Out-Law / Your Daily Need-To-Know

The UK’s new National Security and Investment (NSI) Act came into force on 4 January 2022, introducing new requirements for foreign direct investment (FDI) in certain business sectors with the potential to impact on national security.

The UK government considers that the NSI Act is going to result in far more regulatory scrutiny of transactions from an FDI standpoint. In June 2022, the then Department for Business, Energy and Industrial Strategy (BEIS) published a report setting out the notifications made in the first three months of the Act: officials received a total of 222 notifications during the three-month period between January and March, implying that around 1,000 notifications a year will be made. Increased intervention is also a clear trend: as of June 2023, five cases have been prohibited under the Act and a further 10 cleared subject to remedies.

The new regime creates notification requirements for certain transactions to the UK Investment Security Unit on either a mandatory or voluntary basis. The government has published guidance giving further detail on the process to expect.

Mandatory regime

Mandatory pre-notification requirements apply in respect of entities in ‘key sectors’. The requirements apply to transactions involving the acquisition of a 25% stake or more (or equivalent levels of voting rights, including certain ‘veto’ rights) in an entity, as well as certain acquisitions involving the acquirer moving from one level of interest (e.g. 25%) to a higher level of interest (e.g. over 50%). The entity must carry on activities in the UK or supply goods or services to people in the UK. There are no turnover or share of supply thresholds.


Read more from our 2023 foreign direct investment report


There are 17 sectors of the economy to which the mandatory regime applies. These are largely focussed on companies whose activities have a close link to UK government activities (for example entities in the defence sector supply chain or who supply products subject to UK export control); companies who are active in critical industries (for example energy asset operators, communications network operators); and companies operational in particularly sensitive industries (including advanced materials, artificial intelligence and cryptographic authentication). The full list is:

  • Advanced Materials
  • Advanced Robotics
  • Artificial Intelligence
  • Civil Nuclear
  • Communications
  • Computing Hardware
  • Critical Suppliers to Government
  • Cryptographic Authentication
  • Data Infrastructure
  • Defence
  • Energy
  • Military and Dual-Use
  • Quantum Technologies
  • Satellite and Space Technologies
  • Suppliers to the Emergency Services
  • Synthetic Biology
  • Transport

Where the mandatory notification requirements under the NSI Act apply to a transaction, the transaction will require approval from the UK secretary of state in the Cabinet Office (Secretary of State). Otherwise, a transaction closed without clearance will be void, and failure to notify can result in fines of up to 5% of global revenues or £10m (whichever is greater) and failure to notify is also a criminal offence.

Paul Williams

Paul Williams

Senior Associate

The UK government considers that the NSI Act is going to result in far more regulatory scrutiny of transactions from an FDI standpoint

On 10 November 2021, the final form regulations were published specifying the ‘key sectors’ and defining activities falling within each of these sectors for NSI purposes. As the regulations are technical in nature, the Investment Security Unit published further guidance to assist businesses in interpretation of their practical application. This guidance explains when activities are caught by the regulations and circumstances in which activities fall outside of its scope.

By way of example, under the regulations, one of the activities included in the artificial intelligence sector is those activities carried out with the purpose of “identification or tracking of objects, people or events”. The new guidance assists in providing detail on what is meant, for example, by “identification”: it explains that this can include three different categories of identification including human identification, object identification and event identification.

The guidance further expands this by providing illustrative examples for each of the three categories. For example, “human identification” can consist of audio and speech recognition, emotion recognition and facial recognition amongst others, whilst “object identification” can include the likes of automated vehicle parking systems, object detection and human or object surveillance systems. The latest guidance provides some much-needed assistance for businesses in how to apply their activities, services and products to the key sectors prescribed in the regulations.

Voluntary regime

Where transactions are not notifiable acquisitions, a voluntary regime applies (the ‘call-in’ regime). A transaction may be notified voluntarily if the parties are concerned about national security issues arising or, where a transaction is not notified, it can be 'called-in' for a national security review by the Secretary of State.

The range of transactions potentially caught under the ‘call-in’ regime is wide, and much wider than that for mandatory notification. As with the mandatory regime, it includes acquisitions of more than 25% of the shares or voting rights, or material influence, in an entity, as well as certain acquisitions involving the acquirer moving from one level of interest to a higher level of interest. The voluntary regime also applies to the acquisition of certain rights or interests in “qualifying assets” giving control/use in relation to the asset. The provisions relating to qualifying assets are potentially wide and include land; tangible (moveable) property; and ideas, information or techniques which have economic value. Examples could include: acquisitions of land containing, or located next to, an asset of importance (e.g. next to a terminal, pipeline, storage facility); transfer of IP/knowhow related to critical or novel technologies; and plans of future key UK assets.

Unlike the mandatory notification provisions, the 'call-in' regime is sector agnostic.  However, ‘call-ins’ are much more likely in transactions closely related to the mandatory notification sectors (e.g. asset acquisitions in one of the sectors).

National security concerns and potential remedies

There is no definition of “national security” in the legislation and the UK government resisted attempts to include a definition during the parliamentary process as it wishes to retain flexibility. The government has, however, noted that it will initially be focused on the following potential national security risks:

  • risks of espionage (the ability to access unauthorised and highly sensitive information through for example access to key sites);
  • risks of disruption (the ability to disrupt key systems and processes, e.g. key supply chains); and
  • risks of excessive leverage (the ability to exploit an investment to influence the UK).

In assessing these factors, the Secretary of State will consider the ‘acquirer’, ‘target’ and ‘control’ risk in relation to a particular transaction. Further detail on the types of transactions which could raise national security concerns and in which the Secretary of State expects to use its ‘call-in’ powers, are set out in a statement published by the UK government in November 2021 (and updated in April 2023)

If the Secretary of State does find national security concerns, it may ultimately impose remedies. These could include prohibition of transactions (if not completed) or unwinding (if completed); restrictions/controls on access to sensitive sites; restrictions on access to confidential information; supply chain remedies; intellectual property transfer remedies; and compliance, monitoring, and personnel remedies. The expectation is that less intrusive remedies will be preferred to the prohibition of acquisitions in most cases.

General guidance

In November 2021, the UK Investment Security Unit published new guidance on how the Secretary of State intends to procedurally deal with notifiable acquisitions under the NSI Act. A further guidance note was published in July 2022 (and updated in April 2023).

Notification procedure

NSI notifications can be made online.

There are three variations of the online notification form, depending on the type of notification application. These are:

  • a mandatory notification form for any acquisitions falling within the key sectors
  • a voluntary notification form for any other transaction which a business may consider raises national security concerns but falling outside of the mandatory notification regime
  • a retrospective validation form that can be submitted in the event an acquisition within the mandatory notification regime was completed without seeking the approval of the Secretary of State.

The Investment Security Unit will only accept a valid notification form and commence review of the transaction once it is satisfied that all the prescribed information has been included in the application. In general, the Investment Security Unit declares a submitted notification 'complete' within 1-3 working days. Differing information is required depending on the nature of the notification being made, including:

  • details on the structure of the transaction
  • information on the target’s activities and ownership
  • information on the purchaser’s activities, ownership and corporate management.

Further guidance on completing a notification form was also published on 4 January 2022.

If the necessary information has not been provided with the notification form, the Investment Security Unit will reject the application “as soon as reasonably practicable after receiving it”. In these circumstances, the reasons for rejection will be outlined and the applicant may be required to submit a fresh notification form with the additional required information.

Review period

Once a valid application has been accepted, a ‘review period’ will commence which gives the Secretary of State 30 working days to assess the acquisition and reach a decision to either provide full clearance or to call-in the transaction for a full national security assessment. The 30 working day deadline commences only once the Investment Security Unit has confirmed by email that the notification has been accepted as valid.

Assessment period following call-in

If, following the expiry of the review period, the Secretary of State has decided to ‘call-in’ the transaction for a full national security assessment, a further assessment period will commence. This again lasts 30 working days but may be extended by up to 45 working days. During the assessment period, the Secretary of State has the power to issue one of the following measures:

  • interim orders – these can be served at any time and are intended to prevent businesses and parties to the acquisition from taking any steps to undermine conditions that may be imposed in a ‘final order’ following the assessment period. An interim order is similar in nature to the ‘initial enforcement order’ that can be served by the CMA in a merger investigation. Parties will be prevented from exchanging confidential information, accessing sensitive sites or assets and be subject to compliance requirements.
  • information notices – these can be served if the Secretary of State requires further information to assess the transaction. If served during the assessment period, the 30 working day clock can be stopped and will only restart once the information has been adequately provided. Information notices, unlike interim orders, can also be issued in the review period, but this will not ‘stop the clock’.
  • attendance notices – these will be served by the Secretary of State where the parties’ attendance is required at a meeting relating to the Investment Security Unit's investigation of the transaction. As with information notices, the clock can be stopped in the assessment period only.
Practical effect on negotiation and completion

Parties are not prohibited from progressing negotiations of the acquisition whilst the Investment Security Unit conducts its national security review, however, completion of the acquisition must not take place if it falls within the mandatory notification regime as it will be rendered legally avoid for lack of government clearance.

Even if the transaction falls outside of the mandatory regime, parties should still carefully consider whether to make a voluntary notification, and if not, whether to proceed with completion of an acquisition that has been ‘called-in’ for national security assessment by the Secretary of State given the acquisition can later be unwound with parties suffering the attendant time and cost consequences of complying with the decision. Additionally, parties must not complete an acquisition if an interim order has been served and must carefully consider how to proceed with negotiations whilst ensuring compliance with terms of the interim order.

Confidentiality and publication of NSI reviews

The government has confirmed it will not be routinely publishing details of either when an acquisition has been called-in for review following the review period or when an interim order is issued to parties. The UK Cabinet Office will publish an annual report giving a general overview of cases reviewed under the new regime. Details of any national security assessments are only likely to become public once the Secretary of State has served a notice of ‘final order’ on the parties. The final order can consist of either:

  • approval of the acquisition subject to conditions; or
  • blocking of the acquisition altogether.

All sensitive information will be removed by the Investment Security Unit prior to publication. At present, Investment Security Unit guidance suggests there will be no publication of so-called ‘final notifications’ that are issued for acquisitions that are fully cleared without any conditions.

Practice to date

The vast majority of cases under the Act are cleared without further action from the Secretary of State; however we are now seeing the first examples of use of powers under the Act to intervene in transactions. As of June 2023, a total of five cases have been prohibited under the Act, with a further 10 cases cleared subject to remedies. The cases drawing this type of scrutiny have been in the ‘military and dual-use’, ‘defence’, ‘energy’, ‘computing hardware’ and ‘communications’ sectors.

Certain trends have emerged from BEIS practice to date:

  • Cases involving Chinese based investors are attracting particular scrutiny: all prohibitions to date have involved the proposed acquisition of UK assets or entities by Chinese acquirers.
  • The acquisition of companies which are active in technology that is used in the defence supply chain have been scrutinised. This includes the acquisition by Chinese, UAE and US investors of companies with technology that has dual-use military application, including vision sensing, integrated circuit technology and rocketry technology, with remedies required for clearance.
  • Acquisitions in the energy industry have also been subject to scrutiny: for example the acquisition of a minority interest in Electricity North West (an electricity distribution network) by a Chinese investor has been cleared subject to remedies on information access and the influence the acquirer can have over senior staff appointments, while the acquisition of development rights for an energy storage project by a Chinese investor has been cleared subject to a requirement for UK government approval before the appointment of the power offtake operator, and remedies on information access.

Nexperia’s purchase of Newport Water Fab has been particularly controversial. The Secretary of State has ordered that this acquisition by a Chinese investor be prohibited as it has identified a national security risk in relation to "technology and know-how that could result from a potential reintroduction of compound semiconductor activities at the Newport site, and the potential for those activities to undermine UK capabilities" and that "the location of the site could facilitate access to technological expertise and know-how in the South Wales Cluster ('the Cluster'), and the links between the site and the Cluster may prevent the Cluster being engaged in future projects relevant to national security". 

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.