New National Security and Investment Bill will usher in new regime for UK
IFLR is part of Legal Benchmarking Limited, 4 Bouverie Street, London, EC4Y 8AX
Copyright © Legal Benchmarking Limited and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

New National Security and Investment Bill will usher in new regime for UK

Sponsored by


The Bill incorporates aspects of CFIUS, and if passed would be a sharp break from the UK government’s past practice with respect to screening potential investments

On November 11 2020, the UK government published the much-anticipated National Security and Investment Bill. If passed, the Bill will require parties to notify the government of a variety of transactions involving sensitive industrial sectors. Consistent with existing frameworks implemented by other Five Eyes alliance members, the Bill also would establish a stand-alone mechanism for the UK government to vet – and in some instances impose mitigation measures on or even block – transactions subject to review.

The Bill represents a major overhaul of the UK government’s approach to reviewing foreign direct investment and incorporates concepts from the Committee on Foreign Investment in the United States (CFIUS) and the national security reviews of certain EU member states. If passed in its current form, the Bill will be a sharp break from the UK government’s past practice with respect to screening investments and will create a myriad of new challenges for dealmakers seeking to complete transactions that occur within or involve the United Kingdom.

Overview of the new Regime

The new regime will utilise a hybrid notification system for so-called trigger events. The trigger events are specifically defined in the Bill, but generally involve situations where a party acquires control of a qualifying entity or a qualifying asset. For certain trigger events involving high-risk sectors, acquirers will be required to submit pre-closing notifications and obtain approval from the Department for Business, Energy & Industrial Strategy (BEIS). Other parties participating in trigger events have the option of notifying BEIS if they believe that the trigger event could implicate national security concerns. 

Following notification, BEIS will have 30 working days to assess whether the trigger event should be called in for a national security review assessment - BEIS has the authority to call in both notified trigger events and trigger events that were not notified. If BEIS determines that a full assessment is not necessary, then it will notify the parties that it has cleared the transaction.  

By contrast, if BEIS elects to call in a trigger event, an assessment period will follow. The first phase of the assessment is an initial period of 30 working days. At the conclusion of the initial period, BEIS can clear the trigger event, issue a final order imposing remedies, or extend the assessment period for an additional period of 45 working days. At the conclusion of the additional period, BEIS can clear the trigger event, issue a final order imposing remedies, or the parties can mutually agree to an extension of the assessment period. When analysing risks associated with trigger events, BEIS will consider target risk, trigger event risk, and acquirer risk to determine whether the trigger event poses a risk to UK national security. 

A new unit within BEIS, the Investment Security Unit, will screen all trigger events that are notified by mandatory or voluntary filings, or that they unilaterally elect to call in. The Secretary of State for BEIS, currently Alok Sharma, will have ultimate responsibility for all decisions.  The proposed regime will replace the government’s historical mechanism for reviewing transactions under the Enterprise Act 2002.  Until Parliament enacts the legislation, the current, and far more limited, regime under the Enterprise Act will continue to operate in relation to transactions raising national security concerns. 

The National Security and Investment Bill

The Bill contains a number of interesting features that in some instances represent a break from previous consultations as well as a series of open issues regarding how the new regime will be administered.  

i) Key provisions

Parties to certain trigger events will be subject to notification requirements:

The Bill will require mandatory notifications for certain trigger events that involve the acquisition of qualifying entities in certain high-risk sectors. 

The government has identified an initial list of 17 high-risk sectors, which are broad in scope like defence, energy and data infrastructure. BEIS has published a public consultation to seek input regarding what types of transactions that occur in these sectors should be subject to mandatory reviews. 

The consultation will then lead to the publication of new regulations under the new act that will further define the scope of the transactions that require notification. In addition, transactions in which an acquirer acquires 15% or more of the votes or shares in an entity in a high-risk sector are considered to be “notifiable acquisitions” that are subject to mandatory notifications so the government can assess whether they reasonably suspect a trigger event will take place. For trigger events that require notification, the duty to alert BEIS will rest solely with the acquiring party.    

Transactions that require mandatory notification will be void if not notified and cleared:

If the parties close a transaction that requires mandatory notification and the parties do not notify BEIS and obtain clearance prior to closing, then the transaction will be legally void. This aspect of the Bill likely will lead to parties electing to report any transactions that potentially could be subject to mandatory reporting requirements. The criminal penalties for failing to make a mandatory notification likewise will provide a powerful incentive for parties to take a proactive approach to filing notifications. The Bill does allow the Secretary of State to retrospectively validate notifiable acquisitions that were not reported to BEIS.

Parties may submit voluntary notifications:

Parties participating in trigger events that do not require mandatory notification can elect to submit voluntarily notifications. BEIS will have the right to call-in non-notified transactions that it deems might present a national security risk, so it is expected that parties may elect to file precautionary notifications to avoid the risk of BEIS later calling in the transactions.   

BEIS will have broad powers to retrospectively review trigger events:

The Bill authorises the government to call in trigger events that were not notified and those not subject to mandatory reporting requirements for up to six months after the Secretary of State becomes aware of the trigger event, so long as the call in occurs within five years of the trigger event.

Other EU member states have adopted similar five-year look back periods (e.g., France, Italy, and Germany). The Secretary of State will be able to call in a transaction subject to mandatory notification at any point (i.e., the five-year long stop date does not apply in these circumstances). In addition, the Bill would grant the Secretary of State the authority to call in transactions that take place between November 12 2020 and the commencement date of the legislation. It is expected that acquirers will be subject mandatory notification requirements for trigger events that occur in high-risk sectors and have not completed prior to the commencement date of the legislation.          

The UK nexus test is expansive:

BEIS will have the authority to review trigger events that could potentially raise national security concerns, even if the entities involved do not have a direct link to the UK. The regime allows the government to call in trigger events that involve entities or assets outside of the UK, provided that: (1) the entities carry on activities or supply goods/services in the UK; or (2) the assets are used in connection with activities taking place in the UK. 

The government has advised that it will “legislate for a tighter nexus test for mandatory transactions”. Accordingly, this regime is potentially applicable even when the relevant parties do not include a UK subsidiary, which is a departure from many foreign investment review regimes.

The Bill specifies transactions that do not give rise to trigger events: 

Transactions in which a party acquires less than (i) a 15% interest in a qualifying entity in a high-risk sector or (ii) a 25% interest in a qualifying entity in a non-high-risk sector will not be a trigger event provided that the acquiring party does not obtain material influence over the policy of the qualifying entity. These provisions will provide comfort to minority investors in some types of acquisitions.    

The Bill does not envision BEIS adopting black lists or white lists: 

The new regime “will apply to investors from any country” and apparently will not put particular foreign countries on black lists or white lists. In addition, the government has expressly advised that it does not consider state-owned entities, sovereign wealth funds, or other entities associated with foreign states, to be “inherently more likely to pose a national security risk” than other parties from a national security perspective.

The Bill includes sanctions for non-compliance: 

The Bill grants the government authority to impose stringent civil and criminal penalties on parties that violate the new legislation by not complying with mandatory notification requirement obligations, breaching mitigation conditions, or supplying false or misleading information to BEIS.  

Judicial review:

Parties will have the ability to challenge the Secretary of State’s decisions made during national security reviews through the standard judicial review process.  

ii) Notable changes from previous consultations and unresolved issues

The Bill does not contain turnover or share of supply thresholds:

Unlike the Enterprise Act regime, the Bill does not contain minimum turnover or share of supply thresholds. A trigger event will not necessarily be excluded from review because it involves a small qualifying entity or qualifying asset of limited value. 

The Government expects a large number of notifications:

The government anticipates that parties will file between 1,000 and 1,830 notifications per year and that BEIS will call in between 75 and 90 trigger events. The government expects BEIS to impose conditions upon approximately eight to 10 transactions per year. These numbers would represent a massive uptick in filings and reviews. Since 2002, parties have not been subject to mandatory reporting requirements, and the UK government has reviewed a total of 12 transactions on national security grounds under the Enterprise Act regime.

The Bill removes national security reviews from the remit of the Competition and Markets Authority (CMA):

The Bill bifurcates merger control reviews from national security reviews. On a going forward basis, the CMA will no longer play a role in reviewing transactions on national security grounds. The government has advised that antitrust and national security reviews will proceed concurrently. In the relatively rare situation where a proposed CMA remedy presents national security concerns, the Secretary of State will have the authority to intervene and overrule the CMA.  

BEIS review process could be time consuming:

The Bill sets forth a proscribed schedule for reviewing trigger events and carrying out national security risk assessments, it is also understood that the notification form (due to be published shortly) will not be overly burdensome to complete.

However, in practice, the timeline for BEIS’s reviews may be less certain. The “clocks” for each of the relevant time periods (i.e., preliminary review, initial review, etc.) will stop running when the Secretary of State issues an information or attendance notice to a party and will only re-start after the Secretary of State subsequently issues compliance notices. In addition, BEIS and the parties can mutually agree to indefinite extensions. These features ultimately could result in lengthy and uncertain review periods.       

Defining scope of high-risk sectors will be important:

The government has stated that it expects that a subset of transactions within 17 specified sectors will require mandatory notifications. BEIS has published a consultation document that sets forth proposed definitions for the type of entities within each of the high-risk sectors that would require mandatory notifications. The government’s ongoing consultation process regarding the areas that require notification and pre-approval will be important in defining the nature of transactions that give rise to mandatory notifications. The consultation process will remain open for a period of 8 weeks, closing on January 6, 2021.

The Bill represents the dawn of a new era in the vetting of UK transactions on national security grounds. Assuming the Bill survives largely unscathed in its passage through Parliament, the new regime will require dealmakers to approach UK transactions that might involve national security considerations with much greater care. 


By London based Kirkland & Ellis partners Michael Casey and Marcus Thompson, and Georgia Cooper-Dervan

Gift this article