The United Kingdom's National Security and Investment Act (NSI Act) is scheduled to come fully into force on January 4, 2022. The NSI Act will create a new framework for the UK government to review so-called "trigger events," which include acquisitions and investments in which one party acquires "control" of a qualifying entity or a qualifying asset on national security grounds. Acquirers in certain trigger events will be obligated to notify and obtain clearance from the UK government prior to completing such trigger events. In addition, the UK government will have new powers to review and, in some instances, impose mitigation measures upon—or even block—trigger events to address national security risk.

The NSI Act represents a sea change in the UK government's approach to scrutinizing transactions on national security grounds. Once fully implemented, the NSI Act will create new challenges for parties acquiring or investing in UK companies and assets, as well as non-UK companies and assets that have a UK nexus.

NSI Act Framework

Under the NSI Act, trigger events occur when one party acquires "control" (as defined in the NSI Act) of a qualifying entity or a qualifying asset. More specifically, trigger events include transactions where a party:

• acquires or increases its interest in a qualifying entity such that it crosses any of the 25 percent, 50 percent, or 75 percent thresholds with respect to equity or voting rights;
• acquires voting rights in a qualifying entity that enables it to secure or prevent the passage of any class of resolution governing the affairs of the qualifying entity;
• obtains "material influence" over a qualifying entity; or
• acquires specified control rights over qualifying assets.

Through secondary legislation, the UK government has identified 17 high-risk sectors that are perceived to present an elevated national security risk. The Department for Business, Energy, and Industrial Strategy (BEIS) has published draft definitions for each of the following high-risk sectors:

• Advanced Materials
• Advanced Robotics
• Artificial Intelligence
• Civil Nuclear
• Communications
• Computing Hardware
• Critical Suppliers to Government
• Cryptographic Authentication
• Data Infrastructure
• Defence
• Energy
• Military and Dual Use
• Quantum Technologies
• Satellite and Space Technologies
• Suppliers to the Emergency Services
• Synthetic Biology
• Transport

For a subset of trigger events involving a qualifying entity operating in one or more of the 17 high-risk sectors (i.e., so-called "notifiable acquisitions"), acquirers will be subject to a mandatory notification and clearance requirement. In these notifiable acquisitions, the relevant acquirers must notify the Investment Security Unit (ISU) within BEIS of the trigger event, and obtain clearance before the closing of such a trigger event. The completion of such a transaction without taking these steps will result in the transaction being void. In addition, the acquirer in such transactions could face civil fines or criminal penalties.

The mandatory notification requirement will not apply to trigger events in which an acquirer solely obtains material influence with respect to a qualifying entity or acquires control over any qualifying asset. Parties participating in trigger events that do not give rise to notifiable acquisitions will have the option of submitting a voluntary notification to the ISU.

The ISU will be responsible reviewing all notifications submitted. In addition, the ISU will screen non-notified trigger events that the ISU may elect to call in unilaterally for review. The Secretary of State for BEIS will have ultimate responsibility for all decisions.

After receiving a mandatory or voluntary notification, the ISU will have 30 working days to determine whether the trigger event should be "called in" for a more in-depth national security review assessment. BEIS has indicated that it is most likely to call in acquisitions involving qualifying entities and qualifying assets in the high-risk sectors, as well as acquisitions in industrial sectors that are "closely linked" to one or more high-risk sector. If the ISU concludes that a full assessment is unnecessary, then it will clear the transaction.

When a trigger event is called-in, the ISU will carry out a full national security assessment. The ISU will have an initial period of 30 working days to analyze the trigger event after which the ISU can clear the trigger event, issue a final order imposing remedies, or extend the assessment period for an additional 45 working days. At the conclusion of the additional period, the ISU can clear the trigger event, issue a final order imposing remedies, or the parties can mutually agree to an extension of the assessment period. The ISU will consider target risk, acquirer risk, and control risk when determining whether to call in a trigger event. The ISU expects to exercise its call-in power when one or more of these risk factors potentially threatens national security.

Specific Issues

a. The NSI Act Regime Comes into Force on January 4, 2022, but the ISU Will Have the Authority to Retrospectively Review Certain Trigger Events That Completed Before That Date

BEIS has advised that the NSI Act will come into force fully on January 4, 2022. Acquirers to trigger events that complete after that date—including transactions that have signed prior to January 4, 2022 but do not close until after January 4, 2022—will be required to comply with the NSI Act requirements. Although the new requirements apply to acquirers, all parties to a trigger event that is a notifiable acquisition will be incentivized to ensure that all NSI Act requirements are fulfilled because failing to comply with such obligations could result in the trigger event being void.

The NSI Act also grants the ISU authority to retrospectively review transactions that are completed between November 12, 2020 and January 3, 2022. Given the ISU's look-back powers, parties negotiating or participating in trigger events scheduled to close before January 4, 2022 should consider the NSI Act. For example, parties may determine that submitting a voluntary notification to the ISU prior to January 4, 2022 to solicit the ISU's informal feedback on such a transaction is advisable.

b. The NSI Act Contains Few Jurisdictional Limitations for Trigger Events, but the Criteria for Notifiable Acquisitions Requires a More Direct UK Nexus

The NSI Act defines qualifying entities and qualifying assets broadly. Entities based outside the United Kingdom constitute qualifying entities for purposes of the NSI Act if they: i) carry on activities in the UK; or ii) supply goods or services to people in the UK. Assets outside of the UK that are used in connection with such activities and services are treated as qualified assets.

These far-reaching definitions will result in many non-UK entities and non-UK assets being characterized as qualifying entities and qualifying assets, which, in turn, will result in trigger events involving companies and assets with relatively tenuous connections to the UK. Parties to such trigger events may elect to submit voluntary notifications to the ISU, and the ISU will have the ability to call-in these trigger events for review.

Although a wide variety of transactions constitute trigger events due to the expansive definitions of qualifying entities and qualifying assets, the subset of trigger events that give rise to notifiable acquisitions is narrower. For a trigger event to result in notifiable acquisition, the relevant qualifying entity must carry on one or more activities described in the high-risk sector definitions within the United Kingdom. The jurisdictional limitation will reduce the number of trigger events that give rise to notifiable acquisitions.

c. The NSI Act Has a Limited Safe Harbor Provision

The NSI Act does not contain either minimum turnover or share of supply thresholds. As a result, transactions involving qualifying entities and qualifying assets of all types and sizes may constitute trigger events. For example, transactions involving small dollar investments or start-up companies may be trigger events subject to mandatory notification requirements. Furthermore, pursuant to the NSI Act, parties may be treated as an acquirer participating in a trigger event when they obtain an indirect or joint interest in a qualifying entity or qualifying asset or when they act with a common person or with another party with respect to a qualifying entity or a qualifying asset.

Also, the NSI Act does not distinguish between foreign and domestic parties. As a result, UK acquirers will be subject to the same notification standards and obligations as non-UK acquirers. In addition, the NSI Act does not contain any "black" lists or "white" lists to identify specific countries or parties that are considered to pose an elevated or reduced national security risk.

However, the NSI Act contains limited carve-outs for certain types of transactions. Transactions in which the acquirer obtains less than a 25 percent interest in a qualifying entity will not be a trigger event (or require a mandatory notification) provided that the party does not acquire "material influence" over the policy of the entity or obtain voting rights that allow it to secure or prevent the passage of any class of resolution governing the entity. In addition, only certain types of trigger events involving qualifying entities operating in high-risk sectors will give rise to notifiable acquisitions. Acquirers will not be subject to a mandatory notification requirement when they acquire control of a qualifying asset in a trigger event.

d. The UK Government Can Review Transactions on National Security Grounds Under the NSI Act and on Public Interest Grounds Pursuant to the Enterprise Act

After January 4, 2022, there will be multiple legal regimes pursuant to which the UK government can scrutinize transactions. The NSI Act will authorize, and in some instances require, the ISU to review trigger events on national security grounds. The Enterprise Act allows the Competition and Markets Authority to assess public interest considerations (i.e., stability of the UK financial system; maintaining the UK's capability to combat, and to mitigate the effects of, public health emergencies; and media plurality) in certain types of transactions. Dealmakers and investors will need to account for both frameworks. In some situations, the UK government may seek to review transactions pursuant to both the NSI Act and the Enterprise Act, which will create unique challenges.

e. The Commencement of the NSI Act Could Create Various Logistical and Timing Challenges

While the commencement date of the NSI Act is known, how the notifications and approvals associated with the new regime will operate in practice remains unclear. For example, the number of mandatory and voluntary notifications that parties will make once the NSI Act takes effect is unknown, as is the ISU's ability to process and review such filings. If the number of notifications exceeds BEIS's expectations, the ISU may be delayed in accepting notifications or may choose to call-in many trigger events to provide it more time for review. Parties to trigger events that are scheduled to complete in early 2022 should seek to account for these uncertainties.

Conclusion

As the commencement date of the NSI Act rapidly approaches, parties should consider how this new regime will impact investments, acquisitions, and licensing arrangements that will complete during the rest of 2021 and in early 2022. By taking proactive steps to understand how the NSI Act regime applies to such transactions, parties may be able to address and resolve many issues associated with this new legal regime.

For more information about the NSI Act, please contact Wilson Sonsini partners Mike Casey, Stephen Heifetz, Joshua Gruenspecht, Daniel Glazer, or Beau Buffier.