US regulators have been given broad new powers to review deals on national security grounds if they involve foreign investment across a range of domestic tech companies.

Behind-the-scenes haggling on the matter centered on the tensions between today's global nature of dealmaking and Washington's longstanding policy that aims to safeguard US tech supremacy over China and other rivals.

Newly unveiled rules, however, show that the Committee on Foreign Investment in the US backed off proposed language that, according to critics, could have put undue scrutiny on deals that lawmakers didn't necessarily have in mind when they passed stricter foreign investment legislation in 2018.

Under an earlier draft of the rules, some life sciences industry deals could have been subject to CFIUS review if they involved companies, for example, that obtain sensitive personal information such as genetic data that could be used to identify someone.

Even dating apps, which sometimes capture a trove of personal data, potentially could have been affected.

But in a win for investors, CFIUS officials released final rules that spelled out narrower jurisdiction after requests by lobbyists for the venture capital and private equity industries.

Those groups said they pushed for these and other changes out of fear that the final rules would have a chilling effect even on foreign investors that have small stakes in US-based private funds.

“Passive investment in US funds by foreign investors needs to be protected," said Jeff Farrah, general counsel for the National Venture Capital Association.

Regulators at CFIUS, an interagency panel led by the Treasury Department, have long held the power to block foreigners from taking control of vital US assets. But in light of Washington's growing wariness of threats posed by China, in 2018 Congress passed the Foreign Investment Risk Review Modernization Act, which extended regulatory scrutiny to include transactions that would give foreign investors a non-controlling interest.

The final rules, which are set to take effect Feb. 13, leave unchanged how to define foreign entities, but clarifying their "principal place of business" was a sticking point because of the increasingly international makeup of the many investment groups that take stakes in tech companies.

In the end, the rules define the principal place of business as "the primary location where an entity's management directs, controls or coordinates the entity's activities."

CFIUS doesn't publicly disclose decisions on deals it reviews, but lawyers say that its interventions have led some companies to redo transactions, including some that already had been completed. 

In a rare, high-profile such case last year, Kunlun, the Chinese owner of dating app Grindr, agreed to put the company up for sale because of pressure from CFIUS. Officials have expressed concern in the past about the risk of personal data held by dating apps potentially being used against US citizens, especially men or women in the military.

Clarification of the use of personal data was a focus of the final rules, following pushback from venture capitalists and biotech industry groups.

Initially, officials considered covering life sciences companies that tell prospective investors that they might gather people's genetic information. The final rules on CFIUS coverage now will be limited to data that can be used to trace or identify a person, according to NVCA's Farrah.

Featured image via Trevor Carpenter/Getty Images

Related content