CFIUS Review Culminates in Order Directing ByteDance, Ltd. to Divest TikTok

Citing the existence of credible evidence that ByteDance, Ltd.’s (ByteDance) 2017 acquisition of Musical.ly “threatens to impair the national security of the United States”, the President issued an Executive Order on August 14, 2020, ordering ByteDance to divest all of its interests in the mobile application TikTok within 90 days.  Specifically, the order prohibits the 2017 acquisition along with any ownership interests in Musical.ly by ByteDance.  Further, it directs ByteDance to divest all interests in “any tangible or intangible assets or property, wherever located, used to enable or support ByteDance’s operation of the TikTok application in the United States” and “any data obtained or derived from TikTok application or Musical.ly application users in the United States.”  Following divestiture, ByteDance must certify in writing to the Committee on Foreign Investment in the United States (CFIUS) that it has destroyed that data as well as any copies of that data wherever located.  CFIUS may require an audit to ensure destruction of the data. 

Any sale or transfer of TikTok Inc. (TikTok) is subject to CFIUS approval, and the committee will evaluate whether a subsequent acquisition of TikTok would similarly threaten to impair the national security of the United States.  In making that determination, CFIUS may take into account a number of factors, including whether the buyer is a U.S. citizen or owned by U.S. citizens; has any relationship with ByteDance, or its officers, employees, or shareholders; and can demonstrate that it will support compliance with the Executive Order.  While the order directs ByteDance to divest its interests in TikTok within 90 days of the order (November 12, 2020), CFIUS may extend that deadline up to 30 days. 

Until ByteDance divests all of its interests in TikTok, it must submit weekly reports to CFIUS that describe the company’s divestiture efforts and include a timeline for completion of divestiture.  To ensure compliance with the order, CFIUS may designate U.S. government employees to access the facilities of ByteDance and TikTok in order to (1) inspect books and records; (2) inspect or audit information systems, networks, hardware, software, data, communications, or property under the control of ByteDance or Tiktok; and (3) interview officers, employees, or agents of ByteDance or TikTok.

Commentary

This Executive Order shortly follows an August 6, 2020 Executive Order that prohibits any transactions by a U.S. person with ByteDance or any of its subsidiaries.  While this Executive Order does not explicitly withdraw nor replace the August 6 Executive Order, it allows ByteDance additional time to divest its interests in TikTok.  It must now do so by November 12, 2020, absent an additional extension by CFIUS of up to 30 days.  Because the August 6 Executive Order targets transactions with ByteDance and its subsidiaries, other transactions by U.S. persons involving ByteDance could remain subject to the order even if TikTok is sold to an entity approved by CFIUS.  This new Executive Order does not affect the August 6 Executive Order aimed at WeChat.  For further discussion of the August 6, 2020 TikTok and WeChat Executive Orders, see our client alert: New Executive Orders Start Clock Ticking for TikTok and WeChat.

The prohibition of ByteDance’s 2017 acquisition of Musical.ly serves as a reminder to industry that CFIUS can elect to investigate a transaction post-closing.  While rare, such reviews may result in divestiture of interests in the acquired business, as is the case here.  Whereas transactions filed with and cleared by CFIUS enjoy a safe harbor from subsequent CFIUS review, CFIUS can initiate review of a “non-notified” transaction at any time.  Accordingly, parties to a transaction involving foreign investors should consider the risks of not filing with CFIUS both pre- and post-closing, and should examine whether a filing or declaration is required pursuant to regulations implementing the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA).     

ByteDance’s acquisition of Musical.ly, which was later merged into TikTok, has been the subject of CFIUS review as a non-notified transaction since November 2019.  Although Musical.ly, like its parent ByteDance, is incorporated in the Cayman Islands, CFIUS is authorized to review those transactions where foreign acquisition of “U.S. entities” – interpreted to include those with a substantial U.S. presence – may pose a threat to U.S. national security.  While the CFIUS process is usually cloaked in secrecy – there are confidentiality provisions surrounding CFIUS review – in July 2020, the Secretary of the Treasury took the unusual step in confirming that the acquisition was under CFIUS review.

Upon completion of its review, if CFIUS determines that there are no unresolved national security risks arising from a transaction, it will provide the parties in writing that it has concluded all action with respect to the transaction.  If CFIUS determines that a transaction presents national security risks that cannot be addressed through other laws, CFIUS may impose conditions on the transaction to mitigate such risks or refer the case to the President for decision. 

The President’s exercise of the authority under Section 721 of the Defense Production Act of 1950 to prohibit this transaction is consistent with the outcomes of similar transactions involving Chinese ownership interests in U.S. companies collecting or maintaining sensitive information and signals that CFIUS will continue to heavily scrutinize Chinese ownership in any acquisition subject to CFIUS review.  CFIUS forced Chinese investors to divest from Grindr and PatientsLikeMe in 2019 and from StayNTouch earlier this year.  In those cases, the parties failed to file a notice with CFIUS in advance of the transaction.  Industry might also note that the Executive Order prohibits ByteDance from maintaining a minority stake in TikTok, as it explicitly prohibits the ownership by ByteDance of any interest “whether effected directly or indirectly through ByteDance, or through ByteDance’s subsidiaries, affiliates, or Chinese stakeholders.”  This clause is consistent with FIRRMA’s recent expansion of CFIUS authority to scrutinize minority, non-controlling investments in critical technology companies.  

Chinese foreign direct investment in the United States dropped in 2019 to $5 billion, the lowest since 2009.  While Chinese investment in the United States can and will continue, this high-profile CFIUS case points to the breadth of reach of CFIUS.  Companies seeking to acquire businesses of any nationality that collect or maintain sensitive information on U.S. citizens utilizing tangible or intangible assets of property in the United States should prepare for increased scrutiny from CFIUS.  They might proactively consider mitigation that would be acceptable to them should CFIUS condition its clearance of an acquisition on mitigation of any perceived risk to U.S. national security.