UK: UK Government Introduces Lower National Security Merger Review Thresholds

Last Updated: 29 May 2018
Article by Becket McGrath and Christine Graham

Under new measures coming into force on 11 June, the UK government will have greater powers to intervene in mergers that potentially raise national security concerns due to the target's involvement in military and dual-use technologies and certain categories of advanced computer technology. Such transactions will be reviewable by the government on public interest grounds if the target: (i) has UK revenues of only £1 million; or (ii) has a UK share of supply exceeding 25%. This is a significant change from the current regime, under which a transaction is reviewable only if the target has UK revenues of more than £70 million or if it leads to an increment in the parties' combined share of supply of 25% or more.

The new thresholds are the first tangible output from the government's ongoing review that raise potential national security concerns. That review arose from concerns within government over the extent to which the UK's historical openness to foreign investors might make it vulnerable to emerging national security threats that the current regime would not catch.

Having identified the emerging threat of cyber attacks on the UK's critical national infrastructure, including by foreign intelligence agencies, the review noted that the existing jurisdictional limits on government intervention appeared to be insufficient to catch acquisitions of companies that controlled technology that could facilitate such attacks. In particular, they did not catch the acquisition of companies with very low turnovers, which are likely to include precisely the highly innovative companies that may be developing the sorts of technologies that, in the wrong hands, could raise national security concerns.

Intended as a short-term measure, the changes to these limits for transactions raising national security concerns are due to be followed by more far-reaching changes, including potentially the introduction of a mandatory filing regime to enable the review of all transactions involving foreign investors for national security issues.

This article will consider the new regime in more detail and its implications for business.

Current regime

The UK operates a voluntary notification regime for mergers that may raise competition concerns. This means that there is no requirement to notify qualifying mergers to the Competition and Markets Authority (CMA). Rather, the CMA has jurisdiction to investigate a qualifying merger on its own initiative, or in response to a complaint.

A merger will qualify for a competition review by the CMA if two or more enterprises have ceased to be distinct (or will be, once the transaction is implemented) and at least one of the following thresholds is met:

  • the target's UK turnover is more than £70 million (the Turnover Test); or
  • the merger would result in the creation or enhancement of a share of supply of goods or services of 25% or more in the UK, or in a substantial part of the UK (the Share of Supply test).

In cases where a merger has an EU dimension, which is determined by the parties' turnover, the European Commission (Commission), rather than the CMA, will currently investigate the impact of the transaction on competition. Member State governments retain the ability to review the impact of such mergers on specified public interest grounds, which include national security. (At the time of writing, the impact of Brexit on this process remains unclear.)

UK government ministers can launch parallel public interest reviews of qualifying mergers (referred to as 'intervention') in specified circumstances. Under the existing regime, apart from a narrow category of transactions involving defence contractors or media companies, government can launch a public interest intervention only if the transaction: (i) qualifies as a merger (i.e. it does not involve a greenfield investment or the acquisition of 'bare assets', such as intellectual property rights); (ii) raises specific public interest considerations; and (iii) meets the threshold for a regular competition review (whether by the CMA or the Commission).

Specified public interest considerations currently cover national security (including public security); financial stability (prudential regulation in European mergers); and media plurality.

To date, there have been 12 public interest interventions since the current merger control regime was introduced in 2003, seven of which were on national security grounds. The initial assessment of transactions for potential national security concerns is undertaken by government departments and the UK security agencies, rather than the CMA. Given the inherently sensitive subject matter, such assessments take place in private, under the coordination of the government's Investment Security Group. Once an intervention has been triggered, the procedure is largely public, albeit government ministers remain responsible for key decisions and key details may be excluded from public disclosure.

Sectors covered

The new thresholds apply to any acquisition of control or material influence over a "relevant enterprise", which is defined as a business that is active in either "military and dual-use technologies" or "advanced technology".

Military and dual-use technologies

The new regime will catch qualifying acquisitions of businesses that:

  • develop or produce 'restricted goods', meaning "goods, software or information" that are subject to export control; or
  • hold information that is "capable of use in connection with the development or production of restricted goods".

Categories of restricted goods are set out in various export control lists, many of which reflect the UK's international export control obligations. As such, it should be reasonably straightforward to identify products that fall within this category. The government has advised companies that are unsure whether this is the case for their products to use its online Goods Checker Tool. In addition, the government has said that it will endeavour to provide "clear, informal (non-binding) advice" as quickly as possible.

Advanced technology

The government's primary concern in this area appears to be the scope for hostile actors to use advanced technology to take control over connected products, which may be widely dispersed in homes, businesses, public institutions or utilities, to cause harm to businesses, critical national infrastructure or other public services. The potentially wide variety of such threats means that defining the scope of relevant technologies is somewhat complex.

The government's original Green Paper focused on "advanced technology", which it proposed defining as comprising "multi-purpose computing hardware" and "quantum based technology".

The new legislation provides a more detailed definition of activities that will be caught under this heading. Specifically, these comprise:

  • the ownership, creation or supply of intellectual property relating to the functional capability of:
    • computer processing units;
    • the instruction set architecture for such units; or
    • computer code that provides low level control for such units;
    • the design, maintenance or provision of support for the secure provisioning or management of:
    • 'roots of trust'1 of computer processing units;
    • computer code that provides low level control for such units; and
  • research, development, production or the supply of services related to:
  • quantum computing or simulation;
  • quantum imaging, sensing, timing or navigation;
  • quantum communications; and
  • quantum resistant cryptography.

These terms are defined with a high degree of technical specificity. For example, quantum timing is defined by the legislation as "utilising certain properties of quantum mechanics, including measurements of suspensions of atoms or ions, to provide a timing signal with a resolution or sensitivity that is beyond what is possible in non-quantum devices or systems".

As can be seen from the above, the new regime covers a wide range of technology businesses, including those involved in chip design, the design of Internet of Things products and connected home devices and the development of certain types of security products and services, including the design of firmware with cryptographic functionality.

The regime also covers companies that are involved in all stages of the quantum computing development process, including the creation of intellectual property, as well as companies supplying quantum technology components or offering services (such as consultancy advice or data analysis) which use quantum-based technology.

It is not necessary that the target is actually involved in producing such products – ownership of relevant IP is sufficient.

Additional thresholds

Even if the target of a transaction is within the scope of the new rules, it does not necessarily follow that the transaction will be reviewable under the new rules. Importantly, the expanded regime will continue to apply only to qualifying mergers, which arise where one business acquires control or material influence over another business. While the boundaries are somewhat blurred, a passive minority investment in a relevant enterprise should not be caught by the new regime. While the acquisition of IP rights in isolation should also be outside the scope of the regime, the inclusion of additional assets or personnel would be likely to take a transaction across the line.

As noted above, provided a transaction involving the acquisition of a relevant enterprise counts as a merger, it will be reviewable under the new rules if the target enterprise:

  • generates UK revenues of more than £1 million; or
  • holds a UK share of supply of over 25%.

This indicates that acquisitions of businesses that are purely involved in research and development activities that as yet generate no income should not be caught. The very low level of the new UK turnover threshold for transactions involving relevant enterprises does mean that a large number of transactions may still be caught by the new regime. While only a small number of such transactions may raise actual national security concerns, the new regime introduces the potential for scrutiny of such transactions that did not exist before.


The application of the new rules is potentially uncertain, given the range and complexity of the technology covered. The government has published draft guidance to assist companies in determining whether their activities fall with within these defined sectors and has provided an email address to enable parties to seek guidance on whether their products come within the scope.

It is important to bear in mind that transactions falling within the scope of the new rules will not be subject to any additional notification requirements. The CMA does not expect mergers that are brought within the scope of the UK merger control regime purely as a result of these changes to raise competition-related concerns. As a result, the risk of a competition review by the CMA has not increased.

The changes do broaden the universe of deals that are at risk of government intervention on national security grounds. Indeed, this is their specific purpose.

Potential buyers of UK-based technology companies will therefore need to undertake an assessment to determine whether their targets are within the scope of the new regime. If they are, then an informal notification to government may be advisable.

Such a notification provides the government with the information necessary to establish whether national security concerns arise and, where possible, to enable government officials to provide comfort that there will be no ministerial intervention. Notification to government for a national security assessment will remain distinct from any merger notification that the parties may choose to make to the CMA for a competition assessment and there will be no need to notify the CMA purely on the grounds that the parties have made a national security notification to government.

It will inevitably take some time for the regime to bed down and for companies and their advisers to assess the risk of intervention in individual cases and the analysis will be highly fact-specific.

In the meantime, the consultation period for the government's longer-term proposals ended on 9 January 2018. It is anticipated that the government will progress the scope of those proposals in a White Paper later this year. It is therefore highly likely that we will see further changes to the UK merger control regime in the near future.


1 Roots of trust are defined in the legislation as hardware, firmware or software components that are inherently trusted to perform critical security functions (including, for example, cryptographic key material bound to a device that can identify the device or verify a digital signature to authenticate a remote entity).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
Travers Smith LLP
Akin Gump Strauss Hauer & Feld LLP
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Travers Smith LLP
Akin Gump Strauss Hauer & Feld LLP
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions