Sea change in National Security Reviews of transactions in the UK

This article covers:

• Initiatives and investment by governments as part of broader economic diversification goals;
• The deep pools of capital readily available in the region; and
• Characteristics of the region itself, including its demographics and geography.

The United Kingdom National Security and Investment Act 2021 (Act) received royal assent on 29 April 2021. It came fully into force on 4 January 2022, although it may be applied retrospectively to transactions completed in November 2020 or later.

The Act very significantly strengthens the Government’s powers to investigate and potentially prohibit transactions on national security grounds, and has significant implications for funds and other investors engaging in transactions both in the UK and abroad.

What and who does the Act apply to?

The Act applies to defined “trigger events” in three ways:

• certain trigger events are subject to mandatory notification and transactions may not be closed before clearance;
• parties to other trigger events may voluntarily notify their transaction;
• the Secretary of State may call in trigger events (whether following a notification or not) for a national security assessment.

Note that the regime applies regardless of whether the acquirer is a UK or non-UK person.

A “trigger event” is defined as a person gaining control of a qualifying entity or a qualifying asset. These terms are considered below.

Control of entities will arise:

• typically, where a person acquires more than 25%, more than 50%, or 75% or more of the shares or voting rights in a qualifying entity. This means that incremental acquisitions of shares or rights in the same entity can give rise to multiple trigger events;
• where a person acquires voting rights in a qualifying entity which enable it to secure or prevent the passage of any class of resolution governing the affairs of the entity (this does not appear to cover veto rights over specific types of matters often found in shareholder agreements);
• where the acquisition enables the acquirer to materially influence the policy of a qualifying entity. Factors such as the ability to appoint directors, the industry expertise of the acquirer and any agreements with the target will be relevant in considering whether material influence exists, but this is generally unlikely where shareholdings are under 15%.

Control of assets will arise where a person acquires a right or interest in, or in relation to, a qualifying asset and the person is able to use the asset, or direct or control its use, to a greater extent than prior to its acquisition.

“Qualifying entity” is very broad and covers any entity that is not an individual. It covers non-UK entities which have some UK activities or supply goods/services into the UK.

“Qualifying asset” includes land; tangible moveable property; and ideas, information or techniques which have industrial, commercial or other economic value. Non-UK assets are covered if they are used in connection with UK-based activities or the supply of goods/services into the UK.

Note that the Act applies to intra-group transactions/reorganisations, as well as transactions involving third parties.

1. Mandatory notification regime

The Act creates a mandatory notification requirement for certain transactions, called “notifiable acquisitions”. A notifiable acquisition occurs where a person gains control of a qualifying entity falling within the descriptions set out in the Notifiable Acquisitions Regulations. Acquisitions of material influence or of qualifying assets will not trigger a mandatory notification. The Notifiable Acquisitions Regulations apply to the following 17 sectors, but only entities meeting the descriptions in the Regulations are covered, not all entities in those sectors:

• Advanced Materials
• Advanced Robotics
• Artificial Intelligence
• Civil Nuclear
• Communications
• Computing Hardware
• Critical Suppliers to Government
• Cryptographic Authentication
• Data Infrastructure
• Defence
• Energy
• Military and Dual-Use
• Quantum Technologies
• Satellite and Space Technology
• Suppliers to the Emergency Services
• Synthetic Biology
• Transport

The mandatory regime is suspensory, meaning the acquirer must obtain clearance before closing the transaction. A notifiable acquisition that is completed before approval will be void, and failure to obtain the necessary advance approval is a criminal offence and large civil penalties may also be imposed (see further below).

2. Voluntary notification regime

Parties to transactions that do not meet the criteria for mandatory notification may submit a voluntary notification to the Secretary of State if they consider that their acquisition may constitute a trigger event that could raise national security concerns.

3. Call-in regime

The Secretary of State may review acquisitions in detail by issuing “call-in notices” if they reasonably suspect that a trigger event has given or may give rise to a risk to national security. A call-in can occur following a notification, or if the transaction otherwise comes to their attention.

A call-in notice may:

• be issued up to five years after a trigger event has taken place, so long as that fie-year period does not begin before 12 November 2020;
• not be issued more than six months after the day on which the Secretary of State became aware of the trigger event.

This timing difference creates an incentive to inform the Government of deals (even if no formal notification is made) in order to limit the possibility of any retrospective call-in to six months.

The Government’s statement explains the way in which the call-in power will be exercised. When determining whether to call in a transaction, the following three risk factors will be considered:

1. Target risk – whether the target entity/asset is or could be used in a way that poses a risk to national security. This is most likely for targets within the scope of the mandatory regime or closely related areas.
2. Acquirer risk – whether the acquirer has characteristics that could suggest a risk to national security. The Secretary of State will consider factors such as the acquirer’s sectors of activity, existing holdings, its ultimate controller, and whether it has ties or allegiance to a state or organisation which is hostile to the UK. A history of passive or long-term investments may indicate low or no acquirer risk.
3. Control risk – whether the amount of control being acquired over the entity poses a risk to national security.

Review process

Notifications may be made to a dedicated Investment Security Unit (ISU) through an online portal.

Once a notification (whether mandatory or voluntary) is accepted, the initial review will take up to 30 working days, following which the Secretary of State must either give a call-in notice or inform the notifying party that no further action will be taken.

If a call-in notice is issued, a new “assessment period” commences. This lasts for an additional 30 working days, but may be extended by a further 45 working days. Additional “voluntary” extensions may also be agreed. Furthermore, if an information request is issued following a call-in notice, the clock stops until the Government confirms that a satisfactory response has been received.

Information-gathering powers and interim measures

The Secretary of State may issue mandatory information requests and require the attendance of witnesses to give evidence. The Secretary of State can also impose interim orders to prevent or reverse “pre-emptive action” such as the integration of the two businesses.

Final decision and remedial powers

At the end of the national security assessment, the Secretary of State will either (i) issue a final notification that there is no national security risk; or (ii) issue a final order, finding that there is a national security risk and containing remedies to address it.

In its impact assessment published at the time the Bill was introduced to Parliament, the Government indicated that it expected to impose remedies only in around 10 cases per year. Remedies may include conditions on, for example, access to particular sites or to confidential information, or (more rarely) prohibition or divestment/unwinding.

Penalties for non-compliance

Failure to obtain a necessary mandatory approval in advance is a criminal offence, which could result in up to five years’ imprisonment of officers of entities where the offence is committed with their consent or due to their neglect. It may also lead to civil penalties for the acquirer of up to 5% of worldwide turnover or £10 million, whichever is greater.

Fines, including daily penalties, may also be imposed for failure to comply with an interim or final order. There are also other offences, such as failure to comply with a requirement of an information request or witness attendance notice.

Impact of the Act

The Government originally stated that it envisaged around 1,000-1,830 notifications being made each year under the regime. Many commentators think that there will be far more than this, at least initially. The Act therefore heralds a fundamental change in the UK Government’s approach, as there were historically very few transactions formally assessed under the Government’s previous, more limited national security powers.

Funds investing in entities or assets in the UK, or with links to the UK, therefore need to factor the Act into their transaction planning at an early stage, particularly where a mandatory notification may be required.

Authors: Neil Cuninghame (Partner)