The UK’s new, more extensive national security regime will enter into force on January 4, 2022. This follows publication of the National Security and Investment Bill on November 11, 2020, which became the National Security and Investment Act 2021 after receiving Royal Assent on April 29, 2021. The new regime is the culmination of a number of years of discussion of the UK’s approach to national security matters, including a White Paper in 2018. It reflects a global trend for more intervention in and scrutiny of national security issues (as demonstrated, for example, by the recent EU FDI Regulation).
Headline points to note are:
- A significant expansion of the types of transactions covered by national security reviews – moving beyond mergers and acquisitions to include a much broader range of deals including minority investments, acquisitions of voting rights and acquisitions of assets including land and IP (although investigations of assets are expected to be rare).
- The UK Government has the power to review (call-in) relevant deals that take place from any point after the date the Bill was published (i.e. deals entered into or that complete on or after November 12, 2020) although the full regime will only be in place once the Act enters into force on January 4, 2022.
- Failure to comply may result in heavy sanctions including turnover-based fines and criminal liability, as well as the risk of transactions subject to mandatory notification being void.
The expectation is that the Government will be more likely to intervene in transactions under this new regime than has been the case under the national security provisions of the Enterprise Act 2002 (which will fall away when the Act comes into effect). Concerns are more likely under the new regime if a transaction involves the acquisition of an entity or asset in (or closely linked to) 17 specified sectors of the economy, although the new powers are deliberately flexible to address concerns in any sector and evolving national security risks (with national security not defined).
The Act introduces a significant change in approach in terms of the requirement on companies to notify deals under mandatory elements of the new regime, which are very broad and are backed by the power to impose significant financial and criminal penalties for failure to comply. However, the final mandatory regime is narrower than it might otherwise have been – the lowest percentage threshold triggering a mandatory notification under the Act requires an acquisition of more than 25 per cent of votes or shares in a qualifying entity, whereas the Bill had proposed a lower threshold of 15 per cent.
The key points for companies to consider are: (a) the need to alert the Government of any transactions entered into on or after November 12, 2020 (or conditional deals entered into prior to that date but where a “trigger event” might still occur) to manage the risk of those deals being “called-in” for retrospective review once the Act comes into force; and (b) looking forward, how the regime will need to be factored into future deal timelines and documentation to manage the risks of delay or Government intervention.
We summarise the key points of the new regime in more detail below. You can also download our decision tree to help identify transactions falling within the scope of the new regime.
What does the new regime cover?
The new regime falls into two parts: (a) a mandatory regime; and (b) a voluntary regime. The mandatory regime will require qualifying transactions to be notified for approval before they take place once the Act comes into force. The voluntary regime will allow parties to submit transactions for approval – and also allow the new Investment Security Unit to call-in deals retrospectively even if not voluntarily notified.
The test for a mandatory notification is broadly in two parts: (a) there needs to be a trigger event; and (b) the transaction needs to involve a target entity active in a qualifying sector.
The 17 qualifying sectors and final definitions for these sectors are set out in a Statutory Instrument – the National Security and Investment Act 2021 (Notifiable Acquisition) (Specification of Qualifying Entities) Regulations 20211. As well as obvious sectors such as defence, energy and transport, there is a significant focus on technology and innovation – e.g. advanced robotics and quantum technologies. The sector definitions are relatively detailed and technical and, recognising their complexity, the Department for Business, Energy and Industrial Strategy (BEIS) has published guidance to help explain what the definitions are intended to capture and how to apply them.
The trigger events for mandatory notification are:
- The acquisition of more than 25 per cent, more than 50 per cent, or 75 per cent or more of the votes or shares in a qualifying entity.
- The acquisition of voting rights enabling or preventing the passage of any class of resolution governing the affairs of the qualifying entity.
The Bill as originally published also proposed that an acquisition of 15 per cent or more of votes or shares in a qualifying entity would be a “notifiable acquisition” – not a trigger event in itself, but one which must be notified so that an assessment could be made of whether there was a trigger event. However, the 15 per cent threshold was removed from the Bill shortly before it received Royal Assent, so transactions at this level do not require mandatory notification under the Act. It appears this change was prompted by a concern that the threshold was disproportionate, noting that mandatory notification under the US CFIUS regime, for example, starts at 25 per cent.
The trigger events described above also apply to target entities that are not active in a qualifying sector – however, in those cases the notification is voluntary rather than mandatory.
In addition, whether or not the transaction involves a target entity in a qualifying sector, there are trigger events which apply under the voluntary regime (i.e. which do not require mandatory notification). These are as follows:
- The acquisition of material influence over a qualifying entity’s policy.
- The acquisition of a right or interest in, or in relation to, a qualifying asset providing the ability to use or control the asset (either entirely or to a greater extent).
“Material influence” in this context has the same meaning as established in the UK merger control case law. In these cases, parties will need to consider whether a voluntary notification is advisable.
Connection with the UK
To fall within the new regime the target entity or asset must be from, in or have a sufficient connection with the UK. A qualifying entity must carry on activities in the UK or supply goods or services to people in the UK, and a qualifying asset must be used in connection with activities carried on in the UK or the supply of goods or services to people in the UK.
BEIS has published specific guidance on when target entities and assets outside the UK are within the scope of the new regime, which indicates a relatively broad approach in this regard – e.g. an overseas company producing goods for export to a UK company could be caught, as could machinery located overseas used to produce equipment that is used in the UK.
Assessments will also be fact specific and may not be straightforward – e.g. the guidance explains that an overseas entity is likely to be a qualifying entity if its staff travel to the UK and undertake business activities similar to working in a regional office (such as performing services for a UK client on a regular basis), but is not likely to be one if those staff solely conduct market research or are part of a sales team seeking new clients.
While the focus is clearly third party acquisitions, intra-group reorganisations may also fall within the new regime, potentially even requiring mandatory notification. The published guidance provides the example of two parties that share the same ultimate owner but are run separately from each other. If one of these parties acquires part of the other, this would fall within the scope of the Act if the level of interest being acquired amounts to a trigger event. The rationale for catching such transactions is that, although the ultimate owner remains the same, the ownership goes through a different corporate chain. However, this adds a further layer of complexity to the new regime.
A key take away is that this new regime is wider than traditional M&A deals. The trigger events set out above could include minority investments, as well as intra-group transactions and (in the context of the voluntary regime) acquisitions of or transactions giving control over assets such as land or IP.
Under the Act, the Secretary of State must publish a statement explaining how the power to call-in transactions for a full national security assessment is expected to be used. An initial draft statement was published in November 2020 followed by a revised version published in July 2021 for consultation before the final statement was published on November 2, 2021. This provides guidance on the sorts of issues that will be taken into account when considering whether to call a transaction in – and hence how parties might assess whether to make a voluntary notification, as well as whether a notified transaction (under either the mandatory or voluntary regime) is likely to be cleared after an initial review or called-in for a full assessment (see further below).
Qualifying acquisitions in any area of the economy could be reviewed, but a transaction is unlikely to be called-in unless the target entity or asset is in one of the 17 sensitive sectors or a sector closely-linked to one of those sectors. Three risk factors will also be relevant in particular in determining whether a transaction is called-in:
- Target risk – whether the target entity or asset is being used, or could be used, in a way that poses a risk to national security;
- Acquirer risk – whether the acquirer has characteristics that suggest there is, or may be, a risk to national security from the acquirer having control of the target; and
- Control risk – whether the amount of control that has been, or will be, acquired poses a risk to national security (a higher level of control may increase the level of national security risk).
We understand BEIS believes there will be around 1,000 to 1,830 transactions notified each year with 70 to 95 transactions called-in for a full national security assessment. While these estimates were made prior to the 15 per cent threshold being removed, we think the number of transactions notified and reviewed could still be higher than this given the broad scope of the new regime.
When does this take effect?
The retrospective call-in power applies from the date after publication of the Bill. This means that parties to deals that take place on or after November 12, 2020 (or conditional deals that were entered into before that date but where a “trigger event” might occur later), and that might meet the tests for notification should consider whether it is advisable for them to approach the Government. A Government email address has been set up for notification of such deals. The advantage of doing so is that the Government’s ability to retrospectively call-in a deal for review once the Act comes into force will be limited to six months, instead of five years if the deal is not brought to the Government’s attention. Such engagement may also provide an indication of whether the Government is actually likely to exercise its call-in power when the new regime is in force – BEIS revealed in April 2021 that parties were already providing information about approximately ten transactions per week, but none had so far raised substantive concerns at that time.
The mandatory notification requirements take effect when the new regime is up and running, i.e. January 4, 2022 (including in relation to any deals that have signed previously but where a relevant trigger event takes place after the Act comes into force). Accordingly, parties to any deals that might require mandatory notification should be factoring the process into their deal planning now.
Pending commencement of the new regime, parties to relevant deals should also not overlook the possibility of a national security review under the Enterprise Act regime. National security reviews under the Enterprise Act have been relatively rare (fewer than 20 transactions reviewed since 2003), but remain possible until the new regime commences and there has been a noticeable increase in national security reviews under the Enterprise Act since the new regime was announced in November 2020.
What is the process/timetable?
A specific unit, the Investment Security Unit, within BEIS will deal with notifications. They will conduct an initial review within 30 working days of notification, after which the transaction will either be cleared or called-in for a full national security assessment. A full assessment will itself take up to 30 working days, subject to an initial extension of 45 working days, and further potential voluntary extension if agreed with the parties. The clock can be stopped on the review if further information is required.
For mandatory notifications, clearance must be received before the transaction takes place. Where a mandatory notification has not been made, the Secretary of State may call-in the deal at any future point.
For voluntary notifications, the parties will have the option to notify, but the Secretary of State will be able to call-in a deal for up to six months after they become aware of it, any time up to five years after the deal takes place. A transaction under the voluntary regime but not voluntarily notified will proceed straight to a full assessment if called-in for review.
There are specific requirements for the content of mandatory and voluntary notifications, which are set out in the National Security and Investment Act 2021 (Prescribed Form and Content of Notices and Validation Applications) Regulations 2021. Additional requirements in terms of the procedure for submitting notifications and other documents to BEIS, including use of the NSI electronic portal, are in the National Security and Investment Act 2021 (Procedure for Service) Regulations 2021.
Are there sanctions for failing to notify?
Yes. If a deal requiring mandatory notification is not approved the transaction will be legally void. In addition, there are civil and criminal penalties, including potential daily penalties for ongoing breaches. Completing a transaction that is subject to mandatory notification without approval will risk a penalty of up to 5 per cent of group worldwide turnover or £10 million (whichever is higher), and imprisonment for individuals for up to five years.
The Secretary of State may retrospectively validate a transaction that failed to gain approval, and the required content of validation applications is set out in the National Security and Investment Act 2021 (Prescribed Form and Content of Notices and Validation Applications) Regulations 2021.
What are the remedies?
The Secretary of State will have the power to impose remedies to address any national security concerns. These may include, for example, conditions restricting access to sensitive sites, access to confidential information and intellectual property transfers.
Ultimately the Secretary of State will have the power to block deals, or to require acquisitions that have taken place to be divested or unwound.
However, the vast majority of transactions reviewed under the new regime are expected to be cleared without needing remedies. Despite this, the new regime is far-reaching with serious consequences for non-compliance and it is clear that it will require parties to transactions in a much wider range of situations to engage with a potential national security review, and for that engagement to start already.
Glenn Hall was previously Special Adviser to Greg Clark MP, Secretary of State for BEIS at the time the Government issued the initial proposals leading to the Act.