March 5, 2026

Codifying the Outbound Investment Security Program - The 2025 COINS Act’s impacts on prohibited and notifiable US outbound investments

Jonathan Cross, Abbe Dienstag, Joseph Falcone Herbert Smith Freehills Kramer + Follow Contact LinkedIn Facebook X Send Embed

On December 18, 2025, the 2026 National Defense Authorization Act was signed into law. Among its provisions is the Comprehensive Outbound Investment National Security Act of 2025, referred to by its acronym, the COINS Act. [1] While the COINS Act codifies the Outbound Investment Security Program (OISP) established in 2023 during the Biden administration by executive order, [2] it does not make any immediate changes to the OISP nor to regulations previously issued by the US Treasury Department to implement the OISP. But it does call for several substantive changes to the scope and contours of the OISP, to be reflected in further Treasury Department regulations issued by March 2027. Moreover, the COINS Act has provided express statutory authorization for the OISP. In so doing, it demonstrates both the continuing vitality of the program and the bipartisan concern about US capital outflows to countries of concern.

The COINS Act, and specifically Subtitle C, titled “Prohibition and Notification on Investments Relating to Covered National Security Transactions,” addresses prohibited investments and notifiable investments in the People’s Republic of China (PRC) and several other jurisdictions. The OISP is administered by the Treasury Department [3] pursuant to rules codified at part 850 of Title 31 of the Code of Federal Regulations and referred to as the Outbound Investment Rule (Rule). The Rule consists of 259 sections, most of which are definitions, and when promulgated in final form occupied 12 three-columned pages in the Federal Register.

Subtitle C of the COINS Act is nowhere near as long, spanning only nine, admittedly longer, sections. A good part of the statute, however, is devoted to reports that the Treasury Department is required to make to Congress and other ancillary provisions, including a mandate to conduct multilateral engagement with non-US governments to facilitate effective implementation of the statute and to establish a public database identifying persons engaged in what are referred to as prohibited or notifiable technologies. The statute directs the Secretary of the Treasury to issue regulations within 450 days — that is, by March 13, 2027 — to implement the provisions on prohibited and notifiable investments. As such, the statute is more of a framework for regulating investments in sensitive technologies in the countries of concern than a detailed prescription for such regulation, which the Secretary of the Treasury will promulgate.

Below, we briefly review the background of the COINS Act and outline the operative provisions of Subtitle C. Using a flowchart, we visually depict the application of the Rule as currently in effect, and comment on how matters may change under the COINS Act. We also offer an example of the application of the Rule with a comparison to the COINS Act.

Background

In December 1977, Congress enacted the International Emergency Economic Powers Act (IEEPA). The IEEPA authorizes the president to declare the existence of an “unusual and extraordinary threat ... to the national security or foreign policy of the United States.” It also authorizes the president to prohibit the acquisition of, or exercising any right with respect to, any property in which any foreign country or its nationals have an interest by any person subject to the jurisdiction of the United States. In August 2023, President Joe Biden issued an executive order (EO) under the IEEPA declaring that the advancement by certain countries of products critical for military, intelligence, surveillance or cyber-enabled capabilities constituted a threat to US national security. The EO identified three sectors of concern: semiconductors and microelectronics, quantum information technologies, and artificial intelligence (AI).

The Treasury Department issued proposed rules in response to the EO in June 2024. The final Rule was issued in October 2024, and the Rule became effective on January 2, 2025. The COINS Act now provides an express statutory basis for this regulatory regime, which the Treasury Department must now implement through new or revised regulations.

Until the Treasury Department issues its new regulations, which must undergo public review and comment prior to becoming final, the current Rule remains in effect. As the Treasury Department emphasized in recent guidance, [4] until new regulations are issued, “parties should continue to act in full compliance with the Treasury Department’s current regulations at 31 CFR part 850 (including submitting notification of any notifiable transactions and refraining from engaging in any prohibited transactions).”

The COINS Act has a sunset provision, pursuant to which it will expire in seven years. After that, Congress will again need to address the issue.

Subtitle C

Subtitle C of the COINS Act is structured as follows:

• Section 801 — Prohibition on Investments: Authorizes the Secretary of the Treasury to prohibit by regulation US persons from engaging in transactions involving prohibited technology. The section contains a national security exemption, recourse to which must be reported to Congress. It also requires the regulations to provide for a process in which parties could get feedback on the applicability of the statute and an opportunity to cure violations.
• Section 802 — Notification of Investments: Requires the Secretary of the Treasury to issue regulations regarding notification of investments in notifiable technology, within 450 days of the statute’s enactment, with such notification to be made within 30 days of the completion date of the investment transaction.
• Section 803 — Reports: Requires the Secretary of the Treasury to make annual reports to Congress providing information regarding enforcement actions under the regulations, assessments of prohibited technology, a listing of notifications and certain other information. The section also provides for annual testimony to Congress.
• Section 804 — Multilateral Engagement and Coordination: Requires the Secretary of the Treasury to engage with the governments of allies to facilitate the implementation of prohibitions and notifications pursuant to the statute, develop a strategy for such engagement and report annually to Congress on these matters.
• Section 805 — Public Database of Covered Foreign Persons: Requires the Secretary of the Treasury to establish a publicly accessible database of foreign persons that are engaged in prohibited or notifiable technologies.
• Section 806 — Rules of Construction: Provides that nothing in the statute should be construed as limiting the power of the president.
• Section 807 — Penalties: Declares that the violation of regulations under the statute is unlawful, authorizes the Secretary of the Treasury to impose civil penalties for violations and authorizes the Secretary of the Treasury to compel divestment for violations of the prohibitions on investment.
• Section 808 — Exemptions from Disclosure: Provides for an exemption from disclosure under the Freedom of Information Act of information filed with the Secretary of the Treasury under the statute.
• Section 809 — Definitions: Provides for certain definitions under the statute, some of which are summarized below.

Regulations

Both Section 801 and Section 802 instruct the Secretary of the Treasury to minimize the burden of the regulations to be promulgated under the statute. In the words of the statute:

"In issuing regulations ... the Secretary should balance the priority of protecting the national security interest of the United States while, to the extent practicable—

(A) minimizing the cost and complexity of compliance for affected parties, including the duplication of reporting requirements under current regulations;

(B) adopting the least burdensome alternative that achieves regulatory objectives; and

(C) prioritizing transparency and stakeholder involvement in the process of issuing the rules."

The statute’s direction to minimize costs and burdens may be read as a critique of the complexity of the existing regulations under the OISP. The extent to which those regulations will now be simplified remains to be seen.

In another sign of user-friendliness, the COINS Act directs the Secretary of the Treasury to establish procedures whereby guidance may be obtained regarding the applicability of the statute.

Definitions

For an understanding of what follows, it is helpful to summarize certain of the definitions under the statute.

“ Country of concern,” which defines the countries to which the statute applies, includes (i) the PRC, including the Hong Kong and Macau special administrative regions; (ii) the Republic of Cuba; (iii) the Islamic Republic of Iran; (iv) the Democratic People’s Republic of Korea; (v) the Russian Federation; and (vi) the Bolivarian Republic of Venezuela under the regime of Nicolas Maduro.

It is unclear how the removal from power of Maduro will ultimately impact, if at all, Venezuela’s inclusion as a country of concern. “New investment in Russia” is generally prohibited by US sanctions regulations at present, independent of the COINS Act’s requirements. The other added jurisdictions are similarly subject to US sanctions regimes.

“ Covered foreign person,” which defines the persons in countries of concern to which the statute applies, includes a foreign person that (i) has a principal place of business in, or is organized under the laws of, a country of concern; (ii) is a member of the political leadership of a country of concern (including the Central Committee of the Chinese Communist Party); (iii) is subject to the direction or control of an entity described in clause (i) or (ii) or a country of concern, its government, or any of its political subdivisions; or (iv) is owned in the aggregate, directly or indirectly, 50% or more by an entity described in clause (iii).

“ Covered national security transaction,” which defines the kinds of transactions to which the statute applies, includes (i) the acquisition of an equity interest or contingent equity interest in a covered foreign person; (ii) the provision of a loan or similar debt financing arrangement to a covered foreign person where such debt financing affords an interest in profits, the right to appoint members of the board of directors, or other financial or governance rights characteristic of an equity investment; (iii) a joint venture with a person of a country of concern to engage in a prohibited technology or notifiable technology; (iv) the conversion of a contingent equity interest in a foreign covered person; (v) the acquisition, leasing or other development of operations, land, property or other assets that will result in the establishment of a covered foreign person or the engagement of a person of a country of concern in a prohibited technology or notifiable technology; (vi) knowingly directing prohibited transactions or notifiable transactions by foreign persons; (vii) the acquisition of an interest in a fund that is not a US person that likely will invest in a person of a country of concern that is in one of the prohibited technology or notifiable technology sectors and that undertakes a transaction of the type described in this definition; or (viii) any other transaction identified by the Secretary of the Treasury, subject to certain exceptions.

The following are excluded from covered national security transactions: (i) any transaction the value of which the Secretary of the Treasury determines is de minimis; (ii) any category of transactions that the Secretary of the Treasury determines is in the national interest of the United States; (iii) an investment in a security traded on an exchange or in the over-the-counter market or in an investment company; (iv) a limited partnership interest or equivalent in a fund that is de minimis or where the investor has secured a binding contractual assurance from the fund that its capital will not be used to engage in a transaction covered by the statute; (v) a derivative of a security described in clauses (i), (ii) and (iii); (vi) an ancillary transaction (as defined) by a financial institution; (vii) the acquisition of an interest in an entity or assets outside a country of concern in which the totality of the interest in the entity is being acquired; (viii) an intracompany transfer of funds; (ix) a secondary financial transaction, such as contractual arrangements not involving a prohibited technology or notifiable technology, bank lending and other banking functions, prime brokerage, equity research, and similar services; and (x) other administrative services to be defined in the regulations.

“ Notifiable technology,” which are the types of technology that may be subject to notification under the statute, includes (i) semiconductor technology and microelectronics; (ii) AI systems; (iii) quantum information technologies; (iv) high-performance computing and supercomputing; and (v) hypersonic systems.

“ Prohibited technology,” which are the types of technology that may be subject to prohibition under the statute, includes the same technologies as notifiable technology except that it is limited to advanced semiconductor technology and microelectronics.

A decision tree: Is a transaction subject to the Rule? Will it be subject to the COINS Act?

Presented here is a decision tree for assessing whether a transaction involving the PRC is subject to notification or prohibition under the current Rule. The numbered comments below correspond to the numbered points of decision and indicate how each of the decision points may change under the COINS Act.

1. US person investing directly. The Rule (Section 805.229) defines a US person broadly to include US citizens and lawful permanent residents, any entity organized under the laws of the United States and any person in the United States. The COINS Act contains the same definition.
2. US person investing through a foreign person. The Rule does not include a stand-alone definition of “foreign person” or “foreign entity,” although in the definition of “controlled foreign entity,” the term “foreign entity” refers to an entity organized under the laws of a country other than the United States. The COINS Act provides that “foreign person” will have the meaning given the term in the to-be-promulgated regulations.
3. Controlled foreign entity. The Rule (Sections 850.206, 850.219) defines a controlled foreign entity as a foreign entity of which a US person is the parent. “Parent” means a person that controls more than 50% of the voting interest or voting power of the board or that acts as a general or managing partner or an investment adviser of another entity. A US person is required to prohibit and prevent any transaction by its controlled foreign entity that would be a prohibited transaction if engaged in by a US person (Section 850.302).

The COINS Act does not have a corresponding concept, but presumably the regulations will fill the gap.
4. Country of concern. Under the Rule (Section 850.207 and the annex to Biden’s executive order), the only country of concern is the PRC (including Hong Kong and Macau). As indicated above, the COINS Act expands the definition to include other countries that may be perceived as hostile to the United States and are the target of US sanctions regimes. However, since these additional countries are already subject to sanctions regimes, it is questionable whether the expansion of the list will have any practical impact.
5. Covered activity. Under the Rule (Section 850.208), covered activities are limited to semiconductors and microelectronics, quantum information technologies, and AI. The COINS Act adds high-performance computing and supercomputing and hypersonic systems.

The current Rule goes beyond the broad categorization found in the statute to provide additional specification. So, for example, prohibited AI technologies under the Rule are limited to AI systems designed for particular uses and trained using specific quantities of computing power. Also, notifiable transactions under the current Rule include only integrated circuits and AI, as compared with the COINS Act definition, which includes all five technologies. The regulations under the COINS Act will no doubt provide additional specification to both prohibited technology and notifiable technology, perhaps updated from the current Rule to reflect the rapidly advancing science and engineering in these areas. See item 9 below.
6. Covered foreign person. Covered foreign persons are the entities in which an investment may be prohibited or notifiable, necessarily including an entity in a country of concern that itself engages in a covered activity.

Under the Rule (Section 850.209), a covered foreign person also includes (i) a person that directly or indirectly holds a board seat on, a voting or equity interest in, or any contractual management of a person engaged in a covered activity in a country of concern (ii) from which such person derives more than 50% of its revenue or net income or for which it incurs more than 50% of its capital expenditures or operating expenses. It also includes a person of a country of concern that participates in a joint venture that engages in a covered activity.

The concept of an upstream controller is absent from the COINS Act. Instead of including upstream entities in its definition of a covered foreign person, the definition extends to downstream entities that are controlled by a person organized in a country of concern. The regulations under the COINS Act, however, may yet expand the definition upward as well.
7. Covered transactions. Covered transactions under the Rule (Section 850.210) are the types of investment transactions that may be prohibited or notifiable if engaged in directly or indirectly by a US person. The COINS Act refers to these as “covered national security transactions.” The definition of “covered transaction” under the current Rule and the definition of “covered national security transaction” are largely the same. Both definitions incorporate the term “covered foreign person,” which is to say that prohibited or notifiable transactions must necessarily involve a covered foreign person.
8. Excepted transactions. The roster of excepted transactions under the Rule (Section 850.501) and the COINS Act is similar, with some differences at the edges. For example, the Rule excludes the acquisition of an interest in a covered foreign person upon default under certain types of loans, while the statute includes certain secondary financial transactions, as described above.
9. Prohibited transaction or notifiable transaction. Like the COINS Act, the Rule classifies transactions as either prohibited (Section 850.224) or notifiable (Section 850.217). See item 5 above. It remains to be determined whether a transaction is prohibited, merely notifiable or perhaps neither despite coming broadly within the specified categories of technology.
Unlike the current Rule, the COINS Act does not prohibit transactions involving prohibited technology but instead directs the Secretary of the Treasury to do so by regulation. Presumably, this is a direction to be more particular as to the type of technology within the broad categories of prohibited technology to which the outright prohibition applies.

The COINS Act has a slightly different formulation regarding notifiable transactions, but the regulations under the statute will necessarily narrow the technologies subject to notification as well. Like the current Rule (Sections 850.401 – 850.403), the statute requires notification of an investment in notifiable technology within 30 days of completion of the transaction.

An innovative provision in the COINS Act directs the Treasury Department to establish procedures whereby guidance may be obtained as to the applicability of the statute.

An example

In this example, a US acquirer proposes to invest in a Qatari entity. That entity has a UK subsidiary that has formed a joint venture in Chile with a PRC company that is developing AI, which is either a prohibited or notifiable technology.

Under the Rule, if a US person were to enter into the joint venture with the PRC company, that would constitute a covered transaction. Moreover, a US person must prohibit or prevent its controlled foreign entity from entering into such a transaction. If the US acquirer receives more than 50% of the voting rights or board representation in the Qatari entity, the Qatari entity will be a controlled foreign entity. In that case, the fact that it is engaged in the joint venture through a UK subsidiary will be of no consequence. Just as a US person may not engage in a covered transaction indirectly, the same is true of a controlled foreign entity.

The current Rule speaks of entry into a joint venture with a person of a country of concern. In this example, the joint venture is already in existence at the time of the investment by the US person. Though technically this may be outside the Rule, the US acquirer is advised to consult on the matter with the Treasury Department.

The COINS Act lacks the concepts of “controlled foreign entity” and “indirect investment,” so it is not possible to fully analyze the example under the statute alone. However, it may be expected that these and numerous other concepts will be addressed under the regulations promulgated by the Treasury Department. It is fair to assume that once the regulations appear, the analysis under the statute will be similar.

Conclusion

The COINS Act effectively codifies the OISP regime. The basic structure of the regime, which prohibits investment in certain sensitive technologies and requires notification of certain other investment transactions in sensitive technologies, carries over to the statute. What will change are certain details and potentially the complexity of the current Rule, which Congress has directed the Treasury Department to simplify. The COINS Act has a seven-year sunset provision, perhaps reflecting a legislative aspiration for a friendlier, less contentious world in the future. In the meantime, outbound investments in enumerated, security-sensitive technology in the PRC — and soon several other jurisdictions of lesser consequence — will remain subject to notification and in some cases outright prohibition.

Endnotes

[1] Technically, Subtitle C referred to below is an amendment to the Defense Production Act of 1950, 50 U.S.C. §§4501 et seq., the same statute in which the legislation authorizing CFIUS review is parked.

[2] See executive order of August 9, 2023, “Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern,” 88 FR 5487, available at Federal Register: Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern.

[3] See US Department of the Treasury, Outbound Investment Security Program, at Outbound Investment Security Program | US Department of the Treasury.

[4] See https://home.treasury.gov/system/files/206/Outbound-Investment-Security-Program-FAQs.pdf.

[View source.]

Send Print Report

Latest Posts

• Codifying the Outbound Investment Security Program - The 2025 COINS Act’s impacts on prohibited and notifiable US outbound investments
• Australia’s Digital Economy On Notice: Regulators Propose Legislation Targeting Consumer Manipulation, Subscription Traps And Hidden Fees
• Australian Policyholder Highlights - 11th Edition
• Unconscionable conduct under the spotlight: what businesses need to know
• Getting on the front foot: Responding to a takeover approach See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
Herbert Smith Freehills Kramer

Written by:

Herbert Smith Freehills Kramer Contact + Follow Jonathan Cross + Follow Abbe Dienstag + Follow Joseph Falcone + Follow more less

What do you want from legal thought leadership?

Please take our short survey – your perspective helps to shape how firms create relevant, useful content that addresses your needs:

Take the survey now »

Published In:

Artificial Intelligence + Follow China + Follow Foreign Investment + Follow Innovative Technology + Follow International Emergency Economic Powers Act (IEEPA) + Follow National Security + Follow NDAA + Follow New Legislation + Follow Notification Requirements + Follow Reporting Requirements + Follow Rulemaking Process + Follow Semiconductors + Follow U.S. Treasury + Follow Administrative Agency + Follow Finance & Banking + Follow International Trade + Follow Science, Computers & Technology + Follow more less

Herbert Smith Freehills Kramer on:

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: Sign Up Log in ** By using the service, you signify your acceptance of JD Supra's Privacy Policy.* - hide - hide