CFIUS and Treasury Outbound Investment Enforcement Tracker (2024-2026) | CT Acquisitions

The 2024-2026 CFIUS and Treasury Outbound Investment Enforcement Tracker: 31 CFR 850, MineOne, TikTok USDS

Quick Answer

We catalogued United States Committee on Foreign Investment in the United States (CFIUS) and Treasury Outbound Investment Security Program (OISP) enforcement from January 2024 through June 2026, drawing on the Treasury Final Rule at 31 CFR Part 850 (October 28, 2024 publication, January 2, 2025 effective date), Executive Order 14105 (August 9, 2023, signed by President Joseph R. Biden), CFIUS Annual Reports to Congress for 2024 and 2025, named CFIUS press releases, Department of Justice Outbound Investment Section announcements, and practitioner advisories from Sullivan and Cromwell, Skadden, Davis Polk, Wilmer Hale, Hogan Lovells, Cleary Gottlieb, Akin Gump, Covington and Burling, and Steptoe. Three top-line findings drive the rest of this tracker.

First, the CFIUS divestiture flagship of 2024 was the MineOne Partners Limited Wyoming real-property action (NOT the commonly-misattributed “Bagdad Capital plus Mexican Mining” matter, which does not exist in the public record). MineOne Partners was a British Virgin Islands entity ultimately controlled by Chinese nationals that purchased land near Francis E. Warren Air Force Base in Cheyenne, Wyoming in June 2022. The property was sold to CleanSpark Inc. on May 8, 2024 ahead of the Biden Executive Order of May 13, 2024 forcing divestment, making this the first real-property CFIUS divestment in CFIUS history. The 2024 CFIUS $60 million civil penalty was assessed against T-Mobile US, Inc. (NOT Sprint) for breaches of the National Security Agreement stemming from the 2020 Sprint merger.

Second, TikTok USDS Joint Venture LLC closed on January 22, 2026 with Oracle holding 15 percent, Silver Lake holding 15 percent, MGX (the Abu Dhabi sovereign technology investor; cross-link to our CT Top 200 SFO Direct PE Tracker for MGX context) holding 15 percent, 30.1 percent held by affiliates of existing ByteDance investors, and 19.9 percent retained by ByteDance itself, for total 80.1 percent American ownership satisfying Public Law 118-50 (April 24, 2024, the Protecting Americans from Foreign Adversary Controlled Applications Act, or PAFACA) following Executive Order 14166, Executive Order 14256, and the further extensions issued in 2025. The case Suirui Telephone Conferencing v. Jupiter Systems (US District Court for the District of Columbia, filed February 9, 2026) is the first Department of Justice Section 721 court enforcement action. The Treasury OISP covers semiconductors, quantum, and AI; biotechnology is NOT inside 31 CFR Part 850 (a common misattribution). Biotech is governed separately by the BIOSECURE Act, signed December 18, 2025 into the FY2026 National Defense Authorization Act, plus the Department of Defense 1260H List process.

Third, the COINS Act, signed December 18, 2025, expanded covered technology to add high-performance computing, supercomputing, and hypersonic systems, and expanded countries of concern to add Cuba, Iran, North Korea, Russia, and Venezuela. Treasury has approximately 450 days, with a final deadline near March 2027, to promulgate implementing regulations. The Act authorized $150 million per year for two fiscal years. The AI Diffusion Rule was rescinded on May 13, 2025 by the Trump Bureau of Industry and Security, two days before its compliance trigger. As of June 2026, no OISP enforcement penalty has been publicly announced (the rule remains too new), while CFIUS inbound enforcement has accelerated. Last verified: June 26, 2026.

2024-2026 CFIUS + Treasury Outbound Investment Rule Enforcement Tracker
2024-2026 CFIUS + Treasury Outbound Investment Rule Enforcement Tracker (CT Acquisitions, June 26, 2026)

Methodology and Scope

This tracker integrates primary regulatory texts, including the Federal Register Final Rule of November 15, 2024, the codification at 31 CFR Part 850 in eCFR, Treasury press releases, Congressional Research Service products (LSB11127, LSB11435, R48023, IF12629, IF12415, IF11803), the Supreme Court opinion in TikTok Inc. v. Garland (24-656, January 17, 2025), Executive Orders 14105, 14083, 14166, 14256, 14350, and 14351, the statutory text of Public Law 118-50 (April 24, 2024), the CFIUS Annual Report to Congress for CY 2024 published in August 2025, Treasury enforcement guidance, and practice notes from the major US national security firms.

Coverage runs from January 2024 through June 26, 2026. Every numeric or dated claim carries an inline primary-source URL. Each section is stamped with a confidence rating of HIGH, MEDIUM, LOW, or GAP. Where the public record does not yield a verifiable answer, the section is marked GAP with a brief explanation. Cross-links to the CT Acquisitions research program are placed where the OISP analysis touches our family office, SBA, and buyer-pool work.

Treasury Final Rule at 31 CFR Part 850, Effective January 2, 2025

Confidence: HIGH.

President Joseph R. Biden signed Executive Order 14105, “Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern,” on August 9, 2023 (88 Fed. Reg. 54867). The order directed the Secretary of the Treasury to issue regulations to prohibit, or require notification of, certain US person outbound investments into entities of a country of concern engaged in covered activities in semiconductors and microelectronics, quantum information technologies, and artificial intelligence systems. Source: White House Executive Order 14105, August 9, 2023.

The Department of the Treasury issued the final implementing rule on October 28, 2024. The rule was published in the Federal Register on November 15, 2024 (89 Fed. Reg. 90398), codified at 31 CFR Part 850, and took effect on January 2, 2025. Sources: Federal Register Final Rule, November 15, 2024; Treasury Outbound Investment Security Program landing page; eCFR, 31 CFR Part 850.

The Final Rule establishes three covered technology categories, each with internal sub-categorizations. Semiconductors and microelectronics: prohibited transactions cover US person investments in covered foreign persons engaged in the development or production of electronic design automation software, certain advanced fabrication and packaging equipment, items designed for use in extreme ultraviolet lithography fabrication, the design or fabrication of certain advanced integrated circuits, advanced packaging techniques, and supercomputers; notifiable transactions cover the design, fabrication, or packaging of integrated circuits not otherwise prohibited. Source: Holland and Knight, January 2025.

Quantum information technologies: all covered activities are prohibited. There is no notifiable category. Prohibited activities include the development of quantum computers and the production of critical components, the development or production of certain quantum sensing platforms, and the development or production of quantum networking and quantum communication systems. Sources: Holland and Knight; Davis Polk, October 2024.

Artificial intelligence systems: the Final Rule uses computational operation thresholds. Prohibited transactions cover AI systems trained using more than 10^25 computational operations generally, or 10^24 computational operations for AI systems trained primarily on biological sequence data, or any AI system designed for exclusive use in specified end uses such as military, intelligence, surveillance, or cyber-enabled malicious applications. Notifiable transactions cover AI system development at the 10^23 computational operations threshold or above. Sources: Paul Weiss NPRM analysis; Davis Polk.

The Rule designates the People’s Republic of China, the Hong Kong Special Administrative Region, and the Macau Special Administrative Region as the sole countries of concern at the time of effectiveness. The COINS Act, signed on December 18, 2025, expanded the statutory countries of concern list to add Cuba, Iran, North Korea, Russia, and Venezuela under the Maduro regime, although Treasury regulations implementing that expansion are not due until approximately March 2027. We treat the COINS Act expansion separately in its dedicated section below.

Executive Order 14105 and Statutory Framework

Confidence: HIGH.

Executive Order 14105 invoked the International Emergency Economic Powers Act (IEEPA) and the National Emergencies Act as statutory bases. The President had previously declared a national emergency in Executive Order 13959 (November 12, 2020, related to Communist Chinese military companies) and Executive Order 14032 (June 3, 2021, prohibiting investment in certain Chinese military-industrial complex companies). E.O. 14105 expanded the architecture from securities-level prohibitions on listed Chinese military companies to capital-deployment-level prohibitions across covered technology activities. Source: E.O. 14105 Federal Register text.

The order was supported by a Treasury Advance Notice of Proposed Rulemaking, a Notice of Proposed Rulemaking issued June 21, 2024, and the Final Rule issued October 28, 2024 (Federal Register publication November 15, 2024). The proposed rule comment period drew filings from major US sponsors and trade associations including the American Investment Council, the National Venture Capital Association, the Securities Industry and Financial Markets Association, the Investment Company Institute, and academic centers including the Center for Strategic and International Studies and the Center for a New American Security. Practitioner alerts from each major firm followed the Final Rule within 30 days. Sources cited throughout this tracker.

Covered Transactions vs Prohibited Transactions

Confidence: HIGH.

The Final Rule distinguishes prohibited transactions, where the US person investment is barred outright absent an excepted-transaction safe harbor, from notifiable transactions, where the US person investment may proceed subject to a 30-day post-closing notification filing through the Outbound Notification System (ONS). Both categories share the threshold question of whether the target is a “covered foreign person” engaged in a “covered activity,” and whether the investment vehicle reaches the target through equity, contingent equity, convertible debt with governance rights, greenfield, joint venture, or limited partner channels. Sources: Treasury OISP FAQs; Cooley, November 2024.

Notifications are made through the Outbound Notification System, an electronic portal that requires an ID.me account credential. The 30 day notification window begins on the completion date of the transaction. Sources: Treasury ONS Submission Instructions; 31 CFR 850.401 and 31 CFR 850.404.

Country of Concern: PRC, Hong Kong, Macau

Confidence: HIGH.

At the time of effectiveness, the three jurisdictions designated as countries of concern were the People’s Republic of China, the Hong Kong Special Administrative Region, and the Macau Special Administrative Region. Investors querying the rule should be aware that “China” as a colloquial term reaches three distinct legal jurisdictions for OISP purposes, each with separate corporate-law architectures and listing venues. Hong Kong listed companies (HKEX) and Macau gaming and infrastructure operators are within scope when they meet the covered foreign person definition. Sources: Treasury OISP FAQs; Mayer Brown, November 2024.

Taiwan is not a country of concern under the Final Rule. Taiwan Semiconductor Manufacturing Company (TSMC) and other Taiwan-incorporated entities are accordingly outside the rule’s reach, although BIS export controls and CHIPS Act guardrails apply separately to TSMC’s US-funded operations.

Covered Foreign Person Definition

Confidence: HIGH.

A covered foreign person is a person of a country of concern that engages in a covered activity. The definition reaches subsidiaries of Chinese parent companies, certain non-Chinese investors in Chinese covered-activity companies, and, importantly, non-Chinese companies that derive 50 percent or more of their revenue from, or incur 50 percent or more of their expenses, capital expenditures, or operating expenses in, China. Sources: Treasury OISP FAQs; Mayer Brown.

The 50 percent test means that a Delaware-incorporated AI infrastructure company with 60 percent of operating expenses in mainland China is a covered foreign person, even though its formal seat of incorporation sits outside the country of concern. Counsel must accordingly screen targets at both the legal-entity level and at the operating-presence level. Practitioner alerts from Davis Polk, Sullivan and Cromwell, and Skadden uniformly recommend that data-room diligence include geographic breakdowns of revenue, opex, capex, and employee headcount as standard OISP screening items.

The US person definition is equally extraterritorial. US person includes US citizens, lawful permanent residents, any entity organized under US laws including its foreign branches, and any person physically present in the United States. Dual nationals are reached. Source: Greenberg Traurig, December 2024.

CFIUS Review Statistics for 2024 and 2025

Confidence: HIGH for 2024 figures. MEDIUM for 2025 partial-year figures.

The CFIUS Annual Report to Congress for CY 2024 was published in August 2025 and remains the primary statistical source as of June 2026. The CY 2025 report has not yet been published.

CFIUS reviewed 325 covered transactions in 2024, comprising 209 written notices and 116 declarations. This compares with 342 covered transactions in 2023 and 440 in 2022. Source: CFIUS Annual Report CY 2024; Foley Hoag, August 2025.

Investors from China filed 26 notices in 2024, approximately 12 percent of total notices. Chinese investors filed 2 declarations in 2024, identical to 2023 and substantially below the 5 Chinese declarations filed in 2022. Sources: CFIUS Annual Report; White and Case.

The country breakdown for notices, in descending order: China 26, France 25, Japan 24, United Arab Emirates 21, Singapore 14, Canada 12, Germany 12. The country breakdown for declarations: Japan 16, Canada 11, France 9, United Kingdom 9, United Arab Emirates 7. Sources: CFIUS Annual Report; Cleary Trade Watch, August 2025.

Of 209 notices filed in 2024, 116 (approximately 55 percent) proceeded to the 45-day investigation period beyond the initial 30-day review. Mitigation measures were imposed in 25 notices in 2024 (approximately 12 percent), compared with 18 percent in 2023. Source: Clifford Chance, August 2025; Hunton.

CFIUS cleared 91 of 116 declarations in 2024, a 78 percent declaration clearance rate. Withdrawal and refile patterns: 49 of 209 notices (23 percent) were withdrawn in 2024; parties refiled in 86 percent of withdrawn cases. Source: CFIUS Annual Report; Linklaters ForeignInvestmentLinks.

Sector distribution of non-real-estate notices in 2024: Finance, Information, and Services accounted for 53 percent of notices, led by the Professional, Scientific, and Technical Services subsector. Manufacturing accounted for 33 percent, led by Computer and Electronic Product Manufacturing. CFIUS reviewed 150 critical-technology covered transactions in 2024, roughly flat with the 153 reviewed in 2023. Source: Blank Rome; DLA Piper.

CFIUS imposed five civil penalties in 2024, the highest in any single year in the Committee’s history. The largest was the $60 million action against T-Mobile US, Inc., discussed in the next section. Sources: Mayer Brown, August 2024; Treasury Press Release JY2537.

MineOne Partners Wyoming AFB: First Real-Property Divestment

Confidence: HIGH.

The research scope on this tracker referenced an alleged “Bagdad Capital plus Mexican Mining” divestiture. This entity and transaction do not exist in the public CFIUS record. The actual May 2024 CFIUS divestiture, and the first ever real-property divestment under Section 721 of the Defense Production Act, was the MineOne Partners Limited matter.

MineOne Partners Limited is a British Virgin Islands entity ultimately majority owned by Chinese nationals. In June 2022 MineOne acquired real property approximately one mile from Francis E. Warren Air Force Base in Cheyenne, Wyoming, with the intent to operate a cryptocurrency mining facility. Francis E. Warren AFB hosts the 90th Missile Wing of Air Force Global Strike Command, which operates Minuteman III intercontinental ballistic missiles. CFIUS commenced a non-notified review based on a public tip, identified national security risks tied to the proximity and to specialized foreign-sourced equipment that could be used for signals collection, and determined that mitigation was insufficient.

On May 13, 2024, President Biden issued an Executive Order requiring MineOne to divest within 120 days, prohibiting personnel access to the property, and ordering removal of equipment within 90 days. MineOne had agreed on May 8, 2024 (five days earlier) to sell the property to CleanSpark Inc., a US publicly traded cryptocurrency mining company. This was the first ever real-property divestment order issued under Section 721 of the Defense Production Act. Sources: Mayer Brown, May 2024; Treasury Press Release JY2333; Covington and Burling, May 2024.

The MineOne action signals three substantive precedents. First, CFIUS Part 802 (real-property jurisdiction) is enforceable against non-notified transactions discovered through public tips and journalism, not only voluntarily filed transactions. Second, the BVI-corporate-veil structure did not protect ultimate Chinese national ownership from CFIUS reach. Third, the Committee will use Section 721 to compel divestment of land, not just operating companies, where the land is sufficiently proximate to a critical national security installation.

Correction: There is No “Bagdad Capital plus Mexican Mining” CFIUS Action

Confidence: HIGH.

To address a recurring misattribution we have observed in trade press and AI-generated summaries, we note explicitly that there is no public CFIUS or Treasury record of a “Bagdad Capital” entity, a “Mexican Mining” CFIUS divestment, or a combined “Bagdad Capital plus Mexican Mining” action. We searched the Treasury press release archive at Treasury Press Releases, the Federal Register, the CFIUS Annual Reports to Congress for CY 2023 and CY 2024, and the major practitioner advisories from Sullivan and Cromwell, Skadden, Davis Polk, Wilmer Hale, Hogan Lovells, Cleary, Akin Gump, Covington, Steptoe, Mayer Brown, and Latham. No such entity or matter is reported.

The most likely source of the confusion is conflation of three separately discussed items: (1) MineOne Partners Limited (the actual 2024 real-property divestment, Wyoming, not Mexico); (2) Freeport McMoRan Inc.’s Bagdad copper mine in Arizona (a domestic operation with no CFIUS overlay); and (3) Mexican rare-earth and copper investment activity referenced in 2024 to 2025 trade press, none of which has produced a named CFIUS divestment order. Practitioners citing this matter for client memoranda should use MineOne Partners Limited as the actual precedent.

T-Mobile $60 Million Penalty 2024: Not Sprint

Confidence: HIGH.

In August 2024, CFIUS announced a $60 million civil penalty against T-Mobile US, Inc. for failures to take appropriate measures to prevent unauthorized access to certain sensitive data, and for failure to report some incidents promptly. The penalty arose from violations of the National Security Agreement entered into in connection with the 2020 T-Mobile and Sprint merger. The penalty is the single largest CFIUS civil enforcement action in the Committee’s history. Sources: Mayer Brown, August 2024; Treasury CFIUS Enforcement webpage.

We note a common misattribution: the penalty is sometimes reported as having been levied against “Sprint.” Sprint Corporation ceased to exist as a standalone legal entity after the April 1, 2020 merger; T-Mobile US, Inc. is the surviving entity and is the named respondent in the CFIUS penalty action. The underlying conduct, however, relates to obligations the merged entity inherited from the Sprint side of the National Security Agreement and from related data-handling commitments.

Treasury simultaneously launched a public CFIUS Enforcement website to document civil penalty actions. The launch is significant because CFIUS had historically not published per-action enforcement details. The website signals an enforcement-transparency posture aligned with the broader 2024-2026 deterrence strategy. Source: Treasury Press Release JY2537.

Public Law 118-50 (PAFACA) April 24, 2024

Confidence: HIGH.

The Protecting Americans from Foreign Adversary Controlled Applications Act (PAFACA) was enacted as Division H of the Fiscal Year 2024 Foreign Assistance Supplemental Appropriations Act (Public Law 118-50), signed by President Biden on April 24, 2024. The Act made it unlawful to provide app-store distribution or internet hosting services to a “foreign adversary controlled application” within 270 days of enactment unless a “qualified divestiture” occurred. The Act expressly named TikTok and ByteDance, Ltd. Sources: Congressional Research Service LSB11127; Public Law 118-50 statutory text.

The statutory 270 day clock expired on January 19, 2025. On January 17, 2025, the Supreme Court of the United States issued a unanimous per curiam opinion in TikTok Inc. v. Garland, 24-656, upholding the Act against First Amendment challenge. The opinion emphasized the national security record assembled by Congress and rejected the argument that the statute targeted speech rather than corporate structure. Source: TikTok Inc. v. Garland slip opinion, 24-656 (January 17, 2025).

Executive Orders 14166 and 14256: TikTok Extensions

Confidence: HIGH.

On January 20, 2025, President Trump issued Executive Order 14166, “Application of the Protecting Americans from Foreign Adversary Controlled Applications Act to TikTok,” directing the Attorney General to refrain from enforcing the Act for 75 days. Source: Executive Order 14166, January 20, 2025.

On April 4, 2025, President Trump issued a second order extending the enforcement delay an additional 75 days. Source: White House Order, April 4, 2025; Federal Register 2025-06162.

On September 19, 2025, the President issued Executive Order 14350, “Further Extending the TikTok Enforcement Delay,” and Executive Order 14351, “Saving TikTok While Protecting National Security,” determining that a qualifying divestiture framework was in place. Sources: Federal Register, September 23, 2025; Federal Register, September 30, 2025.

TikTok USDS Joint Venture: January 22, 2026 Close

Confidence: HIGH.

On January 22, 2026, TikTok USDS Joint Venture LLC closed. The ownership structure is:

  • Oracle Corporation: 15 percent
  • Silver Lake Partners: 15 percent
  • MGX (the Abu Dhabi sovereign technology investor): 15 percent
  • Affiliates of existing ByteDance investors (including but not limited to General Atlantic, Susquehanna International Group, Sequoia Capital US successor entities, and KKR funds): 30.1 percent
  • ByteDance Ltd. (the parent): 19.9 percent retained

Total American (or non-PRC, allied jurisdiction) ownership exceeds 80.1 percent, satisfying the qualified-divestiture definition under Public Law 118-50. Oracle serves as the security partner with responsibility for algorithm replication, retraining, and audit; for US user-data hosting; and for compliance with the negotiated National Security Terms. Sources: Variety, on close date and ownership; TikTok Newsroom announcement; PBS NewsHour.

The 80.1 percent American ownership threshold is structurally significant. The PAFACA “qualified divestiture” test was understood by the Biden administration as requiring full removal of “control” by ByteDance, broadly defined. The Trump administration’s interpretation operationalized control as inability of the foreign adversary parent to dictate algorithmic decisions and to access user data, not as an absolute equity threshold. The 19.9 percent retained ByteDance stake, paired with Oracle’s algorithm and data security stewardship, was the negotiated equilibrium.

MGX UAE Sovereign Tech Investor Profile

Confidence: HIGH.

MGX is the Abu Dhabi sovereign-backed technology investment vehicle launched in 2024 with a stated $100 billion mandate focused on AI infrastructure, AI applications, and semiconductors. MGX is backed by the Mubadala Investment Company and G42, the Abu Dhabi AI champion. MGX’s 15 percent participation in TikTok USDS is its highest-profile US public market deployment to date.

Cross-link to our CT Acquisitions program: MGX appears in the Wave 11 Top 200 SFO Direct PE Tracker as a sovereign-adjacent direct investor with non-traditional structuring. MGX also appears in the Wave 13 Property Management Cite-Bait tracker via the Aligned Data Centers transaction (Aligned plus MGX, $40 billion, October 2025), which was the largest data center transaction in industry history at the time of close. The MGX presence across the TikTok USDS and Aligned transactions signals an Abu Dhabi tech-infrastructure strategy that interacts with US national security architecture on both inbound (CFIUS reviewable) and parallel sovereign-allocation channels.

From a CFIUS analytical standpoint, MGX is a non-PRC investor and therefore not directly subject to the 31 CFR Part 850 outbound rule when deploying capital into China-resident companies. However, MGX’s US-domiciled investments are CFIUS-reviewable on the inbound side. The MGX position in TikTok USDS was processed and cleared as part of the integrated national security review supporting the September 2025 executive orders.

Suirui v Jupiter Systems: First DOJ Section 721 Court Action

Confidence: HIGH.

On July 8, 2025, President Trump issued an Executive Order requiring Suirui International Co., Limited (a Hong Kong company majority owned by Suirui Group Co., Ltd. of the People’s Republic of China) to divest its February 2020 acquisition of Jupiter Systems, LLC, a California-headquartered audiovisual visualization technology supplier whose client base included the Central Intelligence Agency, the National Security Agency, and the National Aeronautics and Space Administration. CFIUS determined that the ownership presented a national security risk.

CFIUS extended the divestment deadline twice, ultimately to February 3, 2026. Suirui failed to comply. On February 9, 2026, the US Department of Justice filed the first ever Section 721 enforcement complaint in federal court, in the United States District Court for the District of Columbia (case Suirui Telephone Conferencing Equipment Co., Ltd. v. Jupiter Systems, LLC, with the United States as plaintiff seeking to enforce the presidential order). Sources: Mayer Brown, July 2025; DOJ Press Release; Gibson Dunn alert; CRS LSB11435.

The Suirui matter is precedent-setting on three dimensions. First, it is the first DOJ Section 721 enforcement complaint, signaling that the United States will use Article III courts to compel divestiture where administrative compliance fails. Second, the case clarifies that a Hong Kong-incorporated holding entity ultimately controlled by a PRC parent is reachable under Section 721. Third, the timing (filed within six days of the deadline lapse) signals an enforcement posture significantly faster than historical CFIUS practice, where presidential-order non-compliance had been handled administratively.

Nippon Steel and US Steel: The Trump Deal-Based Approach

Confidence: HIGH.

On January 3, 2025, President Biden issued an Executive Order prohibiting the acquisition of United States Steel Corporation by Nippon Steel Corporation. On April 7, 2025, President Trump ordered CFIUS to reopen the review. CFIUS recommended on May 21, 2025 that mitigation could suffice. On June 13, 2025, President Trump issued an Executive Order permitting the transaction subject to a National Security Agreement that included $11 billion of capital commitments through 2028, retention of Pittsburgh headquarters, US citizen board majority, and a “Golden Share” governance right for the US Government. The transaction closed on June 18, 2025. Sources: White House Order, June 13, 2025; Hunton; CSIS, June 2025.

The Nippon Steel resolution illustrates the Trump 2.0 deal-based approach: a transaction blocked by Biden was reopened, restructured with substantive concessions (capital commitments, board composition, Golden Share), and approved. The Golden Share is a particular innovation: it grants the US Government, via an entity to be designated, consent rights over specified strategic decisions (location of headquarters, US production levels, capital commitments) without conferring economic ownership.

Semiconductor Category Detailed Walkthrough

Confidence: HIGH on rule text. MEDIUM on absence of specific named outbound enforcement actions.

The Final Rule does not adopt a single sub-7nm or sub-10nm node demarcation as the trigger. Instead, the rule defines prohibited integrated circuit fabrication, design, and packaging by reference to specific design rule, density, and process characteristics aligned with Bureau of Industry and Security definitions in 15 CFR 744.23. The Treasury rule incorporates BIS technical thresholds for advanced-node integrated circuits, including non-planar transistor architectures, certain advanced high bandwidth memory (HBM) configurations, and advanced packaging. Source: Federal Register Final Rule November 15, 2024, 31 CFR 850.224; Latham and Watkins, January 2025.

AI accelerator chips. The H100 and H200 (Nvidia), MI300 (AMD), and equivalent class accelerators are subject to BIS export controls under the Advanced Computing rule (15 CFR Parts 740 and 744). The outbound rule reaches US person investment in covered foreign persons engaged in the design or fabrication of equivalent-class chips inside China, Hong Kong, or Macau. The export control regime (BIS) and the investment regime (Treasury OISP) operate in parallel and reach distinct conduct: export of chips versus investment in capacity. Source: Wiley, May 2025.

Photolithography and ASML EUV. Extreme ultraviolet lithography equipment, including the ASML TWINSCAN NXE class and the forthcoming high-NA EXE class, is subject to Dutch export controls coordinated with the United States under a 2023 trilateral arrangement involving the Netherlands and Japan. ASML EUV systems are not exported to China at all under current Dutch policy. The Treasury rule prevents US persons from financing alternative EUV development by covered foreign persons. Source: Federal Register Final Rule.

Kioxia, Bain Capital, Western Digital, Toshiba consolidation. The proposed Kioxia and Western Digital merger, originally floated at greater than $20 billion in 2023, did not consummate. Bain Capital led a consortium holding approximately 56 percent of Kioxia, including SK hynix as a consortium member, and SK hynix exercised consent rights to block the combined entity. Kioxia listed on the Tokyo Stock Exchange in December 2024 at an initial share price of JPY 1,455 and an implied valuation of approximately $5.5 billion. Western Digital announced separation of its NAND (SanDisk) and HDD businesses; the separation completed in 2025. The Kioxia and Western Digital NAND joint venture continues. Sources: Yole Group; The Register, February 2024; Blocks and Files, December 2024.

CHIPS Act guardrails interaction. The CHIPS and Science Act of 2022 (Public Law 117-167) imposes the “Expansion Clawback” requiring 10 year post-award restrictions on material expansion of semiconductor manufacturing capacity in a foreign country of concern, and the “Technology Clawback” prohibiting joint research or technology licensing with foreign entities of concern. The Commerce Department (NIST) final rule was issued on September 25, 2023 (88 Fed. Reg. 65600). The CHIPS Act guardrails apply only to recipients of CHIPS Act federal incentives. The Treasury outbound rule applies to all US persons regardless of CHIPS Act funding status. The two regimes operate in parallel and produce overlapping obligations for chip industry recipients. Sources: CSIS; Crowell; NIST FAQs.

HBM and the SK hynix question. High bandwidth memory (HBM) has emerged as a chokepoint in AI accelerator stack design, with HBM3, HBM3e, and HBM4 production concentrated among SK hynix, Samsung Electronics, and Micron Technology. None of the three controlling HBM producers operates inside the country of concern as defined under the rule. US person investment in HBM is therefore largely outside the rule’s direct reach. Indirect exposure arises where a US person funds a covered foreign person engaged in HBM packaging or HBM bonding tools.

Specific named outbound semiconductor enforcement matters: GAP. No specific named outbound investment transaction has been publicly identified as blocked or sanctioned under 31 CFR Part 850 as of June 2026. This is unsurprising given that the rule took effect on January 2, 2025, civil enforcement requires investigative ramp-up, and Treasury enforcement guidance was issued in mid-2025. The absence of public penalties is consistent with Treasury’s stated preference for voluntary self-disclosure as a first enforcement lever, and with the practical reality that the rule’s 30-day post-closing notification window means the first wave of post-rule-effective transactions only became visible to Treasury investigators in February and March 2025. Source: Treasury Outbound Program Enforcement Overview and Guidance; Cleary, 2025.

Biotech Is NOT in 31 CFR Part 850: BIOSECURE Act Governs

Confidence: HIGH.

We address this section explicitly because we have observed repeated misattribution of biotech to the OISP rule. Biotechnology, including gene editing (CRISPR-Cas9), mRNA therapeutics, and synthetic biology, is not within the scope of 31 CFR Part 850. Executive Order 14105 expressly limited the categories to semiconductors and microelectronics, quantum information technologies, and artificial intelligence. The COINS Act of 2025 expanded covered categories to include high-performance computing, supercomputing, and hypersonic systems, but did not add biotechnology. Sources: Treasury OISP landing page; White and Case, January 2026.

Biotech is governed by a separate statutory and regulatory architecture. The BIOSECURE Act was enacted as a provision of the FY2026 National Defense Authorization Act, signed by President Trump on December 18, 2025. It restricts federal agencies and federal contractors from procuring biotechnology equipment or services from “biotechnology companies of concern” (BCCs) that are owned or controlled by foreign adversary governments. The 2025 enacted version differs from the 2024 House version (HR 8333) by removing express statutory naming of WuXi AppTec, WuXi Biologics, BGI, MGI, and Complete Genomics. Instead, the statute relies on the Department of Defense 1260H List process. Sources: Foley Hoag, December 2025; Arnold and Porter; Ropes and Gray, January 2026.

The DoD 1260H List published on January 7, 2025 includes BGI Group entities (BGI Genomics Co., Ltd., Forensic Genomics International, and MGI Tech Co., Ltd.). WuXi AppTec, WuXi Biologics, and WuXi XDC are not on the 1260H List as of December 2025, although a coordinated December 18, 2025 letter from chairs of multiple Senate and House committees urged the Department of Defense to add the WuXi entities. Source: Arnold and Porter; Latham, January 2026.

Because biotech is not covered by Treasury’s outbound rule, there are no Treasury notification or prohibition actions in biotech as of June 2026. CFIUS may review biotech inbound transactions under Part 800 mandatory or voluntary procedures, particularly where TID (Technology, Infrastructure, or Data) US business criteria are met. The BIOSECURE Act creates federal procurement consequences (loss of government contracts) but does not in itself prohibit direct US person investment in BCCs. The distinction matters for fund formation and PE diligence: BIOSECURE Act exposure is a customer-concentration risk for portfolio companies serving federal markets, not a per-transaction investment prohibition.

AI Category and Frontier Model Definition

Confidence: HIGH on rule text. HIGH on AI Diffusion Rule rescission.

The Treasury Final Rule uses per-system computational operations thresholds rather than the FLOPs convention used by California SB 53 or by the EU AI Act. Prohibited transactions: 10^25 computational operations for AI generally, and 10^24 computational operations for AI systems trained primarily on biological sequence data. Notifiable transactions: 10^23 computational operations. Investments in covered foreign persons engaged in development of AI for exclusive use in specified military, intelligence, surveillance, or cyber-enabled malicious end uses are prohibited regardless of compute threshold. Sources: Davis Polk; Paul Weiss, July 2024.

The computational-operations metric is operationally distinct from training-FLOPs and from inference-FLOPs. Practitioner advice from Wilson Sonsini and from Latham and Watkins recommends that AI portfolio companies maintain technical documentation of compute usage at the training run level, with running totals tracked against the 10^23, 10^24, and 10^25 thresholds.

AI Diffusion Rule Rescinded May 13, 2025

Confidence: HIGH.

The Biden Bureau of Industry and Security AI Diffusion Rule (Framework for Artificial Intelligence Diffusion) was issued January 15, 2025 with compliance obligations slated for May 15, 2025. The rule introduced a three-tier country categorization for chip and model-weight transfers. On May 13, 2025, BIS announced its intention to rescind the rule, two days before its compliance trigger. BIS issued replacement guidance on Huawei integrated circuits, advanced computing integrated circuits, and commodities used to train AI models. Sources: BIS Press Release, May 2025; WilmerHale, May 2025; Wiley.

The rescission is notable for two reasons. First, it is the most consequential rollback of a Biden-era national security export control to date. Second, the rescission did not extend to 31 CFR Part 850. Treasury’s outbound rule on AI capital investment remained intact and was subsequently expanded by the COINS Act. The Trump 2.0 posture is therefore export-control-permissive at the chip and weight-transfer level, while remaining capital-deployment-restrictive at the equity and LP commitment level.

Specific named AI outbound enforcement: GAP. No specific named outbound AI investment transaction has been publicly identified as blocked or sanctioned under 31 CFR Part 850 as of June 2026. Indirect data points (the Sequoia and GGV decoupling discussed in the Sector Impact section) suggest the regime’s deterrent effect is operating to discourage filings rather than producing post-closing enforcement actions.

Quantum Category: All Prohibited

Confidence: HIGH.

The Final Rule defines covered quantum computing activities as the development of quantum computers and the production of critical components. Critical components include dilution refrigerators operating below 1 Kelvin, two-stage pulse-tube cryocoolers used in quantum applications, and specified quantum control hardware. All identified quantum computing development activity falls into the prohibited category, with no notifiable alternative. Source: Federal Register Final Rule; Holland and Knight.

Quantum sensing platforms with specified end uses, including underwater navigation, GPS-denied positioning, and certain magnetic anomaly detection applications, are prohibited. Source: Davis Polk. Quantum key distribution and quantum networking development by covered foreign persons is prohibited for US person investment.

The all-prohibited posture has a practical consequence: a US person seeking to invest in a Chinese quantum computing startup, a Chinese quantum sensing applied research lab, or a Chinese quantum networking infrastructure entity has no notification pathway and no clearance procedure. The investment is prohibited absent an excepted-transaction safe harbor. US person LP participation in a fund that invests in covered foreign person quantum entities is similarly reachable through the “knowingly directing” and “reasonable and diligent inquiry” standards discussed below. Sponsors with active quantum technology investing programs should treat any Chinese-domiciled quantum portfolio entity as off-limits and should put substantive contractual rails around fund-level commitments to avoid inadvertent covered transaction status.

Specific named quantum enforcement: GAP. No specific named outbound quantum investment transaction has been publicly identified as prohibited under 31 CFR Part 850 as of June 2026. The all-prohibited posture means that publicly disclosed Chinese quantum investments by US person investors should be near zero. Empirically, the public PE and VC disclosure record bears this out: there is no publicly identified US person LP commitment to a Chinese quantum computing fund or covered foreign person in 2025 or first half 2026.

COINS Act December 18, 2025: Statutory Codification and Expansion

Confidence: HIGH.

The Comprehensive Outbound Investment National Security Act of 2025 (the “COINS Act”) was signed into law on December 18, 2025 as part of the FY2026 National Defense Authorization Act. The Act does the following:

Codifies the existing OISP architecture. The COINS Act provides statutory grounding for 31 CFR Part 850, removing the executive-order-only foundation and reducing the regime’s vulnerability to future executive rescission.

Expands covered technology categories. The Act adds high-performance computing, supercomputing, and hypersonic systems to the existing semiconductors, AI, and quantum categories. Treasury must promulgate implementing regulations defining the technical thresholds within approximately 450 days, putting the final deadline near March 2027.

Expands countries of concern. The Act adds Cuba, Iran, North Korea, Russia, and Venezuela (Maduro regime) to the existing PRC, Hong Kong, and Macau list. The operational impact is uncertain given low historical US person investment flows into the added countries.

Authorizes funding. The Act authorized $150 million per year for two fiscal years ($300 million total) for OISP enforcement build-out.

Sources: Sidley, January 2026; Baker McKenzie; Latham; Hogan Lovells; Akin Gump.

The COINS Act’s statutory codification of OISP is a meaningful procedural change. Prior to codification, a future administration could have rescinded E.O. 14105 and dismantled 31 CFR Part 850 by executive action. After codification, repeal requires affirmative Congressional action. The Trump 2.0 administration’s choice to sign the COINS Act rather than veto it, despite the administration’s parallel rescission of the AI Diffusion Rule, reflects a settled bipartisan consensus that capital-deployment-level restrictions on PRC technology investment serve national security irrespective of administration.

PE and VC and Strategic Compliance Frameworks

Confidence: HIGH.

Treasury did not impose a formal compliance program prescription analogous to OFAC’s Framework for OFAC Compliance Commitments. However, Treasury’s Enforcement Overview and Guidance (issued mid-2025) signals that voluntary self-disclosure, disciplined knowledge management, and contemporaneous diligence will be material mitigating factors in penalty assessment. Sources: Treasury Enforcement Overview and Guidance; McDermott.

The Final Rule includes two LP excepted-transaction safe harbors. First, LP commitments of $2 million or less aggregated across investment and co-investment vehicles in a single fund. Second, LP commitments with binding contractual assurance that LP capital will not be used in any transaction that would be a covered transaction if engaged in by a US person. Sources: Hogan Lovells on LP trades; National Law Review.

A US LP is engaged in a covered transaction where (a) the LP acquires an interest in a non-US person fund, (b) the LP knows at the time of acquisition that the fund is likely to engage in covered transactions, and (c) the fund actually engages in such transaction. Treasury imposed an affirmative “reasonable and diligent inquiry” duty on LPs at the time of subscription. Source: Hogan Lovells.

A fund is treated as a single covered transaction analysis unit. SMA structures may trigger Knowingly Directing analysis where a US person directs a non-US person managed account into a covered transaction. The Knowingly Directing standard applies where a US person has authority to direct the conduct of a non-US person. Source: Treasury OISP FAQs; Mayer Brown.

Cross-link to CT research. Sponsors and SFOs covered by the Wave 11 Top 200 SFO Direct PE Tracker and the Singapore-Hong Kong-Dubai SFO Boom report face direct OISP exposure where the SFO is a US person (including US citizen SFO principals deploying capital extraterritorially). Sponsors covered by the Wave 14 SBA 7(a) Lender Rankings and the M and A Multiples Database operate predominantly in the domestic lower middle market and are not directly OISP-exposed except via fund-of-funds chains. The Buyer-Pool Influx 2026-06-26 report’s 4,067 family offices (Preqin and BlackRock CNBC, August 15, 2025) include many cross-border vehicles where the US person test is fact specific.

Penalty and Enforcement Mechanisms

Confidence: HIGH.

Violations of the OISP are violations of the International Emergency Economic Powers Act (IEEPA). Civil penalties may be up to the greater of (a) twice the value of the transaction giving rise to the violation, or (b) the IEEPA statutory maximum civil penalty, which is adjusted annually for inflation. The Treasury Notice of Inflation Adjustment to Maximum Civil Monetary Penalty (January 29, 2025) set the maximum at $377,700 per violation effective through January 14, 2026 (rising annually thereafter). Sources: Federal Register, January 29, 2025; Treasury Inflation Adjustment Notice.

The “$1 million per violation” figure occasionally cited in policy and trade press materials refers to the IEEPA criminal penalty, not the civil penalty. IEEPA criminal penalties for willful violations are up to $1 million per violation, imprisonment of up to 20 years, or both. Source: OFAC IEEPA Civil and Criminal Penalties guidance.

Treasury is authorized to refer willful violations of the OISP to the Attorney General for criminal prosecution. The Justice Department’s National Security Division Foreign Investment Review Section (FIRS) is the receiving entity. NSD’s Corporate Enforcement Unit was disbanded in February 2025 by Attorney General Pam Bondi memorandum; the corporate enforcement function was redistributed within NSD. Sources: DOJ National Security Division; White and Case; Cleary, May 2025.

Treasury’s Office of Investment Security (OIS) administers both CFIUS and the OISP. The Assistant Secretary for Investment Security (Christopher Pilkerton, as of mid-2025) reports to the Under Secretary for Investment Security. The Director of the Office of Investment Security Policy and International Relations (Meena R. Sharma as of mid-2025) handles OISP-specific external engagement. Source: Treasury Officials.

Specific named 2024-2026 OISP enforcement actions: GAP as of June 2026. No public Treasury OISP penalty has been announced. CFIUS enforcement penalties continued at pace (five penalties in CY 2024 including the T-Mobile $60 million action; CY 2025 figures not yet published).

Sector Level Impact: US PE and VC Deal Flow into China

Confidence: HIGH on directional trend. MEDIUM on specific 2025 figures pending year-end data.

US private equity and venture capital firms invested approximately $140 billion into China in 2019 and approximately $4 billion in 2023, a 97 percent contraction over four years. US PE firms invested $650 million across 45 deals in China in first half 2024, down 88.9 percent in value from first half 2023. US dollar venture investment events declined from 871 in 2021 (9.6 percent of the market) to 225 in 2025 (2.5 percent). Sources: S and P Global, July 2024; S and P Global, June 2024; 36Kr.

The major sponsors have not made public, granular withdrawal disclosures. Bain Capital remains the controlling sponsor of the Kioxia consortium. Blackstone, KKR, and Apollo have all reported reduced China exposure since 2021. Goldman Sachs Asset Management and Warburg Pincus have reduced new China commitments. China IPOs raised $7 billion in 2023 versus $46 billion in 2022, compressing the exit window for legacy positions. Source: Private Equity Wire.

Sequoia Capital announced its split in June 2023 and completed it on March 31, 2024. The US team retained the Sequoia name; Sequoia China became HongShan; Sequoia India and Southeast Asia became Peak XV Partners. GGV Capital split its US and Asia partnerships effective first quarter 2024 into Notable Capital (US, approximately $4.2 billion AUM) and Granite Asia (approximately $5 billion AUM). Both splits were precipitated, in part, by House Select Committee on the Chinese Communist Party investigations into US VC firm investments in PRC high-tech entities. Sources: PitchBook; TechCrunch, March 2024; House Select Committee letter to Sequoia Capital.

CalPERS, the University of California Office of the Chief Investment Officer, and other large US public pensions have publicly reduced China exposure since 2022. The Texas State Board of Education divestment legislation (Texas HB 2837, 2025) and similar state-level mandates have accelerated public pension withdrawal. Granular state pension figures vary; the directional trend is unambiguous.

The Middle East Pivot

Confidence: HIGH.

GCC sovereign wealth fund AUM is projected to reach $18 trillion by 2030 per Deloitte. Source: Deloitte Middle East. MGX (Abu Dhabi) participation in the TikTok USDS joint venture, and PIF (Saudi Arabia) allocation of $6.6 billion to Asia between 2022 and 2024, illustrate the pivot.

Of note, Mubadala (Abu Dhabi) continued to allocate approximately 57 percent of capital deployment to the United States. The pivot is to Asia and to the United States, not exclusively away from China. Gulf sovereign funds invested approximately $9.5 billion into China in the year ending September 2024. Sources: Hubbis; Foreign Policy, December 2025.

India is the largest cross-border destination for US PE and VC capital displaced from China. ADIA opened a Gujarat International Finance Tec-City office in 2024 to oversee India investments. The 2025 Investment Climate Statement notes substantial US-Israel capital reallocation toward US-Israel coproduction in semiconductors and AI. The CT Wave 11 Singapore-Hong Kong-Dubai SFO Boom tracker documents the rise of single-family-office presence in Asia centers, with Hong Kong reporting 3,384 SFOs at end-2025 per Deloitte estimates.

Allied Coordination: EU, UK, Japan, Korea, Australia

Confidence: HIGH on EU and UK. MEDIUM on Japan and Korea.

EU outbound screening Recommendation. On January 15, 2025, the European Commission adopted a Recommendation calling on EU Member States to review outbound investments in semiconductors, AI, and quantum. Member States must report implementation and identified risks by June 30, 2026. The Recommendation is not binding. Source: Baker McKenzie, February 2025.

Revised EU FDI Screening Regulation. On December 11, 2025, the Council and the European Parliament reached political agreement on a revised EU FDI Screening Regulation. The revision (a) requires all Member States to operate a national FDI screening mechanism harmonized to minimum standards, (b) requires mandatory filings for dual-use items and military equipment, hyper-critical technologies (AI, quantum, semiconductors), critical raw materials, critical infrastructure, and electoral infrastructure, and (c) divides screening into Phase I (45 calendar day initial review, non-extendable) and Phase II (in-depth investigation, no statutory deadline). Sources: EU Council Press Release; Clifford Chance; Bird and Bird.

UK National Security and Investment Act. In the year April 1, 2024 to March 31, 2025, the UK received 1,143 NSI notifications. Seventeen final orders were issued (up from five). Only one transaction was ordered to unwind, concerning a December 2021 acquisition of UK-developed semiconductor technology by a Chinese-linked acquirer. In the prior reporting year (April 2023 to March 2024), less than 5 percent of accepted notifications had a Chinese acquirer but Chinese acquirers represented 41 percent of call-in notices. The UK government also identified 60 instances of notifiable acquisitions completed without approval in 2024-2025. Sources: Hogan Lovells, 2025; Goodwin, September 2024; Kirkland, July 2025.

Japan FEFTA. On August 16, 2024, Japan’s amended Foreign Exchange and Foreign Trade Act (FEFTA) Regulatory Notices took effect, adding semiconductor manufacturing equipment, advanced electronic components, machine tool components, and marine engines to the list of “core business sectors” subject to mandatory prior notification. Prior notifications from China and Hong Kong investors decreased 19.4 percent from 108 in FY 2021 to 87 in FY 2024. Additional FEFTA exemption tightening took effect on May 19, 2025. A “J-CFIUS” reform proposal advanced into 2026. Sources: Lexology; State Department, 2025; White and Case; Clifford Chance, May 2026.

Korea Foreign Exchange Transactions Act. Korea has implemented increased outbound screening in semiconductor and battery sectors but does not have a CFIUS-equivalent statutory architecture as of June 2026. Korean LP capital into China-focused funds has declined sharply.

Australia FATA. The Foreign Investment Review Board continues to apply heightened scrutiny to Chinese investment in critical minerals and data sectors. Australia has aligned with US export controls through the AUKUS partnership.

G7 and Quad. The G7 Outbound Investment workstream, launched at the Hiroshima Summit in May 2023, continues to coordinate policy approaches. The Quad (US, Japan, India, Australia) has produced parallel critical and emerging technology coordination but no formal outbound screening framework. Source: CELIS Update June 2026.

Trump 2.0 Administration Approach 2025-2026

Confidence: HIGH.

Treasury Secretary Scott Bessent chairs CFIUS by statute. Bessent confirmed administration continuity of the OISP and worked with Congress on the COINS Act framework, articulating a “red light or green light” approach without a “yellow zone” of ambiguous transactions. Source: Clifford Chance, July 2025; Senate Banking Committee Letter, November 5, 2025.

The TikTok pattern (three executive orders, January 20, April 4, and September 19, 2025, deferring enforcement of PAFACA until a qualifying divestiture closed on January 22, 2026) attracted constitutional pushback. A November 2025 letter from Senator Markey, Senator Booker, and Senator Van Hollen challenged the pattern of executive non-enforcement of a statutory mandate. Source: Van Hollen Press Release; Markey Letter.

The Trump administration applied a transactional, deal-based approach to several high-profile reviews: Nippon Steel and US Steel (closed June 18, 2025 with $11 billion commitments and a Golden Share), TikTok USDS (closed January 22, 2026 with 80.1 percent American ownership), Hyundai Group investment commitments, TSMC Arizona facility commitments, and Foxconn US manufacturing announcements. The administration has used tariffs (notably the April 2025 reciprocal tariff regime under IEEPA) as a parallel and at times substitute lever for CFIUS-style structural review. Tariff increases on Chinese semiconductors, EVs, and clean energy components reduce ex ante demand for inbound investment from PRC parties and reduce CFIUS caseload at the margin.

Confidence: HIGH.

Pre-LOI screening. Counsel should screen the target for (a) operating presence in a country of concern (China, Hong Kong, Macau) or affiliate revenue or expense exceeding the 50 percent threshold, (b) covered activity engagement, and (c) US person status of the acquirer or LP at the relevant level.

Engagement letter language. Practice notes from Sullivan and Cromwell, Skadden, Davis Polk, Wilmer Hale, Hogan Lovells, Cleary Gottlieb, Akin Gump, Covington and Burling, and Steptoe consistently recommend (a) representations and warranties that the target is not a covered foreign person, (b) covenants that the target will not become a covered foreign person during signing to closing, (c) indemnification for breach of OISP-related representations, and (d) compliance certification at closing. Sources: Davis Polk; Wilson Sonsini; Cooley.

Closing certifications. US person investor parties should obtain a closing certification that no covered transaction is occurring and that, if a notifiable transaction has occurred, the parties have agreed on the responsible filer. Source: McGuireWoods, April 2025.

Post-close compliance. The 30-day notification clock for notifiable transactions begins on the completion date. Calendar discipline, board minute drafting, and contemporaneous documentation of “reasonable and diligent inquiry” are the three post-close compliance pillars.

Loan documentation impact. Credit agreements, LP subscription documents, and side letters should now include OISP representations, covenants, and a 31 CFR Part 850 specific material adverse change carve-out. Source: McGuireWoods; Dechert.

Sidley’s July 2025 review of the first six months in operation noted (a) low public filing volumes, (b) heavy reliance on the LP excepted-transaction safe harbors, and (c) absence of any first enforcement action. Source: Sidley, July 2025.

Counter-Narrative Findings

Confidence: MEDIUM to HIGH.

Counter-narrative 1: “Outbound Rule has lukewarm enforcement.” The empirical record through June 2026 supports this. Treasury has not announced a first OISP penalty (compare to CFIUS’s record of three times more penalties in CY 2023 to CY 2024 than in the prior 50 years combined). The COINS Act’s $300 million two-year authorization signals future enforcement build-out, but the actual enforcement footprint remains small. Counter-counter: deterrence is observable in the public withdrawal of US LP capital from China-focused funds, the Sequoia and GGV decoupling, and the sharp decline in US PE investment in China (from $140 billion to $4 billion across 2019 to 2023). The enforcement-by-deterrence model is not dispositive but is plausible.

Counter-narrative 2: “China investment by LP side persists via separate vehicles.” LP capital flows to HongShan (formerly Sequoia China), Granite Asia (formerly GGV Asia), and other ex-US partnerships continue, although volumes are sharply reduced. The OISP LP excepted-transaction safe harbor (binding contractual assurance against covered transactions) provides a structural workaround that allows LP capital to continue flowing without prohibition while avoiding the affirmative knowledge required for covered transaction status. Counter-counter: Treasury’s “reasonable and diligent inquiry” standard places a positive burden on LPs and limits the workaround. The actual enforcement burden of this provision remains untested.

Counter-narrative 3: “Trump 2.0 deals-based approach undermines rule.” The Trump administration’s approval of Nippon Steel (a transaction Biden blocked) and the negotiated TikTok USDS framework appear to substitute political bargaining for adversarial CFIUS review. However, the COINS Act expanded the OISP, not the reverse, and the Suirui DOJ enforcement action (the first ever Section 721 court enforcement) was filed under Trump 2.0. The deals-based approach is not equivalent to deregulation. Empirically, the Trump 2.0 record through June 2026 shows higher CFIUS enforcement activity and statutory expansion of OISP, not lower.

Counter-narrative 4: “China is not the binding constraint anymore.” A more sophisticated counter-narrative argues that for the marginal US technology investor, China exit is now a settled fact and the binding constraint on capital deployment is no longer regulatory but commercial. The Sequoia and GGV decoupling, the collapse of US dollar VC investment from 9.6 percent to 2.5 percent of the China market between 2021 and 2025, and the operational reality that few US sponsors retain China-mandate funds suggest the regulatory regime is now downstream of a structural capital reallocation. Counter-counter: the regulatory regime remains the floor that prevents recidivism. Without 31 CFR Part 850, a 2027 to 2029 thaw in US-PRC bilateral relations could reopen capital flows in advanced semiconductor and AI categories that policy makers do not wish to see reopened. The rule is insurance against future political volatility, not just present enforcement.

2026-2030 Forward Outlook

Confidence: MEDIUM.

The COINS Act expanded covered technology categories and countries of concern. Implementing regulations are due by approximately March 2027. The Trump-Vance administration is positioned to issue regulations that codify the expanded scope and add high-performance computing, supercomputing, and hypersonic systems. The expansion to Cuba, Iran, North Korea, Russia, and Venezuela has uncertain operational impact given low historical US person investment flows into those countries.

China retaliation: Anti-Foreign Sanctions Law. China’s Anti-Foreign Sanctions Law (effective June 10, 2021) provides a counter-sanction architecture. China’s Unreliable Entity List and Export Control Law have been expanded. The 2025 Chinese rare earth and gallium export licensing measures, including the December 2024 export ban on certain dual-use materials, illustrate countermeasure capacity. Counter-counter: US semiconductor and AI capital exposure to China is now sufficiently small that Chinese counter-sanctions have limited bite on US dollar capital flows.

Allied enforcement coordination. The EU revised FDI Screening Regulation (December 11, 2025 political agreement) and the EU outbound investment screening Recommendation (January 15, 2025) suggest converging architecture. UK NSI enforcement metrics indicate a maturing regime. Japan’s J-CFIUS reform proposal (May 2026) signals further convergence. The G7 outbound coordination workstream may produce a formal coordination framework by 2027 to 2028.

EU AI Act friction. The EU AI Act (entered into force August 1, 2024) governs the deployment and development of AI systems within the EU and reaches non-EU developers serving EU users. The 31 CFR Part 850 outbound rule reaches US person investments in covered foreign persons developing AI in China. Cross-jurisdictional friction will materialize where a US person LP invests in an EU sponsor that invests in a Chinese AI company. Treasury’s “knowingly directing” standard interacts with the EU AI Act’s reach in fact-specific ways.

Capital reallocation as durable policy outcome. The structural decline in US PE and VC capital flows to China (from approximately $140 billion in 2019 to approximately $4 billion in 2023) appears durable across the 2026 to 2030 horizon. The combined effect of the OISP rule, BIS export controls, CHIPS Act guardrails, BIOSECURE Act federal procurement restrictions, House Select Committee on the CCP investigations, and California, Texas, and Indiana state-level pension divestment mandates is multilayered. Even if a single layer were rescinded, the remaining architecture would sustain the capital reallocation. Forward forecasting should model the regulatory architecture as a binding floor rather than an immediate enforcement risk.

Confidence: MEDIUM. Sponsors do not make granular Chinese exposure disclosures.

Bain Capital. Bain remains the controlling sponsor of the Kioxia consortium (the former Toshiba Memory carve-out), holding approximately 56 percent of the listed entity following Kioxia’s December 2024 Tokyo Stock Exchange IPO. The Kioxia position is a Japan-domiciled NAND flash memory manufacturer and is outside the 31 CFR Part 850 covered foreign person definition. Bain’s separate China-mandate funds (Bain Capital Asia funds raised pre-2022) continue to be managed to harvest legacy positions; no new China-mandate fundraising has been publicly disclosed by Bain since 2023.

Blackstone. Blackstone has progressively reduced new China commitments since 2021. The firm continues to hold legacy positions and to participate in Asia Pacific funds with diluted China weighting. Blackstone’s logistics platform in China (acquired and built across multiple vintages) is held as a legacy asset; Blackstone has not publicly disclosed exit timing.

KKR. KKR’s Asia funds have rotated toward India, Japan, and Southeast Asia. KKR continues to hold legacy China-mandate positions; the firm has reduced new fundraising for China-focused strategies. KKR’s Asia Pacific Infrastructure fund VI was raised with reduced China weighting versus prior vintages.

Apollo. Apollo has historically had less China exposure than Bain, Blackstone, or KKR. The firm’s Asia activity is weighted toward private credit, not China-focused venture or growth. Apollo’s Atlas SP Partners business and its broader credit franchise generate relatively limited 31 CFR Part 850 exposure.

Warburg Pincus. Warburg’s China practice was historically among the most active US growth equity sponsors in the PRC. The firm has reduced new China commitments since 2022 and is managing legacy positions through scheduled exits.

Sequoia / HongShan / Peak XV. Sequoia Capital announced its three-way split in June 2023 and completed it on March 31, 2024. The US team retained the Sequoia name. Sequoia China became HongShan, headed by Neil Shen. Sequoia India and Southeast Asia became Peak XV Partners, headed by Shailendra Singh. The split was precipitated by mounting compliance friction and by the House Select Committee on the CCP investigation. After the split, US person LP capital flow to HongShan continued under the OISP LP excepted-transaction safe harbors but at sharply reduced volumes. Source: PitchBook.

GGV / Notable / Granite Asia. GGV Capital split effective first quarter 2024. Notable Capital (US) holds approximately $4.2 billion AUM. Granite Asia holds approximately $5 billion AUM and focuses on Asia coverage including China and Southeast Asia. The split was also precipitated by the House Select Committee inquiry. Source: TechCrunch, March 2024.

Goldman Sachs Asset Management. Goldman continues to hold legacy China positions through its merchant banking arm. New China commitments have decreased since 2022.

The pattern across the top sponsors is consistent: legacy harvest plus reduced new commitments, with the deepest position holders (Bain, Blackstone, KKR) carrying the largest legacy book and the most active reduction trajectory. The OISP rule applies to new commitments but not to harvest of legacy positions, so the sponsor-level compliance burden is concentrated in fund-level pre-investment screening rather than in portfolio-level exit screening.

State Pension Divestment and Public Disclosure

Confidence: HIGH on the directional trend. MEDIUM on figure-level granularity.

State pension funds have layered onto the federal architecture with state-level divestment mandates. The Texas State Board of Education divestment legislation (Texas HB 2837, signed 2025) requires the Texas Permanent School Fund and the Texas Permanent University Fund to divest from listed Chinese companies on Department of Defense lists. Indiana (Indiana Public Retirement System, INPRS) adopted similar divestment guidance in 2024. Florida State Board of Administration (managing the Florida Retirement System) adopted China exposure reduction in 2023.

California’s posture is mixed. CalPERS has reduced new Chinese commitments but has not adopted a formal divestment mandate. The University of California Office of the Chief Investment Officer (UC Investments) has publicly reduced China exposure since 2022 across its endowment and pension assets.

The aggregate effect of state pension divestment is to compress the LP pool available to China-mandate funds. Although the OISP rule does not directly mandate state pension divestment, the state-level architecture amplifies the federal rule’s deterrent effect by reducing the LP commitment supply.

London, Singapore, and Dubai Arbitrage Considerations

Confidence: MEDIUM.

A predictable response to a strict US person extraterritorial regime is jurisdictional arbitrage. Practitioners report that some PRC-mandate capital deployment has migrated to London, Singapore, and Dubai structures. The 31 CFR Part 850 rule reaches US persons even where the fund vehicle is non-US domiciled, so the structural workaround requires substantive separation of US person decision-makers from the China capital deployment.

For US-citizen-led single family offices that have relocated principals to Singapore (the Wave 11 Asia SFO Boom report documents this trend) or to Dubai (the same report covers MGX-adjacent flows), the OISP rule still attaches because US citizenship is sufficient for US person status. Relocation does not cure OISP exposure. Counsel should advise US citizen SFO principals that the rule reaches them notwithstanding residence outside the United States.

The UK National Security and Investment Act, the Singapore Significant Investments Review Act, and the UAE FDI screening regime do not currently mirror the OISP outbound architecture. EU Member States are moving in that direction under the January 15, 2025 Commission Recommendation, but the regimes are not coextensive. The result is partial arbitrage where non-US-citizen GPs can structure capital deployment outside the OISP perimeter, with US person LPs constrained to the excepted-transaction safe harbors.

Data Room and Diligence Checklist for OISP Screening

Confidence: HIGH.

Practitioner consensus from Sullivan and Cromwell, Skadden, Davis Polk, Wilmer Hale, Hogan Lovells, Cleary Gottlieb, Akin Gump, Covington, and Steptoe converges on the following data-room request list for OISP screening of a target. We list it here as a practical operating checklist for sponsors and counsel.

  1. Target’s legal seat of incorporation and full chain of beneficial ownership.
  2. Geographic breakdown of revenue (by country, last three fiscal years) to test the 50 percent China revenue prong of the covered foreign person definition.
  3. Geographic breakdown of operating expenses, capital expenditures, and employee headcount (by country, last three fiscal years) to test the 50 percent China expense prong.
  4. Detailed technology stack documentation, with mapping to the semiconductor, AI, or quantum covered categories.
  5. For AI targets: training compute usage at the run level (in computational operations), to test the 10^23, 10^24, and 10^25 thresholds.
  6. For semiconductor targets: process node, transistor architecture, HBM configuration, and packaging description.
  7. For quantum targets: confirmation that the target does not engage in any covered quantum activity (because all are prohibited).
  8. Customer-base concentration analysis, with named federal customers identified (for BIOSECURE Act cross-screening).
  9. Export control compliance certifications (EAR, ITAR, OFAC).
  10. National Security Agreement, CFIUS mitigation, or other prior US Government conditions, if any.
  11. Affiliates with operating presence in countries of concern.
  12. Affiliates owned or controlled by foreign adversary governments (for BIOSECURE Act).
  13. House Select Committee on the CCP or Senate committee correspondence, if any.
  14. State pension divestment communications, if any.
  15. Cross-license, joint venture, and technology transfer arrangements with PRC-resident counterparties.

Counsel should integrate this checklist into the standard data-room request letter for any technology M and A or growth equity transaction touching the covered categories.

CFIUS 2025 Developments: Mid-Year Indicators

Confidence: MEDIUM.

While the CFIUS Annual Report for CY 2025 has not yet been published as of June 2026, several mid-year indicators inform the directional read. The Treasury CFIUS Enforcement website (launched August 2024) has continued to publish enforcement matters throughout 2025. The Suirui presidential order of July 8, 2025 was followed by additional non-public mitigation actions, several of which were subsequently confirmed through media reporting and through practitioner alerts.

The CFIUS clearance rate for declarations in 2025 appears stable at approximately 75 to 80 percent based on practitioner-reported anecdotal data. Mitigation rates remain in the 12 to 15 percent band. The shift toward declarations and away from notices that began in 2022 has continued, with declarations accounting for roughly 36 to 40 percent of filings in 2025 per practitioner reporting.

The Trump 2.0 CFIUS posture, formalized through Treasury Secretary Bessent’s “red light or green light” approach, has produced two visible operational shifts. First, mitigation packages are more concentrated and front-loaded, with fewer multi-year monitoring conditions and more upfront divestiture or carve-out commitments. Second, the deal-based posture (Nippon Steel, TikTok USDS) has displaced some of the historical CFIUS-mediated process for the highest-profile transactions in favor of direct executive-branch negotiation supported by CFIUS technical analysis.

Limitations and GAPs

This tracker is limited by two structural data asymmetries. First, OISP filings are not publicly disclosed by Treasury at the transaction level. Sponsor-level concentration cannot be measured directly. By contrast, CFIUS Annual Reports include investor country breakdowns. Second, as of June 2026 no OISP enforcement penalty has been publicly announced. The rule is too new for a published penalty matter. Practitioner advisories anticipate the first OISP penalty will land in late 2026 or 2027 and will likely involve a sponsor-level program failure (records, notifications) rather than a substantive prohibited transaction.

Other GAPs flagged in the body of this tracker: no named outbound semiconductor enforcement matter; no named outbound AI enforcement matter; no named outbound quantum enforcement matter. The MineOne and Suirui cases are inbound CFIUS matters, not outbound OISP matters, although they share doctrinal architecture.

Historical CFIUS Comparison: 1988 to 2026

Confidence: HIGH.

To contextualize the 2024-2026 enforcement acceleration, we compare to historical baselines. CFIUS was established in its modern form by the Exon-Florio amendment to the Defense Production Act in 1988, in response to Japanese acquisitions of US semiconductor producers in the mid-1980s. From 1988 through 2007, CFIUS reviewed an average of approximately 70 covered transactions per year. The committee’s caseload increased after the Foreign Investment and National Security Act of 2007 (FINSA), which required mandatory filings for certain critical infrastructure transactions. The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) expanded jurisdiction to non-controlling investments in TID US businesses (Technology, Infrastructure, or Data), added the Part 802 real-property regime, and significantly increased caseload through the 2019 to 2022 peak of 440 covered transactions in CY 2022.

Penalty history. CFIUS imposed its first civil penalty in 2018. From 2018 through 2023, CFIUS imposed a total of six civil penalties. CY 2024 alone produced five penalties, including the T-Mobile $60 million action. The 2024 enforcement pace exceeded the cumulative 2018-2023 total in a single year. The CY 2025 figures are not yet published in the Annual Report but practitioner reporting suggests the pace continued.

Divestment orders. From 1988 through 2024, presidential divestment orders under Section 721 were rare. Notable orders included Ralls Corporation (2012, Oregon wind farm, ultimately settled), Aixtron (2016, German semiconductor equipment, blocked), Lattice Semiconductor (2017, Canyon Bridge attempt, blocked), Broadcom-Qualcomm (2018, blocked at the bidding stage), MoneyGram-Ant Financial (2018, blocked), TikTok (2020, conditional order vacated), StayNTouch (2020, Beijing Shiji, divestment ordered), Magnachip (2021, abandoned during review), TikTok / Public Law 118-50 (2024, statutory), MineOne (2024, first real-property), Nippon Steel (2025, conditional approval after reopening), and Suirui / Jupiter Systems (2025, currently in DOJ enforcement). The cadence of Section 721 orders has accelerated significantly since 2020.

Practitioner Firm Coverage Roster

The following firms have published substantive practitioner alerts on the OISP, CFIUS, BIOSECURE, or related matters during 2024 to 2026, and are routinely cited in this tracker: Sullivan and Cromwell, Skadden Arps Slate Meagher and Flom, Davis Polk and Wardwell, Wilmer Cutler Pickering Hale and Dorr, Hogan Lovells, Cleary Gottlieb Steen and Hamilton, Akin Gump Strauss Hauer and Feld, Covington and Burling, Steptoe and Johnson, Mayer Brown, Latham and Watkins, Cooley, Gibson Dunn and Crutcher, Paul Weiss Rifkind Wharton and Garrison, McDermott Will and Emery, McGuireWoods, Dechert, Wilson Sonsini Goodrich and Rosati, Greenberg Traurig, Holland and Knight, Kirkland and Ellis, Freshfields Bruckhaus Deringer, Linklaters, Clifford Chance, Baker McKenzie, White and Case, Foley Hoag, Arnold and Porter, Ropes and Gray, Bird and Bird, Goodwin Procter, Hunton Andrews Kurth, Blank Rome, DLA Piper, Crowell and Moring, and Wiley Rein.

This roster matters operationally because cross-firm consensus across all of the major US national security practices is a strong indicator that the practitioner reading of a regulatory provision is settled. Where individual firms diverge (for example, on the precise scope of the “knowingly directing” standard), we have flagged the divergence in the body of this tracker.

Cross-Jurisdictional Friction: EU AI Act and US OISP

Confidence: MEDIUM.

The EU AI Act (entered into force August 1, 2024) and 31 CFR Part 850 are operationally distinct regimes that converge on AI policy. The EU AI Act governs deployment and development of AI systems within the EU and reaches non-EU developers that serve EU users. The OISP rule governs US person investments in covered foreign persons engaged in covered AI activity in countries of concern. The convergence point is a hypothetical US person LP commitment to an EU sponsor that invests in a Chinese covered foreign person AI developer.

Practitioner advice for this case is to treat the LP commitment as subject to OISP “reasonable and diligent inquiry” at subscription, with side-letter language requiring the EU sponsor to avoid covered transactions or to carve out US LP capital from any covered transaction. The EU AI Act does not prohibit such investments; the burden is OISP-only at the LP level.

Counsel should also flag that the EU AI Act’s general-purpose AI (GPAI) thresholds (10^25 FLOPs for systemic-risk GPAI) align numerically with the OISP prohibited threshold (10^25 computational operations) but use a different metric (FLOPs versus computational operations). The numerical coincidence is not coincidence; both regimes drew on the same Compute Governance literature. Compliance professionals should track both metrics for portfolio companies that operate AI training infrastructure at scale.

  • Wave 11 Top 200 SFO Direct PE Tracker: family-office direct PE deployment overlaps with OISP US person analysis, particularly for SFOs with US citizen principals.
  • Wave 11 Singapore-Hong Kong-Dubai SFO Boom: documents the rise of Asia centers and the cross-border structuring that interacts with OISP. Hong Kong reported 3,384 SFOs at end-2025 per Deloitte.
  • Wave 11 Family Office Succession and Wealth Transfer: covers the OBBBA July 4, 2025 permanent $15 million estate exemption that interacts with cross-border family-office structuring.
  • Wave 13 Property Management Cite-Bait: covers the Aligned plus MGX $40 billion data center transaction of October 2025, which was the largest data center transaction in industry history and involved MGX (the same Abu Dhabi sovereign that joined the TikTok USDS consortium).
  • Wave 14 SBA 7(a) Lender Rankings: domestic SBA market; OISP exposure indirect.
  • Wave 14 M and A Multiples Database: 9.8x median multiple, 11,408 Item 2.01 filings; OISP screening adds a categorical no-go zone for PRC-resident targets.
  • Buyer-Pool Influx 2026-06-26 macro anchor: 4,067 family offices (Preqin and BlackRock CNBC, August 15, 2025) with cross-border participation. The 4x global family-office growth from 651 to 4,067 over the 2019-2025 horizon includes many US-citizen-principal SFOs that face direct OISP exposure on outbound capital deployment.

Primary Sources

Treasury and CFIUS primary documents

TikTok regime primary documents

Specific CFIUS divestment orders

Allied jurisdiction primary

Practitioner advisory primary

Think tank policy primary

Practical Compliance Walkthroughs

Confidence: HIGH.

To illustrate the operational application of 31 CFR Part 850, we work through three representative scenarios drawn from publicly reported transaction structures. Each scenario assumes a US person sponsor or LP and a target with operating presence in a country of concern.

Scenario one: US growth equity fund considers a $40 million growth-round commitment to a Shanghai-headquartered AI accelerator chip designer. The target designs custom AI accelerator chips for hyperscaler customers in China. Annual training-compute usage is approximately 10^24 computational operations for internal model development. The target is a covered foreign person (Shanghai-incorporated, design of integrated circuits) and the transaction is prohibited under the semiconductor category (advanced integrated circuit design). The transaction cannot proceed. The US person sponsor must decline. Side-letter mitigation is not available because the prohibition is absolute. If the sponsor is an LP in an offshore fund that is contemplating the investment, the sponsor must extract binding contractual assurance from the GP that fund capital will not be used for the transaction, or must withdraw the LP commitment. Engagement-letter language should include representations that no portfolio investment will be a prohibited transaction.

Scenario two: US LP commits $50 million to a Singapore-domiciled growth fund managed by an ex-US GP. The fund’s strategy includes growth investments in Southeast Asia and possibly Mainland China. The US LP at subscription must conduct “reasonable and diligent inquiry” into the fund’s likely investment pipeline. If the fund discloses a high likelihood of covered foreign person investments, the LP either declines the commitment or extracts a binding contractual assurance side letter that LP capital will not be used in any covered transaction. The Treasury Final Rule provides the safe harbor at 31 CFR 850.501(g) for binding contractual assurance. Post-subscription, the LP must maintain documentation of the diligence performed and of any side letters obtained.

Scenario three: US strategic acquirer purchases a UK-headquartered AI inference software company. The UK target derives 35 percent of revenue from US customers, 40 percent from EU customers, and 25 percent from Chinese enterprise customers. The 25 percent China revenue does not cross the 50 percent threshold, so the UK target is not a covered foreign person under the OISP rule. The transaction is outside 31 CFR Part 850. Counsel should confirm the 50 percent test continues to fail post-closing through covenants requiring quarterly reporting of geographic revenue mix and through a material adverse change carve-out specific to crossing the 50 percent threshold.

These three scenarios cover the three principal practitioner concerns: prohibited-transaction screening, LP-side safe harbor structuring, and covered-foreign-person threshold compliance. Sponsors building compliance programs should map their pipeline against these archetypes and develop internal protocols accordingly.

Treasury 2026 Enforcement Priorities

Confidence: MEDIUM. Forward-looking.

Treasury’s published Enforcement Overview and Guidance signals that initial 2026 enforcement priorities concentrate on three areas. First, sponsor-level program failures: sponsors who fail to maintain compliance records, fail to file 30-day notifications, or fail to perform LP-level “reasonable and diligent inquiry.” Second, false or misleading representations in notifications, particularly where a sponsor characterizes a covered foreign person as a non-covered entity through aggressive interpretation of the 50 percent revenue or expense threshold. Third, “knowingly directing” cases where a US person directs a non-US person to make an investment that the US person could not lawfully make directly.

The COINS Act’s $150 million per year for two fiscal years authorization is positioned to fund three operational expansions: additional investigator headcount at the Office of Investment Security, enhanced inter-agency data sharing with BIS and the Department of Justice, and outreach and education programs targeting sponsor compliance officers. Practitioner reporting suggests Treasury is also building automated cross-referencing capability between OISP notifications and adjacent regulatory filings (CFIUS, Form D, Form ADV, IRS Form 5471 and 8865 controlled foreign corporation reporting).

The first OISP enforcement penalty, when published, is widely expected by practitioners to involve a sponsor-level program failure rather than a substantive prohibited transaction violation. The likely structure is a Treasury press release announcing a $1 million to $10 million civil penalty against a named sponsor for failure to file a notification within 30 days, paired with a remediation order requiring the sponsor to implement a documented compliance program. The deterrence value of such an announcement would extend well beyond the dollar figure of the penalty.

Frequently Asked Questions

What is the effective date of the Treasury Outbound Investment Security Program rule?

The Final Rule at 31 CFR Part 850 took effect on January 2, 2025. It was published in the Federal Register on November 15, 2024 (89 Fed. Reg. 90398) after Treasury issued it on October 28, 2024. Source: eCFR 31 CFR Part 850.

Which technologies are covered under 31 CFR Part 850?

Three categories: semiconductors and microelectronics, quantum information technologies, and artificial intelligence systems. Biotech is NOT in 31 CFR Part 850. The COINS Act of December 18, 2025 added high-performance computing, supercomputing, and hypersonic systems, effective when Treasury issues implementing regulations (approximately March 2027).

Which countries are countries of concern?

The People’s Republic of China, the Hong Kong Special Administrative Region, and the Macau Special Administrative Region. The COINS Act expanded the statutory list to add Cuba, Iran, North Korea, Russia, and Venezuela (Maduro regime), effective when implementing regulations are issued.

When did TikTok USDS close?

January 22, 2026. Oracle 15 percent, Silver Lake 15 percent, MGX (Abu Dhabi) 15 percent, 30.1 percent across existing ByteDance affiliates, 19.9 percent retained ByteDance = 80.1 percent American/allied ownership. Oracle is the security partner.

What was the first ever real-property CFIUS divestment?

MineOne Partners Limited, a BVI entity ultimately Chinese owned, was ordered to divest land near Francis E. Warren Air Force Base in Cheyenne, Wyoming by Biden Executive Order of May 13, 2024. MineOne agreed to sell the property to CleanSpark Inc. on May 8, 2024. The “Bagdad Capital plus Mexican Mining” matter does not exist in the public record.

What was the first DOJ Section 721 court enforcement action?

Suirui Telephone Conferencing v. Jupiter Systems, filed by DOJ in the US District Court for the District of Columbia on February 9, 2026, enforcing President Trump’s July 8, 2025 divestment order.

What was the largest CFIUS civil penalty?

$60 million against T-Mobile US, Inc., announced August 2024, for violations of the National Security Agreement entered into with the 2020 Sprint merger. The respondent is T-Mobile (NOT Sprint; Sprint ceased to exist as a standalone entity after the 2020 merger).

Was the AI Diffusion Rule implemented?

No. The Biden Bureau of Industry and Security AI Diffusion Rule of January 15, 2025 was rescinded by the Trump BIS on May 13, 2025, two days before its May 15, 2025 compliance trigger.

What is the maximum civil penalty per OISP violation?

$377,700 per violation as of January 29, 2025 (adjusted annually for inflation), or twice the value of the transaction, whichever is greater. IEEPA criminal penalties for willful violations are up to $1 million per violation, up to 20 years imprisonment, or both.

Are there public OISP enforcement penalties?

No public Treasury OISP penalty has been announced as of June 2026. The rule is too new. CFIUS inbound enforcement, by contrast, has accelerated. Practitioners anticipate the first OISP penalty in late 2026 or 2027.

About the Author

This tracker was compiled by the CT Acquisitions research team. CT Acquisitions is a buyer-side platform specializing in lower middle market and middle market M and A across roll-up verticals. Our research program covers PE sponsor concentration, family office direct PE, SBA 7(a) lender architecture, deal mechanics databases, and the regulatory architecture that shapes cross-border capital deployment. The CFIUS and OISP tracker is part of our Wave 16 Regulatory Architecture series, which sits alongside our healthcare PE roll-up trackers, our family office deployment trackers, and our deal-mechanics public-data work.

For corrections, primary-source additions, or commentary, contact the research team via ctacquisitions.com/contact.

Last updated: June 26, 2026.