National security reviews 2017: A global perspective — United Kingdom

by White & Case LLP

White & Case LLP

National security interventions have, with one exception, involved defense considerations

Unlike many other jurisdictions, acquisitions in potentially sensitive industries do not, as a matter of course, require parties to seek approval from a regulator or the government in the UK. However, that may change following recent proposals by the UK government to "strengthen powers for scrutinizing the national security implications of particular types of investment". That would be a radical change from the current system in which the government may, through the Secretary of State for Business, Energy and Industrial Strategy (SoS), intervene in cases in certain circumstances, one of which relates to national security.

As general concerns about cybersecurity and control of critical infrastructure networks become more commonplace, it would not be surprising to see more SoS interventions on national security grounds.

Who files

As there are currently no specific requirements relating to deals that may raise potential national security issues, strictly speaking no person needs to file an application. Rather, if the UK government considers that a deal raises national security issues the SoS may issue an "intervention notice." The procedures for the SoS to issue an intervention notice, and—if considered appropriate—ultimately block a deal, are set out in the Enterprise Act 2002 (Enterprise Act). Under the government's recent proposals, one option under consideration is the introduction of a mandatory notification regime for foreign investment into "essential functions" in key parts of the economy—notably the civil nuclear, defense, energy, telecommunications and transport sectors. However, the details are subject to consultation and there is a risk that, in a system where merger filings are voluntary, requiring mandatory notification for only certain types of investment will cause uncertainty and confusion.

Consultation on the proposals runs until early 2018, but it may be some time after that before the government digests the views received and decides on next steps. The comments below therefore focus on the current system, given that there can be no certainty over the scope and timing of any changes.

Types of deals reviewed

The Enterprise Act allows the SoS to intervene when specified public interest considerations arise. In addition to national security, the other specified public interest considerations relate to media plurality, quality and standards, and the stability of the UK's financial system.

As far as national security is concerned, as with CFIUS, the legislation does not specify what types of industries are relevant to national security. The term can be interpreted broadly. Therefore, in addition to transactions in the defense field (in which intervention notices have been served), the government could intervene in a wide variety of sectors. These no doubt include energy, transport, water and information technology and could possibly also extend to the food supply chain and healthcare sectors, depending on the facts.

To date, national security intervention notices have, in all but one case, involved defense considerations. The Ministry of Defence has on several occasions raised concerns about the maintenance of strategic UK capabilities and the protection of classified information, including when the acquirers have been from the US or other NATO allies. In these cases, the deals have been approved following undertakings provided by the acquirer to address the concerns.

The non-defense case relating to national security in which the SoS intervened was very recent. In 2017, a Chinese-based corporation sought to acquire a non-defense UK company that supplied equipment to UK emergency services. The Chinese acquirer provided undertakings assuring that information and technology was protected and ensuring the maintenance of UK capabilities in servicing and maintaining certain technological devices involved in the deal.

Scope of the review

When an intervention notice on national security grounds is issued, the Competition & Markets Authority (CMA)—the UK's main antitrust agency—must investigate and report to the SoS. The CMA will consult on the national security issues and its report will summarize any representations received on the matters specified in the SoS's intervention notice (and, where relevant, will also deal with any competition issues). The SoS will consider the CMA's report and decide whether the transaction should be subject to a more in-depth "Phase 2" review by the CMA, or whether to accept any undertakings the acquirer may have offered to address public interest concerns (or indeed—which has never happened to date—whether the public interest concerns are not warranted or do not require any remedial action).

If there is an in-depth review by the CMA, it is required to report whether the transaction operates or may be expected to operate against the public interest, and make recommendations as to the action the SoS or others should take to remedy any adverse effects. The SoS will make the final decision on the public interest issues and any remedial steps to address the public interest issues.


  • No deal has been blocked by the SoS on national security grounds
  • All national security cases to date have resulted in behavioral remedies (e.g.,ring-fencing information and ensuring strict controls are in place) in lieu of a detailed Phase 2 investigation. No divestments have been required
  • Intervention on national security grounds is no longer limited only to defense-related transactions
  • The radical changes proposed by the Government to the rules for reviewing deals potentially affecting national security are likely to have a material impact on M&A in the future

Trends in the review process

There have been few cases in which the SoS has invoked national security, but the recent 2017 acquisition noted above shows that the UK government is prepared to do so in non-defense cases. As general concerns about cybersecurity and control of critical infrastructure networks become more commonplace, it would not be surprising to see more SoS interventions on national security grounds.

In fact, although the current system is more than capable of dealing with such cases, there have been calls for the UK government to introduce a CFIUS-type regime to protect UK business following the acquisition or proposed acquisition of a number of British high-tech companies by foreign entities (e.g., the offer by Canyon-Bridge (China) for Imagination Technologies). That may be one of the reasons for the government's proposals to amend the regime for reviewing cases that may raise national security concerns—including lowering the financial thresholds for deals that may be reviewed.

How foreign investors can protect themselves

Potential issues should be considered as early in the planning process as possible, and increasingly in any case—not just defense-related deals—that might be considered to touch on national security. State-owned acquirers, or those with material links to (or financing by) state-owned enterprises, should be particularly well prepared and consider what undertakings they might be prepared to give, if concerns are raised. To date, such undertakings have tended to relate to ensuring the protection of classified information and ensuring UK capabilities. Early engagement with the relevant government departments would also be sensible, especially if an auction process is likely, because the target will want to ensure that the acquirer is able to complete any proposed deal.

Review process timeline

The CMA typically reports to the SoS within four to six weeks of the intervention notice, with the SoS's decision following shortly thereafter. If the SoS decides the CMA should conduct a Phase 2 investigation, it will take up to a further 24 weeks (followed by the time for the SoS to reach a final decision).

[View source.]

Written by:

White & Case LLP

White & Case LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.