Export Controls

There is significant overlap and interplay between CFIUS and the US export control regimes, which require that a license be issued by the relevant US government agency before certain US-origin goods or services are exported to certain foreign countries. A failure to comply with these requirements can result in severe fines and imprisonment. 

The key export control regimes and requirements include the following: 

  • Defense Articles. Through the International Traffic in Arms Regulations (ITAR), the US Department of State regulates the temporary import and the temporary or permanent export of defense articles and defense services, including hardware that is specifically designed, developed, configured, adapted or modified for a military application, as well as technical data and defense services. Defense articles and services—in the form of hardware, technical data and/or defense services—that are covered by ITAR are listed in the US Munitions List (USML). The export of these items is prohibited without a license issued by the Directorate of Defense Trade Controls, Bureau of Political-Military Affairs at the US State Department. 

  • Dual-Use Items. The US Commerce Department regulates what are called “dual-use” items—i.e., US-origin civilian products, materials, technology, technical data and software that have potential military applications—through the Export Administration Regulations (EAR), as codified by the Export Control Reform Act. EAR export controls generally do not prohibit the sale of US-origin goods or technologies to a given destination country, although there are several lists of persons and entities to whom such exports are prohibited. Instead, the export (or re-export) of certain categories of US-origin goods, technologies or technical data as listed on the Commerce Control List (CCL) to certain countries requires an export license issued by the Bureau of Industry Security at the Commerce Department. Recent amendments and proposed amendments to the EAR have greatly expanded the reach of export controls to certain destination countries. 

  • Re-Exports. US export controls apply to so-called “re-exports.” A “re-export” occurs when US goods or technologies originally are shipped from the United States to one country and then exported from that country to another third-party country. For example, a re-export would occur when a good that was originally shipped from the United States to a European country is incorporated into a European product that is subsequently sold to another country. The production of certain commodities outside the United States using certain US technologies is also considered a re-export. Where US goods or technologies have been substantially transformed outside the United States into a foreign-made product, the re-export of this product, however, may be excepted from US export controls. Recent regulations impose additional restrictions on exports to certain countries of certain items. 

  • Deemed Exports. US export control laws also restrict “deemed exports,” or the transfer of technology or technical data within the United States to a person who is a non-US national. As a result, any non-US nationals employed at a company’s facilities in the United States may face additional restrictions on their ability to handle, view or work with US-origin technology or technical data. These are complex issues, however, requiring fact-intensive analysis, and this overview does not capture the nuance in this area of the law. 

There are many components to compliance with these requirements. If US-origin goods, technologies or technical data are subject to any US export controls, the exporter (which could include the producer, the developer or the actual exporter) must determine whether an export license is required to export to a given country or end-user. The license application process involves providing the applicable agency with information relating to the product, technology or technical data desired to be exported, as well as the end-user and any intermediaries. 

Compliance

To ensure ongoing compliance with US export controls and other applicable laws, all exporters should implement an effective export controls compliance program. This is critical to preventing and detecting violations of applicable laws and, in the event that a violation does occur, an effective compliance program can help to mitigate the penalties imposed by the US government. 

How the National Security Regimes Interact

Export controls are relevant to transactions involving foreign investors in a number of ways. 

First, Congress, through FIRRMA, clearly links the responsibilities of CFIUS with those CFIUS member agencies that administer US export control laws, especially the Commerce Department. The “Sense of the Congress” accompanying the overhaul finds that “the national security landscape has shifted in recent years, and so has the nature of the investments that pose the greatest potential risk to national security, which warrants an appropriate modernization of the processes and authorities of [CFIUS] and of the United States export control system.” 

Second, the definition of “critical technologies,” which is central to changes made by FIRRMA, is primarily based on whether products are subject to certain US export controls, and mandatory declarations of investments in US critical technologies businesses are based on whether a license is required for export to those in the foreign ownership chain. The definition also added “emerging and foundational technologies” controlled under section 1758 of companion legislation, the Export Control Reform Act of 2018. While initially identified separately through a number of rulemaking proceedings, in 2022 the Commerce Department began characterizing all emerging and foundational technologies as “Section 1758 technologies” without drawing a distinction between “emerging” or “foundational” technologies because it found that not all technologies can be readily categorized as only one or the other. 

Investments in or acquisitions of US businesses that deal in items covered by export controls will face heightened scrutiny by CFIUS as well as separate reviews in many cases. There is no guarantee that an export license for a given product, technology or end-user will be granted. The grounds for control and the identity of the destination country and the end-user will have a significant effect on the likelihood that an export license will be granted.

What You Need To Know

  • Any revelation during the CFIUS process of export control violations could have an impact on the outcome or the timing of a CFIUS review. 

  • In addition to potential licensing issues under ITAR, there will be mandatory notice requirements to the State Department if the US business is being sold to a foreign person or if the investment represents a material change to the information originally supplied to the State Department

  • Sellers who have products, technology or services subject to US export controls should confirm, before undergoing CFIUS review, that they have no export control violations and consider filing a voluntary self-disclosure if they do. They should also ensure that they have a tailored export compliance plan in place and whether a CFIUS filing is mandatory.

  • During due diligence, sellers must be careful about what materials and information they make available in a data room, as foreign persons from a country for which US export control laws require a license may not have access to covered technology located in the data room without a license. 

  • Buyers, whether foreign or domestic, need to be aware that they will be inheriting any liability from the unmitigated export control violations of the target company. 

  • For this reason, buyers should (1) request information on any products, services or technology subject to US export controls, and ask how the seller arrived at its conclusions regarding export classification; (2) ask whether the seller’s products, technology or services have military applications or are covered by ITAR, and whether the seller is an ITAR registrant; (3) review the seller’s export compliance program, which should be tailored to the seller’s business and implemented throughout the seller’s organization; and, (4) ask whether the seller has been found to have violated US export controls or submitted voluntary self-disclosures to the relevant agencies. Buyers should also consider asking for a warranty or representation related to export controls. 

  • Foreign buyers should gauge whether licenses for technology that is essential to running a target US business are likely to be approved given the buyer’s nationality. That analysis, as well as a decision on whether to invest in a US business, should consider the policy and political environment at the time.