Publication
Proposed changes to Alberta’s Freedom of Information and Protection of Privacy Act
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
United States | Publication | September 2019
The United States Department of Treasury has released the much anticipated proposed regulations that, when finalized, will implement CFIUS' expanded jurisdiction, as provided for under the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA),1 to review certain: (i) non-controlling investments in US businesses that involve critical technologies, critical infrastructure, or sensitive personal data of US persons; and (ii) real estate transactions that do not involve the acquisition of a US business. Details regarding each set of proposed regulations are provided below.
The proposed regulations do not, however, alter CFIUS' longstanding ability to review transactions that could result in foreign control of any US business. In addition, the regulations do not change the existing CFIUS pilot program or establish any filing fees (such regulations will come at a later date). Interested parties may submit comments to the proposed regulations by October 17, 2019 through the Federal Government's eRulemaking Portal or by mail. The final regulations, which may contain significant changes from these proposed rules, must then be implemented no later than February 13, 2020, but could become effective earlier.
Overall, the proposed regulations reflected a measured, or even restrained, approach by the US government as the scope of the new provisions are somewhat more limited, and more clearly defined, than many had anticipated. The presence of defined thresholds that must be met in order for CFIUS' expanded jurisdiction to apply will be welcomed by many parties evaluating whether their business or transaction may be subject to the new regulations. Nevertheless, when implemented, the new regulations would significantly expand CFIUS' existing jurisdiction and will subject many more transactions by foreign persons to the CFIUS review process.
The proposed regulations would implement CFIUS' expanded jurisdiction to review certain direct or indirect non-controlling investments by foreign persons. The rules are similar to those already established under the existing pilot program, but apply regardless of whether the company is engaged in activities involving a pilot program industry.
In particular, non-controlling investments will be subject to CFIUS' jurisdiction where a foreign person: (1) invests in certain types of covered US businesses; and (2) obtains certain specified access to, or influence over, the covered US business or its products, technologies, infrastructure, or data.
Under the proposed regulations, CFIUS' jurisdiction to review non-controlling investments would only extend to transactions relating to US businesses that involve certain critical technologies, critical infrastructure, or sensitive personal data (described in the regulations as "TID US Businesses").
The proposed regulations would allow CFIUS to review transactions related to US businesses that design, test, manufacture, fabricate, or develop one or more critical technologies. Critical technologies are defined, as in the current pilot program, to include: (i) defense articles or services on the United States Munitions List (USML); (ii) dual-use items on the Commerce Control List (CCL) that are controlled for NS, CB, NP, MT, RS, or SL reasons; (iii) specially designed and prepared nuclear equipment, parts, components, materials, software and technology; (iv) nuclear facilities, equipment and material; (v) select agents and toxins; and (vi) emerging and foundational technologies (but only when regulations pursuant to the Export Control Reform Act are finalized by the US Department of Commerce).
The proposed regulations would allow CFIUS to review transactions related to US businesses that perform particular functions with respect to 27 specific categories of infrastructure that are identified in Appendix A to Part 800 (Appendix A) of the Regulations. The categories of infrastructure identified in Appendix A include:
Covered transactions must involve not only one of the specific types of infrastructure but also a US business that engages in the specific functions (i.e., owning, operating, manufacturing, supplying or servicing) related to that infrastructure that are identified in Column 2 to Appendix A. Several examples from Appendix A are provided below to highlight the interplay between the type of infrastructure and the required functions to subject the transaction to CFIUS' jurisdiction:
Covered investment critical infrastructure |
Functions related to covered investment critical infrastructure |
---|---|
(ii) Any internet exchange point that supports public peering. | (ii) Own or operate any internet exchange point that supports public peering. |
(iv) Any submarine cable, landing facility, or facility that performs network management, monitoring, maintenance, or other operational function that is part of a submarine cable system described above in item (iii) of Column 1 of appendix A to part 800. | (iv) Supply or service any submarine cable, landing facility, or facility that performs network management, monitoring, maintenance, or other operational function that is part of a submarine cable system described above in item (iii) of Column 1 of appendix A to part 800. |
(xxiii) Any interstate natural gas pipeline with an outside diameter of 20 or more inches. | (xxiii) Own or operate any interstate natural gas pipeline with an outside diameter of 20 or more inches. |
(xxiv) Any industrial control system utilized by: (a) an interstate oil pipeline as described above in item (xxii) of Column 1 of appendix A to part 800; or (b) an interstate natural gas pipeline as described above in item (xxiii) of Column 1 of appendix A to part 800. | (xxiv) Manufacture or service any industrial control system utilized by: (a) an interstate oil pipeline as described above in item (xxii) of Column 1 of appendix A to part 800; or (b) an interstate natural gas pipeline as described above in item (xxiii) of Column 1 of appendix A to part 800. |
3. Sensitive personal data
The proposed regulations would allow CFIUS to review transactions related to US businesses that maintain or collect ten specified categories of "sensitive personal data" of US persons, but only if the business also: (i) targets or tailors products or services to any US executive branch agency or military department with national security or homeland security responsibilities; (ii) has maintained or collected such data on greater than one million individuals at any point over the preceding 12 months; or (iii) has a demonstrated business objective to maintain or collect such data on greater than one million individuals.
Specified categories of sensitive personal data include:
Expressly excluded from the definition of sensitive personal data is: (i) data maintained or collected by a US business concerning the employees of that US business, unless it pertains to employees of US government contractors; or (ii) data that is a matter of public record, such as court records or other government records that are generally available to the public.
Before CFIUS will have jurisdiction to review a non-controlling investment in a covered US. business, the foreign person must also obtain certain specified access to, or influence over, the US business or its products, technologies, infrastructure, or data. In particular, the investment must provide the foreign person:
The proposed regulations implement the requirements of FIRRMA by expanding CFIUS' traditional jurisdiction to cover, aside from certain exceptions specified below, the purchase, lease by, or concession to a foreign person of certain "covered real estate" in the United States, but only where the transaction (or change in rights) affords the foreign person three or more of the following property rights: (i) to physically access; (ii) to exclude; (iii) to improve or develop; or (iv) to affix structures or objects.
Parties involved in a covered real estate transaction may submit a voluntary declaration or, in lieu of the declaration, full notification to CFIUS. There is no mandatory filing requirement for real estate transactions that do not involve the acquisition of a US business. Any transaction that involves the acquisition of, or non-controlling investment in, a US business, should be analyzed under those regulations, even if it also involves the acquisition of real estate.
Under the proposed regulations, "covered real estate" would include:
Real estate transactions in an "urbanized area" (at least 50,000 individuals) or "urban cluster" (between 2,500 and 49,999 individuals), as defined by the Census Bureau, are excluded from the scope of CFIUS' jurisdiction unless they are in close proximity" (defined as one mile) to certain military installations (as identified in part 1 or 2 to Appendix A to the proposed regulations) or are within, or will function as a part of, an airport or maritime port. Information on urbanized areas and urban clusters, including a helpful map which can be filtered to only show urban areas, is available on the Census Bureau website.
The proposed regulations also exclude from CFIUS' jurisdiction the following transactions:
The proposed regulations exclude from CFIUS' jurisdiction certain non-controlling investments or real-estate transactions that are conducted by a newly created class of "excepted investors" or "excepted real estate investors" who can demonstrate a substantial connection, as set forth in the regulations, to specific "excepted foreign states" and such connection will remain for at least three years after the completion date. Examples of excepted investors include: (i) a national of a foreign excepted state (and, for dual nationals, no non-excepted states); (ii) a foreign government of an excepted state; (iii) and certain foreign entities organized under the laws of a foreign excepted state that meet other specified criteria. The exception does not, however, apply to transactions where the foreign person would obtain traditional "control" over a US business.
In order to be considered an "excepted foreign state" or "excepted real estate foreign state," the country must be selected by the CFIUS chair, with the agreement of two-thirds of the voting members of the Committee. Such countries will be identified in separate lists that will be published on the Department of Treasury's website. Treasury has indicated that the lists, which have not yet been published, will contain a very limited number of countries due to the significant national security implications.
The proposed regulations also require that, beginning two years from the effective date of the final rule (or such other date as is ultimately agreed to), for a foreign country to qualify as an excepted foreign state, the CFIUS chair, with the agreement of a super-majority of CFIUS member agencies, will also need to determine that the foreign state has established and is effectively utilizing a robust process to assess foreign investments for national security risks and to facilitate coordination with the US on matters relating to investment security.
Foreign persons who have violated, or whose parents or subsidiaries, have violated certain US laws (e.g., CFIUS regulations or agreements or US trade-related restrictions or licenses) are ineligible to be considered excepted investors.
Publication
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Publication
On December 15, amendments to the Competition Act (Canada) (the Act) that were intended at least in part to target competitor property controls that restrict the use of commercial real estate – specifically exclusivity clauses and restrictive covenants – came into effect.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023