By Evonne Xu · 跨境并购 · 深度分析 · 约1500字
核心摘要
2025年,CFIUS审查已从"国家安全"扩展到"供应链韧性"与"数据主权"。本文梳理最新审查趋势、三大高风险行业、两起真实案例,以及中国企业CFO/法务必须掌握的应对策略。
一、CFIUS是什么,为什么2026年更难过
美国外国投资委员会(CFIUS)并非新机构,但其审查权力在过去五年经历了根本性扩张。2018年《外国投资风险审查现代化法案》(FIRRMA)奠定了现代CFIUS的法律框架,而2025年,随着中美科技竞争白热化,CFIUS的实际审查范围已远超法律文本的字面解读。
数据显示,2024财年CFIUS共收到约450份申报,其中涉及中国买方的交易审查时间平均延长至270天,远超其他国家买方的180天平均水平。更关键的是,被要求撤回申报或遭到总统令禁止的交易中,中国买方占比超过60%。
2025年的新变量在于:CFIUS开始将"数据可及性"作为独立审查维度。即便目标公司不涉及任何军事技术,只要其数据库包含大量美国公民的生物特征、金融行为或地理位置信息,就可能触发强制申报义务。
二、2025年三大高风险行业
高风险行业01:半导体与先进制造 涵盖芯片设计、EDA工具、先进封装。任何涉及14nm以下制程技术的并购,强制申报概率接近100%。
高风险行业02:医疗健康与生物技术 基因组数据、电子病历、医疗AI平台。目标公司持有超过100万美国公民健康数据即触发强制申报。
高风险行业03:关键基础设施与能源 港口、电网、电信网络、稀土加工。2025年新增:海底光缆运营商被纳入TID(技术、基础设施、数据)强制申报范围。
三、两起真实案例:过与不过的边界在哪里
案例一:神经科学收购(2024年,被阻止)
某中国大型医药集团计划收购一家美国神经科学公司的多数股权。该目标公司本身不涉及任何军事合同,但其临床数据库包含超过200万美国患者的神经影像与基因组信息。
CFIUS认定:神经影像数据具有潜在的生物特征识别价值,叠加买方与中国军民融合体系的关联背景,构成"不可缓解的国家安全风险"。交易在审查第二阶段被要求撤回。
关键教训:数据类型比技术本身更敏感。神经科学≠武器,但神经数据=生物特征=红线。
案例二:制造业少数股权投资(2024年,获批)
一家中国汽车零部件企业计划收购一家美国精密铸造公司19.9%的少数股权,不要求董事会席位,不获取技术许可,不接触客户数据库。该目标公司主要客户为民用汽车OEM,无国防合同。
买方主动提交自愿申报,配合CFIUS谈判签署国家安全协议(NSA),承诺:不派驻工程师访问核心生产线、不获取任何客户名单、每年接受独立合规审计。最终在审查第一阶段获批,历时112天。
关键教训:主动申报+结构设计+NSA谈判,是目前中国买方通过CFIUS审查的最可靠路径。
四、CFO和法务必须掌握的五个应对策略
策略01:交割前做CFIUS风险预评估 签LOI之前,委托专业律师对目标公司进行TID筛查。重点评估:是否涉及关键技术、关键基础设施、或敏感数据;买方是否与解放军或情报机构存在可追溯关联。
策略02:用交易结构降低审查强度 少数股权(低于10%且无实质控制权)在某些情况下可豁免强制申报。剥离目标公司的敏感业务单元后再收购,也是常见的结构优化路径。
策略03:主动申报优于被动等待 CFIUS有权在交割后5年内主动发起审查,强制要求剥离。主动提交自愿申报,虽然延长前期时间,但能有效锁定监管确定性,避免交割后被清算的灾难性结果。
策略04:提前准备NSA谈判方案 国家安全协议(NSA)是CFIUS批准高风险交易的常用工具。内容通常包括:数据本地化、访问限制、独立合规监察员、年度审计。提前准备NSA草案可大幅缩短谈判周期。
策略05:管理买方身份的可见度 CFIUS会深度调查买方股权结构、管理层背景、政府关联。在申报材料中主动、透明地披露所有相关信息,远比被调查中发现隐瞒更有利。
五、结语:确定性是最昂贵的并购资产
2025年的CFIUS审查环境,对中国买方而言不是"能不能做"的问题,而是"怎么做才能过"的问题。监管确定性本身已经成为并购交易中最昂贵、也最值得提前投资的资产。
每一笔跨境交易的背后,都是数年的战略布局和数亿的资本押注。在监管的红线面前,法律准备的早晚,往往决定了交易的生死。
关于作者
Evonne Xu 是一位专注于中美跨境并购与AI法律合规的律师,同时也是法律科技工具的构建者。
📩 订阅每周AI法律简报:evonnexulegal.beehiiv.com/subscribe 📅 预约一对一咨询:evonnexulegal.com/#contact
CFIUS 2026: Where Are the Red Lines for Chinese Acquirers?
By Evonne Xu · Cross-Border M&A · Deep Analysis · ~1500 words
Executive Summary
In 2025, CFIUS review has expanded beyond "national security" to encompass "supply chain resilience" and "data sovereignty." This article maps the latest review trends, the three highest-risk sectors, two real-world cases, and the strategies every Chinese acquirer's CFO and general counsel must master.
I. Why CFIUS Is Harder Than Ever in 2025
The Committee on Foreign Investment in the United States (CFIUS) is not a new institution, but its review authority has undergone a fundamental expansion over the past five years. The Foreign Investment Risk Review Modernization Act (FIRRMA) of 2018 established the modern CFIUS legal framework, and in 2025, as U.S.-China technology competition intensifies, the practical scope of CFIUS review has extended far beyond the literal text of the law.
Data shows that in fiscal year 2024, CFIUS received approximately 450 filings. Transactions involving Chinese acquirers averaged 270 days under review — significantly longer than the 180-day average for buyers from other countries. More critically, Chinese acquirers accounted for over 60% of transactions that were either asked to withdraw or blocked by presidential order.
The new variable in 2025 is that CFIUS has begun treating "data accessibility" as an independent review dimension. Even if a target company has no military contracts, if its database contains substantial biometric, financial behavioral, or geolocation data on U.S. citizens, it may trigger mandatory filing obligations.
II. The Three Highest-Risk Sectors in 2025
Sector 01: Semiconductors and Advanced Manufacturing Covers chip design, EDA tools, and advanced packaging. Any acquisition involving sub-14nm process technology carries a near-100% probability of mandatory filing.
Sector 02: Healthcare and Biotechnology Genomic data, electronic health records, and medical AI platforms. A target company holding health data on more than one million U.S. citizens triggers mandatory filing obligations.
Sector 03: Critical Infrastructure and Energy Ports, power grids, telecommunications networks, and rare earth processing. A 2025 addition: submarine cable operators have been brought within TID (Technology, Infrastructure, Data) mandatory filing scope.
III. Two Real Cases: Where the Line Falls
Case One: Neuroscience acquisition (2024, blocked)
A major Chinese pharmaceutical group planned to acquire a majority stake in a U.S. neuroscience company. The target had no military contracts, but its clinical database held neuroimaging and genomic data on over two million U.S. patients. CFIUS determined that neuroimaging data carries potential biometric identification value, and combined with the acquirer's ties to China's civil-military fusion ecosystem, constituted an "unmitigable national security risk." The transaction was asked to withdraw in Phase II review.
Key lesson: Data type is more sensitive than the technology itself. Neuroscience ≠ weapons, but neural data = biometrics = red line.
Case Two: Minority stake in manufacturing (2024, approved)
A Chinese auto parts company sought to acquire 19.9% of a U.S. precision casting company with no board seat, no technology license, and no access to customer databases. The target's customers were civilian automotive OEMs with no defense contracts. The acquirer filed voluntarily, negotiated a National Security Agreement (NSA) committing to no engineer access to core production lines, no customer list access, and annual independent compliance audits. The deal cleared in Phase I after 112 days.
Key lesson: Voluntary filing + deal structuring + NSA negotiation is currently the most reliable path for Chinese acquirers to clear CFIUS review.
IV. Five Strategies for CFOs and General Counsel
Strategy 01: CFIUS risk assessment before signing the LOI Commission specialized counsel to conduct a TID screen of the target before any letter of intent is signed. Focus on: whether critical technology, critical infrastructure, or sensitive data is involved; whether the acquirer has traceable connections to the PLA or intelligence agencies.
Strategy 02: Use deal structure to reduce review intensity Minority stakes below 10% with no substantive control can qualify for filing exemptions in certain circumstances. Carving out the target's sensitive business units before acquisition is also a common structural optimization path.
Strategy 03: Voluntary filing beats passive waiting CFIUS retains authority to initiate review up to five years post-closing and can mandate divestiture. Proactive voluntary filing extends upfront timelines but locks in regulatory certainty — far preferable to a post-closing forced divestiture.
Strategy 04: Prepare your NSA negotiating position early National Security Agreements are CFIUS's standard tool for approving higher-risk transactions. Provisions typically include data localization, access restrictions, independent compliance monitors, and annual audits. Preparing an NSA draft in advance can significantly compress negotiation timelines.
Strategy 05: Manage the visibility of acquirer identity CFIUS conducts deep investigations into acquirer ownership structures, management backgrounds, and government connections. Proactive, transparent disclosure of all relevant information in filings is far more advantageous than having omissions discovered during review.
V. Conclusion: Regulatory Certainty Is the Most Expensive M&A Asset
In 2025, navigating CFIUS as a Chinese acquirer is no longer a question of whether a deal can be done — it is a question of how to structure it to succeed. Regulatory certainty has itself become the most expensive, and most valuable, asset to invest in early in any cross-border transaction.
Behind every cross-border deal is years of strategic positioning and hundreds of millions in capital at stake. When it comes to regulatory red lines, how early you prepare your legal strategy often determines whether the deal lives or dies.
About the Author
Evonne Xu is an attorney specializing in U.S.-China cross-border M&A and AI legal compliance, and a builder of legal tech tools.
📩 Subscribe to the weekly AI law brief: evonnexulegal.beehiiv.com/subscribe 📅 Book a consultation: evonnexulegal.com/#contact