Draft FIRB legislation: what are the implications for Australian technology transactions?

The Federal Treasurer has released an exposure draft of the legislation that will implement his previously announced reforms to Australia’s foreign investment framework. 

Among other changes, the legislation will introduce a zero dollar screening threshold on foreign investments into any ‘national security business’. This will mean that any direct investment by a foreigner into a national security business will require FIRB approval.  

In our June 2020 article, we suggested that this new national security test is likely to have broad application to transactions in the communications, technology and data sectors. The draft legislation has provided further line of sight on the likely implications of the changes for technology transactions undertaken by foreign parties in Australia. 

What technology assets will be subject to the new national security test?

The exposure draft provides further clarity on the types of communications, technology and data assets that will constitute a ‘national security business’ and will therefore be subject to the zero dollar screening threshold. They are:

• Telecommunication carriers and carriage service providers regulated under the Telecommunications Act 1997.
  
  This includes VOIP service providers, virtual network operators and internet service providers. There had been some concern following the Treasurer’s initial announcement that the definition would extend to other business regulated under the Telecommunications Act 1997, such as social media companies and video streaming services. The exposure draft has confirmed this will not be the case.
  
  
• Businesses that develop, manufacture or supply critical technologies with a military use or which are intended for a military use.
  
  The definition captures any critical technology that is used by the Australian defence force or intelligence community, by any of their respective contractors or suppliers or by a foreign defence force in a way that may affect Australia’s national security. This will capture emerging military technologies, irrespective of whether the technology has been deployed or commercialised.
  
  Businesses that supply critical technologies used by the defence force or the intelligence community will be subject to a zero dollar threshold, even where the technology does not have an express military purpose, or the military use is not the main application of the technology. The draft explanatory memorandum notes that many such technologies will not be considered to be ‘critical’ and will sit outside the test on that basis. However, is not clear how a foreign buyer is to make that determination, as the exposure draft gives no guidance on when particular technologies are to be considered ‘critical’. The explanatory memorandum suggests that buyers look to publicly available Defence documents, such as the Defence Industry Policy Statement, Defence Industrial Capability Plan, and the Defence and Strategic Goods List for guidance to form a view on whether the target technology is ‘critical’. Some further guidance on that point would assist the final legislation.
   
• Businesses that store or have access to information that has a security classification.
  
  This will capture data centre providers and hosted platform services working for Australia defence forces and intelligence agencies.
  
  
• Businesses that store or maintain personal information of defence force personnel collected by the Australian defence force or intelligence community which, if disclosed, could compromise Australia’s national security and businesses that collect such information as part of an arrangement with defence or an intelligence agency.
  
  Significantly, this category only captures data sets that are collected by or on behalf of defence or intelligence agencies. This means that commercial data sets that include personal information of defence force personnel (such as shopper loyalty schemes) will not be caught.
  
  
• Businesses overseen by the Critical Infrastructure Centre (CIC), which at present, includes owners and operators of electricity or gas supply, ports and water infrastructure.
  
  The list of assets overseen by the CIC is dynamic and can change over time. As discussed in our 2019 article, there is speculation that the purview of the CIC may be extended to cover nationally significant data assets.

Foreign buyers of technology assets will need to determine at an early stage whether the target is a ‘national security business’. If so, foreign buyers should endeavour to define the national security concerns presented by the proposed transaction and consider how they might be addressed in the FIRB filing or mitigated by way of undertakings. In this regard, buyers should be mindful of FIRB’s growing preference to deal with data security issues by way of access undertakings as explained in our previous article. 

Unfortunately, based on the definition on the exposure draft, it will be difficult for a foreign buyer to confidently assess whether or not the target is a ‘national security business’ without the seller’s help, as it assumes a relatively detailed level of knowledge about the target’s client base and the use of its technologies.

New call-in powers for the Treasurer

The exposure draft gives the Treasurer new powers to call-in for review any investment which is not otherwise notifiable or already subject to FIRB oversight on national security grounds. Where an action is called in, it will be subject to FIRB review in much the same way as if it had been required to be notified to FIRB in the first place. Transactions can be called in any time, including after completion. In these circumstances, the Treasurer will have the power to either require a divestment of the interest by a foreign person or terminate the relevant agreement. 

The call-in powers apply to ‘reviewable national security actions’. Interestingly, this concept goes well beyond acquisitions and investments that would traditionally have been subject to FIRB review. For example, it captures any significant agreement which gives a foreign person the right to use the assets of an Australian business. This could conceivably capture a licensing deal for a technology product or data sharing arrangement. 

This extension of the Treasurer’s review powers brings Australia closer to the position in the US where the Committee on Foreign Investment in the United States (CFIUS) has the power to review broad categories of transactions which give a foreign party access to non-public technologies. It will be important for FIRB and the Treasurer to provide guidance to the market on the circumstances in which the call-in power will be used. Without that guidance, foreign parties may feel the need to voluntarily notify FIRB of relatively benign actions, which could clog the approval process. 

Last resort powers

The exposure draft also gives the Treasurer the right to reassess and impose conditions on or to unwind previously approved foreign investments. Known as the ‘last resort powers’, this right will apply where there is a change in circumstances after the initial assessment which gives rise to new national security risks. This includes a material change in the activities of a business or where the circumstances of the market become materially different. This is particularly relevant to technology companies which tend to be focused on the development of new products and are more likely to experience rapid growth in their customer base. 

The last resort powers will only be available for actions that were notified to the Treasurer on or after 1 January 2021.

Next steps

Public submissions on the draft legislation close on 31 August 2020 and the Government intends for the new regime to commence from the start of 2021.

In the meantime, foreign investors will need to comply with the temporary COVID-19 measures and should remain mindful of the changing regulatory landscape when planning foreign investments in Australian communication, data and technology businesses.