National Security and Investments Act: An unexpected trap for businesses
The National Security and Investments Act (NSIA), which came into force on 4th January 2022, introduced a stringent and wide-reaching UK national security regime requiring Government clearance for certain corporate events before completion.
Corporate events that are caught by this regime are void if not notified and cleared beforehand and also not obtaining clearance in advance exposes the acquirer, its group and their directors to civil fines and criminal offences. This also poses risks for professional advisors involved, who could face charges of aiding and abetting a criminal offence and issues related to proceeds of crime. However, to date no criminal or civil enforcement action has been taken. It also possible to retrospectively clear corporate events to undo them being void, but the civil and criminal risks do not go away even if it is cleared retrospectively.
Misconceptions and Realities
When the NSIA was introduced, it was anticipated that about a third of all corporate transactions would be affected, with an estimated expected 1,500 notifications for clearance per year. In reality the proportion caught appears to be higher due to the breadth of the NSIA regime and seems to be around 40%. However, in the annual NSIA report for 2023/24, only 906 notifications were made, with less than 5% called in for detailed review due to potential UK national security concerns. So the vast majority, i.e. just over 95%, did not raise any UK national security concerns and whilst the number of NSIA notifications seeking clearance has slowly risen, the total number is still less than two thirds of the expected level of notifications.
This discrepancy suggests that many corporate events which are caught by NSIA are not being notified and cleared as required, leaving them void and exposing the parties to legal risks, probably without them even being aware of this position. It can also cause particular issues on a sale of a target group where previous events relating to the group are void and this emerges in due diligence. Most corporate events caught by NSIA have no actual impact on or link with UK national security, making it misleading to assess the relevance of NSIA based solely on national ecurity concerns. UK national security is only relevant to whether the corporate event will be cleared, not to whether it will be caught by NSIA in the first place.
The preparation of a notification and then waiting for clearance typically takes around 2 months if the event raises no UK national security concerns. If it does raise any concerns and is called in for detailed review then additional time periods apply. Depending on when NSIA is identified as an issue and the type of corporate event, these timescales may or may not have an adverse impact on the contemplated corporate event.
Scope and Implications
The NSIA's scope extends well beyond normal corporate sale and purchase or investment transactions. Two elements are required for it to apply, a “change of control” and activity falling within any one or more of 17 NSIA Sectors.
A “change of control” means any event resulting in a change in voting rights or share ownership, moving up through thresholds of 25% or 50% or reaching 75% or more of voting or share ownership, or an event changing the identity of a person able to pass or block any class of resolutions. This applies whether those changes are direct or indirect and even applies even if ultimate control has not changed but there is a change in intermediate ownership or voting rights. This is far wider than the normally understood meaning of change of control. So any event which moves the dial on share ownership or voting rights can end up being a change of control including share buyback, share allotments, disenfranchisement, exercise of share options and exercising swamping rights. This broad definition can complicate private equity transactions, where changes in voting rights or share ownership percentages then necessitates NSIA clearance before they can take effect.
The second element to be caught by NSIA is that the corporate group involved below the “change of control” event must be carrying out activities in the UK in one or more of 17 NSIA sectors. These 17 NSIA Sectors catch obvious activities, such as being a defence contractor or sub-contractor, though the latter applies even if the corporate group is not aware it is a defence sub-contractor. However the activities covered are also far broader than might be expected, affecting various businesses, especially those in technology. For instance, companies contracting with or acting as a sub-contractor for government departments or involved in ownership or exploitation of software written in low level code or artificial intelligence or companies on Crown Commercial Service framework contracts are subject to NSIA. Also the scope of advanced materials falling within NSIA is wider than expected and for example includes components, parts or products containing rare earth magnets or any components or parts which are certified. Live streaming or transmission of data via public communications networks also tends to end up being caught by the NSIA data infrastructure sector regardless of customer identity. This all means seemingly minor and non-security related activities can trigger the need for NSIA clearance if there is a NSIA “change of control”.
Global Reach and No Thresholds
Unlike many equivalent regimes in other parts of the world, the NSIA applies regardless of the acquirer's identity or ownership or the location of the target group. So it can affect corporate events occurring entirely outside the UK if both the acquirer and the target group are outside the UK but the target group carries out NSIA activities in relation to the UK (which generally involves supplying services or products into the UK either directly or indirectly). This means NSIA has global reach and foreign target group companies can be caught. Also in most cases there are no size or value thresholds to avoid being caught so even low value or non-mainstream activities can result in the need for NSIA clearance.
Key Takeaways
For any corporate event, it is crucial to assess whether there is a “change of control” under NSIA's broad definition. If there is then the next step is to assess whether any the corporate group below that change of control is involved in any of the 17 NSIA sectors and this will involve assessing the answers to a series of detailed questions and there are no shortcuts to this process. If both conditions are met, NSIA clearance is necessary.
While retrospective clearance is possible which can undo the event being void as long as it is cleared by Government, it does not eliminate the associated criminal and civil risks for failing to seek clearance prior to the event. The current lenient approach with first-time inadvertent offenders may change over time.
In conclusion, considering NSIA early in any corporate event or transaction is essential to avoid adverse effects on timescales and legal risks. Ignoring or overlooking or failing to spot the need for NSIA clearance can lead to significant complications and sanctions.
For further information about this article, contact Andrew Evans at Irwin Mitchell.