The U.S. government continues to take action in an effort to slow the spread of the COVID-19 virus.  In so doing, the government has provided insight into those industries and operations deemed to be essential to U.S. national security.  Lessons learned from these actions will almost certainly help inform U.S. policymakers and regulators when the current crisis has eased, particularly with respect to reviewing foreign investment in the United States.  (Such investment, when it could implicate U.S. national security, is subject to review and approval by the Committee on Foreign Investment in the United States.)

DHS Outlines Essential Businesses for Quarantine Purposes

On March 19, the Department of Homeland Security (DHS) issued guidance to identify those industries and businesses considered to be “essential” for U.S. continued operational purposes.  That Guidance on the Essential Critical Infrastructure Workforce was published by the Cybersecurity and Infrastructure Security Agency (CISA), which forms part of DHS.  The guidance is available here.

The CISA guidance outlines those “sectors and identified essential critical infrastructure workers” with a “special responsibility” to maintain operations.  Those sectors are as follows:

  • Chemical
  • Commercial Facilities
  • Communications
  • Critical Infrastructure
  • Defense Industrial Base
  • Emergency Services
  • Energy
  • Financial
  • Food and Agriculture
  • Government Facilities
  • Healthcare and Public Health
  • Information Technology
  • Nuclear Reactors, Materials, and Waste
  • Transportation Services
  • Water

The guidance also includes detail about these and other related areas of critical infrastructure.

It is beyond the scope of this article to detail what is covered by each of these categories.  Moreover, the CISA guidance is “advisory in nature” and “is not … a federal directive or standard in and of itself.”

Nonetheless, U.S. states are relying on the guidance in crafting their own rules related to what businesses may continue, and which must be closed.  For example, California Executive Order No. N-33-20 provides that all residents of California are required to remain at home except “as needed to maintain continuity of operations in the federal critical infrastructure sectors, as outlined in [the CISA guidance].”

The approach in Illinois, which is also in lockdown mode akin to California, is similar.  On March 20, Governor J.B. Pritzker issued Executive Order 2020-10 to announce the ban on non-essential businesses.  That Order delineates what constitute “Essential Businesses and Operations” but also states that the “definition of Essential Businesses and Operations in this Order is meant to encompass the workers identified in [the CISA guidance].”

In New York, Governor Andrew Cuomo has also ordered all non-essential businesses to halt operations.  The state issued guidance outlining what constitutes an essential business.  While that guidance does not explicitly reference the CISA guidance, it tracks it closely.

Suppliers to Essential Businesses Also Appear to Be Covered – In Most Cases

There is some question about the extent to which a supplier to an essential business would itself be considered an essential business.  The CISA guidance does not say specifically one way or the other.

However, the CISA guidance does state that, with respect to information technology businesses, an essential service would include the “[s]upport required for continuity of services, including janitorial / cleaning personnel.”  There is no other reference to such services elsewhere in the CISA guidance, but it seems odd that such services would only be permitted in the context of an IT business; i.e., cleaning services would seem to be at least as important in the context of a hospital.

At the same time, in a memo issued on March 20, 2020, the Department of Defense (DoD) addressed those businesses that constitute the Defense Industrial Base Essential Critical Infrastructure Workforce.  (Attached to the memo was a copy of the CISA guidance.)  The DoD memo provides that tasks “such as providing office supplies, recreational support, or lawn care … are not considered part of the Essential Critical Infrastructure Workforce.”  This suggests that not all suppliers to essential businesses are themselves considered essential businesses.

CISA Guidance Will Likely Evolve, Crystallize into Standard

Rules and regulations as to essential business – and interpretations of those rules/regulations – will almost certainly evolve over the coming weeks.  As of the morning of March 24, most states have not banned the operations of non-essential businesses.  That seems likely to change.  In addition, some municipalities have introduced stricter measures than required by their state government.

As the crisis continues, the CISA guidance may be supplemented.  But however the CISA position evolves, it presumably will continue to be pre-eminent.  To date, it appears that no state or locality has adopted a definition of essential business that is more restrictive than that outlined in the CISA guidance.

Taking a longer view, the CISA guidance is likely to become the foundation of what we consider to be the country’s national security infrastructure.  This will likely be reflected in various government policies, including reviews of transactions involving such businesses and industries, particularly in the case of foreign acquisitions or investments.  Put simply, any business deemed to form the backbone of the current U.S. response to COVID-19 will likely be seen as an important national security asset going forward.

If you have any questions about the definition of non-essential business in the context of the COVID-19 pandemic, please contact the author of this post.