The UK vies consistently for the top spot on the annual global rankings for attracting foreign direct investment. It is a source of pride for every incumbent of 10 Downing Street: a tangible metric that supports the attestation that the UK economy is the most open and business-friendly country, globally.

It is therefore perhaps no surprise that the UK has for so long resisted calls to follow its allies such as the US, Australia and Germany in introducing legislation designed to weed out investors with potentially nefarious intentions from sensitive aspects of the economy.

Such governments have sought to both strengthen their powers to scrutinise and intervene in transactions where it is necessary to protect national security, while providing investors with both certainty and transparency. This is a delicate balance, especially when threats to national security manifest themselves in evolving and novel ways, which can soon make a mockery of any legislation designed to protect a nation's economy from harm. In addition, in a world that is increasingly suspicious of globalisation, governments open themselves up to criticism for using national security screening powers as a veil for protectionist intervention.

In light of the trial and error that is the implementation of an effective investment screening regime, the UK's perceived tardiness may have benefits. When considering how best to design an effective yet proportionate investment screening mechanism, UK lawmakers have been able to look overseas to see what works.

The result is the National Security and Investment Bill (NSI Bill or Bill), which was laid before the UK Parliament on November 11 2020. Some four years in the pipeline and having been dragged along by successive Conservative governments, when implemented it will see the UK introduce one of the most comprehensive and detailed investment screening mechanisms globally. The Bill contains many of the legislative controls adopted in overseas regimes, while at the same time introducing several new, untested, features.

In light of the trial and error that is the implementation of an effective investment screening regime, the UK's perceived tardiness may have benefits

To date, the UK's existing intervention powers have nestled within its merger control regime, and have been deployed sparingly. The government has blocked just 12 transactions on national security grounds since 2002, with those vocal for legislative improvements calling for a standalone regime decoupled from merger control considerations.

As such, prior to the NSI Bill's publication, all material government publications pointed towards a standalone regime, premised upon a voluntary notification mechanism. At the time, the government felt that a voluntary regime, rather than a system requiring notification, would strike the right balance between protecting the country's sensitive assets without being too burdensome.

It therefore caused a shock when the NSI Bill included a mandatory notification regime for acquisitions of 'qualifying entities of a specified description' operating within 17 industry sectors (referred to as 'notifiable acquisitions'). The ringfenced sectors being: civil nuclear, communications, data infrastructure, defence, energy, transport, artificial intelligence, advanced robotics, computing, hardware, cryptographic authentication, advanced materials, quantum technologies, engineering, biology, critical suppliers to government, critical suppliers to the emergency services, military or dual-use technologies, and satellite and space technologies.

The government intends to detail in secondary legislation the specific 'trigger events' within the aforementioned sectors that will prompt a mandatory filing. This is deliberate, as the government hopes to futureproof the law to guard against the ever-changing risks to national security, without needing new primary legislation every time.

The government has been candid on its reasoning for introducing a mandatory regime: it does not trust the economy to flush out national security concerns when left to its own accord. The government will, no doubt, have also observed that this year the US Committee on Foreign Investment in the United States (CFIUS) introduced the mandatory notification of investments in critical technologies, as well as by foreign governments in US technology, infrastructure, and data businesses.

Moreover, Germany's screening legislation, the Außenwirtschaftsgesetz (or AWG), has mandated the notification of foreign investments in specific sectors (such as those in telecommunications, media and healthcare industries) and critical infrastructure for some time. As such, the UK's volte-face is perhaps representative of changing global policy concerns regarding the mechanics of national security and investment screening.

Entering the 'black box'

The onus to notify the government rests with the acquirer under the NSI Bill. The requirement can be triggered by various forms of deal activity including full share acquisitions, material increases in shareholding or voting rights (e.g. crossing 15 percent, 25 percent, 50 percent and 75 percent), as well as material influence over corporate policy.

In reality, the NSI Bill provides for most material changes, in shareholding or voting rights in a qualifying entity, to trigger notification. Once the government receives a notification, it has an initial 30 working days to screen the transaction. During this initial screening period, the government must determine whether to either call in the transaction for a full assessment, or give the acquirer the green light. The government anticipates that it will receive approximately 2,000 notifications per year, calling in just under 100. To put this in context, in 2019 the CFIUS regime called in 113 from a notification pool of 231.

Investors should take heed of the potential delay a government call-in could have on the deal timetable. The NSI Bill proposes a statutory minimum of 75 working days (an initial 30 days plus an additional 45 days) to conduct a full national security assessment. We note that this timeline is the same as the original CFIUS review period. However, the US extended the initial review stage from 30 days to 45 days, to enable more transactions to be cleared (i.e. so that fewer transactions fall into the additional 45 day period – saving parties up to 30 days). It remains to be seen whether the NSI Bill keeps the 30+45 day structure, or whether this is amended as the Bill travels through Parliament.

If the government requires longer than 75 working days, then the NSI Bill permits the government and acquirer to agree a further 'voluntary' period. Australia's screening mechanism also enables the government and investors to voluntarily extend review deadlines. That said, in practice, parties have little choice but to agree to such an extension, making it difficult to predict how long the review process will take. We therefore question how voluntary this further period under the NSI Bill will be for any acquirer, assuming that it wishes the deal to go through.

The most difficult aspect for investors to consider in any investment screening regime that turns on national security concerns, is understanding what constitutes a national security concern. The NSI Bill requires the government to publish a statement every five years indicating how it seeks to conduct its national security assessment (referred to as the Statutory Statement of Intent). The government proposes applying a threepronged approach for the assessment of national security risks represented by: the relevant transaction, the target of the transaction, and the acquirer/investor.

The government has not been shy about giving itself considerable powers to intervene in any trigger events that could cause national security concerns

To investors, perhaps the most concerning weapon that the government has is its retrospective power to call in transactions

The NSI Bill suggests an approach more closely aligned with CFIUS for the time being, insofar as the assessment of national security risks is uniform across transactions that fall within scope. In time, the UK could choose to follow Germany in adopting a tiered approach to review criteria, with stricter conditions applied to higher-risk investments.

Nowhere to hide

One of the UK government's main concerns is the risk that hostile acquirers could deploy contrived legal structures to obtain control of sensitive UK entities without triggering a mandatory notification regime. In addition, as the requirement to submit a mandatory notification rests with the acquirer, the government is still reliant on purchasers both knowing their obligations under the NSI Bill, and wishing to comply with them.

Step forward the Bill's voluntary notification regime, which mirrors the mandatory regime in terms of timing and process, but casts a significantly wider net. Unlike the mandatory regime, a voluntary notification can be submitted by any 'relevant party' that has a nexus to a trigger event. This means, for example, that a company's board has the power to notify the government where it is subject to hostile investment. In addition, the voluntary regime applies to trigger events occurring within the UK economy as whole, i.e. parties do not need to demonstrate that the trigger event occurs within one of the 17 sensitive sectors.

The voluntary aspects of Germany's regime also do not specify industry sectors, as it does with transactions subject to mandatory notification. In addition, while the US has introduced mandatory filings for the CFIUS regime this year, it is anticipated that the majority of notifications will continue to be on a voluntary basis due to the risk of retrospective call-in.

The NSI Bill includes the provision for a voluntary notification to be made in relation to a trigger event concerning a qualifying asset, which is defined as an asset of any of the following types (i) land (including land located outside of the UK if used in connection with activities conducted in the UK); (ii) tangible movable property; or (iii) ideas, information or techniques which have industrial, commercial or other economic value (for example, trade secrets, databases, intellectual property rights and software).

The trigger event occurs when a person gains control of the qualifying asset and is thus able to use it or direct its use (including prior to acquisition). Germany also explicitly captures both share and asset deals in its review process. While the US does not capture asset deals explicitly, other factors may mean an asset deal will fall within the jurisdiction of CFIUS. For example, where the acquisition of a corporate entity would also result in gaining asset(s) with a national security sensitivity (e.g. a building opposite a military facility).

A long and (un)winding road

The government has not been shy about giving itself considerable powers to intervene in any trigger events that could cause national security concerns, as well as significant enforcement powers to help ensure compliance.

If the government decides that a particular transaction raises material national security concerns, then it can impose any steps necessary to protect, remedy, or mitigate the national security risks. In practice, this is likely to result in one of three outcomes detailed within a final order (i) imposing conditions of approval for the deal to proceed (ii) blocking the deal or (iii) unwinding the deal in situations where the relevant trigger event has already occurred.

Offences under the Bill include the completion of a transaction subject to mandatory filing without approval, failing to comply with an order (both interim and final), and offences relating to the failure to comply with an information notice or attendance notice. Penalties for noncompliance include fines of up to five percent of worldwide turnover or £10 million ($13.4 million) (whichever is the greater), and imprisonment of up to five years. The proposed approach by the NSI Bill to penalties differs from the US and Australia, which both choose to tie penalties to the value of the transaction, rather than the investor's turnover.

To investors, perhaps the most concerning weapon that the government has is its retrospective power to call in transactions that were not notified but may raise national security concerns. This power has no retrospective time limit for acquisitions that should have been notified under the mandatory regime (i.e. 'notifiable acquisitions'). For all other trigger events, the government has a five year window from the point at which the trigger event occurred to call it in for assessment, provided that it does so within six months of becoming aware of the transaction. As a transitional measure, all transactions that occur from November 12 2020 and onwards will be in scope of a five-year look back. However, if the government becomes aware of it prior to the NSI Bill coming into force (e.g. a transaction press release is issued), then the government will again only have six months to call in the transaction.

Arguably, the NSI Bill goes further than other regimes with retrospective look-back provisions. For example, the German government has a five-year window following completion to initiate an investment review for all relevant transactions (i.e. including those subject to mandatory notification). In addition, if the CFIUS regime wishes to review a transaction that completed more than three years earlier, it needs to obtain approval. To date, the Australian government has not had the ability to call in transactions retrospectively, but will have this power from 1st January, 2021 onwards.

The gating issue for 2021

The NSI Bill will be the subject of intense cross-party discussions as it makes its way through Parliament. However, we do not anticipate that its key features, such as the new mandatory regime, or the ability to conduct a retrospective look-back, will be removed or watered down substantially.

What is likely to be shaped in the upcoming months are the specific trigger events occurring within the 17 industry sectors that will require notification, which will be detailed within the Bill's secondary legislation. It is also possible that the government will decide to exempt certain acquirers from the need to conduct a mandatory filing, as well as escalate the acquisition of highly sensitive assets to the mandatory regime.

We expect the NSI Bill to become law towards the middle of 2021. Once in place, the legislation is likely to affect a wide range of investment activity and could impact a range of corporates and funds that count foreign nationals and foreign governmental entities among their investors.

Practically speaking, investors should expect questions and disclosure requests regarding proposed investment structures, the involvement of foreign investors, and the overall aims of the investment. It will therefore be critical for these operators to treat the NSI Bill as a gating issue when planning investment activity within sensitive areas of the UK economy going forward. This is particularly the case for any investment activity that could be at an increased risk of call-in due to the government's retrospective call-in powers, which apply now.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.