Navigating a New Era: Practical UK Advice


The National Security and Investment Act 2021 (NSI Act) comes into force on 4 January 2022. It gives the UK government increased powers to review and intervene in acquisitions and investments on the basis of national security, via a new Investment Security Unit (ISU) housed within the Department for Business, Energy and Industrial Strategy (BEIS).[2]

The intention of the NSI Act is to set out a clear and predictable process for the screening of transactions on national security grounds.[3] These new powers are coming into force against a backdrop of increasing concerns about national control, and without any formal definition of the term ‘national security’. Together, these factors will increase uncertainty for businesses and investors, at least in the short term. This in turn increases process, outcome, reputational and financial risks for transactions with a UK nexus.

Anticipating the likely concerns and engaging constructively with the government will be crucial to navigating the new regime effectively and minimising the potential risks for the parties involved.

Uncertainty under the new regime

Increasing concerns about national control

The UK government is increasingly concerned about national control over key areas of the economy. This applies to both traditional sectors (such as defence and infrastructure) and newer ones (such as artificial intelligence and quantum technology). These concerns are driving increased scrutiny of foreign control or influence over businesses or assets with a UK nexus.

The UK government is keen to demonstrate that ‘Britain is the most attractive location in the world for inward investment’, especially post-Brexit.[4] At the same time, it has increasingly sought to emphasise that investment should ‘always [be] in the national interest’.[5] This is in line with the Prime Minister’s vision that the United Kingdom will ‘continue to ensure the openness of our economy’ while ‘protecting ourselves from . . . manipulation, exploitation or the theft of our intellectual property’.[6]

Recent high-profile examples of concerns about national control have focused on foreign ownership of UK companies or assets. For example, in November 2020, Iain Duncan-Smith (a Member of Parliament and former leader of the governing Conservative party) called for a full review of Chinese ownership in the United Kingdom. Other Members of Parliament have raised concerns about Chinese involvement in the UK’s programme of new nuclear reactors,[7] with the government seeking to force out Chinese participation in the Sizewell C nuclear power station development project.[8] In July 2021, the House of Commons Foreign Affairs Committee called on the UK government to intervene in the sale of UK chip manufacturer Newport Wafer Fab to a Chinese-owned company, stating that ‘our sovereignty should not be for sale’.[9]

These issues are not limited to Chinese acquirers. Concerns are currently being examined in relation to the acquisition of the UK chip manufacturer Arm by the US firm Nvidia Corporation. When Advent (a US private equity group) acquired the UK aerospace and defence group Cobham in 2019, it was required to provide a number of undertakings to address national security concerns. National security concerns have been raised again in Advent/Cobham’s ongoing takeover of Ultra Electronics, a key supplier to the UK government of critical technology (including submarine hunting and sonar equipment for the Royal Navy, control systems for the UK’s fleet of nuclear missile submarines, components for fighter jets, and civilian aircraft systems).

The increasing level of concern is also reflected in the number of instances in which the government has intervened in recent years. The government has formally intervened in only 15 cases on national security grounds since the introduction of the existing regime (set out in the Enterprise Act 2002). Nine of these took place in the past four years (since 2017), of which three were in 2021 (including Nvidia/Arm, the first transaction to be referred for an in-depth review on national security grounds[10]). This trend towards intervention appears set to continue, with the government expecting 70 to 95 cases per year to undergo a full national security assessment, of which around 10 cases are expected to require remedies of some form.[11]

Breadth of the concept of ‘national security’

The NSI Act does not define the term ‘national security’, despite introducing significant new powers for the government to intervene in transactions on this basis. This is deliberately intended to ensure that unforeseen concerns can be addressed, reflecting ‘long-standing government policy to ensure that national security powers are sufficiently flexible to protect the nation’.[12] A wide range of concerns are capable of falling under the umbrella of ‘national security’, meaning that the basis on which the government can intervene is extremely broad and may increase over time as novel issues come to the fore.

In lieu of defining ‘national security’, the Secretary of State for BEIS must publish a Statement of Policy Intent setting out how and when it is expected that national security concerns are likely to arise. The current Statement of Policy Intent (issued on 2 November 2021) sets out the three risk factors the Secretary of State ‘primarily’ expects to consider when determining whether to ‘call in’[13] a transaction for a full national security assessment: target risk, acquirer risk and control risk.[14]

The current guidance makes clear that, although this is intended to give as much detail as possible on how the Secretary of State ‘expects to use the call-in power’,[15] ‘each qualifying acquisition will be assessed case by case, taking account of all relevant considerations and with regard to’ these risk factors.[16] This suggests that the three factors are not exhaustive, and do not necessarily constrain the discretion with which the Secretary of State could exercise the call-in power. The risk factors are also very broadly drawn, for example, including considerations of ‘what the target does, is used for, or could be used for’ or whether the transaction may ‘reduce the diversity of a market, or influence the market’s behaviour in a way that may give rise to a risk to national security’.[17]

This breadth is enhanced by the fact that these are not cumulative requirements; the call-in power may be exercised on the basis of one or more of these factors. Further, the Statement of Policy Intent must be reviewed at least every five years and can be amended more frequently, creating even greater room for uncertainty. As a result, and despite some guidance being provided by the Statement of Policy Intent, the door is left open for a broad set of concerns to be identified as a question of ‘national security’.

Risks for businesses and investors

As set out above, the new powers under the NSI Act are being implemented against a backdrop of increasing concerns about national control, while also lacking legislative delineation of what may constitute a ‘national security’ concern. Combined, this leads to significant uncertainty in terms of when a transaction is likely to attract government interest, the types of concern that may arise, and how these are best addressed, creating risks for businesses and investors in a number of respects.

First, this increases risk around the regulatory process, in terms of potential delays to deal completion and integration of the businesses.

Second, it increases risk around the substantive outcome of any national security review, as concerns could lead to deals being prohibited or unwound, or the imposition of significant remedies (as explained further in the United Kingdom chapter of this Guide).

Third, it increases reputational risk when parties to a transaction are considered to raise national security concerns, or are found not to have complied with the regime.

Finally, the above risks could also have significant financial effects in the form of reduced deal value (for example, if remedies or delays to deal completion may have a material financial impact on the businesses involved), as well as potential penalties for non-compliance.

Evaluating and managing NSI Act risks in transactions

Given the above, it is crucial for businesses and investors to understand not just the legal thresholds and process prescribed by the NSI Act but also the political and broader industry context in which their deals are taking place in order to assess what may be considered a ‘national security’ issue. This will help parties to evaluate the potential risks associated with the deal, and in turn shape the parties’ engagement with the government to address any potential issues early in the process and in a constructive manner.

Nature of the potential concerns

Core or broad national security concerns

As discussed above, the intentional flexibility of the NSI Act means that a wide range of concerns potentially could be raised as ‘national security’ issues. These concerns could be considered to fall into two main categories; they do not feature in the NSI Act regime or guidance but may provide a useful filter for parties seeking to identify and evaluate the types of concerns that may arise.

First, concerns could fall within the category of ‘core national security’, where these relate to an immediate or at least clear threat to the safety or security of the United Kingdom. This could include transactions involving suppliers to the military, where the change in ownership would give previously unauthorised persons access to sensitive military information, or put at risk the military’s continued access to critical inputs. For example, when Connect Bidco (a special purpose investment vehicle) sought to acquire Inmarsat (a global satellite provider and supplier to the Ministry of Defence), the Ministry of Defence raised concerns that the transaction could allow the acquirer to access information held on or passing through Inmarsat’s systems. This may have allowed the acquirer to understand the detail of UK defence activity or at least to develop a more strategic picture of it.[18] The Ministry of Defence also noted its reliance on Inmarsat’s exclusive software, and raised concerns around continuity of supply of services that were important to its ability to operate.[19] It argued that any gaps in supply could significantly affect the work of UK armed forces, posing a risk to national security as well as wider public safety. Similarly, as noted above, core national security issues have been raised in the anticipated acquisition by Advent/Cobham of Ultra Electronics, with politicians questioning the potential effects of the transaction in terms of foreign control over sensitive intellectual property and advanced military technologies.[20]

Other examples of core national security concerns could include transactions that may risk giving malicious actors access to (or control of) sensitive technology, such as quantum computing that could put significant amounts of data and critical systems at risk by enabling the breaking of encryption, or access to sensitive personal data that could be used to harm or put pressure on individuals within industry or government.

Second, concerns could fall within the ‘broad national security’ category, where there is not necessarily an immediate direct threat to national security but the transaction may increase risks to the UK’s security or resilience in the longer term. Examples that may fall within this category include concerns relating to infrastructure ownership, supply chain resilience, the ability to maintain control over key technology in the United Kingdom, the maintenance of skills and investment in the United Kingdom, or the continued ability of UK-based companies to sell abroad. These are particularly likely to arise in areas of national strategic importance. For example, these types of issues have come to the fore in Nvidia’s bid for Arm, where there are concerns that foreign ownership would ‘reduce the UK’s sovereignty’ in relation to critical semiconductor technology, with the merged entity becoming a ‘single gatekeeper’ of core components for critical infrastructure.[21] Similarly, in September 2021, the government issued an intervention notice in relation to the proposed acquisition of graphene manufacturer Perpetuus Group by Chinese-owned Taurus International,[22] despite the target being a nascent business with a prototype up to 10 years away.[23] Although the government has not commented on the specific reasons behind this intervention, politicians have noted that graphene offers ‘the possibility of an extraordinary future’ and that the technology should stay in the hands of ‘trusted partners’.[24]

Concerns unrelated to national security

Government or industry stakeholders may have other concerns that go beyond some immediate or longer-term effects on the UK’s national security or resilience, and are instead closer to the national interest. This could include, for example, the effects of a transaction on employment or social welfare agendas. These issues may become high-profile, particularly where industry stakeholders are well organised and experienced (such as trade unions or consumer organisations). For example, in Melrose’s acquisition of GKN (a leading aerospace supplier), the trade union Unite was highly vocal in raising concerns about job security and investment.[25] Issues may also get increased attention when they are closely related to the government’s policy priorities, such as the ambition to become a ‘Science and Tech Superpower’ by 2030 (as set out in the Integrated Review of Security, Defence, Development and Foreign Policy),[26] or the ‘levelling up’ agenda (which aims to reduce inequality across the UK’s regions).

The powers under the NSI Act are restricted to addressing only issues of national security. The government has highlighted this point, noting in its Statement of Policy Intent that ‘the call-in power will be used solely to safeguard the UK’s national security and not to promote any other objectives’.[27]

Impact on transaction risk profile

When evaluating risk under the NSI Act, parties should identify the potential ‘core’ or ‘broad’ national security concerns that government and industry stakeholders may raise in relation to their transaction, and which are therefore likely to be the focus under the NSI Act.

Distinguishing between these two types of concerns can also help parties to build a fuller picture of the risk profile of the transaction, including how the risk may vary at different points in the NSI Act process. This in turn shapes the parties’ approach to government engagement (see ‘Implications for government engagement’, below).

For example, core national security concerns may make a transaction more likely to be called in for a full national security assessment, as compared with broad national security concerns. However, it may be clearer in core national security cases what the concern is likely to be and whether it can be remedied. This can give parties greater confidence early on to assess whether the concern can be addressed through remedies, and if so, to proceed with the transaction and national security review process more efficiently by notifying the ISU and engaging in remedies discussions at an earlier stage. This may be particularly effective where core national security concerns are narrowly delineated and addressable through previously accepted remedies (for example, commitments to maintain supply of goods and services to the Ministry of Defence or military, maintenance of British nationals on the board, among other things).

In contrast, cases involving broad national security concerns may not be as obvious as candidates for a full national security assessment, but if concerns persist, these may not be as easy to delineate or address. The ISU may consider more novel, or broader-ranging, remedies to deal with these issues. These remedies may in turn require more government engagement to provide sufficient reassurance that they would address any potential harm.

Implications for government engagement

Having identified the risk profile for the transaction, businesses and investors should use this to ensure that their engagement with the government is as constructive as possible and seeks to address any concerns head on.

Which parties should engage with government?

As set out in further detail in the United Kingdom chapter, the NSI Act sets out 17 sensitive sectors in which mandatory notification of the transaction is required, regardless of whether the transaction raises national security issues.[28] Parties who may be involved in transactions in those sectors should engage with the government to increase their understanding about the parties’ businesses, and to develop a transparent and constructive working relationship.

Building a relationship may also be beneficial for other businesses outside these 17 sensitive sectors whose deals may nonetheless be called in, particularly given the broad scope of powers under the NSI Act. This should take into account the potential for ‘core’ and ‘broad’ national security concerns to arise, and may include, for example, parties active in an area of strategic importance to the United Kingdom, key investors in UK research and development, those considered to be leaders in their sector, or those that own intellectual property or provide technology that may be difficult to access or replicate.

Finally, parties to a transaction that has been called in for a full national security assessment should prioritise in-depth and open engagement with government, to the extent that they have not done so already (for example, where the transaction was not subject to mandatory notification requirements and the parties chose not to make a voluntary filing).

Which government bodies should the parties engage with?

Although the relationship with the ISU itself and BEIS (the department in which the ISU sits) is key, the ISU will consult with other relevant government departments for their views of the transaction. Parties should therefore consider engaging in parallel with those departments to ensure they are able to give a well-informed view of the transaction.

For example, the Ministry of Defence’s view would be taken into account for military or dual-use sectors, the views of the Department for Digital, Culture, Media and Sport would be relevant to any transactions relating to communications, while transactions with an international dimension are likely to be of interest to the Foreign, Commonwealth and Development Office and the Department for International Trade. The Treasury may also be involved if there are significant implications for public spending, private investment in infrastructure or economic growth. Engaging with the Joint Intelligence Committee within the Cabinet Office may help to identify relevant government departments where the national security responsibilities are less obvious. Parties should also consider whether the location of businesses involved is likely to prompt the interest of devolved administrations (for example, if the target’s key customers or assets are based in Scotland, the views of the devolved Scottish government may be taken into account).

It is also important to bear in mind that the view of one government department or minister may not represent the view of the government as a whole. Parties should therefore prepare to engage widely and consider how their transactions may interact with the priorities and agendas of each of the relevant government stakeholders.

When should companies engage with government?

Adopting a proactive approach could help to reduce the risk of surprises later in the process, and may also shorten the overall timelines by allowing interactions to focus on key issues at an earlier stage. Government departments and the ISU are likely to get comfortable with transactions more easily if they feel they have been properly informed from the outset of the parties, products and issues involved. Early engagement can allow both the parties and the government to discuss potential areas of contention, how these might be addressed or what further information the ISU would need to clear a transaction or form a view on possible remedies. This is also anticipated by the government, which estimates that up to approximately 2,220 companies per year will participate in ‘early engagement’.[29]

As set out in the United Kingdom chapter of this Guide, a transaction that is not notified may be called in by the Secretary of State up to six months from the date on which BEIS was made aware of the event. If the ISU has indicated that it is not minded to call in a transaction, parties should nonetheless consider continued government engagement during this period, particularly if the transaction is likely to attract significant public attention. This may allow the parties to provide further information or reassurance, as needed, in the event that subsequent media or political commentary suggests that the transaction merits a formal assessment.

When transactions are called in, parties should also maintain active engagement with the ISU and relevant government departments throughout the process.

How should companies engage with government?

Engagement should focus on building trusted relationships with individuals in the ISU and relevant government departments through open dialogue and a commitment to resolving factual questions and discussing any concerns. The parties should be prepared to provide a comprehensive description of their activities (including investors and funding arrangements), the transaction and its rationale, post-deal plans for the target business, key customer and supplier relationships, and any anticipated effects on the market. It is also crucial to ensure that the parties are providing a consistent view across their interactions with various bodies, as well as any industry stakeholders the ISU may consult; a transaction generating contradictory feedback or narratives across different groups is more likely to trigger questions or concerns.

As set out above, these interactions should also be shaped by the nature of any potential concerns. For example, where these primarily relate to core national security issues, parties may be better able to identify the scope of concerns and the extent to which these could be addressed by remedies. The parties may therefore wish to consider discussing remedies (where necessary) at an earlier stage of the process. Although the Secretary of State would ultimately impose any remedies via a final order, the ISU will take into account the parties’ representations on the possible options during the process.

In contrast, where concerns relate to broad national security issues, these could be more difficult to delineate and address. In such cases, it may be preferable to focus on narrowing the scope of potential concerns and highlighting the pro-UK benefits of the transaction. Representations on any remedies may therefore come at a later stage of the process.

Engagement throughout should be focused on supporting the objectives of the NSI Act regime and the formal process. Parties should ensure that interactions in the context of the NSI Act remain focused on the relevant national security concerns, and should seek to minimise distractions from issues beyond this remit. This is particularly important to bear in mind when issues unrelated to national security are getting significant public or political attention. Lobbying on unrelated issues can also be counter-productive, risking reputational damage if the company is seen as unduly or improperly influencing government decision-making. This is especially important at the outset of a new regime, when the government will be keen to embed best practice and (along with those affected by the regime) will be highly sensitive to how decision-making is perceived.

Consistency of engagement with other regulators

In addition to the relevant government departments, the ISU may also consider the views of any relevant sectoral regulators, such as Ofcom for transactions relating to communications or Ofgem for energy-related transactions. The parties should ensure that the consistency and openness of dialogue with various government departments is also carried through to these regulator engagements.

Finally, companies should also ensure consistency of information and messaging provided in the NSI Act process with any separate regulatory processes that may be happening in parallel. In particular, the Competition and Markets Authority (CMA) may be reviewing the same transaction from a competition perspective, which could raise overlapping issues with those in the NSI Act process (for example, if there are concerns about access to, or possible degradation of, critical products or services). For example, in addition to the potential national security issues raised in Nvidia’s acquisition of Arm, the CMA has identified preliminary competition concerns that the combined entity would be able to harm Nvidia’s rivals by restricting access to crucial intellectual property or impairing interoperability between related products.[30]

Current guidance indicates that, where a transaction is subject to both national security and CMA scrutiny, the ISU will work closely with the CMA to manage the case.[31] If a final order is in force, the government can also issue a direction to the CMA to take or avoid certain actions that may affect the national security aspects of the transaction.[32] Given the possibility of these concurrent processes, parties should consider whether any overlapping issues may arise and, if so, how to ensure that both national security and competition objectives can be addressed. Parties should also factor in the increase in complexity of the process and outcome risk that the additional regulatory process introduces.

Concluding remarks

The NSI Act increases the scope for the government to intervene in transactions. Together with the growing concerns about national control and the breadth of ‘national security’ as a concept, these new powers create significantly more uncertainty and risks for businesses.

Investing time up front to assess the likely nature of the concerns, and using this as a basis on which to engage early and constructively with government, will be critical to navigating and mitigating these risks.


1 John Fingleton is the founder and chief executive, Ying Wu is a director and Jayanthi Ezekiel is a principal at Fingleton Limited.

2 The details of the new regime (including scope of application, potential remedies and penalties) are set out in the United Kingdom chapter of this Guide.

3 Department for Business, Energy and Industrial Strategy [BEIS], Overview of the National Security and Investment Bill factsheet (updated 3 March 2021), available at

4 George Parker, ‘UK minister backs Chinese investment only “to our advantage”’, Financial Times (25 August 2021), available at

5 ibid.

6 Cabinet Office, Global Britain in a Competitive Age: The Integrated Review of Security, Defence, Development and Foreign Policy (updated 2 July 2021) [Integrated Review], Foreword from the Prime Minister, available at

7 Dan Sabbagh, ‘UK national security and investment bill set for Commons reading’, The Guardian (10 November 2020), available at

8 Jim Pickard and Natalie Thomas, ‘UK plans to force sale of Chinese-owned nuclear stake to investors’, Financial Times (29 September 2021), available at

9 Sion Barry, ‘UK ministers should intervene on Chinese acquisition of Newport Wafer Fab’, Business Live (14 July 2021), available at

11 BEIS, National Security and Investment Bill: Impact Assessment (9 November 2020) [Impact Assessment], Table 1, available at

12 BEIS, National Security and Investment Act 2021: Statement for the purposes of section 3 (2 November 2021) [Statement of Policy Intent], at 4, available at

13 ‘Calling in’ refers to both (1) transactions that have been notified to the Investment Security Unit [ISU] (on a mandatory or voluntary basis) for initial screening, following which the Secretary of State decides that a further assessment is necessary on the basis of potential national security concerns, and (2) transactions that have not been notified but have been identified through the government’s market monitoring activities as potentially raising national security concerns and therefore requiring further assessment. See the United Kingdom chapter for further detail.

14 Statement of Policy Intent, at 19–20. Further detail is set out in the United Kingdom chapter.

15 ibid. at 2 (emphasis added).

16 ibid. at 5.

17 ibid. at 23, 31.

18 Competition and Markets Authority, ‘Report to the Secretary of State for Digital, Culture, Media and Sport on the anticipated acquisition by Connect Bidco Limited of Inmarsat plc’ (17 September 2019), at 10.3.

19 ibid. at 10.4 and 10.5.

20 Sylvia Pfeifer, ‘Cobham agrees to buy rival UK defence group Ultra Electronics for £2.6bn’, Financial Times (16 August 2021), available at

21 Competition and Markets Authority, ‘Report for the Secretary of State for Digital, Culture, Media and Sport on the anticipated acquisition by NVIDIA Corporation of Arm Limited’ (20 July 2021), at 11.3.

22 BEIS, Intervention Notice given pursuant to Section 42 Enterprise Act 2002 in the anticipated acquisition of the Perpetuus Group by Taurus International Ltd (5 September 2021), available at

23 Jasper Jolly, ‘How “wonder material” graphene became a national security concern’, The Guardian (27 September 2021), available at

24 Vincenzo Lombado, ‘UK government calls for security review of graphene firm’s takeover by Chinese academic – CNBC’, Business Telegraph (7 September 2021), available at

25 Unite the Union, ‘Unite on Melrose bid for GKN: Government last minute move “too little, too late” – and assurances may not even be enforceable’ (27 March 2018), available at

26 Integrated Review, op. cit. (footnote 6, above).

27 Statement of Policy Intent, at 2.

28 These 17 sectors are advanced materials, advanced robotics, artificial intelligence, civil nuclear, computing hardware, critical suppliers to the government, critical suppliers to the emergency services, cryptographic authentication, data infrastructure, defence, energy, military and dual use, quantum technologies, satellite and space technologies, synthetic biology and transport.

29 Impact Assessment, op. cit. (footnote 10, above), Table 1.

30 Summary of the Competition and Markets Authority’s report to the Secretary of State for Digital, Culture, Media and Sport on the anticipated acquisition by NVIDIA Corporation of Arm Limited (20 August 2021) at 1.6.

32 id.

Get unlimited access to all Global Competition Review content