U.S. Department of the Treasury in Washington, D.C. (Photo: Diego M. Radzinschi/ALM)

Foreign direct investment into the United States provides material economic benefits to the American people—including the promotion of economic growth, productivity, competitiveness and job creation.

Some bad actors, however, seek to take advantage of the United States' rules-based open investment climate and use foreign direct investment to undermine the country's strategic advantages by, for example, facilitating the transfer of technology or exploiting Americans' sensitive data.

The passage of the Foreign Investment Risk Review Modernization Act of 2018, better known as FIRRMA, provided the Committee on Foreign Investment in the United States with new tools to combat these threats while keeping America open for business.

Last week, the Department of the Treasury published two proposed rules to implement FIRRMA. Together, these rules carry out the bipartisan direction of Congress to strengthen and modernize CFIUS in order to protect the United States' long-standing open investment policy, while continuing CFIUS's singular focus on the national security risks of certain foreign direct investment.

In order to provide clarity and certainty for the private sector, FIRRMA strengthens and improves CFIUS's procedures, such as by introducing the option for parties to submit a five-page short form transaction "declaration" in lieu of a longer "notice."

Congress also addressed concerns that CFIUS's "control" jurisdiction—that is, over transactions that could result in foreign control of a U.S. business—did not adequately address certain national security risks posed by increasingly sophisticated transactions in a more and more interconnected global economy with rapidly advancing technology. CFIUS's new jurisdiction under FIRRMA will now also cover noncontrolling investments—which the new rules call "covered investments"—that provide a foreign person certain rights, access or involvement in a U.S. business involved with critical technology, critical infrastructure or sensitive personal data.

CFIUS took immediate action last year to implement part of the new FIRRMA jurisdiction through a critical technology "pilot program" covering certain industry sectors. Once effective, this week's proposed rules will fully implement the jurisdiction provided by FIRRMA over transactions relating to critical technology by establishing coverage over transactions that afford a foreign person specified rights in any U.S. business that produces, designs, tests, manufactures, fabricates or develops critical technology, without regard to industry sector. The proposed rules use the same definition of critical technology set by FIRRMA and used in the pilot program, which primarily comprises items subject to export controls. The proposed rules also set forth how CFIUS will implement FIRRMA-based coverage over certain noncontrolling investments in critical infrastructure that is likely to be of importance to U.S. national security.

The emergence of the digital economy and advancements in machine learning have also facilitated the collection and analysis of large datasets, which adversaries can manipulate to exploit valuable information. FIRRMA's coverage of certain investments in businesses that collect sensitive personal data reflects growing national security concern over this potential for exploitation. The new rules establish defined categories of "sensitive personal data," and focus on both the sensitivity of the population from whom data is collected and the underlying sensitivity of the data itself. Investments in U.S. businesses that target or tailor their products and services to sensitive U.S. government personnel or contractors are covered because exploitation of such personal data may present serious national security risks. The proposed rules also cover investments in U.S. businesses that have or intend to collect large quantities of sensitive personal data.

Congress also sought to remedy an odd and potentially dangerous loophole by enhancing CFIUS's jurisdiction to cover certain real estate transactions. CFIUS's authority to review real estate transactions around sensitive sites now aligns with CFIUS's authority to review the acquisition by a foreign person of a controlling interest in a U.S. business that owns real estate in proximity to the same sensitive sites.

Under FIRRMA's direction, the proposed regulations define a "covered real estate transaction" to include any purchase, lease or concession of "covered real estate" that affords a foreign person certain property rights. The focus of the proposed regulations is on these types of transactions when they occur in and/or around specific airports, maritime ports and military installations. The proposed regulations also exclude certain types of real estate transactions from coverage, including single-family houses.

Significantly, the core principles under which CFIUS operates do not change and, in fact, have been reinforced. CFIUS remains focused exclusively on national security, using its case-specific, robust and rigorous "risk-based analysis" approach to reviewing transactions. In drafting these regulations, the Treasury Department engaged with our interagency partners and external stakeholders to most effectively achieve national security objectives while also preserving our open investment environment, consistent with the intent of FIRRMA.

Foreign direct investment has played an integral role in the economic growth experienced under the Trump administration. These regulations provide critical clarity and predictability to the private sector and enhance the nation's national security apparatus, all while keeping America open for business.

The proposed rules implement the provisions of FIRRMA described here and more. FIRRMA requires that final regulations become effective no later than Feb. 13, 2020. Public comments, which can be submitted through Oct.17, 2019, will inform development of the final regulations.

Thomas P. Feddo is the assistant secretary of the treasury for investment security, a position created by the Foreign Investment Risk Review Modernization Act of 2018.