Foreign Relations & International Law

The U.S. Government Should Try Harder to Minimize Costs of China Defensive Measures

Stephen Heifetz
Monday, February 13, 2023, 8:16 AM
The U.S. government’s proliferating defensive measures aimed at protecting sensitive technology, particularly screening of foreign investments, are actually counterproductive to its goal of staying ahead of China in a technology race.
Downtown San Jose in Silicon Valley, California.
Downtown San Jose in Silicon Valley, California. (Coolcaesar,; CC BY-SA 3.0,

Published by The Lawfare Institute
in Cooperation With

A recent review of scientific papers has led Stanford University-affiliated researchers to a worrisome conclusion: The U.S. government’s efforts to stay ahead of China in a technology race by restricting cross-border collaboration have “slowed American advancements.”

Regardless, concern about competition from China is so ubiquitous and acute among lawmakers and in the federal government that these and similar warnings—emphasizing that U.S. measures against China have costs that policymakers should try to minimize—are whistles in the wind. Virtually the only critique heard, whether from the political right or the left, is “do more.” 

Proliferating Defensive Measures

The Biden administration, however, has been doing more. To safeguard potentially sensitive technology, national security policymakers are relying on proliferating defensive measures, such as new export controls and robust screening of foreign investors in U.S. businesses. The administration has indicated that more defensive measures will be introduced soon, including screening U.S. investments in foreign businesses

All of this entails significant costs for the United States and its partners, as the Stanford study suggests. Other recent studies, including by the Massachusetts Institute of Technology and by the U.S. Semiconductor Industry Association, also have warned about the growing costs of anti-China defensive measures. 

It is impossible to precisely measure the costs and benefits of the various defensive measures, in part because there are value judgments that inevitably undergird any measurements of that type. Further, each measure (whether different export controls, investment screening rules, etc.) likely has different levels of efficacy and costs such that discussing them in the aggregate may not be illuminating. Yet there are strong indications that the U.S. government is not seriously trying to minimize the costs of these defensive measures. This piece will focus on one set of measures: the Committee on Foreign Investment in the United States (CFIUS) mandatory filing rules.

Exhibit A: The Unmitigated Costs of the CFIUS Mandatory Filing Rules

As a former CFIUS official and longtime private-sector attorney advising clients (from the U.S., Europe, China, and elsewhere) about investment screening issues, these mandatory filing rules seem particularly difficult to justify. 

CFIUS is a committee composed of many U.S. government agencies, chaired by the Department of the Treasury, with a mandate to conduct national security reviews of foreign investments in, and acquisitions of, U.S. companies. CFIUS can force an investor to divest if it believes a transaction allows an investor of concern to have access to sensitive technology or data, or to otherwise create national security risk. Typically, in the current environment, CFIUS perceives an investor worrisome if it has links to China or Russia.

Just over a thousand transactions have been filed with CFIUS in the last three years for which statistics are available (CFIUS cases generally are confidential, but CFIUS publishes anonymized statistics each year). Only some cases—likely far fewer than half—were filed because the transactions were subject to the mandatory filing rules. Most CFIUS filings are made because they are subject to the committee’s much broader discretionary jurisdiction. If a transaction is not subject to mandatory filing but is subject to CFIUS’s discretionary jurisdiction, the parties to a deal may forgo a filing, but CFIUS may conduct a review—even years after the deal closes—and may force divestment. To avoid that result, parties sometimes make voluntary filings to CFIUS. If CFIUS approves the transaction, that approval insulates the deal from future adverse action by CFIUS.

However, the parties must file with CFIUS—meaning no discretion for the parties—if either of two mandatory filing triggers is applicable. These triggers do not expand CFIUS’s authority to review transactions of concern, but they do remove from the parties any discretion about whether to make a filing. The first trigger concerns U.S. business involvement with “critical technology.” The second trigger concerns an investment from a government-backed investor. Both triggers are agnostic as to the nationality of the investor, meaning that an investor from Germany or Brazil or Japan, for example, might trigger a mandatory filing just as an investor from China or Russia might. 

The second trigger—concerning a government-backed investor—often can be ruled out quickly, but the first one, concerning U.S business involvement in critical technology, generally requires substantial analysis. That is particularly so because the definition of critical technology encompasses many mundane technologies. Infamously (from the perspective of many CFIUS practitioners), garden-variety encryption technology used by many thousands of U.S. businesses may constitute critical technology that triggers a mandatory filing.

The result of this critical technology mandatory filing trigger is that many thousands of transactions—typically involving investors from U.S.-allied countries—must be reviewed to determine whether the trigger is applicable, even though applicability is not common.

These mandatory filing rules exponentially increase the costs of CFIUS’s operations for U.S. businesses and foreign investors. With greater friction in the international investment environment, the cost of capital rises and some deals are deterred. Worse, the U.S. sometimes loses opportunities to draw in companies that were created abroad. One of the most depressing recurrent conversations that I have with clients occurs when a foreign company is considering creating or expanding a U.S. footprint. A European company, for example, may ask whether, if the company is going to establish U.S. operations (a path often considered by growth-minded companies), that U.S. presence would necessitate a CFIUS analysis—under the mandatory filing rules—for future foreign investments into that company. When I confirm that a CFIUS analysis would be necessary, the company sometimes will say, “Then we won’t build in the United States.”

While CFIUS cases generally are not public, one of the most well-known recent public cases involves a foreign semiconductor company that began to develop U.S. operations but then tried to reduce those operations because of concerns that CFIUS ultimately might block a transaction if the company maintained its U.S. presence.

The mandatory filing rules do not provide any increased authority to CFIUS to review any transaction of concern. There is no indication that the mandatory filing rules have enabled CFIUS to take adverse action (for example, blocking a deal) that CFIUS would not have taken if those rules did not exist. 

The mandatory filing rules for investments in critical technology are not required by statute, yet CFIUS repeatedly has declined to sunset the rules or make them less cumbersome. Why? 

Are There Reasonable Arguments in Favor of Maintaining Mandatory Filing Rules?

CFIUS will not comment on why it maintains mandatory filing rules, but we can search (in vain, I believe) for justifications.

The obvious argument is that building a wall around critical technology is, well, critical; even if the costs are high, the costs of allowing unvetted foreigners to access that technology would be higher. On inspection, though, this argument is not convincing. 

For starters, the definition of “critical technology” is grossly overinclusive and underinclusive with respect to what national security officials might deem sensitive. I know lots of CFIUS officials and practitioners, and I don’t know a single one who disagrees with that proposition. The definition is essentially a set of cross-references to U.S. export controls, creating a definition that is hundreds of pages long. Most notably, as indicated above, garden-variety encryption often is captured by the definition of critical technology (a quirk that many government officials have criticized privately). By contrast, most of what would be labeled “artificial intelligence”—often viewed as a linchpin of future security technology—is not covered. For reasons both practical and political, though, CFIUS is unlikely to significantly change the definition of critical technology.

Even if one were satisfied that the critical technology definition maps to what is truly sensitive—and, again, I don’t believe any serious observer believes that the definition is congruent with what is sensitive—the wall built around that technology is much like a slice of Swiss cheese with more holes than cheese. Licensing the technology, for example, is not generally subject to CFIUS jurisdiction. Perhaps most importantly, there is little reason to believe that ill-intentioned foreign parties would make CFIUS filings. Providing access to critical technology in a manner that triggers a mandatory CFIUS filing generally requires an export control license from the U.S. government. In that case, CFIUS approval constitutes a second protective layer on top of the export control license. Ill-intentioned foreign parties willing to evade U.S. export controls are unlikely to comply with CFIUS filing obligations. 

Nor would U.S. parties likely prevent circumvention of the CFIUS regime by the ill-intentioned foreign parties. The foreign party might persuade the U.S. party, for example, that the foreign party is an “excepted investor,” for example, by setting up a fund in one of the excepted investor jurisdictions (the U.K., Canada, Australia, or New Zealand) and claiming that it is an excepted investor to which the mandatory filing rules are inapplicable. Or the foreign party might deceptively commit to avoiding access to the critical technology.

The mandatory filing rules are likely to have bite only with respect to law-abiding foreign investors. Ironically, the “excepted investor” rules—limited to those investors that are from, and composed of interests entirely from, the U.K., Canada, Australia, or New Zealand—are so complex and cumbersome that parties rarely utilize them.

The mandatory filing rules may be attractive politically, but it is hard to think of a reasonable national security justification for them. Regardless, these rules are largely insulated from criticism by costs that are not visible—including the many thousands of lawyerly reviews necessitated by the rules and the lost businesses that decide not to move to, or expand in, the U.S.—and by fear that potential critics will be perceived as “soft on China.” CFIUS’s disinclination to sunset or curb the mandatory filing rules seems more a function of concern about political optics than any reasoned argument that the rules advance a national security goal.

To be sure, there is a sensible role for CFIUS. Suppose U.S. intelligence has evidence that a specific European company is funded by the Russian or Chinese government and that the company is seeking to purchase a U.S. artificial intelligence company. Here, CFIUS intervention seems appropriate. That targeted CFIUS process, though, would not involve mandatory filing rules with hundreds of lawyers screening thousands of transactions annually—most of those transactions involving investments from U.S.-allied countries. 

Beyond Exhibit A

There are other acute problems with CFIUS. I’ve written elsewhere about the severe problems resulting from the combination of CFIUS’s fragmented committee structure, confidentiality regarding decision-making, and lack of judicial oversight. For example, no identified senior official takes responsibility for CFIUS decisions, which are said to be decisions “of the committee.” 

Against that backdrop, and in the current national security environment in which concerns about China dominate, the hundreds of individuals who may be involved in committee decision-making are incentivized to give dispositive weight to often-remote China-related risks—even when the investor is linked to China only in an attenuated manner (for example, a South Korean investor deriving significant profits from China). These officials have no incentive to give weight to the long-term benefits of maintaining an investment climate that welcomes foreign participants. The officials do not have to publicly justify their decisions and, unlike in administrations from Reagan through Obama, there is no longer a pro-investment contingent within CFIUS that is willing to say “that transaction presents such a remote risk that CFIUS intervention is not warranted, as it does not outweigh the benefits of maintaining an open investment policy.”

Further, CFIUS defensive measures are not the only ones giving rise to reasonable concerns about unmitigated costs. Commenting on a new set of draconian export controls, the U.S. Semiconductor Industry Association’s recent report emphasizes that American leadership depends on free trade and that the U.S. “has the most to lose from proliferating restrictions.” The pending “outbound screening” rules, which would limit U.S. firms’ investments in foreign companies that have ties to China or Russia (but would not limit investments from non-U.S. firms), have the potential to curtail even further U.S. cross-border collaboration. Some commentary has emphasized that the U.S. “would be one of only a handful of advanced economies with industry specific outbound investment restrictions distinct from traditional sanctions regimes” if the pending rules are implemented.

Reason to Worry

With the U.S. representing less than five percent of the global population, U.S. innovation depends on magnetism: the ability to draw inward and to leverage global capital, talent, and innovation. On the one hand, the benefits derived from drawing resources inward and from international collaboration are, unfortunately, often long term and not easily perceptible. On the other hand, defensive measures are popular even when the costs of these measures threaten to outweigh the benefits. 

Different defensive measures have different costs and benefits, and, perhaps, some are justified. But the CFIUS mandatory filing rules provide reason to worry that national security policymakers are not considering, or are grotesquely discounting, the costs of some defensive measures and are not trying seriously to mitigate those costs. The tension surrounding this issue—reflected in the proliferation of defensive measures—is now so high that there seem to be few political participants willing to consider the costs of declining U.S. magnetism. That decline is likely to continue, undermining the very advantages the government seeks to protect.

Stephen Heifetz is a Washington national security lawyer who served in Democratic and Republican administrations at the CIA, Department of Justice, and Department of Homeland Security. The views expressed here are his own and not necessarily the views of his employer or its clients.

Subscribe to Lawfare