News and Publications

The National Security and Investment Act - a year on

Posted: 02/02/2023

Since the introduction of the National Security and Investment Act 2021 (the NSI Regime) at the beginning of 2022, the UK government has reviewed hundreds of mandatory notifications and called in many transactions for detailed national security assessments. Conditions were imposed on nine transactions and three transactions were blocked.

Typically, the transactions and arrangements receiving the most scrutiny have been in the national security sectors such as military, defence, dual use, critical suppliers to the government, artificial intelligence and data infrastructure. However, deals outside the typical national security sectors are not immune and a close eye should be kept on all transactions to ensure they are not caught by the NSI Regime.

Recap on the NSI Regime

The NSI Regime, on which we have previously commented, has been in force since January 2022. The NSI Regime sets out a statutory framework for the UK government to examine investments, acquisitions and certain contractual arrangements on national security grounds and, where appropriate, to impose conditions or even block deals where a national security risk is considered. 

Hailed as the UK’s foreign direct investment law, the NSI Regime is not actually limited to transactions involving foreign entities as it applies to both UK and non-UK investors or to direct investments as it can apply to intra-group re-organisations.

Transactions which are typically caught by the NSI Regime include the acquisition of full or partial control by UK or foreign acquirers in entities or certain assets with connections to the UK including but not limited to:

  • internal reorganisations;
  • gaining voting rights above certain thresholds;
  • the acquisition of minority interests above certain thresholds (including shareholding increases); and
  • the acquisition of interests in assets such as intellectual property rights (thus often capturing joint venture and collaboration deals). 

The NSI’s reach is also not limited strictly to corporate transactions and investments and may also apply to insolvency or commercial arrangements, licensing activities, financial arrangements, employee incentives and pensions, property arrangements and even the acquisition of assets/entities in a personal capacity (through inheritance or divorce) where rights of control or use or material influence are acquired.

Extraterritorial reach

The NSI Regime also has a wide extraterritorial reach. It can capture international transactions where the entity being acquired is neither based in the UK nor has any UK subsidiaries but where it has activities in the UK such as a warehouse or R&D facilities, supplies goods or services in the UK via distributors or has an asset that is used to provide goods or services in the UK.

NSI Regime overview

The NSI Regime consists of a mandatory regime, a voluntary regime and a Secretary of State (SoS) ‘call-in’ power. 

Mandatory regime
The mandatory regime is triggered by transactions and arrangements involving the acquisition of a right or interest (typically a holding of more than 25%) in a qualifying legal entity in one or more of the 17 key sectors[1]. There are no transaction or turnover thresholds. Clearance must be obtained before closing the transaction can occur. The consequences of failing to provide a mandatory notification are serious and could result in a void transaction, heavy fines, or a civil or criminal liability.

Voluntary regime
The voluntary regime applies to deals which ‘may raise national security concerns’ or may be of interest from a national security perspective but which do not fall within the mandatory regime, for example, where activities do not fall squarely within the key sectors.

As well as the triggers applicable to mandatory notification, the trigger events for voluntary regime include acquiring ‘material influence’ over a company and acquiring a right or interest to a qualifying asset. The reference here to assets is broad and includes land, tangible (moveable) property and intellectual property such as ideas, information, techniques or software which have economic value. It also includes acquisitions of land containing or located next to a significant asset such as a terminal, pipeline or storage facility and the transfer of IP/knowhow connected to key or innovative technologies. 

The SoS has the power to ‘call-in’ any transaction that is within the scope of the NSI Regime irrespective of whether it has been notified to assess its risk to national security. A call-in may be requested after the initial review and acceptance of the notification within 30 days by the Investment Security Unit (ISU). 

The call-in power also allows the SoS to ‘call-in’ and review transactions (before or after closing) that have not been notified up to five years after closing. These include a retrospective review of any transaction entered into after 12 November 2020. This is reduced to six months if the government is made aware of the transaction. 

Three risk factors are relevant in ascertaining whether a transaction is likely to be called-in and an acquirer should consider these to determine whether a voluntary notification should be made where a mandatory notification does not apply:

  • Target risk: what the entity being acquired does or is being used for, or could be used for, and whether it poses a risk to national security.
  • Acquirer risk: whether the acquirer - or its ultimate beneficial owners - might use the entity or asset to undermine national security. The SoS will look at the acquirer's sectors of activity, technical capabilities, links to other entities which could pose a risk national security, and whether the acquirer or its beneficial owner has links to criminal or illegal activities that have characteristics that indicate that there is or may be a risk to national security from the acquirer having control of the target.
  • Control risk: whether the amount of control that has been or will be acquired poses a risk to national security as a higher level of control may increase the level of national security risk.


Both the mandatory and voluntary regime require the submission of an online notification to the ISU which sits within the Department for Business, Energy and Industrial Strategy (BEIS). The ISU administers the NSI Regime via the online notification service. Although queries can be raised with the ISU, ultimately it is the SoS who decides whether to call-in a transaction and the outcome of any review.  

The notification forms require comprehensive and detailed disclosure regarding the transaction and the relevant parties. While the acquirer is responsible for submitting a notification, it is important for all the parties to the transaction to consider what will be required early on. Submitting clear and thorough notifications will ultimately ensure that transactions can be assessed quickly by the ISU which is beneficial to all parties.

Below is some of the key information which must be included within a notification.

  • All ‘additional’ acquirers who are gaining control at the same time and participating in the acquisition (parent company etc).
  • The country, times and dates of any notifications submitted to overseas investment screening regimes by the acquirer or its group companies in the last 12 months.
  • Full details of activities undertaken by the entity being acquired and, where appropriate, its subsidiaries and its connection to the key sectors. The acquirer should ask the entity being acquired to prepare information on its activities.
  • An explanation of how the transaction is caught under the NSI Regime (specifically the triggers).
  • Confirmation of notification being made to any other UK regulators.
  • Individual detailed corporate structure charts documenting the acquirer ownership structure and the pre-acquisition and post-acquisition structure of the entity being acquired as part of the transaction or arrangement.
  • Each structure chart must include clear details of the ultimate beneficial owner, shareholders with share or voting rights of more than five percent with full names, nationality, country of incorporation (where applicable) and full details of subsidiaries etc.
  • Full information about each member of the acquirer's board of directors including full name, date of birth, title and role and whether the individual is a politically exposed person.
  • The anticipated closing date of the transaction and any other key dates such as expected dates of other regulatory approvals sought.
  • Details about whether the entity being acquired is authorised to receive or hold information that has a UK government security classification. This includes information from a government public body, agency or department.
  • Details about any licences the entity being acquired holds to operate or carry out its activities in the UK.
  • A summary of any ongoing supply relationship or any supply relationship that the entity being acquired has had within the last five years with any UK government department, agency or public body in the key sectors.
  • A summary of any research and development the entity being acquired has undertaken in the last five years that has been partly or wholly funded by the UK government in defence, national security, infrastructure or law enforcement.
  • Information on whether any employees of the entity acquired - or contractors if it employs them - hold National Security Vetting clearance.
  • Information on any non-UK government party that has a role in the operation or decision-making of the entity being acquired. 

It is also quite helpful to add optional information about the purpose of the deal and, if possible, the benefits of the transaction. This can assist in limiting the risk of receiving extensive questions from the ISU at a late stage in the review process and can help facilitate clearance.


Following acceptance of a notification, which in our experience usually takes two to three working days, the SoS has a maximum of 30 working days to decide whether to clear a transaction or to call it in for a more detailed review. If the SoS reasonably suspects that there is or may be a risk to national security, it will conduct a detailed review. The SoS will have up to another 30 working days to do this, extendable by 45 working days in exceptional circumstances. Any further extensions must be agreed with the acquirer.

During the detailed review phase, the SoS has wide powers and can request further information to inform its assessment. The SoS may also interview relevant key persons within the acquirer and the entity being acquired to ascertain information about operations or future objectives of both the acquirer and the entity (group) being acquired. It is worth noting that the clock stops when such information requests are made, so the overall timeframe may be further extended and must be factored into the deal timetable.

Following a ‘call-in’ where national security concerns are identified, the SoS has powers to impose conditions on the transaction or to block the deal where necessary. 

If the SoS believes that national security may be compromised but can be avoided by imposing conditions around the arrangement it will do so. Typically, we have seen such conditions comprise of (one or more of the following):

  • restricting information-sharing between the entity acquired and its group and affiliates;
  • limiting the acquirers’ ability to influence key employee appointments within the entity acquired;
  • forbidding the appointment of acquirer representatives to the boards of certain entities withing the group acquired;
  • imposing a requirement for the appointment of a UK government observer to boards of certain entities within the group acquired;
  • making it an obligation to notify the UK government of any asset transfers or intra group reorganisation of the entities required;
  • permitting UK government agencies access to premises and information for audit of security measures;
  • imposing an obligation on the acquirer to get approval from the UK government before entering into certain commercial agreements or requiring the acquirer to give assurances relating to UK capabilities and supply arrangements.

Due diligence

Conduct thorough due diligence to ensure an accurate assessment can be undertaken as to whether the NSI Regime applies to the transaction. Consider previous acquisition activity and each aspect of the supply chain carefully to ascertain whether supply to key sectors is undertaken at any level.

Practical tips for specific transactions

  • For deals which involve minority investments the acquirer should consider whether the investment will result in the acquirer obtaining the right to appoint board members or have some other material influence over the entity within which the investment is to be made.
  • For deals that involve the purchase of real estate the acquirer should investigate whether tenants are engaging in any activities which might trigger mandatory notification such as changes in interests in the real estate. Where mandatory notification is not required but the real estate in question is located close to sensitive sites consider whether this would trigger a ‘call-in’.
  • For deals that involve intellectual property the acquirer should consider how intellectual property is protected and shared by the entity being acquired and ensure that appropriate security measures are in place to safeguard sensitive intellectual property.
  • For deals involving financing arrangements where a transfer of legal title is to occur, the acquirer should review whether the activities of the entity or its subsidiaries transferring legal title fall within the remit of the NSI Regime. If lenders are looking to enforce security, the lender should check whether the entity against whom security is to be enforced - or its subsidiaries – are involved in any activities set out in the NSI Regime.
  • For deals that involve an element of insolvency that permit the acquisition of voting rights or shares, receivers and liquidators should review the activities of the relevant entity to see whether they fall within the scope of the NSI Regime.

Deal protection - contract terms

The parties should consider the following when preparing acquisition documents setting out the deal.

Where a notification is submitted there should be: a condition precedent to completion that the relevant NSI Regime clearance has been obtained from the UK government as well as a longstop date for completion that addresses the timeline associated with a mandatory notification being made.

The contractual terms should document the agreement between the parties relating to the clearance application process, information sharing and co-operation (including call-in requirements and adverse assessment from the SoS. Regarding the latter, it may be advisable to document such arrangement in a separate document to ensure enforceability where the main transaction document becomes void.

Provide confirmation that earlier transactions entered into by the entity being acquired and, where applicable, any entities within its group of companies complied with the NSI Regime. This should include:

  • warranty/indemnity to cover any earlier transactions which may be at risk of being called-in by the SoS;
  • warranties that confirm that there has been no breach of any conditions imposed by the UK government for prior deals approved by the SoS with conditions;
  • warranties concerning accuracy of information supplied by the selling party regarding the activities of the entity being acquired and its contractual arrangements and, where applicable, entities within its group.

Final thoughts

Companies and investors contemplating transactions should not underestimate the reach of the NSI Regime. It applies to a wide range of transactions and arrangements including international transactions and arrangements with limited activities in the United Kingdom and can also catch transactions which give no obvious rise to national security concerns. 

Given the wide net cast by the NSI Regime, careful planning is required and an early transaction assessment of the position is always advisable. Any review of the position should include a detailed assessment of the relevant transaction structure, considering the application of the mandatory sectors as well as undertaking an overall risk assessment for a possible call-in. Where notifications are required, ensure that deal timetabling takes account of this as it  will help to ensure minimal deal disruption. 


[1] Advanced materials, advanced robotics, artificial intelligence, civil nuclear, communications, computing hardware, critical suppliers to government, cryptographic authentication, data infrastructure, defence, energy, military and dual-use, quantum technologies, satellite and space technologies suppliers to the emergency services, synthetic biology and transport.

Arrow GIFReturn to news headlines

Penningtons Manches Cooper LLP

Penningtons Manches Cooper LLP is a limited liability partnership registered in England and Wales with registered number OC311575 and is authorised and regulated by the Solicitors Regulation Authority under number 419867.

Penningtons Manches Cooper LLP