Navigating the new UK national security and investment regime – The first six months
Six months in and the UK Government last week published new and updated guidance on notifiable acquisitions under the NSI regime. Significant gaps in the guidance, however, remain. Through reference to practical experience of engaging with the ISU, this briefing highlights key issues that deal teams should consider when planning for and developing strategies to mitigate adverse timing and other execution risks.
For over 30 years, the Committee on Foreign Investment in the Unites States (CFIUS) has reviewed and prohibited deals that threaten defense or other critical national interests. Recently, many other major jurisdictions have adopted equivalent foreign investment (FDI) screening mechanisms that give governments discretionary tools to intervene in deals that raise broader national security or other “public interest” concerns.
This briefing considers how the UK national security and investment (NSI) screening regime, enforced by the Investment Security Unit (ISU) of the Department for Business, Energy and Industrial Strategy (BEIS), is operating in practice. Although only fully operational since 4 January 2022, the NSI regime has already demonstrated how it can have a material impact on a range of cross-border deals. While significant gaps in the recently published Government guidance remain, through reference to practical experience, we highlight below key issues that deal teams should consider when planning for and developing strategies to mitigate adverse timing and other execution risks.
- It’s not about specific nationalities: Whilst some investors’ home states may be perceived as potentially more threatening to the UK than others, this will generally tend to affect the outcome of the screening, rather than determine which transactions are caught by the initial filing obligation. Transactions undertaken by acquirers headquartered in countries that are close allies of the UK are not immune from close scrutiny; they may still be considered by the ISU as potentially posing UK national security risk to the extent the target business is engaged in potentially sensitive activities. In fact, even a UK-to-UK deal may trigger a filing.
- Jurisdictional assessments are rarely clear-cut: The NSI legislation is broadly drafted, giving the ISU discretion to assert jurisdiction to review transactions of interest. The ISU is actively policing compliance via its merger intelligence team and third-party complaints and has the power to impose serious civil and criminal sanctions for failure to notify (including fines, director disqualification and imprisonment). Transacting parties should conduct thorough self-assessments and take compliance seriously.
- It’s not just about defence: The mandatory NSI regime not only applies where the target is active in the Defence sector, but also covers an additional 16 sectors of the economy, all of which are defined broadly. The NSI regime also operates a parallel voluntary notification system which allows the ISU to “call-in” deals involving targets active in any sector of the economy if it suspects that the deal poses “national security risk”, a term not defined in the legislation or the guidance.
- Timelines can be lengthy: Where a mandatory notification is required, deal timing may be significantly impacted as the NSI regime is suspensory. Even where a voluntary notification is submitted, the regime can still have a suspensory effect (e.g., where the ISU issues an interim order preventing parties from closing the deal whilst its review is ongoing). Although the statutory review period for the vast majority of deals is one to three months, reviews may take much longer in complex cases where stop-the-clock information notices are issued.
- ISU decision-making is opaque: Parties should not expect the ISU to provide regular status updates during reviews on timing or whether it has identified any potential national security concerns. The identity of the case team and other government departments engaged in the review is also typically not disclosed. If they are disclosed, direct access will be limited (with correspondence taking place via the ISU’s generic email address).
- Information gathering can be onerous: Where the ISU believes that a transaction may pose UK national security risk, it will generally require the parties to provide an extensive amount of potentially sensitive information. Requests for information stop the review clock, which will only restart once the ISU accepts the response as complete. In complex cases, information gathering may extend to collecting internal documents and correspondence.
- Notifying one regulator may prompt questions elsewhere: The ISU works closely and routinely shares information with the UK antitrust regulator, the Competition and Markets Authority (CMA). The ISU is also expected to cooperate with regulators in allied countries (e.g., CFIUS). Submitting an NSI notification may therefore prompt questions not only from the CMA, but also from FDI regulators in other jurisdictions.
- Filings should do more than just fill in the form: Unlike merger control filings, the NSI filing is relatively short form, submitted through an online portal. However, there are clear benefits to supplementing the form voluntarily with additional information. This can assist in heading off the risk of receiving extensive questions from the ISU, potentially at a late stage in the review process.
- ISU may play a proactive role in remedy design: In contrast to merger control, where the burden typically rests with the parties to make remedy offers, the ISU is likely to propose appropriate remedies to resolve concerns. These may include restrictions on access to sensitive data or limits on the amount of shares an investor is permitted to acquire. Where UK national security concerns cannot be addressed through remedies, the ISU has the ability to block the deal (including unwinding the deal if it has fully or partially closed).
The UK NSI regime is in its infancy and review outcomes remain uncertain. Deal teams are encouraged to focus on potential NSI issues at an early stage in a deal process. By knowing and planning for adverse timing and NSI-related execution risks from the outset, parties to a deal may increase the chances that a review can be avoided or that the burden of a review can be minimised.
 All G7 countries have operational FDI regimes. So do 18 of the 27 EU member states (Austria, the Czech Republic, Denmark, Finland, France, Germany, Hungary, Italy, Latvia, Lithuania, Malta, the Netherlands, Poland, Portugal, Romania, Slovenia, Slovakia and Spain), with another six in the process of adopting FDI legislation (Belgium, Estonia, Greece, Republic of Ireland, Luxembourg and Sweden).
 See UK Government Guidance: National Security and Investment: market guidance notes July 2022 (published 19 July 2022), available here and UK Government Guidance: National Security and Investment Act: details of the 17 types of notifiable acquisitions (updated 20 July 2022), available here (previously UK Government Guidance: guidance on notifiable acquisitions (published on 4 January 2022)).
 Namely: Advanced Materials, Advanced Robotics, Artificial Intelligence, Civil Nuclear, Communications, Computing Hardware, Critical Suppliers to Government, Cryptographic Authentication, Data Infrastructure, Energy, Military and Dual-Use, Quantum Technologies, Satellite and Space Technologies, Suppliers to the Emergency Services, Synthetic Biology and Transport.
 The ISU expects to review up to ~1,800 deals a year.