Following completion of a review by the Committee on Foreign Investment in the United States (“CFIUS”), President Trump recently issued an Executive Order requiring ByteDance to, among other things, divest itself of assets and property that enable or support operation of the TikTok application in the United States within 90 days (the “CFIUS Order”).  This was not an unexpected outcome.  We previously reported on the unusual nature of CFIUS’s review here.  The week before, President Trump issued a different Executive Order authorizing the Commerce Department to prohibit transactions involving a U.S. person or within the jurisdiction of the United States with ByteDance (the “Commerce Order”), with details of the restrictions to come in 45 days.  We previously reported on the Commerce Order here.  According to press reports, negotiations for a possible acquisition of TikTok continue, and it remains to be seen whether those restrictions will come to fruition and on what timetable.

Leaving the future of TikTok aside, the existence of the two orders underlines that the approach to ByteDance/TikTok is a striking departure from ordinary CFIUS practice.  CFIUS’s purpose is to prevent acquisitions of critical U.S. assets by potentially hostile foreign buyers that might endanger national security.  The concern with TikTok, though, as underlined by the Commerce Order, appears to have little to do with the assets that ByteDance purchased.  Instead, it is with the massive growth in popularity of the TikTok platform and the use of Chinese goods and services in the United States.  This matter appears to involve a new form of restriction—in a sense, “import controls”—designed to restrict not which U.S. assets foreign persons may buy but which foreign companies U.S. persons and companies may deal with.

The Commerce Order

As we previously reported, it appears that the Commerce Order is designed to prohibit use of the TikTok app within the United States, although the contours of the implementing regulations remain unclear and the Commerce Order provides authority to prohibit any U.S. person or U.S. company anywhere in the world, and any person physically within the United States, from engaging in any transaction directly or indirectly involving ByteDance.

The end goal of the Commerce Order (and a parallel order relating to WeChat) appears to be to prohibit the import of products or services by U.S. persons or companies.  While there have been U.S. embargoes on countries like Cuba and Iran, there have not been general prohibitions on purchases from disfavored foreign companies.  The closest example is the recent Executive Order relating to the information technology and communications supply chain, discussed in a previous memo, which permits the Commerce Department to review transactions with foreign suppliers on a case-by-case basis.  A similar Executive Order gives the Energy Department authority to review and prohibit acquisitions of foreign-origin equipment for use in the U.S. bulk-power system on national security grounds.  The notion that U.S. consumers and companies should be prohibited from purchasing particular foreign-origin goods or services, outside the context of a broad-based embargo, is a new and expanding one.

The CFIUS Order

The CFIUS Order also appears to go beyond CFIUS’s historical scope in order to reach assets outside the United States, a significant extraterritorial expansion of CFIUS review.  CFIUS was meant to protect the U.S. defense industrial base and other U.S. assets critical to national security.  CFIUS’s origins lie in amendments to the Defense Production Act of 1950 (the “DPA”), which was intended to facilitate the production of goods and services necessary for national security.  As national security concerns have evolved, the scope of CFIUS’s review of foreign acquisitions has evolved as well, and subsequent statutes have recognized that the industries relevant to “national security” are broader than those who manufacture bombs and tanks.  However, CFIUS’s mandate has remained consistent: to ensure that foreign persons do not acquire U.S. assets that are critical to national defense or national security.

The Commerce Order clearly goes beyond that.  Less immediately obvious is that the CFIUS Order appears to do so as well.  Normally, a presidential order prohibiting an acquisition of a foreign company under the authority of CFIUS is expected to bar only the acquisition of assets and subsidiaries in the United States.  For example, when President Obama barred the acquisition of German semiconductor manufacturer Aixtron SE by a consortium of Chinese investors, the order applied to the U.S. subsidiary and “any asset of Aixtron or AIXTRON, Inc. used in, or owned for the use in or benefit of, the activities in interstate commerce in the United States of Aixtron, Inc.”  The CFIUS Order appears to reach well beyond the acquired assets of in the United States, requiring ByteDance to divest “any tangible or intangible assets or property, wherever located, used to enable or support ByteDance’s operation of the TikTok application in the United States, as determined by the Committee.” The CFIUS Order explicitly appears to reach assets located outside the United States used to support services provided inside the United States (which might include servers, research and development, etc.), which traditionally has been thought to be outside CFIUS’s jurisdiction.  (In Aixtron, for example, the transfer of the German parent had to be addressed by the German government.)  Moreover, it is not on its face limited to assets ByteDance acquired from, or that were even in existence at the time of the acquisition, but rather all assets used to support operation of the combined business in the United States.

CFIUS’s underlying statutory and regulatory authorities provide little guidance as to scope.  As we noted previously, CFIUS did, in the FIRRMA implementing regulations, revise its definition of “U.S. business”; previously, it was defined as “any entity, irrespective of the nationality of the persons that control it, engaged in interstate commerce in the United States, but only to the extent of its activities in interstate commerce” (emphasis added), but in the most recent revisions to CFIUS’s statute and the implementing regulations, the final clause was removed.  However, in adopting the revised regulations, CFIUS provided the following explanation:

The proposed definition tracks the language of FIRRMA and is not intended to suggest that the extent of a business’s activities in interstate commerce in the United States is irrelevant to the Committee’s analysis of national security risk. The rule also makes amendments to example 2 of § 800.252(b) to illustrate that a business may export and license technology and provide services into the United States, yet not qualify as a U.S. business for purposes of the rule.

Senior CFIUS staff have also orally stated that the change in definition was not intended to signal a significant change in scope, but noted that it was revised to follow the new statutory definition of “United States business” as “a person engaged in interstate commerce in the United States,” and similar language has been in the CFIUS statute since its inception (simply using the phrase “person engaged in interstate commerce in the United States” where “United States business” is used now).  There is no indication in FIRRMA’s legislative history that an expansion of the scope of CFIUS’s extraterritorial jurisdiction was intended.  The limits on the President’s extraterritorial remedial authority are no better defined; the CFIUS statute says only that “the President may take such action for such time as the President considers appropriate to suspend or prohibit any covered transaction that threatens to impair the national security of the United States.”

If the CFIUS Order in fact reaches assets outside the United States used to provide services to U.S. persons and assets that were not in fact acquired from, that would be a significant expansion of CFIUS’s asserted jurisdiction with potentially far-reaching implications for overseas transactions involving companies with U.S. customers.  Along with the erosion of confidentiality and national security focus of the TikTok review discussed in our previous post, these developments bear close monitoring by international dealmakers to see whether this is a one-off aberration or a signal of a significant change in CFIUS’s scope.