The UK’s new, more extensive national security regime entered into force on January 4, 2022. This followed publication of the National Security and Investment Bill on November 11, 2020, which became the National Security and Investment Act 2021 after receiving Royal Assent on April 29, 2021. The new regime is the culmination of a number of years of discussion of the UK’s approach to national security matters, including a White Paper in 2018. It reflects a global trend for more intervention in and scrutiny of national security issues (as demonstrated, for example, by the EU FDI Regulation).
Headline points to note are:
- A significant expansion of the types of transactions covered by national security reviews – moving beyond mergers and acquisitions to include a much broader range of deals including minority investments, acquisitions of voting rights and acquisitions of assets including land and IP (although investigations of assets are expected to be rare).
- The UK Government has the power to review (call-in) relevant deals that take place from any point after the date the Bill was published (i.e. deals entered into or completing on or after November 12, 2020) although the full regime applies only from January 4, 2022.
- Failure to comply may result in heavy sanctions including turnover-based fines and criminal liability, as well as the risk of transactions subject to mandatory notification being void.
The expectation is that the Government will be more likely to intervene in transactions under this new regime than was the case under the national security provisions of the Enterprise Act 2002 (which fell away when the Act came into effect). Concerns are more likely under the new regime if a transaction involves the acquisition of an entity or asset in (or closely linked to) 17 specified sectors of the economy, although the new powers are deliberately flexible to address concerns in any sector and evolving national security risks (with national security not defined).
The Act has introduced a significant change in approach in terms of the requirement on companies to notify deals under mandatory elements of the new regime, which are very broad and are backed by the power to impose significant financial and criminal penalties for failure to comply. However, the final mandatory regime is narrower than it might otherwise have been – the lowest percentage threshold triggering a mandatory notification under the Act requires an acquisition of more than 25 per cent of voting rights or shares in a qualifying entity, whereas the Bill had proposed a lower threshold of 15 per cent.
Now the regime is in force, the key issue for companies to consider is whether their transaction requires mandatory notification or alternatively a voluntary notification may be advisable, as well as ensuring that the regime is factored into deal timelines and documentation to manage the risks of delay or Government intervention.
We summarise the key points of the new regime in more detail below. You can also download our decision tree to help identify transactions falling within the scope of the new regime.
What does the new regime cover?
The new regime falls into two parts: (a) a mandatory regime; and (b) a voluntary regime. The mandatory regime requires qualifying transactions to be notified for approval before they take place. The voluntary regime allows parties to submit transactions for approval – and also allows deals to be called-in retrospectively even if not voluntarily notified. Notifications are made to the new Investment Security Unit (ISU) (within the Department for Business, Energy and Industrial Strategy (BEIS)), which operates the regime on a day-to-basis, although under the Act it is strictly the Secretary of State for BEIS who decides whether to call-in a transaction and the outcome of any review.
The test for a mandatory notification is broadly in two parts: (a) there needs to be a trigger event; and (b) the transaction needs to involve a target entity active in a qualifying sector.
The 17 qualifying sectors and final definitions for these sectors are set out in a Statutory Instrument – the National Security and Investment Act 2021 (Notifiable Acquisition) (Specification of Qualifying Entities) Regulations 20211. As well as obvious sectors such as defence, energy and transport, there is a significant focus on technology and innovation – e.g. advanced robotics and quantum technologies. The sector definitions are relatively detailed and technical and, recognising their complexity, BEIS has published guidance to help explain what the definitions are intended to capture and how to apply them. However, despite this guidance, the definitions are often not straightforward to apply. Parties may also need to consider several of the sector definitions given a number are closely linked, and take care that even if a target’s core activities are not within one of the 17 sectors it does not have other activities that are caught, e.g. a technology product involving artificial intelligence or advanced robotics.
The trigger events for mandatory notification are:
- The acquisition of more than 25 per cent, more than 50 per cent, or 75 per cent or more of the voting rights or shares in a qualifying entity.
- The acquisition of voting rights enabling or preventing the passage of any class of resolution governing the affairs of the qualifying entity.
The Bill as originally published also proposed that an acquisition of 15 per cent or more of voting rights or shares in a qualifying entity would be a “notifiable acquisition” – not a trigger event in itself, but one which must be notified so that an assessment could be made of whether there was a trigger event. However, the 15 per cent threshold was removed from the Bill shortly before it received Royal Assent, so transactions at this level do not require mandatory notification under the Act. It appears this change was prompted by a concern that the threshold was disproportionate, noting that mandatory notification under the US CFIUS regime, for example, starts at 25 per cent.
The trigger events described above also apply to target entities that are not active in a qualifying sector – however, in those cases the notification is voluntary rather than mandatory.
In addition, whether or not the transaction involves a target entity in a qualifying sector, there are trigger events which apply under the voluntary regime (i.e. which do not require mandatory notification). These are as follows:
- The acquisition of material influence over a qualifying entity’s policy.
- The acquisition of a right or interest in, or in relation to, a qualifying asset providing the ability to use or control the asset (either entirely or to a greater extent).
“Material influence” in this context has the same meaning as established in the UK merger control case law. In these cases, parties need to consider whether a voluntary notification is advisable.
Connection with the UK
To fall within the new regime the target entity or asset must be from, in or have a sufficient connection with the UK. A qualifying entity must carry on activities in the UK or supply goods or services to people in the UK, and a qualifying asset must be used in connection with activities carried on in the UK or the supply of goods or services to people in the UK.
BEIS has published specific guidance on when target entities and assets outside the UK are within the scope of the new regime, which indicates a relatively broad approach in this regard – e.g. an overseas company producing goods for export to a UK company could be caught, as could machinery located overseas used to produce equipment that is used in the UK.
Assessments will also be fact specific and may not be straightforward – e.g. the guidance explains that an overseas entity is likely to be a qualifying entity if its staff travel to the UK and undertake business activities similar to working in a regional office (such as performing services for a UK client on a regular basis), but is not likely to be one if those staff solely conduct market research or are part of a sales team seeking new clients.
Another complexity is that, whereas a non-UK entity counts as a qualifying entity if it carries on activities in the UK or supplies goods or services to persons in the UK, for an acquisition of such an entity to require mandatory notification it must actually carry on UK activities (i.e. suggesting mere supply of goods or services to UK persons is insufficient) that fall within one of the 17 sensitive sectors. However, care is needed in this regard as some of the activities within the definitions for the 17 sectors include supply of goods or services to UK persons.
While the focus is clearly third party acquisitions, intra-group reorganisations may also fall within the new regime, potentially even requiring mandatory notification. The published guidance provides the example of two parties that share the same ultimate owner but are run separately from each other. If one of these parties acquires part of the other, this would fall within the scope of the Act if the level of interest being acquired amounts to a trigger event. The rationale for catching such transactions is that, although the ultimate owner remains the same, the ownership goes through a different corporate chain. However, this adds a further layer of complexity to the new regime.
A key take away is that this new regime is wider than traditional M&A deals. The trigger events set out above could include minority investments, as well as intra-group transactions and (in the context of the voluntary regime) acquisitions of or transactions giving control over assets such as land or IP.
Under the Act, the Secretary of State must publish a statement explaining how the power to call-in transactions for a full national security assessment is expected to be used. An initial draft statement was published in November 2020 followed by a revised version published in July 2021 for consultation before the final statement was published on November 2, 2021. This provides guidance on the sorts of issues that will be taken into account when considering whether to call a transaction in – and hence how parties might assess whether to make a voluntary notification, as well as whether a notified transaction (under either the mandatory or voluntary regime) is likely to be cleared after an initial review or called-in for a full assessment (see further below).
Qualifying acquisitions in any area of the economy could be reviewed, but a transaction is unlikely to be called-in unless the target entity or asset is in one of the 17 sensitive sectors or a sector closely-linked to one of those sectors. Three risk factors are also relevant in particular in determining whether a transaction is likely to be called-in:
- Target risk – whether the target entity or asset is being used, or could be used, in a way that poses a risk to national security;
- Acquirer risk – whether the acquirer has characteristics that suggest there is, or may be, a risk to national security from the acquirer having control of the target; and
- Control risk – whether the amount of control that has been, or will be, acquired poses a risk to national security (a higher level of control may increase the level of national security risk).
We understand BEIS believes there will be around 1,000 to 1,830 transactions notified each year with 70 to 95 transactions called-in for a full national security assessment. While these estimates were made prior to the 15 per cent threshold being removed, we think the number of transactions notified and reviewed could potentially be higher than this given the broad scope of the new regime. Overall levels of deal activity and whether parties generally take a cautious approach regarding voluntary notifications will also impact the number of reviews. BEIS recently reported that 222 notifications were submitted during the first three months of 2022, with 17 of these transactions called-in for a full assessment – which suggests that around 900 transactions might be notified each year, with around 70 called-in for a full assessment, if numbers remain at similar levels. However, care is needed regarding these early figures, given the short time period and suggestions from BEIS that deal activity during this period may have been negatively impacted by the COVID-19 Omicron variant.
Whatever the exact number of national security reviews under the new regime, it is clear the number will be significantly higher than under the previous Enterprise Act regime. National security reviews under the Enterprise Act were relatively rare (fewer than 20 reviews since 2003), even despite a notable increase in such reviews after the Bill for the new regime was published in November 2020.
When does this take effect?
While the full regime came into force on January 4, 2022, the retrospective call-in power applies from the day after publication of the Bill. This means that, in addition to transactions where a trigger event occurs on or after January 4, 2022, relevant deals where a trigger event occurred during the period November 12, 2020 to January 3, 2022 can be called-in for review now the regime has commenced.
Parties to transactions where a trigger event occurred during the period November 12, 2020 to January 3, 2022 had an incentive to make the ISU aware of their transaction before the Act came into force. Doing so limited any retrospective call-in to six months from January 4, 2022 instead of up to five years from that date (although any call-in subject to the five-year deadline also needs to be within six months of when the Secretary of State became aware of the trigger event after the Act came into force). BEIS revealed in April 2021 that parties were already providing information about approximately ten transactions per week, but none had raised substantive concerns at that time. Since the Act came into force we understand at least two transactions have been called-in for review where the relevant trigger event occurred prior to January 4, 2022.
The mandatory notification requirements have applied from January 4, 2022 (including in relation to any deals that signed previously but where a relevant trigger event takes place after the Act came into force). Accordingly, parties to any deals that might require mandatory notification need to factor the process into their deal planning, and likewise for transactions where parties decide to submit a voluntary notification.
What is the process/timetable?
The ISU within BEIS deals with notifications. They will conduct an initial review within 30 working days of notification, after which the transaction will either be cleared or called-in for a full national security assessment. A full assessment will itself take up to 30 working days, subject to an initial extension of 45 working days, and further potential voluntary extension if agreed with the parties. The clock can be stopped on the review during a full assessment if further information is required.
For mandatory notifications, clearance must be received before the transaction takes place. Where a mandatory notification has not been made, the Secretary of State may call-in the deal at any future point, provided this is within six months of the Secretary of State becoming aware of the trigger event.
For voluntary notifications, the parties have the option to notify, but the Secretary of State is able to call-in a deal for up to six months after they become aware of it, any time up to five years after the deal takes place. A transaction under the voluntary regime but not voluntarily notified will proceed straight to a full assessment if called-in for review.
There are specific requirements for the content of mandatory and voluntary notifications, which are set out in the National Security and Investment Act 2021 (Prescribed Form and Content of Notices and Validation Applications) Regulations 2021. Additional requirements in terms of the procedure for submitting notifications and other documents to BEIS, including use of the NSI electronic portal, are in the National Security and Investment Act 2021 (Procedure for Service) Regulations 2021.
Are there sanctions for failing to notify?
Yes. If a deal requiring mandatory notification is not approved the transaction will be legally void. In addition, there are civil and criminal penalties, including potential daily penalties for ongoing breaches. Completing a transaction that is subject to mandatory notification without approval will risk a penalty of up to 5 per cent of group worldwide turnover or £10 million (whichever is higher), and imprisonment for individuals for up to five years. BEIS has published guidance on compliance and enforcement, including possible penalties and factors relevant to whether a breach is considered serious (which include whether a party has committed repeat or multiple breaches or engaged in intentional avoidance or circumvention).
The Secretary of State may retrospectively validate a transaction that failed to gain approval, and the required content of validation applications is set out in the National Security and Investment Act 2021 (Prescribed Form and Content of Notices and Validation Applications) Regulations 2021.
We understand the ISU is already investigating at least one transaction for possible breach of the requirement to make a mandatory notification, and in another case rejected a mandatory notification because the relevant transaction had already completed so required submission of a retrospective validation application instead.
What are the remedies?
The Secretary of State has the power to impose remedies to address any national security concerns. These may include, for example, conditions restricting access to sensitive sites, access to confidential information and intellectual property transfers. Ultimately the Secretary of State has the power to block deals, or to require acquisitions that have taken place to be divested or unwound.
However, the vast majority of transactions reviewed under the new regime are expected to be cleared without needing remedies. Despite this, the new regime is far-reaching with serious consequences for non-compliance and requires parties to transactions in a much wider range of situations to engage with a potential national security review than under the previous Enterprise Act regime.
Glenn Hall was previously Special Adviser to Greg Clark MP, Secretary of State for BEIS at the time the Government issued the initial proposals leading to the Act.