Akana K.J. Ma, a shareholder at law firm, Buchalter, offers a brief introduction for both US and non-US suppliers on the developments in the US concerning regulatory mandates that will affect business transactions in the aerospace sector.
Since the virus outbreak, I’ve had many conversations with aerospace executives wanting to reposition their companies in response to the business downturn. They remind me of a pilot executing an aerial manoeuvre called the Chandelle. Used since the earliest days of aerial dogfighting, the manoeuvre allows the pilot to change heading by executing a 180º banking turn while increasing speed to prepare the aircraft for an angle of attack in a radically new direction.
As companies reposition for the future, they need to be aware of two recent changes in US laws that affect any aerospace company selling parts or developing technology destined for use in the US market.
Foreign investment approval
All countries exercise some oversight over foreign investment, particularly in industries and technologies deemed vital to national security. Aerospace is such an industry. Prompted by concerns about foreign access to critical US technologies through investment in US companies, the United States recently enacted the Foreign Investment Risk Review Modernisation Act or ‘FIRRMA’. It is the most far-reaching and protective change in the laws that regulate foreign investment in the US.
The new law greatly expands the scope and authority of the US government to review any non-controlling investment in US businesses involved in critical technologies, critical infrastructure, or collecting personal data. Prior to FIRRMA, requests that the US government review foreign investments were voluntary; the new law makes the filing process mandatory for many of these investments.
Non-US companies or individuals wishing to invest in US businesses holding critical technologies now need to weigh the risk of US approval before proceeding. Mere access, rather than actual possession, of controlled commercial or military information could now inadvertently draw US government scrutiny. Being on a board of directors; controlling management decisions or financial control of a US business with access to such information – all of these could trigger the requirement of US government approval. Critical technologies include any commodities or technical data requiring prior US regulatory authorisation prior to disclosure to a Non-US Person in any of 27 business or technology categories, nearly all of which are integral to the aerospace industry. So, almost any investment in a US aerospace business could now mean mandatory review and approval by the US government.
The supply chain for the US government is worldwide. US procurement law has stipulated cybersecurity standards for years, but the enforcement of those standards changed in June 2020. Previously, US and foreign aerospace parts vendors for commercial and military projects often qualified by merely stating in bid packages that they were in the process of implementing cybersecurity protocols. By contrast, in a few months, the US Department of Defense and other federal agencies will require any vendor to have actually completed a much stricter cybersecurity standard. The new standard, the Cybersecurity Maturity Model Certification or ‘CMMC’ supersedes National Institute of Standards and Technology (NIST) 800-171 as the prevailing US government cybersecurity standard. Whereas the NIST standard has approximately 150 security protocols, the CMMC triples that. So, aerospace companies need to start preparing as soon as possible.
In order to be successful in repositioning their companies and selling into the US market, aerospace executives should be aware of these regulatory changes to protect technology through stricter oversight of foreign investment and a new cybersecurity standard.
Akana K.J. Ma is a shareholder at the law firm, Buchalter. An international trade attorney for more than 30 years, he represents aerospace and advanced materials manufacturers in a wide spectrum of cross-border business transactions and regulatory compliance.