The UK Government has published the National Security and Investment Bill – a proposed law that will introduce a screening process for certain acquisitions and investments.
The National Security and Investment Bill has now had its second reading and our understanding is that if royal assent is given in May the rules could then come into force this autumn. We take a look at what it will cover.
Key features of the draft Bill
- Notification of transactions: The Bill obliges anyone acquiring a stake of 15% or more in an entity that is active in certain specific sectors (see below) to notify the Government of the transaction. Of the transactions that are notified, the Government can scrutinise certain deals if they consider there to be a national security element. The Government has 30 days to review the notifications and “call in” those which raise national security concerns. The indication from policy papers and commentary to date indicates that the vast majority of transactions will not be “called in” and – in particular – Government has confirmed that the Bill will expressly forbid transactions being examined for economic considerations. There is also a broad “voluntary” regime where one can elect to give notice of a transaction that falls outside these parameters which otherwise might raise national security concerns.
- The target sectors: The mandatory notification obligation applies to 17 specific sectors which will be kept under review and will be subject to updates to address emerging technology or newly identified national security risks. The current sectors are civil nuclear; communications; data infrastructure; defence; energy; transport; artificial intelligence; advanced robotics; computing hardware; cryptographic authentication; advanced materials; quantum technologies; synthetic biology; critical suppliers to Government; critical suppliers to the emergency services; military or dual-use technologies; and satellite and space technologies. At first blush, these cover the usual suspects (defence, civil nuclear, critical suppliers to Government/emergency services, military technology) but also a swathe of other more generic technologies (such as transport or communications) that do not immediately raise national security question marks or rapidly advancing and proliferating technologies (such as AI or quantum tech) which will have increasing prevalence as adoption across industries increases. The Government has released a response to industry consultation proposing draft definitions of the 17 sectors on 2 March. The draft definitions aim to set clearer parameters around what will and won’t fall within the remit of the Bill and to ensure that the more benign applications of the target sector technologies will not be captured. For example, the definition of Artificial Intelligence has been narrowed to specifically focus on three higher risk applications: the identification of objects, people, and events; advanced robotics and cyber security. The definitions will be further refined over the coming months and will eventually be set out in regulations following Royal Assent.
- Not a FDI regime: The Bill applies to UK buyers/investors as well as overseas acquirers and does not have exclusions for investors/buyers from “trusted jurisdictions” (unlike CFIUS where, for example, UK or Australian investors are exempt). It also extends to non-UK targets so long as they carry out at least some operations in the UK.
- No safe-harbour or thresholds: The Bill does not contain any value thresholds beneath which notification is not required. So long as the investment exceeds the percentage thresholds, and involves a target sector, even very small transactions would appear to fall within the disclosure regime and could be subject to the more detailed review process.
Remedies and sanction: Failure to notify where required, or other breaches of the regime, may result in civil fines of up to 5% of worldwide turnover or £10 million (whichever is higher) and/or criminal sanction (up to 5 years imprisonment). Importantly, any transactions covered by the mandatory regime which take place without clearance will be legally void. This has similarities to the remedies under the US CFIUS regime.
Second Reading: Key Concerns
The second reading took place on 4 February 2021 where the House of Lords debated the Bill. This debate raised a number of concerns:
- Unclear definition of “National Security”: The Bill does not contain a definition of “national security”. The Bill appears to afford discretion without any guidance as to industrial strategy or geopolitical focus, raising concerns about the Secretary of State’s powers being drawn too broadly. The counter argument put forward by Government was that avoiding a precise definition of national security allows the Government the flexibility to respond to evolving threats whilst remaining absolutely committed to the free flow of trade and investment. This mirrors the approach of CFIUS which purposefully did not define national security to allow maximum flexibility in determining the outcome of a transaction.
- Bureaucratic Headache: The mandatory and voluntary schemes could result in a debilitating bureaucratic process for the Government to handle, meaning it is only able to focus on clearing backlogged notifications rather than considering carefully those transactions which are more likely to raise concerns.
- Impact on SMEs: The Bill could threaten investment into small firms and stifle growth. Under the previous CMA regime, the target business must have had UK turnover of more than £70million and the merger must meet a minimum 25% share of supply threshold. As there is no value or share of supply in the new Bill, even small businesses could be caught and therefore go through the notification process. It is expected that SMEs will make up 80% of the transactions under the new regime, almost none of which will be likely to raise concerns. On the flip-side, requiring SMEs to comply with this process (and delay their transactions whilst the review takes place) is disproportionately burdensome when weighed against the size of the transaction as a whole.
Our concerns largely mirror those raised in the second reading of the Bill.
The Government has indicated they expect circa 1,800 notifications per year but given the lack of any materiality threshold and the breadth of the target sectors (albeit that this has been partially addressed through the proposed definitions published on 2 March) the true number could be far higher. The regime has the potential to bring “routine” corporate transactions within scope, including venture capital investments and similar fundraisings which invariably involve technology businesses looking to scale quickly – all of which face the potential for disruption or delay if a notification needs to be made.
The UK’s regime appears somewhat unique in not imposing some sort of gateway threshold to filter transactions requiring disclosure review. For example, many European countries’ FDI-restrictions are not engaged unless the target business exceeds a certain annual turnover within the relevant jurisdiction. Alternatively, CFIUS has no value threshold but only applies to overseas investors (and specifically excludes a trusted group of countries – such as Canada, Australia and the UK). The UK’s regime contains neither exception.
Camilla de Coverly Veale, Head of Regulation at The Coalition for a Digital Economy, shares our reservations – in particular as to the unintentionally broad application of the Bill. She points out that further refinement within the target sectors may be necessary to separate out harmless uses of technology from higher risk areas:
“[The 17 target sectors] include rapidly developing, increasingly foundational technologies such as artificial intelligence, data infrastructure and cryptographic authentication. Because the Bill does not currently distinguish within sectors, Coadec are very concerned that significant numbers of (for example) irrelevant AI companies will be subjected to oversight. This would waste both company and civil servant resources and likely make capturing genuinely risky cases harder.”
Coadec supports the intention of the Bill while campaigning to refine its scope.
The Government has taken on board some of the industry’s concerns about scope by tightening the 17 target sectors. We think this does go some way to addressing the scope issue, but we have doubts as to whether it is enough on its own. Further thought and consideration needs to be taken as to whether the Bill needs to be narrowed to achieve the stated aim of “strik[ing] a balance between ensuring our national security is safeguarded, while keeping the number of businesses caught by the mandatory notification regime to the minimum possible level”.
- Don’t assume it doesn’t apply to you – This is a Bill to impact the full spectrum of transactions so it will be important to consider whether the regime applies at an early stage in any transaction and make any notification promptly so as to minimise any disruption to the transaction timetable.
- Historical application – The Bill will apply to any transaction entered into from 12 November 2020 with such transactions open to review retrospectively for up to five years post-completion.
- Transaction mechanics – Consider whether a degree of conditionality in respect of clearance being granted needs to be included for certain transactions. At the very least, this will introduce an interim period between signing and closing with the additional complexity this adds (e.g. conduct of business in the interim period, repeated warranties, price adjustments, etc.)