By now you may have heard of or been involved with arrangements impacted by, or requiring notification under, the National Security and Investment Act 2021 (“the Act”). The Act came into force on 4 January 2022, but also applies retrospectively allowing the UK Government to scrutinise qualifying acquisitions entered into or completed on or after 12 November 2020.

Here is what we have learnt in the first year of the Act’s operation and a look to the future…

The (wide) scope of the Act

The Act introduced a new broad standalone national security regime. It replaces the national security aspects of the Enterprise Act 2002 and enables the UK Government (acting via the Secretary of State “SoS” and its new Investment Security Unit “ISU”) to “call-in” for review and potentially remedy, or in the most severe cases block or unwind arrangements, in order to protect UK national security.

Arrangements which are in-scope of the Act include full or partial acquisitions of control by UK or foreign acquirers in entities or certain broadly defined assets with connections to the UK, referred to as “qualifying entities” and “qualifying assets” respectively. Although most commonly triggered through M&A (including intra-group reorganisations which are not carved out) the Act can capture a wide range of trigger events where rights of control or use are acquired. This includes insolvency or commercial arrangements, employee incentives and pensions as well as property arrangements and even assets/entities acquired in a personal capacity (for example, via inheritance or divorce).

Indeed, the first arrangement outright blocked by the SoS was not an M&A deal but the grant of a licence of intellectual property (“IP”) developed for use in animation, to a Chinese acquirer. This is thought to be a result of the IP having the potential to be applied to defence (targeted missile launch).

The regimes

The Act introduces mandatory and voluntary notification regimes as well as an SoS “call-in” power which allows it to scrutinise arrangements of any size or value where of potential “national security” interest; a concept purposely undefined to allow the SoS maximum flexibility. The mandatory regime compels acquirers to notify the ISU to obtain clearance before the completion of qualifying entity acquisitions which meet certain criteria. There are severe civil and criminal penalties for failure to do so as well as an imperative for parties to ensure the arrangement is not void, although such transactions may be retrospectively validated.

The voluntary notification regime allows parties to qualifying entity acquisitions which do not fall in scope of the mandatory regime or qualifying asset arrangements (which are automatically out of scope of the mandatory regime) to obtain comfort that their arrangement will not later be called-in. There are no penalties for failing to voluntarily notify but there is a risk that the arrangement could be later unwound or remedies imposed post-completion. In contrast to mandatory notifications, voluntary notifications can be submitted by targets, sellers or acquirers.

The risk of an arrangement being “called-in” and the benefit of making a voluntary notification, can be assessed through considering the level of control being acquired in the target (“control risk”); the characteristics of the acquirer up to ultimate owners (“acquirer risk”) and the possible uses of the target or subsidiaries and target proximity to sensitive sites (“target risk”). Although a significant number of arrangements blocked or remedied by the SoS have involved acquirers with strong links to China, we have also seen examples of remedies being imposed on UK acquirers due to the severity of the target national security risk and the control being gained e.g. Epris/Sepura where remedies were imposed on UK and Jersey based acquirers due to the target providing communications solutions used by UK Emergency Services. 

The SoS can assess acquisitions within 6 months of becoming aware of the arrangement, provided this occurs within 5 years of completion (the 5-year limit falls away if a mandatory notification should have been made but was not).

The specified sectors (sensitive sectors of the economy)

Central to the regime are 17 specified sectors of the economy (see guidance here) which have been identified as being of particular interest to UK national security. These can be broadly categorised as being related to Advanced Technologies, Critical National Infrastructure and Suppliers to Public Sector Bodies and qualifying entities can be brought in scope by virtue of their activities or their customers including through subcontracted arrangements (as with Defence and Data Infrastructure).

These sectors, which may be expanded over time, attach to the mandatory regime but are also relevant to assess the risk of call-in for the voluntary regime – targets with “closely linked” activities to these sectors are more likely to be of national security interest than those in the wider economy.

Most notifications made in the first few months of operation of the Act related to Defence, Military and Dual Use and Critical Suppliers to Government sectors which are widely defined and may present more obvious national security risks. Transactions which have been publicised for call-in and/or final order offer even greater insight into current geopolitical national security concerns, with control over UK energy supply featuring predominantly as well as control of semiconductors in the context of the global shortage and a targeted focus on acquirers with links to China. 

Control triggers

A qualifying entity falling within one or more of the specified sectors will bring acquisitions of shares or voting rights which reach or exceed certain thresholds (including via indirectly held rights and certain arrangements where rights may be deemed aggregated with another party) within the mandatory notification regime. The triggers for qualifying entities apply where shares or voting rights/equivalent increase directly or indirectly from (a) ≤25% to over 25%, (b) ≤50% to over 50%, (c) <75% to 75% or more; or (d) voting rights are acquired which allow (with other rights held) resolutions to be blocked or passed.

The voluntary regime applies where material influence is gained i.e. where the mandatory triggers above are not met but there are factors indicating that the acquirer has significant influence. Transactions involving material influence will have a lower level of “control risk” and will therefore be more likely to be of concern to the SoS where “target risk” and “acquirer risk” is particularly high. We saw this with Tawazun/Reaction Engines where material influence in a propeller and space technology company was proposed to be gained by a UAE acquirer. The SoS considered there to be a risk of dual use capabilities being covertly accessed by hostile parties and remedies were imposed.

For qualifying assets, the Act is triggered by the gaining of rights of use, direction or control which captures most commercial arrangements such as sale, assignment, novation, leasing or licensing.

The notification process

Acquirers faced with severe penalties will be motivated to assess a qualifying entity acquisition and determine if a mandatory notification is required or if a notification should be made voluntarily. However, target entities should also ensure they agree with any acquirer-led analysis to avoid their arrangements being legally void or at risk of call-in. There are also penalties for providing false or misleading information (including recklessly) directly or via another party. All parties to an arrangement should therefore take independent legal advice.

Assessments should be made early on so as not to delay the arrangement from proceeding (noting that mandatorily notifiable deals cannot complete, and voluntarily notified deals would do well to delay completion, until clearance is received). For certain arrangements, parallel consideration should be given to merger control and the related statutory timetable. This is particularly so given the close working relationship between the ISU and the Competition and Markets Authority and the requirement to confirm within notifications if any other UK regulators have been made aware of the arrangement.

If it is determined that a notification will be made, information will need to be collected by both target and acquiring parties – this can take a few weeks for the parties to collate. In corporate deals it is also common for completion to be conditional on clearance by the SoS (split exchange and completion).


Provided the right type of notification has been submitted and it contains all relevant information, it will usually take 2-5 working days to be accepted by the ISU. Once accepted, the 30-working day review period (excluding weekends and UK bank holidays) will commence. Most transactions will be cleared at the end of this stage and only if the transaction is called-in for a full national security assessment, will there be a further 30 working day screening period (extendable by an additional 45 working days in certain circumstances). There may be further delays following call-in if the SoS requests information and/or attendance at meetings. Note: the full 30 working day review period is typically used so parties should account for this in their transaction timetables.

Following acceptance of the notification it is usual for there to be no engagement with the ISU until the arrangement is cleared to proceed. While this has attracted some criticism, we understand there are no plans to change this. During this period the ISU will be using its “hub and spoke” model; assessing risk with UK Government departments and individuals with expertise in the relevant sectors.


For the minority of transactions that are not cleared during the review period and which following call-in are determined to present national security risk, remedies may be imposed. There will be greater opportunity for engagement during screening for parties to propose proportionate remedies, however parties should note this is not a negotiation and the SoS has full discretion regarding remedies.

One example of the SoS exercising its discretion to reject a remedy package proposed by the parties relates to the completed acquisition of a further 86% of Newport Wafer Fab (the UK’s largest chip manufacturer) by Nexperia (a company ultimately owned by a Hong Kong acquirer linked to the Chinese government). This acquisition was retrospectively called-in and an order to divest the 86% stake acquired was imposed. Interestingly and with a broad interpretation of target proximity to sensitive sites, the SoS considered the site's location in the semiconductor cluster in Newport could "facilitate access to technological expertise and know-how" and had concerns regarding the reintroduction of compound semiconductor activities. Nexperia criticised interaction with the ISU in this case and also the rejection of its comprehensive remedy package and has stated it will appeal the decision (although any judicial review will likely be closed proceedings).

Remedies imposed must be proportionate to the national security risk and may range in severity from complete blocking and unwinding of the transaction to individual or packages of restrictions. Sichuan/ Ligeance Aerospace provides an example of a neat package of remedies which we are likely to see again. In this case the SoS considered that the proposed acquisition by a Chinese controlled acquirer of a UK aerospace company required conditions which (i) restricted information sharing; (ii) specified security measures; (iii) removed certain board representatives; (iv) required board appointment of a Government observer; and (v) required notification of the transfer of certain assets.

Looking ahead

In the second half of 2022 we have seen final orders ramp up and we expect this to continue, although the number of notifications made will likely be affected by any reduction in M&A as a result of the economic downturn.

To date we have seen the SoS intervening to ensure defence capabilities of foreign entities are not advanced but also more widely to protect UK supplies and assets. In Iceman/CPI a remedy was imposed on a US acquirer to keep the R&D and manufacturing of atomic clocks (quantum technology) within the UK. Atomic clocks are very precise, do not rely on satellites and so offer both military and civilian benefits. Similarly, in Viasat/Inmarsat the SoS expressly issued a remedy to ensure continued supply of strategic capabilities (relating to global mobile satellite communications) to the UK Government.

We expect this trend to continue, expanding the traditional concept of “national security” along with the focus on energy and semiconductor targets as well as acquirers with links to hostile foreign countries. These themes are echoed in the most recent final orders, Upp/LetterOne which requires the retroactive sale of a broadband network provider following concerns that the acquirer’s parent was co-founded by Russian oligarchs and HighLight/SiLight which blocks a further semiconductor related acquisition by Chinese acquirers.

Although the aims of the Act are without doubt beneficial to UK national security, its application will have consequences for a broad spectrum of business transactions.

In the next year, the Government will continue to issue guidance and a further annual report which should be a useful look at a full year in operation of the Act. Overall, we expect there to be less turbulence in the UK Government cabinet office going forward. We certainly look forward to seeing what 2023 brings.

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at December 2022. Specific advice should be sought for specific cases. For more information see our terms and conditions.

Written by

Charlotte Mapston

Charlotte Mapston

Date published

03 January 2023



View all