When President Donald Trump signed the John S. McCain National Defense Authorization Act For Fiscal Year 2019 earlier this week, he did far more than fund the military for the coming fiscal year. The legislation also marked the culmination of almost a year of debate on how to protect the United States from national security threats posed by some foreign investments in the United States and demands by foreign governments to coerce transfers of critical technologies developed by American firms. In the end, just about everyone is satisfied with the compromises reached—for now, and with reservations about how the law will be implemented.
After heavy lobbying, the business community managed to water down earlier versions that would have resulted in far more, probably excessive government intrusion in their affairs both domestically and abroad. Export controls have received a long-overdue update, arming American firms against government demands like China's to transfer their technology. Now the battle shifts to how a new interagency process will define "emerging" and "foundational" technologies, a critical decision that will determine the ultimate impact of the new law. Narrow definitions could let technologies and applications critical to national security slip through the cracks, but overly broad definitions would bog down American innovation by forcing firms to submit mounds of paperwork to transfer even movie recommendation algorithms to Chinese partners if technology as general and nebulous as "artificial intelligence" is deemed critical to national security.
Important New Acts to Bolster National Security: FIRRMA and ECRA
The new defense law contains two key provisions that change the intersection between national security and economics in the United States: the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) for inbound investments and the Export Control Reform Act of 2018 (ECRA) for exports and outbound transfers of technology. They are thus two sides of the same coin: ensuring American technology and firms cannot be exploited to undermine its national security. Together, they work well to strike the difficult balance between America's longstanding openness to investment and global economic leadership with national security, while also heading off more extreme executive action that would surely have resulted if Congress had not acted so decisively.
Though the law is not explicitly about China, and the Treasury Department's FAQs on FIRRMA state that it "does not single out any specific country," Senators John Cornyn, Dianne Feinstein, and Richard Burr introduced FIRRMA in November of last year soon after a defense department unit released a report that highlighted risks from spiking Chinese investment in American early-stage technology companies. A rare bipartisan consensus has since arisen that something must be done about Chinese industrial policy, like its Made in China 2025 initiative. FIRRMA does single out China explicitly by requiring the Commerce Department to submit a biannual report on Chinese foreign direct investment (FDI) in the United States, including identifying which investments are made by state entities. Other provisions aimed at risks posed by "foreign government-controlled transaction[s]" are implicitly aimed at China and the pervasiveness of state-owned or controlled companies in its economy and foreign investments.
Expansion of Executive Authority is Limited
The law expands the scope of investments subject to national security reviews by the Committee on Foreign Investment in the United States (CFIUS), but far less than many feared. The initial FIRRMA bill would have expanded CFIUS jurisdiction to include investments made by American firms abroad. Covering such investments—as hawks in the administration wanted—would have added massive compliance burdens for multinational firms, putting them at a competitive disadvantage in deals abroad. It would also have given the executive branch unprecedented discretion to interfere with American firms' operations beyond US borders. Thankfully, Congress stood up to the executive, and the amended legislation eliminated this provision. It updated instead an existing export control regime far better suited to dealing with exports of sensitive technologies.
Some of the expansion also simply codified what already existed in CFIUS regulations and practice. Transactions that CFIUS will newly cover are:
- Real estate transactions near sensitive military areas or ports
- Certain investments in critical technology and infrastructure sectors or those controlling sensitive data on US citizens, even if they do not constitute control over the US business
- Transactions that are designed to evade the CFIUS process
The most important expansion of CFIUS jurisdiction is the second in the list above, as CFIUS previously only reviewed transactions if they resulted in control of a US business. But the rest are not novel in practice. CFIUS has reviewed cases of port investments and blocked Chinese fintech giant Ant Financial's proposed investment in US-based Moneygram last year, the latter reportedly over concerns about access to sensitive data. Provisions in the law that are in fact new are: a monitoring mechanism to ensure that covered transactions cannot evade reviews, sharing certain sensitive information related to CFIUS reviews with allies to improve international coordination, and more CFIUS authority to enforce agreements reached with transacting parties to mitigate security concerns. CFIUS will also include more statistics on its activities and transactions in its annual report, which will add welcome transparency to a generally opaque process.
CFIUS Improved with Increased Resources and Monitoring, and New Export Controls on New Critical Technologies
CFIUS will also receive a significant boost in resources through a dedicated fund established by Congress and authorization to collect a filing fee paid by transacting parties to help cover costs. A risk to watch, however, is that the filing fee makes American firms less attractive takeover targets when other competing firms based abroad have similar technology but no costly CFIUS-like review process.
As I outlined in an earlier piece after the first round of amendments to FIRRMA, the most critical issues now are how the interagency process defines technologies that are "foundational" and "emerging," which will be subject to the newly added export controls administered by the Department of Commerce. FIRRMA has only a vague definition for these technologies, leaving specifics and difficult trade-offs to the interagency process. Expansive definitions would help keep new technologies that could later be used for military purposes out of the hands of strategic adversaries, but at the cost of increased compliance burdens that could reduce American firms' competitiveness in a globalized economy where technologies tend to be available from firms based in many different countries.
The change in export controls could address a longstanding concern about Chinese industrial policy: demands to transfer critical technology to joint ventures or other entities there. For the first time, American firms will be able to say that they are legally required to request permission from American authorities to do so. Currently, many firms active in China fear reprisals from Beijing, so they acquiesce and do not share the existence of such demands with the US government. American policymakers have thus been left in the dark on how pervasive these demands are and what technologies are sought. The main benefits of the new regime are that 1) American firms will be able to reject demands that credibly harm American security, and 2) the US government will finally be able to gather data on many Chinese tech transfer demands.
Impact depends on how "emerging" and "foundational" technology is defined
Overall, FIRRMA and ECRA do not in themselves mark a radical shift in the way foreign investments in the United States are reviewed or how technologies critical to national security are controlled. Instead, both CFIUS and export controls have been updated, adapted, and improved to deal with current challenges and others on the horizon. Much of the damage that could have been done with excessive government authority to intervene in the economy was averted in the final legislation. Hopefully, the executive branch maintains this balance as it determines how broadly to define "emerging" and "foundational" technologies and does not tip the scales in an overly hawkish direction.
1. National Defense Authorization Act (NDAA) Section XVII for FIRRMA and Section XVII Subtitle B for ECRA.
2. NDAA Section 1719 (B).
3. These are subject to review if they grant the foreign investor decision-making rights with respect to the technology or data, influence such as board seats, or access to material nonpublic information about the technology or data.
4. NDAA Section 1710.
5. Section 1713.
6. Section 1718.
7. Section 1719.
8. Section 1723.
9. Section 1758.