Proposed regulations for national security reviews of deals involving foreign investments in U.S. companies that store large amounts of “sensitive personal data” will likely mean scrutiny of many more transactions than before, lawyers said.

Given the definition of “sensitive data” under the draft rules, insurance companies, especially those insuring government personnel; biotech, health care and health technology companies; and those with data-driven business models are likely to be swept up, experts said. The law expands jurisdiction of the Committee on Foreign Investment in the U.S. over transactions involving businesses with data on individuals that “may be exploited in a manner that threatens to harm national security,“ according to the text of the draft regulations.