Updated on 24.10.23, as originally published on 01.10.2021
The National Security and Investment Act 2021 (NSI Act) is a significant piece of legislation setting out a standalone regime allowing for the UK Government to scrutinise, and potentially block, acquisitions and investments in sensitive sectors or locations which could impact upon national security.
The NSI Act came into force on 4 January 2022 and retrospective arrangements applied to transactions completing after 12 November 2020.
A new operational unit, the Investment Security Unit (ISU), sits within the Cabinet Office (having moved from the Department for Business, Energy and Industrial Strategy to the Cabinet Office in February 2023) and is responsible for identifying, addressing and mitigating national security risks to the UK.
As we continue to learn more about the impact of the NSI Act on the investment landscape, investors, acquirers and UK based corporations should take this opportunity to familiarise themselves with the requirements of the NSI Act and its effect on their activity within the UK and abroad. We are tracking developments closely and are regularly updating our guidance in this article, which was last updated on 24 October 2023.
Introduction and key considerations
The NSI Act gives the UK Government the ability to block or apply conditions to certain transactions. Although evidence so far indicates that the Government will not usually use its powers under the NSI Act to block transactions, the impact on deal timelines could be significant, with the NSI Act requiring notification of relevant transactions prior to completion.
Where target businesses operate in any of the identified "high risk" sectors, which include artificial intelligence, communications, computing hardware, data infrastructure, energy, synthetic biology and more, a mandatory notification may be required. Guidance on the scope of these “high risk” sectors, which are wide-ranging, is available here.
The legislation bites in particular on acquisitions and consolidations of "control", with the threshold for control being as low as 25 per cent. Significantly, there is no de minimis in terms of value, and even UK investors can fall within the scope of the NSI regime. Accordingly, the impact of the NSI regime is not limited to high-profile and high-value acquisitions (though clearly these might be expected to attract the most Government scrutiny).
What action is needed?
We continue to engage with our clients to ensure that they are mindful of the impact of the NSI Act on their activities, primarily in respect of investment and fundraising activities. In particular:
- Now that the NSI Act is in force, you should be aware of the expansion in the Government’s powers to intervene in transactions on the grounds of national security (as compared with the previous regime under the Enterprise Act).
- It is particularly important to consider the potential for the notification procedure to impact upon the timing of relevant transactions. Where a mandatory notification is required, we would expect completion of the transaction to be conditional upon clearance. Our recommendation would be to consider notification as early as reasonably possible in a transaction, to minimise the potential delay to completion.
- We also recommend reviewing deal documentation, including updating due diligence questionnaires and warranties and undertakings under share purchase or investment agreements where relevant, in light of the NSI Act.
What does the NSI Act cover?
The NSI Act applies to acquisitions of control over qualifying entities or assets where there is or could be a potential risk to national security as a result.
Control is defined in the act to include:
- A transaction where an entity acquires or increases its interest in a qualifying entity such that it is interested in at least 25 per cent (or such that it crosses the 50 per cent or 75 per cent thresholds).
- A transaction where an entity acquires voting rights in a qualifying entity such that it can secure or prevent the passage of any class of resolution.
- A transaction where an entity obtains “material influence” over a qualifying entity.
- A transaction where an entity acquires specified control rights over qualifying assets.
In most cases, then, control requires the acquisition of at least a 25 per cent interest, although transactions below this threshold could be caught by the "material influence" or other limbs. In this regard, note the scrutiny of Altice’s 18 per cent stake in BT Group plc, which was called in at a percentage threshold significantly below 25 per cent.
(b) Qualifying entities or assets
The NSI regime can be triggered in relation to a qualifying entity or a qualifying asset. Both of these categories are cast widely, so that:
- A qualifying entity can include any company, body corporate, partnership, unincorporated association or trust.
- A qualifying asset can include any tangible property, land, or intellectual property.
Even foreign entities and assets can be caught by the NSI regime if they have a connection with activities carried out in the UK, or the supply of goods or services to persons in the UK.
(c) UK investors not exempt
The regime is agnostic as to the nationality of the relevant investor, unlike certain other foreign direct investment regimes. Investments by a UK investor requires the same analysis (and potentially notification) as acquisitions by any foreign investor. But of course, the investor’s nationality may well be relevant to the eventual determination of whether the trigger event occasions any risk from a national security perspective.
(d) Transaction size
Unlike the previous Enterprise Act powers, the NSI regime has no financial thresholds for notification, nor does it offer de minimis exemptions.
The NSI Act outlines a hybrid notification regime, with both a mandatory and a voluntary element.
(a) The high-risk sectors: mandatory notification
The NSI Act defines 17 "high risk" sectors. The 17 sectors triggering a mandatory notification are advanced materials, advanced robotics, artificial intelligence, civil nuclear, communications, computing hardware, critical suppliers to government, cryptographic authentication, data infrastructure, defence, energy, military and dual-use technologies, quantum technologies, satellite and space technologies, critical suppliers to the emergency services, synthetic biology, and transport. The parameters of these 17 mandatory sectors have been outlined by the Government here.
Failure to submit a mandatory notification when required will render the relevant transaction void, as well as providing grounds for civil and criminal penalties. Transactions falling within the mandatory regime therefore require clearance prior to completion.
At present, the mandatory notification regime only applies to acquisitions of control over qualifying entities and does not apply to acquisitions of qualifying assets.
(b) Outside the high risk sectors: voluntary notification
Acquisitions or investments which do not meet the thresholds for mandatory notification, but which could nevertheless give rise to national security concerns, may still be called in for review by the Secretary of State for the Cabinet Office.
In the absence of a mandatory / voluntary notification, any transaction can be called in up to six months after the Secretary of State becomes aware of the transaction, subject to a longstop of five years following completion.
Prior to an acquisition or investment, an investor can therefore elect to make a voluntary notification to the ISU.
Impact on national security: how to assess the risk
The ISU judges the national security risks of a notifiable event based on three key categories, as set out in a guidance notice here.
(a) Target risk
The target risk concerns the entity or asset that is the subject of the trigger event. Entities carrying out certain activities within the 17 defined sectors will potentially be seen as a risk to national security. It is also possible for the acquisition of control over an asset to give rise to national security concerns, for example where assets are integral to the activities of an entity in a sensitive sector, or where land is in a sensitive location or used for a sensitive purpose.
(b) Trigger event risk
Trigger event risk concerns the potential for the trigger event itself to enable a hostile actor to undermine national security. A trigger event might be of particular concern if it has the potential to allow the acquirer to wield control over a critical supply chain, facilitate inappropriate leverage over a certain sector or provide access to a sensitive site.
(c) Acquirer risk
Acquirer risk involves an examination of the specific investor, which includes an assessment of those in ultimate control of the investor, their track record in acquisitions, their other holdings in the relevant sector and their known affiliations.
The target risk, trigger event risk and acquirer risk will be considered in the round to determine whether intervention is merited.
Potential for intervention
The Government estimated that up to 1,800 transactions may be notified each year, with up to 95 called in for a full assessment. However, initial data indicates otherwise at this stage (please see further information on this below).
In theory, the Government has wide-ranging powers to block or place conditions on a proposed transaction. However, it is expected to be rare for the Government to block transactions or require significant remedies.
The impact for most investors and businesses is likely to be on the deal timeline and transaction execution.
Impact on secured lending transactions
Security over Shares and the NSI Act
The vast majority of secured lending transactions are expected to be low risk for the purposes of the NSI Act. Loans, especially loans drafted on market standard terms are unlikely to be subject to the NSI Act. Similarly, most types of security will not of themselves trigger notification under the NSI Act. However, if a lender is taking share security, depending on the form of that share security (eg whether it is equitable or legal), secured lending transactions could require notification to the ISU and pre-clearance from the Secretary of State, either on at the point the share security is taken, or prior to enforcement of the share security.
It is now reasonably clear that equitable security over shares should not require notification ab initio, but may require notification before any enforcement. The Cabinet Office and the City of London Law Society have provided joint guidance that, while the grant of a security over shares could create an equitable interest in such shares, such an interest should not grant control over such shares (within the meaning of the NSI Act) until the happening of an event that would provide control (eg an enforcement event).
This is not a free pass for lenders, however, because the creation of a legal charge over shares in a qualifying entity at the point of taking security (where the lender is the legal owner of the shares from the outset) and / or the acquisition of voting rights by lenders (when a lender takes an equitable charge over shares at the outset but then subsequently obtains the requisite level of control in the qualifying entity after an enforcement / default event occurs) could require pre-clearance from the Secretary of State. Specialist advice should therefore be taken in these situations.
Market Update: Annual Reports
The Government has published two Annual Reports on the operation of the NSI Act. The first covers the initial implementation period from 4 January 2022 to 31 March 2022. The second Annual Report references the period 1 April 2022 to 31 March 2023. While very little information about notified transactions is made publicly available, all final orders are published on the Government website and the Annual Reports provide a high-level snapshot of the trends that have been identified to date.
In addition to the 222 notifications made in the first three months after the law came into force, there were 866 notifications in the period 1 April 2022 to 31 March 2023. The combined total therefore sits at the lower end of the Government’s expected filing range of 1,000-1,800 per annum. Our key takeaways are as follows:
- Sector learnings
Of those notifications reported in the second Annual Report, 671 were mandatory and 47 per cent concerned the defence sector, which is arguably what you would expect for a regime with national security at its heart.
Interestingly, some of the voluntary notifications appear to relate to transactions where (broadly speaking) the target falls within the same industry as one of the 17 high risk sectors. This data appears to suggest that the market is taking a cautious approach in submitting notifications where there is reason to believe the ISU may be interested in the transaction based on the sector, irrespective of mandatory notification thresholds.
What we cannot deduce from the data is how many transactions relate to internal reorganisations. Two consecutive notifications must be made where there is a preliminary restructuring followed by a divestment of an asset, and it is not clear how many of the notifications to date relate to intra-group arrangements or transactions that are connected in some way.
- Acquirer risk learnings
It is arguably not surprising that 42 per cent of called-in transactions during the second reporting period involved Chinese acquirers.
Perhaps more interestingly, acquisitions involving a UK acquirer are the second most common, with 33 per cent of the call-ins involving a UK acquirer (closely followed by the US in third place). This serves as a clear reminder that the NSI Act is not solely a foreign direct investment regime and domestic transactions are just as much in scope.
- Blocked deals
The second Annual Report confirms that 15 final orders were made, of which only five blocked transactions entirely.
Proportionately, the vast majority of notified transactions were cleared unconditionally. Most of the final orders were in the military and dual use and communications sectors, closely followed by the defence and energy sectors which again aligns with a regime that is centred on national security.
Updates to legislation and guidance are published on the Government’s website and collected here, and we intend to provide further guidance in respect of any significant developments.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, October 2023