Biden Issues CFIUS Executive Order: What Has Changed and What Remains the Same

September 21, 2022

President Joseph Biden’s recently issued Executive Order provides guidance related to the US national security foreign direct investment review process administered by the Committee on Foreign Investment in the United States. The Executive Order reiterated several common themes, confirmed the scope of various factors identified in the Defense Production Act Section 721 as amended by the Foreign Investment Risk Review Modernization Act of 2018, but also clarified and added insight into the fluid nature of CFIUS’ national security analysis.

Overall, the Executive Order (EO) does not foundationally change the Committee on Foreign Investment in the United States (CFIUS or the Committee) process or the statutory authorities as outlined in the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), or address outbound investment which is the focus of other ongoing Biden-Harris administration efforts. In the press conference announcing the EO, an administration official clarified that “the executive order does not expand or limit the legal authorities or jurisdiction of CFIUS, which remains broadly focused on assessing and mitigating any national security risks arising from covered transactions.”

It does, however, identify key areas where further and more expansive activity should be expected—those in Section 1 of the EO, which are described as evidence of the “evolving national security landscape and the nature of the investments that pose related risks to national security.”

At the outset, it is important to highlight what the EO does not do:

  • It does not change CFIUS’ jurisdiction—whether by retraction or expansion.
  • It does not require CFIUS to implement the guidance in any particular manner—i.e., there is no express requirement that CFIUS update its regulations in order to incorporate the president’s EO.
  • It does not significantly add to the factors the Committee already considers as part of its analysis, some of which are included in regulations and others of which are found through the sometimes-extensive question/answer engagement between CFIUS and the parties to a transaction.
  • It does not alter US interest in encouraging foreign investment as balanced against national security concerns.

While the EO is encouraging for the additional transparency evident in Sections 2 and 3, it does not markedly alter the national security review landscape process, but does indicate where additional CFIUS energy is likely to be focused in the near future.

Although the EO does not foundationally change the CFIUS process, the EO does include insight which can better inform the risks associated with cross-border investments. In that vein, the EO includes the following new guidance:

  • CFIUS is directed to consider the impact of aggregate investments within industry sectors. Section 3(i) outlines in greater detail the areas of concern when performing this analysis. As a result, CFIUS’s “case-by-case” approach must be balanced against this directive.
    • The EO provides key terms that require further definition to assess how any risks of industry sector consolidation may impact whether, when, and what to file with CFIUS. Those terms include, but are not limited to:
      • “incremental investment” and “a series of acquisitions in the same, similar or related United States businesses”
      • “a sector or technology”
      • “part-by-part” ceding of a sector or technology
      • “domestic development” in a sector or technology
      • “control” in a sector or technology
      • “actions” by a foreign person “or their relevant third-party ties that might cause the transaction to pose such a threat”
      • “a series of acquisitions in the same, similar or related United States businesses involved in activities that are fundamental to national security or on terms that implicate national security”

An analysis of aggregate or cumulative investments is required by Section 1702(c)(2) of FIRRMA. Section 1702(c)(2) states that CFIUS may consider “the cumulative control of, or pattern of recent transactions, involving, any one type of critical infrastructure, energy asset, critical material, or critical technology by a foreign government or foreign person…” The EO makes clear some of the ways that this analysis should be reinvigorated.

The EO encompasses a broader set of assets or industry by highlighting “sectors or technology.” This more expansive focus aligns with the inclusion of more than the defense industrial base as an area of concern from a national security perspective. For example, the broader industrial base is identified no less than three times in Sections 2(a)(i) and (ii) and 2(b). This definition may highlight an interest on the part of the Committee to consider the impact of foreign investment deeper into the supply chain or horizontally among industry segments.

This latter point finds support in the extensive discussion of supply chain security not only from a physical perspective, such as through access to specific goods or technology, but from a virtual perspective, such as the integrity and protection of data storage upon which companies or the government rely. These issues demonstrate a seriousness within the administration—perhaps encouraged by the extensive and consistent bipartisan concerns expressed by Congress—to address the fluid nature of national security issues and to provide additional transparency to the investment community to allow a more robust analysis of when and how to engage with CFIUS.

Summarized below in more detail are some of the major provisions of the EO. We close with our current conclusion that the EO is not expected to result in many practical changes to how parties approach a CFIUS analysis, but it does emphasize the areas where CFIUS currently has concerns and where further changes may be forthcoming. It may also indicate more detailed evaluation from the Committee in a number of areas which already exist within their remit.

The EO does not require specific action by CFIUS and it remains to be seen what steps, if any, CFIUS will take to implement it.


Within the underlying concerns included in Section 721(f)(3) of the Defense Production Act of 1950, as amended (50 USC 4565) (“control of domestic industries and commercial activity by foreign citizens as it affects the capability and capacity of the United States to meet the requirements of national security”), the EO directs CFIUS to consider, in particular, at least the following factors:

  • Supply chain overall
  • Resilience of the supply chain
  • Cybersecurity of the supply chain across areas including, but not limited to, the defense industrial base, election security, energy security and infrastructure, and data protection
  • Data storage and its security
  • Protection of personal information and its integrity; and
  • Technology leadership (both current and future)

Each one highlights existing issues that CFIUS has addressed since FIRRMA was implemented. Additional details are provided below.

The EO specifies that CFIUS should look at supply chain resilience and security both within and outside of the defense industrial base, manufacturing capabilities, services, critical mineral resources, or technologies that are fundamental to national security. Within this framework, the EO focuses on several key areas that have been included in both the president’s pronouncements on critical and emerging technologies and within the revisions to various export classifications that include products or technology within these areas: microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, climate adaptation technologies, critical minerals, elements of the agriculture industrial base that have implications for food security, and any other sectors identified in Sections 3(b) or 4(a) of Executive Order 14017 on America’s Supply Chains. The majority of these areas, including the agricultural focus, have been part of CFIUS’ remit both prior to and since FIRRMA passed in 2018.

The EO further states that the Committee should consider the degree of diversification through alternative suppliers across the supply chain, including suppliers located in allied or partner nations; whether a US business supplies, directly or indirectly, the US government, the energy sector industrial base, or the defense industrial base; and the concentration of ownership or control by the foreign person in a given supply chain.

In considering the factors described in Section 721(f)(5) (“potential effects of the proposed or pending transaction on United States international technological leadership in areas affecting United States national security”), and similar to the supply chain factor, the EO directs CFIUS to consider whether a transaction subject to review involves manufacturing capabilities, services, critical mineral resources, or technologies that are fundamental to United States technological leadership and therefore national security, such as microelectronics, artificial intelligence, biotechnology and biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies. As with the supply chain factors, this focus aligns with the post-FIRRMA interest in these areas and also remains consistent with how the Committee has been reviewing transactions for the past several years.

Although working in the background, the EO highlights the participation and responsibility of the Office of Science and Technology Policy (OSTP) to develop a list of technology sectors that are fundamental to US technological leadership in areas relevant to national security. In the past, while OSTP’s role remained fluid, the Department of Commerce appeared to take the lead in this area through the tie between FIRRMA and the Export Control Reform Act of 2018 (ECRA) Section 1758, which allocated responsibility to Commerce for the development of emerging and foundational technologies to be notified to CFIUS. The articulation of OSTP’s role emphasizes that Commerce does not act alone in the process and a more technology-focused interest exists, outside of the export control process, to define what is of concern to CFIUS. This clarity helps inform investors of areas that may of concern, even when not tethered to export control requirements.

The EO further notes that CFIUS should consider whether a transaction “could reasonably result in future advancements and applications in technology that could undermine national security,” which we interpret to mean that CFIUS is being asked to evaluate the US position beyond the current state of technology at the time of the transaction, encompassing what the state of technology may be in the future. In this vein, the EO directs CFIUS to assess current risk based on future conditions. How CFIUS implements this guidance—whether through regulatory changes or updates to the 2008 guidance regarding the CFIUS process—remains to be seen. Practically, understanding the current risk of future conditions (which by their nature may remain unknown) presents a complex problem for investors and the CFIUS review.

The EO provides additional factors in Section 3 that further emphasize the concerns the Committee sees in its review and directs CFIUS to consider several factors not expressly identified in Section 721(f)(1)-(10). First, CFIUS is directed to consider aggregate industry investment trends—specifically, the possibility that incremental investments over time in a sector or technology may cede, part-by-part, domestic development or control to a hostile actor; and multiple acquisitions or investments by a hostile actor in a single sector or in related manufacturing capabilities, services, critical mineral resources, or technologies. The EO notes that the Committee may request, as part of its review, that the Department of Commerce’s International Trade Administration provide an analysis. As noted earlier, this is not necessarily a new factor but one that merits additional attention as it highlights an area of risk that affects the industrial base in the supply chain and at the customer level.

Interestingly, the EO does not specify that the aggregate analysis relates solely to transactions that have been notified to the Committee, so the question remains whether CFIUS will ask parties who submit notices to provide information regarding their consolidation, acquisitions, investments, or other activity on deals that were not notified to the Committee. In essence, understanding whether and how, if at all, a foreign government or foreign party is aggregating investments in a technology or sector requires knowledge of all activities in that sector or technology, not just those notified to the Committee. This may necessitate revisions to the CFIUS regulations prior to implementation, although the EO does not expressly direct CFIUS to update its regulations.

In addition, the EO directs CFIUS to consider factors relating to cybersecurity risk— specifically, cyber actions designed to affect election outcomes, critical infrastructure, or the confidentiality, integrity, or availability of communications—and factors relating to exploitation of the sensitive data of US persons.

Finally, a brief note about the important issue that is not addressed by this EO outbound investment. In the wake of Congress’s determination not to include an outbound investment review mechanism in the recent CHIPS and Science Act, it is possible the White House will act unilaterally and establish such a regime through a separate EO. We noted this possibility in a previous LawFlash. The new EO on CFIUS, however, does not regulate outbound investment, although it is possible, and consistent with other executive branch actions, that some of the risk areas identified in this EO—for example, risk surrounding microelectronics, artificial intelligence, quantum computing, and biotechnology—will be included as risk areas that would be subject to outbound investment restrictions if the president or Congress establishes a new regulatory regime.


To some extent the EO codifies what CFIUS has been doing and the factors it has been considering since the passage of FIRRMA, but there are potential new elements. Although this EO does not blaze new trails, it does provide open questions that will benefit from further guidance from the Treasury Department regarding implementation. As noted earlier, a number of terms remain undefined other than through references to the DPA, Section 721. In areas where Section 721 does not use the same terms, these issues remain open.

The EO does, however, introduce a concept that has been used by CFIUS but not necessarily in a consistent manner—the idea that relationships or engagements with “third parties” or “third party” ties to foreign governments or parties creates a national security concern. While neither FIRRMA nor its implementing regulations overtly mention third-party threats, CFIUS has for many years routinely included this factor as part of the risk-based assessments (RBAs) it produces for individual transaction reviews and to support its regulatory actions. For instance, investment from companies in allied nations (whether Asian or European) may pose risk, not because of the companies or the countries in which they are domiciled, but rather because of a third-party relationship with a country of concern for the US government, such as China.

Similarly, the laundry list in the EO of “manufacturing capabilities, services, critical mineral resources, or technologies that are fundamental to national security” contains nothing that should be surprising. Microelectronics, artificial intelligence, biotechnology and biomanufacturing, and quantum computing, for example, are all listed, and are all areas that received CFIUS scrutiny well before the issuance of the new EO, although that scrutiny occurred inconsistently as highlighted by the number of transactions in these areas that were publicly identified as completed but did not undergo CFIUS review.

However, the EO includes at least one new element that has been of consistent concern to Congress over the last two years—e.g., is the reference to “elements of the agriculture industrial base that have implications for food security.”

While CFIUS has considered food security and land deals that present co-location issues within its existing authorities, Congressional concern over agricultural-based activities has resulted in numerous draft bills seeking to add the secretary of agriculture as a permanent member of the Committee as well as expand the Committee’s focus on agricultural transactions that may not necessarily fit the definition of a classic “US business.” In a recent LawFlash, we discussed how real estate transactions implicating food security warranted more focus than CFIUS has historically given.

Two of the provisions focusing on sensitive personal data and cybersecurity cited in certain media reports as new have actually been addressed in the past. FIRRMA added provisions identifying sensitive personal data on US citizens and personal information in the genomics field as areas of national security concern, whether in controlling or non-controlling investments. Even pre-FIRRMA, however, the Committee had already been considering risks to sensitive personal data in its national security evaluations, and some of that work formed the basis for the new FIRRMA jurisdiction.

Cybersecurity risks fall into the same category—CFIUS has evaluated cybersecurity risks in various transactions pre-FIRRMA but consideration of this factor was previously inconsistent. The guidance provided in the EO establishes clearer goalposts when it comes to evaluating cyber risks, both generally and in specific areas such as critical infrastructure.

These points were emphasized by an administration official in a recent press conference: “And just to be clear, as appropriate, CFIUS has been considering these kinds of risks when reviewing cases and has taken actions to address these types of risks and will certainly continue to do so.” The EO itself is couched in language that highlights continuity rather than foundational change—for example, stating that it is important that the Committee “continues to assess the effect of foreign investment on domestic capacity,” (emphasis added) rather than stating that assessing the effect on domestic capacity is a brand-new initiative.


Executive Orders serve many purposes, including articulating administration policies, signaling to allies and partners updates in national security or establishing the basis for other executive action. While they are useful tools from this perspective, especially since they do not require Congressional or judicial approval and can as easily be revoked as issued, they generally help inform parties about regulatory expectations. This EO is no exception.

While some may view the EO as a political calculus (whether in relation to Congress, industry, or foreign governments) and others may see the EO as a “get tough” on national security pronouncement that may address bipartisan concerns, the EO fundamentally deals with a statutory legal process managed by the Treasury Department as staff chair of CFIUS.

As a legal matter, the EO confirmation of CFIUS’ existing authority or the clarification of that authority can help cement CFIUS legal jurisdiction, thereby enhancing the viability of its decisions. This can address potential legal challenges to CFIUS decisions or otherwise bring certainty or finality to CFIUS clearances. Significantly, a presidential order may help support CFIUS actions in the face of future litigation challenges, although it will not immunize CFIUS conduct that violates procedural due process as reflected in past court cases that found CFIUS decisions deficient from this perspective.

Whatever objective lay behind the issuance, further clarification is needed on some of the key areas where CFIUS has been asked to implement administration policy. Whether the EO will successfully notify allies, partners, or foreign adversaries of a US “get tough” position or potentially avert Congressional action is less helpful to investors trying to find certainty in what has been a somewhat opaque and less certain process.

There may also be some transparency benefits to the pronouncements in the EO. Where the EO reflects or confirms existing CFIUS practice, that existing practice may nonetheless be generally known to a smaller universe of affected parties, such as the counsel that work with CFIUS consistently or the serial investors who routinely come before the Committee. Therefore, the new EO opens the aperture on the parties who can be better informed on the CFIUS process.

In the press conference that announced the EO, an administration official stated that it will “help guide the committee and should also help businesses and investors better identify early on national security risks arising from transactions to help them determine whether to file with CFIUS.”

The issuance of the EO may also provide legal support to CFIUS by codifying existing practice.


As noted above, EOs are not permanent and may be easily revoked. It is likely therefore that this EO will be neither the last word nor the only word on CFIUS. How CFIUS decides to implement the EO will provide further clarity on the impact of the guidance provided. It is instructive that the EO does not direct the Treasury Department to revise its regulations but rather states in Section 1: “This order shall be implemented consistent with the Committee’s statutory mandate…” Implementation, therefore, could include regulatory updates, policy guidance revisions, new Frequently Asked Questions, or no action.

What is equally informative is that the EO demonstrates the continued focused interest in review of foreign investment in the United States, at the highest levels of government. CFIUS has been steadily presenting increased challenges for cross-border deals, and this development is the latest indication that such challenges will likely continue to increase.


Sharing insights and resources that help our clients prepare for and address evolving issues is a hallmark of Morgan Lewis. To that end, we maintain a resource center with access to tools and perspectives on timely topics driven by current events such as the global public health crisis, economic uncertainty, and geopolitical dynamics. Find resources on how to cope with the globe’s ever-changing business, social, and political landscape at Navigating the NEXT. to stay up to date on developments as they unfold. Subscribe now if you would like to receive a digest of new updates to these resources.


If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following: