The National Security and Investment Bill has now had its second reading and is expected to come into force as early as April 2021. We take a look at what it will cover.

Key features of the draft Bill

• Notification of transactions: The Bill obliges anyone acquiring a stake of 15% or more in an entity that is active in certain specific sectors (see below) to notify the government of the transaction. Of the transactions that are notified, the government can scrutinise certain deals if they consider there to be a national security element. The government has 30 days to review the notifications and “call in” those which raise national security concerns. The indication from policy papers and commentary to date indicates that the vast majority of transactions will not be called in and – in particular – government has confirmed that the Bill will expressly forbid transactions being examined for economic considerations. There is also a broad voluntary regime where one can elect to give notice of a transaction that falls outside these parameters which otherwise might raise national security concerns.
• The target sectors: The mandatory notification obligation applies to 17 specific sectors. These are civil nuclear; communications; data infrastructure; defence; energy; transport; artificial intelligence; autonomous robotics; computing hardware; cryptographic authentication; advanced materials; quantum technologies; engineering biology; critical suppliers to government; critical suppliers to the emergency services; military or dual-use technologies; and satellite and space technologies. At first blush, these cover the usual suspects (defence, civil nuclear, critical suppliers to government/emergency services, military technology) but also a swathe of other more generic technologies that do not immediately raise national security question marks (such as transport or communications).
• Not a FDI regime: The Bill applies to UK buyers/investors as well as overseas acquirers. It also extends to non-UK targets so long as they carry out at least some operations in the UK.
• No safe-harbour or thresholds: The Bill does not contain any value thresholds beneath which notification is not required. So long as the investment exceeds the percentage thresholds, and involves a target sector, even very small transactions would appear to fall within the disclosure regime and could be subject to the more detailed review process.
• Remedies and sanction: Failure to notify where required, or other breaches of the regime, may result in civil fines of up to 5% of worldwide turnover or £10 million (whichever is higher) and/or criminal sanction (up to 5 years imprisonment). Importantly, any transactions covered by the mandatory regime which take place without clearance will be legally void. This has similarities to the remedies under the US CFIUS regime.
  
  

Second Reading: Key concerns

The second reading took place on 4 February 2021 where the House of Lords debated the Bill. This debate raised a number of concerns:

• Unclear definition of “National Security”: The Bill does not contain a definition of “national security”. The Bill appears to afford discretion without any guidance as to industrial strategy or geopolitical focus, raising concerns about the Secretary of State’s powers being drawn too broadly. The counter argument put forward by government was that avoiding a precise definition of national security allows the government the flexibility to respond to evolving threats whilst remaining absolutely committed to the free flow of trade and investment. This mirrors the approach of CFIUS which purposefully did not define national security to allow maximum flexibility in determining the outcome of a transaction.
• Bureaucratic headache: The mandatory and voluntary schemes could result in a debilitating bureaucratic process for the government to handle, meaning it is only able to focus on clearing backlogged notifications rather than considering carefully those transactions which are more likely to raise concerns.
• Impact on SMEs: The Bill could threaten investment into small firms and stifle growth. Under the previous CMA regime, the target business must have had UK turnover of more than £70million and the merger must meet a minimum 25% market concentration threshold. As there is no value or market concentration in the new Bill, even small businesses could be caught and therefore go through the notification process. It is expected that SMEs will make up 80% of the transactions under the new regime, almost none of which will be likely to raise concerns. On the flip-side, requiring SMEs to comply with this process (and delay their transactions whilst the review takes place) is disproportionately burdensome when weighed against the size of the transaction as a whole.
  
  

Shoosmiths’ views

Our concerns largely mirror those raised in the second reading of the Bill.

The government has indicated it expects circa 1,800 notifications per year but given the lack of any materiality threshold and the breadth of the target sectors the true number could be far higher. The regime has the potential to bring routine corporate transactions within scope, including venture capital investments and similar fundraisings which invariably involve technology businesses looking to scale quickly – all of which face the potential for disruption or delay if a notification needs to be made.

The UK’s regime appears somewhat unique in not imposing some sort of gateway threshold to filter transactions requiring disclosure review. For example, many European countries’ FDI-restrictions are not engaged unless the target business exceeds a certain annual turnover within the relevant jurisdiction. Alternatively, CFIUS has no value threshold but only applies to overseas investors (and specifically excludes a trusted group of countries – such as Canada, Australia and the UK). The UK’s regime contains neither exception.

Camilla de Coverly Veale, head of regulation at The Coalition for a Digital Economy, shares our reservations – in particular as to the unintentionally broad application of the Bill. She points out that further refinement within the target sectors may be necessary to separate out harmless uses of technology from higher risk areas:

“[The 17 target sectors] include rapidly developing, increasingly foundational technologies such as artificial intelligence, data infrastructure and cryptographic authentication. Because the Bill does not currently distinguish within sectors, Coadec are very concerned that significant numbers of (for example) irrelevant AI companies will be subjected to oversight. This would waste both company and civil servant resources and likely make capturing genuinely risky cases harder.”

Coadec supports the intention of the Bill while campaigning to refine its scope.

Practical considerations

• Don’t assume it doesn’t apply to you – This is a Bill to impact the full spectrum of transactions so it will be important to consider whether the regime applies at an early stage in any transaction and make any notification promptly so as to minimise any disruption to the transaction timetable.
• Historical application – The Bill will apply to any transaction entered into from 12 November 2020 with such transactions open to review retrospectively for up to five years post-completion.
• Transaction mechanics – Consider whether a degree of conditionality in respect of clearance being granted needs to be included for certain transactions. At the very least, this will introduce an interim period between signing and closing with the additional complexity this adds (e.g. conduct of business in the interim period, repeated warranties, price adjustments, etc.)