In an effort to protect the national security interest of the United States, the US government continues to develop and refine tools to assess and address the risks posed by technology transferred during and as a result of cross-border deals. Currently, these regulatory regimes, such as the Committee on Foreign Investment in the United States (CFIUS) and Team Telecom, monitor a range of technologies from electronics to biotechnology and beyond. This Insight provides some of the key takeaways from a webinar presented as part of Morgan Lewis’s Technology Marathon series and addresses various regulatory tools the government has in place to review and regulate transactions that involve these technologies, in order to resolve any associated national security risk.
Semiconductors
From a national security perspective, semiconductors are highly sensitive. All major US defense systems and platforms rely on semiconductors, and the US economy is deeply dependent on semiconductors for daily operations. Therefore, any loss of US expertise or gaining of an advantage by US foreign adversaries in semiconductor manufacturing may pose a threat to US national security. The government has various tools in its arsenal to address the risk posed by semiconductors as a technology, including the below.
Export Controls
On October 7, 2022, the US Department of Commerce issued a far-reaching, complex interim final rule that imposed new export controls on certain advanced computing and semiconductor manufacturing items destined for China.
CHIPS and Science Act
As industrial policy to address the risks posed by a shortage of domestic production capacity, the United States is also investing in its domestic semiconductor industry through the CHIPS and Science Act. Passed in February 2022, the federal statute provides new funding to boost domestic research and manufacturing of semiconductors. The act also includes clawback mechanisms that primarily relate to outbound investment in China.
CFIUS
In its annual report to Congress in 2021, CFIUS specifically called out semiconductors and stated that they are an enabling technology for a range of national security critical devices, systems, and functions. The report noted that any foreign investment in a US semiconductor company, especially by a Chinese company, would be considered high risk, and this type of transaction has heightened potential for blocking by the Committee.
Outbound Investment
Semiconductors will almost certainly be covered in forthcoming outbound investment rules. Both transfer of technology and know-how to foreign adversaries and providing capital that can give foreign adversaries a boost in research and development potentially pose risks to US national security.
Artificial Intelligence and Quantum Computing
Export Controls
Currently, artificial intelligence (AI) and quantum computing are not controlled under US export controls except on the fringes, including encryption software and software to automate geospatial imagery analysis, which has been designated by the US Commerce Department as an emerging technology. However, last year, US Undersecretary for Commerce Alan Estevez said that he expects the United States to enact additional export controls specifically related to quantum computing and AI.
CFIUS
The recent Executive Order (EO) 14083 regarding CFIUS specifically calls out AI and quantum computing as technologies that are “fundamental to United States technological leadership and therefore national security.” Under the EO, CFIUS is required to consider whether a covered transaction involves AI and quantum computing as part of its risk review.
Outbound Investment Review
Both AI and quantum computing are likely to be covered by the expected EO on outbound investment as, similar to semiconductors, they are considered crucial by the US government, and an area where providing an edge to China could be detrimental to US national security.
US and International Regulations of AI Technology Itself
The US government is also considering regulating how the country’s businesses use AI. It is very uncertain whether Congress would actually pass legislation to regulate AI, however, and much like how the federal government does not regulate sensitive personal data in a comprehensive way, in the near-term, AI may prove simply too difficult for Congress to address. That being said, recently, Senator Chuck Schumer (D-NY) stated that his office is considering such a legislative effort. Currently, the United States does have a voluntary National Institute of Standards and Technology (NIST) framework related to AI. Unlike the United States, the European Union (EU) already has draft AI legislation, which may pass.
Biotechnology and Biomanufacturing
Export Controls
The export control space has been very active in the areas of biotechnology and biomanufacturing in recent years. The Department of Commerce’s Bureau of Industry and Security (BIS) has increased controls on biotechnology-related items, such as single-use cultivation chambers and software designed for nucleic acid assemblers and synthesizers. Many related areas are subject to export controls and are usually highly controlled given their sensitivity from a chemical and biological weapons perspective. Just last month, formerly low-controlled biotech items began to be monitored if they were slated for export to Russia.
CFIUS
The Foreign Investment Risk Review Modernization Act of 2018 (FIRMAA) expanded CFIUS’s jurisdiction to include, among other things, both control and non-control investments in US businesses involved in critical technology, critical infrastructure, and sensitive personal data (known as TID US businesses). In addition to the potential for life sciences companies to possess critical technology, the definition of which FIRRMA keys to export control law, those companies may also possess sensitive personal data of US persons—for example, due to conducting clinical trials.
Further, although FIRRMA generally requires that sensitive personal data be collected or maintained on at least one million US persons to trigger CFIUS jurisdiction for non-control foreign investments, certain genetic information is not subject to that threshold.
EO on Biotech and Biomanufacturing
The September 2022 EO on Advancing Biotechnology and Biomanufacturing Innovation offers a stick-and-carrot approach (although more of the latter) to try and boost the US biotech industry by allocating additional funding to support domestic manufacturing. The EO also mandates that government agencies take steps to assess and address threats to the US bioeconomy, including evaluating technical applications of biotech and biomanufacturing that could be misused by a foreign adversary.
Outbound Investment
Up until this point reporting has indicated that the forthcoming outbound investment EO may not cover biotech. However, because biotech is such a sensitive area to the US government, it seems possible that biotech might be subject to a notification requirement by the forthcoming EO, even if not an approval requirement.
Information and Communications Technology and Services (ICTS)
From a US government standpoint, ICTS poses national security risk both in terms of risk to the telecommunications infrastructure itself, and in terms of risk to the data that traverses that infrastructure. Team Telecom and CFIUS both monitor telecom and it will become more regulated as the risk posed by data increases. Data centers, however, are not currently highly regulated in a comprehensive way in terms of national security.
If you are interested in How the Government Assesses Technology for National Security Risks When Reviewing Foreign Investment, as part of our Technology Marathon 2023, we invite you to subscribe to Morgan Lewis publications to receive updates on trends, legal developments, and other relevant areas.