The National Security and Investment Bill, introduced in the House of Commons on 11 November 2020, will bring in a stand-alone national security vetting regime to replace existing powers under the Enterprise Act 2002 to scrutinise mergers which give rise to national security considerations. It will be separate from the CMA's merger control process and the Secretary of State for BEIS will be the key decision maker. The new regime will apply to investments/acquisitions by investors from any country, including the UK, and there is no minimum turnover or market share safe harbour.
The Bill provides powers for the Secretary of State to scrutinise and, where necessary, impose proportionate remedies on specific acquisitions of control of qualifying entities and assets. It goes considerably further than the proposals in the 2018 White Paper, in particular with the addition of a mandatory notification regime for higher risk transactions.
- Mandatory notification
Proposed acquirers of certain shares or voting rights in entities in the most sensitive areas of the economy will be required to notify and obtain prior clearance for their acquisitions from the Secretary of State ("notifiable acquisitions").
A notifiable acquisition can occur where shareholdings or voting rights in an entity are increased to 15% or more. The following will also be caught:
- increases in shareholding or voting rights from less than 25% to more than 25%; from less than 50% to more than 50%; and from less than 75% to more than 75%
- acquisitions of voting rights allowing the acquirer to pass or block a corporate resolution governing the entity's affairs.
There are 17 sensitive sectors: advanced materials, advanced robotics, AI, civil nuclear, electronic communications, computing hardware, critical suppliers to government, critical suppliers to emergency services, cryptographic authentication, data infrastructure, defence, energy, engineering biology, military and dual use goods/technologies, quantum technologies, satellite and space technologies and transport. A consultation has been opened on the definition of sectors/parts of sectors and types of entity within those sectors that should fall under the mandatory regime.
A notifiable acquisition that is completed before being cleared by the Secretary of State will be void and the acquirer may be subject to criminal or civil penalties for completing the acquisition without clearance.
- Call-in power
The Secretary of State will have the power to "call-in" acquisitions of control over qualifying entities or assets (“trigger events”) which give rise, or may give rise, to a national security risk, to undertake a national security assessment. The call in power may be exercised in respect of notified and non-notified transactions.
Trigger events occur where a person gains control of a qualifying entity or asset:
Qualifying entities include, for example, companies, limited liability partnerships, other bodies corporate, partnerships, unincorporated associations and trusts, but not individuals.
- increases its shareholding or voting rights in the entity to more than 25%, 50% or 75%
- acquires the ability to pass or block a corporate resolution governing the entity's affairs
- acquires the ability to materially influence the policy of the entity.
Qualifying assets cover land, tangible or moveable property, and ideas, information or techniques which have industrial, commercial or other economic value such as trade secrets, databases, algorithms, designs, software. An acquirer gains control of an asset where it acquires the ability to use the asset, or to direct or control how it is used (or to do these things to a greater extent than previously). Asset acquisitions are not subject to mandatory notification, but may be called in.
The call in power may be used:
- up to five years after the trigger event, subject to this being done within 6 months of the Secretary of State becoming aware of the trigger event
- retrospectively, to call in trigger events that take place after the introduction of the Bill to the House of Commons (and before its commencement as legislation).
According to the draft Statement of Policy Intent, when exercising the call in power the Secretary of State will consider:
Target risk – the nature of the target and whether it is in an area of the economy where the government considers risks more likely to arise. The economy is split for these purposes into three levels of risk:
- core areas – the headline sensitive sectors where national security risks are more likely to arise (and mandatory notification applies for some types of trigger event)
- core activities – primarily within the core areas, with regulations to identify specific activities where risks are most likely to arise and the call-in power most likely to be used; acquisitions of entities (not assets) involved in these activities will be subject to mandatory notification, but acquisitions of assets that are closely related to those activities are more likely to be called in than other asset acquisitions
- the wider economy – trigger events in the rest of the economy are considered unlikely to pose national security risks and are only expected to be called in on an exceptional basis.
Trigger event risk – the type and level of control being acquired and how this could be used in practice, for example whether it might involve:
- gaining control of a crucial supply chain
- obtaining access to sensitive sites
- potential for disruptive or destructive actions, espionage, inappropriate leverage.
Acquirer risk – the extent to which the acquirer raises national security concerns; will be assessed on a case by case basis covering factors such as:
- who is in ultimate control of acquirer
- track record of acquirer in relation to other acquisitions/holdings
- whether acquirer is in control of other entities within a sector or owns significant holdings within a core area (as this increases their potential leverage)
- any relevant criminal offences or known affiliations of any parties directly involved in the transaction.
- Voluntary notification
There will be a voluntary notification system for acquisitions which fall outside the mandatory regime, to encourage notifications from parties who consider that their trigger event may raise national security concerns.
- Assessment, outcome and appeals
Where a mandatory or voluntary notification is made the Secretary of State will have 30 days to call it in for full assessment.
Where a call-in notice is given (on a notified or non-notified transaction) there will be a 30 working day assessment period for deciding whether to impose remedies or take no further action. That period may be extended by a further 45 working days if more time is required and any additional period that may be agreed between the Secretary of State and the acquirer.
The assessment may result in:
- notification that no further action will be taken; or
- final orders preventing, remedying or mitigating the national security risk.
There will be a process for appealing the Secretary of State's decision to the High Court on the basis of judicial review.
Fines of up to the higher of 5% of worldwide turnover or £10 million, and/or imprisonment of up to five years, may be imposed for failure to comply with the new regime.
The Government’s Impact Assessment predicts between 1,000-1,830 notifications per year (considerably higher than the 200 notifications estimated by the 2018 White Paper) and around 70 to 95 detailed national security assessments each year, resulting in around 8 – 10 remedies decisions.
Businesses contemplating deals should be considering whether the transaction could be subject to review and should draft the transaction documents mindful of the risk that the deal may be called in.
- Progress of the Bill
The Bill has had its first reading in the House of Commons. At time of writing, a date for its second reading has not been set, but that should go ahead before the end of November. The remaining stages in the House of Commons and House of Lords could take several months and there is scope for vigorous debate during those stages on its scope and impact for business – particularly in relation to mandatory notification and the retrospective element of its application – and for intensive lobbying on the definitions in the 17 sensitive sectors. We expect the Bill to pass into law, but we may well see material changes to its provisions before it does.