On January 4, 2022, the UK's National Security and Investment Act 2021 (NSI Act) is set to come fully into force, with some provisions retroactively applying to November 2020. The NSI Act creates a stand-alone foreign direct investment (FDI) review system focused on national security with defined processes and statutory deadlines. Importantly, it introduces for the first time a mandatory notification and pre-closing clearance requirement for transactions in specified sectors, bringing the UK FDI review system in line with the FDI screening regimes of its intelligence allies, including the United States, Australia, Canada and New Zealand.

Like the American Committee on Foreign Investment in the United States (CFIUS) regime, the UK regime also contemplates a 'voluntary' filing process and a broad authority for the UK government to identify and review ('call-in') transactions for which the parties have not made a voluntary or mandatory notification. It also expands the UK government's power to impose conditions on, and potentially block, transactions that may give rise to national security risks.

While the new regime represents a significant change to the existing UK national security framework, the government is keen to emphasise that the UK remains 'open for business' and that the 'vast majority of deals will be able to proceed without delay'. So, what is the likely impact of the new NSI regime on transactions? Below we demystify some of the rules and summarise our top 10 key takeaways.

  1. The new regime is country agnostic and has extraterritorial scope – it applies to any investor and to investments in non-UK targets. The UK regime captures in its jurisdiction investors with a variety of business operations, provided there is a sufficient nexus to the UK, including investments in non-UK targets that supply UK customers or carry on activities in the UK. It can equally apply to UK-to-UK domestic transactions, as well as transactions involving non-UK targets (e.g., the acquisition of a French target company that has a UK subsidiary).
  2. The mandatory notification regime applies only to the acquisition of certain levels of ownership interests and/or control in companies active in one or more of 17 specified sectors in the UK. Referred to as 'trigger events', the relevant levels of ownership or control are based on objective criteria. Specifically, a mandatory notification may be required if an investor acquires either of the following:
    1. Shares or voting rights in a company of more than 25%, more than 50% or 75% or more.
    2. Voting rights in a company that (whether alone or together with other voting rights held by the investor) enable the investor to secure or prevent the passage of any class of resolution governing the affairs of the company.
    However, if none of these 'trigger events' are present, a mandatory notification is not required, regardless of the specified sector in which the target company is active in the UK.
  1. If one or more of the above 'trigger events' are met, a mandatory filing will only be required if the target company is active in one or more of the 17 specified sectors in the UK.  The list of the 17 specified sectors has been refined since the initial draft definitions published in November 2020. See latest definitions in the National Security and Investment Act 2021 (Notifiable Acquisition) (Specification of Qualifying Entities) Regulations 2021. Importantly, the specified sectors cover traditional industries such as defence and military, as well as critical infrastructure (i.e., communications, data infrastructure, energy and transport), and advanced technologies (i.e., artificial intelligence, robotics, computing hardware, cryptographic authentication, advanced materials, quantum technologies and synthetic biology). This focus on infrastructure and technology is not dissimilar to other foreign investment screening regimes across the world, reflecting an increasing desire to protect critical industries and advanced technologies from 'hostile actors'.
  2. If the transaction falls outside the mandatory regime's scope, the parties should assess the risk of being 'called-in' by the UK government and whether a voluntary filing may be appropriate. Under the current legislation, deals will be 'called-in' by the government where there is a perceived risk to UK 'national security'. Unhelpfully, there is no definition of 'national security' in the legislation, though the government has published a statement of intent explaining the three risk factors that it will consider when assessing the risk to national security , namely:
    1. The target risk (i.e., the technology and business activities of the target that could present a vulnerability to national security).
    2. The acquirer risk (i.e., the characteristics of the entity making the investment or acquisition).
    3. The control risk (i.e., the nature of the influence and actions that the foreign actor could take with respect to the target company based on the acquired level of control, and the impact of the exploitation of the assessed vulnerability).
    Early diligence can inform the scope of perceived risk for a given transaction that may be 'called-in'. Prior to completing its review of any 'called-in' transaction, the UK government has authority, which can extend extraterritorially, to issue interim orders to prevent or mitigate effects of actions averse to UK national security.
  1. Acquisitions of assets are not subject to mandatory notification and are expected to be rarely 'called-in' by the UK government. 'Assets' have been specifically defined under the legislation to cover real property (i.e., land), tangible moveable property and ideas, and information or techniques that have industrial, commercial or other economic value (i.e., trade secrets, databases, source code, algorithms, formulae, designs, plans, drawings, and specifications and software). This definition would cover, for example, the licence of intellectual property. If the government perceives that the acquisition or license of an asset presents a risk to national security, it could 'call-in' the transaction. However, in its guidance, the government has made clear that it expects to rarely 'call-in' acquisitions of assets, compared to acquisitions of or investments in companies.
  2. Companies should conduct FDI diligence early to assess whether a transaction is caught by the mandatory regime, and negotiate relevant contractual protections where appropriate.  When setting the scope of due diligence, it is important to take the time to consider the application of the UK NSI regime (as well as other applicable foreign investment screening regimes) at the outset of the transaction or investment. As with other regulatory clearance requirements, relevant closing conditions should be incorporated in deal documents to address potential filings in the UK and elsewhere.
  3. The UK has established a dedicated unit to handle FDI notifications. The Investment Security Unit (ISU) is an operational unit within the Department for Business, Energy and Industrial Strategy (BEIS) responsible for identifying, addressing and mitigating national security risks to the UK. The ISU is fully staffed and resourced in anticipation of the regime coming into effect on January 4, 2022.
  4. Since March 2021, businesses have been able to contact the ISU and receive advice about the operation of the regime. This has facilitated public understanding of the NSI Act and, to date, communications from the ISU have underscored that the purpose of the UK policy will be to exercise its regime to address bona fide national security concerns and not to arbitrarily interfere with investment.
  5. The new timeline and process for NSI review. Once a mandatory or voluntary notification is submitted and accepted as complete, the UK government will have an initial 30 working days to review the notification and provide clearance. It is anticipated that the government will clear the majority of transactions at this stage, and only a minority of deals will go through to a more detailed and longer 'phase II' type of review.
  6. Companies should take obligations seriously, as sanctions may apply for non-compliance. The NSI Act contemplates heavy sanctions for missing a mandatory filing requirement, including fines to the buyer of up to 5% of worldwide turnover or £10 million, whichever is higher, and potential imprisonment for directors of up to five years. In addition, the transaction itself would be void as a result of a missed mandatory filing. Penalties may also be levied against the transaction parties for failing to comply with an interim or final order, or failing to comply with requirements to provide accurate information.
  7. Companies should engage early with the ISU if they have any questions.  The UK government has repeatedly stated that it is willing to provide informal guidance on the new regime. If companies have specific questions and/or are unclear about the operation of the new rules, it is best to email the ISU and seek guidance, even on a 'no-names' basis. Advice given by the ISU may be non-binding, but it is a helpful way to gauge the level of 'call-in' risk and to gain further clarity in an evolving, new regime.

For more details about the NSI Act, refer to our May 2021 and July 2021 alerts.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.