CFIUK Comes to Life: The National Security and Investment Act 2021
A new framework for foreign direct investments in the United Kingdom
The United Kingdom Government has adopted a CFIUS-style National Security and Investment Act (“the Act”).
The new law takes effect in later in 2021, but UK Government may look back at deals from November 2020 onward.
The Act is considered one of the most far-reaching systems in the world, carrying civil and criminal penalties for a failure to notify.
A notifiable acquisition completed without the approval of the Secretary of State is void (of no legal effect).
The UK Government has stated that it will work closely with investors to help ease the market into the new framework of investment rules.
In the broader context of governments all over the world scrutinizing foreign direct investments (“FDI”), the Act is meant to legislatively reform the UK national framework of transaction review, give the UK Government more power to investigate, and strengthen its control over FDIs that may implicate national security issues.
The new UK stand-alone regime is considered one of the most far-reaching systems in the world, carrying civil and criminal penalties for a failure to notify. The Act provides a wide jurisdictional ambit as it applies to both UK and overseas acquirers, provides no turnover or market share safe harbors, and captures a wide array of transactions. The Government’s Impact Assessment estimates that the Act will lead to a range of 1,000 to 1,830 notifications per year.
The Secretary of State for Business, Energy and Industrial Strategy (“Secretary of State” or “BEIS”) will execute and administer the new FDI controls. A brand new “Investment Security Unit” will be affected to the purpose of receiving the different notifications.
Below, we detail below the highlights of the new framework.
Rather than defining a foreign investment, the Act defines its scope through the prism of “trigger events”. Only those events activate the notification and review mechanisms and trigger the “call-in” power of the Government.
Trigger Event. A “trigger event” occurs when a person gains control of a “qualifying entity” or a person gains control of a “qualifying asset”. Those concepts are all defined in the Act:
Qualifying entity. An entity formed or recognised under the law of a country or territory outside the United Kingdom is a “qualifying entity” if it carries activities in the United Kingdom, or supplies goods or services to persons in the United Kingdom.
Qualifying Asset. A “qualifying asset” is either a land, a tangible (or, in Scotland, corporeal) moveable property, ideas, information or techniques which have industrial, commercial or other economic value. These assets can be trade secrets, databases, source code, algorithms, formulae, designs, plans, drawings and specifications or software.
Gaining Control. The notion of “gaining control” covers different scenarios. First, it concerns cases where the percentage of shares or voting rights in the entity the acquirer holds after the transaction increases from 25% or less to more than 25%, from 50% or less to more than 50%, or from less than 75% to 75% or more. Second, the acquisition of voting rights in the entity that (whether alone or together with other voting rights held by the person) enables the buyer to secure or prevent the passage of any class of resolution governing the affairs of the entity. Third, where the acquisition, whether alone or together with other interests or rights held by a person, enables this person to materially influence the policy of the entity. Fourth, it covers cases where a person gains control of a qualifying asset, i.e. if the person acquires a right or interest that enables the latter to use the asset or to direct or control how the asset is used.
Is filing mandatory?
The new Act provides for a twofold transaction notification regime where a notification can either be mandatory where it falls within one of 17 specified sectors or voluntary for other sectors.
In 17 sectors, a trigger event requires a mandatory notification. These sectors are thoroughly described in the “Government Response to the consultation on mandatory notification in specific sectors under the National Security and Investment Bill” published in March 2021.
At the moment, the industrial and economic sectors regarded as the most sensitive and hence most likely to raise national security concerns include:
Critical suppliers to government
Critical suppliers to the emergency services
Military and dual-use
Satellite and space technologies
Synthetic biology and transport
The determination of whether a particular transaction would be within scope of the mandatory regime is complicated by the fact that the definitions of the specified activities in the 17 specified sectors have not yet been finalised. The Government is expected to release regulations regarding notifiable acquisition to specify further the sectors subject to mandatory notification.
A notifiable acquisition completed without the approval of the Secretary of State is void (that is of no legal effect). A buyer who fails to comply with the mandatory notification and completes the acquisition despite having received the approval of the Secretary of State and without reasonable excuse commits an offence. The amount of the penalty is the higher sum between 5% of the total value of the worldwide turnover of the business (both in and outside the United Kingdom and including any business owned or controlled by the business) or £10 million (whichever is higher). There can also be a criminal prosecution for individuals leading to a fine or imprisonment for up to 5 years.
In other cases than the ones mentioned above, the Act provides for a voluntary option for the investor and entrusts the Government with the power to give a so called “call-in notice” if it reasonably suspects that a trigger event may give rise to a risk to national security. The Secretary of State must decide whether to reject or accept the acquisition at stake.
Between the foreign or domestic party, who is responsible for notification?
There is a difference in the Act pursuant to the type of notification. In the case of mandatory notification, the party responsible to secure the approval is the acquirer, i.e. the person that will gain control or acquire a right or interest by the transaction. Therefore, any penalty for failure to file would fall on the acquiring party. By contrast, in the case of a voluntary notification, either party may be responsible for submitting the appropriate notice to the Secretary of State.
What is the procedure for investment reviews under the Act?
The first step in the procedure of investment is typically the notification. The Act also empowers the Secretary of State to ‘call in’ statutorily defined transactions or other events to undertake a national security assessment whether or not they are notified. The UK Government then assesses the transaction within a 30-day period and decides, as soon as reasonably practicable, whether to reject or clear the transaction. In addition, the Government has the power to apply remedies to address risks to national security, as well as sanctions for non-compliance with the regime and the mechanism for legal challenge.
The Act provides for a “post-completion review” on transactions that were not notified. A call-in notice may be imposed retrospectively during a period of 5 years beginning with the day on which the trigger event took place. However, where the Secretary of State is aware of the trigger event, this period is shortened to six months from the day on which it became aware (for instance, where the acquisition was covered in the general press).
During the transition period between 12 November 2020 and the formal commencement date of the Act, no notifications are provided for under the act, but the Secretary of State will be able to call-in any deals from 12 November 2020 onwards.
Three outcomes may arise for a notified transaction: 1) approval, 3) approval under conditions or 3) prohibition. To reach an outocme, the Secretary of State takes into account factors mentioned in its “Statement of policy intent”. First, the target risk (the nature of the target and whether it is in an area of the economy where the government considers that risks are more likely to arise), secondly the trigger event risk (the type and level of control being acquired and how this could be used in practice) and thirdly, the acquirer risk (the extent to which the acquirer raises national security concerns).
Extension of screening period
The assessment period of 30 working days may be extended by 45 working days (i.e. the “additional period”) by the Secretary of State if the latter reasonably believes that a trigger event has taken place or that arrangements are in progress or contemplation which, if carried into effect, will result in a trigger event and that a risk to national security has arisen therefrom. This can also be extended if it reasonably considers that the additional period is required to assess the trigger event further. A voluntary period or further voluntary period may also be agreed by the Secretary of State.
Interim and final orders
The Secretary of State may impose interim orders to freeze the current status of the deal before the Secretary completes its review. The Secretary may also impose a final order providing for clearance, but subject that order to certain requirements. For both types of orders, the Government could require inter alia a person to do or not to do certain things, the appointment of a person to conduct or supervise the conduct of activities, or the disclosure of the order content. An order may be on a person’s conduct outside the United Kingdom if the latter has some links with the United Kingdom.
What information must be submitted to the Secretary of State?
The Act provides that the Secretary of State may request any information in relation to the exercise of its functions. An information request must specify the purpose for which it is given and state the possible consequences of not complying with the notice of that request. Secondary legislation will set out in detail what information will be required. However, it is likely to cover elements such as the entities affected, aspects of the transaction, the rights and ownership, as well as the identity of the parties or their ultimate beneficial owners.
We note that a person is not required to provide any information where that person would not be compelled to provide the information as evidence in civil proceedings before a court of the United Kingdom. Further, the disclosure of information is considered as an offence when it is made in contradiction with the Act. Finally, the disclosure of information by the Secretary of State to a public authority and vice-versa is permitted under the act.
What other agencies should be notified of a transaction?
The Act provides for some interactions with authorities other than the BEIS. The Secretary of State may direct the CMA to undertake action pursuant to Part 3 of the Enterprise Act 2002 in relation to the trigger event if it reasonably considers that the direction is necessary and proportionate for the purpose of preventing, remedying, or mitigating a risk to national security. The duty of the CMA to comply with a direction given applies notwithstanding any other duty imposed on the CMA. Moreover, other public authorities (including the CMA) may disclose information to the Secretary of State in order to facilitate the latter’s exercise of functions.
The Secretary of State may also exchange information with authorities outside the United Kingdom in the context of civil or criminal proceedings, for the purpose of protecting national security or the exercise of corresponding functions of overseas public authorities. With respect to the confidentiality of information disclosed in the newly defined process, the Secretary of State must consider whether the disclosure would unreasonably prejudice the commercial interests of any person concerned in the transaction. A person who receives such disclosed information may not use it for a purpose other than the purpose of facilitating the exercise by the Secretary of State of the functions it received under the Act.
Awareness is key – Stricter Scrutiny over FDIs across multiple jurisdictions
The Act comprises part of the international momentum towards strengthening the public arsenal of weapons to address threats embedded in foreign investments. The Act brings significant changes to the British investment and M&A framework. It broadens the range of investments in scope by removing the turnover and share of supply thresholds, including a new definition of entities and acquisitions of assets. The newly adopted regime emphasizes the “material influence” of an investor or buyer, which resolves the loopholes resulting from the implementation of thresholds in the merger review by the CMA.
Currently, the definitions of the Act are rather broad and cast the screening net as wide as possible. The concepts of qualifying entities and assets are striking examples of such rationale. The Act will most certainly create new challenges for investors, especially in cases of multijurisdictional deals that are likely to affect the national security of several countries.
Richard Masquelier, an intern at Sheppard Mullin contributed to this article.
 Or “harbours” for our international readers.
 Interestingly, the BEIS will take over that role from the Competition and Markets Authority (“CMA”) which had taken the duty of FDI review, though it is not precisely a competition issue.