The UK’s new, more extensive national security regime will enter into force on January 4, 2022. This follows publication of the National Security and Investment Bill on November 11, 2020, which became the National Security and Investment Act 2021 after receiving Royal Assent on April 29, 2021. It had been expected that the new regime would commence towards the end of 2021, but January 4, 2022 has now been confirmed as the relevant date. The new regime is the culmination of a number of years of discussion of the UK’s approach to national security matters, including a White Paper in 2018. It reflects a global trend for more intervention in and scrutiny of national security issues (as demonstrated, for example, by the recent EU FDI Regulation).
Headline points to note are:
- A significant expansion of the types of transactions covered by national security reviews – moving beyond mergers and acquisitions to include a much broader range of deals including minority investments, acquisitions of voting rights and acquisitions of assets including land and IP (although investigations of assets are expected to be rare).
- The UK Government has the power to review (call-in) relevant deals that take place from any point after the date the Bill was published (i.e. deals entered into or that complete on or after November 12, 2020) although the full regime will only be in place once the Act enters into force on January 4, 2022.
- Failure to comply may result in heavy sanctions including turnover-based fines and criminal liability, as well as the risk of transactions subject to mandatory notification being void.
The expectation is that the Government will be more likely to intervene in transactions under this new regime than has been the case under the national security provisions of the Enterprise Act 2002 (which will fall away when the Act comes into effect) – but one critical area where there remains little clarity is what circumstances might be considered to give rise to national security concerns justifying Government intervention. While the Government has published guidance, including certain examples of transactions more likely to raise concerns, the new powers are deliberately flexible to address evolving national security risks.
The Act introduces a significant change in approach in terms of the requirement on companies to notify deals under mandatory elements of the new regime, which are very broad and which are backed by the power to impose significant financial and criminal penalties for failure to comply. However, the final mandatory regime is narrower than it might otherwise have been – the lowest percentage threshold triggering a mandatory notification under the Act requires an acquisition of more than 25 per cent of votes or shares in a qualifying entity, whereas the Bill had proposed a lower threshold of 15 per cent.
The key points for companies to consider are: (a) the need to alert the Government of any transactions entered into on or after November 12, 2020 (or conditional deals entered into prior to that date but where a “trigger event” might still occur) to manage the risk of those deals being “called-in” for retrospective review once the Act comes into force; and (b) looking forward, how the regime will need to be factored into future deal timelines and documentation to manage the risks of delay or Government intervention.
We summarise the key points of the new regime in more detail below. You can also download our decision tree to help identify transactions falling within the scope of the new regime.
What does the new regime cover?
The new regime falls into two parts: a mandatory regime and a voluntary regime. The mandatory regime will require qualifying transactions to be notified for approval before they take place once the Act comes into force. The voluntary regime will allow parties to submit transactions for approval – and also allow the new Investment Security Unit to call-in deals retrospectively.
The test for a mandatory notification is broadly in two parts: (a) there needs to be a trigger event; and (b) the transaction needs to involve a target entity active in a qualifying sector.
The 17 qualifying sectors and proposed definitions for these sectors were set out in a consultation paper in November 2020. The Government published its response to that consultation paper on March 2, 2021, including (narrower) revised draft definitions – and further refined draft definitions were set out in draft Regulations published on July 20, 2021. As well as obvious sectors such as defence, energy and transport, there is a significant focus on technology and innovation – e.g. advanced robotics and quantum technologies.1 Published guidance on the definitions (which are relatively detailed and technical) is expected in the autumn.
The trigger events for mandatory notification are:
- The acquisition of more than 25 per cent, more than 50 per cent, or 75 per cent or more of the votes or shares in a qualifying entity.
- The acquisition of voting rights enabling or preventing the passage of any class of resolution governing the affairs of the qualifying entity.
The Bill as originally published also proposed that an acquisition of 15 per cent or more of votes or shares in a qualifying entity would be a “notifiable acquisition” – not a trigger event in itself, but one which must be notified so that an assessment could be made of whether there was a trigger event. However, the 15 per cent threshold was removed from the Bill shortly before it received Royal Assent, so transactions at this level do not require mandatory notification under the Act. It appears this change was prompted by a concern that the threshold was disproportionate, noting that mandatory notification under the US CFIUS regime, for example, starts at 25 per cent.
The trigger events described above also apply to target entities that are not active in a qualifying sector – however, in those cases the notification is voluntary rather than mandatory.
In addition, whether or not the transaction involves a target entity in a qualifying sector, there are trigger events which apply under the voluntary regime (i.e. which do not require mandatory notification). These are as follows:
- The acquisition of material influence over a qualifying entity’s policy.
- The acquisition of a right or interest in, or in relation to, a qualifying asset providing the ability to use or control the asset (either entirely or to a greater extent).
“Material influence” in this context has the same meaning as established in the UK merger control case law. In these cases, parties will need to consider whether a voluntary notification is advisable.
Connection with the UK
To fall within the new regime the target entity or asset must be from, in or have a sufficient connection with the UK. A qualifying entity must carry on activities in the UK or supply goods or services to people in the UK, and a qualifying asset must be used in connection with activities carried on in the UK or the supply of goods or services to people in the UK.
The UK Government has published specific guidance on when target entities and assets outside the UK are within the scope of the new regime, which indicates a relatively broad approach in this regard – e.g. an overseas company producing goods for export to a UK company could be caught, as could machinery located overseas used to produce equipment that is used in the UK.
Assessments will also be fact specific and may not be straightforward – e.g. the guidance explains that an overseas entity is likely to be a qualifying entity if its staff travel to the UK and undertake business activities similar to working in a regional office (such as performing services for a UK client on a regular basis), but is not likely to be one if those staff solely conduct market research or are part of a sales team seeking new clients.
While the focus is clearly third party acquisitions, intra-group reorganisations may also fall within the new regime, potentially even requiring mandatory notification. The published guidance provides the example of two parties that share the same ultimate owner but are run separately from each other. If one of these parties acquires part of the other, this would fall within the scope of the Act if the level of interest being acquired amounts to a trigger event. The rationale for catching such transactions is that, although the ultimate owner remains the same, the ownership goes through a different corporate chain. However, this adds a further layer of complexity to the new regime.
A key take away is that this new regime is wider than traditional M&A deals. The trigger events set out above could include minority investments, as well as intra-group transactions and (in the context of the voluntary regime) acquisitions of or transactions giving control over assets such as land or IP.
Under the Act, the Secretary of State must publish a statement explaining how the power to call-in transactions for a full national security assessment is expected to be used. An initial draft statement was published in November 2020 followed by a revised version published in July 2021 for consultation. This provides guidance on the sorts of issues that will be taken into account when considering whether to call a transaction in – and hence how parties might assess whether to make a voluntary notification, as well as whether a notified transaction (under either the mandatory of voluntary regime) is likely to be cleared after an initial review or called-in for a full assessment (see further below).
Qualifying acquisitions in any area of the economy could be reviewed, but a transaction is unlikely to be called-in unless the target entity or asset is in one of the 17 sensitive sectors or a sector closely-linked to one of those sectors. Three risk factors will also be relevant in particular in determining whether a transaction is called-in:
- Target risk – whether the target entity or asset is being used, or could be used, in a way that poses a risk to national security;
- Acquirer risk – whether the acquirer has characteristics that suggest there is, or may be, a risk to national security from the acquirer having control of the target; and
- Control risk – whether the amount of control that has been, or will be, acquired poses a risk to national security (a higher level of control may increase the level of national security risk).
We understand the UK’s Department for Business, Energy and Industrial Strategy (BEIS) believes there will be around 1,000 to 1,830 transactions notified each year with 70 to 95 transactions called-in for a full national security assessment. While these estimates were made prior to the 15 per cent threshold being removed, we think the number of transactions notified and reviewed could still be higher than this given the broad scope of the new regime.
When does this take effect?
The retrospective call-in power applies from the date after publication of the Bill. This means that parties to deals that take place on or after November 12, 2020 (or conditional deals that were entered into before that date but where a “trigger event” might occur later), and that might meet the tests for notification should consider whether it is advisable for them to approach the Government. A Government email address has been set up for notification of such deals. The advantage of doing so is that the Government’s ability to retrospectively call-in a deal for review once the Act comes into force will be limited to six months, instead of five years if the deal is not brought to the Government’s attention. This early engagement may also provide an indication of whether the Government is actually likely to exercise its call-in power when the new regime is in force – BEIS revealed in April 2021 that parties are already providing information about approximately ten transactions per week, but none had so far raised substantive concerns.
The mandatory notification requirements will take effect when the new regime is up and running, i.e. January 4, 2022 (including in relation to any deals that have signed previously but where a relevant trigger event takes place after the Act comes into force). Accordingly, parties to any deals that might require mandatory notification should be factoring the process into their deal planning now.
Pending commencement of the new regime, parties to relevant deals should also not overlook the possibility of a national security review under the current Enterprise Act regime. National security reviews under the Enterprise Act have been relatively rare (15 transactions reviewed or notified for a national security review since 2003), but remain possible until the new regime commences.
The Government has stated it will work closely with investors and businesses, including through a cross-sector Expert Panel, to ensure they understand what is new ahead of the Act entering into force.
What is the process/timetable?
There will be a separate unit, the Investment Security Unit, within BEIS dealing with notifications. They will conduct an initial review within 30 working days of notification, after which they will either clear the transaction or call it in for a full national security assessment. A full assessment will itself take up to 30 working days, subject to an initial extension of 45 working days, and further potential voluntary extension if agreed with the parties. The clock can be stopped on the review if further information is required.
For mandatory notifications, clearance must be received before the transaction takes place. Where a mandatory notification has not been made, the Government may call-in the deal at any future point.
For voluntary notifications, the parties will have the option to notify, but the Government will be able to call-in a deal for up to six months after it becomes aware of it, any time up to five years after the deal takes place. A transaction under the voluntary regime but not voluntarily notified will proceed straight to a full assessment if called-in for review.
Are there sanctions for failing to notify?
Yes. If a deal requiring mandatory notification is not approved the transaction will be legally void. In addition, there are civil and criminal penalties, including potential daily penalties for ongoing breaches. Completing a transaction that is subject to mandatory notification without approval will risk a penalty of up to 5 per cent of group worldwide turnover or £10 million (whichever is higher), and imprisonment for individuals for up to five years.
The Government may retrospectively validate a transaction that failed to gain approval, with the process for this to be confirmed.
What are the remedies?
The Government will have the power to impose remedies to address any national security concerns. These may include, for example, conditions restricting access to sensitive sites, access to confidential information and intellectual property transfers.
Ultimately the Government will have the power to block deals, or to require acquisitions that have taken place to be divested or unwound.
The new regime is far-reaching with serious consequences for non-compliance. Although some details are still to be ironed out (notably the final definitions for the 17 sectors and the Secretary of State’s final statement on use of the call-in power), it is clear that it will require parties to transactions in a much wider range of situations to engage with a potential national security review, and for that engagement potentially to start already.
Glenn Hall was previously Special Adviser to Greg Clark MP, Secretary of State for BEIS at the time the Government issued the initial proposals leading to the Act.