New outbound investment legislation in the 2026 National Defense Authorization Act signed by President Trump

The COINS Act follows the U.S. Department of the Treasury (Treasury)’s implementation of the Outbound Investment Security Program (OISP) pursuant to Executive Order 14105 and the issuance of implementing regulations -- the Provisions Pertaining to U.S. Investments in Certain National Security Technologies and Products in Countries of Concern -- at 31 C.F.R. Part 850, on 28 October 2024. As described in more detail in our 1 November 2024 publication, the OISP prohibits or requires notification when U.S. persons are involved in certain transactions with persons with a certain nexus to China, Hong Kong, or Macau that are engaged in certain activities in the semiconductors and microelectronics, quantum information technologies, or artificial intelligence sectors. The OISP has been in effect since 2 January 2025.

The COINS Act, like the OISP, is aimed at addressing the national security threat to the United States that China poses through its exploitation of U.S. outbound investments used to develop sensitive technologies and products critical for Chinese military, intelligence, surveillance, and cyber-enabled capabilities. The COINS Act largely codifies the existing framework of the OISP, but also expands the framework to include additional countries of concern and technology sectors and gives considerable latitude to Treasury to determine specific details of investment restrictions. At the same time, and possibly in response to stakeholders’ comments on the breadth and reach of the OISP, the COINS Act introduces changes that (i) would narrow or expand certain aspects of the OISP, including the scope of entities subject to its investment restrictions; (ii) provide for a new advisory opinion process; and (iii) add new exceptions that would, notably, make it easier for global banks to provide underwriting services to otherwise covered national security transactions.

Frequently asked questions (FAQs) issued by Treasury on 23 December 2025 make clear that parties should continue to act in full compliance with the OISP, which remains in full effect until Treasury issues regulations pursuant to the COINS Act.

In a nutshell: What does the COINS Act do?

The COINS Act amends the DPA to require notification of and to provide the Secretary with the authority to prohibit certain U.S. person transactions that directly or indirectly involve transactions with entities in countries of concern involved in the following sectors:

1. Semiconductor technology and microelectronics;
2. Artificial intelligence systems;
3. Quantum information technologies;
4. High-performance computing and supercomputing; and
5. Hypersonic systems

The COINS Act additionally gives Treasury the authority to determine the technical parameters of the technologies in the sectors above subject to certain restrictions, or to add and define categories within those sectors that enable the military, intelligence, surveillance, or cyber-enabled capabilities of a country of concern.

The COINS Act defines “countries of concern” as China (including the Hong Kong and Macau SARs), Cuba, Iran, North Korea, Russia, and Venezuela. Entities with which certain transactions are prohibited or notifiable are referred to as “covered foreign persons,” a term defined as foreign persons that (a) are incorporated in, have a principal place of business in, or are organized under the laws of a “country of concern”; (b) are members of the Central Committee of the Chinese Communist Party or members of the political leadership of a country of concern; (c) are subject to “the direction or control” of an entity described in (a) or (b) or the state or government of a country of concern; or (d) are owned in the aggregate, directly or indirectly, 50 percent or more by an entity described in (a) or (b) or the state or government of a country of concern.

What are the key changes between the COINS Act and the OISP?

Overall, the COINS Act largely codifies the existing framework of investment restrictions put in place by the OISP, while giving Treasury the authority to adjust the restrictions as national security needs change. Key changes include:

• Secretary to decide technical parameters for prohibited or notifiable technologies: Unlike the OISP, the COINS Act does not prescribe specific technical parameters of the technologies subject to restrictions (such as AI models crossing certain computational thresholds or designed for certain military, intelligence, or mass surveillance end-uses), giving Treasury the ability to make specific determinations about technical parameters through regulation.
• Authority to impose investment prohibitions: The COINS Act gives Treasury the authority to prohibit U.S. persons from engaging in “covered national security transactions” (the term used under the COINS Act) involving certain technologies, but would not require Treasury to exercise such authority. If Treasury does not prohibit U.S. persons from engaging in covered national security transactions, then “covered national security transactions” involving such technologies would be notifiable.

The COINS Act also expands the scope of restrictions relative to the OISP by:

• Adding more countries as “countries of concern”: While only China (including Hong Kong and Macau) is a “country of concern” under the OISP, the COINS Act expands this definition to include Cuba, Iran, North Korea, Russia, and Venezuela. However, the effect of this change is likely limited given that many entities in the newly added countries are already subject to comprehensive or broad U.S. sanctions.
• Adding “hypersonic systems” as a prohibited or notifiable technology: Hypersonic systems have clear military applications (particularly in manufacturing missiles), although entities engaged in their development are far fewer than those involved in semiconductors or AI. Although the COINS Act identifies “high-performing computing and supercomputing” as a separate sector, the OISP already includes certain activities related to supercomputers. In addition, Treasury is required to submit a report to Congress at least 18 months after the passage of the COINS Act, and annually thereafter, to identify new technologies that pose an acute threat to U.S. national security if acquired by a country of concern.

The COINS Act appears to respond to stakeholders’ comments about the lack of clarity in some of the OISP’s provisions by introducing several clarifications:

• De minimis transactions: The COINS Act requires Treasury to determine a de minimis value under which the covered national security transaction is exempt from notification or prohibition. Treasury had explicitly declined to set a de minimis value for covered transactions under the OISP, although the OISP contains a limited partner fund exception for investments below $2 million.
• Secondary transactions: The COINS Act excepts certain secondary transactions (e.g., bank lending; processing, clearing, or sending of payments by a bank; debt rating services; prime brokerage). Notably, the COINS Act explicitly exempts the temporary acquisition of an equity interest (e.g., shares) for the sole purpose of facilitating underwriting services. Treasury explicitly declined to exempt the acquisition of shares as part of underwriting services in the OISP. This change removes a major impediment to global banks’ participation as underwriters in otherwise covered national security transactions.
• Additional exceptions: The COINS Act excepts ancillary transactions undertaken by financial institutions (as defined in 31 U.S.C. § 5312). Ancillary transactions include processing, settling, clearing, or sending of payments and cash transactions, credit rating services, and other services ordinarily incident to and part of the provision of financial services, such as opening deposit accounts, direct custody services, foreign exchange services, remittances services, and safe deposit services. Treasury did not enumerate those exceptions in the OISP as it believed that they did not fall under the scope of covered transactions. In addition, the COINS Act excepts “any ordinary or administrative business transaction,” a term that Treasury will define in the implementing regulations.
• Changes to scope of covered foreign persons: The COINS Act appears to both narrow and expand the definition of “covered foreign person” as compared to the OISP. The COINS Act adjusts the scope of “covered foreign person” in several key ways:
  • Narrows:
    • The OISP includes as “covered foreign persons” entities organized anywhere in the world that hold certain rights or interests in entities with a certain nexus to China, Hong Kong, or Macau and that derive or incur key financial metrics from such entities. The COINS Act does not include a similar category in the definition of “covered foreign persons,” likely narrowing the amount of diligence U.S. investors must undertake for transactions in which neither the target of the U.S. person’s investment nor the target’s controlled foreign entities are in a country of concern.
    • The COINS Act appears to exclude individuals (as opposed to entities) of a country of concern from the definition of covered foreign person, unless the individual is a member of the Central Committee of the Chinese Communist Party or a member of the political leadership of a country of concern. This revision suggests that, for example, a company based in Malaysia that is wholly owned by a Chinese national (who is not a Central Committee member or a member of the Chinese political leadership) and engaged in semiconductor development would not be a covered foreign person under the COINS Act, while this company would be a covered foreign person under the OISP.
  • Expands:
    • The OISP includes within its definition of “person of a country of concern” an entity in which a “person of a country of concern” holds a 50% or greater equity interest, voting interest, or voting power of the board. The COINS Act retains a 50% ownership threshold, but also expands the definition of “covered foreign person” by capturing foreign persons “subject to the direction or control of” “covered foreign persons.” There is no definition of “control” in the COINS Act. If, like the Committee on Foreign Investment in the United States, Treasury broadly defines and interprets “control” , such an approach could greatly expand the number of entities that qualify as “covered foreign persons” (e.g., certain minority-Chinese-owned entities anywhere in the world).

The COINS Act introduces certain measures that, relative to the OISP, would permit or require Treasury to increase transparency in the administration of the regime:

• Database of covered foreign persons: The COINS Act authorizes Treasury to establish a non-exhaustive database of covered foreign persons engaged in a prohibited or notifiable technology. The COINS Act also authorizes Treasury to create a mechanism for entities in the database to petition for their removal (or for third parties to petition for adding entities to the database). Treasury had declined to create a database for OISP covered foreign persons under the OISP.
• Non-binding feedback: The COINS Act requires Treasury to issue regulations to implement a system for persons to request non-binding, confidential feedback on whether a transaction is a “covered national security transaction” in a prohibited technology. Depending on how Treasury implements this system, it could assuage the frustrations felt by some companies trying to navigate the OISP.

Client Implications

The COINS Act was signed into law by President Trump on December 18, 2025. Treasury has 450 days from the date of enactment to promulgate regulations, subject to public notice and comment, implementing the updated outbound investment program. While largely affirming the existing OISP’s framework, the COINS Act could narrow or expand the coverage of the OISP in certain ways. As made clear in Treasury’s 23 December 2025 FAQs, the OISP will remain in effect until Treasury issues new regulations, subject to public notice and comment, to implement the COINS Act.

Authored by Anne Salladin, Brian Curran, Zachary Alvarez, Patrick Miller and Mark Ye.