The National Security and Investment Act 2021 ("the NSIA") allows the UK Government to block or impose conditions on transactions deemed to pose a national security risk. The UK Government has this week announced a review of the NSIA regime, including the scope of its mandatory notification requirements and of the notification process.
This follows on from the Government publishing its second Annual Report on the NSIA (and the first to cover a full year of its operation) earlier this year, providing further insights into the process, the related timings and the prospects of government intervention.
For a reminder of how the NSIA works see our three-part series covering the mandatory notification regime; the Government's 'call-in' power; and the consequences of failing to comply, the key risk factors and the NSIA's application to non-UK transactions. See also our February post summarising the orders made under the NSIA to that point, as well as the findings of the Government's first report that covered Q1 of 2022.
Review of the NSIA
The Government's call for evidence seeks views on the impact the regime has had on businesses and investors, the experience of those who have used the process, and the scope of the NSIA's application. It asks questions such as:
- Whether there are types of acquisition that are currently subject to mandatory notifications but should not be;
- Whether some types of internal reorganisation should be exempt;
- Whether the appointment of liquidators, official receivers and special administrators should be exempt;
- Whether Scots law share pledges should be exempted from notification (though this issue is likely to become redundant shortly due to changes in Scots law relating to security over moveable property);
- Whether public bodies should be exempt from mandatory notification; and
- Whether any of the activities covered by mandatory notification could be removed or clarified on the basis that the current approach catches activities unlikely to involve national security risks, is disproportionate to the compliance burden, and/or is insufficiently clear.
The Government is also considering expanding the scope of mandatory notification in some respects, including adding additional AI-related activity (e.g. in relation to generative AI) and creating new categories relating to semiconductors and critical minerals. It is also considering how it might improve its guidance to academia on when activities are likely to be called in under the NSIA. However, it is not considering exempting certain types of acquirer on the basis that they should be low-risk, for example UK buyers – this is unsurprising given the prevalence of UK investments in the number of deals called in and even made subject to controls, as set out below.
We expect that we will be submitting our own response to the call for evidence, but if you have any views on the NSIA that you would want to communicate to the Government, and would like assistance in framing those, please do get in touch (as per the end of this piece).
The NSIA In practice: 2022-23
The second Annual Report on the operation of the NSIA covered April 2022 to March 2023. In the course of that year, the UK Government's Investment Security Unit ("ISU") – formerly in the Business Department, now the Cabinet Office – received 866 notifications, 671 of which were under the mandatory regime. This is a slight slowdown from Q1 of 2022 when 222 notifications were received, 196 of them mandatory. That is a little surprising given that at least some deals that would ordinarily have completed after the NSIA came into force (on 4 January 2022) would have been accelerated to complete in late 2021 instead. We were therefore expecting the full 2022-23 number to be higher.
Of the other notifications, 180 were voluntary (with no breakdown as between entity and asset acquisitions) and 15 sought retrospective validation of a deal that should have been notified but was not.
In any event, the number is well below the 1,000 to 1,800+ notifications per year that the Government estimated it might receive when it first introduced the Bill, though that may simply reflect the subsequent raising of the minimum acquisition threshold from 10% to 25%. If so, then that would seem to vindicate those who argued that that lower threshold would have caught many more deals than necessary.
65 acquisitions were 'called in' for more detailed review during the period. 37 of those followed a mandatory notification, which equates to 5.5% of all such notifications in the year (though some called-in notifications will straddle reporting periods). 17 deals were called in following a voluntary notification, with that much higher 'hit rate' of 9.4% reflecting that a voluntary notification is only likely if the parties suspect the Government may have concerns over the deal. One of the 15 retrospective notifications was called in.
10 acquisitions were called in by the Government on its own initiative – i.e. without being notified by the parties. This demonstrates that the Government is monitoring M&A activity for deals that might be of interest.
The Government ultimately intervened in 15 deals across the period (14 of which were summarised in our February post – see below for the 15th). That is almost a quarter of the number of deals that were called in for a detailed review.
The Report records that the mean time for the ISU to accept notifications as complete (which starts the clock on the statutory time limit of 30 working days to clear or call-in the deal) was 5 working days – this is in line with both the ISU's own internal target and our own experience. However, if a notification was rejected, this process averaged12 working days for mandatory notifications and 9 working days for voluntary.
All notifications were either cleared or called in for further review within the 30 working day time limit. The mean time taken to call in a notification was 27 working days for a mandatory notification and 25 for a voluntary. While the Report does not record an average time for a first-stage clearance, experience suggests that parties should budget for the process to take more or less the full period.
43 notifications (5% of the number notified) were rejected at notification stage, with the main reason given for rejection being use of the wrong form. This illustrates the importance of knowing whether a deal is covered by mandatory notification even if the parties have decided to notify voluntarily – the ISU will insist on knowing which process is to be used.
Where the Government then cleared a deal following a call-in – by issuing a final notification – this process averaged 31 working days (though with a median figure of 25). While the statutory limit for the assessment is 30 working days, the Government can impose an additional 45 working day period where required.
Where a final order was made (i.e. the deal was blocked or made subject to conditions), the mean time taken following call-in was 77 working days, with a median figure of 81. In eight of the 15 cases leading to final orders, the maximum 75-working-day time limit was extended by agreement with the acquirer.
Most active sectors
As noted in our previous posts on the NSIA, mandatory notification applies to entities that are active in any of 17 sectors deemed to be highly sensitive. Transactions not subject to mandatory notification are most likely to be called in by the Government if they are in or closely connected to those sectors.
Among those 17 sectors, the most common to appear in mandatory notifications were:
- Defence (which appeared in 47% of all notifications);
- Critical Suppliers to Government (just over 20%);
- Data Infrastructure (just under 20%);
- Military and Dual-Use (around 15%); and
- AI (also around 15%).
The highest percentage of call-ins related to Military and Dual Use goods and technology (37% of call-ins), followed by Defence and Advanced Materials (both just under 30%).
Of the 15 transactions subject to a final order:
- military and dual use technologies and communications featured in four each, while defence, energy, computing hardware and advanced materials each featured in three.
- the investment originated from China (8 orders), the UK (4), the USA (3), Luxembourg (1), Jersey (1), the UAE (1), the Netherlands (1) and Russia (1) (note that a deal might involve investment from more than one country);
- five transactions were blocked or unwound, with the other ten cleared subject to conditions;
- four of the blocked transactions involved Chinese acquirers, and the other a Russian acquirer;
- three of those involved the Military and Dual Use sector, one the Computing Hardware sector and one the Communications sector.
Countries subject to call ins
For the first time, the Report provided some visibility of the origins of the investments considered by the Government. As noted above, the majority of the transactions subject to final orders in 2022-23 involved Chinese acquirers.
The Government has emphasised that each case is judged on its own merits and individual national security risks, but it is notable that 42% of call-ins involved investment originating in China. While the next most common countries of origin for called-in investments were the UK (over 30%) and the US (20%), such deals have at most only been made subject to conditions, often around ensuring that key goods, services or information would continue to be available to the UK Government.
The trends outlined in the Report (combined with the Q1 2022 figures and indeed our own experience) suggest that the key factors to consider when assessing the prospects of a notified deal being cleared (or whether to voluntarily notify a deal not subject to mandatory notification) include:
- The nationality of the acquirer – UK acquirers are likely to be lowest risk, followed by those from "friendly" countries such as NATO and EU member states, while Chinese buyers are most likely to face obstacles.
- The nature of the acquirer – acquirers in which foreign states have a significant shareholding are likely to attract closer scrutiny than those with purely private ownership, though acquisitions by individuals, families or trusts may be scrutinised for any individual political exposure.
- The nature of the target – deals in the 17 key sectors are unsurprisingly most likely to face scrutiny, including transactions not subject to mandatory notification (e.g. asset transfers). The more active or significant a company / asset is in the key sector, the more likely scrutiny is.
- The nature of the transaction – not all mandatory notifications are equal, and those that do not involve significant changes to ultimate beneficial ownership (e.g. internal reorganisations, tax planning arrangements within families, etc.) should be relatively low-risk.
There have been three additional orders made under the NSIA since our last update, and two since the end of the reporting period.
In February the Government imposed restrictions on the acquisition of power transmission engineering firm (and defence contractor) David Brown Santasalo S.A.R.L. by US-based private equity firm Stellex Capital Management LLC, requiring the target company to maintain continuity of supply in respect of "critical Ministry of Defence programmes" and to ensure the necessary production capability remains within the UK.
The acquisition of assets belonging to the University of Southampton by Canadian company Voyis Imaging Inc. resulted in a June order requiring Voyis to carry out due diligence checks on all new customers seeking to purchase the qualifying asset and to report this information to the UK Government on an annual basis. While the assets are not specified in the order, Voyis specialises in underwater imaging systems and was acquiring the assets via a licence, so it stands to reason that the assets involved underwater imaging technology. The UK Government's concern was that there might be a "potential military uplift" if foreign states were to gain access.
In August the Government cleared EDF's purchase of two GE businesses involved in the supply of propulsion systems to the Royal Navy (GE Steam Power Limited and GE Oil & Gas Marine and Industrial UK Limited), but subject to various security requirements including physical and information security requirements; governance arrangements to protect sensitive information; having a Government-appointed observer on the board of the new parent company and able to observe meetings of the acquired companies, and maintaining capacity and capability in relation to "critical Ministry of Defence programmes in the UK". The order also gives the Secretary of State 'step in' rights to take control of the business if necessary for the purposes of those programs.
The NSIA is now firmly embedded in the UK's M&A landscape, as shown by the number of deals notified since its introduction and the fact that this will be only a fraction of the deals in which its application had to be considered and ruled out. The call for evidence presents an opportunity to provide feedback on the NSIA and (hopefully) improve its scope and operation. However, the limited terms of the exercise confirm that the regime itself is here to stay.
While the Government had not taken any enforcement action as of the end of the most recent reporting period, it remains the case that there are potentially very serious consequences – for sellers as well as buyers – for non-compliance. Those involved in deals should plan accordingly, including keeping the NSIA at the front of their minds when considering deal budgets and timetables.