The National Security and Investment Act 2021 completely overhauls the UK’s approach to government screening of investments. It will create a free-standing regime with unprecedented new government powers to investigate and block acquisitions (of entities or assets) on security grounds. Expected to be in force by the end of the year, the Act could be the biggest and most intrusive regulatory change to hit UK M&A activity (as well as deals involving IP and other assets) in decades, with potentially severe consequences for getting it wrong. In-house lawyers working for potentially affected buyers or targets will need to be familiar with its requirements.
How will the Act operate?
There are two limbs to the screening regime: a mandatory obligation to notify the government of acquisitions of certain types of entity within 17 key sectors; and a ‘call-in’ power allowing the Secretary of State for Business, Energy and Industrial Strategy to examine any deal they ‘reasonably suspect… has given rise to or may give rise to a risk to national security’.
Mandatory notification
The obligation to notify a deal will arise where a person acquires ‘control’ over a ‘qualifying entity’. Control is achieved when a person’s shares or voting rights in an entity cross a threshold of 25%, 50% or 75% (with a new obligation at each level), or if the person acquires the ability to block or secure the passage of any resolution.
A ‘qualifying entity’ can be any type of entity (including companies, partnerships or trusts) that is formed, active or has customers in the UK, and which meets certain criteria to be defined in regulations. The government has identified 17 key sectors as potentially relevant to national security: advanced materials; advanced robotics; AI; civil nuclear; communications; computing hardware; critical suppliers to government; critical suppliers to the emergency services; cryptographic authentication; data infrastructure; defence; energy; engineering biology; military and dual-use technologies; quantum technologies; satellite and space technologies; and transport.
The consultation on defining the entities that will be caught within each category is in its final stages, but draft definitions are available to guide parties in the meantime.
A notifiable acquisition that completes without approval will be void. It is currently unclear what that will mean in practice, but most obviously it would mean the acquisition itself will be deemed never to have happened. The acquirer (including its officers, eg company directors) may also be liable for criminal penalties or civil fines up to £10m or 5% of group turnover.
The ‘call-in’ regime and voluntary notification
The Act empowers government to ‘call-in’ any deal it suspects could give rise to national security concerns.
This power applies to acquisitions of both entities and a very broadly defined range of assets located in, or used in relation to, the UK. This will catch land, moveable property and ‘ideas, information or techniques which have industrial, commercial or other economic value’ (a definition that may be even wider than intellectual property as normally understood).
The call-in power is again triggered by the acquisition of ‘control’. For entities this is defined as described above, plus where a person gains material influence over the entity (akin to merger control). Control of an asset means being able to use the asset, or direct or control its use, including to a greater extent than before.
The call-in power can be used within six months of the government becoming aware of the deal, subject to a ‘longstop’ of five years. As an anti-avoidance measure, the government will also have the power to retrospectively review deals completed from 12 November 2020 onwards, with the six-month/five-year periods then commencing when the Act takes effect. Prospective deals can be blocked and completed deals unwound, including via divestment.
Parties can voluntarily notify transactions to the new Investment Security Unit (ISU), established within BEIS to deal with this regime. That option will not be formally possible until the Act comes into force, but parties to sensitive deals are already engaging informally with the ISU, which has received around 80 requests since November. Deals that would be caught by mandatory notification are the most obvious candidates for that.
Risk to national security?
- target risk, based on the type or nature of entity or asset acquired (a nuclear power plant or defence contractor would be obvious examples of target risk);
- ‘trigger event’ risk, based on the type and level of control acquired (eg a 75% shareholding will usually give greater control of an entity than 25%); and
- acquirer risk, based on the identity of the acquirer (nationality is not formally relevant under the Act, but will surely be a key consideration).
Practical concerns
The government will have a very broad discretion on what to call in and what to clear. Notably, the ISU will not publish its decisions, meaning there will be limited precedent to guide parties and advisers on whether to notify deals voluntarily.
The government has estimated up to 1,830 mandatory filings per year, but this may well be an underestimate given the reach of the regime (eg the government has insisted on covering intra-group transfers, despite the absence of any change in ultimate control). In addition, buyers are likely to err on the side of caution in considering voluntary notifications. The ISU’s resources may therefore come under significant pressure – and that will be relevant to clearance timings. The Act’s formal timetable allows up to 105 working days from notification to final decision, but the ISU will decide when a notification is complete. Like merger control, this may mean lengthy ‘pre-notification’ discussions. The process could therefore add many months to deal timetables.
The Act has the potential to cause significant disruption to deals and investments. It is essential that advisers to investors, sellers and targets are aware of the risks and plan their transactions accordingly.