Trusted Capital: What Security Clearance Requirements Actually Mean for Your Cap Table
S. VanceMost founders raising a Series A have one question about their investors: can they write the check? Defense tech founders need a second question. Can those investors sit on the cap table without triggering a national security review that stalls your contracts, limits your facility access, or forces a restructuring you cannot afford?
Photo by This is not a hypothetical. It happens regularly, and it almost always costs more to fix than it would have cost to prevent.
Why the Cap Table Is a Security Document
When a defense startup pursues a facility clearance (FCL) through the Defense Counterintelligence and Security Agency (DCSA), DCSA does not just vet the company. It reviews ownership. Every investor with a meaningful equity stake, board seat, or decision-making authority gets scrutinized. Foreign nationals on your board, foreign entities in your investor syndicate, or even domestic investors with opaque beneficial ownership structures can slow or block the clearance entirely.
The threshold that triggers heightened review is lower than most founders expect. A 10% ownership stake from a foreign person or foreign government-controlled entity is enough to require a formal mitigation agreement under the National Industrial Security Program (NISP). Above 25%, you are likely looking at a Special Security Agreement (SSA) or a Proxy Agreement with significant operational constraints attached. At majority foreign ownership, DCSA has the authority to deny the clearance outright.
This matters because the FCL is not optional for most serious defense work. If your product touches classified data, classified facilities, or certain controlled unclassified information categories, the clearance is the ticket to the program.
The Mitigation Agreements Nobody Wants to Sign
Assume a foreign-aligned investor is already on your cap table when you apply. DCSA will not simply wave you through. You enter a negotiation over a mitigation agreement, and those agreements have teeth.
Proxy Agreements, the most restrictive tier, essentially transfer voting and governance rights to a board of U.S. citizen proxies who operate independently from the foreign investor. The original investor retains economic rights but loses control. Most sophisticated foreign LPs and sovereign wealth funds find this unacceptable and will push back hard, creating a standoff that delays clearance processing by months.
Special Security Agreements are somewhat less restrictive but still require board-level U.S. citizen representation, limitations on technology access by foreign personnel, and annual DCSA audits. These are workable for some investors. They add overhead that nobody budgeted for.
Security Control Agreements sit below SSAs and apply when foreign ownership is below the thresholds requiring an SSA but still present enough to warrant oversight. Each tier has its own reporting obligations, visitation controls, and governance requirements.
graph TD
A[Foreign Ownership Identified] --> B{Ownership Level}
B --> C[Under 10%: Disclosure Only]
B --> D[10-25%: Security Control Agreement]
B --> E[25-50%: Special Security Agreement]
B --> F[Majority: Proxy Agreement or Denial]
Where Founders Actually Get Caught
Three scenarios come up repeatedly in diligence.
First: the fund-of-funds problem. A U.S.-domiciled VC has a clean face, but its LP base includes foreign university endowments or sovereign wealth vehicles. The beneficial ownership traces back outside the country. DCSA looks through the fund structure. Your investor's domestic address does not protect you.
Second: the bridge round problem. A startup takes emergency capital from a well-connected foreign family office to survive a tough quarter. The amount is small. The percentage is modest. But the investor ends up with an observer seat and some information rights that look like influence. DCSA reads influence as broadly as you fear it might.
Third: the dual-class structure problem. Some founders set up governance structures that give certain investors effective veto rights over strategic decisions, even at low ownership percentages. If those investors are foreign, the contractual influence can trigger review independent of the equity stake.
What Good Cap Table Hygiene Looks Like
The VCs doing this well have a checklist before they let any defense portfolio company take outside capital. It starts with a beneficial ownership trace on every new investor, not just the lead. It includes a review of any information rights, board observation rights, or contractual approval rights that travel with the investment. It flags any LP in the funding chain with a domicile outside the Five Eyes countries as a matter of routine.
That last point is a judgment call, not a legal requirement. But Five Eyes alignment (U.S., UK, Canada, Australia, New Zealand) is a practical proxy that most experienced defense investors use because intelligence-sharing relationships between those governments reduce the concern level for DCSA reviewers.
Founders should negotiate these provisions before signing term sheets. Asking an investor to accept modified information rights or to restructure their participation through a U.S.-controlled vehicle is a reasonable conversation when everyone is still at the table. Asking them to restructure after closing, under pressure from a DCSA inquiry, is a negotiation from weakness.
Your cap table is infrastructure. Treat it that way from day one, and the clearance process becomes an administrative exercise. Ignore it, and you may spend eighteen months unwinding a problem that a thirty-minute conversation could have prevented.
Get Critical Tech Ventures in your inbox
New posts delivered directly. No spam.
No spam. Unsubscribe anytime.