CFIUS Review
The Committee on Foreign Investment in the United States — an interagency body that reviews acquisitions of US businesses by foreign buyers for national security implications. CFIUS can recommend the President block a deal, require divestitures of sensitive assets, or impose operating conditions (mitigation agreements). Filing is mandatory for certain transactions involving foreign government ownership; voluntary for others. Deals in defense, semiconductors, critical infrastructure, sensitive personal data, and advanced technology face the highest scrutiny. Processing time: 30-45 days for standard review, up to 90 days for full investigation.
Full Definition
The Committee on Foreign Investment in the United States (CFIUS) is an interagency government body that reviews acquisitions of US businesses by foreign persons or entities for potential national security risks. CFIUS operates under the authority of the Foreign Investment Risk Review Modernization Act (FIRRMA) of 2018 and can recommend mitigation measures, require deal restructuring, or recommend that the President block a transaction outright.
Who is subject to CFIUS review: CFIUS jurisdiction covers "covered transactions" — any acquisition by a foreign person that could result in control of a US business. "Control" is broadly defined to include ownership, management rights, or other authority to determine significant business decisions. FIRRMA expanded CFIUS authority to also cover certain non-controlling minority investments in "TID US businesses" (Technology, Infrastructure, and Data businesses) and real estate transactions near sensitive government facilities.
Mandatory vs. voluntary filings: Some transactions require mandatory CFIUS filing: certain investments in TID businesses (businesses in critical technology, critical infrastructure, or handling sensitive personal data) by foreign government-related investors. Most other covered transactions are voluntary — parties can choose to file for a CFIUS clearance (gaining legal safe harbor) or close without filing and risk a post-close CFIUS review. In practice, sophisticated buyers in sensitive sectors almost always file voluntarily to obtain certainty.
The review process: CFIUS conducts an initial 30-day review, followed by an optional 45-day national security investigation. During review, CFIUS may request additional information or negotiate "mitigation agreements" — operational restrictions like limiting foreign access to sensitive technology or data, establishing security policies, or requiring US persons on specific oversight committees. Mitigation agreements can significantly constrain post-close operations. If CFIUS can't adequately address national security concerns through mitigation, it recommends that the President block the deal.
Sectors of heightened scrutiny: Defense contractors, semiconductors, telecommunications infrastructure, AI and advanced computing, healthcare data businesses, utilities, and financial services all face elevated CFIUS scrutiny. Any business that handles sensitive personal data of US citizens (even non-sensitive data at sufficient scale) is within CFIUS's expanded jurisdiction under FIRRMA.
Seller vs. Buyer Perspective
If your buyer is foreign — or is a US entity with significant foreign ownership — assess CFIUS filing requirements before signing. A deal that closes without filing but should have can be unwound by CFIUS post-close, which means your proceeds are at risk and you may have to repurchase or reacquire the business. Include a regulatory approval condition and regulatory efforts covenant in your purchase agreement if CFIUS risk is present. Also negotiate a reverse breakup fee that covers your costs if the deal is blocked or abandoned due to regulatory issues.
Assess CFIUS exposure at the beginning of any deal involving a US target, especially if you are foreign or have foreign investors above certain thresholds. The CFIUS timeline (up to 75 days for standard review) must be built into your deal closing timeline. If mitigation is likely (operational restrictions on your post-close business), model those constraints into your investment thesis before signing. Deals blocked by CFIUS cannot be appealed in US courts — the President's decision is final. Assess the risk honestly before committing capital.
Real-World Example
A South Korean semiconductor equipment manufacturer acquires a Texas-based advanced lithography equipment company. Despite no mandatory filing obligation, the parties file voluntarily for CFIUS clearance because the target develops dual-use technology with defense applications. CFIUS clears the transaction after a 30-day review plus 20-day investigation, subject to a mitigation agreement requiring: segregated access controls for sensitive IP, a Government Security Committee with US citizen board members, and annual compliance reporting. The deal closes 67 days after the CFIUS application is submitted.
Why It Matters & Common Pitfalls
- !CFIUS jurisdiction has expanded significantly since 2018. FIRRMA extended CFIUS's reach beyond traditional control acquisitions to include minority investments in TID businesses. US companies that handle healthcare data, financial data, or geolocation data at scale may be subject to CFIUS review even for non-controlling foreign investments. Legal counsel specializing in CFIUS is essential — this is not a general M&A attorney's area.
- !Post-close reviews can unwind completed transactions. CFIUS can initiate post-close reviews of deals where no filing was made. Parties that close a covered transaction without voluntary filing take the risk of a post-close CFIUS investigation that could force divestiture or require retrofitting mitigation measures at significant cost.
- !Mitigation agreements have long-term compliance costs. A CFIUS mitigation agreement is a binding legal obligation that follows the company for years. Compliance programs, security officers, access controls, and reporting requirements create ongoing administrative and operational costs. Budget for these in your acquisition model.
- !Allied country investors still face scrutiny. CFIUS applies to all foreign persons, including investors from US allies. Investments from the UK, Japan, South Korea, Germany, and other allied nations have faced CFIUS scrutiny in sensitive technology sectors. Allied status is a factor but not an exemption.
Frequently Asked Questions
What is CFIUS?↓
When does CFIUS review apply?↓
Related Terms
Hart-Scott-Rodino (HSR) Act
A federal law requiring advance notification to the FTC and DOJ for M&A transactions above certain size thresholds — triggering a mandatory waiting period for antitrust review before closing.
Regulatory Approvals
Government authorizations required before specific M&A transactions can close. Common categories: antitrust/competition (HSR Act filings for deals above thresholds), financial services (banking regulators for financial institution acquisitions), healthcare (state healthcare authority approvals for hospital, physician practice, or insurance deals), foreign investment (CFIUS review when foreign parties are involved), and professional licensing (state board approvals for licensed business transfers). Missing regulatory approvals is a closing condition failure.
Closing Conditions
Closing conditions are requirements that must be met before a deal can close — regulatory approvals, rep accuracy, no material adverse change. Failure to satisfy can delay or kill deals.
Get Weekly M&A Insights
Valuation data, deal analysis, and plain-English M&A education — every week.
The LegacyVector Newsletter
Join 5,000+ business owners, investors, and buyers who get weekly M&A market data and deal insights.
- Weekly valuation multiples by industry
- SBA lending rates & deal financing data
- Market trends & acquisition opportunities
No spam. Unsubscribe anytime. Free forever.
Disclaimer: The information provided on this page is for educational and informational purposes only. It should not be considered financial, legal, or investment advice. Business valuations depend on many factors specific to each situation. Always consult with qualified professionals — including business brokers, CPAs, and M&A attorneys — before making acquisition or sale decisions. LegacyVector is not a licensed broker, financial advisor, or attorney. Data shown may be based on limited samples and may not reflect current market conditions.
LegacyVector Research Team
Reviewed by M&A professionals · Updated April 2026