It will usher in a new stand-alone national security vetting regime that will replace existing powers to scrutinise mergers on national security grounds. The Secretary of State for Business, Energy & Industrial Strategy (BEIS) will be the key decision maker, with significantly expanded powers to scrutinise and, where necessary, impose remedies on certain acquisitions and investments that have national security implications. The new regime will apply to investments/acquisitions by investors from any country, including the UK, and without any form of minimum turnover threshold or market share safe harbour.

It is expected that the new regime will operate from the end of the year, when secondary legislation brings the NSIA fully into effect.  Once operative, however, the NSIA may be applied retrospectively to certain transactions completed between 12 November 2020 (when the Bill was introduced to the House of Commons) and the commencement date. 


The NSIA, as enacted, is in much the same form as it commenced as a Bill. This is despite disquiet from stakeholders over the retrospective call-in power and the breadth of its application which, it was thought, might diminish the UK's attractiveness to prospective investors. 

One key change is that the lowest threshold for mandatory notification has been raised from 15% to 25%. However, the Secretary of State will still be able to call in acquisitions of shareholdings and voting rights that give the acquirer "material influence" over the target.  As yet there is no formal definition of material influence but the same concept is used in UK merger control, where it can arise out of shareholdings considerably lower than 25%, when combined with other interests such as a significant loan agreement between acquirer and target.  

The other main substantive development is that, following consultation, the government has published new draft revised definitions of the seventeen sensitive sectors for which mandatory notification will be required. The revisions reflect calls from stakeholders for greater clarity in the definitions and for a more limited application of the legislation in certain sectors. Some sub-sectors have been removed entirely (e.g. subcontractors have been removed from the category of critical suppliers to government). Other definitions have been refined (the transport sector has been amended to only include those entities that pose the greatest potential risk to national security) or narrowed (the communications sector definition now focuses on public communications networks, and artificial intelligence now focuses on three higher risk applications: the identification of objects, people, and events; advanced robotics and cyber security, services and associated facilities). 


Mandatory Notification For The Most Sensitive Transactions

Proposed acquirers of certain shares or voting rights in entities in the most sensitive areas of the economy will be required to pre-notify and obtain prior clearance for their acquisitions from the Secretary of State ("notifiable acquisitions"). Notifications are to be made to a dedicated government unit – the Investment Security Unit (ISU) – through a digital portal. 

A notifiable acquisition can occur with the acquisition of 25% or more of the shareholding or voting rights in an entity. The following will also be caught:

  • increases in shareholding or voting rights from less than 25% to more than 25%; from less than 50% to more than 50%; and from less than 75% to more than 75%
  • the acquisition of voting rights allowing the acquirer to pass or block a corporate resolution governing the entity's affairs.

The seventeen sensitive sectors where the mandatory notification regime will apply are: advanced materials, advanced robotics, artificial intelligence, civil nuclear, electronic communications, computing hardware, critical suppliers to government, critical suppliers to emergency services, cryptographic authentication, data infrastructure, defence, energy, engineering biology, military and dual use goods/technologies, quantum technologies, satellite and space technologies and transport.

A notifiable acquisition that is completed before being cleared by the Secretary of State will be void and the acquirer may be subject to criminal or civil penalties for completing the acquisition without clearance.

Powers To Call In Transactions For Full Assessment

The Secretary of State will have the power to "call in" acquisitions of control over qualifying entities or assets (“trigger events”) which give rise, or may give rise, to a national security risk, in order to undertake a full national security assessment. The call-in power may be exercised in respect of notified and non-notified transactions.

Trigger events occur where a person gains control of a qualifying entity or asset:

  • Qualifying entities include, for example, companies, limited liability partnerships, other bodies corporate, partnerships, unincorporated associations and trusts, but not individuals. An investor gains control where it:
    • increases its shareholding or voting rights in the entity to more than 25%, 50% or 75%; or
    • acquires the ability to pass or block a corporate resolution governing the entity's affairs; or
    • acquires the ability to materially influence the policy of the entity.

  • Qualifying assets cover land, tangible or moveable property, and ideas, information or techniques which have industrial, commercial or other economic value such as trade secrets, databases, algorithms, designs, software.  An acquirer gains control of an asset where it acquires the ability to use the asset, or to direct or control how it is used (or to do these things to a greater extent than previously). Asset acquisitions are not subject to mandatory notification, but may be called in.

The call-in power may be exercised during the five years following the trigger event (acquisition of control), but subject to a limit of 6 months from the time the Secretary of State became aware of the trigger event. The call-in power may also be used retrospectively, once the secondary legislation has brought the NSIA fully into effect ,  in order to call in trigger events that took place after 12 November 2020 (when the Bill was introduced), even if they took place before the new regime commences. The long-stop date for these retrospective call-ins is five years from the commencement date, but this can be reduced to six months by informing BEIS of the transaction prior to that date.  In practice, this is already leading many of our clients to inform the ISU about deals with any kind of national security implication.

According to the draft Statement of Policy Intent, when exercising the call-in power the Secretary of State will consider the following risks:

  • Target risk – the nature of the target and whether it is in an area of the economy where the government considers risks are more likely to arise. The economy is split for these purposes into three levels of risk:
    • core areas – the seventeen sensitive sectors where national security risks are more likely to arise (and mandatory notification applies for some types of trigger event);
    • core activities – primarily within the core areas, with regulations to identify specific activities where risks are most likely to arise and the call-in power most likely to be used; acquisitions of entities (not assets) involved in these activities will be subject to mandatory notification, but acquisitions of assets that are closely related to those activities are more likely to be called in than other asset acquisitions;
    • the wider economy – trigger events in the rest of the economy are considered unlikely to pose national security risks and are only expected to be called in on an exceptional basis.

  • Trigger event risk – the type and level of control being acquired and how this could be used in practice, for example whether it might involve:
    • gaining control of a crucial supply chain
    • obtaining access to sensitive sites
    • potential for disruptive or destructive actions, espionage, inappropriate leverage.

  • Acquirer risk – the extent to which the acquirer raises national security concerns; will be assessed on a case by case basis covering factors such as:
    • who is in ultimate control of acquirer
    • track record of acquirer in relation to other acquisitions/holdings 
    • whether acquirer is in control of other entities within a sector or owns significant holdings within a core area (as this increases their potential leverage)
    • any relevant criminal offences or known affiliations of any parties directly involved in the transaction.
Voluntary Notifications

There will be a voluntary notification system for acquisitions which fall outside the mandatory regime, to encourage notifications from parties who consider that their trigger event may raise national security concerns.  A draft notification form (the file name of which suggests it is specifically applicable to the voluntary process) is currently available here.

Assessment Process

Where a mandatory or voluntary notification is made the Secretary of State will have 30 days to call it in for full assessment.

Where a call-in notice is given (on a notified or non-notified transaction) there will be a 30 working day assessment period for deciding whether to impose remedies or take no further action. That period may be extended by a further 45 working days if more time is required and any additional period that may be agreed between the Secretary of State and the acquirer.

The assessment may result in:

  • notification that no further action will be taken; or
  • final orders to prevent, remedy or mitigate the national security risk – these could encompass behavioural or structural remedies, or in the more extreme cases (such as where the target represents a crown jewel in the UK's national security infrastructure) the blocking of transactions or full unwinding and 'put back' to the seller.

There will be a process for appealing the Secretary of State's decision to the High Court on the basis of judicial review.

Fines of up to the higher of 5% of worldwide turnover or £10 million, and/or imprisonment of up to five years, may be imposed for failure to comply with the new regime.


The Government has said it will continue to refine the sector definitions for the mandatory regime over the coming months. Other regulations need to be in place before the new regime can take effect. This includes regulations giving details of the form and content of the notices envisaged by the NSIA.  The Statement of Intent, describing how the Secretary of State expects to exercise the new call-in power and the three risk factors to be considered when deciding whether to use it, must also be laid before Parliament.

Once in force, the Government’s Impact Assessment predicts 1,000 -1,830 notifications under the NSIA each year, with around 70 to 95 detailed national security assessments, resulting in around 8 – 10 remedies decisions.  This shows that the vast majority of transactions will be able to proceed as planned, without intervention by the Secretary of State. Nonetheless, there will be a significant number where the parties are required, or elect, to notify. The consequences of failing to notify where required to are severe – the transaction will be void (incurring risk for both purchaser and seller) and the purchaser may face civil and criminal sanctions for failing to obtain clearance. 

Businesses and investors should already be factoring the new regime into their deal plans, and including appropriate conditions in their agreements. This is especially important where the transaction concerns one of seventeen defined sectors. The acquirer should consider informing the ISU if a transaction may be at risk of retrospective call-in after the new regime comes into effect, in order to shorten the period in which the call-in power could be exercised. This will need to be coordinated closely with any merger control strategy.

Lenders too will want to satisfy themselves whether a transaction they are financing, such as a property purchase or a company acquisition, could trigger a review. Taking security over shares or assets would not normally trigger application of the NSIA, but it may become relevant in the event that the lender enforces the security.   

Businesses are already encouraged to seek guidance from BEIS on the application of the new regime, particularly transactions that are due to complete before the regime comes into effect and may be considered for retrospective call-in after that date. The good news is that the Government does not expect many transactions to be called in under this power – as of April this year none of the transactions reported to BEIS had raised substantive concerns.  Prior to the enabling legislation coming into effect at the end of the year, BEIS is aiming to deal with any informal approaches that it receives within the same 30 day timeframe that will ultimately apply under the NSIA.

Key Contacts

Al Mangan

Al Mangan

Partner, Competition & Regulation

View profile
Rona Bar-Isaac

Rona Bar-Isaac

Partner, Head of Competition, Co-Head of Retail & Consumer Sector
London, UK

View profile