Foreign direct investment in the UK

The UK government considers that the NSI Act is going to result in far more regulatory scrutiny of transactions from an FDI standpoint: it estimates that over 1,750 transactions each year will require notification under the new regime, and of these, up to 100 will require an ‘in depth’ review on national security grounds. Ultimately, the UK government expects to intervene formally, requiring remedies, in around 10 cases a year.

The new regime creates notification requirements for certain transactions on either a mandatory or voluntary basis. The government has published guidance giving further detail on the process to expect.

Mandatory regime

Mandatory pre-notification requirements apply in respect of entities in ‘key sectors’. The requirements apply to transactions involving the acquisition of a 25% stake or more (or equivalent levels of voting rights, including certain ‘veto’ rights) in an entity, as well as certain acquisitions involving the acquirer moving from one level of interest (e.g. 25%) to a higher level of interest (e.g. over 50%). The entity must carry on activities in the UK or supply goods or services to people in the UK. There are no turnover or share of supply thresholds.

There are 17 sectors of the economy to which the mandatory regime applies. These are largely focussed on companies whose activities have a close link to UK government activities (for example entities in the defence sector supply chain or who supply products subject to UK export control); companies who are active in critical industries (for example energy asset operators, communications network operators); and companies operational in particularly sensitive industries (including advanced materials, artificial intelligence and cryptographic authentication). The full list is:

• Advanced Materials
• Advanced Robotics
• Artificial Intelligence
• Civil Nuclear
• Communications
• Computing Hardware
• Critical Suppliers to Government
• Cryptographic Authentication
• Data Infrastructure
• Defence
• Energy
• Military and Dual-Use
• Quantum Technologies
• Satellite and Space Technologies
• Suppliers to the Emergency Services
• Synthetic Biology
• Transport

Where the mandatory notification requirements under the NSI Act apply to a transaction, the transaction will require approval from the UK government Investment Security Unit (ISU) within the Department for Business, Energy and Industrial Strategy (BEIS). Otherwise, a transaction closed without clearance will be void, and failure to notify can result in fines of up to 5% of global revenues or £10m (whichever is greater) and failure to notify is also a criminal offence.

On 10 November 2021, the final form regulations were published specifying the ‘key sectors’ and defining activities falling within each of these sectors for NSI purposes. As the regulations are technical in nature, BEIS has published further guidance to assist businesses in interpretation of their practical application. This guidance explains when activities are caught by the regulations and circumstances in which activities fall outside of its scope.

By way of example, under the regulations, one of the activities included in the artificial intelligence sector is those activities carried out with the purpose of “identification or tracking of objects, people or events”. The new guidance assists in providing detail on what is meant, for example, by “identification”: it explains that this can include three different categories of identification including human identification, object identification and event identification.

The guidance further expands this by providing illustrative examples for each of the three categories. For example, “human identification” can consist of audio and speech recognition, emotion recognition and facial recognition amongst others, whilst “object identification” can include the likes of automated vehicle parking systems, object detection and human or object surveillance systems. The latest guidance provides some much-needed assistance for businesses in how to apply their activities, services and products to the key sectors prescribed in the regulations.

Voluntary regime

Where transactions are not notifiable acquisitions, a voluntary regime applies (the ‘call-in’ regime). A transaction may be notified voluntarily if the parties are concerned about national security issues arising or, where a transaction is not notified, it can be 'called-in' for a national security review by BEIS.

The range of transactions potentially caught under the ‘call-in’ regime is wide, and much wider than that for mandatory notification. As with the mandatory regime, it includes acquisitions of more than 25% of the shares or voting rights, or material influence, in an entity, as well as certain acquisitions involving the acquirer moving from one level of interest to a higher level of interest. The voluntary regime also applies to the acquisition of certain rights or interests in “qualifying assets” giving control/use in relation to the asset. The provisions relating to qualifying assets are potentially wide and include land; tangible (moveable) property; and ideas, information or techniques which have economic value. Examples could include: acquisitions of land containing, or located next to, an asset of importance (e.g. next to a terminal, pipeline, storage facility); transfer of IP/knowhow related to critical or novel technologies; and plans of future key UK assets.

Unlike the mandatory notification provisions, the 'call-in' regime is sector agnostic.  However, ‘call-ins’ are much more likely in transactions closely related to the mandatory notification sectors (e.g. asset acquisitions in one of the sectors).

National security concerns and potential remedies

There is no definition of “national security” in the legislation and the UK government resisted attempts to include a definition during the parliamentary process as it wishes to retain flexibility. The government has, however, noted that it will initially be focused on the following potential national security risks:

• risks of espionage (the ability to access unauthorised and highly sensitive information through for example access to key sites);
• risks of disruption (the ability to disrupt key systems and processes, e.g. key supply chains); and
• risks of excessive leverage (the ability to exploit an investment to influence the UK).

In assessing these factors, BEIS will consider the ‘acquirer’, ‘target’ and ‘control’ risk in relation to a particular transaction. Further detail on the types of transactions which could raise national security concerns and in which BEIS expects to use its ‘call-in’ powers, are set out in a statement published by BEIS in November 2021.

If BEIS does find national security concerns, it may ultimately impose remedies. These could include prohibition of transactions (if not completed) or unwinding (if completed); restrictions/controls on access to sensitive sites; restrictions on access to confidential information; supply chain remedies; intellectual property transfer remedies; and compliance, monitoring, and personnel remedies. The expectation is that less intrusive remedies will be preferred to the prohibition of acquisitions in most cases.

General guidance

On 15 November 2021, BEIS published new guidance on how it intends to procedurally deal with notifiable acquisitions under the NSI Act.

Notification procedure

NSI notifications can be made online.

There are three variations of the online notification form, depending on the type of notification application. These are:

• a mandatory notification form for any acquisitions falling within the key sectors
• a voluntary notification form for any other transaction which a business may consider raises national security concerns but falling outside of the mandatory notification regime
• a retrospective validation form that can be submitted in the event an acquisition within the mandatory notification regime was completed without seeking the approval of BEIS.

BEIS will only accept a valid notification form and commence review of the transaction once it is satisfied that all the prescribed information has been included in the application. On 16 November 2021, the government laid before parliament a set of regulations setting out the prescribed information to be included in a valid application, with differing information required depending on the nature of the notification being made. Information required includes:

• details on the structure of the transaction
• information on the target’s activities and ownership
• information on the purchaser’s activities, ownership and corporate management.

Further guidance on completing a notification form was also published on 4 January 2022.

If the necessary information has not been provided with the notification form, BEIS will reject the application “as soon as reasonably practicable after receiving it”. In these circumstances, the reasons for rejection will be outlined and the applicant may be required to submit a fresh notification form with the additional required information.

Review period

Once a valid application has been accepted, a ‘review period’ will commence which gives BEIS 30 working days to assess the acquisition and reach a decision to either provide full clearance or to call-in the transaction for a full national security assessment. The 30 working day deadline commences only once BEIS has confirmed by email that the notification has been accepted as valid.

Assessment period following call-in

If, following the expiry of the review period, BEIS has decided to ‘call-in’ the transaction for a full national security assessment, a further assessment period will commence. This again lasts 30 working days but may be extended by up to 45 working days. During the assessment period, BEIS has the power to issue one of the following measures:

• interim orders – these can be served at any time and are intended to prevent businesses and parties to the acquisition from taking any steps to undermine conditions that may be imposed in a ‘final order’ following the assessment period. An interim order is similar in nature to the ‘initial enforcement order’ that can be served by the CMA in a merger investigation. Parties will be prevented from exchanging confidential information, accessing sensitive sites or assets and be subject to compliance requirements.
• information notices – these can be served if BEIS requires further information to assess the transaction. If served during the assessment period, the 30 working day clock can be stopped and will only restart once the information has been adequately provided. Information notices, unlike interim orders, can also be issued in the review period, but this will not ‘stop the clock’.
• attendance notices – these will be served by BEIS where the parties’ attendance is required at a meeting relating to the BEIS investigation of the transaction. As with information notices, the clock can be stopped in the assessment period only.

Practical effect on negotiation and completion

Parties are not prohibited from progressing negotiations of the acquisition whilst BEIS conducts its national security review, however, completion of the acquisition must not take place if it falls within the mandatory notification regime as it will be rendered legally avoid for lack of government clearance.

Even if the transaction falls outside of the mandatory regime, parties should still carefully consider whether to make a voluntary notification, and if not, whether to proceed with completion of an acquisition that has been ‘called-in’ for national security assessment by BEIS given the acquisition can later be unwound with parties suffering the attendant time and cost consequences of complying with the decision. Additionally, parties must not complete an acquisition if an interim order has been served and must carefully consider how to proceed with negotiations whilst ensuring compliance with terms of the interim order.

Confidentiality and publication of NSI reviews

The government has confirmed it will not be routinely publishing details of either when an acquisition has been called-in for review following the review period or when an interim order is issued to parties. BEIS will publish an annual report giving a general overview of cases reviewed under the new regime. Details of any national security assessments are only likely to become public once BEIS has served a notice of ‘final order’ on the parties. The final order can consist of either:

• approval of the acquisition subject to conditions; or
• blocking of the acquisition altogether.

All sensitive information will be removed by BEIS prior to publication. At present, BEIS guidance suggests there will be no publication of so-called ‘final notifications’ that are issued for acquisitions that are fully cleared without any conditions.