Dealmakers have plenty of risks to ponder in UK draft national-security screening law

Would-be foreign investors into UK companies have seen the government this week lay out a regime for screening deals under national-security grounds that is so far-ranging, and would cover such a swathe of sensitive industrial sectors, that its ramifications will take years to become clear.

With the National Security and Investment Bill — introduced for lawmakers' scrutiny, revision and approval yesterday — Prime Minister Boris Johnson's government didn’t just make good on well-trailed plans to strengthen scrutiny of foreign deals, takeovers and investments: the landmark bill goes much further than the previous government's proposals from two-and-a-half years ago.

Its approach is in line with a global tightening of scrutiny over foreign direct investment, not least by the US and the UK's other “Five Eyes” security partners. Overseas entities looking to invest in British companies, assets or intellectual property have long been forewarned of greater state intervention over deals seen as posing security concerns.

Hints of things to come have been seen in the UK: in 2018, Theresa May's government widened the scope to intervene in transactions involving military or dual-use technologies and certain categories of advanced computer technology, by lowering the merger turnover-thresholds of deals under review. And earlier this year, the Covid-19 pandemic prompted Johnson's administration to extend intervention powers to include transactions impacted by health emergencies.

But the scope of reforms under the draft law now on the table, representing a top-to-tail overhaul of a 20-year-old regime, will still cause a stir and pose new corporate risks.

Mandatory notifications

The bill's headline features are arresting enough by themselves.

The deal-screening regime — covering investors from any country — would see the Competition and Markets Authority lose its role in national security reviews.

It would allow government intervention not just into company takeovers and stake purchases, but also into acquisition of assets and IP. Assets could include land or moveable property, while IP comprises ideas, information, or techniques with industrial, commercial or other economic value. There would be no minimum target sales or market-share thresholds generally applied to deals under review.

This is a leap beyond the 2002 Enterprise Act, which covers only acquisitions and shareholdings. It also permits intervention on public-interest grounds — including national security — only if the target has annual sales of more than 70 million pounds ($91 million), or where the merged business would have a market share of more than 25 percent. (The 2018 revisions reduced that sales threshold in some circumstances to 1 million pounds.)

In the new bill, transactions in 17 proposed industry sectors — ranging from defense, energy and civil nuclear power to artificial intelligence, autonomous robotics and space technologies — would have to be notified to a new investment security unit in the government’s business, energy and industrial strategy department.

This proposed mandatory notification system goes far beyond the voluntary regime in May's 2018 policy proposals, drawn up to feed into the new legislation. The bill now before Parliament has "evolved in some important ways," the government said this week, in order to counter evolving threats.

Given such radical tightening, companies and investors will be looking for explicit definitions of the raft of new obligations and industry classifications. Mandatory-notification deals that take place without clearance will be declared void, while noncompliance will land businesses with fines, and executives with prison sentences.

To that end, a government call for views on precisely which sectors or sub-sectors would be subject to mandatory notification should give companies and investors a clearer view.

Responses to the survey will help give early warning to potential buyers as to whether they need to notify. More broadly, they will contribute to the clarity of the eventual secondary legislation containing the final definitions, which the government intends to introduce before the bill passes into law next year.

Other deals, actions, decisions

The bill holds clamps, too, for transactions across other sectors not covered by mandatory notification.

Parties are encouraged to volunteer to notify "trigger events" — a change in control of a company or assets. But at the same time, the government has five years to retrospectively review completed deals that weren't notified on security grounds.

That power extends back as far as today. While transactions already completed are protected, the bill provides for the retrospective "call-in" power to be effective from Nov. 12 this year. This is a way of allaying government fears that a wave of deals could be rushed through while the bill goes through the legislative process.

Where deals prompt concern, the government’s remedial powers would be wide. As well as the nuclear option of blocking or unwinding deals, it would be able to impose conditions such as ordering reductions in a stake purchase, or restrictions on access to commercial information or work sites.

Investors would hear bad news quickly: The bill promises that decision-making will be "slicker and quicker," both for deals notified or subsequently called in. Timelines would be set out in law rather than on the current case-by-case basis, and typically would take no more than 30 working days.

Next steps and criticisms

As the bill runs the gauntlet of review by lawmakers, the government knows there will be clamor — as it well expects, given it is entirely replacing a two-decade-old review system that stressed a business-friendly approach.

The government has underlined that it will take a “targeted, proportionate approach” to mandatory filings, binding itself legally to assess deals on national security grounds only and not those of broader economic interest.

Much criticism will focus on fears that the expanded regime is disproportionate, and here concern is likely to zero in on the government's own impact assessment of the bill.

At the time of the 2018 policy paper, the government anticipated that its envisaged new regime would see around 200 notifications made per year. That has been revised up to an eye-watering estimate of 1,000 to 1,830 notifications per year.

Even the number of detailed national-security assessments that the government expects to be carried out each year, at 75 to 90, dwarfs the 12 carried out in all the years since the 2002 legislation came into force.

If the scale of the changes proposed in the bill don't give would-be investors pause for thought, that figure alone might.