Image Source: Pexels, Public Domain

The United States has moved from preaching the virtues of free capital toward actively screening what capital comes in and what capital goes out. This shift may be justified by genuine security risks, but it also introduces legal uncertainty, raises the cost of innovation, and stretches emergency authorities far beyond their original purpose. The article argues for a model of capital screening that targets only transactions posing serious national security externalities and that operates within clear congressional boundaries, ensuring that necessary flexibility does not become unchecked discretion.

By: Vladimir Gaberman

Edited by: Amish Gupta

For decades, the United States styled itself as the champion of free capital flows, preaching that global investment drives growth and innovation. Money and ideas crossed borders with few impediments, and open investment was an article of faith. That era is ending. American law now installs gatekeepers at both ends of cross-border capital: inbound investments face national security review by the Committee on Foreign Investment in the United States (CFIUS), and outbound U.S. investments into selected foreign technology sectors are subject to their own screening. 

The core question is not whether security matters, but how a system that long privileged openness should design security-driven capital controls so they do not swallow innovation or constitutional structure. The argument is simple and normative: focused screening is justified specifically when investments generate serious national security externalities, but such controls should be clear, narrow, and proportionate. Under these controls, Congress must set the outer lines and the Executive Branch must operate within their scope; the extent (or lack thereof) of breadth is not necessarily a matter of issue but, rather, the open-endedness of statute gives way to inappropriate interpretation. A familiar example is the use of emergency authorities like the International Emergency Economic Powers Act (IEEPA), undoubtedly drafted for acute asset-freeze scenarios, now used as the backbone of a standing outbound-investment regime. When vague statutory criteria such as critical technologies, sensitive personal data, or countries of concern combine with expansive executive discretion, especially in times of conflict, they create a broad chilling effect on early-stage innovation and capital allocation, backed by a mandate that is at best loosely bound. How, precisely, is an Executive expected to act in a time of crisis knowing their actions, permissible by vague authority, can be struck down by the courts? Of course, none of this is to deny that some degree of flexibility is indispensable in a fast-moving technological environment, but it is imperative to note that flexibility and intelligible limits are not mutually exclusive. 

Against that backdrop, inbound and outbound controls now function as related instruments, each addressing security risks as a form of externality and relying on inevitably imperfect screening to manage them, with the sharpest effects still felt where capital and innovation meet. The claim throughout is that if the U.S. is going to pursue security in this fashion, it should do so through rules that are precise, proportionate and anchored in constitutional structure, rather than through discretion so open-ended that neither markets nor courts can reliably anticipate its use.

To start, CFIUS is an interagency body that reviews certain foreign investments in U.S. businesses for national security risks. Rooted in the Defense Production Act and the 1988 Exon-Florio Amendment, its authority originally focused on takeovers that could result in foreign control of a U.S. business. For years, CFIUS operated mainly through voluntary filings within a relatively clear scope: if a foreign firm sought a controlling stake in a defense contractor or critical infrastructure operator, the government could investigate and recommend that the President block the deal. Judicial review of presidential decisions was sharply limited, reflecting habitual deference to national security judgments in economic affairs.

As foreign capital shifted toward Silicon Valley startups and data-rich platforms, Congress broadened CFIUS’s remit. The 2018 Foreign Investment Risk Review Modernization Act (FIRRMA) extended jurisdiction to certain non-controlling investments in Technology, Infrastructure and Data (TID) U.S. businesses; that is, firms involved in critical technology, critical infrastructure or sensitive personal data. Even a minority stake can now trigger review if the foreign investor receives non-public technical information, board or observer rights, or other substantive governance influence. A Chinese fund taking a 10% stake in a U.S. artificial intelligence startup with cutting-edge algorithms sits squarely within CFIUS’s line of sight, while real estate near sensitive military sites was also included. 

What began as a voluntary process is increasingly mandatory in key sectors. FIRRMA and its regulations introduced obligatory short-form declarations for some transactions, such as foreign government-linked investors taking substantial interests in TID businesses or investments in firms developing critical technologies. Failure to file where required can itself incur penalties. In practice, parties submit either a full notice or a shorter declaration and then wait through a multi-phase review. The statute sets a 45-day initial review, followed by up to 45 days of investigation and possible referral for a presidential decision. Many deals are cleared with no action, while others proceed subject to mitigation agreements that limit access to data, require divestiture of certain assets, or mandate U.S. citizen control of sensitive functions. A small but consequential set is blocked outright, as in the prohibited acquisition of Lattice Semiconductor by a China-backed fund, which CFIUS concluded would give foreign actors strategic access to advanced chip design capabilities.

The statutory trigger for action is whether a transaction “threatens” U.S. national security, a term Congress pointedly declined to define exhaustively. That choice grants the executive considerable latitude to identify novel threats such as data aggregation, supply-chain dependence or proximity to military facilities. Courts have barely dented that structure. In Ralls Corp. v. CFIUS, a Chinese-owned company was ordered to unwind its purchase of wind farm projects in Oregon near a naval facility. The D.C. Circuit held that once Ralls had acquired property rights, it was entitled to basic due process, including notice of unclassified reasons and an opportunity to rebut. CFIUS’s secretive process had to become slightly more transparent, but the court did not second-guess the President’s substantive judgment, which remained insulated from review. Outside that narrow line, judges have been reluctant to intrude, treating national security as a domain of heightened deference and leaving enormous discretionary power in both CFIUS and the President. There are, of course, sound reasons for judicial restraint in that domain, not least the institutional limits of courts in evaluating classified intelligence and forecasting military risk. 

On August 9, 2023, President Biden signed Executive Order 14105 on “Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern.” The order launched what has been branded a reverse CFIUS, a program to screen outbound U.S. investments in high-tech sectors, principally in China, including Hong Kong and Macau. The legal foundation is IEEPA, a statute originally aimed at blocking foreign assets or sanctioning hostile regimes. Invoking IEEPA, the President declared that foreign development of advanced semiconductors, quantum technologies, and AI posed an unusual and extraordinary threat to U.S. national security, thereby activating emergency powers to regulate transactions. After an advance notice in 2023, a proposed rule in 2024, and public comment, the Treasury Department issued a Final Rule on Oct 28, 2024, effective Jan 2, 2025.

The program sorts outbound transactions in selected sectors into two categories: prohibited transactions that U.S. persons may not undertake, and notifiable transactions that must be reported within 30 days after completion. The scope is narrower than Cold War capital controls yet is still a striking departure from the old presumption of laissez-faire. It targets a defined set of technologies and products in three sectors — semiconductors and microelectronics, quantum information technologies, and specified AI systems — and applies only to countries of concern. Currently, this only includes China (including Hong Kong and Macau), though others could be added. In semiconductors, U.S. persons are prohibited from investing in Chinese entities involved in developing or producing advanced chips and key manufacturing tools; investments in less advanced chip-related activities are not prohibited but must be notified. In quantum technology, investments in firms developing quantum computers, quantum communication networks, or specified sensing capabilities are forbidden. In AI, the rule looks to use and scale: investments in systems designed exclusively for military, intelligence or mass surveillance applications, or in projects involving extremely high compute thresholds for training models, are barred, while investments in other powerful AI systems with sensitive applications must be notified.

Unlike CFIUS, the outbound regime is not a case-by-case clearance process. There is no committee deciding whether to bless a proposed investment. Instead, it functions as direct regulation: U.S. investors must determine for themselves whether a transaction is prohibited, notifiable, or outside scope, then act accordingly. The Treasury can grant exemptions in limited circumstances if a covered transaction is in the national interest. The backbone is self-policing under the shadow of enforcement, backed by significant civil and criminal penalties and potential divestment orders for willful breaches. On paper, the outbound regime has sharp teeth even as it relies heavily on ex post enforcement and an atmosphere of compliance anxiety.

The constitutional structure is where the normative through line becomes far more explicit. Under Article I, Congress holds the power to regulate foreign commerce, including capital flows, yet it has not enacted a bespoke outbound statute. The President instead relies on broad delegations like IEEPA, though it was written for emergencies such as seizing Iranian assets or sanctioning terrorists (as was previously done), not for structuring global venture capital. Whether that use fits what Congress contemplated is not trivial. The Supreme Court’s recently sharpened Major Questions Doctrine suggests that when an agency asserts authority over matters of vast economic and political significance, it must rest on clear congressional authorization, and sweeping regulation of outbound investment in critical technologies looks like a candidate for that category. Foreign affairs and national security are domains where the Court has historically tolerated broader delegations and presidential initiative, especially in the last two decades, so the doctrine should not be applied mechanically. Even on a moderated understanding that accounts for the urgency of the foreign affairs context, however, the present outbound regime presses hard against the limits of what IEEPA can fairly be read to authorize. The ongoing IEEPA tariff litigation is already a fine enough example of how far emergency powers can be stretched when Congress leaves hard questions about trade to vague delegations.

The structural point remains: when the executive uses elastic terms like “unusual and extraordinary threat” and national security technologies to reshape global capital markets, constitutional design and basic separation-of-powers prudence counsel that Congress should speak clearly, set boundaries and revisit them. A security-driven capital control may be wise or unwise as policy, but it should not rest on largely implicit “trust us” delegations that leave both investors and constitutional lawyers to infer the contours of the authority after the fact. Taken together, inbound and outbound regimes now give the federal government two powerful levers: CFIUS to police what capital comes in, and the outbound program to police what capital goes out, especially where technology and adversaries intersect. Legitimate security concerns motivate both — concerns that the current geopolitical situation seems to warrant. Yet as presently framed, the structure does so by layering vague concepts atop broad delegations, in ways that generate legal uncertainty and predictably distort innovation and capital formation as investors inevitably over-compensate for that uncertainty, thus steering capital away from early-stage, high-risk projects and toward safer, less regulated bets. 

Ultimately, these policies respond to an externality problem under deep uncertainty. Some investments generate national security externalities, imposing risks on the polity that the private parties cannot or do not fully account for. When a U.S. firm invests in a Chinese AI venture, the private question is whether the stake will pay off; the public question is whether the same investment will accelerate a competitor’s military or surveillance capabilities. Likewise, when a Chinese investor backs a U.S. deep-tech startup, founders understandably see capital and expertise, while security officials, often correctly, see a pathway through which sensitive technologies vital to US global technological dominance could flow abroad. The point is not that those officials are overreacting or even overreaching, but that the law should make explicit when their concerns justify overriding what would otherwise be a permissible private bargain.

The textbook case for free capital flows remains powerful. International investment can undoubtedly stimulate growth, generate employment and enhance overall welfare by allowing capital to seek its highest-value use across borders. Cross-border finance permits diversification, risk sharing and access to specialized pools of funding. Capital controls, by contrast, generally misallocate resources and raise the cost of capital, shrinking the opportunity set for firms and investors. National security, however, complicates that picture by introducing its own class of externalities. Imagine a U.S. startup with a genuinely novel semiconductor design and a state-backed Chinese fund that offers a minority stake to help commercialize it. Absent regulation, the parties close the deal and treat any downstream impact on U.S. technological advantage as someone else’s problem. Screening intervenes to force that externality into the calculus: CFIUS can block or condition inbound capital, and outbound rules can forbid U.S. investors from funding Chinese projects that would materially advance military-relevant technology.

Policymakers face a genuine tension between the short-term benefits of foreign capital and the long-term risks of letting sensitive capabilities migrate abroad. Screening regimes are imperfect, and mistakes cut in both directions. Transactions that present minimal danger can still be derailed when officials lack complete information or, aware that they will be blamed more for permissiveness than for caution, choose to err on the safe side. Companies caught in that posture lose access to capital and partners that might have advanced their technology. At the same time, truly problematic deals can evade notice; for example, when they are fragmented across multiple small investments or structured through third-country funds that do not obviously or immediately trigger review. The review process also carries costs of its own, from legal fees and prolonged uncertainty to delays that are especially damaging for startups with limited runway, along with the ongoing obligations that accompany mitigation agreements.

Empirically, the effects are visible. One study — discussed in Congressional testimony — of Chinese investment in U.S. biotechnology found that, after CFIUS reforms and rising tensions, Chinese venture capital funding in that sector dropped by roughly 60%, and Chinese foreign direct investment in the U.S. fell by 83% from 2017 to 2018. Domestic investment did not fully backfill the gap, leaving emerging firms capital constrained. Analysts cautioned that preventing access to capital from foreign markets could dampen rather than promote growth of the U.S. biotech sector. Innovation ecosystems, particularly those built around early-stage firms, tend to be unusually sensitive to such frictions. Breakthroughs tend to arise in dense clusters where talent, ideas and capital circulate with minimal resistance. Cross-border venture capital contributes not only financing but also knowledge, networks and access to markets. The Treasury itself has acknowledged that outbound U.S. investment can bring intangible benefits such as technology expertise, corporate governance practices and reputational signaling to foreign firms. The mirror image is true inbound — rules that sever or chill such linkages eliminate not only risky technology spillovers, but also benign or beneficial ones.

Regulatory vagueness undoubtedly magnifies these costs. When definitions of critical technology or sensitive personal data are broad, evolving, and now layered with outbound categories such as national security technologies, investors rationally price in regulatory risk, and uncertainty makes waiting more attractive. Venture capital, already high risk, now carries an additional and hard to quantify probability of regulatory intervention, so some projects at the margin will simply never be financed. As Treasury’s outbound regime moves from proposal to binding rules in 2024–2025, U.S. VCs that were still active in China in the early 2020s confront a landscape in which operating in the grey zones is increasingly costly and potentially sanctionable, rather than one in which only clearly problematic deals are at issue. Sequoia Capital’s decision to spin off its China arm into a separate firm in response to that environment remains an emblematic signal of how seriously sophisticated actors now take these frictions. On this view, a reasonably designed screening policy would block only those transactions where the marginal security benefit clearly exceeds the foregone private and social gains, and would be administered through procedures that minimize delay and uncertainty. 

Rules written in the Federal Register do not stay there. For practical purposes, security-driven capital controls drafted in broad strokes are already reshaping how boards evaluate investors, how term sheets are written, and which hires early-stage firms are willing to make, particularly in the sectors the United States insists should remain most dynamic. In this context, consider an American AI startup, X-Corp, seeking capital to hire researchers and scale infrastructure. A U.S. fund is interested, as is another, sophisticated fund with ties to Shenzhen. Counsel, aware of the evolving landscape, warns that accepting the Chinese-linked money on typical venture terms could trigger review, months of uncertainty, intrusive mitigation, or even a blocked deal, and could complicate access to government grants. Rationally, X-Corp forgoes the higher valuation from the foreign fund and accepts a leaner domestic offer, or delays its raise altogether. Multiplied across dozens of startups, the inferred pattern becomes clear: Chinese venture investment in U.S. tech dropped sharply after FIRRMA and rising tensions, with estimates of declines exceeding 60% in a single year. The intended security benefit — namely, reduced Chinese access to U.S. tech — is real, yet the collateral costs — higher capital prices, more concentrated control by domestic incumbents and diminished pressure on U.S. investors to offer competitive terms — are, to some extent, an integral part of the bargain.

Outbound controls exhibit a similar pattern. A U.S. fund that once invested globally now finds that any stake in a Chinese quantum computing or advanced semiconductor startup is flatly prohibited, and that even adjacent opportunities may be notifiable and risky. The rational response is to declare entire categories off limits rather than parse evolving definitions. U.S. investors redirect to domestic or allied-country startups, or to less sensitive Chinese sectors, while Chinese startups in critical technologies turn inward to domestic capital, including state-linked funds. Innovation ecosystems progressively decouple, each side funding and developing largely within its own political sphere. Some degree of decoupling is plainly intentional, but it also means duplication of effort and loss of cross-border complementarities.

Over-compliance does much of the work in this regime. Counsel advising on CFIUS or outbound rules rarely recommend a narrow construction of jurisdiction, because when the potential consequences include forced divestment, substantial monetary penalties, and reputational harm, prudence strongly favors remaining well clear of the boundary. As a practical matter, the predictable result is that funds decline transactions that might merely be notifiable, firms submit voluntary filings even where coverage is reasonably contestable in order to obtain a measure of protection, and investors avoid entire sectors or geographies rather than attempt to navigate shifting definitions. From a regulatory vantage point, such behavior can be characterized as successful risk mitigation. No one seriously contends that agencies should encourage firms to press against the edge of every line, but there is a fair difference between prudent caution and a background fear that any misstep will be treated as some sort of sanctionable offense. But from the standpoint of overall welfare, however, it is conceivable that it operates as a familiar pattern of over-deterrence, one in which large incumbents, those equipped with compliance departments, sophisticated counsel, and established channels for informal engagement with agencies, can absorb delay and uncertainty, while startups and smaller funds cannot. In effect, where legal lines are indistinct and penalties severe, actors at the periphery of the system rationally withdraw first, with the effect of reinforcing incumbent advantages and dulling the competitive dynamics on which innovation depends.

It is inevitable that capital will, eventually, flow to other critical areas, even if the pathways are circuitous. As U.S. and Chinese authorities harden their mutual barriers, investment shifts to third countries. Chinese funds move more money into Southeast Asia or Europe, and non-U.S. investors step in where U.S. VCs retreat from China. Over time, it appears that the U.S. may find its centrality in global tech finance eroding, not because it lacks talent or ideas, but because participation in its ecosystem carries greater regulatory uncertainty. Against that backdrop, the country that once sold openness as its comparative advantage risks acquiring a reputation for discretionary capital policing. But having said that, such a shift is not necessarily predetermined; much still depends on how precisely and predictably the controls are administered. It is nonetheless a pretty expensive way to buy security, one that taxes innovation and skews markets in ways that a more carefully tailored regime might at least partially avoid.

If some screening is here to stay, the task is not to resurrect an idealized vision of unfettered capital flows, but to construct a regime that is, to some extent, institutionally coherent. The aim should be for Congress to enact clear, substantively bounded statutory frameworks that the Executive can administer with minimal interbranch friction, conferring sufficient discretion to protect American technological interests while leaving as little as possible to ad hoc interpretation. Such a framework would, in principle, acknowledge both the reality of security externalities and the costs of regulatory uncertainty. No drafting exercise will eliminate hard cases at the margins, but the inability to draw perfect lines is not a reason to have no lines at all. Lines in the sand are better than no lines. Of particular relevance, clarity at the statutory level can also stabilize expectations for firms and investors, who must make long-term commitments under conditions of legal risk. Indeed, a more disciplined allocation of authority is as much a security measure as it is a safeguard for markets.

First, basic terms should be sharpened. High-level phrases such as “critical technologies”, “emerging and foundational technologies”, or “sensitive personal data” invite agencies to pour almost anything into the mold. Congress and the relevant departments should, as a practical matter, supplement these terms with specific, regularly updated lists and objective criteria. The outbound rule’s sectoral breakdown in semiconductors, quantum, and AI is, arguably, a step in that direction, even if imperfect, and CFIUS could do more by publishing detailed guidance on which U.S. businesses it views as genuinely sensitive and which it treats as peripheral. Alongside sharper triggers, safe harbors are essential. FIRRMA introduced limited relief for certain exempted investors from allied jurisdictions and for very small stakes. That logic should be expanded: de minimis investments without governance or information rights, passive holdings through broad-based funds, and routine intracompany flows should be clearly out of scope. On the outbound side, the Treasury has already exempted some passive investments and small fund commitments. In this context, clear safe harbors create islands of certainty where market participants can operate without fear of retrospective penalties, which in turn reduces over-deterrence and, it may be inferred, supports more accurate pricing of security risk.

Allied friends including the European Union, Germany, and Japan have all tightened investment screening regimes. However, the Organization for Economic Co-operation and Development (OECD) guidance emphasizes that such measures should be transparent, predictable, and proportionate, and should address only genuine national security risks. Many European frameworks focus on well-demarcated sectors, with published screening criteria, public annual reports, and clearer statutory standards and procedural rights. They suggest, from a doctrinal standpoint, that a democratic state can protect security while offering investors more clarity than an open-ended national security standard backed by secretive process. Congress should therefore ensure that statutory timelines for CFIUS review are real, not merely aspirational, and that regulators cannot impose de facto indefinite delays through serial information requests. For outbound investment, Treasury should offer a streamlined advisory process under which firms can obtain prompt, written views on whether contemplated investments fall within prohibited or notifiable categories. Notably, codifying and generalizing the due process principles recognized in Ralls, including the right to unclassified summaries of the reasons for divestment orders and an opportunity to respond, would make the system fairer and more predictable without revealing classified details.

Proportionality should, at least to some degree, be a guiding norm. Security tools that quietly morph into industrial policy or protectionism are structurally dangerous, so statutes and regulations should state that screening is justified only where there is a genuine, evidence-based security concern and that measures should be narrowly tailored to that concern. For inbound deals, mitigation should be preferred over outright prohibition where feasible, particularly when conditions can realistically contain the relevant risk. For outbound investments, regulators should explore calibrated options, such as conditions limiting information sharing or board roles, before resorting to overarching categorical bans. It is conceivable that periodic sunset reviews of controlled technologies and countries of concern could prevent the framework from becoming unduly rigid, ensuring that controls evolve with actual threat assessments rather than bureaucratic inertia.

Finally, Congress should reclaim a clearer role in marking the boundaries of executive authority. Rather than relying solely on IEEPA and similarly broad statutes, legislators could enact an outbound investment law that specifies covered sectors, identifies or defines countries of concern, sets criteria tied to military or intelligence applications, and imposes meaningful reporting and sunset provisions. In effect, doing so would answer Major Questions concerns with a clear statement, mitigate the risk of mission creep, and give investors a more stable framework, while aligning with separation-of-powers principles that reserve decisions about sweeping economic restraints to the people’s representatives. 

And that has not yet happened for familiar, if not especially noble, reasons: Congress finds broad, security-sounding delegations politically safer than meticulously crafted legislation aimed at specific technologies. One need only recall the National Emergencies Act, whose serially renewed declarations demonstrate how readily Congress will preserve open-ended authority rather than accept the political costs of defining it. It is easier, and more politically digestible, to vote for an open-ended “national security” mandate and let the Executive absorb the blame for individual decisions than to legislate clear rules that expose legislators to the losers of those choices. As long as presidents can manage day-to-day crises with the tools already on the books and courts continue to defer, the immediate pressure to replace vague statutes with a tailored framework falls on no one in particular, all while the costs of that vagueness are quietly borne by startups and foreign investors who lack the leverage to force Congress back to the drafting table. From a doctrinal standpoint, if the constitutional structure is to retain real force in this area, it should require that the imposition of security-driven capital controls be both openly justified and legislatively grounded.

In light of a changing global environment, the United States has shifted from champion of open capital to a screening state that now regards some flows as matters of security concern. In a world where capital and technology move together and adversaries can exploit both, some form of security-driven review is, in principle, not excess but necessity. The central question is not whether these tools should exist, but how they are framed by legislators. Delegations that are broad in principle yet vague in application risk operating as an indiscriminate tax on innovation and, at the same time, invite judicial skepticism once courts begin to demand clear legislative authorization for measures of major economic and political significance. In that environment, defined statutory power is not an enemy of national security; rather, it is what allows the Executive to act decisively and repeatedly with a defensible mandate, and to preserve essential tools against later judicial narrowing. It is not sustainable, feasible, or remotely appropriate to hobble the national security apparatus of the United States if that means sacrificing technological superiority to our adversaries. In an era where this type of litigation is bound to become more prevalent, the statutory authority granted to the Executive must be sufficiently clear and durable in the courts to maintain America’s cutting edge. In a constitutional order that depends on both security and technological dynamism, the powers used to protect the former must be sufficiently clear that they do not, over time, erode the latter.