National Security and Investment Act 2021: key lessons one year on

The National Security and Investment Act 2021 (the "Act") celebrated its first anniversary last month. For a reminder of the Act's key provisions, see our previous posts on the Act's mandatory notification regime; the Government's 'call-in' power; and the consequences that can apply under the Act, the key risk factors for a deal and the application of the Act to non-UK transactions. We now have a year's worth of published orders (as well as a UK Government report on the Act's operation in Q1 2022), all helping to build a picture of how the Act is working in practice. This piece looks at the Act's first year of operation and the key lessons businesses involved in acquisitions and investments should take from that.

The Act in practice

The Department of Business, Energy & Industrial Strategy (BEIS) produced the first annual report of the use made of the Act, though because the Act came into force in January this only covered Q1 of 2022. Nevertheless, the report shows that in the first three months of the Act's operation, BEIS received 196 mandatory notifications, 25 voluntary notifications and one retrospective validation application (i.e, for a deal that should have been notified but wasn't). On an annualised basis these figures would track well below the Government's expectations of around 1800 notifications per year, though that estimate was made before the Act was amended to increase the minimum acquisition threshold from a 10% shareholding to 25%. It's also likely that some deals that would have been subject to mandatory notification were accelerated so as to complete before the Act came into force. The next annual report (which will cover April 2022 to March 2023) may therefore reveal higher annual figures.

The report also recorded that BEIS 'called in' 17 transactions for a full national security assessment in the quarter. In contrast, fewer than 20 transactions were reviewed by the Government between 2003 and June 2022 under the previous national security screening regime set out in the Enterprise Act 2002 (now superseded by the Act). While the report records no final orders (i.e. an order to block or place restrictions on a deal), it is now clear that this was simply a function of not enough 'call-ins' having reached the end of the process. In the second half of 2022 the Government imposed 14 final orders, including four in December alone. The Government has by no means been shy about making use of the new regime.

The Act has wide application

The call-in of US-based WindAcre's increased shareholding (27%, up from 9.6%) in UK-based Nielsen illustrates the importance of considering the Act even where a transaction may not ostensibly appear to be a threat to UK national security, or even to be primarily relevant to the UK at all. Nielsen invests in artificial intelligence (AI) for market research purposes, and AI is one of the sectors subject to mandatory notification (if the AI is used for certain purposes, including the identification or tracking of people, objects or events). Nielsen is listed in the US and generates nearly all its revenue there. It is also not obviously a business that would be thought of as giving rise to national security considerations. The fact that the Government called in the transaction immediately after its completion in April 2022 therefore just underlines the Act's broad reach (in terms of both its application to what might be considered a largely 'foreign' deal and the scope of activities that fall within its scope). Parties to non-UK transactions must therefore carefully consider the target entity's connection to the UK, and take appropriate advice if there is any uncertainty as to the Act's possible application.

Parties must also keep in mind the importance of complying with the mandatory notification regime, including the potentially severe consequences of failing to do so. While the rest of this blog focuses on deals that have been 'called in', blocked and/or made subject to conditions, they only provide lessons in relation to the risk of the Government taking action – parties must keep in mind that this risk is secondary to the initial question of whether a deal should be notified in the first place.

Blocked deals

At the time of writing five transactions have been blocked altogether under the Act, four involving potential acquirers with connections to China:

1. the intended conclusion of a licence agreement between Beijing Infinite Technology Company and the University of Manchester;
2. the proposed acquisition of UK-based Pulsic Ltd by Hong Kong firm Super Orange HK;
3. the proposed acquisition of HiLight Research Ltd by SiLight (Shanghai) Semiconductor Ltd; and
4. (most famously) the completed acquisition of a further 86% of Newport Wafer Fab by Nexperia.

In the first two cases the Government concluded that the technology involved could have dual-use applications – i.e. it could be used for military as well as civilian purposes. The Hi-Light order referred only to the technology being "used to build technological capabilities which may present national security risks to the UK". In Newport Wafer Fab / Nexperia, the Government was reported to be concerned that the deal could undermine UK semi-conductor capabilities and preclude Newport from becoming involved in projects relevant to national security. Nexperia is judicially reviewing the Government's decision, in the first challenge to be brought under the Act.

These decisions demonstrate the importance of understanding the underlying capability of the technology owned or licensed, and parties must carefully consider the potential dual-use applications of target technology regardless of their actual plans for the target. However, even dual-use application is not necessarily a deal-breaker: the investment by UAE-based Tawazun Strategic Development Fund LLC in Reaction Engines Limited (a UK-based company active in propulsion and thermal management technologies) was cleared subject to (unstated) provisions designed to alleviate the perceived national security risks, despite the Government concluding that the technology in question had dual-use applications and the deal risked sensitive IP being covertly accessed by "hostile actors", leading to "military uplift". The fact that the investor in this case was based in the UAE rather than China may have played a role in the different outcome of this case.

The fifth acquisition blocked was the acquisition of alternative broadband provider Upp by LetterOne, a firm co-founded by Russian oligarchs. The order did not identify any specific national security risk beyond stating that a risk related "the ownership of Upp … by the ultimate beneficial owners of LetterOne … and Upp's expanding full fibre broadband network". The focus was therefore clearly on the identity of the ultimate owners of LetterOne. The Government ordered that the deal (completed in January 2021) be unwound via divestment of 100% of Upp within a specified period, and also ordered Upp to carry out a security audit of its network prior to the sale.

Deals subject to conditions

It therefore appears that the risk of deals being blocked is highest where the acquirer is associated with states perceived to be 'hostile' to the UK, though even that is not necessarily fatal. Sichuan Development Holding Co. Ltd was permitted to acquire Gardner Aerospace (through its parent Ligeance Aerospace Technology Co. Ltd) subject to conditions restricting the sharing of information, requiring certain security measures and controlling both appointments to Gardner's board and the transfer of assets. Similarly, Chinese-owned Redrock Investment Limited was permitted to acquire a stake in Electricity North West Limited subject to restrictions on information sharing and key appointments (though this deal was subsequently abandoned). There were similar outcomes for a Chinese state-owned company's acquisition of development rights for the major Stonehill battery storage project and for China Power's acquisition of UK power generator XRE Alpha.

Orders have also been made in respect of acquirers from 'friendly' countries, which can still give rise to a UK national security risk where the target entity is engaged in sensitive activities. As well as the Tawazun / Reaction Engines deal noted above, the acquisitions of UK-based satellite service provider Inmarsat and atomic clocks manufacturer CPI by US buyers were cleared subject to conditions about the maintenance of UK capabilities. The purchase of telecoms firm Truphone by European investors (perhaps ironically, out of the hands of sanctioned Russian oligarchs) required the appointment of a Government-approved Chief Information Security Officer and implementation of certain security measures.

Even UK buyers are not necessarily 'safe': the acquisition by UK private equity firm Epiris of Sepura, a UK manufacturer of voice and digital solutions for businesses and emergency services, was cleared subject to obligations to maintain UK capabilities in repairing, servicing, and maintaining devices used by emergency services in the UK, implement enhanced controls to protect sensitive information and technology from unauthorised access, and provide relevant agencies with access rights for audit purposes.

The fact that a UK-to-UK deal was subject to such an order demonstrates that the Act is formally agnostic as to the nationality of the acquirer, unlike some equivalent foreign regimes. However, it would be naïve to think that nationality is irrelevant to how deals will be viewed – it will not be a coincidence that eight of the 14 orders made under the Act concerned Chinese buyers.

The Act covers more than just conventional 'takeovers'

Intra-group transactions, minority investments, and (under the voluntary notification procedure) the acquisition of control over assets such as land or IP can all be subject to review: the Beijing Infinite Technology Company / University of Manchester deal involved a licence agreement and was therefore not subject to mandatory notification, and nor was the above-noted acquisition of rights in the Stonehill battery storage project.

Moreover, the increase by French telecom group Altice of its stake in BT, from 12% to 18%, was called in for review retrospectively. This shows that the Government is prepared to review acquisitions of minority stakes in key entities even if they fall below the 25% threshold for mandatory notification.

Key lessons from the Act in practice

1. Where a target entity carries on activities or supplies goods or services in / to the UK, consider whether the transaction is subject to mandatory notification.
2. Buyers are increasingly insisting on detailed diligence and even warranties to ensure any activities of the target that would be covered by the Act are identified, and to give the acquirer comfort that they can point to a reasonable excuse for not having notified the deal if an issue is later identified.
3. Factor in sufficient time to accommodate any notification. The Government's Investment Security Unit (ISU) has an initial 30 working days to decide whether to call-in a deal for further review, and in our experience it would be prudent to budget for it to use the full period (though earlier decisions are certainly possible). If a deal is called in, the ISU has a further 30 to 75 working day period (further extendible by agreement) to carry out that more detailed review.
4. Ensure any notification is completed properly, to avoid additional delay from notifications being sent back for further information.
   
5. Contracts should explicitly address any mandatory notification requirement (or indeed any desire for voluntary notification), including:
   1. making completion conditional on notification and approval;
   2. provision relating to any clearance conditions, including how much discretion the acquirer should have over whether to accept and action those (which then draws in the usual issues that arise where there is a gap between signing and completion, e.g. repetition of warranties, further disclosure, material adverse change and other related provisions);
   3. acquirer obligations to allow the seller and its advisers a reasonable chance to review notifications and other documentation before submission and to keep the seller informed; and
   4. seller obligations to assist the acquirer in satisfying such conditions, including cooperation and the provision of information / documentation.

The Act's first year of operation has significantly affected transaction processes, and the acceleration of final orders imposed over the course of 2022 indicates that the UK Government is not hesitant to exercise its broad powers. Should you need advice on any aspect of the Act, please contact Charles Livingstone or your usual Brodies contact.