Briefing note - National Security and Investment Act 2021

On 4 January 2022, the National Security and Investment Act 2021 (NSIA) came into force. The NSIA expands the Government's powers to scrutinise and intervene in certain acquisitions and investments on national security grounds. This is a common feature in other jurisdictions notably in the US.

Unusually, the NSIA has retrospective effect and it gives the Government power to review ("call-in") relevant transactions that completed after 11 November 2020 (the date of the National Security and Investment Bill) to ensure parties did not accelerate investments/acquisitions to avoid scrutiny. Importantly, it may also catch intra-group reorganisations or corporate restructurings in the relevant sectors even if the acquisition takes place within the same corporate group. It appears also to catch financing agreements where the funder takes or exercises security over shares in a company operating in a relevant field.

The NSIA replaces the national security provisions of the Government's previous powers of intervention under the Enterprise Act 2002 and enables the Department for Business, Energy and Industrial Strategy (BEIS), acting through the newly created Investment Security Unit (ISU), to review and intervene in transactions.  

Key points

• Applies to UK and foreign investment in the UK and to acquisitions of non-UK companies and assets if they have a sufficient UK nexus. The NSIA does not distinguish between foreign and domestic investment: any investment (including private equity, note the 2020 takeover of Cobham, a defence and aerospace company, by the US private equity group Advent which would have been caught) which is in a company in one of the stated sectors, irrespective of who is making the investment, may be caught by the new regime.  The current takeover of defence contractor, Ultra Electronics (a military technology supplier to the British government) by the now US private equity-owned Cobham is being evaluated under the Enterprise Act but it could still be called in for review under the NSIA's retrospective jurisdiction.
• Mandatory notification in 17 high risk sectors. If parties complete without approval, deal is void.
• Voluntary notification in all other sectors but BEIS can review such deals for five years post-completion.
• Wide range of transactions caught including M&A transactions, investments, acquisitions of voting rights and of assets, as well as intra-group deals.  
• No de minimis. As there are no materiality thresholds for intervention, deals involving start-ups or smaller entities could be caught.
• Retrospective effect: a relevant transaction can be "called-in" for review if it took place after 11 November 2020. 
• The Government expects to clear most transactions within 30 days of accepting a notification. 
• Severe sanctions. £10 million fine (or, if higher, 5% of worldwide turnover) and/or five years' imprisonment for breach of the mandatory filing requirement.

The notification regimes 

The NSIA creates a mandatory and a voluntary notification regime for certain categories of transaction or investment, supported by a "call-in" power. Both UK and foreign investors are caught. 

The mandatory regime requires "qualifying transactions" to be notified for approval before they take place whilst the voluntary regime is available for parties who are concerned that an acquisition "may" give rise to a national security risk to file a voluntary notification.

Key terminology: 

• a "trigger event" takes place when a person gains control of a "qualifying entity"; and 

• a "qualifying entity" is widely defined as any entity other than an individual, including: a company, a limited liability partnership, any other body corporate, a partnership, an unincorporated association or a trust. Foreign entities can be a "qualifying entity" if they carry on activities in the UK, or supply goods or services to persons in the UK

The mandatory notification regime

A transaction is a "notifiable acquisition" and subject to the mandatory notification regime if:

• there is a "trigger event"; and 
• the transaction involves a "qualifying entity" in one of the 17 "high risk" sectors set out below.

There is no de minimis exemption. 

If, as a result of the proposed acquisition, a party will gain control of a qualifying entity in the following situations, then a "trigger event" will occur: 

• increasing the percentage of shares or voting rights that it holds in the qualifying entity to over 25%, over 50% or over 75%; or 
• acquiring voting rights in the qualifying entity that enable the investor to secure or prevent the passing of a company resolution.

The Government's view is that certain sectors of the economy are particularly susceptible to threats to national security. The 17 "high risk" sectors identified in the NSIA are:  

1. Advanced Materials
2. Defence
3. Advanced Robotics
4. Energy
5. Artificial Intelligence
6. Military and Dual-Use
7. Civil Nuclear
8. Quantum Technologies
9. Communications
10. Satellite and Space Technologies
11. Computing Hardware
12. Suppliers to the Emergency Services
13. Critical Suppliers to Government
14. Synthetic Biology (this is broadly defined and includes but is not limited to: the use of DNA, gene editing, using microbes to template materials, redesigning existing natural biological systems) 
15. Cryptographic Authentication
16. Data Infrastructure
17. Transport

The Notifiable Acquisitions Guidance on the Government's website provides detailed guidance and examples on how mandatory notification will apply to these sectors. Note that the rules and exemptions differ depending on which sector is involved.

The mandatory notification regime does not apply to assets (these are covered by the voluntary notification regime).

We expect these categories to be updated from time to time.

The voluntary notification regime 

In contrast to the mandatory notification regime, parties can choose to notify a deal voluntarily involving a sector outside of the 17 "high risk" categories above, or where a trigger event is in relation to a "qualifying asset", in circumstances where there is a perceived risk that the transaction may be called in for review as it poses a national security risk.

The trigger events for voluntary notification deals are the same as for mandatory deals with the addition of gaining "material influence" over a qualifying entity's policy. This is a broad concept capable of catching contractual veto rights relating to the conduct of the target's business. On an assets deal (such as the acquisition of real estate) the trigger event is if the investor is able to use, or direct or control the use, of the asset. The term "assets" is widely defined to include land, tangible moveable property plus ideas, information, or techniques with value (such as trade secrets, source code, algorithms, formulae, designs, plans, drawings and software). Foreign assets may also be qualifying assets if they are used in connection with activities carried on in the UK, or the supply of goods or services to persons in the UK. 

If a voluntary notification is made, there is nothing to stop the parties from completing the transaction. However, most investors are unlikely to wish to proceed to completion without ISU clearance in case the transaction is called in for review, which could result in it being unwound.  

The call-in power 

BEIS may issue a call-in notice to review a transaction due to national security concerns irrespective of if it has already been notified.

BEIS can call-in a transaction which completed after 11 November 2020. 

It can also call-in a transaction for up to six months after becoming aware of it provided it does so within five years of completion (this five year long-stop does not apply to deals requiring mandatory notification which can be called in at any time). 

As a result, acquirers need to consider whether to submit a notice seeking prior authorisation from the ISU, before completing the transaction. 

In exercising the call-in power, the Secretary of State will consider three factors:

1. target risk: is the entity or asset being acquired used or could it be used in a way that poses a risk to national security;
2. acquirer risk: does the acquirer have characteristics suggesting that it may, by acquiring control of the target, pose a risk to national security (remember the concerns raised by the Chinese owned Huawei's mobile phone operations in this country); and
3. control risk: will the amount of control to be acquired pose a risk to national security.

If after being called in, the transaction is deemed a national security risk, necessary and proportionate remedies can be imposed under the NSIA for the purpose of preventing, remedying or mitigating that risk. 

The government expects to call-in asset deals rarely, and far less frequently than share transactions.

What is the clearance timetable?

In broad terms, the process is as follows: 

1. Acquirer must notify the ISU via the online portal giving detailed information about the transaction and the parties.
2. Once the ISU accepts a notification it has 30 working days to decide to clear it or call it in for a more detailed review. (The Government expects to clear most transactions at this initial stage.)
3. If the transaction is called in for a more detailed review on national security grounds, the ISU has another 30 working days to review it. This can be extended by 45 working days in exceptional circumstances (so potentially up to 105 working days for review assuming the Government has no questions).
4. The ISU can request information to help it make its assessment and if it does so then the clock stops running and only resumes once the information has been provided or the deadline to comply has passed. This means that the total time for review could take much longer than 105 working days.

What are the sanctions for breach? 

If the parties fail to obtain approval of a transaction requiring mandatory notification:

• the transaction is void although the Secretary of State may retrospectively validate it;
• a fine of up to 5% of group worldwide turnover or £10 million (whichever is greater) can be imposed on the investor; and
• up to five years' imprisonment for investors (or their officers, if the breach happened with their consent, connivance, or neglect). 

Practical advice for conducting M&A deals

• Because the 17 sectors are so broad there is a real need to screen potential deals ahead of agreeing a deal/any memorandum of understanding. This is a key due diligence concern.

• In assessing risk, focus on the target's activities: is it active in any of the 17 high risk sectors and, if not, is the potential investment likely to be of political interest e.g., because the target is a national champion or market leader.
• If the NSIA applies, factor in notification and seeking approval into the deal timetable.
• Where the target operates on the fringes of the 17 "high risk" sectors, the parties may wish to notify voluntarily and seek clearance.
• As there is no exemption for intra-group reorganisations they must be notified where they are caught by the mandatory notification regime.
• The contractual documentation will need to be tailored to include conditionality to deal with any mandatory or voluntary notifications and obtaining clearance from the ISU.
• If the deal is being financed, then the lenders will also want to ensure that the NSIA is complied with and will want comfort on that. Note the financing itself may need consent.
• Consider contacting the Investment Security Unit for guidance where there are uncertainties either in relation to a particular transaction or more widely, 

Conclusion

The UK business community hopes that steps can be taken to avoid lengthy reviews and that the NSIA is not going to affect the UK's reputation as a business-friendly destination post-Brexit. Businesses and investors are encouraged to contact the ISU via investment.screening@beis.gov.uk for informal discussions prior to any formal notification, in the hope that the parties can agree clear steps to ensure compliance with the new regime. 

BEIS has said that they will produce a review on the NSIA's first six months of operation and then produce an annual report on the NSIA setting out how many notifications and call-ins there have been.