UK Government introduces new National Security and Investment regime

An updated version of this article was published on 10 May 2021 following the National Security and Investment Act receiving Royal Assent on 29 April 2021.  The updated article can be accessed here.

Introduction

A new national security notification regime

On 11 November 2020, the UK Government introduced its National Security and Investment Bill ("Bill") into Parliament, which will significantly strengthen its powers to investigate and potentially prohibit transactions on national security grounds. The Bill contains a mandatory notification regime, backed up by criminal sanctions, for transactions in sectors thought most likely to raise national security concerns, and a voluntary notification process (underpinned by a "call-in" power) for other transactions that may affect UK national security interests. In its impact assessment of the proposed measures, the Government states that it envisages around 1,000-1,830 notifications being made each year, with 70-95 detailed national security assessments undertaken under both the compulsory and voluntary regimes. The Bill heralds a fundamental change in approach: there have historically been very few transactions which have been formally assessed under the Government's existing, more limited, national security powers.

The proposals follow an initial consultation launched in October 2017 and a White Paper issued in June 2018.

Key implications

The Government has presented the proposals as a measured response to the increased national security risks the UK faces, noting that similar measures have been adopted in many other countries. It is true that many countries, such as the USA, Germany and France, have recently strengthened, or are in the process of strengthening, their national security/foreign investment regimes.  There is also a new FDI regime at EU level.  However, the new UK regime would involve a sea-change in the UK's approach to national security assessments and will result in:

• a very significant increase both in the number of transactions being assessed for national security concerns and potentially those being the subject of remedies, with serious consequences (criminal and civil penalties) for completing a qualifying acquisition without clearance;
• potentially significant impacts on deal timetables; and
• a potential reduction in deal certainty and an increase in overall execution risk.

Key features of the new regime

Mandatory notification regime for "notifiable acquisitions"

What is notifiable acquisition?

The Bill provides for a mandatory notification requirement for entities involved in specific transactions, referred to as ‘notifiable acquisitions’. A notifiable acquisition takes place, broadly, where a person:

• gains control of a qualifying entity of a specified description; or
• acquires a right or interest equivalent to 15% or more of the shares or voting rights in a qualifying entity.

"Control" is defined as acquiring 25% or more of the relevant shares or voting rights of a qualifying entity, and a fresh acquisition of control (and therefore a further notifiable acquisition) will arise where the investor moves through the 50% and 75% share ownership/voting thresholds.

A qualifying entity is, defined broadly, as any entity that is not an individual (i.e. including companies and partnerships), and regulations will be adopted specifying the "descriptions" of the relevant activities that will be caught by these provisions. Importantly, assets in themselves will not constitute qualifying entities, and therefore "assets deals" will not be subject to mandatory notification.  

The Government has identified the following 17 sectors as potentially raising national security concerns and has launched a consultation (to run until 6 January 2021) on the proposed definitions of the precise activities within these sectors which will be covered by the mandatory notification obligation, or be subject to the "call-in" regime (see section below):

• Civil Nuclear
• Communications
• Data Infrastructure
• Defence
• Energy
• Transport
• Artificial Intelligence
• Autonomous Robotics
• Computing Hardware
• Cryptographic Authentication
• Advanced Materials
• Quantum Technologies
• Engineering Biology
• Critical Suppliers to Government
• Critical Suppliers to the Emergency Services
• Military or Dual-Use Technologies
• Satellite and Space Technologies

Power to amend scope

The Bill provides a power for the Secretary of State, through regulations, to specify and amend the scope of what may be considered a notifiable acquisition - to enable the regime to remain current as the nature of national security threats to the UK evolves. This may include:

• specifying specific sectors of the economy in which enterprises must notify the Secretary of State of notifiable acquisitions;
• exempting acquisitions from the mandatory notification regime on the basis of the characteristics of the acquirer; or
• adding or removing specific types of transaction to/from the mandatory notification regime.

Suspensory regime

Relevant parties must notify the Secretary of State of notifiable acquisitions before they take place in order to obtain clearance to close the transaction. 

A notifiable acquisition that is completed before being approved by the Secretary of State has no legal effect and will be void. The relevant parties may also be subject to criminal sanctions (imprisonment of up to five years) and civil penalties (of up to 5% of worldwide turnover or GBP 10 million – whichever is greater) for completing the acquisition without clearance. The Secretary of State may retrospectively validate a notifiable acquisition. Regulations will specify how to notify notifiable acquisitions to the Secretary of State.

Voluntary notification and "call-in" regime for "trigger events"

Call-in regime

The Secretary of State may review specific acquisitions of control of legal entities and assets by issuing “call-in notices”. The transactions which are within the scope of this function are collectively known as “trigger events”. 

A call-in notice may:

• be issued up to five years after a trigger event has taken place, so long as that five year period does not extend back before 12 November 2020;
• not be issued more than six months after the day on which the Secretary of State became aware of the trigger event, where such trigger event has already occurred (in practice via email or other direct communication from the parties).

A trigger event will occur when a person:

• gains control (as defined above) of a qualifying entity or obtains the ability materially to influence the policy of a qualifying entity. The concept of acquiring control of an entity by acquiring material influence over its policy has been drawn from the merger control regime and so it is likely that the concept under the Bill will be interpreted in the same broad way that it is by the CMA under the UK merger control rules (see our Quickguide on UK Merger Control); or
• gains control of a qualifying asset. A person is defined as gaining control of a qualifying asset if he/she acquires a right or interest in relation to it and is able to use it, or direct or control its use, to a greater extent than prior to its acquisition. A "qualifying asset" is defined broadly to include land; tangible moveable property; and ideas, information or techniques which have industrial, commercial or other economic value. Examples of assets in the latter category set out in the Bill include trade secrets, databases, source code, algorithms, formulae, designs, specifications and software.

Voluntary notification regime

Parties to transactions that do not meet the criteria for mandatory notification may submit a voluntary notification to the Secretary of State if they consider that their acquisition may constitute a trigger event that could raise national security concerns. To help inform this assessment, the Secretary of State has published a draft statement on how he expects to use the call-in power.

National security assessment

Interim and information gathering powers

While a notifiable acquisition or trigger event is being assessed, the Secretary of State will:

• be able to impose interim remedies in order to ensure that the effectiveness of the national security assessment or subsequent remedies is not prejudiced by action taken by the parties. For example, in the case of a call-in notice where the deal has completed, the Secretary of State might prohibit activities which would result in the integration of two businesses, or act to safeguard assets, until the national security assessment is complete; and
• will have wide-ranging information gathering powers, including the ability to require persons to give evidence, to facilitate assessment of the acquisition. There will be safeguards on the use and disclosure of such information.

Remedial powers

If, following an assessment, the Secretary of State determines that a risk to national security has arisen or would arise from a notifiable acquisition or trigger event, the Secretary of State has the power to impose remedies in a final order to prevent, remedy or mitigate the risk.  Based on experience of the existing national security regime, remedies are likely to include:

• prohibiting or unwinding the transaction;
• access conditions - for example, limiting access to a particular site or dual-use technology to named individuals;
• information/operating conditions, requiring that only persons with appropriate UK security clearance have access to confidential information or may be part of operational management; and
• conditions requiring the retention of UK staff in key roles at particular sensitive sites.

Enforcement

Breach of any provision in a final order may lead to the imposition of civil or criminal sanctions.  Civil and criminal sanctions can also be imposed for non-compliance with interim orders and information requests. 

Appeals

There will be an appeal process in the High Court (or the Court of Session in Scotland) for civil penalties and requirements to pay associated costs under the Bill. All other decisions under the Bill will be subject to judicial review. The Government will be able to apply for a closed material procedure to protect sensitive information in such proceedings

Role of the UK merger control framework

The National Security and Investment regime will be separate from the processes and practice of the UK Competition and Market's Authority's mergers framework under the Enterprise Act 2002 (see our Quickguide on UK Merger Control). The mergers framework will continue to exist once the new regime has been implemented, but it will only apply to competition, media plurality, financial stability and public health emergency considerations; national security considerations will be assessed entirely within the new legal framework. The lower thresholds introduced for certain sectors raising national security concerns will be removed.

When is the Government likely to call in transactions on national security grounds?

Risk factors

Alongside the Bill, the Government has issued a draft Statement of policy intent (the "Statement") which explains that the Secretary of State expects to take into account the following risk factors in exercising his call-in power

• the target risk: whether the entity or asset being acquired is the type of entity/asset which could potentially give rise to risks to the UK's national security; for example, if it were to fall into hostile hands (see further below);
• the trigger event risk: the potential of the underlying acquisition of control to undermine national security. The Statement says that the risk of a trigger event will be assessed according to the practical ability of a party to use an acquisition to undermine national security. The Statement suggests that the Government is particularly concerned about trigger events that may involve the potential for:
  • disruptive or destructive actions, including the ability to corrupt processes or systems;
  • espionage activities i.e. through unauthorised access to sensitive information; or
  • exploitation of the acquisition to exercise inappropriate leverage, for example, in geopolitical discussions; and
• the acquirer risk: whether the acquirer, including its ultimate controllers, may seek to use the entity or asset to undermine national security. The Government states that most acquirers do not pose such a risk and that such a risk is most likely to arise from hostile states and parties acting on their behalf. The Statement suggests that hostile states are those which seek to undermine UK national security through a range of traditional and non-traditional means. No specific hostile states are named. It notes that the regime does not regard state-owned entities, sovereign wealth funds – or other entities affiliated with foreign states – as being inherently more likely to pose a national security risk.

Target risk/activities that are more likely to raise national security concerns

The Statement identifies certain "core areas" as being more likely to present a risk to national security; these include activities which are analogous to the activities which are subject to mandatory notification, as well as assets used in connection with such activities. These areas are identified as:

• National infrastructure sectors defined by the Centre for the Protection of National Infrastructure;
• Certain advanced technologies;
• Military and dual-use technologies; and
• Critical direct suppliers to the Government and emergency services sector

The Statement notes that investments in other areas of the economy could potentially also raise national security risks, although this is less likely. Additionally, the Secretary of State expects to intervene very rarely in asset transactions. However, where assets are integral to a “core area” entity’s activities or there is an acquisition of land in a sensitive location, their acquisition is more likely to be called in.