November 18, 2022
Originally published in The Hill
The recently released National Security Strategy sets forth the Biden administration’s approach to a changing world at an inflection point providing a roadmap for the administration and for Congress. The administration’s national security priorities largely echo those of past administrations, but they diverge with their focus on a “modern industrial and innovation strategy” that promises deep use of industrial and economic tools to create a bulwark against autocracies like Russia and China. The resulting message is clear: The administration’s national security goals are inherently tied to, and will necessarily impact, a broad swath of American companies.
Five areas of the strategy stand-out for their potential impact on companies.
First, increased investment scrutiny will ensure the Committee on Foreign Investment in the United States (CFIUS), with its expansive authority to review foreign investments, continues to be a prominent national security tool. The strategy also contemplates new outbound investment restrictions, which have been gaining congressional momentum as well. Should “reverse-CFIUS” come into effect, companies will need to transform their outbound investment strategies, planning for increased investment timelines, heightened scrutiny for investments in certain sectors and in certain countries, and potentially restrictions on certain outbound investments deemed to pose national security risk. Further, increased export controls will require companies to reinforce compliance programs and reevaluate offshoring operations. As the Commerce Department’s recent semiconductor restrictions demonstrate, new regulations can quickly reverberate across an industry, in some cases having a material impact.
Second, foreign policy and domestic policy lines blur with the focus on making strategic public investments in strategic sectors and supply chains, especially critical and emerging technologies. New laws, including the CHIPS and Science Act and the Inflation Reduction Act, illustrate the administration’s commitment — and congressional support — for such investments. These investments can be a significant catalyst for technological innovation for the private sector. However, companies will need to be clear on the tradeoffs that such subsidies present, as business decisions may be impacted, such as whether certain operations can be offshored.
Third, the administration’s focus on supply chain integrity and resilience means that companies — especially those in critical technology industries — may leverage this support to further optimize their supply chains and improve resilience. But it also means that in the short-term, as the administration focuses on countering Chinese influence, companies may feel pressure to improve knowledge of their supply chain, identify geographically diverse suppliers, and develop shorter-term, more flexible contracts with suppliers to better adapt to changes in supply chains. Many companies began laying the foundation for improved supply chain resilience with the COVID-19 pandemic. These efforts may need to accelerate, and companies will need to develop a sound business and legal strategy to enable operations relying on complex global supply chains in a fracturing geopolitical environment. The impact of the new semiconductor restrictions underscore supply chain complexity and the need to quickly adapt to changing regulatory requirements to minimize operational impact.
Fourth, securing critical infrastructure and strengthening cybersecurity will significantly impact the private sector, given the common cite that 85 percent of critical infrastructure is in the private sector. We have seen this start to play out with the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) giving the Cybersecurity and Infrastructure Security Agency (CISA) an increased mandate to develop critical infrastructure cybersecurity regulations, the setting of minimum security standards for federal software use, and recent White House announcements that communications, water and health care sectors are next on the administration’s cyber priority list. Companies in critical infrastructure must not only prepare for incoming cyber regulations, but ensure they properly invest in cybersecurity, adopting a “shields up” posture to defend against attacks perpetrated by a range of threat actors, including Russia.
Finally, the push to develop an inclusive international technology ecosystem likely means companies will need to navigate an increasingly regulated environment. An important prong of “transformative cooperation“ with Europe will focus on adequate privacy protections, building on the recent executive order on EU-U.S. data transfers. Practically, this means that companies should ensure transfer impact assessments are updated, evaluate the sufficiency of data transfer mechanisms, and adjust their commercial models as appropriate. There is also likely to be renewed focus on regulation of internet operating standards to ensure that standards governing the internet continue to promote core tenets of democracy, such as free speech.
Top Democrats support the administration’s strategy. Republicans have criticized the strategy. The midterm elections will play a key role in determining the likelihood of translating the strategy into legislative action. If the Democrats retain control of Congress, expect to see more legislative activity. However, if either the House or the Senate flips, then the administration’s national security priorities may not materialize in congressional action. Instead, the administration will likely focus more on executive national security authorities to progress the strategy’s objectives. The recent National Biotechnology and Biomanufacturing Initiative could serve as a blueprint. Regulatory agencies have also been assertive in issuing new regulations to achieve national security goals, such as the recent export control restrictions on advanced semiconductors and supercomputing. But, as Republicans are already calling for a congressional review of the handling of export controls should the House flip, there could be greater scrutiny of regulatory agencies should the Republicans gain control.
Regardless of how events play out on Election Day, the strategy’s focus on industrial and economic tools of national power portends significant impact on companies.
Stephenie Gosnell Handler is a partner in Gibson Dunn’s Washington, D.C. office, where she is a member of the International Trade and Privacy, Cybersecurity and Data Innovation practices. She advises clients on complex legal, regulatory and compliance issues relating to international trade, cybersecurity and technology matters. Handler’s legal advice is deeply informed by her operational cybersecurity and in-house legal experience at McKinsey & Company, as well as by her active-duty service in the U.S. Marine Corps.
Roscoe Jones Jr. is a partner in Gibson, Dunn & Crutcher’s Washington, D.C. office and co-chairs the firm’s Public Policy Group and serves as a core member of the Congressional Investigations practice group. Recognized in 2022 as one of Lawdragon’s “500 Leading Lawyers in America,” Jones has represented companies, nonprofits and individuals in legislative and policy matters before the Congress and executive branch. Jones has almost a decade of Capitol Hill experience advising three U.S. senators and a member of Congress and political experience in the executive branch.
Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s International Trade or Public Policy practice groups, or the following:
*Mr. Smith is admitted only in Illinois and practicing under the supervision of members of the District of Columbia Bar under D.C. App. R. 49. Mr. Vidyarhi is a recent law graduate in the firm’s New York office who is not admitted to practice law.
© 2022 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.