On 29 April 2021, the UK's National Security and Investment Bill (NSI Bill) gained Royal Assent. The NSI Bill, dubbed by some as CFIUK – a nod to the United States' Committee on Foreign Investments (CFIUS) – has now become law as the National Security and Investment Act 2021 (the NSI Act). Widely seen as the biggest shake up of the UK's investment screening regime in 20 years, the NSI Act will modernise the UK Government's powers to investigate and intervene in potentially hostile foreign direct investment, while at the same time advancing the UK's world-leading reputation as an attractive place to invest post-Brexit. Whilst the new regime will not commence until later this year, the UK Government will have retroactive enforcement powers in respect of transactions that have taken place following the introduction of the NSI Bill in November 2020. What does this new law entail, and how will it affect M&A transactions going forward?
In its essence, the NSI Act gives the Secretary of State for Business, Energy and Industrial Strategy (BEIS) powers to screen, review, and in some cases prevent, any transaction deemed as involving a so-called "national security interest". Risk factors that will be considered by the UK Government in any transaction include target, acquirer and trigger event risks whether they involve foreign investment or not. Despite many commentators referring to the tightening of foreign investment rules through the NSI Act, some domestic transactions may also fall within the remit and may be affected.
According to the UK Government, the NSI Act means that:
- the UK Government will be able to scrutinise, impose conditions on or, as a last resort, block a deal wherever there is an unacceptable risk to Britain's national security;
- investors and businesses will have to notify a dedicated government unit – the Investment Security Unit – through a digital portal about certain types of transactions in designated sensitive sectors, such as artificial intelligence (AI);
- the UK's screening powers will also be extended to include assets like intellectual property as well as companies;
- the vast majority of transactions will be able to proceed unhindered and investments will be screened much faster than the current regime;
- transactions are expected to be assessed within 30 working days and often more quickly, with timelines set out in law for the very first time;
- investors can also notify any transaction voluntarily if they believe it has implications for national security; and
- to ensure that no dangerous deal can slip through the net unchecked, in addition to mandatory notification for certain sectors, the Secretary of State will also have the power to 'call in' acquisitions in the wider economy which were not notified to government but may raise national security concerns.
The new legislation will overhaul rules dating back to 2002 and covers 17 sectors that have been the subject of a consultation exercise. These sectors, that have been identified to trigger the mandatory notification requirement, include advanced materials, advanced robotics, AI, civil nuclear, communications, computing hardware, critical suppliers to the emergency services or government, cryptographic authentication, data infrastructure, defence, energy, military and dual-use technologies, quantum technologies, satellite and space technologies, synthetic biology, and transport.
The trigger event will take place if the transaction in question results in the acquisition of:
- more than 25%, 50% or 75% or more of the votes or shares (or voting rights which enable the acquirer to pass or block resolutions); and
- the mandatory notification requirement will be applicable to the acquisition of voting rights or shares in an entity and not applicable where the transaction is simply an asset purchase.
Note that one key change made in the final NSI Act was that final version did not include a trigger event related to the acquisition of 15% or more of the votes or shares (where the acquirer previously held less than 15%). It is worth noting that if a transaction *may* involve a national security interest and perhaps not be in a sector which will automatically trigger a notification, notification can be made on a voluntary basis by the acquirer, seller, or the entity itself. The Secretary of State for BEIS may also choose to call in a transaction if there is a reasonable suspicion that it could give rise to a national security risk.
Failure to comply with the new regime (including any information requests), or a breach of any final order, may result in fines of up to 5% of worldwide turnover or £10 million (whichever is higher) and up to five years imprisonment. Investors should be aware that transactions covered by the mandatory regime and which are concluded without clearance will be void and of no legal effect.
There are concerns that the NSI Act will introduce greater uncertainty for investors, particularly given the absence of a definition "national security". This could allow the UK Government a wide range of discretion in the application of the NSI Act. In response to these concerns, the BEIS has committed to (1) clearing the vast majority of transactions during the initial review period of 30 working days; (2) limiting the use of the NSI Act to national security issues, not broader economic concerns; and (3) ensuring that transactions are reviewed by suitably qualified professionals. It remains to be seen whether these commitments will address investor concerns regarding uncertainty and, more broadly, what effect the NSI Act will have in practice once it comes into effect.