As the US government tries to lessen the threat to national
security from China and other potential adversaries, new rules
legislating how the agency tasked with monitoring foreign
investment handles data is proving problematic for firms.
The section of the Foreign Investment Risk Review
Modernization Act (Firrma) that has beefed up how US antitrust
regulators look at personally identifiable information (PII)
has significantly increased the workload for firms looking to
complete cross-border M&A deals into the US.
The legislation requires an investigation for M&A
transactions for companies that 'maintain(s) or collect(s)
sensitive personal data of United States citizens that may be
exploited in a manner that threatens national
security’. This is a broad definition that
requires a lot of consideration for a non-US domiciled company
to consider before launching an M&A bid, or for a US
company looking to be acquired.