Last updated 5 months ago. Our resources are updated regularly but please keep in mind that links, programs, policies, and contact information do change.
- CFIUS Jurisdiction Over Technology Deals
- Foreign Investment and CFIUS Jurisdiction
- National Security Considerations in AI Deals
- CFIUS Review Timeline and Process
- Confidentiality and Precedent in CFIUS Decisions
- Conditions CFIUS Imposes on Approved Deals
- Multi-Agency Review of the Same Transaction
- Broader Policy Implications
- Unique Challenges in AI Transactions
- Company Strategies for CFIUS Review
Most people have never heard of CFIUS. But this federal committee has the authority to block deals, force companies to change how they operate, or unwind transactions years after they close. No appeal. No court can overturn the decision.
The Amazon-OpenAI deal puts CFIUS in an unusual position. This isn’t a straightforward foreign acquisition—Amazon is American, OpenAI is American. But how modern venture funding works means foreign money participates in almost every major funding round. If government investment funds from the Middle East participate in OpenAI’s funding, as reporting suggests they might, CFIUS can then review the deal. Once CFIUS has jurisdiction over an AI deal, the analysis gets complicated fast.
CFIUS Jurisdiction Over Technology Deals
The committee’s jurisdiction now extends beyond acquisitions to minority stakes, non-controlling positions, and situations where foreign investors get specific rights or access to sensitive information. A foreign investor doesn’t need to control a company to trigger CFIUS review anymore. Board observation rights can be enough. Access to technical information can be enough.
For AI companies, this expansion matters because of how the committee categorizes businesses. The law created a concept for companies in three categories: critical technology, critical infrastructure, or sensitive personal data. Any foreign stake in these businesses triggers CFIUS jurisdiction, even minority positions, if the investor gets certain governance rights.
OpenAI qualifies on multiple grounds. Its large language models are technology that falls within categories the government has identified as critical. The company processes enormous quantities of data to train those models. AI itself sits on the government’s Critical and Emerging Technologies list. The White House updated this list in February 2024 to specifically highlight advanced AI systems that can process text, images, and other data types.
That designation meant any foreign stake in a company developing these technologies enters CFIUS review with heightened scrutiny.
Foreign Investment and CFIUS Jurisdiction
Amazon is a U.S. company. If this were purely a domestic transaction—Amazon writing a check to OpenAI with no other investors involved—CFIUS wouldn’t have jurisdiction.
But OpenAI’s funding round reportedly includes foreign investors. Middle Eastern government investment funds have been courting OpenAI for opportunities. The moment a foreign investor participates in the round with meaningful governance rights, CFIUS can review the deal.
The triggering rights are specific: access to important secret technical details about the business, board membership or observer rights, involvement in substantive decision-making, or access to sensitive personal data. A passive financial position without these rights might not trigger review. But government investment funds don’t typically invest billions without having a say—they want board seats, information rights, and influence over strategic decisions.
Saudi Arabia’s Public Investment Fund and Abu Dhabi’s Mubadala are both government-controlled entities. If either invests substantially in OpenAI with governance rights, mandatory investigation procedures apply.
National Security Considerations in AI Deals
The law doesn’t define “national security”—on purpose, because threats change faster than laws. This gives CFIUS enormous discretion.
In practice, the committee considers a long list of factors: Does the transaction give foreign entities control over technology used by the U.S. military? Does it create cybersecurity vulnerabilities? Does it affect critical infrastructure?
For AI specifically, CFIUS has started articulating what makes these deals sensitive. Large language models can be used for both civilian and military purposes. The same model that optimizes business processes can be applied to military targeting or intelligence analysis. That character means foreign control of AI development carries inherent military implications.
Then there’s the data question. OpenAI’s systems contain intellectual property, user information, and potentially sensitive government or military data if defense contractors or agencies use the technology. Foreign investors gaining access to that data—even indirectly through board observation or information rights—raises concerns that foreign governments could steal sensitive information.
The infrastructure angle adds another layer. OpenAI runs on Amazon Web Services. AWS dominates cloud computing in the U.S., and AWS infrastructure is what most AI companies use to train and deploy models at scale. When CFIUS evaluates an Amazon stake in OpenAI, it can’t ignore that Amazon controls the infrastructure OpenAI operates on. Could restrictions on AWS affect OpenAI’s capabilities? Could dependencies between the companies create vulnerabilities? These systemic questions have become central to how the committee analyzes modern technology deals.
CFIUS Review Timeline and Process
CFIUS offers transaction parties two filing options: a short-form “declaration” or a longer “notice.” CFIUS can convert a declaration to a full notice review if it needs more information, which extends the timeline substantially.
In practice, complex technology deals often take 120 to 180 days once you factor in back-and-forth questions.
During review, the committee sends written questions to the parties through the Treasury Department. For complex AI transactions, these question-and-answer cycles can be extensive. The committee has access to classified intelligence that parties don’t see. This leads to questions about implications that are difficult to answer without understanding what specific concerns drive the inquiry.
If the committee can’t resolve concerns by the end of investigation, it can refer the matter to the President. The President has 15 days to decide whether to block the transaction or impose conditions. Most transactions are either cleared, cleared with conditions, or withdrawn by parties who determine that approval isn’t feasible given business timelines.
Confidentiality and Precedent in CFIUS Decisions
One challenge in predicting how the committee will approach the Amazon-OpenAI deal: it keeps its decisions secret by law. This confidentiality protects information and transaction details. But it creates uncertainty. Companies can’t easily determine what factors drove past decisions, what conditions are typically imposed, or what structures successfully pass review.
For AI specifically, the closest precedent comes from scrutiny of major technology company deals. The FTC has investigated large tech company stakes in AI startups, but not as matters of concern—the FTC’s focus is competition law.
The limited precedent creates strategic uncertainty. Neither Amazon nor OpenAI knows exactly what standards will be applied, what information matters most, or what conditions might be imposed.
Conditions CFIUS Imposes on Approved Deals
The committee rarely blocks transactions outright. Far more commonly, it identifies concerns and negotiates deals that address security concerns to allow transactions to proceed.
These agreements can impose substantial operational restrictions. Common conditions include limitations on foreign investors’ access to sensitive technology or data, requirements that company leadership and board members be U.S. citizens, mandatory separation of sensitive operations into secure facilities, restrictions on technology transfer, and requirements for third-party compliance monitoring.
For an Amazon-OpenAI deal, possible conditions might include restrictions on foreign investors’ access to certain systems or models. The committee might require that sensitive development work be conducted on AWS GovCloud rather than commercial AWS, or impose restrictions on sharing AI models with certain countries. It might also require that foreign investors have no say in company decisions, or that foreign board representatives be removed after a specified period.
Companies that accept more restrictions get faster approval. Companies pushing back face longer review timelines and greater uncertainty. For a deal valued in the hundreds of billions, even relatively modest operational restrictions might be acceptable tradeoffs for speed.
Multi-Agency Review of the Same Transaction
CFIUS isn’t the only regulator looking at the Amazon-OpenAI deal. The Federal Trade Commission has jurisdiction under antitrust law. The Commerce Department’s Bureau of Industry and Security has jurisdiction over AI model export controls. All three agencies can independently review aspects of the same transaction, and their timelines don’t coordinate.
This means that even if the committee quickly approves the deal, approval could still be delayed by FTC investigation or Commerce Department export control determinations. The FTC has explicitly launched an investigation into major tech company AI partnerships, issuing legally required requests for information to Alphabet, Amazon, Anthropic, Microsoft, and OpenAI about their AI partnerships.
The committee and the FTC can impose conflicting requirements. The committee might require restrictions on AWS’s access to OpenAI models to ensure foreign investors cannot influence AWS’s market position. The FTC might require that AWS’s access not be restricted to prevent Amazon from unfairly blocking competitors’ access. Resolving such conflicts becomes a negotiation between agencies, and transaction parties wait for inter-agency agreement before deals can close.
Broader Policy Implications
The Amazon-OpenAI deal tests how the committee now controls whether major tech deals can happen. Its expanded jurisdiction, its intensified focus on AI, and its aggressive use of conditional approval create an environment where approval isn’t a routine administrative step but a material risk factor.
Both the Trump and Biden administrations have treated foreign participation in critical technologies as a matter of concern. Both have pushed the committee to apply broader definitions of risk and to impose mitigation conditions that go beyond traditional concerns.
Several trends are clear. The committee will continue emphasizing AI as a priority technology. It will expand investigation of non-notified transactions to catch deals that parties tried to design in ways that skip review. It will work with allied countries to speed up reviews but maintain heightened scrutiny of participation from countries viewed as geopolitical rivals. And it will likely continue expanding the scope of mitigation conditions, treating review as an opportunity to impose broader governance requirements.
For companies like Amazon and OpenAI, success in review requires early engagement with the committee, transparent disclosure of transaction structure and facts, clear articulation of how risks are mitigated, and willingness to accept operational restrictions where necessary. The alternative—trying to design deals in ways that skip review, or waiting for post-closing investigation—carries far greater risks.
As artificial intelligence becomes increasingly central to military capability and geopolitical competition, the committee’s role in shaping the technology industry will grow. The Amazon-OpenAI deal is where that power gets tested in real time.
Unique Challenges in AI Transactions
AI transactions present unique challenges that distinguish them from traditional cases. Unlike discrete manufacturing assets or real estate holdings, AI systems are dynamic—they evolve through continuous training, updates, and deployment across distributed infrastructure. This makes it difficult to draw clear boundaries around what foreign investors can and cannot access.
The data dimension adds complexity. AI models are trained on massive datasets that may include sensitive information about U.S. persons, government operations, or critical infrastructure. Once trained, these models encode patterns and relationships from that data in ways that are difficult to audit or reverse. A foreign investor with access to the internal structure of AI models or the information used to train them could potentially extract sensitive information even without direct access to the underlying datasets.
AI capabilities advance rapidly—what seems like a reasonable mitigation measure today may become obsolete within months as new techniques emerge. The committee traditionally operates on timescales measured in quarters or years, negotiating mitigation agreements that remain in force for extended periods. But AI development cycles are measured in weeks or months. This mismatch creates tension between the committee’s need for durable guarantees and the AI industry’s need for operational flexibility.
The global nature of AI research compounds these challenges. Leading AI researchers move between institutions and countries. Open-source AI models circulate freely online. Academic papers describe cutting-edge techniques in detail. Even with strict mitigation measures in place, preventing technology transfer becomes difficult when the same research appears simultaneously in labs across multiple continents.
Company Strategies for CFIUS Review
Companies facing review have developed strategies to improve their chances of approval. Early voluntary filing has become standard practice for any transaction that might trigger jurisdiction—waiting for the committee to initiate its own investigation creates far worse outcomes than proactive engagement.
Transaction structure matters enormously. Companies increasingly design funding rounds with separate classes of shares that give foreign investors economic returns without control over company decisions that would require CFIUS review. These structures aren’t attempts to evade the committee—they’re designed to fall outside its jurisdiction legitimately while still allowing participation of investors from other countries.
When review is unavoidable, companies prepare extensive submissions that anticipate committee concerns and propose mitigation measures upfront. Rather than waiting for the committee to identify problems and demand solutions, sophisticated parties arrive with detailed plans, proposed restrictions on foreign investor access, and commitments to operational changes that address likely concerns.
The choice of legal and technical advisors also matters. Review requires expertise in law, export controls, cybersecurity, and the specific technology sector involved. Companies that assemble experienced teams and invest in thorough preparation generally achieve better outcomes than those that treat the committee as a routine regulatory filing.
Our articles make government information more accessible. Please consult a qualified professional for financial, legal, or health advice specific to your circumstances.