The National Security and Investment Act 2021 (NSI Act) is a significant new piece of legislation. It sets out a new, standalone regime allowing for the UK Government to scrutinise – and potentially block – acquisitions and investments in sensitive sectors which could impact upon national security.
The NSI Act will come into force on 4 January 2022. However there are already transitional arrangements in place which means that the Act will apply retrospectively to transactions that completed after 12 November 2020.
A new operational unit – the Investment Security Unit (ISU) – is being constituted within the Department for Business, Energy and Industrial Strategy (BEIS) which will be responsible for identifying, addressing and mitigating national security risks to the UK.
As further guidance continues to be published in the lead up to the commencement of the NSI Act, investors, acquirers and UK based corporations should take this opportunity to familiarise themselves with the requirements of the NSI Act and its impact upon their corporate activity within the UK.
What does the NSI Act cover?
The NSI Act gives the UK Government the ability to block or apply conditions to UK corporate transactions. Although it is expected to be rare that the Government uses its powers under the NSI Act to block transactions, the impact on deal timelines could be significant, with the NSI Act requiring notification of relevant transactions prior to completion.
Where target businesses operate in any of the identified "high risk" sectors – which include artificial intelligence, communications, computing hardware, data infrastructure, energy, synthetic biology, and more – a mandatory notification may be required. Recently published guidance has provided helpful additional detail as to the scope of these ‘high risk’ sectors, which are wide-ranging.
The legislation bites in particular on acquisitions and consolidations of "control", with the threshold for control being as low as 25 per cent. Significantly, there is no de minimis in terms of value and even UK investors can fall within the scope of the NSI regime. Accordingly, the impact of the NSI regime will not be limited to high-profile and high-value acquisitions.
What action is needed?
We are already engaging with our clients to assist them in preparation for the NSI Act coming into force. You should be aware of the following points at this stage.
- The NSI Act, once in force, will apply retrospectively to transactions completing from 12 November 2020. If you have any concerns about the impact of the NSI Act on a transaction completing prior to 4 January 2021, businesses are encouraged to liaise with the ISU informally as early as possible.
- Once the NSI Act is in force, you should be aware of the potential for the notification procedure to impact upon the timing of relevant transactions. Where a mandatory notification is required, we would expect completion of the transaction to be conditional upon clearance. Our recommendation would be to consider notification as early as reasonably possible in a transaction, to minimise the potential delay to completion.
- We also recommend that deal documentation is reviewed, including updating due diligence questionnaires and warranties and undertakings under share purchase or investment agreements where relevant, in light of the NSI Act.
Current powers of the UK Government to intervene
The Government’s power to intervene in transactions on the grounds of national security concerns were limited, being derived from Part 3 of the Enterprise Act 2002 (Enterprise Act). The NSI Act is intended to modernise, broaden and provide additional certainty for all parties as compared with the Enterprise Act. It is also designed to bring the UK’s powers to intervene in areas of national security into line with comparable jurisdictions, continuing a global trend towards closer oversight in respect of foreign direct investment.
Once the NSI Act comes into force, the existing Enterprise Act national security rules will be repealed. The various other means for intervention in the Enterprise Act (public health, financial stability, etc) will continue to be effective in tandem with the new NSI regime.
What does the NSI Act cover?
The NSI Act applies to acquisitions of control over qualifying entities or assets where there is or could be a potential risk to national security as a result.
Control is defined in the act to include:
- A transaction where an entity acquires or increases its interest in a qualifying entity such that is interested in at least 25 per cent (or such that it crosses the 50 per cent or 75 per cent thresholds).
- A transaction where an entity acquires voting rights in a qualifying entity such that it can secure or prevent the passage of any class of resolution
- A transaction where an entity obtains “material influence” over a qualifying entity.
- A transaction where an entity acquires specified control rights over qualifying assets.
In most cases then, control will require the acquisition of at least a 25 per cent interest, although transactions below this threshold could be caught by the "material influence" or other limbs.
(b) Qualifying entities or assets
The NSI regime can be triggered in relation to a qualifying entity or a qualifying asset. Both of these categories are cast widely, so that:
- A qualifying entity can include any company, body corporate, partnership, unincorporated association or trust.
- A qualifying asset can include any tangible property, land, or intellectual property.
Even foreign entities and assets can be caught by the NSI regime if they have a connection with activities carried on in the UK, or the supply of goods or services to persons in the UK.
(c) UK investors not exempt
The regime is agnostic as to the nationality of the relevant investor, unlike certain other foreign direct investment regimes. Investments by a UK investor will require the same analysis (and potentially notification) as acquisitions by any foreign investor. But of course, the investor’s nationality may well be relevant to the eventual determination of whether the trigger event occasions any risk from a national security perspective.
(d) Transaction size
Unlike the previous Enterprise Act powers, the NSI regime has no financial thresholds for notification, nor does it offer de minimis exemptions.
The NSI Act outlines a hybrid notification regime, with both a mandatory and a voluntary element.
(a) The high risk sectors: mandatory notification
The NSI Act defines 17 "high risk" sectors. The 17 sectors triggering a mandatory notification are Advanced Materials, Advanced Robotics, Artificial Intelligence, Civil Nuclear, Communications, Computing Hardware, Critical Suppliers to Government, Cryptographic Authentication, Data Infrastructure, Defence, Energy, Military and Dual-Use Technologies, Quantum Technologies, Satellite and Space Technologies, Critical Suppliers to the Emergency Services, Synthetic Biology and Transport.
The precise definitions of these 17 mandatory sectors continue to be developed and the Government has indicated that it will continue to refine its definitions. The latest definitions were published on 6 September and can be found here.
Failure to submit a mandatory notification when required will render the relevant transaction void, as well as providing grounds for civil and criminal penalties. Transactions falling within the mandatory regime will therefore require clearance prior to completion.
(b) Outside the high risk sectors: voluntary notification
Acquisitions or investments which do not meet the thresholds for mandatory notification, but which could nevertheless give rise to national security concerns, may nevertheless be called in for review by the Secretary of State for BEIS.
In the absence of a mandatory / voluntary notification, any transaction can be called in up to six months after the Secretary of State for BEIS becomes aware of the transaction, subject to a longstop of five years following completion.
Prior to an acquisition or investment, the investor can therefore elect to make a voluntary notification to the ISU.
Impact on national security: how to assess the risk
The ISU published its latest draft statement of policy intent in July 2021, setting out how it intends to judge the national security risks of a notifiable event based on three key categories.
(a) Target risk
The target risk concerns the entity or asset that is the subject of the trigger event. Entities carrying out certain activities within the 17 defined sectors will potentially be seen as a risk to national security. It is also possible for the acquisition of control over an asset to give rise to national security concerns, such as where assets are integral to the activities of an entity in a sensitive sector, or where land is in a sensitive location or used for a sensitive purpose.
(b) Trigger event risk
Trigger event risk concerns the potential for the trigger event itself to enable a hostile actor to undermine national security. A trigger event might be of particular concern if it might position the acquirer to wield control over a critical supply chain, facilitate inappropriate leverage over a certain sector, or provide access to a sensitive site.
(c) Acquirer risk
Acquirer risk involves an examination of the specific investor which will include an assessment of those in ultimate control of the investor, their track record in acquisitions, their other holdings in the relevant sector and their known affiliations.
The target risk, trigger event risk and acquirer risk will be considered in the round to determine whether intervention is merited.
Potential for intervention
The Government has estimated that up to 1,800 transactions may be notified each year, with up to 95 called in for a full assessment.
In theory, the Government has wide-ranging powers to block or place conditions on a proposed transaction. However, it is expected to be rare for the Government to block transactions or require significant remedies.
The impact for most investors and businesses is likely to be on the deal timeline and transaction execution.
Final regulations and guidance are expected to be published towards the end of 2021. Updates to legislation and guidance are published on the Government’s website and collected here, and we intend to provide further guidance in respect of any significant developments.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, October 2021