New UK notification regime planned for protection of national security

On 24 July 2018, the UK Government published a White Paper setting out proposals to strengthen very significantly its powers to scrutinise transactions and projects on national security grounds. The Government states that it envisages around 200 notifications being made each year under the proposed regime. This would represent a fundamental change in approach: over the last 15 years, fewer than one transaction per year has been formally assessed by reference to the existing, more limited, national security grounds.

The Government is consulting on its proposals until 16 October. Legislation to implement the proposals can be expected in the following months.

The proposals follow an initial consultation launched in October 2017 (see our update "UK Government consults on measures to protect national security in context of foreign investment") which contained "short-term" and "long-term" proposals. The short term reforms entered into force in June 2018 (see our update "New UK national security merger thresholds comes into force"). The White Paper takes forward the long-term proposals.

The Government claims that the proposals are a measured response to increased risks to UK national security (for example, resulting from technological advances) and refers to similar measures that have been introduced in various other countries.

The Government also emphasises, as it did in the 2017 consultation, that it does not wish to discourage foreign investment, and that the vast majority of such investment is to be welcomed. Given the broad coverage of the new regime, and the surprisingly high number of transactions the Government expects to review under it, it remains to be seen whether the stated objective of not discouraging foreign investment will be met.

Key points

• The Government is proposing a voluntary notification system rather than a mandatory one: the Government will have the power to "call-in" relevant transactions if no notification is made, but states that it will actively encourage notifications.
• The proposals are directed at a range of transactions that may pose a potential threat to the UK's national security. The range of transactions that are potentially caught is very extensive: for example, there will be no minimum asset or transaction value and a low threshold for "significant influence", which will be a sufficient trigger event.
• "National Security" is broadly defined to include military/dual use products, essential national infrastructure, advanced IT and biosynthesis technologies, and direct suppliers relating to the emergency services.
• The Government expects that around 100 transactions per year will be the subject of a full national security assessment (from 200 notifications), and that around 50 of these will require some form of remedies.
• A review could take 21 weeks or more from notification; in addition, "stop-the-clock" powers applied when information requests are outstanding may extend timing further.
• Although the White Paper emphasises that the new regime will be focused on foreign investors, there will be no bar on using it for UK acquirers. For example, the Government used its existing powers to intervene in the GKN/Melrose transaction earlier this year (an acquisition of a UK plc by another UK plc).
• While some guidance is provided in the White Paper and accompanying Draft Statement of Policy Intent ("Draft Statement"), the Government is explicit that it needs to retain discretion in order to be able to address new ways in which UK national security may be adversely affected.
• The proposals will not enter into force until 2019 at the earliest. However, businesses would be well advised to consider carefully the implications of the proposals.

What is proposed?

A voluntary notification system

The Government is proposing to adopt a voluntary notification regime, rather than a mandatory system. The regime would be created under new legislation, and national security issues would therefore no longer be dealt with as a public interest issue under the existing merger control system, although the Government emphasises that the new regime would work in tandem with merger control reviews.

The Government would also have powers to "call-in" transactions for review (it suggests for a period of up to six months after the relevant trigger event has occurred) although parties would be encouraged voluntarily to notify their transactions.

What will be covered by the new regime?

In order to carry out a full national security assessment (either after notification or following a transaction being "called in"), the White Paper envisages that it will be necessary for the Senior Minister (see Decision-Maker below) to:

• have reasonable grounds for suspecting that a relevant trigger event (see below) has taken place or is in progress or contemplation; and
• have a reasonable suspicion that, due to the circumstances of the trigger event (e.g. the nature of the parties or the asset, or the location in the case of land) it may give rise to a risk to national security.

Trigger events

The system would relate to specified transactions or "trigger events", which would comprise:

• acquisition of more than 25 per cent of any entity's shares or votes;
• acquisition of "significant influence or control" over any entity. This is defined very broadly, including more broadly than under the Companies Act 2006. For example, it is suggested the simple right to appoint a Board member would suffice (although it is unclear whether this would always be sufficient);
• further acquisitions of significant influence or control over an entity beyond the above thresholds;
• acquisition of more than 50 per cent of an asset (again defined very broadly, to include real and personal property, including land, buildings and other physical assets such as infrastructure sites; contractual rights; and intellectual property); and
• acquisition of significant influence or control over a relevant asset.

Grounds for reasonable suspicion of a national security threat

In determining whether trigger events give rise to national security threats, the Draft Statement states that the Senior Minister will have regard to three risks:

• the target risk: whether the entity or asset being acquired (or over which significant influence or control is being gained) is the sort of entity/asset which could potentially give rise to risks to the UK's national security; for example, if it were to fall into hostile hands (see further below);
• the trigger event risk: the Draft Statement states that not all trigger events necessarily provide the means to undermine UK national security and that there will be a case-by-case assessment as to whether the trigger event provides the practical means to do so. For example, the Draft Statement suggests that an acquisition of more than 25 per cent of a company's shares is unlikely to be sufficient if there are other active shareholders and the sector is "closely regulated". The Draft Statement suggests that the Government is particularly concerned about trigger events that may involve:
• a greater opportunity to undertake disruptive or destructive actions (e.g. in order to bring, or threaten to bring, the production of certain goods to a standstill, or to conduct sabotage of sensitive sites);
• an increased ability to undertake espionage activities; or
• the ability to exploit the acquisition to exercise inappropriate leverage, for example, in geopoliticial discussions; and
• the acquirer risk: whether the acquirer (including its ultimate controllers) may seek to use the entity or asset to undermine national security. The Government states that most acquirers do not pose such a risk and that such a risk is most likely to arise from hostile states and parties acting on their behalf. The Draft Statement suggests, rather vaguely, that hostile states are those which seek to undermine UK national security through a range of traditional and non-traditional means. It is widely assumed that the new regime is designed in large part to enable the Government to control Chinese investment in the UK, but the Government unsurprisingly declines to name any hostile states. The Draft Statement further indicates that a national security risk is otherwise most likely (but not exclusively) to arise from other (i.e. non-hostile) foreign acquirers.

Given the comments in the Draft Statement on trigger event risk and acquirer risk, which seem to suggest that a risk to national security will be relatively rare, it seems rather surprising that the Government considers that it is likely to need to impose remedies to protect national security in around 50 cases per year.

Target risk/Activities that are more likely to raise national security concerns

The Draft Statement identifies certain "core areas" as being especially likely to present a risk to national security, namely:

• Certain parts of the national infrastructure sectors – civil nuclear, communications, defence, energy, and transport. These were the areas categorised as "essential functions" in the 2017 consultation. Annex C to the Draft Statement sets out the precise areas within these sectors which the Government considers most likely to raise national security concerns. These are very similar to those set out in the 2017 Green Paper.
• Certain advanced technologies, including (for example) artificial intelligence, nanotechnologies, quantum technology and synthetic biology. It should be noted that this is a considerably more extensive list than the equivalent definition in the recent reforms to the Enterprise Act 2002.
• Critical direct suppliers to the Government and emergency services sector - the Draft Statement provides the example of a supplier of the digital ticketing system for emergency services (among other things, this dispatches emergency services resources through a prioritisation system).
• Providers of military or dual use items. The Government considers that investments in defence contractors are among the categories of deal where it is most likely that it will call in trigger events for review. It also states that the Ministry of Defence will implement changes to its contractual arrangements to ensure that all defence contractors (and sub-contractors) are required to notify it of any plans to sell their business or particular assets.

In addition, other areas of the economy where national security concerns are more likely to be triggered (but less likely than in the core areas) are:

• critical suppliers who directly or indirectly supply the core areas;
• other parts of the national infrastructure sectors (including chemicals, finance, food, health, space and water); and
• advanced technologies not in the core areas (these are not defined).

The Government notes that investments in other areas of the economy could potentially also raise national security risks, although this is less likely. In particular, land acquisitions may pose national security risks where the land is in close proximity to a sensitive site.

Decision-Maker

The White Paper indicates that there will be a single decision-maker for all cases and that this will be a Cabinet-level Minister. However, it does not specify which Minister this will be.

Review process

The Government indicates that it will publish guidance about how to complete valid notifications and a template form for submission (with online submission being possible).

The Government proposes that, where a voluntary notification is made, "screening" should take place to decide whether a more detailed investigation is required. This would generally take up to 15 working days but could be extended by a further 15 working days.

Should the Government conclude that a trigger event requires a full national security review (whether after a notification or otherwise), high-level reasons for doing so would be published (potentially after a short delay). There would be no publicity prior to that point. The Government would then have 30 working days to make its assessment. This period could be extended by a further 45 working days.

This means the total time period from notification for a conclusion to be reached could be 21 weeks or more. Moreover, the working day calculations do not include periods when the Government is waiting for responses to information requests. Clearly, the time taken to obtain clearance will need to be factored into deal planning.

Review outcomes

Following the assessment process, trigger events will either be approved, allowed to proceed following the imposition of remedies, or blocked/unwound if the deal has already taken place. The Government indicates that blocking or unwinding a transaction is rarely expected to be necessary. However, it currently anticipates that around 50 cases per year will require some form of remedies or conditions. This seems a remarkably high number given that less than one deal per year has been the subject of remedies under the existing regime during the last 15 years (albeit the new regime would be considerably broader in scope).

Conditions

Conditions imposed by the Senior Minister could take any form. However, the White Paper summarises, on a non-exhaustive basis, ten potential types of conditions that could be imposed (as an alternative to prohibition/complete unwinding). These include:

• access conditions - for example, limiting access to a particular site or dual-use technology to named individuals;
• information/operating conditions, requiring that only persons with appropriate UK security clearance have access to confidential information or may be part of operational management; and
• a condition requiring the retention of UK staff in key roles at particular sensitive sites.

The Government notes that, in most instances, conditions would be imposed on the target or the acquirer. However, the legislation will enable the Senior Minister to impose conditions on any party, for example, the indirect and ultimate owners of the acquirer.

Sanctions for non-compliance

The White Paper proposes 12 sanctions and offences for the new regime. A significant change is that criminal as well as civil sanctions would be available. The maximum custodial sentence would be five years for most offences, although certain offences would have maximum sentences of two years.

In terms of civil sanctions, it is proposed that fines of up to 10 per cent of worldwide turnover could be imposed (the same maximum fine as for competition law infringements). The White Paper states that the Senior Minister could only pursue civil or criminal sanctions – not both.

In addition, the Government would have the power to apply for a director disqualification order. The disqualification could be for up to 15 years.

The Government intends that sanctions could be imposed on both UK and foreign entities.

Appeals

Most decisions under the new regime would be challengeable in the UK courts applying judicial review principles. However, appeals against fines would be on a broader, full-merits basis, and appeals against criminal sanctions would follow the normal criminal process. Appeals would have to be filed within 28 days of the relevant decision or action.

The White Paper indicates that appeals are likely to be made using Closed Material Proceedings, to protect material which, if disclosed, would undermine the UK's national security. This process is often followed in terrorism cases.

Interaction with other regimes

The Government notes that, once the reforms are implemented, there will no longer be a need for deals raising national security issues to be dealt with under the existing public interest regime under the Enterprise Act 2002. The 2002 Act will be amended accordingly. This would also mean that the "short-term reforms" which came into effect in June 2018 would be repealed.

As is the case under the existing regime, the Government's decision on national security would prevail over the Competition and Market Authority's competition assessment. It appears that this includes allowing deals to proceed on national security grounds despite the fact they may raise significant competition concerns.

Implications

The Government has sought to present the proposals as a measured response to the increased national security risks the UK faces in a digital world, noting that similar measures have been adopted in many other countries. It is certainly true that other countries, such as the USA, Germany and France, have recently strengthened, or are in the process of strengthening, their national security regimes.

However, the new UK regime would involve a sea-change in the UK's approach to national security assessments and, if the Government's predictions are correct, would result in a vast increase both in the number of transactions being assessed for national security concerns and those being the subject of remedies. This could impact on deal timetables and may, depending on the facts, reduce deal certainty and increase overall execution risk. It also seems likely that this will have at least some impact on foreign investors' willingness to invest in the UK, particularly at a time when the UK's impending exit from the EU (potentially on a "no-deal" basis) is also raising questions as to whether the UK is the right place for investors to deploy their capital.

In any event, investors would be well advised to engage with the consultation process to ensure that the Government is made aware of any concerns they may have.