On 4 January 2022, the UK’s National Security and Investment Act 2021 (NSI Act) came fully into force introducing for the first time obligations on companies in 17 specified sectors in the UK – including advanced robotics, artificial intelligence and quantum technologies – to notify the UK Government in the event of certain acquisitions of control. 

Relevance to emerging tech companies

Mandatory reporting to the newly formed Investment Security Unit (ISU) applies to specified sectors set out in secondary legislation and in UK Government guidance. They include traditional industries such as defence and military, as well as critical infrastructure (e.g. communications, data infrastructure, energy and transport), and advanced technologies (e.g. advanced materials, advanced robotics, artificial intelligence, computing hardware, cryptographic authentication, quantum technologies and synthetic biology). This focus on emerging technologies is not surprising as most mature foreign investment screening regimes across the world are increasingly seeking to protect critical industries and advanced technologies from “hostile actors”. Investors and acquirers will now need to carefully assess whether their investments in companies active in these sectors in the UK give rise to a mandatory filing. For tech companies that operate in any of the 17 specified sectors in the UK, consider whether a potential investment round could be structured in such a way to avoid the scope of the NSI Act, for example, by limiting the number of shares/votes or rights to be acquired. Alternatively, if that is not possible, and the transaction is covered by the NSI Act, factor in and allocate risk appropriately in the transaction documents, including through suitable representations from the investor, to address any potential UK national security risk(s).

Failure to notify an acquisition within scope in advance of the transaction closing carries serious consequences, with the acquirer facing fines of potentially up to 5% of the company’s worldwide turnover or £10 million (approx. USD 13 million), whichever is higher, potential imprisonment of up to five years and/or director disqualification, and the transaction itself being declared void.

This new regime represents the biggest shakeup of the UK’s national security framework in over 20 years, with the UK Government expecting in the region of 2000 notifications per year, compared to just 16 transactions reviewed to date since 2003 on national security grounds. That said, the UK Government is keen to emphasise that the UK remains “open for business” and that the “vast majority of deals will be able to proceed without delay”. 

Key aspects of the regime

If a target company is active in one of the 17 specified sectors in the UK (whether or not it is incorporated in the UK), a mandatory notification will be required if there is a “trigger event”: either (a) an increase of shares or in the percentage of voting rights held by the acquirer in the target company over a certain threshold (>25%, >50% or ≥ 75%); or (b) the acquisition of voting rights enabling the holder to pass or block resolutions governing the affairs of the target company.

Once a notification has been submitted and accepted, the ISU has a statutory 30 working days to decide whether to clear the transaction or to call it in for a more detailed, in-depth assessment. This in-depth assessment would last up to 30 working days, extendable by 45 additional working days (and even further if the parties agree). 

The UK Government can also “call-in” transactions in any sector (including asset deals) before or after the transaction takes place if they give rise, or may give rise, to a risk to national security in the UK. This power applies for a period of six months after completion for announced transactions and up to five years for unannounced transactions. 

Parties involved in transactions outside the scope of the mandatory notification regime might still want to assess the risk of the transaction being ”called-in” by the UK Government on national security grounds. Transactions in any sector can be “called-in” on the same “trigger events” identified above, but also where there is an acquisition of control through “material influence”, which includes a level of influence that is reasonably customary in the venture capital community. Certain asset deals are also captured by this “call-in” power. 

Interestingly, there is no definition of “national security” in the NSI Act, but the UK Government has published guidance on how it expects to use its “call-in” power on national security grounds. In essence, the UK Government will make its national security assessment based on three risk factors: target risk (i.e. the use of the target); control risk (i.e., whether the acquirer will gain significant control over the target); and the acquirer risk (i.e. the characteristics of the acquirer). Companies that are outside of the mandatory regime but are concerned about the risk of a possible “call-in” may submit a voluntary notification to provide certainty as to whether their deal raises national security concerns.

Practical tips and key takeaways

The new regime represents a significant change for the review of transactions on national security grounds in the UK and it remains to be seen how it will unfold in practice. The UK Government anticipates that the “vast majority” of transactions within scope will not raise substantive concerns, however, companies should expect greater scrutiny going forward, particularly as investments in the tech sector increase and there is a growing concern about protecting critical tech input. 

To successfully navigate the challenges of this new regime, companies should build-in additional time as part of their due diligence to determine whether a mandatory notification is required, especially for transactions involving target companies active in the UK in one of the 17 specified sectors. For all other transactions outside the scope of the mandatory regime, parties should consider whether their deal raises any national security issues and if so, whether a voluntary notification would be appropriate. Deal documentation should allocate risk appropriately and include provisions for preparing and submitting any necessary filings, as well as obtaining any relevant pre-closing approval from the UK Government. 

This article is produced by Cooley (UK) LLP for educational and information purposes only and is not intended and should not be constructed as providing legal advice and/or to establish an attorney client relationship.

Christine Graham is Special Counsel in the Competition team in Cooley’s London office. Find out more here.