New Bill Extends Foreign Risk Vetting Until 2030, Blocks VC-Backed Startups with Foreign Ties from Federal R&D Funds

The new SBIR/STTR Foreign Interference Safeguard Act is essentially a double shot of national security measures aimed at protecting federal research and development funding from foreign adversaries. First, it extends the Small Business Administration’s (SBA) program for checking security risks related to its innovation grants—the due diligence program—for five years, pushing the expiration date from September 30, 2025, to September 30, 2030 (SEC. 2). Second, and more significantly, it puts new guardrails on who can receive Small Business Innovation Research (SBIR) awards, specifically targeting companies heavily backed by big investment firms.

The New Gatekeepers for Innovation Funding

This is where things get complicated for startups. The SBIR program is critical for small businesses developing cutting-edge technology, often bridging the gap between basic research and commercial viability. This bill focuses on small businesses that are majority-owned by venture capital (VC) operating companies, hedge funds, or private equity firms. Under the new rule, if a small business is majority-owned by these investors, it is now ineligible for an SBIR award if the SBA Administrator determines that the business itself, or the majority owner, is controlled by a “covered foreign entity” (SEC. 3).

Think of a high-tech startup, ‘InnovateCo,’ that just closed a major funding round from a US-based VC firm. If the SBA Administrator finds that the VC firm—InnovateCo’s majority owner—is controlled by an entity linked to a “country of concern,” InnovateCo is immediately locked out of the SBIR program. This measure aims to prevent sensitive US-funded R&D from leaking overseas, but it puts a big spotlight on the ownership structure of investment funds, which often have complex global financing arrangements.

Defining the ‘Foreign Entity’ Problem

To make this work, the bill provides extremely detailed definitions for who counts as a security risk. A “covered foreign entity” is broadly defined, including foreign governments, political parties from countries of concern, or any organization or person (who isn't a US citizen or permanent resident) based in or set up under the laws of a country of concern (SEC. 3). The net is cast wide, covering anyone acting as an agent or employee for these entities, or anyone who owns 25% or more of the equity in them.

Furthermore, the bill defines a “foreign entity of concern,” which includes entities designated as foreign terrorist organizations or those on the Treasury Department's list of specially designated nationals. It also includes entities owned or controlled by a “covered nation,” or those alleged by the Attorney General to have been involved in serious federal crimes like espionage or violations of arms export laws (SEC. 3). This level of detail makes it clear the bill is designed to plug specific security holes, particularly concerning technology transfer and espionage.

The Real-World Friction Point

While the goal is to protect national security, the practical challenge lies in the Administrator’s discretion. The SBA Administrator has the power to decide if a majority owner is “controlled by” a covered foreign entity. This determination could be subjective and complex, especially given the global nature of modern finance. A US-based VC firm might have limited partners (LPs) who are foreign nationals, and determining if that relationship constitutes “control” could become a bureaucratic headache.

For the small business owner, this means that even if their technology is sound and their team is American, their eligibility for crucial federal funding now depends heavily on the financial provenance and ownership structure of their investors. The bill also requires the Administrator to set specific size standards just for these investment-backed businesses seeking SBIR funding, adding another layer of administrative complexity to an already competitive program (SEC. 3). This means that while the extension of the security vetting program until 2030 is a straightforward continuation of existing policy, the new restrictions on VC-backed companies could significantly impact the funding landscape for high-growth, high-tech startups.