For years, investing in technology start-ups in the United States was easy from a U.S. law perspective. As long as an investor was not from a small list of countries (like North Korea, Iraq, and the Sudan), there were generally no issues except potentially some post-investment information reporting.

That changed completely as of August 13, 2018 when the Foreign Investment Risk Review Modernization Act of 2018 became U.S. law; true to the American predilection for designating legal acts with snappy acronyms, it is widely referred to as FIRRMA.

As it turns out, a prospective investor looking to put her money in Silicon Valley or another new technology hotspot in the United States now may face a significant regulatory hurdle. This presents something of a paradox, at least to those of us reared on the vision of the United States as a promised land of unfettered possibilities and unbounded freedom. Please read on for details.

Pre-FIRRMA. Before FIRRMA, the U.S. Department of Treasury administered an inter-agency known as “CFIUS” to monitor certain investments by foreign parties and foreign governments into U.S. companies with “critical technologies” vital to U.S. national security where the result of the investment was that the foreign party had “control” over the U.S. business.

There was never a precise definition of these “critical technologies” or what constituted “control”; but, over time, CFIUS practitioners focused on technologies that directly related to national defense or those that could put critical U.S. infrastructure at risk. CFIUS routinely took the position that “control,” at a minimum, was having board representation that could steer major decisions. The bottom-line was that a “typical” VC investment into things like data analytics, therapeutics, SaaS, mobile, etc. probably would have never triggered CFIUS review. Because of this, CFIUS compliance was never on the radar screen for non-U.S. VCs.

Post-FIRRMA Expansion. Under FIRRMA, interpretations of “control” and “critical technologies” have been greatly expanded, meaning the number and types of transactions requiring CFIUS compliance have grown exponentially and likely cover a significant percentage of U.S. start-up investment opportunities. Now, if you are a foreign investor that makes a “non-passive” investment into a U.S. entity with “critical technologies”, you are deemed to have sufficient control and CFIUS compliance is required.

Non-Passive Investments. A non-passive investment is any non-acquisition investment that gives a foreign investor any of the following rights:

  • Access to any material nonpublic technical information in the possession of the target U.S. business;
  • Membership or observer rights on the board of directors or equivalent governing body of the U.S. business, or the right to nominate an individual to a position on the board of directors or equivalent governing body of the U.S. business; or
  • Any involvement, other than through voting of shares, in substantive decision-making of the U.S. business regarding the use, development, acquisition, or release of critical technology.

This list is almost impossible to avoid in most VC-style equity investments. Most VCs can at least “nominate” an individual to the board of directors and receive information from the target post-closing.

Emerging and Foundational Technologies. Importantly, the definition of “critical technologies” triggering CFIUS compliance has been expanded to now include “emerging and foundational technologies”, a new, yet-to-be-defined concept. However, the words alone seem to indicate almost any US emerging growth technology company would be covered.

In fact, the Bureau of Industry and Security (BIS) within the U.S. Department of Commerce (Commerce), an agency tasked with helping define what “emerging and foundational technologies” published a notice on November 19, 2018 identifying currently fourteen (14) categories of technologies that Commerce is evaluating whether or not to include in the final definition of “emerging technologies”:

  • Biotechnology
  • AI and machine learning
  • Data analytics technology
  • Logistics technology
  • Additive manufacturing (e.g., 3D printing)
  • Robotics
  • Microprocessor technology
  • Advanced Computing
  • Quantum information and sensing technology
  • Brain-computer interfaces
  • Hypersonics
  • Advanced materials
  • Advanced surveillance technologies
  • Position, Navigations and Timing technology

If these types of technologies are adopted within the final “emerging technologies” definition, given the new breadth of what constitutes “control”, a non-US investor will need to investigate whether CFIUS compliance is necessary to make an investment in a U.S. start-up.

A separate alert will be published soon on how CFIUS compliance works, in general, including an overview of a new “pilot program” implemented by CFIUS to govern target companies that fall within 27 specifically identified industries.

Contact:

Michał Bochowicz
Advocate, managing associate

m.bochowicz@gessel.pl

Jacob Schwarz
Pacific Crest Law Partners, LLP
jake@pacificcrestlaw.com

This text is drawn up by Gessel, Koziorowski Sp.k. and by Pacific Crest Law Partners as general open-source information. It is not intended as legal advice of any kind, and should not be treated as such. Neither Gessel, Koziorowski Sp.k. nor Pacific Crest Law Partners (and none of their respective partners, associates, employees or cooperating entities) accepts any liability for any use of this text or for reliance on its contents in any scope.