Photo of Mark Plotkin

Mark Plotkin

Mark Plotkin is recognized as one of the nation's preeminent regulatory advocates, guiding global clients across industries through complex strategic reviews before the Committee on Foreign Investment in the United States (CFIUS). He has negotiated groundbreaking compliance and security arrangements that now serve as industry standards, and has advised on transactions with an estimated value of more than $500 billion.

Clients and peers describe him as "dean of the CFIUS Bar" with an "unmatched history, experience and network" (Chambers USA). Chambers Global calls him "one of the top national security attorneys in the USA" with "extensive experience advising industry-leading names before the CFIUS panel." Mark has been ranked by Chambers in Band 1 for CFIUS Experts since the category’s inception. The American Lawyer has twice honored Mark as "Dealmaker of the Year" for landmark achievements: securing CFIUS clearance for GlobalFoundries' acquisition of IBM's semiconductor unit (2016) and defending Qualcomm from Broadcom's attempted hostile takeover (2019).

Mark's practice also includes matters before the Defense Counterintelligence & Security Agency (DCSA) requiring mitigation of foreign ownership, control or influence (FOCI), strategic telecommunications matters before Team Telecom, and matters involving emerging areas of national security-related regulations, including outbound investment screening.

Mark’s earlier work helped shape today's financial landscape, securing regulatory approvals that enabled NCNB/NationsBank's and Bank One's evolution into Bank of America and J.P. Morgan Chase, respectively. Mark also advised such pioneering financial technology ventures as Mondex, BillPoint, AT&T Universal Card, and PayPal — efforts for which the National Law Journal deemed him a "regulatory and compliance trailblazer.”

Mark earned his B.A. in history summa cum laude and with departmental honors from Yale College, where he was elected to Phi Beta Kappa. He received his law degree with honors from Harvard Law School. 

A member of the American Law Institute and the Council on Foreign Relations, Mark has testified before Congress, the U.S.-China Economic and Security Review Commission, and the Uniform Law Commission. He served as co-editor of Regulation of Foreign Banks & Affiliates in the United States (Sixth Edition) and editor-in-chief of E-Commerce Law & Business. He previously taught American government at Harvard College and currently is an adjunct professor of law at Georgetown University Law Center.

From 2007 to 2011, Mark advised the Kingdom of Bhutan on its historic transition to a constitutional monarchy, working with His Majesty the King, the Royal Court of Justice, and the Royal Education Council. His commitment to pro bono service includes representation of indigent persons and nonprofit organizations, earning him recognition as the Charles F.C. Ruff Pro Bono Lawyer of the Year in 2016.

Introduction

On December 27, 2024, the U.S. Department of Justice (“DOJ”) issued the Final Rule implementing President Biden’s February 28, 2024 Executive Order on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “EO”). The Final Rule solidifies a new national security regulatory regime focused on protecting bulk U.S. sensitive personal data and government-related data from countries of concern, including the People’s Republic of China (“PRC” or “China”), and represents the latest step in the U.S. government’s whole-of-government effort to “de-risk” with respect to China. The Final Rule marks the first time that U.S. persons will be categorically prohibited from engaging in certain transactions that may result in foreign access to bulk U.S. sensitive personal data and government-related data. It also provides that certain other transactions will be “restricted,” meaning they are prohibited unless the U.S. business first implements a range of security requirements, which in some cases will be onerous or costly. The Final Rule accordingly could have wide-ranging implications for U.S. companies across various industries. The Final Rule takes effect 90 days after publication in the Federal Register, which is set for January 8, 2025, although certain compliance requirements will not take effect until 270 days following publication.

In parallel with the release of the Final Rule, on January 3, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”), which is part of the U.S. Department of Homeland Security (“DHS”), released the final security requirements (the “Security Requirements”). The Security Requirements set forth the measures that U.S. persons must satisfy in order to engage in restricted transactions, and are incorporated by reference into the Final Rule.

Importantly, as we discussed in our analysis of the Advance Notice of Proposed Rulemaking (“ANPRM”) and our analysis of the Notice of Proposed Rulemaking (“NPRM”), the Final Rule is a national security regulation designed to address identified risks to U.S. national security—not a privacy regulation designed to protect privacy or other individual interests. Consequently, while the Final Rule regulates transactions involving personal data, many of the concepts and definitions diverge materially from those in existing privacy regimes. The Final Rule stems from the U.S. government’s increasing unwillingness to tolerate foreign adversary access to U.S. personal data. As DOJ explained in the preamble to the Final Rule, “[t]his rule will prevent . . . foreign adversaries from legally obtaining [bulk U.S. sensitive personal data or government-related data] through commercial transactions with U.S. persons, thereby stemming data flows and directly addressing the national security risks identified in the [EO].” DOJ cited examples such as (1) the ability of journalists to track the movements of U.S. President Joe Biden, U.S. Vice President Kamala Harris, and now President-Elect Donald Trump through their bodyguards’ use of a fitness app; and (2) the ability to track U.S. government personnel movement through the purchase of location information and digital advertising data—that demonstrate the U.S. national security risks associated with foreign adversary access to commercially available data. Finally, DOJ made a particular point of explaining that certain data that is anonymized or depersonalized presents U.S. national security risks, especially with respect to the ability of adversaries to use “bulk human genomic data[] to enhance military capabilities that include facilitating the development of bioweapons.”Continue Reading Department of Justice Issues Final Rule to Implement Bulk U.S. Sensitive Personal Data and Government-Related Data Executive Order

May 23, 2023, Covington Alert

The U.S. Department of the Treasury (“Treasury”), in its capacity as chair of the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”), recently posted two new frequently asked questions (“FAQs”) to CFIUS’s website that have important implications for parties planning transactions subject to the Committee’s jurisdiction.

First, CFIUS confirmed its recent practice of requiring detailed information on all direct or indirect foreign ownership involved in a transaction, including disclosure of all limited partners (or “LPs”) of an investment fund, without regard to any pre-existing agreements between the fund sponsor and investor regarding disclosure.

Second, CFIUS offered guidance regarding the meaning of “completion date” for purposes of when a mandatory filing must be submitted for a multi-stage transaction. The guidance could have broad implications, especially for some venture financing transactions, as it introduces uncertainty regarding the ability of investors to use a staged transaction to acquire an initial, passive equity interest prior to submitting a mandatory CFIUS filing with respect to a subsequent acquisition of control or certain non-passive rights. The new guidance seems at odds with language that appears in the preamble to the regulations implementing the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”), and the practice of transaction parties for the last several years. CFIUS did not provide any explanation for this change, which raises questions as to why the Committee has issued the guidance now.

Each of these developments is discussed in more detail below.

1. CFIUS may require detailed information regarding all foreign persons involved directly or indirectly in a transaction, including limited partners in an investment fund.

Treasury published the following FAQ on May 11:

Does CFIUS require information on all foreign persons, such as limited partners in an investment fund, that would hold an interest in a U.S. business, whether directly or indirectly, as part of the transaction?Continue Reading CFIUS Issues Guidance On Disclosure of Information About Limited Partner Investors and Application of Mandatory Filing Rules to Multi-stage Transactions

On the heels of Russia’s invasion of Ukraine, pandemic-induced supply chain disruptions, and U.S.-China tensions over Taiwan, 2022 accelerated a sweeping effort within the U.S. government to make national security considerations—especially with respect to China—a key feature of new and existing regulatory processes. This trend toward broader national security regulation, designed to help maintain U.S. strategic advantage, has support from both Republicans and Democrats, including from the Biden Administration. National Security Advisor Jake Sullivan’s remarks in September 2022 capture the tone shift in Washington: “…[W]e have to revisit the longstanding premise of maintaining ‘relative’ advantages over competitors in certain key technologies…That is not the strategic environment we are in today…[w]e must maintain as large of a lead as possible.”

This environment produced important legislative and regulatory developments in 2022, including the CHIPS and Science Act (Covington alert), first-ever Enforcement and Penalty Guidelines promulgated by the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) (Covington alert), President Biden’s Executive Order on CFIUS (Covington alert), new restrictions under U.S. export control authorities targeting China (Covington alert), and proposals for a new regime to review outbound investments by U.S. businesses (Covington alert). The common thread among these developments is the U.S. government’s continuing appetite to use both existing and new regulatory authorities to address identified national security risks, especially where perceived risks relate to China.

With a Republican majority in the U.S. House of Representatives riding the tailwinds of this bipartisan consensus, 2023 is looking like a pivotal moment for national security regulation—expanding beyond the use of traditional authorities such as trade controls and CFIUS, into additional regulatory domains touching upon data, communications, antitrust, and possibly more. In parallel, the U.S. focus on national security continues to gain purchase abroad, with foreign direct investment (“FDI”) regimes maturing in tandem with CFIUS, and outbound investment screening gaining traction, for example, in the European Union (“EU”). It is crucial for businesses to be aware of these developments and to approach U.S. regulatory processes with a sensitivity towards the shifting national security undercurrents described in greater detail below.Continue Reading Will 2023 Be an Inflection Point in National Security Regulation?

As interest rates rise and the threat of a recession looms, many employers are beginning to struggle with balancing the cost of maintaining their workforce with an expected decrease in profits. The frequent result of such a balancing act is a mass layoff. While a reduction in workforce may be

Continue Reading Avoiding Layoffs In an Uncertain Economy

There have been several recent developments in international efforts to combat trade in goods made with forced labor, with important implications for responsible sourcing and global trade compliance programs.

On September 14, 2022, the European Commission (“Commission”) published a proposal to ban products made with forced labor from the EU market. The proposal notably goes beyond banning the importation of such products and would also create a ban on the export of products produced with forced labor and require their withdrawal from the EU market.

Meanwhile, enforcement by U.S. Customs and Border Protection (“CBP”) of the U.S. forced labor import prohibition has continued to intensify, including under the Uyghur Forced Labor Prevention Act (“UFLPA”). In early August 2022, CBP clarified the process for updating the UFLPA Entity List. In addition, CBP recently announced that it intends to integrate forced labor compliance requirements into the Customs Trade Partnership Against Terrorism (“CTPAT”) “trusted trader” program.

We discuss these developments and their implications below.

EU Forced Labor Product Ban

The European Commission has proposed a Regulation prohibiting products made with forced labor from being imported to, exported from, or sold in the EU, following an announcement by Commission President Ursula von der Leyen during her State of the Union address in September 2021.

The Commission’s proposal is the first step in the EU’s formal legislative process. The Regulation will now have to be agreed by the European Parliament and Council to become law, following which there will be an agreed delay—the Commission has proposed two years—before it applies in EU Member States. As it usually takes at least 12 months, and often closer to 18 months, for the European Parliament and Council to agree on a legislative text after a proposal by the Commission is published, it is unlikely that the Regulation will be adopted before the end of 2023, and it is therefore unlikely to become applicable earlier than late 2025.Continue Reading Breaking Developments in Forced Labor Trade Enforcement—the EU’s Proposed Forced Labor Product Ban and Recent Developments in U.S. Customs Enforcement

On July 14, the U.S. Court of Appeals for the District of Columbia Circuit decided Ralls Corporation v. Committee on Foreign Investment in the United States — the first ruling by a federal circuit court on a CFIUS case.  Ralls, a U.S. company owned by two Chinese nationals, sued CFIUS

Continue Reading DC Circuit Calls for More Transparency in CFIUS Process