Overview Of The National Security And Investment Act 2021

31 May 2022

Author: Richard Gray



The National Security and Investment Act (NSI) came into force on the 4th January 2022 and reflects a global trend for more intervention in and scrutiny of national security issues. The government’s previous power to intervene in transactions on the grounds of national security concerns under, Part 3 of the Enterprise Act 2002 (Enterprise Act) were limited.The NSI was intended to modernise and broaden those provisions and provide additional certainty for all parties..It gives the government powers to scrutinise and intervene in business transactions, such as takeovers, to protect national security. Whilst the intention may have been to provide businesses and investors with the certainty and transparency they need to do business in the UK, early indications are that the broad scope of the Act has led to transactions which do not appear to give rise to any national security issues needing to be submitted for approval.

It is important to note that the ambit of this new regime is wider than traditional M&A deals. The trigger events, which are set out below, could include minority investments, as well as intra-group transactions and (in the context of the voluntary regime) acquisitions of or transactions giving control over assets such as land or IP.

Who is caught under the NSI Act?

The NSI Act can catch both foreign and domestic investors in any entity that carries on business in the UK. This means that the relevant sector in a deal and the trigger event thresholds need to be considered on all deals, even if the acquirer is entirely a UK entity

Transactions within the Scope of the NSI Act

The NSI applies to transactions that involve the acquisition of a specified level of control over certain qualifying entities or qualifying assets. Sections 5 and 7 to 12 of the NSI Act define a range of "trigger events" that may be subject to government scrutiny and intervention under the NSI regime.

Each trigger event involves a person (the acquirer) acquiring rights or interests conferring control over either:

  • A qualifying entity- i.e. any entity (other than an individual), whether or not a legal person.
  • A qualifying asset- i.e. land, tangible (or, in Scotland, corporeal) moveable property or ideas, information or techniques which have industrial, commercial or other economic value, and which are used in connection with either activities carried on the UK, or the supply of goods or services to persons in the UK (section 7(4)(c) and 7(6)).

The “trigger events” include:

  • The acquisition of votes or shares in a qualifying entity exceeding a threshold of 25% or 50%, or reaching or exceeding a threshold of 75%.
  • The acquisition of voting rights that enable or prevent the passage of any class of resolution governing the affairs of the qualifying entity.
  • The acquisition of material influence over a qualifying entity's policy.
  • The acquisition of a right or interest in, or in relation to, a qualifying asset providing the ability to: (i) use the asset, or do so to a greater extent than before the acquisition; or (ii) direct or control how the asset is used, or do so to a greater extent than before the acquisition.

Notification under the NSI regime

The NSI Act establishes a hybrid notification system that offers two routes for acquirers to notify transactions that are within the scope of the NSI Act for the purposes of obtaining a decision on whether the transaction gives rise to national security issues:

  • Mandatory Notification;
  • Voluntary Notification.

  • Mandatory Notification

The mandatory regime requires qualifying transactions to be notified for approval before they take place. The regime is intended to give the government the opportunity to intervene in potential acquisitions in sensitive sectors where the risks to national security have been identified as most acute.

The test for the mandatory notification regime is broadly in two parts, there must be: (i) a trigger event and (ii) the transaction must involve a qualifying entity in one of the 17 high risk sectors identified.

The trigger events for mandatory notification are:

  • The acquisition of more than 25%, more than 50%, or 75% or more of the votes or shares in a qualifying entity.
  • The acquisition of voting rights enabling or preventing the passage of any class of resolution governing the affairs of the qualifying entity.

What are the 17 Critical Sectors?

1.Advanced materials

2.Artificial intelligence


4.Critical suppliers to Government

5.Cryptographic authentication


7.Military and dual-use

8.Satellite and space technology


10.Advanced robotics

11.Civil nuclear

12.Computing hardware

13.Suppliers to the emergency services

14.Data infrastructure


16.Quantum technologies

17.Synthetic biology

A transaction that is subject to the mandatory notification regime will need to be notified irrespective of the parties’ combined share of supply or the target’s turnover.

Voluntary Notification

The voluntary regime allows parties to submit transactions for approval. The trigger events described above also apply to target entities that are not active in a qualifying sector – however, in those cases the notification is voluntary rather than mandatory. In addition, whether or not the transaction involves a target entity in a qualifying sector, there are trigger events which apply under the voluntary regime (i.e. which do not require mandatory notification).

These are as follows:

  • The acquisition of material influence over a qualifying entity’s policy.
  • The acquisition of a right or interest in, or in relation to, a qualifying asset providing the ability to use or control the asset (either entirely or to a greater extent).

Importantly, this part of the regime applies to the purchase of a wide range of assets including, intellectual property, any ideas, information or technique with industrial, commercial or other economic value and land. Therefore, the new requirements are not just restricted to M&A deals.

Parties to transactions falling outside the mandatory regime will need to consider carefully the risks of not notifying – the main risk is that the transaction may be “called-in” for detailed scrutiny, and if found to raise national security concerns, could be unwound. If in doubt, it is likely best to notify.

The Overriding “Call In” Power (Retrospective Application)

In addition to the above, the Secretary of State has the overriding power to “call-in” any transaction that is within the scope of the regime. This power can be utilised irrespective of whether a transaction has been notified. However, the Secretary of State must reasonably suspect that the transaction gives rise or may give rise to a risk to national security.

There are 3 principle areas which will be considered when deciding whether or not to call-in a transaction:

  • Target risk: Whether the target is or could be used in a manner that poses a risk to national security. Targets active in one or more of the 17 specified sensitive sectors and related areas are likely to score high in terms of this risk profile.
  • Acquirer risk: Whether the buyer has characteristics that suggest that the acquisition of control is, or could be, a risk to national security. The government may consider the buyer’s ultimate controller, its pre-existing holdings, and any previous or current criminal activities and links.
  • Control risk: Consideration of the amount of control being acquired. A higher level of control can be expected to result in an increased national security risk profile.

The call-in power can be exercised up to six months after the Secretary of State becomes aware of the transaction, provided that is within a long-stop of five years after completion. For mandatory notifications, however, the five year long-stop does not apply. The right to call-in has retrospective effect, so any relevant transactions entered into from 12 November 2020 may potentially be called-in. This means that it is critical for investors to consider the potential application of the new regime for all transactions completed from 12 November 2020 onwards which could potentially raise national security concerns.

Timetable for Processing Notifications)

The Investment Security Unit (ISU) is the body responsible for managing and administering the notification and screening regime under the NSI Act. The timetable for processing notifications is as follows;

  • 30 working days to review the notification; and
  • 30 working days, which may be extended by 45 working days and potentially a further voluntary period, to undertake the national security assessment. This means that the total time for review is up to 105 days (or even longer if a voluntary period is agreed).

If an ‘information notice’ or ‘attendance notice’ is issued at any point, the clock stops, and starts running either after compliance with the notice or the deadline given to comply has passed – this is to ensure that the government is not timed out of an investigation by the parties deliberately delaying proceedings.

Outcome of National Security Assessment, Notice and Publication of Decisions

At the end of the assessment period, the Secretary of State must either:

  • Issue a final notification clearing the trigger event. A copy of which must be given to each person to whom the call-in notice was given, confirming that no further action will be taken.
  • Make a final order where a national security risk has been found to arise, which imposes necessary and proportionate remedies for the purpose of preventing, remedying or mitigating that risk. A copy of this order must be served on anyone who must comply with the order, the recipients of the call-in notice, and any other person the Secretary of State considers appropriate.

In terms of publication, the Secretary of State is required to publish, as soon as practicable, notice of the fact that a final order has been. Information which would be likely to prejudice the commercial interests of any person or t which would be contrary to the interests of national security can be excluded from publication.

Sanctions for Non-Compliance

Completion of a notifiable acquisition without prior approval from the government constitutes a criminal offence. The sanctions for breaching this standstill obligation are potentially severe, including prison sentences of up to five years for the buyer’s directors. Additionally, civil sanctions include a penalty of up to 5% of the company’s worldwide group turnover and £10 million, whichever is higher. Crucially, a notifiable transaction that is completed without prior approval will automatically be void.

If you would like any further information, please contact Richard Gray or any of the Corporate team at Carson McDowell LLP.