The Anticipated Impact of The Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”) on the Software Industry

Legal commentators have been raising alarms about the significant potential impact of The Foreign Investment Risk Modernization Act of 2018 (“FIRRMA”), since the legislation was signed into law in August, 2018. In case you are unfamiliar with FIRRMA, the legislation dramatically expanded the powers of the Committee on Foreign Investment in the United States (“CFIUS”) to conduct national security reviews of business deals, which obviously could have significant implications on the business community’s ability to close business transactions. The U.S. Treasury has developed a website that highlights for the public key points about FIRRMA and this review process.

In particular, FIRMMA now expands CFIUS review powers to include the following types of business deals:

• A purchase, lease, or concession by or to a foreign person of real estate located in proximity to sensitive government facilities.
• “Other Investments” by a foreign person in any unaffiliated U.S. business that owns, operates, manufactures, supplies, or services critical infrastructure; produces, designs, tests, manufactures, fabricates, or develops one or more critical technologies; or maintains or collects sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security. “Other investments” is defined to mean an investment that affords a foreign person access to material, nonpublic technical information in possession of the U.S. business, membership or observer rights on the board of directors or equivalent governing body of the U.S. business, or the right to nominate an individual to a position on the board of directors or equivalent voting body, or any involvement other than the voting of shares in the substantive decisionmaking of the U.S. business; the use, development, acquisition, safekeeping, or release of sensitive personal data of U.S. citizens maintained or collected by the U.S. business; the use, development, acquisition or release of critical technologies; and the management, operation, manufacture, or supply of critical infrastructure.
• Any change in rights that results in foreign control of a U.S. business or an “other investment” as defined above.
• Any transaction, transfer, agreement, or arrangement, the structure of which is intended to evade the review of the Committee.

FIRRMA further defines “critical technologies” to include “specially designed and prepared nuclear equipment, parts and components, materials, software and technology covered by part 810 of title 10, Code of Federal Regulations (relating to assistance to foreign atomic energy activities)” as well as “emerging and foundational technologies controlled pursuant to section 1758 of the Export Control Reform Act of 2018. ” While the list of what constitutes an “emerging and foundational” technology has yet to be defined, most legal commentators are expecting the list to include software that does not relate to nuclear technology, particularly in the areas of artificial intelligence, autonomous mobility, augmented virtual reality, cybersecurity, and financial technology. So, while the legislation is new and the full scope of its application and subsequent interpretation has yet to be determined, it is anticipated by most commentators that many software transactions involving foreign investment in a U.S. business will ultimately be deemed to be subject to the new CFIUS review powers.

What does this mean for the software industry? Well, the full impact of the law is yet to be determined and is more the subject of extensive speculation in the legal industry at the moment, but it does mean that software companies could be subject to more federal compliance obligations when they are doing deals that involve foreign investment, that these compliance obligations could slow down or even derail the closing of some deals, and that software companies could potentially be subject to significant fines up to the amount of the deal if they fail to comply with their new obligations. So, it certainly means that U.S. based software companies need to be aware of FIRRMA and need to closely follow any future developments related to the law, in order to potentially comply with it on future deals.

The Silicon Valley Software Law Blog will continue to follow the developments regarding this law and how it is applied and interpreted with respect to the software industry. For more information on how the expansion of CFIUS powers may impact Silicon Valley industries other than software, please check out the blog posting on our affiliated blog, the Silicon Valley IP Licensing Law Blog.