Skip to main content

Boyes Turner Logo

Chantelle Adadevoh

ChrisDobson03 List Image

Chris Dobson


The National Security and Investment Act (the Act) came into force on 4 January 2022. This new regime establishes a new arm within the Department for Business, Energy and Industrial Strategy (BEIS); the new Investment Security Unit has the power to scrutinise acquisitions made by businesses and investors that could reasonably pose a threat to UK national security.

cyber security technology culture

The following is a brief summary of the headline points emanating from the Act.

Is my transaction in scope?

Both share and asset acquisitions may be caught by the Act. In very broad terms, your transaction could potentially be in scope and deemed to be a “trigger event” if all of the following apply:

  • You acquire a right or interest in a “qualifying entity” or “qualifying asset” (these terms are explained in more detail below);
  • The relevant qualifying entity or asset is in or has a connection to the UK;
  • You completed or are due to complete the acquisition after 12 November 2020;
  • You acquire a certain level of control over the relevant qualifying entity or asset in-line with certain criteria or thresholds as set out by the Act. This could be enhanced voting rights, a new level of material influence over strategic direction at the entity or in respect of the asset or, in respect of a share acquisition if your voting rights in the relevant company increases:
  • from 25% or less to more than 25%;
  • from 50% or less to more than 50%; or
  • from less than 75% to 75% or more.

Any transactions ticking the above boxes can now be scrutinised by the government if there is a reasonable suspicion that it has, or could give rise to a national risk. Furthermore, any trigger event involving an entity falling into one of 17 categorised areas of high risk for the economy will also need to be specifically notified to the government as discussed in more detail below.

What are deemed to be qualifying entities and qualifying assets?

Qualifying entities exclude individuals but otherwise cover all other types of legal entities including companies, LLPs, partnerships, unincorporated associations and trusts.

Qualifying assets include land, tangible moveable property and ideas, information or techniques which have industrial, commercial or other economic value. A party will acquire “control” of a qualifying asset where they use that asset in any way, or direct/control how the asset is used.

A connection to the UK?

This is a potentially complex point to be navigated by parties but current general guidance from the government states that any entity formed outside of the UK, could still be deemed a qualifying entity if it’s connected to the UK by way of either “carrying on activities” here or supplying goods or services to people in the UK.  The same broad principles apply in respect of a foreign based asset and it is recommend that the government’s more detailed guidance on this element of the Act be consulted on a case-by-case basis. Read here.

Do I need to make a notification?

The Act identifies 17 specified areas of the economy. If a party gains control of a qualifying entity within one of these areas, they are required to make an on-line mandatory notification prior to completion. These specified areas include artificial intelligence, communications, defence, transport and suppliers to emergency services, amongst others. The full list of specified areas can be found here.

When making a notification, you’ll be required to set out certain details of the transaction including the structure and share ownership of the target entity and the identity of the acquirer. However, even if you’re not required to make a mandatory notification, the Secretary of State will also have the power to investigate transactions involving the acquisition of control or influence over an entity or asset at any time up to five years post-completion. Therefore, parties may choose to make a pre-emptive voluntary notification to have the transaction reviewed even though it is not in-scope to avoid such a risk later down the line. Retrospective notifications can also be made.

The Act intentionally omits the circumstances in which national security might be considered a risk, allowing the Investment Security Unit to consider each qualifying acquisition on a case-by-case basis. The guidance does however set out the below risk factors which will be taken into consideration when determining whether to exercise the call-in power:

“Target risk”

Is the target being used, or could it be used, in a way that raises a risk to national security? In assessing this, the government will consider what the target does, including any national security risks arising from the target’s proximity to sensitive sites.

“Control risk”

How much control has been, or will be, acquired through the qualifying acquisition? A higher level of control could increase the possibility of the target being used to harm national security.

“Acquirer risk”

Does the acquirer have characteristics that suggest that there is, or may be a risk to national security from the acquirer having control of the target? Such characteristics include the sector, whether the acquirer or its controller is linked to criminal or illicit activities related to national security.

What happens once a notification has been made?

Once the government notifies you that it has received the notification, it will have 30 working days to either clear the transaction, call it in for a full national security assessment, request further information or request a meeting with you and any other people involved in the transaction.

By the 30th working day of any assessment period, the government will confirm whether:

  • Your transaction is cleared and can proceed;
  • Your transaction is cleared subject to certain conditions;
  • Your transaction is blocked or unwound; or
  • The assessment period needs to be extended for another 45 working days.

The BEIS advise that in 80-90% of cases a decision will be reached within 30 working days, however in instances where the threat to national security is considered significantly higher, this period could be as long as five months.

Consequences of any breach of the Act

Any individuals or businesses found to be in non-compliance with the Act could face a number of responses from the government. These could be in the form of advice, guidance and warnings but could escalate to injunctions, penalties and even criminal proceedings.


The government expects the vast majority to transactions falling under the scope of the Act to be cleared, however any individuals engaged in transactions which could be relevant would certainly be well advised to take professional advice early on in any process given the potential consequences of breaching the Act and also the timing implications for any required notification to be made and considered.

Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems we recommend that professional advice be sought.


Get in touch

If you have any questions relating to this article or require any corporate legal advice you would like to discuss, please contact Chris Dobson on [email protected]

shutterstock 531975229 (1)

Stay ahead with the latest from Boyes Turner

Sign up to receive the latest news on areas of interest to you. We can tailor the information we send to you.

Sign up to our newsletter
shutterstock 531975229 (1)