What Is CFIUS and How Does It Control Foreign Investment in U.S. Critical Infrastructure?
The interagency body that blocks foreign acquisitions of sensitive U.S. assets now stands at the centre of technological sovereignty, capital flows, and the U.S.-China competition.
The Committee on Foreign Investment in the United States (CFIUS) is an interagency body with authority to review, condition, or block foreign acquisitions of U.S. companies and assets on national security grounds, operating as the primary institutional mechanism through which Washington reconciles capital openness with technological sovereignty. Established in 1975 and significantly expanded under the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), CFIUS reviews approximately 200-300 transactions annually, with jurisdiction extending beyond traditional defence contractors to semiconductor fabs, AI startups, energy infrastructure, and telecommunications networks.
Recent high-profile cases—including Saudi Arabia’s $5 billion investment in SpaceX and heightened scrutiny of Chinese capital in U.S. chipmakers—have brought CFIUS from bureaucratic obscurity into the centre of geopolitical competition. The committee’s expanding mandate reflects a fundamental tension: the United States built its technological lead partly through openness to foreign capital, but now views that same openness as a vulnerability in strategic sectors where national security and economic competitiveness overlap.
Structure and Authority
CFIUS comprises representatives from nine core departments—Treasury (chair), Justice, Homeland Security, Commerce, Defense, State, Energy, the Office of the U.S. Trade Representative, and the Office of Science and Technology Policy—plus observers from the Office of Management and Budget, Council of Economic Advisers, National Security Council, and National Economic Council. According to the U.S. Department of the Treasury, the committee operates by consensus, with the president retaining final authority to block transactions.
The 2018 FIRRMA expansion dramatically broadened CFIUS reach beyond controlling acquisitions. The law introduced mandatory filing requirements for transactions involving critical technologies, Critical Infrastructure, and sensitive personal data, even when the foreign investor does not acquire voting control. It also established jurisdiction over real estate transactions near sensitive government facilities and military installations, closing a loophole that previously allowed foreign entities to purchase land adjacent to naval bases or intelligence facilities without review.
CFIUS derives its authority from Section 721 of the Defense Production Act of 1950, as amended by the Exon-Florio Amendment (1988) and FIRRMA (2018). The committee can impose mitigation measures—such as board observers, data segregation requirements, or supply chain restrictions—or recommend presidential prohibition. Since 1990, presidents have formally blocked five transactions, though countless others were abandoned during review.
What Triggers CFIUS Review
Transactions fall under CFIUS jurisdiction if they result in foreign control of a U.S. business or involve non-controlling investments in specific sectors. ‘Control’ is defined broadly: the power to determine matters affecting management or policy, whether through voting rights, board representation, or contractual arrangements. According to the Council on Foreign Relations, FIRRMA’s critical technology provisions capture investments in firms producing Semiconductors, AI and machine learning systems, quantum computing, hypersonics, and biotechnology—essentially the technologies listed on the Commerce Control List.
The critical infrastructure category extends to telecommunications, energy generation and distribution, water systems, financial market infrastructure, and transportation networks. The sensitive personal data category covers U.S. citizens’ genomic data, biometric data, geolocation information, and financial data when collected at scale. A Chinese firm acquiring a minority stake in a U.S. genomics startup must file; a European conglomerate buying a rural electric cooperative must file; a Middle Eastern sovereign wealth fund taking 10% of a defence AI company must file.
The Review Process
CFIUS operates on a tiered timeline. Parties may file a voluntary notice or, for covered transactions, a mandatory declaration. The committee has 45 days for initial review, followed by an optional 45-day investigation period if national security concerns are identified, and a final 15-day presidential decision window—potentially 105 days total. In practice, according to Skadden analysis of Treasury data, the median timeline runs 90-120 days when investigations are initiated.
The committee may clear a transaction unconditionally, clear it with mitigation measures, or recommend prohibition. Mitigation agreements typically impose structural conditions (carve-outs of sensitive business lines, restrictions on foreign personnel access to certain data or facilities) or operational requirements (mandatory cybersecurity protocols, supply chain diversity mandates, periodic audits). These agreements are binding and enforceable through civil penalties up to the transaction value.
Parties face a strategic calculus: filing triggers scrutiny but provides safe harbour—CFIUS cannot revisit a cleared transaction except for material misrepresentation or breach of mitigation. Not filing when mandatory risks forced divestiture and civil penalties; not filing when voluntary risks indefinite future review authority. The rise of mandatory filings under FIRRMA reduced this optionality, forcing earlier engagement.
Country and Sector Patterns
China accounts for the majority of blocked or withdrawn transactions in recent years. According to Treasury’s 2022 annual report, Chinese investors filed 84 notices that year, representing 25% of total filings, with withdrawal rates significantly higher than other countries. Between 2018 and 2022, transactions involving Chinese parties faced investigation in 60% of cases versus 30% for all other countries combined.
Semiconductor manufacturing attracts particular scrutiny. The U.S. views domestic chip production as existential to military systems, AI development, and economic competitiveness, yet advanced fabs require $15-20 billion in capital and expertise concentrated in Taiwan, South Korea, and Europe. When TSMC announced its Arizona fab in 2020, CFIUS was involved despite the investor being Taiwanese—a nominal ally—because the committee assesses individual transaction risk, not blanket country classifications. The review ultimately cleared with conditions around U.S. personnel requirements and technology transfer restrictions.
The Sovereignty-Capital Tradeoff
CFIUS embodies a core tension in U.S. economic policy: the country benefits from foreign capital inflows that fund innovation and infrastructure, but that same capital can transfer technology, create dependencies, or provide adversaries with leverage. Historically, the U.S. ran the most open investment regime among major economies, attracting $5.6 trillion in foreign direct investment stock as of 2023—more than any other country, per Bureau of Economic Analysis data.
The shift toward restrictions reflects changed threat perception. In the Cold War, the Soviet Union lacked capital to invest in U.S. assets; today, China’s state-directed capital pools—sovereign wealth funds, state-owned enterprises, ostensibly private firms with party ties—operate at scale in global markets. The 2017 attempted acquisition of Lattice Semiconductor by a China-backed fund, blocked by presidential order, illustrated the concern: Lattice’s programmable chips had limited commercial value but potential military applications in missile guidance and satellite systems.
Energy infrastructure adds another dimension. Foreign ownership of U.S. electric grids, pipelines, and renewable facilities raises resilience questions distinct from technology transfer. A hostile actor controlling electricity distribution could weaponise shutdowns; an adversary with access to SCADA systems for natural gas pipelines could disrupt heating in winter or power generation. These scenarios drive CFIUS scrutiny of transactions like the proposed Chinese acquisition of Texas wind farms in 2020, withdrawn after committee intervention.
Emerging Challenges
CFIUS faces three evolving challenges. First, the committee struggles with transactions involving allied countries whose strategic interests diverge from U.S. priorities. Saudi Arabia’s proposed SpaceX investment—currently under review—illustrates this: Saudi Arabia is a security partner in the Middle East but also a competitor in energy markets, a potential technology acquirer for domestic programs, and a state with geopolitical interests (Yemen, regional rivalry with Iran) that do not always align with Washington’s.
Second, CFIUS jurisdiction remains limited to inbound investment in U.S. entities. It cannot block a Chinese firm from acquiring a European chipmaker that supplies U.S. customers, or prevent a U.S. company from building a factory abroad that transfers sensitive technology. The committee’s scope ends at the U.S. border, creating vulnerabilities in global supply chains that transcend domestic review authority.