By way of brief recap, the NSIA regime requires the mandatory notification of certain transactions of businesses active in one or more of the 17 “sensitive areas” of the economy as identified in the Notifiable Acquisitions Regulations 2021. In addition, pursuant to s.1 NSIA, qualifying transactions in any sector can be called-in for review by the Secretary of State where there is a reasonable suspicion of a risk to national security.
The NSIA regime has broad jurisdictional reach, including in respect of minority acquisitions of non-UK targets, and material sanctions for non-compliance. We have written extensively about the remit of the NSIA regime..
With the regime now six months old, national security risk continues to be at the front and centre of regulatory risk analysis for many deals. Although practitioner and dealmaker experience of NSIA will grow over time, the regime operates with very limited transparency, meaning that the opportunity for more holistic insight into how the NSIA regime has been operating has been lacking. BEIS report, although statistical in nature, offers the first such insight. In this short article, we summarise the main findings of the report, along with our own observations of how the regime has been operating in practice. We also summarise the key points from the recently published MoU between the CMA and BEIS.
BEIS has received fewer notifications than it predicted
BEIS had initially estimated that it expected to receive between 1,000 and 1,830 NSIA notifications per year, a figure which many practitioners had considered to be on the low side given the nature of the defined sectors and the broad jurisdictional scope. The report indicates that notifications so far have fallen below this expectation, with only 222 notifications received in Q1.
It is difficult to read too much into this data. BEIS notes that M&A activity declined in the latter half of 2021, reflecting the spread of the Omicron variant. Accordingly, low notifications in Q1 may reflect a continuation of a general trend of reduced deal flow. The 2023 report should give a better indication of the proportion of transactions being reviewed by BEIS. Nevertheless, compared to the average number of deals reviewed by the CMA under the merger control regime, 70 notifications a month is high, with each notification potentially requiring conditionality and delay that might otherwise not have been required.
Of the 222 notifications received, only 25 were voluntary and one was retrospective (i.e. post-closing). It is notable that only a handful of voluntary notifications were made in the first three months of the regime - a trend which BEIS’ Investment Security Unit (“ISU”) has said it expects to continue. This might indicate that businesses engaged in transactions outside the reach of the mandatory regime have largely managed to get comfortable that their call-in risk is sufficiently low that they need not submit a protective voluntary filing. Buyers’ approach to call-in risk may change over time, as the Secretary of State starts to exercise their powers under s.1 NSIA and details of call-ins (including the reasons why transactions triggered national security assessment) filters down. Notably, since 31 March 2022, BEIS has announced two “retrospective call-ins”. It will take some time for the potential impact of these reviews to be reflected in dealmakers’ approach to NSIA risk.
Seventeen of the 222 notifications received (approximately 7.5%) were called-in by the Secretary of State. Three of those 17 were cleared without remedies by 31 March 2022, while the others were still under review at the end of the reporting period. This call-in ratio is broadly consistent with the Government’s estimate, but does confirm that the regime is capturing a significant number of notifications that do not give rise to any national security risks.
No surprises in the types of acquisitions notified or called-in
It comes as no great shock that Defence and Military & Dual Use were the two sensitive areas of the economy with the most notifications, closely followed by Critical Suppliers to the Government, Artificial Intelligence and Data Infrastructure. Notably, the definitions of these latter three areas are broad, capturing acquisitions of targets where the AI, Government Supply or Data Infrastructure aspects are only ancillary to the target’s core business. Acquisitions from broadly these same sectors were also the most commonly called-in.
Voluntary notifications have been made across a broad range of sectors both within the mandatory sectors and in other more surprising sectors such as “professional, scientific and technical activities”, “academic research and development in higher education” and “information and communications (publishing, TV, IT)”.
The ISU has confirmed that it is monitoring the areas of the economy in which transactions are being notified, and will consider whether updates to the definitions of the 17 sensitive areas are required if the wrong types of notifications are being submitted. Further guidance will be published in due course in the form of “market guidance notes”.
The ISU is sticking to its timetables
Although there has been some frustration about a lack of information coming out of the ISU, including on the progress of reviews for notified transactions, dealmakers will likely be encouraged that, in the first three months of the regime, the ISU appears to have kept to its statutory timeline of 30 working days for its initial review, with decisions taking on average 22-24 working days and no review periods beyond the 30 working days. This is consistent with our experience, although the data does not account for the possibility that in at least some cases, transactions could have been called-in to allow additional time for review. If this trend continues, dealmakers might take some comfort that there is an element of timetable certainty for NSIA - although the call-in risk and associated delays should always be factored in to timelines, decisions regarding conditionality and long-stop dates. The ISU has made it clear since the publication of the report that it will only expedite reviews in exceptional cases.
Lessons to learn from the report on rejected notifications
BEIS’ report explains that a small number of notifications were rejected by the ISU. Perhaps unsurprisingly, some rejections related to incomplete notification forms. However, more interestingly, some mandatory notifications were rejected because they should have been submitted as either voluntary or retrospective notifications. This emphasises the importance of selecting the correct form for a notification even where the substance of the form is correct and complete - although the selection of the correct form can be tricky where it is ambiguous whether a business’ activities fall within a sensitive area of the economy.
The ISU has also commented that parties should make sure that they include as much relevant information as possible on the various entities and individuals that sit behind the acquirer, and precise information on the transfers of shareholdings and voting rights, so that the ISU has a clear picture of the change of control.
Parties entering into deals with the potential for parallel review under the NSIA and the UK merger control regime now have a clearer understanding of the framework for information sharing and cooperation between BEIS and the CMA
On June 16, an anticipated Memorandum of Understanding (“MoU”) between BEIS and the CMA on the operation of the NSIA was published. The new MoU with BEIS partly reflects the fact that many of the Secretary of State’s powers to intervene in a merger review for national security public interest considerations were removed from the Enterprise Act 2002 (“EA02”) at the commencement of the NSIA (public interest intervention grounds relating to media plurality, financial stability and public health emergencies remain in place). Interestingly, on 23 June 2022 BEIS announced that the Secretary of State was minded to accept undertakings offered - and therefore bring to a close - what is likely to be one of the final transactions in which the Secretary of State intervened on national security grounds under its EA02 powers.
The MoU sets out details of how BEIS and the CMA will cooperate and share information, including how the CMA’s statutory obligation to assist the Secretary of State in connection with the operation of the NSIA pursuant to s.56 and the statutory provisions for parallel review at s. 31 will operate in practice.
As expected, the MoU provides for information sharing on the status of cases, including the exchange of information on key milestones and decisions taken. The MoU notes that “Both parties have market monitoring capabilities, and it is not envisaged that either will rely on the other to identify transactions of interest to either statutory regime. However, both parties may seek to share information on transactions being considered under the NSIA or the EA02 or both, to enable effective coordination and alignment.”
The MoU also sets out some detail on how BEIS and the CMA would cooperate with respect to the imposition of remedies/final orders, including that each agency will seek to inform the other about the substance and timing of any such representations. Importantly for dealmakers, although it may not always be practical to align review periods for national security reasons, the MoU explains that “In order to avoid potential conflicts between remedies imposed (or accepted) under the NSIA 21 and EA 02, BEIS will, where appropriate, consider aligning the review processes of BEIS and the CMA should it be judged helpful in certain cases, by requesting a voluntary extension period with the merger parties to ensure that remedies are effective and that BEIS and CMA avoid any clash in remedies”.
It remains to be seen how this complex process will work in practice, although merging parties should continue to be mindful of ongoing cooperation between the two agencies when making strategic decisions about notification and should plan ahead with respect to deal timelines, including the prospect of alignment in review timetables. Where required, the design of remedies, and derogations from interim enforcement orders, may also need to take into account national security considerations (and vice versa).
The new UK regime should be seen in the context of burgeoning investment screening regimes globally, with new investment screening regimes being introduced or announced recently in Belgium, the Netherlands and Sweden, to name just a few.