The Committee on Foreign Investment in the United States (CFIUS) is an interagency body, chaired by the Treasury Secretary, that reviews foreign investments in US businesses for national-security risk. Historically, almost all CFIUS notifications were voluntary. That changed with the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), which for the first time created categories of transactions where filing is mandatory rather than optional.
Under the implementing regulations at 31 C.F.R. Part 800, a mandatory filing is generally triggered in two situations:
- TID US business + covered investment by a foreign person, where "TID" refers to US businesses involved in critical Technologies, critical Infrastructure, or sensitive personal Data. The critical-technologies prong reaches businesses that produce, design, test, or develop items subject to certain US export controls (including items on the Commerce Control List, ITAR-controlled items, and select agents).
- Substantial foreign-government interest: when a foreign government holds, directly or indirectly, a 49% or greater interest in the foreign investor, and that investor is acquiring at least a 25% voting interest in a TID US business.
Parties must submit either a short-form declaration (typically 30-day assessment) or a full joint voluntary notice. Failure to file a mandatory filing can result in civil penalties up to the value of the transaction.
Mandatory filings sit alongside CFIUS's broader jurisdiction over "covered transactions" and "covered real estate transactions" near sensitive sites. They reflect a shift from a largely reactive regime toward proactive screening of inbound capital, particularly from strategic competitors. Parallel regimes now exist in the EU (under Regulation 2019/452), the UK (National Security and Investment Act 2021), and Australia (FIRB), though the US mandatory-filing trigger remains among the most prescriptive globally.
Example
In 2022, Chinese gaming firm Tencent's minority investments in US studios drew scrutiny under FIRRMA's mandatory-filing rules because target companies handled sensitive user data covered by the TID framework.
Frequently asked questions
Civil penalties can reach up to the value of the transaction itself, in addition to potential unwinding orders by the President.
Keep learning