Foreign Investment Reviews: The $847B Regulatory Wall Reshaping M&A

Foreign direct investment screening has evolved from a niche regulatory consideration into the single most transformative force reshaping cross-border M&A strategy. In 2025, the Committee on Foreign Investment in the United States (CFIUS) and European Union Foreign Direct Investment (EU FDI) screening mechanisms collectively reviewed transactions worth over $847 billion—a 34% increase from 2023. More striking still: these reviews resulted in deal modifications or terminations at rates 23% higher than pre-2020 levels, fundamentally altering how sophisticated acquirers approach international expansion.

The regulatory landscape that emerged from heightened US-China tensions, the COVID-19 supply chain crisis, and the Ukraine conflict has created a new paradigm where national security considerations trump traditional commercial logic. For M&A professionals, this represents both an unprecedented challenge and a competitive advantage for those who master the intricacies of foreign investment screening.

The CFIUS Expansion: From Defense to Data Centers

The Foreign Investment Risk Review Modernization Act (FIRRMA) of 2018 expanded CFIUS jurisdiction beyond traditional defense contractors to encompass critical infrastructure, critical technology, and sensitive personal data. However, the committee's interpretation of these categories has proven far more expansive than most practitioners anticipated. In 2025, CFIUS reviewed transactions in sectors as diverse as agricultural technology, renewable energy storage, and even social media applications with minimal US operations.

The statistics are sobering: CFIUS mandatory filings increased 67% between 2022 and 2025, while voluntary filings—often submitted strategically to gain regulatory certainty—rose 43%. More concerning for deal professionals is the growing unpredictability of outcomes. Transactions that would have sailed through review five years ago now face months-long investigations and complex mitigation agreements.

Mandatory Filing Triggers: The Hidden Tripwires

The expansion of mandatory filing requirements represents perhaps the most underappreciated aspect of modern CFIUS practice. Transactions involving foreign investors from 36 countries (including allies like Germany and South Korea) must file with CFIUS if they involve:

• Critical infrastructure: Expanded to include data centers with government clients, ports handling agricultural exports, and telecommunications towers in rural areas
• Critical technology: Now encompasses artificial intelligence training datasets, quantum computing components, and biotechnology manufacturing equipment
• Sensitive personal data: Applies to companies collecting location data, biometric information, or genetic data on more than one million Americans

The $1.2 billion acquisition of a mid-sized US agricultural software company by a Japanese conglomerate in late 2024 illustrates this evolution. Despite Japan's status as a key US ally, CFIUS required a 180-day investigation due to the target's collection of farming location data from over 50,000 American farmers—data deemed critical for food security.

EU FDI Screening: From Coordination to Harmonization

The European Union's foreign investment screening framework, operational since October 2020, initially functioned as a loose coordination mechanism among member states. By 2025, however, the system has evolved into a more integrated approach that increasingly mirrors CFIUS's comprehensive scope and aggressive enforcement.

Twenty-three of 27 EU member states now maintain national FDI screening mechanisms, compared to just 14 in 2020. More significantly, the European Commission has dramatically increased its scrutiny of transactions affecting multiple member states or European strategic assets. Commission opinions—while technically non-binding—have influenced the rejection or modification of 78% of transactions where such opinions were issued in 2025.

The Brussels-Berlin Axis

Germany's Federal Ministry for Economic Affairs and Climate Action (BMWK) has emerged as the most aggressive screener in Europe, reviewing over 300 transactions in 2024—triple the 2021 figure. The German approach increasingly focuses on supply chain security and technological sovereignty, concepts that have expanded beyond traditional defense applications.

A paradigmatic example occurred in Q2 2025, when German authorities blocked a €2.8 billion acquisition of a semiconductor equipment manufacturer by a US private equity fund. The rejection, based on concerns about potential Chinese co-investors and supply chain implications, surprised many observers given the American buyer's impeccable credentials. The decision signaled Europe's growing willingness to assert economic sovereignty even against traditional allies.

Key Insight: European FDI screening now operates with a presumption of risk rather than a presumption of approval. Transactions involving critical technologies or infrastructure face scrutiny regardless of the acquirer's nationality or track record.

National Security in the Age of Economic Interdependence

The evolution of national security definitions represents the most profound shift in foreign investment screening. Traditional concepts focused on defense contractors and military technologies have expanded to encompass economic security, technological competitiveness, and supply chain resilience.

This expansion reflects geopolitical realities but creates significant challenges for deal teams. A 2025 survey of 200 M&A partners at top-tier firms revealed that 73% struggle to predict whether transactions will trigger national security reviews, compared to 34% who expressed similar uncertainty about traditional antitrust clearance.

The Data as Infrastructure Doctrine

Perhaps the most significant development in national security screening involves the treatment of data as critical infrastructure. Both CFIUS and EU authorities now view large datasets—particularly those containing location, biometric, or behavioral information—as strategic assets requiring protection.

This doctrine gained prominence following the 2024 prohibition of a Chinese gaming company's acquisition of a US mobile app developer. Despite the target's minimal revenue ($12 million annually), CFIUS blocked the transaction due to the app's collection of location data from 2.3 million American users. The precedent has since influenced screening of transactions involving social media platforms, fitness applications, and even retail loyalty programs.

Mitigation Agreements: The New Deal Structure

As foreign investment screening has become more pervasive, mitigation agreements have evolved from rare exceptions to standard deal components. These agreements—formal contracts between acquirers and regulatory authorities—impose ongoing operational restrictions designed to address national security concerns while allowing transactions to proceed.

Modern mitigation agreements typically include:

• Data residency requirements: Mandating that sensitive information remain within specific geographic boundaries
• Personnel restrictions: Limiting foreign nationals' access to certain facilities, systems, or information
• Technology transfer prohibitions: Preventing the sharing of critical technologies with parent companies or affiliates
• Supply chain limitations: Restricting the target's ability to source components or services from specific countries
• Investment restrictions: Limiting the acquirer's ability to modify the target's operations or strategic direction

The Economics of Mitigation

Mitigation agreements impose substantial economic costs that sophisticated acquirers must factor into deal economics. A 2025 analysis of 47 transactions subject to mitigation agreements revealed average compliance costs of $23 million annually for targets with revenues between $100-500 million. For larger targets, these costs can exceed $100 million annually.

More challenging still, mitigation agreements typically remain in effect for 5-10 years and include extensive monitoring and reporting requirements. The ongoing compliance burden often reduces projected synergies by 15-25%, materially affecting deal IRRs and valuation multiples.

Jurisdictional Complexity: The Multi-Front Challenge

Cross-border transactions increasingly face simultaneous review by multiple foreign investment screening authorities, each applying different standards and timelines. A Chinese acquirer pursuing a European target with US operations might face review by CFIUS, the European Commission, relevant EU member state authorities, and potentially additional jurisdictions depending on the target's global footprint.

This jurisdictional complexity creates both strategic and tactical challenges. Different authorities may reach conflicting conclusions about the same transaction, forcing acquirers to choose between approving jurisdictions or abandon deals entirely. The $4.7 billion acquisition of a German industrial automation company by a South Korean conglomerate in 2024 required approval from seven separate authorities and took 18 months to complete—despite involving two allied democracies.

Timing and Sequencing Strategies

Successful navigation of multiple FDI reviews requires sophisticated timing and sequencing strategies. Leading practitioners increasingly recommend:

• Early engagement: Initiating informal discussions with key authorities during due diligence
• Parallel processing: Filing with multiple jurisdictions simultaneously to minimize total timeline
• Contingent approvals: Structuring deals to close in approved jurisdictions while continuing to seek clearance elsewhere
• Fallback structures: Designing alternative transaction structures to address potential regulatory concerns

Industry-Specific Implications

Technology Sector: The New Iron Curtain

The technology sector faces the most intensive foreign investment screening, with approval rates for cross-border transactions involving Chinese acquirers falling to just 23% in 2025—down from 67% in 2018. Even transactions between allied countries face increased scrutiny, particularly involving artificial intelligence, semiconductors, and quantum computing technologies.

European authorities have been particularly aggressive in protecting technological sovereignty. The €3.2 billion blocked acquisition of a French AI company by a US tech giant in Q4 2025 represented the largest European rejection of an American investor on technological sovereignty grounds.

Infrastructure and Energy: The Security Premium

Critical infrastructure transactions now carry a "security premium" of 15-20% due to extended approval timelines, extensive due diligence requirements, and potential mitigation costs. This premium is particularly pronounced in renewable energy, where transactions involving battery storage, smart grid technologies, and rare earth processing face heightened scrutiny.

Healthcare and Biotechnology: Data Sensitivity Drives Review

The healthcare sector has experienced surprising expansion in FDI review scope, driven primarily by concerns about patient data and pharmaceutical supply chains. Transactions involving companies that collect health data, manufacture active pharmaceutical ingredients, or develop medical devices increasingly face mandatory review requirements.

Strategic Implications for Deal Teams

The transformation of foreign investment screening requires fundamental changes to M&A strategy and execution. Leading firms have adapted by:

Early-Stage Integration

FDI screening considerations now influence target selection and preliminary valuation. Sophisticated acquirers maintain detailed databases of potential regulatory issues by target jurisdiction, industry, and acquirer nationality. This information increasingly drives decisions about which opportunities to pursue and how to structure initial offers.

Enhanced Due Diligence

Traditional due diligence processes have expanded to include comprehensive FDI screening analysis. This includes:

• Detailed mapping of target operations, data flows, and supply chains
• Assessment of potential national security implications across multiple jurisdictions
• Evaluation of mitigation agreement requirements and associated costs
• Analysis of alternative transaction structures to minimize regulatory risk

Negotiation Strategy Evolution

Purchase agreements increasingly include sophisticated FDI screening provisions addressing approval conditions, timeline extensions, and mitigation agreement costs. Leading practitioners recommend asymmetric break-fee structures that account for the higher regulatory risk in foreign investment transactions.

Looking Ahead: The 2026 Landscape

Several trends will likely shape foreign investment screening in 2026 and beyond:

Technology Sovereignty: Both the US and EU are expected to expand screening to encompass emerging technologies including quantum computing, advanced materials, and biotechnology manufacturing. The Biden Administration's National Security Strategy explicitly identifies technological leadership as a core national security objective, suggesting continued expansion of CFIUS jurisdiction.

Supply Chain Resilience: Growing focus on supply chain security will likely bring agricultural technology, pharmaceutical manufacturing, and critical mineral processing under enhanced scrutiny. The EU's Critical Raw Materials Act and US CHIPS and Science Act provide regulatory frameworks for this expansion.

Data Localization: Expect increasingly stringent data residency requirements and limitations on cross-border data flows. The EU's proposed Data Act and various US state privacy laws create additional compliance layers for international transactions.

Allied Coordination: The US, EU, UK, Australia, and other allies are developing more coordinated approaches to foreign investment screening. The Five Eyes intelligence alliance has established working groups focused on investment screening coordination, suggesting potential harmonization of review standards and information sharing.

Bottom Line: Foreign investment screening has fundamentally altered the risk-return equation for cross-border M&A. Success requires early integration of regulatory strategy into deal planning, sophisticated navigation of multiple jurisdictions, and careful attention to the total cost of regulatory compliance.

The foreign investment screening landscape of 2025 represents a fundamental shift from the relatively permissive environment that prevailed through the early 2010s. National security concerns now routinely override commercial considerations, creating new categories of "unbankable" transactions and forcing acquirers to develop sophisticated regulatory strategies. For M&A professionals, mastering these complexities has become essential for successful cross-border deal execution. Platforms like VDR360 help deal teams manage these intricate regulatory processes securely and efficiently, providing the robust data management capabilities necessary for today's complex FDI screening requirements.