FIRB Approval for Foreign Tech Acquisitions in Australia

Triggering Mandatory FIRB Notification

A technology acquisition triggers mandatory FIRB notification if it involves a "national security business" or exceeds specific monetary thresholds. Foreign investors cannot legally close the deal until the Australian Treasurer grants a no-objection notification.

Under the Foreign Acquisitions and Takeovers Act 1975, standard business acquisitions usually require approval if the deal value exceeds 330 million AUD (or 1.42 billion AUD for certain free trade agreement partners). National security businesses have a zero-dollar threshold. Acquiring a stake of 10 percent or more requires approval regardless of deal size.

A technology company qualifies as a national security business if it:

• Owns or operates critical infrastructure assets.
• Develops or supplies critical technologies used in defense or intelligence.
• Maintains databases containing sensitive personal information of Australian citizens.
• Provides software or IT services to Australian government agencies.

FIRB Approval Checklist

Filing an application through the Australian Taxation Office portal requires specific corporate documents and ultimate beneficial owner identification. Accurate initial filings prevent statutory clock pauses and review delays.

• Pre-filing assessment: Map your corporate structure to identify all foreign government investors up the chain. Assess the target company against the zero-dollar national security threshold.
• Commercial rationale: Explain the transaction. Detail post-acquisition business plans, expected job creation, and economic benefits to Australia.
• Identity and governance documents: Collect ultimate beneficial ownership charts, audited financial statements, and details of the acquiring entity's board of directors.
• Fee submission: Lodge the application via the online portal and pay the mandatory filing fee in Australian Dollars. Applications wait until this fee clears.
• Requests for information: Monitor communication channels daily. FIRB consultation agencies often request technical details about the target's data storage protocols and cybersecurity measures.

Timelines and Review Delays

The statutory timeline for a FIRB decision is 30 days. The government then has 10 days to notify the applicant. National security reviews in the technology sector usually result in extensions, pushing the final decision to three to six months.

The FIRB review process operates on a statutory clock. If reviewing agencies like the Department of Defence or national intelligence bodies need more information to assess cybersecurity risks, FIRB issues a Request for Information (RFI). When this happens, FIRB often asks the applicant to voluntarily extend the decision deadline. Refusing the extension usually results in the Treasurer rejecting the application to prevent default approval.

Acquirers must anticipate security concerns to minimize delays. Submitting data localization plans and cybersecurity audit results in the initial application reduces complex RFIs and keeps the statutory clock moving.

Alternative Investment Structures

Investors can structure deals below mandatory ownership thresholds or use passive investment vehicles to bypass lengthy FIRB approvals. These strategies allow foreign entities to enter the Australian tech market quickly, provided they comply with anti-avoidance regulations.

• Sub-threshold minority stakes: Acquiring less than 10 percent of a national security business, or less than 20 percent of a standard business, usually falls outside mandatory notification rules. The investor cannot gain control or influence over the board.
• Convertible notes and SAFEs: Investing via Simple Agreements for Future Equity (SAFE) or convertible notes defers FIRB triggers. The notification requirement crystallizes only upon conversion into voting shares, allowing the company to secure immediate funding.
• Offshore joint ventures: Establishing a new entity outside Australia to co-develop intellectual property with an Australian partner can bypass direct acquisition triggers. Legal advice is necessary to ensure this does not constitute an anti-avoidance violation.

Post-Acquisition Governance

Foreign acquirers must adhere to the compliance conditions attached to their no-objection notification. These mandate local board representation, periodic data security audits, and strict reporting protocols to the Australian government.

FIRB conditions dictate how a technology company operates post-closing. Acquirers likely need to appoint independent, Australian-resident directors with appropriate security clearances. The company may also need to ring-fence sensitive data on onshore servers and restrict foreign executives from accessing specific source code or customer databases.

Failure to comply with post-acquisition conditions results in civil penalties or an order to divest the business.

Pre-Closing Regulatory Disputes

Pre-closing disputes with Australian regulators involve disagreements over national security risks or the commercial viability of proposed mitigation conditions. Resolving these requires negotiation with FIRB case officers and offering legally binding behavioral undertakings.

When FIRB has concerns about a transaction, it issues draft conditions for the acquirer to review. If these conditions restrict the commercial logic of the deal (such as prohibiting software integration with the parent company's global platform), negotiate rapidly. Proposing alternative mitigation measures is an effective resolution strategy. Offering to submit to annual independent cybersecurity audits can satisfy intelligence agencies without requiring total data isolation. Consult experienced Merger & Acquisition lawyers in Australia to handle these negotiations.

Common Misconceptions

Foreign investors often underestimate timelines and the broad definition of national security in Australia's foreign investment regime. These errors derail technology acquisitions and trigger legal penalties.

Startups are exempt Acquiring early-stage tech startups with negligible revenue often requires government approval. If the startup develops critical technology or handles sensitive data, the zero-dollar threshold applies. Approval is mandatory regardless of the company's valuation or revenue.

30-day approval is guaranteed Commercial deal teams frequently build M&A closing schedules around the official 30-day statutory timeline. Almost all technology acquisitions involving foreign buyers face voluntary extensions. A 90- to 120-day timeline is a realistic expectation.

FIRB only reviews equity purchases Foreign acquirers sometimes try to avoid FIRB by acquiring the assets of a business rather than the shares. Australian regulations treat the acquisition of significant business assets, intellectual property, and certain profit-sharing agreements as notifiable actions.

Next Steps

Assess the target company's assets and customer base against Australia's national security definitions immediately upon identifying an acquisition target.

• Conduct regulatory due diligence: Investigate the target's data collection practices, government contracts, and proprietary technology to assess national security triggers.
• Engage legal counsel: Partner with Australian M&A experts to determine if the investment requires mandatory FIRB approval. Specialized counsel structures the transaction to minimize regulatory friction and drafts the commercial rationale for the application.
• Build timeline buffers: Adjust the Share Purchase Agreement (SPA) to include "condition precedent" long-stop dates that accommodate potential 120-day FIRB review periods.