Foreign Ownership, Control, or Influence mitigation, governed by the National Industrial Security Program Operating Manual Chapter 8 and administered through the Defense Counterintelligence and Security Agency, was for decades a defense industrial base construct. It applied to cleared facilities executing classified contracts, structured at the entity level to manage foreign equity, foreign board representation, and foreign information access. The instruments were specialized. The population of cleared firms was bounded. The mitigation architecture lived inside the National Industrial Security Program and rarely surfaced in commercial real estate or infrastructure underwriting. That perimeter has dissolved. FOCI mitigation is migrating from a cleared-facility exception into the standard Special Purpose Vehicle architecture for any campus that intends to bid on sovereign or defense-adjacent compute. By 2030, FOCI compliance becomes a routine credit input alongside FERC interconnection and CFIUS clearance. Cleared structure becomes the default. Uncleared becomes the exception.
What FOCI Actually Mitigates
FOCI is defined in 32 CFR Part 117, the rule that implements the National Industrial Security Program for cleared contractors, and is operationalized through NISPOM Chapter 8 and the DCSA Industrial Security Letters that govern entity eligibility. The regulatory lineage runs through DoD 5220.22-M, the predecessor manual that codified the National Industrial Security Program from 1995 through its 2020 conversion into 32 CFR Part 117. The substance has been consistent across that lineage. A cleared entity must demonstrate that foreign interests do not have the capacity to control, influence, or direct the entity in a manner that compromises classified information or controlled technology.
The mitigation framework addresses six categories of foreign interest. Foreign ownership of voting equity. Foreign representation on the board of directors. Foreign management at officer or executive levels. Foreign indebtedness or financial obligation. Foreign contractual relationships that create dependency. And foreign access to information, facilities, or personnel through any of the preceding channels. Each category triggers a distinct mitigation pathway, scaled to the magnitude of the foreign interest and the sensitivity of the cleared activity.
The trigger threshold is not a single number. A 5 percent voting interest from a designated foreign source can require mitigation. A 25 percent ownership stake from an allied non-designated source can also require mitigation. The determination is made by the DCSA case officer assigned to the entity, applying the threat assessment framework defined in NISPOM Chapter 8 and the supplementary guidance published by the Defense Counterintelligence and Security Agency Industrial Security Field Office.
For sovereign compute, the surface area is large. Equity sources, debt sources, vendor relationships, joint venture partners, supply chain provenance, and personnel with access to facility operations are all reviewable. The structural question moves from whether a campus has any foreign interest, which most campuses do, to whether the foreign interest is mitigated under a DCSA-approved instrument.
The Three Mitigation Instruments
DCSA recognizes three principal mitigation instruments for entities with foreign ownership, control, or influence above the threshold requiring action. Each instrument carries distinct governance, personnel, and information access requirements. Each instrument is documented in NISPOM Chapter 8 and refined through DCSA Industrial Security Letters and the published Outside Director Selection Process guidance.
The Voting Trust Agreement is the most restrictive instrument. Foreign-held voting equity is transferred to a trust whose trustees are US citizens, cleared at the required level, and independent of the foreign owner. The trustees exercise voting rights without consultation with the foreign owner. The foreign owner retains economic interest but is severed from governance. The Voting Trust Agreement is typically required where foreign ownership exceeds majority thresholds or where the foreign source presents elevated counterintelligence risk under the DCSA threat framework.
The Proxy Agreement operates on parallel logic. A cleared US citizen proxy holder exercises the voting rights attached to foreign-held equity. The proxy holder must satisfy the same independence and clearance requirements as a Voting Trust trustee. The Proxy Agreement is structured for situations where a trust vehicle is impractical, including certain partnership structures and tax-driven entity forms. The substantive effect is equivalent to a Voting Trust Agreement. The foreign owner is severed from governance.
The Special Security Agreement is the least restrictive of the three principal instruments. Foreign ownership is permitted to retain governance rights, but the entity is structured with cleared Outside Directors selected through the DCSA-administered Outside Director Selection Process, a cleared Facility Security Officer, a Government Security Committee that includes the Outside Directors and operating officers with clearance, and a Technology Control Plan that defines information flow between cleared and uncleared personnel. The Special Security Agreement is typically used where the foreign interest is allied, the threat assessment is moderate, and the operational rationale for foreign governance participation is documented.
A fourth instrument, the Security Control Agreement, applies where the foreign interest is below the threshold requiring a Voting Trust Agreement or Special Security Agreement but above the threshold requiring formal mitigation. It establishes baseline information controls and reporting obligations without the full board and officer architecture of a Special Security Agreement. The Security Control Agreement is the most common instrument for entities with single-digit foreign equity from allied sources.
The instruments are not interchangeable. The DCSA case officer assigns the instrument based on the threat assessment and the operational requirements of the cleared activity. For compute infrastructure, the instrument choice is becoming a published variable in the underwriting package. A campus operating under a Voting Trust Agreement prices and clears differently than a campus operating under a Special Security Agreement.
The Microsoft-G42 Template
The Microsoft strategic investment into G42, closed in April 2024 at $1.5 billion, established the governance template that subsequent sovereign-adjacent compute transactions have followed. The transaction was structured outside the formal NISPOM mitigation framework because G42 is an Emirati entity, not a US cleared contractor, but the architecture imported the same instruments by analogy. The result is a documented precedent that bridges the defense industrial base mitigation playbook into commercial AI infrastructure transactions.
The Microsoft-G42 governance changes included a Microsoft board seat at G42, a managed divestment of designated Chinese technology positions, an Inter-Government Assurance Agreement between the United States and the United Arab Emirates governing the technology transferred under the investment, and a security committee structure within G42 with reserved seats for US-cleared representation. The architecture matched the substance of a Special Security Agreement applied to a non-cleared foreign entity. Board composition, divestment commitments, information access controls, and a designated security committee. The instruments were familiar. The application was novel.
The Stargate UAE announcement in 2025, which committed to a 1 gigawatt campus structured jointly with OpenAI, Oracle, Microsoft, and Emirati sovereign capital, extended the Microsoft-G42 template into the campus SPV layer. The SPV structure incorporated cleared officer designations, supply chain provenance attestation, and a governance committee with reserved cleared seats. The architecture was not labeled FOCI mitigation in the public record. The instruments were FOCI instruments.
The precedent has propagated. Subsequent allied sovereign compute transactions, including bilateral arrangements involving the United Kingdom, Japan, and Saudi Arabia, have imported the Microsoft-G42 governance architecture into the SPV layer at formation. The instruments are recognizable across transactions. Board composition, cleared officer requirements, divestment commitments where applicable, technology control plans, and information access controls.
DCSA Reorganization And The Compute Portfolio
The Defense Counterintelligence and Security Agency, which administers the National Industrial Security Program and the FOCI mitigation framework, underwent a structural reorganization in 2025 under SECDEF directives that consolidated industrial security oversight and added a designated compute infrastructure portfolio. The reorganization moved the FOCI case management function into a structure capable of processing the volume of compute-infrastructure SPVs now requesting cleared eligibility.
The volume shift is material. In 2020, the cleared contractor population executing classified compute work was bounded at roughly the population of traditional defense industrial base technology firms. In 2025, the population of entities seeking FOCI mitigation in connection with compute infrastructure exceeded the historical baseline by an order of magnitude. Hyperscaler subsidiaries, sovereign campus SPVs, joint ventures with allied sovereign capital, and developer entities targeting sovereign tenancy each enter the DCSA case management queue.
The reorganization added a designated Industrial Security Field Office function for compute infrastructure, with case officers trained on the specific instruments most often applied to compute SPVs, the supply chain provenance attestation requirements relevant to GPU and HBM components, and the cleared workforce requirements relevant to facility operations. The processing timeline for a Special Security Agreement structured at SPV formation, which historically ran 12 to 18 months, has been targeted at 6 to 9 months for compute infrastructure cases inside the reorganized portfolio.
The implication for campus development is that FOCI clearance moves into the same critical path layer as FERC interconnection and CFIUS clearance. A campus targeting sovereign tenancy structures the SPV for FOCI mitigation at formation, submits the package to DCSA in parallel with the FERC and CFIUS filings, and operates under the assumption that all three reviews proceed concurrently. The 2030 timeline assumes the three reviews close within roughly the same envelope.
The SPV Architecture At Formation
The SPV architecture for a sovereign-target campus, formed in 2026 with a 2029 or 2030 commercial operation date, incorporates FOCI mitigation instruments at incorporation rather than retrofitting them at financing close. The architecture is becoming standardized through repeated transactions and through the guidance published by transactional counsel active in cleared-facility formation.
Board composition is the first variable. The board includes a majority of US-citizen directors cleared at Secret or above, with at least three Outside Directors selected through the DCSA Outside Director Selection Process or a process documented to DCSA satisfaction. The Outside Directors carry independence requirements that exceed standard public company independence definitions. They are independent of the foreign owner, independent of the foreign owner's affiliates, and independent of the operating company management.
Officer designations follow. A cleared Facility Security Officer is designated at SPV formation, with the personnel security investigation initiated before the SPV opens operations. A Government Security Committee is established at the board level, with reserved seats for the Outside Directors and the cleared officers. A Technology Control Plan is drafted as part of the formation documentation and submitted to DCSA for review against the proposed mitigation instrument.
Information access controls are documented at the level of the operating procedures. Compartmentalized access architecture, badging systems, cleared maintenance vendor relationships, and access logging are specified in the design documentation. The Technology Control Plan binds these operational controls to the entity-level governance.
Supply chain provenance is the newest layer. GPU procurement, HBM sourcing, networking equipment provenance, and software supply chain attestation are documented at the SPV level and updated on a defined cadence. The provenance attestation is becoming a standard element of the FOCI mitigation package for compute infrastructure, reflecting the DCSA guidance updated through 2025 and 2026.
Equity and debt sources are screened at formation. The capital stack is structured to satisfy both CFIUS criteria and FOCI mitigation requirements simultaneously. Allied sovereign limited partners are accommodated under the Special Security Agreement or Security Control Agreement instruments. Non-allied sources are excluded or routed through trust structures consistent with the Voting Trust Agreement instrument. The financing close cannot proceed in advance of the DCSA package approval.
What Becomes True By 2030
By 2030, FOCI compliance is a routine credit input across the AI infrastructure underwriting model. The credit report for a sovereign-target campus includes the FOCI mitigation instrument, the DCSA case officer designation, the date of the most recent annual review, the status of the Outside Director slate, and any open findings from the most recent DCSA inspection. The data is treated as comparable in standing to the FERC interconnection status and the CFIUS clearance posture. All three are reviewed at financing close. All three are tracked on an ongoing basis through the operating period.
The Special Security Agreement becomes the most common instrument for sovereign-target campuses, applied to SPVs with allied sovereign limited partner participation under moderate threat assessments. The Voting Trust Agreement becomes the standard instrument for SPVs with majority foreign equity from non-allied sources, in the narrow band where such structures are permitted at all. The Proxy Agreement and Security Control Agreement occupy specialized roles in partnership-form SPVs and low-foreign-interest entities respectively.
The cleared campus specification becomes a published standard. The National Institute of Standards and Technology, the Department of Energy, and the Defense Counterintelligence and Security Agency jointly document a reference architecture covering FOCI mitigation requirements, ITAR-cleared design defaults, cleared workforce attestations, and supply chain provenance. Campuses inside the specification are eligible for sovereign tenancy. Campuses outside the specification are not.
The merchant alternative remains available. A campus may elect not to pursue FOCI mitigation and may operate at merchant credit and merchant pricing for the hyperscaler tenant tier. The cost differential is meaningful but absorbed inside the merchant pricing model. The structural consequence is a bifurcated market. Cleared campuses compete for sovereign tenancy and price inside the sovereign credit spread. Uncleared campuses compete for hyperscaler tenancy and price inside the merchant credit spread. The two markets do not converge.
The DCSA case management function, expanded through the 2025 reorganization, processes the steady-state volume of compute infrastructure FOCI cases on a defined timeline. The 6 to 9 month target for new Special Security Agreements at SPV formation becomes the operating norm. The annual review cycle for existing instruments is integrated into the campus operating calendar alongside the FERC and CFIUS reporting calendars.
The boundary between a sovereign compute campus and a cleared defense facility narrows further. By 2030, the architectural distinction between the two is residual. The instruments are common. The governance is common. The workforce is common. The supply chain provenance discipline is common. The remaining distinction is the classified data category resident on the facility, which determines clearance level and information handling protocol but does not differ at the structural level of the SPV. The cleared structure has become the default specification for the AI infrastructure stack.