United States: CFIUS Proposed Rules Target Critical Technology, Sensitive Personal Data And Real Estate

Last Updated: October 18 2019
Article by John R. Ingrassia, Matthew McBride and Owen Masters

On September 17, 2019, the Department of the Treasury issued long-awaited proposed rules implementing many of the provisions of the Foreign Investment Risk Review Modernization Act of 2018 ("FIRRMA"), which substantially expanded the jurisdiction of the Committee on Foreign Investment in the United States ("CFIUS") to conduct national security reviews of foreign investment in the United States.

The proposed rules were issued in two parts: 31 CFR Part 800 - Provisions Pertaining to Certain Investments in the United States by Foreign Persons and 31 CFR Part 802 - Provisions Pertaining to Certain Transactions in the United States by Foreign Persons Involving Real Estate. CFIUS already had the authority review any control transaction by a foreign person in respect to U.S. businesses to determine the potential impact on the national security of the United States. Under the Part 800 Rule, CFIUS's jurisdiction has been expanded to also cover certain non-controlling investments in U.S. business that (i) are involved with "critical technologies", (ii) own, operate, manufacture or supply or provide services to "critical infrastructure" or (iii) that collect or maintain "sensitive personal data", in each case, if such investments afford foreign persons certain rights (as described below). Under the Part 802 Rule, CFIUS will also have the jurisdiction to review certain "covered real estate transactions" if the relevant real estate is in close proximity to U.S. military installations or sensitive U.S. government facilities, or within or part of an airport or a maritime port.

On the one hand, the proposed rules greatly expand CFIUS's jurisdiction to review a wide range of foreign investments in U.S businesses and real estate. On the other hand, the proposed rules show some restraint on the part of CFIUS by limiting the instances where mandatory CFIUS filings are required.

The comment period for the proposed rules is open until October 17, 2019, and, in accordance with FIRRMA, the rules are required to be finalized no later than February 13, 2020. Below are key takeaways from the proposed rules.

1. The Pilot Program (including mandatory filings) remain in place

The proposed rules do not alter the interim "Pilot Program" rules (31 CFR Part 801) issued on October 11, 2018. Until further notice, or until the Pilot Program expires in February 2020 if not extended, investments subject to the Pilot Program will continue to be subject to potential mandatory CFIUS filings.

Under the Pilot Program, a mandatory filing regime was created for certain foreign investments in U.S. businesses that produce, design, test, manufacture, fabricate, or develop certain "critical technologies" if such transaction: (i) could result in a foreign person controlling such business, (ii) affords a foreign person with access to "material non-public technical information" regarding such business (information necessary to design, fabricate, develop, test produce or manufacture critical technologies), (iii) affords a foreign person with membership or observer rights on the board of such business or (iv) affords a foreign person the right to involvement in the substantive decision-making of such business with respect to the relevant critical technology. Critical technologies include: (a) defense services and articles controlled by the International Traffic in Arms Regulations, (b) items controlled by the Export Administration Regulations for reasons related to national security, chemical and biological weapons proliferation, nuclear nonproliferation, missile technology, regional stability, or surreptitious listening, (c) specially designed nuclear components, parts and technology and (d) select agents and toxins, in each case, used in or developed for any of the twenty-seven sensitive industries enumerated under the Pilot Program rule (please see our October 31, 2018 alert for the complete list of industries), and also include certain "emerging and foundation technologies" controlled under the Export Control Reform Act. The rules defining "emerging and foundational technologies" are expected by year end, and are likely to include categories such as biotechnology, artificial intelligence, additive manufacturing (including 3-D printing), navigation and timing (including self-driving car technology), microprocessor technology, robotics and quantum computing. When the final list of "emerging and foundation technologies" is released, it will be immediately relevant, as they will automatically be incorporated into the definition of critical technologies.

Under the Pilot Program, indirect participation in such investments by a foreign person as a limited partner of a private investment fund generally does not trigger a mandatory CFIUS filing if: (i) the fund is exclusively managed by a general partner (or equivalent) that is not the foreign person, (ii) neither the foreign person nor the advisory board of the fund has certain control rights with respect to the fund, including, the ability to control investment decisions or participate in the substantive decision making of the fund regarding companies in which the fund is invested, or the ability to unilaterally select or remove the general partner (or equivalent) and (iii) the foreign person does not have access to "material non-public technical information" regarding the applicable company.

2. The proposed rules maintain CFIUS's jurisdiction to review control investments

Whether an investment fund organized in a non-U.S. jurisdiction is itself a foreign person (including by virtue of its general partner being organized in a non-U.S. jurisdiction and/or one or more of its control persons not being a U.S. national), or the involvement of investment professionals who are not U.S. nationals in the investment activities of an investment fund could cause a mandatory CFIUS filing, remains a fact-specific analysis. 

The proposed regulations maintain CFIUS's broad jurisdiction to review for national security reasons any investment in any U.S. business (referred to as, "covered control transactions" in the proposed rules) where a foreign person obtains "control" of the U.S. business. The term control is broadly defined (generally, the power to determine, direct or decide important matters of the business) and could be triggered even where the foreign investor holds a small minority stake in the business (if for example, the investor retains the right to dismiss senior executives, terminate significant contracts or select new business lines).

3. The proposed rules expand CFIUS's jurisdiction to review non-control investments in TID U.S. Businesses

CFIUS's jurisdiction has been expanded to cover certain non-controlling equity investments in U.S. businesses that (i) are involved with "critical technologies", (ii) own, operate, manufacture or supply or provide services to "critical infrastructure" that is so vital to the United States that the incapacity or destruction of such systems or assets would have debilitating impact on national security or (iii) that collect or maintain "sensitive personal data" that may be exploited in a manner that threatens to harm national security (a "TID U.S. Business"). Any such direct or indirect foreign investment in a TID U.S. Business (referred to as a "covered investment" in the proposed rules) is subject to CFIUS's jurisdiction if such investment affords a foreign person:

  1. access to "material non-public technical information";
  2. membership or observer rights on the board of such business; or
  3. rights to involvement, other than through voting shares, in the "substantive decision-making"1 of such business.

    Critical Technologies. The criteria for determining a "critical technology" U.S. business is unchanged from the Pilot Program, except that for purposes of potentially being a TID U.S. Business, there is no requirement that relevant business uses the "critical technology" in one of the enumerated twenty-seven sensitive pilot program industries.

    Critical Infrastructure. A "critical infrastructure" investment is generally an investment in a U.S. business that owns, operates, manufactures or supplies or provides services (referred to as "functions related to critical infrastructure" in the proposed rules) to critical infrastructures, including, certain defense industrial base sectors, telecommunications, energy, transportation, financial services and public water and waste systems. The proposed rules provide an appendix (reproduced at the end of this Alert) that sets forth the combinations of the twenty-eight categories of "critical infrastructures" and "functions related to critical infrastructure" that potentially constitute a TID U.S. Businesses.

    Sensitive Personal Data. A "sensitive personal data" investment is generally an investment in a U.S. businesses that maintains or collects "identifiable data" (generally, data that can be used to identify a person of a type falling within one of the ten categories set forth below) of more than one million people, or tailors its product to U.S. executive branch or military personnel. The applicable "identifiable data" categories generally include: (i) data that could be used to determine a person's financial distress, (ii) data contained in a consumer report (unless limited data is obtained from a consumer reporting agency for purposes described in the Fair Credit Reporting Act), (iii) data contained in insurance applications, (iv) data that relates to a person's physical, mental or psychological well-being (i.e. health information), (v) non-public electronic communications, including, email messaging, or chat communications between or among users of a U.S business' products or services (if the U.S. business is providing communications platforms used by third parties), (vi) geolocation data, (vii) biometric enrollment data (e.g., facial, voice, retina and fingerprints), (viii) data stored and processed for generating state and federal identification cards, (ix) data concerning U.S. government personnel security clearance and (x) data in an application for U.S. government security clearance. Genetic information constitutes "sensitive personal data", regardless of the amount of data collected or maintained, who the business targets or if it falls within one of the ten categories set forth above. The proposed regulations expressly exclude information that an employer may maintain with respect to its own employees.

4. Investment fund exception for "covered investments" in TID U.S. Businesses

Similar to the Pilot Program, the proposed rules contain an exception for indirect "covered investments" of foreign persons in a TID U.S. Businesses through a private investment fund. The criteria for determining if this exception applies are the same criteria utilized by the Pilot Program investment fund exception (described above).

5. New mandatory filings only applies to a narrow category of transactions

Under the proposed rules, a mandatory CFIUS filing is only required if a foreign person acquires a 25% or more of the voting interests in a TID U.S. Business and, in turn, a foreign government holds 49% or more of the voting interests in that foreign person (referred to as "substantial interest" in such TID U.S. Business in the proposed rules). As discussed above, the mandatory filing requirements of the Pilot Program relating to "critical technology" U.S. businesses remain in effect. Outside of these transactions, under the proposed rules, CFIUS filings would remain voluntary.

6. The proposed rules explain how FIRRMA applies to real estate

Certain transactions involving real estate where the transaction could result in a foreign person controlling a U.S. business have always been subject to CFIUS's jurisdiction. Recognizing that real estate transactions implicate different concerns and different review procedures than M&A transactions, CFIUS opted to conduct a separate rule-making solely for real estate transactions that do not necessarily involve the acquisition of an operating business. Under the proposed rules CFIUS will have jurisdiction over the purchase or lease by, or concession to, a foreign person of "covered real estate" if the foreign person obtains three or more of the following property rights: (i) the right to physical access, (ii) the right to exclude others, (iii) the right to improve or develop the property or (iv) the right to attach fixed or immovable objects. Covered real estate generally includes real estate that is physically within or functionally a part of an airport or a maritime port, or close to U.S. military installations and other sensitive government facilities. CFIUS appears to be concerned with, among other things, the ability of foreign persons to collect intelligence and the risk of exposing sensitive activities. For certain military facilities, real estate within a 100-mile radius will come under the new rule. The proposed rules provide for certain exceptions related to single housing units, retail trade and food services, commercial office space, the extension of a mortgage or similar financing for a foreign person to acquire "covered real estate" and real estate within urban areas of urbanized clusters. Though real estate acquisitions will not require mandatory filings, parties should be aware that gaining access or other property rights may trigger CFIUS jurisdiction and interest, depending on the facility and the nature and nationality of the buyer.

7. The "White List"

The proposed rules will also introduce a list of "excepted foreign states" whose investors may be exempt from CFIUS's expanded non-control TID U.S. Business and real estate transaction jurisdiction. At least two-thirds of the voting members of CFIUS must agree to add a foreign state to this list. Countries on the list must maintain a robust process to analyze foreign investments for national security risks and facilitate coordination with the Unites States on matters relating to investment security. Given these requirements the list is expected to be quite narrow. In a stakeholder's meeting on September 27, 2019, Thomas Feddo, the newly appointed Assistant Secretary for Investment Security, said the list of "excepted foreign states" should be available by early 2020, and that the exemption would be available immediately – giving the designated countries a two year grace period to implement satisfactory foreign investment review programs.

In order for a specific investor (referred to as an "excepted investor" in the proposed rules) to qualify for the exception, such investor generally would need to be (i) a foreign national of such foreign state, (ii) a foreign government of such foreign state or (iii) a foreign entity that is organized and has its principal place of business in the United States or such foreign state, all members of its board of directors (or similar body) must be citizens of the United States or such foreign state and all investors with equity interests of 5% or more in such entity must be citizens of the United States or such foreign state. If the above criteria cease to be true within three years from the completion date of the transaction, CFIUS may assert its jurisdiction over the previously exempted transaction. Under the proposed rules, a similar "excepted real estate investor" exemption has been proposed with respect to real estate transactions, though Treasury has said that the list of excepted foreign states for real estate transactions may not be identical to the list of excepted foreign states for TID transactions.

Conclusion

The proposed rules greatly expand CFIUS's jurisdiction to review a wide-range of transactions involving foreign investment in U.S technology, infrastructure and data businesses, and the purchase or lease by, or a concession to, a foreign person of sensitive U.S. real estate. However, as discussed above, other than with respect certain foreign government investing in TID U.S. Businesses (and the Pilot Program mandatory filings remaining in effect), the proposed rules have not expanded the types of transactions requiring a mandatory CFIUS filing, and thus CFIUS filings are expected to largely remain voluntary. We will provide updates on any developments as the proposed rules proceed through the rule-making process and into their final forms. In the meantime, we expect CFIUS will monitor and examine a wide range of foreign investment in U.S. businesses where national security concerns could be implicated.

Appendix A to part 800—Covered investment critical infrastructure and functions related to covered investment critical infrastructure

Column 1 – Covered investment critical infrastructure Column 2 – Functions related to covered investment critical infrastructure

(i) Any:

(a) internet protocol network that has access to every other internet protocol network solely via settlement-free peering; or

(b) telecommunications service or information service, each as defined in section 3(a)(2) of the Communications Act of 1934 (47 U.S.C. 153), as amended, or fiber optic cable that directly serves any military installation identified in § 802.229.

(i) Own or operate any:

(a) internet protocol network that has access to every other internet protocol network solely via settlement-free peering; or

(b) telecommunications service or information service, each as defined in section 3(a)(2) of the Communications Act of 1934 (47 U.S.C. 153), as amended, or fiber optic cable that directly serves any military installation identified in § 802.229.

(ii) Any internet exchange point that supports public peering.

(ii) Own or operate any internet exchange point that supports public peering.

(iii) Any submarine cable system requiring a license pursuant to section 1 of the Cable Landing Licensing Act of 1921 (47 U.S.C. 34), as amended, which includes any associated submarine cable, submarine cable landing facilities, and any facility that performs network management, monitoring, maintenance, or other operational functions for such submarine cable system.

(iii) Own or operate any submarine cable system requiring a license pursuant to section 1 of the Cable Landing Licensing Act of 1921 (47 U.S.C. 34), as amended, which includes any associated submarine cable, submarine cable landing facilities, and any facility that performs network management, monitoring, maintenance, or other operational functions for such submarine cable system.

(iv) Any submarine cable, landing facility, or facility that performs network management, monitoring, maintenance, or other operational function that is part of a submarine cable system described above in item (iii) of Column 1 of appendix A to part 800.

(iv) Supply or service any submarine cable, landing facility, or facility that performs network management, monitoring, maintenance, or other operational function that is part of a submarine cable system described above in item (iii) of Column 1 of appendix A to part 800.

(v) Any data center that is collocated at a submarine cable landing point, landing station, or termination station.

(v) Own or operate any data center that is collocated at a submarine cable landing point, landing station, or termination station.

(vi) Any satellite or satellite system providing services directly to the Department of Defense or any component thereof.

(vi) Own or operate any satellite or satellite system providing services directly to the Department of Defense or any component thereof.

(vii) Any industrial resource other than commercially available off-the-shelf items, as defined in section 4203(a) of the National Defense Authorization Act for Fiscal Year 1996 (41 U.S.C. 104), as amended, that is manufactured or operated for a Major Defense Acquisition Program, as defined in section 7(b)(2)(A) of the Defense Technical Corrections Act of 1987 (10 U.S.C. 2430), as amended, or a Major System, as defined in 10 U.S.C. 2302d, as amended and:

(a) the U.S. business is a "single source," "sole source," or "strategic multisource," to the extent the U.S. business has been notified of such status; or

(b) the industrial resource:

(1) requires 12 months or more to manufacture; or

(2) is a "long lead" item, to the extent the U.S. business has been notified that such industrial resource is a "long lead" item.

(vii) As applicable, manufacture any industrial resource other than commercially available off-the-shelf items, as defined in section 4203(a) of the National Defense Authorization Act for Fiscal Year 1996 (41 U.S.C. 104), as amended, or operate any industrial resource that is a facility, in each case, for a Major Defense Acquisition Program, as defined in section 7(b)(2)(A) of the Defense Technical Corrections Act of 1987 (10 U.S.C. 2430), as amended, or a Major System, as defined in 10 U.S.C. 2302d, as amended and:

(a) the U.S. business is a "single source," "sole source," or "strategic multisource," to the extent the U.S. business has been notified of such status; or

(b) the industrial resource:

(1) requires 12 months or more to manufacture; or

(2) is a "long lead" item, to the extent the U.S. business has been notified that such industrial resource is a "long lead" item.

(viii) Any industrial resource, other than commercially available off-the-shelf items, as defined in section 4203(a) of the National Defense Authorization Act for Fiscal Year 1996 (41 U.S.C. 104), as amended, that is manufactured pursuant to a "DX" priority rated contract or order under the Defense Priorities and Allocations System regulation (15 CFR part 700, as amended) in the preceding 24 months.

(viii) Manufacture any industrial resource, other than commercially available off-the- shelf items, as defined in section 4203(a) of the National Defense Authorization Act for Fiscal Year 1996 (41 U.S.C. 104), as amended, pursuant to a "DX" priority rated contract or order under the Defense Priorities and Allocations System regulation (15 CFR part 700, as amended) within 24 months of the transaction in question.

(ix) Any facility in the United States that manufactures:

(a) specialty metal, as defined in section 842(a)(1)(i) of the John Warner National Defense Authorization Act for Fiscal Year 2007 (10 U.S.C. 2533b), as amended;

(b) covered material, as defined in 10 U.S.C. 2533c, as amended;

(c) chemical weapons antidote contained in automatic injectors, as described in 10 U.S.C. 2534, as amended; or

(d) carbon, alloy, and armor steel plate that is in Federal Supply Class 9515 or is described by specifications of the American Society for Testing Materials or the American Iron and Steel Institute.

(ix) Manufacture any of the following in the United States:

(a) specialty metal, as defined in section 842(a)(1)(i) of the John Warner National Defense Authorization Act for Fiscal Year 2007 (10 U.S.C. 2533b), as amended;

(b) covered material, as defined in 10 U.S.C. 2533c, as amended;

(c) chemical weapons antidote contained in automatic injectors, as described in 10 U.S.C. 2534, as amended; or

(d) carbon, alloy, and armor steel plate that is in Federal Supply Class 9515 or is described by specifications of the American Society for Testing Materials or the American Iron and Steel Institute.

(x) Any industrial resource other than commercially available off-the-shelf items, as defined in 41 U.S.C. 104, as amended, that has been funded, in whole or in part, by any of the following sources in the last 60 months:

(a) Defense Production Act of 1950 Title III program (50 U.S.C 4501, et seq.), as amended;

(b) Industrial Base Fund pursuant to section 896(b)(1) of the Ike Skelton National Defense Authorization Act for Fiscal Year 2011 (10 U.S.C. 2508), as amended;

(c) Rapid Innovation Fund pursuant to section 1073 of Ike Skelton National Defense Authorization Act for Fiscal Year 2011 (10 U.S.C. 2359a), as amended;

(d) Manufacturing Technology Program pursuant to 10 U.S.C. 2521, as amended;

(e) Defense Logistics Agency Warstopper Program, as described in DLA Instruction 1212, Industrial Capabilities Program –Manage the WarStopper Program; or

(f) Defense Logistics Agency Surge and Sustainment contract, as described in Subpart 17.93 of the Defense Logistics Acquisition Directive.

(x) As applicable, manufacture any industrial resource other than commercially available off-the-shelf items, as defined in 41 U.S.C. 104, as amended, or operate any industrial resource that is a facility, in each case, that has been funded, in whole or in part, by any of the following sources within 60 months of the transaction in question:

(a) Defense Production Act of 1950 Title III program (50 U.S.C. 4501, et seq.), as amended;

(b) Industrial Base Fund pursuant to section 896(b)(1) of the Ike Skelton National Defense Authorization Act for Fiscal Year 2011 (10 U.S.C. 2508), as amended;

(c) Rapid Innovation Fund pursuant to section 1073 of Ike Skelton National Defense Authorization Act for Fiscal Year 2011 (10 U.S.C. 2359a), as amended;

d) Manufacturing Technology Program pursuant to 10 U.S.C. 2521, as amended;

(e) Defense Logistics Agency Warstopper Program, as described in DLA Instruction 1212, Industrial Capabilities Program – Manage the WarStopper Program; or

(f) Defense Logistics Agency Surge and Sustainment contract, as described in Subpart 17.93 of the Defense Logistics Acquisition Directive.

(xi) Any system, including facilities, for the generation, transmission, distribution, or storage of electric energy comprising the bulk-power system, as defined in section 215(a)(1) of the Federal Power Act (16 U.S.C. 824o(a)(1)), as amended.

(xi) Own or operate any system, including facilities, for the generation, transmission, distribution, or storage of electric energy comprising the bulk-power system, as defined in section 215(a)(1) of the Federal Power Act (16 U.S.C. 824o(a)(1)), as amended.

(xii) Any electric storage resource, as defined in 18 CFR § 35.28(b)(9), as amended, that is physically connected to the bulk-power system.

(xii) Own or operate any electric storage resource, as defined in 18 CFR § 35.28(b)(9), as amended, that is physically connected to the bulk-power system.

(xiii) Any facility that provides electric power generation, transmission, distribution, or storage directly to or located on any military installation identified in § 802.229.

(xiii) Own or operate any facility that provides electric power generation, transmission, distribution, or storage directly to or located on any military installation identified in § 802.229.

(xiv) Any industrial control system utilized by:

(a) system comprising the bulk-power system as described above in item (xi) of Column 1 of appendix A to part 800; or

(b) a facility directly serving any military installation as described above in item (xiii) of Column 1 of appendix A to part 800.

(xiv) Manufacture or service any industrial control system utilized by:

(a) system comprising the bulk-power system as described above in item (xi) of Column 1 of appendix A to part 800; or

(b) a facility directly serving any military installation as described above in item (xiii) of Column 1 of appendix A to part 800.

(xv) Any:

(a) any individual refinery with the capacity to produce 300,000 or more barrels per day (or equivalent) of refined oil or gas products; or

(b) collection of one or more refineries owned or operated by a single U.S. business with the capacity to produce, in the aggregate, 500,000 or more barrels per day (or equivalent) of refined oil or gas products.

(xv) Own or operate:

(a) any individual refinery with the capacity to produce 300,000 or more barrels per day (or equivalent) of refined oil or gas products; or

(b) one or more refineries with the capacity to produce, in the aggregate, 500,000 or more barrels per day (or equivalent) of refined oil or gas products.

(xvi) Any crude oil storage facility with the capacity to hold 30 million barrels or more of crude oil.

(xvi) Own or operate any crude oil storage facility with the capacity to hold 30 million barrels or more of crude oil.

(xvii) Any:

(a) liquefied natural gas (LNG) import or export terminal requiring:

(1) approval pursuant to section 3(e) of the Natural Gas Act (15 U.S.C. 717b(e)), as amended, or

(2) a license pursuant to section 4 of the Deepwater Port Act of 1974 (33 U.S.C. 1503), as amended; or

(b) natural gas underground storage facility or LNG peak-shaving facility requiring a certificate of public convenience and necessity pursuant to section 7 of the Natural Gas Act (15 U.S.C. 717f), as amended.

(xvii) Own or operate any:

(a) liquefied natural gas (LNG) import or export terminal requiring:

(1) approval pursuant to section 3(e) of the Natural Gas Act (15 U.S.C. 717b(e)), as amended, or

(2) a license pursuant to section 4 of the Deepwater Port Act of 1974 (33 U.S.C. 1503), as amended; or

(b) natural gas underground storage facility or LNG peak-shaving facility requiring a certificate of public convenience and necessity pursuant to section 7 of the Natural Gas Act (15 U.S.C. 717f), as amended.

(xviii) Any financial market utility that the Financial Stability Oversight Council has designated as systemically important pursuant to section 804 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (12 U.S.C. 5463), as amended.

(xviii) Own or operate any financial market utility that the Financial Stability Oversight Council has designated as systemically important pursuant to section 804 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (12 U.S.C. 5463), as amended.

(xix) Any exchange registered under section 6 of the Securities Exchange Act of 1934 (15
U.S.C. 78f), as amended, that facilitates trading in any national market system security, as defined in 17 CFR § 242.600, as amended, and which exchange during at least four of the preceding six calendar months had:

(a) with respect to all national market system securities that are not options, ten percent or more of the average daily dollar volume reported by applicable transaction reporting plans; or

(b) with respect to all listed options, fifteen percent or more of the average daily dollar volume reported by applicable national market system plans for reporting transactions in listed options.

(xix) Own or operate any exchange registered under section 6 of the Securities Exchange Act of 1934 (15 U.S.C. 78f), as amended, that facilitates trading in any national market system security, as defined in 17 CFR § 242.600, as amended, and which exchange during at least four of the preceding six calendar months had:

(a) with respect to all national market system securities that are not options, ten percent or more of the average daily dollar volume reported by applicable transaction reporting plans; or

(b) with respect to all listed options, fifteen percent or more of the average daily dollar volume reported by applicable national market system plans for reporting transactions in listed options.

(xx) Any technology service provider in the Significant Service Provider Program of the Federal Financial Institutions Examination Council that provides core processing services.

(xx) Own or operate any technology service provider in the Significant Service Provider Program of the Federal Financial Institutions Examination Council that provides core processing services.

(xxi) Any rail line and associated connector line designated as part of the Department of Defense's Strategic Rail Corridor Network.

(xxi) Own or operate any rail line and associated connector line designated as part of the Department of Defense's Strategic Rail Corridor Network.

(xxii) Any interstate oil pipeline that:

(a) has the capacity to transport:

(1) 500,000 barrels per day or more of crude oil, or

(2) 90 million gallons per day or more of refined petroleum product; or

(b) directly serves the strategic petroleum reserve, as defined in section 152 of the Energy Policy and Conservation Act (42 U.S.C. 6232), as amended.

(xxii) Own or operate any interstate oil pipeline that:

(a) has the capacity to transport:

(1) 500,000 barrels per day or more of crude oil, or

(2) 90 million gallons per day or more of refined petroleum product; or

(b) directly serves the strategic petroleum reserve, as defined in section 152 of the Energy Policy and Conservation Act (42 U.S.C. 6232), as amended.

(xxiii) Any interstate natural gas pipeline with an outside diameter of 20 or more inches.

(xxiii) Own or operate any interstate natural gas pipeline with an outside diameter of 20 or more inches.

(xxiv) Any industrial control system utilized by:

(a) an interstate oil pipeline as described above in item (xxii) of Column 1 of appendix A to part 800; or

(b) an interstate natural gas pipeline as described above in item (xxiii) of Column 1of appendix A to part 800.

(xxiv) Manufacture or service any industrial control system utilized by:

(a) an interstate oil pipeline as described above in item (xxii) of Column 1 of appendix A to part 800; or

(b) an interstate natural gas pipeline as described above in item (xxiii) of Column 1 of appendix A to part 800.

(xxv) Any airport identified in § 802.201.

(xxv) Own or operate any airport identified in § 802.201.

(xxvi) Any:

(a) maritime port identified in § 802.228; or

(b) any individual terminal at such maritime ports.

(xxvi) Own or operate any:

(a) maritime port identified in § 802.228; or

(b) any individual terminal at such maritime ports.

(xxvii) Any public water system, as defined in section 1401(4) of the Safe Drinking Water Act (42 U.S.C. 300f(4)(A)), as amended, or treatment works, as defined in section 212(2)(A) of the Clean Water Act (33 U.S.C. 1292(2)), as amended, which:

(a) regularly serves 10,000 individuals or more, or

(b) directly serves any military installation identified in § 802.229.

(xxvii) Own or operate any public water system, as defined in section 1401(4) of the Safe Drinking Water Act (42 U.S.C. 300f(4)(A)), as amended, or treatment works, as defined in section 212(2)(A) of the Clean Water Act (33 U.S.C. 1292(2)), as amended, which:

(a) regularly serves 10,000 individuals or more, or

(b) directly serves any military installation identified in § 802.229.

(xxviii) Any industrial control system utilized by a public water system or treatment works as described above in item (xxvii) of Column 1 of appendix A to part 800.

(xxviii) Manufacture or service any industrial control system utilized by a public water system or treatment works as described above in item (xxvii) of Column 1 of appendix A to part 800.

Footnotes

1. "[S]ubstantive decision-making" under the proposed rules is defined as the process through which decisions regarding significant matters affecting an entity are undertaken. The proposed rules provide a non-exhaustive list of the types of significant matters that are covered: (1) involvement in decisions related to pricing, sales and contracts, (2) corporate strategy and business development, (3) research and development, (4) manufacturing locations, (5) access to critical technologies, material non-public technical information or sensitive personal data, (6) physical and cybersecurity protocols, (7) establishment or maintenance of architecture of information technology used in collection or maintaining sensitive personal data, (8) practices and policies regarding collection use or storage of sensitive personal data and (9) strategic partnerships. The rules clarify that strictly administrative decisions do not constitute substantive decision-making.

CFIUS Proposed Rules Target Critical Technology, Sensitive Personal Data And Real Estate

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
Similar Articles
Relevancy Powered by MondaqAI
Pillsbury Winthrop Shaw Pittman LLP
 
In association with
Related Topics
 
Similar Articles
Relevancy Powered by MondaqAI
Pillsbury Winthrop Shaw Pittman LLP
Related Articles
 
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions