithm abroad if it is based on “artificial intelligence.”

By their very nature, these emerging technologies are unproven, meaning that onerous restrictions on US firms would be based on speculation about future threats. There is not yet concrete evidence that the rise in early stage investments by Chinese firms has led to a worrisome outflow of intellectual property to China. We should also not forget that American investors have benefited enormously from early investments in Chinese technology companies like Alibaba. China already responded in March with measures to protect its own critical technologies more than they do already. Escalating such restrictions on both sides risks cutting American investors, researchers, and companies out of a market that a report backed by the Department of Defense admits is on its way to becoming “one of the most innovative economies.”

Proposed fees would further burden US firms. Another issue is the bill’s proposal to impose fees. Firms undergoing CFIUS review today already incur sizable fees retaining legal counsel to guide them through the process and take measures to mitigate national security risks that CFIUS identifies. But FIRRMA would raise the cost of foreign investment even more by authorizing CFIUS to directly collect a potentially large filing fee as well.[3] Combined with the authority to determine its own jurisdiction, a CFIUS empowered to raise resources by charging for reviews may find itself tempted to increase its caseload beyond what is truly necessary.

The Ironic

The recent amendments to FIRRMA make it less problematic than the original version, but the CFIUS process still risks taking a page out of Beijing’s playbook—opaque, broadly-worded regulations that combine national security with economic security. Ironically, it is this type of “black box” review in China’s cybersecurity law that foreign firms in China say deprives them of a level playing field. These complaints prompted the US Trade Representative to cite this law in its Section 301 report on China as “pressur[ing] unnecessary disclosure of companies’ most critical technologies.” And yet FIRRMA may end up requiring US firms to disclose their critical technologies to a new crop of US officials to get approval for foreign investment or even partnerships abroad, though there is less of a risk that these will be passed to other parties than there is in a country with state companies, such as China. In addition, executive action could further expand CFIUS authority to reintroduce scrutiny of outbound transactions or require “investment reciprocity.” Congress and the executive branch should carefully consider the implications and trade-offs of significantly raising the power of the state to intervene in markets, especially when these can be abused for political ends.


1. Only 172 “covered transactions” were reviewed in 2016, the last year for which data are available. See more statistics on CFIUS reviews.

2. Critical technology is defined as “technology, components, or technology items that are essential or could be essential to national security.” Country of special concern is defined only as “a country that poses a significant threat to the national security interests of the United States.” Note that the inclusion of “could be” and “interests” greatly broadens the scope of these definitions.

3. The House version proposes a cap of 1 percent of the transaction value or $300,000, while both versions require CFIUS to consider the cost of its reviews in its fee structure and the potential impact on small business.

More From