Treasury Issues Notice of Proposed Rulemaking to Restrict U.S. Outbound Investment in National Security Technologies

On June 21, 2024, the U.S. Department of the Treasury ("Treasury") issued a Notice of Proposed Rulemaking ("NPRM")[1]  implementing President Biden’s August 2023 executive order on “Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern” (the “Outbound Order”).[2]  The issuance of the NPRM marks a significant further step in the development of the outbound investment regulations.

The Outbound Order found that certain advancements by “countries of concern” (defined as the People’s Republic of China, including Hong Kong and Macau) in sensitive technologies and products critical for the “military, intelligence, surveillance, or cyber-enabled capabilities” of these countries constituted a national security threat to the United States.  To mitigate this threat, the Outbound Order highlighted three sectors of national security technologies and products that are either prohibited or subject to a notification requirement: semiconductors and microelectronics, quantum information technologies, and AI systems.

Importantly, the NPRM now incorporates the definition of AI system from Executive Order 14110,[3] which defines “AI system” as “any data system, software, hardware, application, tool, or utility that operates in whole or in part using AI.” The ANPRM approach in defining the scope of covered transactions involving AI systems targeted AI systems based on their intended exclusive or primary use in sensitive sectors like military or surveillance, while the NPRM method targets the intended use, as well as the AI system design, introducing a technical threshold based on computational power for training artificial intelligence (“AI”) systems.[4]

Under the NPRM, U.S. persons would generally be required to notify Treasury, or, potentially, be prohibited entirely, from engaging in covered transactions involving persons in the People’s Republic of China (as well as Hong Kong and Macau) (“Covered Foreign Persons”)[5] related to semiconductors and microelectronics, quantum information technologies, and certain AI systems.[6]

“This proposed rule advances our national security by preventing the many benefits certain U.S. investments provide—beyond just capital—from supporting the development of sensitive technologies in countries that may use them to threaten our national security,” said Assistant Secretary of the Treasury for Investment Security Paul Rosen.  Treasury has invited public comment on the NPRM until August 4, 2024, and Treasury has stated that a final rule will be issued thereafter—though it is unclear how long that process will take.

Key Aspects of the NPRM

• Who would the rule apply to?
  • Broad Definition of U.S. Persons: The NPRM anticipates that U.S. persons, wherever they are located, will be required to adhere to the prohibitions and the notification requirements in the NPRM.  A “U.S. person” is defined to include “any United States citizen or lawful permanent resident, as well as any entity organized under the laws of the United States or any jurisdiction within the United States, including any foreign branch of any such entity, or any person in the United States.”  This includes entities that are organized in the United States “even if its parent is a non-U.S. person.”
  • Senior Employees and Directors of Non-U.S. Companies: While the NPRM would not apply to non-U.S. entities, a “U.S. person that possesses authority at a non-U.S. person entity” would be prohibited “from knowingly directing a transaction” by that company if the transaction would be prohibited if undertaken directly by a U.S. person.  As such, U.S. persons who serve at non-U.S. companies in roles such as “officer, director, or senior advisor, or otherwise possesses senior-level authority” would need to “recuse[]” themselves from such investment decisions.[7]
  • Controlled Foreign Entities: The NPRM would require U.S. persons to “take all reasonable steps to prohibit and prevent its controlled foreign entity from undertaking a transaction that would be a prohibited transaction if undertaken by a U.S. person” and to notify Treasury if the “controlled foreign entity undertakes a transaction that would be a notifiable transaction if undertaken by a U.S. person.” In effect, a non-U.S. entity that is controlled by a U.S. entity or person would be subject to the NPRM through this requirement imposed on the U.S. parent.  This would include entities where a U.S. person controls more than 50% of the voting interests or where the U.S. person is a general partner or managing member.[8]
• What transactions would be covered by the proposed rule?
  • Overview: The NPRM would “cover a defined set of transactions such as certain acquisitions of equity interests (e.g., mergers and acquisitions, private equity, and venture capital) and contingent equity interests, certain debt financing transactions, greenfield and brownfield investments, joint ventures, and certain limited partner investments by U.S. persons.”  As discussed below, the covered transaction would either require notification or be prohibited entirely.
  • Knowledge Requirement: A transaction is covered “only if a U.S. person has knowledge of the relevant facts or circumstances at the time of a transaction.”  This is referred to as the “knowledge requirement.”[9]  The NPRM proposes a definition of “knowledge” that includes a “reason to know” standard wherein “knowledge” could be found if a U.S. person fails “to conduct a reasonable and diligent inquiry at the time of a transaction and undertook the transaction where a particular fact or circumstance indicative of a covered transaction was present.”  The NPRM notes that Treasury may consider whether the U.S. entity sought to “obtain information and contractual assurances that should be obtainable through a reasonable transactional due diligence process.”  If the U.S. person later acquires information that a transaction was a covered transaction, they would be required to file a notification including an explanation “as to why it did not possess or obtain such knowledge at the time of the transaction and to describe any pre-transaction diligence.”
  • Investments via Non-U.S. Pooled Funds: Notably, the NPRM would apply to “investment as a limited partner or equivalent (LP) into a non-U.S. person pooled investment fund that invests in a covered foreign person.” The NPRM contemplates that if a U.S. person invests in a foreign pooled fund that invests in entities engaged in activities such that a U.S. person would be prohibited from investing in or have a notification requirement regarding, the U.S. person can be found to have “knowledge” if the circumstances gave them “reason to know” that the pooled fund “was likely to” take an action that the U.S. person would be prohibited from undertaking.[10] As such, U.S. persons may wish to engage in additional due diligence on the activities of non-U.S. funds to engage in relevant pre-transaction diligence and obtain appropriate contractual assurances.
• What covered transactions would be prohibited under the proposed rule?
  • The NPRM would prohibit U.S. persons from engaging in transactions in which covered foreign persons[11], or joint ventures formed with a person of a country of concern, involve the development or production of certain advanced technologies, such as electronic design automation software for integrated circuits, specific semiconductor fabrication equipment, and advanced integrated circuits, as well as the development of supercomputers, quantum computers, quantum sensing platforms, quantum networks, and AI systems intended for military or surveillance applications, or trained with very high levels of computing power.[12]
• What covered transactions would require notification under the proposed rule?
  • A notifiable transaction is a covered transaction that is not a prohibited transaction, involving a relevant covered foreign person[13] or joint venture that engages in specified covered activities. Notifiable transactions include design, fabrication, or packaging of integrated circuits that do not meet the performance parameters and criteria that would trigger a prohibition, as well as development of AI systems that do not meet the criteria to trigger a prohibition. U.S. persons undertaking a notifiable transaction must file a notification with Treasury, including detailed information about the transaction and the covered foreign person involved.  Notifications must be filed no later than 30 calendar days following the completion date of a notifiable transaction.  If a U.S. person acquires actual knowledge after the completion date that the transaction would have been a covered transaction, they must submit a notification within 30 calendar days of acquiring such knowledge.  The NPRM outlines the content required for notifications, including the commercial rationale for the transaction, the structure, financial details, and completion date, as well as a description of the covered activities and end uses of the covered foreign person's technology, products, or services.  The NPRM also requires U.S. persons to maintain a copy of the notification and supporting documentation for 10 years from the date of filing and to make it available upon request by the Treasury.[14]
• Can a transaction be covered even if it is an investment or joint venture outside a Country of Concern?
  • Yes. A transaction can be covered even if it is an investment or joint venture outside a country of concern, depending on the nature of the transaction and the parties involved.  For example, a transaction by a U.S. person with or resulting in the establishment of a covered foreign person that engages in a covered activity or a person of a country of concern's engagement in a new covered activity is a covered transaction, regardless of where the transaction takes place.
• What transactions would be excepted under the proposed rule?
  • As discussed in detail below, there are several categories of excepted transactions, including investments by U.S. persons in publicly traded securities, investments in index funds, mutual funds, or exchange traded funds, investments of a certain size by a U.S. person limited partner in a pooled investment fund, buyouts of country of concern ownership, intracompany transactions, pre-Outbound Order binding commitments, and certain syndicated debt financings.
• Does the proposed rule apply to third parties such as financial institutions that may provide services related to covered transactions?
  • The NPRM does not directly mention third parties such as financial institutions.[15] However, the NPRM would apply to such third parties if they are themselves U.S. persons or controlled foreign entities that engage in or direct covered transactions.[16] However, the NPRM also includes exceptions for certain transactions that would apply to such third parties, such as investments in publicly traded securities, securities issued by investment companies, and transactions made pursuant to binding capital commitments entered into before August 9, 2023.[17] Such third parties may need to conduct due diligence to determine whether a transaction they are facilitating is a covered transaction and may need to adjust their services or offerings to comply with the NPRM, or recuse themselves to avoid liability.

Excepted Transactions[18]

In order to tailor the NPRM to address the national security risks identified in the Outbound Order while also minimizing disruptive effects on U.S. individuals and entities, Treasury explained that it carved out select excepted transactions that would otherwise qualify as a covered transaction. 

• Publicly traded securities. This carveout includes securities traded on a non-U.S. exchange, or a security traded “over the counter,” in addition to a security traded on a U.S. exchange.
• Securities issued by an investment company. This carveout includes investments in index funds, mutual funds, and exchange traded funds, as well as investments in securities issued by a business development company under the Investment Company Act of 1940.
• Certain limited partner investments. This carveout turns on the threshold of a U.S. persons committed capital and provides two alternative approaches for defining the threshold beneath which a U.S. person’s limited partner investment into a pooled fund that then invests in a covered foreign person would constitute an excepted transaction.
  
  Alternative 1 provides that “a U.S. person’s investment made as an limited partner in a pooled fund would constitute an excepted transaction if (1) the limited partner’s rights are consistent with a passive investment and (2) the limited partner’s committed capital is not more than 50 percent of the total assets under management of the pooled fund.”  Here, if the committed capital were to be more than 50% of total assets under management, the investment would be excepted only if the U.S. person entered into a binding agreement that the fund will not use its capital for a prohibited transaction.
  
  Alternative 2 provides that “a U.S. person’s investment made as a limited partner in a pooled investment fund would constitute an excepted transaction if the limited partner’s committed capital is not more than $1 million.”

• Buyouts of country of concern ownership. This carveout includes a U.S. person’s full buyout of all interests of any person of a country of concern in an entity, such that the entity would not constitute a covered foreign person following the transaction.
• Intracompany transactions. This carveout excepts certain intracompany transactions—that is, “a transaction between a U.S. person and its controlled foreign entity to support ongoing operations or other activities that are not covered activities.”  Treasury expects that initial acquisitions or establishment of subsidiaries would already constitute a covered transaction, “and where it does not, the potential impacts on the U.S. person from covering such intracompany transactions under the [NPRM] would likely outweigh the benefit in terms of the objectives of the Outbound Order.”
  
  Treasury explains that the NPRM’s definition of covered transaction would not typically apply to routine intracompany activities (e.g., the sale or purchase of inventory or fixed assets, the provision of paid services, or certain technology licensing), but it nevertheless exempts such transactions “that would be covered transactions but support activities that are not covered activities.”  Importantly, this carveout does not cover greenfield investments, transition of existing operations into covered activities, and joint ventures.

• Pre-Outbound Order binding commitments. This carveout excepts binding capital commitments—that is, any transaction made in fulfillment of a binding capital commitment—made prior to August 9, 2023.
• Certain syndicated debt financing. This carveout excepts the “acquisition of a voting interest in a covered foreign person by a U.S. person upon default or other condition involving a loan or similar financing arrangement where the U.S. person lender was part of a syndicate of banks and cannot initiate action vis-à-vis the debtor on its own and does not have a lead role in the syndicate.”  Treasury reasons that this would except a narrow set of circumstances in which a lender has passively received an interest in a covered foreign person and “lacks a role in the lending syndicate that could create the opportunity for a U.S. person lender’s intangible benefits to transfer to the covered foreign person debtor.”
• Third country measures. This carveout addresses transactions that occur in a country or territory outside the United States where Treasury determines that the country or territory is addressing national security concerns posed by outbound investment and the transaction is of a type for which associated national security concerns can be sufficiently addressed by the actions of that country or territory.
• National Interest Exemption.[19] Under the Outbound Order, Treasury is authorized to “exempt from applicable prohibitions or notification requirements any transaction or transactions determined by the Secretary, in consultation with the heads of the relevant agencies, as appropriate, to be in the national interest of the United States.”  Treasury anticipates that any exemption under this carveout will be on a case-by-case basis and granted “in exceptional circumstances.”

Violations

The NPRM identifies several categories of conduct that would amount to a violation, including taking action prohibited under the NPRM, failing to take action required by the NPRM within the specified timeframe and in the manner specified, and making “materially false or misleading” representations to Treasury when submitting any information required by the NPRM.  Additionally, the NPRM considers any action that evades or avoids or has the purpose of evading or avoiding any of the prohibitions of the NPRM as a violation.

• Penalties. Under the NPRM, any person subject to the jurisdiction of the United States is subject to civil penalties up to $368,136 (adjusted annually for inflation) or an amount that is twice the amount of the transaction that is the basis of the violation and criminal penalties for willful commission of (including willful conspiracy to commit, or aiding or abetting the commission of) a violation up to $1,000,000 or imprisonment up to 20 years, or both.[20]  Treasury is authorized to impose such civil penalties and refer criminal violations to the Department of Justice.
• Divestment. The NPRM also empowers Treasury (in consultation with the heads of relevant agencies) to take action to “nullify, void, or otherwise compel divestment of any prohibited transaction entered into after the effective date of the final rule.”
• Voluntary Self-disclosures. The NPRM provides that a U.S. person may elect to make a disclosure of actual or possible violations to Treasury.  In this instance, Treasury “would take such disclosure into account as a mitigating factor in determining the appropriate response, including the potential imposition of penalties” if Treasury determines there was, in fact, a violation.

Conclusion

There are no current legal obligations for parties to refrain from engaging in or report to Treasury any of the covered transactions discussed above.  Treasury is accepting comments on the NPRM until August 4, 2024 for 25 separate public inputs.  Treasury must thereafter consider any such comments received, draft the final rule, and publish it in the Federal Register before it will become effective, which may take several months.

Parties interested in submitting a comment may do so either via electronic submission through the Federal Government eRulemaking portal at https://www.regulations.gov or via mail to Treasury.[21]

                                                                                                                    *             *             *

Annex: National Security Technologies and Products

• Semiconductors and Microelectronics.[22]
  • Defined: Certain front-end semiconductor fabrication equipment designed for performing the volume fabrication of integrated circuits, equipment for performing volume advanced packaging, or other items designed exclusively for use in or with extreme ultraviolet lithography fabrication equipment.
• Quantum Information Technologies.[23]
  • Defined: The term quantum computer means a computer that performs computations that harness the collective properties of quantum states, such as superposition, interference, or entanglement.
• Artificial Intelligence Systems.[24]
  • Defined: AI system means “any data system, software, hardware, application, tool, or utility that operates in whole or in part using AI.” AI has the meaning set forth in 15 U.S.C. 9401(3): a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments.  AI systems use machine- and human-based inputs to perceive real and virtual environments; abstract such perceptions into models through analysis in an automated manner; and use model inference to formulate options for information or action.

                                                                                                                   *             *             *

[1]       U.S. Dep’t of the Treasury, Provisions Pertaining to U.S. Investments in Certain National Security Technologies and Products in Countries of Concern (Jun. 21, 2024), available here. Unless otherwise indicated, quotations are from the NPRM.

[2]       The White House, Executive Order on Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern (Aug. 9, 2023), available here.  As we discussed in our prior Client Alert, contemporaneous with the Outbound Order in August 2023, Treasury had issued an Advanced Notice of Proposed Rulemaking (“ANPRM”).  See U.S. Dep’t of the Treasury, Provisions Pertaining to U.S. Investments in Certain National Security Technologies and Products in Countries of Concern (Aug. 9, 2023), available here; see also Paul, Weiss, President Biden Issues Executive Order Creating Unprecedented Outbound Investment Review Prohibitions Targeting China (Aug. 10, 2023), available here.

[3]       The White House, Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (Oct. 30, 2023), available here.

[4]       See Annex: National Security Technologies and Products, infra.

[5]       “[A] person would be a covered foreign person if it is a person of a country of concern that is engaged in a covered activity.” Additionally, entities that have a “particular relationship with a person of a country of concern that is engaged in a covered activity” as well as entities in a country of concern engaged in a “ joint venture with a U.S. person if such joint venture is engaged in a covered activity.”

[6]       The Executive Order applies to Countries of Concern, as determined by the President, and in an “Annex to the Outbound Order,” the President identified one country, the People’s Republic of China (PRC), along with the Special Administrative Region of Hong Kong and the Special Administrative Region of Macau, as a country of concern. The President may modify the Annex to the Outbound Order and update the list of countries of concern.” It is possible that the “Countries of Concern” could be changed but for purposes of this Alert we discuss the NPRM in the context of the PRC.

[7]       Treasury states that it is inviting comments “regarding the proposed approach, particularly to what stage of an investment this recusal carveout should apply (e.g., negotiation of a transaction, the decision to undertake the transaction, and/or overseeing the investment after the completion date).”

[8]       A controlled foreign entity is one where a “U.S. person directly or indirectly holds more than 50 percent of the outstanding voting interest or voting power of the board of the entity; is a general partner, managing member, or equivalent of the entity; or, if the entity is a pooled investment fund, is an investment adviser to any such fund.”

[9]       “The proposed definition of knowledge would include any of the following: actual knowledge that a fact or circumstance exists or is substantially certain to occur, an awareness of a high probability of a fact or circumstance’s existence or future occurrence, or reason to know of a fact or circumstance’s existence.”

[10]     See NPRM, Example 8.

[11]     A "covered foreign person" is defined to include: (1) an individual or entity that is a "person of a country of concern" (i.e., China (including Hong Kong and Macau)) and engages in a "covered activity;" (2) a person that holds any voting interest, board seat, or equity interest in a person of a country of concern engaged in a covered activity, or has the power to direct such a person through contractual arrangements, including variable interest entities (additionally, this person must derive more than 50 percent of its revenue, net income, capital expenditure, or operating expenses from the person of a country of concern engaged in a covered activity, either individually or in aggregate); or (3) a person of a country of concern that participates in a joint venture with a U.S. person, where the joint venture will engage in a covered activity. The determination of whether a person is a "covered foreign person" is based on the most recent financial statement available at the time of the transaction.  If an audited financial statement is not available, an unaudited financial statement is used instead.  The definition of "covered foreign person" is critical for identifying the transactions that U.S. persons must notify or are prohibited from engaging in under the NPRM. See NPRM at 123; 31 CFR § 850.209.

[12]     See Annex: National Security Technologies and Products, infra.

[13]     See NPRM at 123; 31 CFR § 850.209.

[14]     NPRM at 128; 31 CFR § 850.217.

[15]     NPRM at 54.

[16]     NPRM at 54-55, 84.

[17]     NPRM at 60.

[18]     See NPRM at 59; 31 CFR § 850.501.

[19]     NPRM at 67; 31 CFR § 850.502.

[20]     See Section 206 of the International Emergency Economic Powers Act, as amended (50 U.S.C. 1705).

[21]     Send to U.S. Department of the Treasury, Attention: Meena R. Sharma, Director, Office of Investment Security Policy and International Relations, 1500 Pennsylvania Avenue NW, Washington, DC 20220.

[22]     NPRM at 45.

[23]     NPRM at 46.

[24]     NPRM at 119; 31 CFR § 850.202.