CFIUS — the Committee on Foreign Investment in the United States — is the inter-agency U.S. government body, chaired by the Treasury Secretary, that reviews foreign acquisitions of, and investments in, U.S. businesses for national-security risk. Unlike antitrust review, CFIUS is not about competition — it asks whether a transaction would give a foreign person control or access that threatens U.S. national security. For cross-border deals with a U.S. target, CFIUS can be the decisive regulatory gate.
What it reviews
CFIUS has jurisdiction over transactions that could result in foreign control of a U.S. business, and — since FIRRMA (the Foreign Investment Risk Review Modernization Act of 2018) — over certain non-controlling investments as well. FIRRMA expanded CFIUS's reach to cover non-passive foreign investments in so-called "TID U.S. businesses":
- T — critical Technologies (export-controlled and emerging/foundational tech);
- I — critical Infrastructure (energy, telecom, transportation, finance, etc.); and
- D — sensitive personal Data of U.S. citizens.
It also gave CFIUS jurisdiction over certain real-estate transactions near sensitive government or military sites.
Mandatory vs voluntary filings
Historically, CFIUS filings were voluntary — but parties filed anyway to obtain a "safe harbor" against later unwinding. FIRRMA added mandatory declarations for some deals (e.g., involving certain critical-technology businesses or foreign-government-controlled acquirers). Because CFIUS can act even on non-notified deals, parties to a sensitive foreign acquisition routinely file to obtain certainty.
The process and outcomes
A CFIUS review runs as a short declaration or a longer notice followed by a review and possible investigation (a roughly 45-day review plus a 45-day investigation, with the option of an additional period). Outcomes:
- Clearance — CFIUS concludes there are no unresolved national-security concerns;
- Mitigation — the parties agree to a mitigation agreement (governance restrictions, security protocols, data controls, divesting sensitive assets) as a condition of clearance; or
- Referral to the President, who can block the deal or order an already-closed deal to be unwound — a power exercised in several high-profile cases, often involving acquirers from countries of concern.
Why it matters
CFIUS has become a front-line tool of U.S. economic and security policy, with sharply increased activity and scrutiny — particularly of investments connected to strategic rivals and in sensitive technology, data and infrastructure. For a foreign buyer of a U.S. business, CFIUS risk must be assessed early: it shapes whether a deal is feasible, how it is structured, the timetable, and the agreement's regulatory covenants and termination rights, much as antitrust risk does on the competition side.
See also
- Cross-border M&A — Transactions in which buyer and target are in different jurisdictions. Layers on currency, foreign-investment review, multi-jurisdiction tax planning, employment law and cultural-integration complexity.
- Antitrust and merger control — Government review of mergers to prevent harm to competition.
- Due diligence — The structured investigation a buyer conducts on a target between LOI and closing — covering financial, legal, tax, commercial, operational, IT, HR and environmental workstreams — to verify the seller’s claims, find risks and shape final price and deal terms.
- EU Merger Regulation — Council Regulation (EC) No 139/2004, which gives the European Commission jurisdiction over mergers with an EU dimension. Deals above turnover thresholds are reviewed at EU level rather than by member states.