Results

Baker & Hostetler LLP

07/06/2026 | Press release | Archived content

CFIUS and the Venture Stack: Why Defense Tech Companies Must Treat Investor Strategy as a National Security Issue

07/06/2026|5 minute read
Share

Key Takeaways

  • The Committee on Foreign Investment in the United States is no longer a discrete regulatory hurdle; it is a structural constraint on growth, shaping how companies raise capital, structure governance and scale into U.S. government programs.
  • Early proactive alignment between investor strategy and national security considerations is no longer optional - it is essential to preserving strategic flexibility and growth trajectory.

As U.S. Department of Defense (DoD) demand for autonomy, artificial intelligence (AI) and other dual-use technologies accelerates, companies are encountering a parallel shift in regulatory scrutiny: Foreign investment is no longer a background issue; it is a central determinant of scalability.

The Committee on Foreign Investment in the United States (CFIUS) has evolved into a frontline national security gatekeeper for venture-backed technology companies, with implications reaching far beyond traditional mergers and acquisitions.

For companies building for defense or defense-adjacent markets, capital formation and regulatory exposure are now inextricably linked.

1. CFIUS Jurisdiction Now Extends Deep into Venture Capital

Historically, CFIUS focused on transactions involving foreign control of U.S. businesses. That paradigm shifted significantly with the Foreign Investment Risk Review Modernization Act of 2018.

Today, CFIUS has the authority to review:

  • Noncontrolling minority investments by foreign persons into U.S. businesses
  • Certain real estate and data-related transactions involving the purchase or lease by, or a concession to, a foreign person of certain U.S. real estate even where no transfer of control occurs

For venture-backed companies, this means that standard venture capital structures can fall squarely within CFIUS jurisdiction, particularly where foreign capital is involved.

2. Dual-Use Companies Are in Scope and May Be Subject to Mandatory Review

CFIUS actively reviews investments in so-called TID U.S. businesses, which are companies involved in:

  • Technology: critical technologies (including AI, autonomy and other export-controlled innovations)
  • Infrastructure: critical infrastructure
  • Data: sensitive personal data

Investments into TID U.S. businesses can be subject to mandatory CFIUS filings, including for certain noncontrolling minority investments that confer board seats, observer rights or access to material nonpublic technical information.

For many emerging defense and dual-use companies, this definition applies early in the company life cycle, even before formal DoD contracts or Programs of Record are secured.

3. DoD Engagement Significantly Elevates Risk

CFIUS analysis focuses on whether foreign investment could create national security vulnerabilities, including:

  • Access to sensitive technology or data
  • Disruption of the defense industrial base or supply chains
  • Unauthorized transfer of military-relevant capabilities

As companies transition from prototyping and pilot programs into active deployment with military end users, CFIUS risk typically increases - often faster than internal governance structures evolve.

4. Outcomes Frequently Reshape Company Governance

Although CFIUS retains the authority to block transactions, the more common outcome to address national security concerns is conditional approval subject to mitigation measures, which may include:

  • Restrictions on investor governance rights
  • Limitations on access to technical data
  • Implementation of information security controls
  • Ongoing monitoring or third-party oversight

These mitigation measures can materially affect:

  • Board composition
  • Information sharing within the company
  • Operational autonomy and decision-making
  • Access to and the structure of venture financing

In many cases, CFIUS mitigation effectively rewrites the practical terms of an investment.

5. Enforcement and Scrutiny Are Increasing

Recent data reflects a clear trend toward more aggressive enforcement and earlier intervention:

  • Expanded monitoring of non-notified transactions, as reflected in the U.S. Treasury Department's recent CFIUS annual reports[1]
  • Increased site visits and compliance oversight[2]
  • Rising penalties for noncompliance or failure to file when required[3]

CFIUS is also demonstrating a growing willingness to revisit transactions after closing and impose conditions or require divestiture after the fact.[4]

6. Strategic Implications for Defense and Dual-Use Companies

The convergence of venture capital and national security review has created a new operating environment in which investment decisions must be evaluated not only for economic impact but also for long-term regulatory and operational consequences.

Companies that successfully navigate this landscape typically:

  • Assess CFIUS exposure at the outset of fundraising; not after term sheets or financing documents are executed
  • Structure governance rights carefully, particularly with respect to foreign investors
  • Align capital sources with long-term DoD engagement strategies
  • Consider export control, CFIUS and national security posture holistically

Key Takeaway

For defense and dual-use technology companies:

Your cap table is now part of your compliance architecture.

CFIUS is no longer a discrete regulatory hurdle; it is a structural constraint on growth, shaping how companies:

  • Raise capital
  • Structure governance
  • Scale into U.S. government programs

Early proactive alignment between investor strategy and national security considerations is no longer optional; it is essential to preserving strategic flexibility and growth trajectory.

[1] See U.S. Dep't of the Treasury, Committee on Foreign Investment in the United States, Annual Report to Congress for Calendar Year 2023, section on Non-Notified/Non-Declared Transactions (reporting that CFIUS identified and requested information regarding 60 non-notified transactions in 2023 and requested formal filings for 13 of those transactions); U.S. Dep't of the Treasury, Committee on Foreign Investment in the United States, Annual Report to Congress for Calendar Year 2022, section on Non-Notified/Non-Declared Transactions (reporting that CFIUS identified 84 non-notified transactions in 2022, requested filings for 11 of those transactions and also requested filings for eight non-notified transactions identified in prior calendar years); U.S. Dep't of the Treasury, CFIUS Reports and Tables, https://home.treasury.gov/policy-issues/international/the-committee-on-foreign-investment-in-the-united-states-cfius/cfius-reports-and-tables.

[2] See U.S. Dep't of the Treasury, Committee on Foreign Investment in the United States, Annual Report to Congress for Calendar Year 2023, section on Mitigation Measures and Conditions/Compliance Monitoring and Enforcement (reporting that CFIUS was monitoring 246 mitigation agreements and conditions in 2023, conducted 43 site visits, modified 20 mitigation agreements or conditions and terminated 15); U.S. Dep't of the Treasury, Committee on Foreign Investment in the United States, Annual Report to Congress for Calendar Year 2022, section on Monitoring and Enforcement of Mitigation Agreements and Conditions (reporting that CFIUS was monitoring 214 mitigation agreements and conditions in 2022 and conducted 44 site visits, compared with 187 mitigation agreements and conditions and 29 site visits in 2021); U.S. Dep't of the Treasury, CFIUS Reports and Tables, https://home.treasury.gov/policy-issues/international/the-committee-on-foreign-investment-in-the-united-states-cfius/cfius-reports-and-tables.

[3] See U.S. Dep't of the Treasury, Committee on Foreign Investment in the United States, Annual Report to Congress for Calendar Year 2023, section on Compliance Monitoring and Enforcement (reporting that CFIUS assessed four civil monetary penalties in 2023 for breaches of material provisions in mitigation agreements and undertook investigations concerning compliance with mandatory filing requirements); U.S. Dep't of the Treasury, Committee on Foreign Investment in the United States, Annual Report to Congress for Calendar Year 2022, section on Monitoring and Enforcement of Mitigation Agreements and Conditions (reporting no penalties in 2022 but increased monitoring activity); U.S. Dep't of the Treasury, CFIUS Enforcement and Penalty Guidelines (Oct. 2022), https://home.treasury.gov/system/files/206/CFIUS-Enforcement-and-Penalty-Guidelines.pdf; U.S. Dep't of the Treasury, Final Rule: Provisions Pertaining to Certain Investments in the United States by Foreign Persons and Certain Transactions by Foreign Persons Involving Real Estate in the United States, 89 Fed. Reg. 93612, 93612-13 (Nov. 26, 2024), https://www.federalregister.gov/documents/2024/11/26/2024-27445/provisions-pertaining-to-certain-investments-in-the-united-states-by-foreign-persons-and-certain.

[4] See U.S. Dep't of the Treasury, Committee on Foreign Investment in the United States, Annual Report to Congress for Calendar Year 2023, sections on Non-Notified/Non-Declared Transactions and Mitigation Measures and Conditions (reporting CFIUS' review of non-notified transactions and identifying mitigation measures that may include limiting access to technology, systems, facilities, projects or sensitive information; requiring prior U.S. government notification or approval for changes in ownership or rights; and requiring divestiture by the foreign acquirer of all or part of the U.S. business); U.S. Dep't of the Treasury, Committee on Foreign Investment in the United States, Annual Report to Congress for Calendar Year 2022, sections on Non-Notified/Non-Declared Transactions and Mitigation Measures and Conditions (reporting CFIUS' requests for filings on non-notified transactions and mitigation conditions, including mitigation imposed in withdrawn and abandoned transactions and interim mitigation measures); 50 U.S.C. § 4565(b)(1)(D), (d), (k)(5), (l)(3).

Related Services

Plus
Baker & Hostetler LLP published this content on July 06, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on July 15, 2026 at 18:01 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at [email protected]