The National Security and Investment Act 2021 (NSI Act) is a significant new piece of legislation. It sets out a new, standalone regime allowing for the UK Government to scrutinise – and potentially block – acquisitions and investments in sensitive sectors which could impact upon national security.
The NSI Act came into force on 4 January 2022. However transitional arrangements have applied retrospectively to transactions completing since 12 November 2020.
A new operational unit – the Investment Security Unit (ISU) – has been constituted within the Department for Business, Energy and Industrial Strategy (BEIS) which is responsible for identifying, addressing and mitigating national security risks to the UK.
As further guidance continues to be published, investors, acquirers and UK based corporations should take this opportunity to familiarise themselves with the requirements of the NSI Act and its impact upon their corporate activity within the UK.
What does the NSI Act cover?
The NSI Act gives the UK Government the ability to block or apply conditions to UK corporate transactions. Although it is expected to be rare that the Government uses its powers under the NSI Act to block transactions, the impact on deal timelines could be significant, with the NSI Act requiring notification of relevant transactions prior to completion.
Where target businesses operate in any of the identified "high risk" sectors – which include artificial intelligence, communications, computing hardware, data infrastructure, energy, synthetic biology, and more – a mandatory notification may be required. Guidance as to the scope of these ‘high risk’ sectors, which are wide-ranging, is available here.
The legislation bites in particular on acquisitions and consolidations of "control", with the threshold for control being as low as 25 per cent. Significantly, there is no de minimis in terms of value and even UK investors can fall within the scope of the NSI regime. Accordingly, the impact of the NSI regime is not limited to high-profile and high-value acquisitions.
What action is needed?
We continue to engage with our clients to assist them with the impact of the NSI Act coming into force. You should be aware of the following points at this stage.
- Now that the NSI Act is in force, you should be aware of the potential for the notification procedure to impact upon the timing of relevant transactions. Where a mandatory notification is required, we would expect completion of the transaction to be conditional upon clearance. Our recommendation would be to consider notification as early as reasonably possible in a transaction, to minimise the potential delay to completion.
- We also recommend that deal documentation is reviewed, including updating due diligence questionnaires and warranties and undertakings under share purchase or investment agreements where relevant, in light of the NSI Act.
Interaction with other legislation
The Government’s previous power to intervene in transactions on the grounds of national security concerns were limited, being derived from Part 3 of the Enterprise Act 2002 (Enterprise Act). The NSI Act is intended to modernise, broaden and provide additional certainty for all parties as compared with the Enterprise Act. It is also designed to bring the UK’s powers to intervene in areas of national security into line with comparable jurisdictions, continuing a global trend towards closer oversight in respect of foreign direct investment.
The existing Enterprise Act national security rules were repealed when the NSI Act came into force. The various other means for intervention in the Enterprise Act (public health, financial stability, etc) continue to be effective in tandem with the new NSI regime. The government published a guidance note on 4 January 2022 on how the NSI Act will work alongside other regulatory requirements, here.
What does the NSI Act cover?
The NSI Act applies to acquisitions of control over qualifying entities or assets where there is or could be a potential risk to national security as a result.
Control is defined in the act to include:
- A transaction where an entity acquires or increases its interest in a qualifying entity such that is interested in at least 25 per cent (or such that it crosses the 50 per cent or 75 per cent thresholds).
- A transaction where an entity acquires voting rights in a qualifying entity such that it can secure or prevent the passage of any class of resolution
- A transaction where an entity obtains “material influence” over a qualifying entity.
- A transaction where an entity acquires specified control rights over qualifying assets.
In most cases then, control requires the acquisition of at least a 25 per cent interest, although transactions below this threshold could be caught by the "material influence" or other limbs.
(b) Qualifying entities or assets
The NSI regime can be triggered in relation to a qualifying entity or a qualifying asset. Both of these categories are cast widely, so that:
- A qualifying entity can include any company, body corporate, partnership, unincorporated association or trust.
- A qualifying asset can include any tangible property, land, or intellectual property.
Even foreign entities and assets can be caught by the NSI regime if they have a connection with activities carried on in the UK, or the supply of goods or services to persons in the UK.
(c) UK investors not exempt
The regime is agnostic as to the nationality of the relevant investor, unlike certain other foreign direct investment regimes. Investments by a UK investor requires the same analysis (and potentially notification) as acquisitions by any foreign investor. But of course, the investor’s nationality may well be relevant to the eventual determination of whether the trigger event occasions any risk from a national security perspective.
(d) Transaction size
Unlike the previous Enterprise Act powers, the NSI regime has no financial thresholds for notification, nor does it offer de minimis exemptions.
The NSI Act outlines a hybrid notification regime, with both a mandatory and a voluntary element.
(a) The high risk sectors: mandatory notification
The NSI Act defines 17 "high risk" sectors. The 17 sectors triggering a mandatory notification are Advanced Materials, Advanced Robotics, Artificial Intelligence, Civil Nuclear, Communications, Computing Hardware, Critical Suppliers to Government, Cryptographic Authentication, Data Infrastructure, Defence, Energy, Military and Dual-Use Technologies, Quantum Technologies, Satellite and Space Technologies, Critical Suppliers to the Emergency Services, Synthetic Biology and Transport. The parameters of these 17 mandatory sectors have been outlined by the government, here.
Failure to submit a mandatory notification when required will render the relevant transaction void, as well as providing grounds for civil and criminal penalties. Transactions falling within the mandatory regime therefore require clearance prior to completion.
(b) Outside the high risk sectors: voluntary notification
Acquisitions or investments which do not meet the thresholds for mandatory notification, but which could nevertheless give rise to national security concerns, may nevertheless be called in for review by the Secretary of State for BEIS.
In the absence of a mandatory / voluntary notification, any transaction can be called in up to six months after the Secretary of State for BEIS becomes aware of the transaction, subject to a longstop of five years following completion.
Prior to an acquisition or investment, the investor can therefore elect to make a voluntary notification to the ISU.
Impact on national security: how to assess the risk
The ISU published a guidance notice on 2 November 2021, setting out how it intends to judge the national security risks of a notifiable event based on three key categories.
(a) Target risk
The target risk concerns the entity or asset that is the subject of the trigger event. Entities carrying out certain activities within the 17 defined sectors will potentially be seen as a risk to national security. It is also possible for the acquisition of control over an asset to give rise to national security concerns, such as where assets are integral to the activities of an entity in a sensitive sector, or where land is in a sensitive location or used for a sensitive purpose.
(b) Trigger event risk
Trigger event risk concerns the potential for the trigger event itself to enable a hostile actor to undermine national security. A trigger event might be of particular concern if it might position the acquirer to wield control over a critical supply chain, facilitate inappropriate leverage over a certain sector, or provide access to a sensitive site.
(c) Acquirer risk
Acquirer risk involves an examination of the specific investor which includes an assessment of those in ultimate control of the investor, their track record in acquisitions, their other holdings in the relevant sector and their known affiliations.
The target risk, trigger event risk and acquirer risk will be considered in the round to determine whether intervention is merited.
Potential for intervention
The Government has estimated that up to 1,800 transactions may be notified each year, with up to 95 called in for a full assessment.
In theory, the Government has wide-ranging powers to block or place conditions on a proposed transaction. However, it is expected to be rare for the Government to block transactions or require significant remedies.
The impact for most investors and businesses is likely to be on the deal timeline and transaction execution.
Updates to legislation and guidance are published on the Government’s website and collected here, and we intend to provide further guidance in respect of any significant developments.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, April 2022