UK Government Publishes Updated Guidance on the Application of the National Security and Investment Act

May 23, 2024

On 21 May 2024, the UK Government published updated guidance on the application of the National Security and Investment Act (NSIA).  This includes:

The new guidance does not affect the scope of the 17 sectors in relation to which transactions are subject to mandatory notification.  A consultation on changes to these sectors is expected in the coming months.

We also summarise below several recent NSIA decisions.

Policy Statement

The UK Government updated the policy statement in which it is required, under section 3 of the NSIA, to set out the factors that the Secretary of State expects to use when deciding whether to exercise their power to “call in” transactions for full national security review.  This applies to the decision at the end of an initial screening period, after a mandatory or voluntary notification, to open a full review.  It also applies to the decision whether to call in a transaction that has not been notified. 

The revised statement expands on the relevant factors, which are consistent with the emerging practice we have seen in the cases, in which the Government has imposed remedies to address potential national security concerns.  These factors include:

  • The risk that an acquisition, or cumulative acquisitions, may harm critical national infrastructure or present risks to governmental and defence assets. This includes risks to related supply chains and ensuring that the acquisition does not create a dependency that could lead to a national security risk.
  • The risk that the acquisition may harm the UK’s military, intelligence, security or technological capabilities.
    The risk that the acquisition enables “actors with hostile intentions” to build defence, intelligence, security or technological capabilities which may present a national security threat to the UK, including through the acquisition of goods, technology, sensitive information (including data), intellectual property, know-how or expertise.
  • How the transaction might affect published sector strategies and state policies on national security in sensitive sectors.  

The updated statement also elaborates further on the three types of risk:

  • Target risk” is based on the activities of the target and how it might be used to harm the UK.  The new guidance expands, in particular, on the circumstances in which an asset transaction might be called in.  The Government will consider, for example, “whether the asset acquisition would allow the transfer of technology, intellectual property or expertise to an acquirer, or parties linked to an acquirer, which could undermine or threaten national security now or in the future.”  The new guidance also states that “in some cases, the target is so sensitive it will need to be investigated regardless of the acquirer risk.”
  • Acquirer risk” concerns the identity of the acquirer.  The new guidance states that the Government will consider (i) the  acquirer’s past conduct and intent behind the acquisition; (ii) the sector in which the acquirer operates and its existing capabilities (e.g., technological and security capabilities); (iii) cumulative deals across a single or linked sectors; and (iv) any “ties or allegiance to a state or organisation which may seek to undermine or threaten the national security of the UK.” 
  • Control risk,” on the basis that a higher level of control is likely to increase the ability to take action harming UK national security.  The new guidance states that the Government may “consider whether there is a control risk from cumulative investments across a sector or supply chain.”  It also recognises, though, that  “a history of passive or long-term investments, or voting rights being held by passive investors compared to direct owners, may indicate less risk.”   

Outward Investment

A new section of guidance on transactions relating to non-UK entities or assets notes that the NSIA may apply to “outward direct investment” by UK investors.  

The regime may be applied to the acquisition of an entity or asset outside the UK if:

  • The entity carries on activities in the UK or supplies goods or services to the UK; or
  • The asset is used in connection with carrying on activities in the UK or the supply of goods or services to the UK.

This guidance does not represent a new development, but merely points out that the NSIA can apply to acquisitions of a non-UK entity or asset – whether the investor is based in the UK or elsewhere.

Separately, however, the Government has indicated that it is considering more substantive changes to the rules on outward investment, following in the footsteps of the US and EU. 

Higher Education and Research-Intensive Sectors

The UK Government expanded its guidance for Higher Education and other research institutions:

  • Qualifying assets include IP and patents.  The UK Government may consider acquisitions of IP in all its forms.  This includes review of collaborations that are yet to produce any IP but are expected to develop such assets in the future.  Similarly, the Government could review the licensing of IP or related rights, whether commercial or non-commercial, even if restricted to research and development. 
  • Funding from the UK Government does not guarantee an exemption.  Collaborations and activities backed by UK public entities may nevertheless be called in for review.
  • Donations fall outside the NSIA.  Donations do not confer control and hence are not within the scope of the NSIA.  Research institutions should rely on internal procedures to scrutinise donations.
  • The Research Collaboration Advice Team (RCAT) can provide advice.  Institutions are encouraged to contact the RCAT for advice if uncertain whether a voluntary notification would be appropriate.  Guidance can also be found in Secure Innovation and Trusted Research Guidance from the Centre for the Protection of National Infrastructure and the National Cyber Security Centre.  These materials focus on start-ups, spin-outs, and scale-ups, and collaboration on research and innovation.

General Guidance

The general guidance on the NSIA was amended to provide further insight into the duration of the NSIA process, though each of these steps is set out in the underlying legislation.

The review process comprises up to three periods:

  • The period during which the Investment Security Unit (ISU) reviews a notification to decide whether it should be accepted or rejected.  This takes around five working days if the acquisition does not involve any complex issues.
  • The review period, an initial screening of 30 working days, that starts on the day the notification is accepted.  Information requests and attendance notices do not stop the clock.
  • The assessment period, which starts when the acquirer is informed that the transaction was called in and ends when the acquirer receives the UK Government’s final notification or order.  The assessment period has an initial phase of 30 working days, which can be extended by an additional 45 working days (or further with the consent of the acquirer).  Information and attendance notices stop the clock.  In practice, the 45 working day extension indicates that remedies are under consideration.

Notification Forms

The Government has added to its practical tips for completing a notification form. Notifying parties should ensure that they:

  • Include all relevant information including all the activities, services and/or goods provided by the target, structure charts, and, if appropriate, how its activities fall under the regime;
  • Identify every economic area under the NSIA that applies to the acquisition; and
  • Do not include any sensitive information that may be classified as SECRET or TOP SECRET.  Classified information can be submitted by liaising separately with the parties’ usual contact in the Government or with the ISU.

Recent NSIA Final Orders

Intelligent Safety Electronics Pte Ltd / FireAngel Safety Technology Group Plc

On 16 May 2024, the Government conditionally approved the acquisition of FireAngel, a UK distributor of domestic safety products, including internet-enabled smoke alarms, by Siterwell Electronics Co Ltd, a manufacturer of domestic safety products based in China.  The Government considered that a risk to national security may arise due to “the potential for access to data” and “changes in control over the supply chain of networked products.”

The final order imposed by the Government requires the parties to:

  1. Meet certain requirements relating to corporate governance, including UK Security Vetting clearance for certain members of the Executive Committee and Board of Directors;”
  2. Appoint a Chief Information Security Officer with UK Security Vetting clearance who will have oversight of requirements relating to infrastructure, data handling, access to IT systems and software and firmware updates;”
  3. Implement visitor protocols for visitors and seconded employees to FireAngel Group sites;” and
  4. Meet certain requirements relating to the design of networked products, including the continued screening of samples by an accredited testing authority.”

Hutchison 3G UK Holdings Limited / Vodafone Limited

On 9 May 2024, the UK Government gave conditional approval to Vodafone’s and CK Hutchison’s planned merger of their UK telecommunications businesses, Vodafone UK and Three UK.  The Government considered that national security concerns might arise regarding “Vodafone’s role as a strategic supplier of services to many parts of HM Government” and “the security of UK networks and data, including cyber, personnel and physical security, resulting from the process of merging two large, complex organisations and their respective staffing, policies, processes and networks.

To remedy these concerns, the Government imposed a package of governance and reporting obligations, broadly similar to the remedies in its clearance of Vodafone and e&’s strategic relationship agreement in January 2024. In particular, the parties are required to:

  1. Establish a National Security Committee within MergeCo to oversee sensitive work that Vodafone and MergeCo undertake which has an impact on or is in respect of the national security of the UK,”providing updates to the Government;
  2. Establish a technical group within the National Security Committee which will monitor a specified list of topics relating to cyber, physical and personnel security,” with updates to Government;
  3. Ensure that MergeCo’s network migration planning is subject to review by an external, Government-approved auditor;” and
  4. Put in place specified arrangements for the governance of MergeCo.”

Vishay/Newport Wafer

On 1 March 2024, the UK Government allowed semiconductor manufacturer Vishay Intertechnology Inc and its subsidiary, Siliconix Inc, to acquire Newport Wafer, the UK’s largest semiconductor manufacturing facility.

The target is being acquired from Nexperia BV, a Netherlands-based subsidiary of Chinese company Wingtech Technologies.  In November 2022, the UK Government ordered Nexperia BV to unwind its acquisition of an additional 86% stake in the business due to national security concerns.

As a condition of the acquisition, Siliconix, Vishay or their subsidiaries must inform the UK Government before “completing any agreement to sell, transfer, grant a lease or licence to any third party which allows that third party to use any part of the Newport site.”  This condition is designed to mitigate the national security risk which might arise if third parties gain access to “sensitive intellectual property, expertise and/or other sensitive  information relating to compound semiconductor design, research and development or manufacturing at the Newport site, including their dual use applications.”

TransDigm/CPI

The acquisition of Communications & Power Industries’ electron device business by US aerospace manufacturer TransDigm Inc. for around $1.4 billion was announced in November 2023.  The target business included CPI TMD Technologies Limited, a UK manufacturer of compact atomic clocks with applications in precision navigation, particularly for the aerospace and defense sector.  CPI TMD has undertaken a number of UK-funded development projects.

On 28 February 2024, the transaction was approved under the NSIA, subject to the condition that TransDigm “keep CPI TMD’s research, development and manufacturing capabilities in relation to atomic clocks in the United Kingdom,” to address a national security risk relating to “the continued effective operation of critical national infrastructure.”  This replicates the condition imposed in September 2022 in relation to a previous transaction involving CPI TMD.