View as web page
The COINS Act: Outbound Investment Security Re-Programmed

December 19, 2025

On Thursday, December 18, the President signed the National Defense Authorization Act (NDAA) for Fiscal Year 2026. The NDAA contains several new national security regulatory controls, including a new Title LXXXV entitled the Comprehensive Outbound Investment National Security Act of 2025 (COINS Act). The COINS Act codifies a screening system for outbound investments by U.S. persons in certain technology transactions with target entities that have connections to countries of concern, including but not limited to, the People’s Republic of China (PRC). For U.S. investors familiar with the current outbound investment rules at 31 C.F.R. Part 850 (the OISP), previously discussed here, the COINS Act is a continuation of U.S. efforts to prevent the exploitation of U.S. capital by countries of concern to undermine national security and foreign policy interests.

Ultimately, the incentive for investors to exercise caution and undertake diligence prior to engaging in certain technology transactions remains similar. However, the potential areas of concern will grow under the COINS Act, as it applies to more countries and more technologies.

COINS 101: What Changes Should Investors Expect?

Bottom line: How does the COINS Act compare to current outbound investment rules?

First, the COINS Act establishes statutory authority for an outbound investment screening program, suggesting a national priority shared by both the legislative and executive branches of government. As a statute—as opposed to the executive order used to promulgate the OISP—the COINS Act-created regime will be more permanent and durable, with Congressionally-appropriated permanent funding.

As noted above, key substantive changes include a broader set of covered countries and technologies. The current outbound investment rules are limited to investments in PRC-connected entities whereas the COINS Act applies to the PRC, Russia, Iran, North Korea, Cuba, and the Maduro regime in Venezuela (each a country of concern). In addition, the OISP addresses investments in artificial intelligence (AI), quantum information technology, and semiconductors. The COINS Act includes those three sectors as well, but adds two more: (1) high-performance computing/supercomputing and (2) hypersonic systems.

Importantly, the COINS Act also introduces new terminology, which we discuss in more detail below, such as “covered national security transaction,” “prohibited technology,” and “notifiable technology.” These terms will likely have the effect of capturing a wider array of companies connected to countries of concern than the prior equivalent terms in the OISP.

Because the COINS Act gives the Secretary of the Treasury (Secretary) significant flexibility in crafting the rules, he will also have the option to change smaller aspects of the OISP if he so chooses. However, the COINS Act does not create any mandate to require changes to, e.g., OISP penalties, the Secretary’s ability to compel divestment, voluntary self-disclosures, an entity’s responsibility to ensure their foreign subsidiaries do not engage in applicable transactions, the prohibition against a U.S. person from knowingly directing a foreign person to engage in an applicable transaction, or the knowledge standard applicable to a U.S. person’s investment activities.

The complete set of differences can be analyzed once the Secretary issues the regulations required under the COINS Act. Those new regulations must be published no later than 450 days after enactment of the NDAA—i.e., early in 2027, if the Secretary takes all the allocated time.

The current outbound investment rules prohibit certain transactions and permit others so long as Treasury is notified. Does the COINS Act do the same?

The COINS Act does not on its face prohibit any transaction, instead empowering the Secretary to designate certain transactions as prohibited if they are related to a defined set of “prohibited technologies.” Under the COINS Act, “[t]he Secretary may prohibit, in accordance with regulations … a United States person, including its controlled foreign entities, from knowingly engaging in a covered national security transaction in any prohibited technology.”

Unless the Secretary acts to prohibit transactions in specific technical areas, the default for COINS Act covered national security transactions will be a notification requirement. The COINS Act states that “the Secretary shall issue regulations … to require” a U.S. person to notify the Secretary within 30 days of completion of an applicable transaction “unless the Secretary has exercised the authority” to issue regulations “to prohibit” the transaction.

In other words, a transaction under the COINS Act will require notification unless the Secretary prohibits it (which the Secretary is not required to do). As a result, it remains possible some transactions once prohibited under the OISP may only require notification under the COINS Act. With that said, the references in the statute to the concepts of “prohibited technology” and “notifiable technology” suggest that Congress may have prohibitions in certain areas in mind.

What transactions does the COINS Act apply to?

Whether a transaction will be prohibited or will require notification, the COINS Act applies to U.S. persons knowingly engaging in “a covered national security transaction” in a “prohibited technology” or “a notifiable technology.” These are new terms not found in the OISP. That said, they share many similarities with the OISP’s “covered transaction,” “prohibited transaction,” and “notifiable transaction.” Both the COINS Act and the OISP use “covered foreign person” when addressing regulated transactions, but there are differences.

What is a “covered national security transaction”?

A “covered national security transaction” overlaps with much of the OISP’s guidance as to what constitutes a “covered transaction” under those earlier rules, but there are certain key changes.

First, some quick similarities. The COINS Act still covers transactions by any U.S. person, including citizens, lawful permanent residents, legal entities (including their foreign branches) organized under U.S. law, and any person, regardless of nationality, “in the United States.” It also still requires that that U.S. person must engage in investment activities. Such activities largely align with the OISP, with examples including:

  • purchasing equity or contingent equity in a covered foreign person;
  • loans or debt arrangements to a covered foreign person providing the U.S. person financial or governance rights;
  • forming a joint venture with a person of a country of concern;
  • converting a contingent equity interest in a covered foreign person;
  • acquiring, leasing, or developing operations in a country of concern that will result in establishing a covered foreign person or engaging a person in a country of concern in a prohibited technology or notifiable technology; or
  • acquiring a limited partnership or equivalent interest in a fund that is not a U.S. person and will likely invest in a person of a country of concern.

There are also important differences. Under the COINS Act, as noted above, the investment must involve a “covered foreign person,” meaning a person with connections to one of the six countries of concern. More specifically, this means an entity that:
          a. is incorporated in, has a principal place of business in, or is organized under the laws of a country of concern;
          b. is a member of the Central Committee of the Chinese Communist Party or the political leadership of a country of concern;
          c. is subject to the direction or control of an entity described in a. or b. or a country of concern or its government (including any instrumentality); or
          d. is 50 percent or more owned in the aggregate by an entity described in a. or b. or a country of concern or its government (including any instrumentality).

This definition of covered foreign person differs in important ways from the existing rules under the OISP. First, and most obviously, more countries are now covered. Second, the COINS Act defines all investment counterparties who meet these criteria as covered foreign persons. Under the OISP, these persons might have been “persons of a country of concern,” a term it also defines separately, but only if they engaged in very specific technological activities would they be considered covered foreign persons. The COINS Act definition is therefore broader. Third, the aforementioned COINS Act definition of covered foreign person includes an entity “subject to the direction or control” of, e.g., a PRC or Russian entity. The definition does not establish a minimum voting or equity interest or require a minimum attributable financial metric for control or direction to exist as the OISP does. As a result, depending on how and whether the Secretary’s regulations define control and direction, the COINS Act appears to allow for the possibility that a minority foreign owner could cause a company to be a “covered foreign person.” For example, a PRC entity that has a 10 percent interest in a U.S.-based Delaware corporation might make that Delaware corporation a “covered foreign person” if the PRC shareholder has the ability to appoint a board member with certain veto rights. U.S. investors therefore may have to engage in more careful diligence with a U.S.-based company in the covered technology sectors to confirm it does not raise “covered foreign person” issues.

Finally, another key difference: under the COINS Act, the transaction must be “in” a “prohibited technology” or “notifiable technology.” The COINS Act does not make it clear how to determine whether a transaction involving an investment into a given company might be deemed to be “in” a technology, leaving that to be established by regulation. For example, the Secretary might determine that that includes technologies a company develops, or perhaps also technologies a company might just procure and use. In addition, while the OISP set forth detailed lists of covered activities within the AI, semiconductor, and quantum information technology sectors, the COINS Act merely lists the aforementioned five sectors and leaves the details for the forthcoming regulations. As a result, the lists of “prohibited technology” and “notifiable technology” may ultimately draw extensively from the set of “prohibited transactions” and “notifiable transactions” under the OISP, or could be expanded. The definition of “notifiable technology,” in particular, suggests that any technology in the covered five sectors that doesn’t meet the threshold for prohibition should be considered notifiable. If the regulations are ultimately drafted in that manner, it would create a substantial expansion of the notification requirement with respect to, e.g., investment in small AI startups in the PRC.

Earlier drafts of the COINS Act listed additional covered AI and semiconductor technologies, as well as the new supercomputer and hypersonic technologies; those may provide a hint as to how the Secretary will implement the new law.

Are there any exceptions to investment activities that otherwise would be a covered national security transaction?

The COINS Act carves out certain transactions from the “covered national security transaction” definition. Some are entirely new, while others mirror the OISP exceptions or have slight differences. Some OISP exceptions have also been removed.

The COINS Act excepts from a “covered national security transaction” those transactions of a de minimis value. This exception is not in the OISP, and the act does not provide the threshold for what is de minimis, leaving the definition to the Secretary. The COINS Act further provides that the Secretary may except any category of transactions the Secretary determines is in the U.S.’s national interest. In addition to sharing the OISP exception for investments in securities issued by investment companies registered with the Securities and Exchange Commission (SEC), the COINS Act authorizes the Secretary to except investments in a non-U.S. investment company regulated by an SEC-comparable authority. Further, the COINS Act retains the OISP exception for specified transactions between a U.S. person and its foreign controlled entities, but adds intracompany funds transfers, the definition of which is subject to the Secretary’s regulations.

The COINS Act changes the OISP exception for limited partner investments in certain funds by substituting a de minimis amount (to be determined by the Secretary) for the $2 million amount in the OISP. Moreover, ordinary and administrative business transactions can be excepted by regulations issued by the Secretary.

For financial institutions in particular, the COINS Act excepts ancillary transactions such as processing payments, underwriting, credit rating, and other financial services. These changes may help smooth the path for some transactions, such as underwriting IPOs, that currently face difficulties under the OISP. Finally, for investors, a new exception is established for transactions “secondary to a ‘covered national security transaction.’” Such transactions may include financial services that would also be excepted for a financial institution as ancillary, but also contracts, e.g., for the procurement of raw materials for any “covered national security transaction.”

As for the overlapping exceptions in the COINS Act and the OISP, certain investments in securities traded over-the-counter and securities in investment companies, as well as acquisitions of the totality of the interest held by a “covered foreign person,” specified intracompany transfers, and certain derivative securities remain excepted.

Notable exceptions in the OISP, but not in the COINS Act, include those for syndicated loans, equity-based compensation, and transactions involving (presumably allied) foreign countries that have independently taken measures to safeguard the national security concerns related to the outbound investment at issue. The disappearance of the equity-based compensation exception may be particularly troubling for venture-backed companies in covered technology sectors with at least some connection to countries of concern, and for their U.S. employees. Such companies often rely on options and other similar structures as part of compensating those employees. This is not to say that the Secretary could not re-add these exceptions in COINS Act regulations; however, the COINS Act does not require them.

The OISP does not have a way to know if a transaction is prohibited or not in advance; does the COINS Act?

Although the OISP provides a process for U.S. persons to seek an exemption from the prohibited and notifiable transaction rules if they can demonstrate the transaction is in the U.S. national interest, it does not have a mechanism for investors to have a transaction reviewed before engaging in it.

The COINS Act authorizes a mechanism for nonbinding feedback prior to a transaction, but such a mechanism will depend on regulations to be issued by the Secretary. The requestor will be able to receive feedback on a confidential basis or as anonymized guidance to the public. The COINS Act also explicitly authorizes the Secretary to prescribe limitations on “frivolous” feedback requests. The definition of what constitutes a “frivolous” request might be included in the regulations.

When is the COINS Act effective?

U.S. investors may not have obligations under the COINS Act until the Secretary issues the required regulations. As noted above, the Secretary has 450 days from enactment of the COINS Act to issue regulations regarding an investor’s obligation to notify the Secretary of “a covered national security transaction,” to be followed by time for public notice and comment. As a result, it may not be until 2027 before the COINS Act is fully implemented.

Takeaways for Investors

Companies and investors can be certain that the new regulations implementing the COINS Act will cover more countries and technologies than the current rules. Spending time now—e.g., to ensure diligence processes, policies, compliance programs, mitigation strategies, and training help identify relationships and opportunities that might involve a country of concern or one of the five covered technology sectors—may help avoid problems once the regulations are final. No matter the nature of the change to the existing OISP, the need for robust diligence when investing in AI, semiconductors, quantum information technology, supercomputing, and hypersonics will not.

For more information or any questions on the potential impact of the COINS Act, please contact any member of the firm's National Security and Trade practice.

 

 

This communication is provided as a service to our clients and friends for general informational purposes. It should not be construed or relied on as legal advice or a legal opinion, and does not create an attorney-client relationship. This communication may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.

To update your preferences for the kinds of materials you'd like to receive from us, please click here to visit the Wilson Sonsini Subscription Center. You also can quickly unsubscribe from all Wilson Sonsini mailings by clicking here.

Wilson Sonsini Goodrich & Rosati
650 Page Mill Road
Palo Alto, California 94304