US Warning Emerging Tech Firms About Rising Foreign Investment Risks
U.S. intelligence agencies are warning American emerging technology startups about the risks of accepting certain foreign investments, saying “foreign threat actors” from China and elsewhere are using those investments as a guise to steal sensitive technology.
Although foreign investments can sometimes provide “vital” funding for U.S. tech startups, the agencies said those startups can also “lose market share and fail” if a foreign company steals “proprietary data” during the investment process and then uses that data to compete against the startup. The Committee on Foreign Investment in the U.S. is designed to protect against these types of foreign investments, but some foreign companies are structuring their investments in a way that avoids CFIUS scrutiny, the National Counterintelligence and Security Center and three other national security and investigative offices said in a bulletin released this week.
That includes routing investments through intermediaries in the U.S. or other third countries to “obscure the money’s origin,” or using minority and limited partner investments. The bulletin also said some companies can steal sensitive information from a startup by pretending to conduct due diligence on the company ahead of a proposed investment they don’t intend to make.
The bulletin said venture capitalists from China are focusing on the U.S. artificial intelligence sector and other Chinese “government priorities.” The CEO of a U.S. startup told Congress last year that some China-based firms may target and pay employees of U.S. startups to “acquire technology, then fund competitors in China who try to monetize the stolen technology," the agencies said.
Several red flags may signal a foreign investor is trying to steal sensitive technology data, the bulletin said, including if they have a complex ownership structure, make investments through intermediaries or ask for sensitive data before making the investment. U.S. startups should “scrutinize prospective investors to assess risks,” the agencies said, including by verifying “who they say they are” and their ownership; assessing whether they’re subject to “sanctions, export controls, or similar designations”; researching the laws where the foreign investor operates to see if they must share data with their government; and confirming “that their values and intentions align with your own.”
The bulletin also urges startups to be careful about how much data they share with foreign firms. U.S. companies should “limit data sharing to only that which is appropriate, before and after investment,” it said, and should “identify red lines and responses if an investor requests information beyond what you would share with other investors.” They should also put measures in place to protect their “critical assets,” including through both “physical and virtual protection.”
The bulletin asks startups to submit tips to CFIUS, the FBI or other U.S. national security agencies if they’re aware of a possible foreign investment with “national security implications.”