The NSI Act – 10 Key Considerations

The voluntary notification regime allows for voluntary notification to the Government where the 17 sensitive sectors do not apply. 

Guidance has been published by the Government as to the circumstances where voluntary notification may apply. The Government has also set up an email address for enquiries. 

The Government has a power of call-in over any transactions of which it becomes aware, to assess whether there is a national security risk. This can be done at any time where there a mandatory notification ought to have been made. However where the transaction only falls within the voluntary notification regime (e.g. as a result of not being within the 17 identified sensitive sectors), the Government can only issue a call-in notice for up to six months after having become aware of it. Otherwise, the Government can issue a call-in notice for up to five years after the transaction. As a result, issuing a voluntary notification can ensure a shorter timeframe of uncertainty.

This means that if there is any concern that transactions which completed on or after 12 November 2020 (or for which conditional completion was agreed after that date) may fall within the scope of the Act, these should be reviewed and post-transaction notification considered.

While the Act only applies to transactions where there is a connection to the UK, the Act interprets this broadly, and this does not mean that entities outside the UK are not relevant; an entity which supplies goods or services to the UK may also be considered a qualifying entity. There are no restrictions as to level of supply or trade to the UK for an entity to fall within the scope.

It should be borne in mind that the relevant trigger events under the Act do not only relate to an acquisition of control from a position of no control (e.g. from having less than 50% of voting rights to having over 50% of voting rights). Even in circumstances where an acquirer already has control through virtue of shares, and then it acquires further shares (even if ultimately this does not change its commercial control), this will still be a trigger event should the thresholds be met. Additionally, if the percentage of shares does not change, but a transaction results in the ability to pass resolutions governing the affairs of the entity, this may still be a trigger event.

The legislation governing this list is secondary legislation, which may be updated going forward as other risks are identified by the Government. It is therefore vital to remain updated on the list of relevant sectors. 

As at the date of this note, the high risk sectors which will trigger a mandatory notification (if the assets and control tests are passed) are as follows: 

• Advanced materials; 
• Advanced robotics; 
• Artificial intelligence; 
• Civil nuclear; 
• Communications; 
• Computing hardware; 
• Critical suppliers to the government; 
• Cryptographic authentication; 
• Data infrastructure; 
• Defence; 
• Energy; 
• Military and dual use; 
• Quantum technologies; 
• Satellite and space technology; 
• Suppliers to emergency services; 
• Synthetic biology; 
• Transport.  

Note that even if an entity does not operate within one of these sectors, the Secretary of State may still investigate if the entity operates in a sector which is closely linked to one of the above sectors. 

Many above sectors may appear obvious and a company may instinctively know whether the sector is relevant. However where there is uncertainty, the Notifiable Acquisitions Regulations contain more explicit guidance. 

Notification must be given at the point of contemplation – prior to a trigger event occurring – and certainly not after. The guidance as to when this stage is reached is unclear, but it is suggested that entering into an agreement or arrangement that may allow for a party to cause a trigger event, whether contingently or not, would fulfil this. A non-binding heads of term document would not necessarily reach this stage, but the relevant party may consider this to be the most appropriate stage to make the notification, before progressing the transaction any further. A voluntary notice may also be given after a trigger event has occurred but the justification for doing this would have to be assessed in the particular context given the potential ramifications.

Notifications are made digitally via the Investment Security Unit (ISU). In the case of a mandatory notification, the entity making the notification should be the acquirer (or party obtaining control). In the case of a voluntary notification, this can be the acquirer, seller, or any other qualifying entity concerned.

Following its assessment, the Secretary of State may impose any final order it sees fit. This is expected to be on the acquirer but may be on any relevant party. In most cases it appears that the Secretary of State will attempt to impose a final order, if the risks justify this, simply as may be required to negate the national security risk. However, it reserves the right to block or unwind a transaction. 

With respect to mandatory notifications, these must be cleared by the Secretary of State prior to the trigger event or the transaction will be legally void, though the Secretary of State has the power to retrospectively validate a transaction which ought to have been notified. 

Due diligence exercises and questionnaires should be updated, where relevant, to determine whether there has been any historic failure to comply with the Act.