The Evolving Concept of National Security

In recent years, the regulation of foreign investments under national security and foreign investment regimes has grown exponentially, with sectoral coverage expanding to unprecedented levels. In the context of mergers and acquisitions, foreign investment regimes broadly fall into two categories: (1) those that apply only to investments made directly in domestic companies and which aim to give domestic businesses in certain sectors a degree of protection from foreign competition (e.g., Indonesia, Malaysia and the United Arab Emirates); and (2) those that apply also to indirect investments (e.g., the acquisition of a foreign parent company that has a subsidiary in the jurisdiction in question).

The second type of regime, which is the focus of this chapter, tends to concentrate on the national security implications of foreign investments, and has historically recognised defence and critical infrastructure (such as energy and transport) as being fundamental to national security.

In the past decade, however, the concept of ‘national security’ has expanded to include everything from defence and critical infrastructure to artificial intelligence, communications and advanced technology sectors, healthcare, nanotechnology, the media, healthcare, food security and water, to name but a few examples. It is clear that the concept of national security has begun to drift into national interest and may continue to be blurred further still. This chapter examines this shift by looking at the evolution of foreign investment regimes in Australia, the European Union, the United Kingdom and the United States.

Changes in the scope of foreign investment regimes

Through legislative changes to existing regimes and the creation of entirely new national screening regimes, the number and scope of foreign investment regimes have increased significantly in the past few years, transforming the concept of national security in the process.

Legislative changes in Australia and the United States

Australia: introduction and extension of a stand-alone national security review

Prior to 1 January 2021, national security concerns were not considered on a stand-alone basis, and would be assessed only when an underlying transaction was considered a notifiable or significant action in its own right. Under the assessment regime for these transactions, national security considerations were a factor in determining whether a transaction was not in the national interest. However, the underlying policy focus expanded over time.

Significant amendments to the Foreign Acquisitions and Takeovers Act 1975 (Cth) (FATA) came into effect on 1 January 2021, introducing the stand-alone concepts of a notifiable national security action and a reviewable national security action. Unlike other transactions regulated by the FATA, these concepts are not subject to any monetary threshold or other limitation.

A transaction or other activity undertaken by a foreign investor will constitute a ‘notifiable national security action’, for which approval is compulsory and suspensory when it involves (1) the commencement of a ‘national security business’, (2) the acquisition of a ‘direct interest’ (i.e., 10 per cent or greater) in a national security business or in an entity that carries on a national security business, or (3) the acquisition of an interest in ‘national security land’.

The scope of the definition of ‘national security business’ captures Australian entities and businesses involved in defence or intelligence services, telecommunications carriage service providers and entities that own or operate ‘critical infrastructure assets’. Recent amendments to the Security of Critical Infrastructure Act 2018 (Cth) (SOCIA) have expanded the definition of a ‘critical infrastructure asset’. While initially only capturing the electricity, gas, water and port sectors, the new definition expands coverage to include critical service providers in each of the following industry sectors:

  • communications;
  • data storage and processing;
  • financial services and markets;
  • water and sewerage;
  • energy;
  • healthcare and medical;
  • higher education and research;
  • food and grocery;
  • space technology;
  • transport; and
  • the defence industry.

Under the January 2021 amendments, the Treasurer is also granted a broad call-in right in respect of a broader range of ‘reviewable national security actions’, which grants the Treasurer a range of powers when such actions are considered to have a national security concern (including the ability to issue divestment orders). Reviewable national security actions capture any transaction, regardless of size, that result in a foreign investor acquiring or obtaining (1) an interest of 10 per cent or more in an Australian entity, (2) a position that allows the investor to influence or participate in the central management or control of an Australian entity, or (3) a position that allows the investor to influence, participate in or determine the policy of an Australian entity. The introduction of this concept has ultimately resulted in foreign investors being required to undertake an assessment of potential national security concerns in any merger or acquisition transaction conducted in Australia.

United States: transformation of the CFIUS regime

During the past five decades, the evolution of the concept of ‘national security’ has resulted in a significant transformation of the US government’s foreign investment regime. Although reviews of foreign investment in the United States, either direct or indirect, remain the domain of the Committee for Foreign Investment in the United States (CFIUS or the Committee), the Committee’s role in these reviews has continuously evolved, expanded and shifted to reflect the changes in US national security priorities.

The basic structure of the Committee was established in 1975 by Executive Order 11858. The founding premise of CFIUS remains the same, as it was initially designed as a mechanism within the US government’s executive branch to monitor the effects of foreign investment in the United States.[2] The Committee adopted a more active role in 1988 with the passing of the Exon-Florio amendment to the Defense Production Act of 1950 (Exon-Florio). Exon-Florio granted the President the authority to block foreign mergers, acquisitions and takeovers that threatened national security.[3] At this point, national security was focused on the potential effect on defence activity, with assessments of the ‘threat’ posed by the foreign investor, the ‘vulnerability’ of the US business and the consequences for national security – an assessment framework fundamentally still used today.[4] The 1993 Byrd Amendment further expanded CFIUS’s scope to include a specific focus on the threat from foreign government investment, including state-owned and controlled entities.[5]

The CFIUS regime underwent another major overhaul and expansion in the wake of Dubai Ports World’s (DP World) attempted purchase of certain US commercial port operations in 2006. As a UAE state-owned enterprise, DP World’s attempted acquisition faced significant opposition from the US Congress, as well as the public, partly because of the heightened national security environment prevailing at the time.[6] Although, ultimately, DP World sold its operations to a US owner, the event’s aftermath, and the clear indication of heightened national security concerns regarding foreign investment in the United States, led to the enactment of the Foreign Investment and National Security Act of 2007 (FINSA). FINSA overhauled the existing CFIUS regime and significantly expanded CFIUS’s authority and presence. In particular, the passage of FINSA increased CFIUS’s reporting requirements, enabled greater Congressional oversight, and mandated mitigation agreements be implemented and monitored for continued compliance.[7] FINSA also explicitly expanded the list of national security concerns relevant to a CFIUS review beyond the traditional defence and military activities, to include, for example, potential foreign government control, non-proliferation, counterterrorism cooperation, transhipment or diversion risk, and energy security.

After the enactment of FINSA, the focus of the national security discourse gradually shifted to the question of China and, specifically, the question of ‘technology transfer’ – the process of acquiring advanced technologies to enhance civilian economy and military capabilities.[8] These methods include foreign investment, venture capital investment, joint ventures, licensing agreements, cyber espionage and talent acquisition programmes – with at least one report by the Defense Innovation Unit Experimental (DIUx) concluding that the US’s existing tools (CFIUS and export controls)[9] were inadequate.[10] Further, the intensity of the CFIUS process during this period began to shift, with the Committee seemingly subjecting deals involving Chinese investors to increased scrutiny. This increased scrutiny was evidenced by CFIUS reviews resulting in the President blocking transactions involving Chinese investors in 2012,[11] 2016[12] and 2017[13] (with the latter transactions involving the semiconductor industry), all of which received significant media attention. These trends culminated in the passage of the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), which brought yet another expansion under CFIUS’s authority, as well as significant changes to the regulatory process itself. Among other changes, FIRRMA formally expanded CFIUS’s jurisdiction and implemented mandatory filing requirements, as well as penalties for failure to file. The new mandatory filing requirements constituted a significant departure from the historically voluntary CFIUS notification process.[14]

FIRRMA’s implementation further reflected the evolved and expanded scope of national security in the context of foreign investment in the United States. Specifically, FIRRMA included a temporary programme (the pilot programme), dedicated to reviewing foreign investments, including non-controlling investments, into critical technology entities. The pilot programme included 27 specifically enumerated industries deemed to be ‘critical technologies’, and required mandatory CFIUS filings for foreign investments into these industries.[15] The pilot programme and its mandatory filing requirement were incorporated into the mainline CFIUS regulations in 2020, although ‘critical technology’ was redefined to be based on export control licensing requirements.

In addition, the United States continues to contemplate whether to implement a mechanism for screening outbound foreign investments, akin to a ‘reverse CFIUS’. The concept of an outbound investment screening mechanism is not new. In fact, the US Congress contemplated a potential review of certain licensing arrangements and discussed some provisions related to ‘countries of special concern’ in the early drafts of FIRRMA. Although such language was ultimately excluded from the final version of FIRRMA, the discussion of creating a ‘reverse CFIUS’ mechanism was recently reignited.

Various measures to review and regulate certain outbound investments in relation to countries of concern, including China and Russia, have been proposed. These include the America Creating Opportunities for Manufacturing, Pre-Eminence in Technology, and Economic Strength Act (the America COMPETES Act), which would establish a federal inter-agency committee, and the Committee on National Critical Capabilities (CNCC). However, to date, none of the ‘reverse CFIUS’ measures have been formally adopted.

Legislative implementation of new UK national security regulation

On 4 January 2022, a new, expansive national security regime entered into force in the UK. While the UK’s previous regime gave the government powers to review certain transactions on national security grounds and, in principle, allowed it to intervene in investments made by domestic investors, all the formal interventions under the prior regime involved foreign investment.

The new National Security and Investment Act 2020 (the NSI Act) gives the UK government wide powers to call in and review investments on national security grounds and to impose any remedies it deems necessary.

While the prior regime was voluntary and non-suspensory, the NSI Act imposes mandatory filing obligations for qualifying investments in target companies with certain activities in any of the following 17 sensitive sectors: civil nuclear; communications; data infrastructure; defence; energy; transport; artificial intelligence; advanced robotics; computing hardware; cryptographic authentication; advanced materials; quantum technologies; synthetic biology; critical suppliers to government; suppliers to the emergency services; military or dual-use technologies; and satellite and space technologies.

All other qualifying investments are subject to a voluntary filing regime, including investments that completed on or after 12 November 2020. Transactions in any sector can be reviewed under the voluntary regime, but there is a higher risk of a national security intervention if the target has activities in, or closely linked to, one of the 17 sensitive sectors listed above. Investments in real estate that is used for sensitive activities, or that is proximate to such a site, also carry a higher risk of investigation by the government.

In recent years, even before the entry into force of the NSI Act, the concept of national security has significantly expanded in the United Kingdom, from a focus on defence sector deals to investments in targets with various technologies, such as civilian satellites (Inmarsat), radio equipment (Hytera), computer processing units (ARM) and graphene products (Perpetuus). Moreover, a range of international investors have been caught, including those from China, the United States and Canada.

Since entry into force of the NSI Act to the time of writing on 1 September 2022, two transactions have been blocked by the government, and one has been cleared with conditions.

On 14 July 2022, the government imposed conditions on the acquisition of Sepura Ltd by Epiris LLP, Epiris GP and Sword Bidco Ltd. Sepura (and its former parent) were already subject to undertakings arising from a previous transaction, and the government’s notice of final order confirms that the main undertakings would be carried forward to this acquisition. In particular, the government imposed requirements to protect sensitive information and technology and to maintain Sepura’s relevant capabilities in the UK. This confirms that undertakings required under the previous national security regime provide useful guidance for the types of conditions that could be imposed under the NSI Act.

On 20 July 2022, the government blocked the acquisition of intellectual property by Beijing Infinite Vision Technology Company Ltd under a licence agreement with the University of Manchester relating to certain vision-sensing technology (which has dual-use applications) to develop, test and verify, manufacture, use and sell licensed products. Interestingly, the deal was not subject to a mandatory notification, but the government considered that the grant of an intellectual property licence constitutes a trigger event under the voluntary regime.

Finally, on 17 August 2022, the government blocked the acquisition of Pulsic Ltd by Super Orange HK Holding Limited (a Hong Kong based company). The national security concerns in that case appear to have arisen from concerns that (1) the buyer could use Pulsic’s technology and software relating to electronic design automation (EDA) products to facilitate the building of cutting-edge integrated circuits that could be used in a civilian or military supply chain (dual use), and (2) the potential that the EDA tools could be exploited to introduce features into the design, including automatically and/or without knowledge of the user, that could be used to build defence or technological capabilities.

With respect to the themes that may be drawn from these transactions, both transactions that were involved Chinese investors. However, while the original Sepura transaction involved a Chinese buyer, the most recent transaction concerned the acquisition by a UK-based PE firm. But, in these cases, the government has sought to address different concerns. Both deals that were blocked concerned the acquisition of dual-use technologies which the government expressed concerns could be used to improve China’s defence or technological capabilities, whereas the conditions imposed in the Sepura transaction sought to ensure that Sepura’s capabilities will be maintained in the UK and to protect sensitive information. Similar themes were also seen in the last few decisions issued under the prior regime, with a focus on defence sector transactions and Chinese investors. To date, it therefore seems that the government has maintained a fairly established approach to enforcement of its national security powers, with continued focus on the defence sector and dual-use products with defence sector applications, and overseas purchasers (often Chinese) attracting the most scrutiny.

Coordination and evolution of national security in the European Union

Regulation (EU) 2019/452 (the FDI Screening Regulation or the Regulation) entered into force on 10 April 2019 and applies to transactions taking place after 11 October 2020. The FDI Screening Regulation is not a replacement for the national screening regimes of EU Member States, which retain ultimate control over investments in their territory. Rather, it acts as an important supplement to the national regimes by introducing a cooperation mechanism between Member States. It also allows the European Commission (the Commission) to review and opine on[16] investments that are likely to affect security or public order in more than one Member State or that could undermine projects of interest to the whole Union (eg, EU programmes for energy, transport and telecommunications networks).

While the FDI Screening Regulation does not require Member States to establish a national screening mechanism, the Commission continues to encourage Member States, both at political and technical level, to adopt, adapt and implement national screening mechanisms. Most recently, the Commission called upon Member States to set up a fully fledged screening mechanism in the 2022 Guidance to Member States on FDI from Russia and Belarus.[17]

Under the Regulation, Member States are required to notify the Commission and the other Member States of any FDI in their territory that is undergoing screening by providing certain information (such as details of the investor, investment vehicle and the Member States in which the investor or investment vehicle conduct business, among other things) and they may include a list of Member States whose security or public order is deemed likely to be affected. In addition, the Commission and Member States may request information and provide comments on investments for which screening is not being undertaken by the relevant Member State but that the Commission or other Member States consider likely to affect security or public order.

Scope of the FDI Screening Regulation

No monetary thresholds are applicable under the FDI Screening Regulation. Further, only a non-exhaustive list of factors, which can be applied by EU Member States or the Commission when determining whether an investment is likely to affect security or public order, is set out in Article 4 of the Regulation. This list of factors includes the effects of the investment on:

  • critical infrastructure, whether physical or virtual, including energy, transport, water, health, communications, media, data processing or storage, aerospace, defence, electoral or financial infrastructure, and sensitive facilities, as well as land and real estate crucial for the use of such infrastructure;
  • critical technologies and dual-use items as defined in point 1 of Article 2 of Council Regulation (EC) No. 428/2009,[18] including artificial intelligence, robotics, semiconductors, cybersecurity, aerospace, defence, energy storage, quantum and nuclear technologies, as well as nanotechnologies and biotechnologies;
  • supply of critical inputs, including energy or raw materials, as well as food security;
  • access to sensitive information, including personal data, or the ability to control such information; and
  • the freedom and pluralism of the media.

From such a list, it is evident that a wide array of sectors now falls within the ambit of national security concerns, with scope for further expansion in future.

Interaction with national screening regimes aimed at guiding the concept of national security

Prior to the introduction of the FDI Screening Regulation, the primary mechanism for foreign investment screening lay firmly at the feet of national authorities. Although national regimes continue to take precedence over the powers of the Commission and other Member States under the Regulation (the host Member State for the investment has the ultimate say in deciding whether to allow or block the investment), they vary across Member States in the scope and severity of scrutiny of foreign investments.

At the time of writing, 19 EU Member States[19] have some level of investment screening mechanism in place, while a further six Member States[20] are considering implementing such measures. Only two Member States[21] do not have, and do not have any plans to implement, an FDI screening regime. Nevertheless, all Member States will be able to participate in some level of investment screening across the Union under the banner of the Regulation.

Following the covid-19 pandemic policymaking trend towards domestic protection of a growing list of key sectors, such as healthcare, energy and transport, national investment screening regimes across a number of Member States are in the process of being revisited and strengthened. Many governments have viewed the pandemic as an opportunity to shield strategic industries from the opportunistic reach of foreign investors, allowing the notion of national security to be interpreted more broadly.

In addition, some EU Member States, such as France, Germany, Italy and Spain, introduced more stringent controls on foreign investment in the wake of the pandemic, many initially as a temporary measure. In France, the government lowered the threshold for screening non-EU investments in listed French companies to 10 per cent, whereas Italy introduced new notification requirements for EU investors in sensitive sectors and non-EU investors acquiring 10 per cent or more of entities considered as strategic. Spain requires residents of Member States of the European Union and the European Free Trade Association (EFTA) to obtain authorisation for certain investments, in addition to the authorisation requirement for non-EU/EFTA residents. At the time of writing, the foregoing restrictions had been extended to apply until at least 31 December 2022. As part of a more permanent amendment, Germany added 16 industries and certain types of transactions to the scope of its national FDI screening regime.

The outlook for such stringent national regulation of FDI beyond the end of 2022 is unclear, although, given recent political trends and the lasting effects of the pandemic, it is unlikely that governments will wish to relinquish their grip on certain key sectors of the economy to protect national interests. As a matter of fact, Russia’s military aggression against Ukraine calls for greater vigilance towards Russian and Belarusian direct investments within the Union. In response, in April 2022 the Commission adopted Guidance to Member States on FDI from Russia and Belarus, to ensure that particular attention is given to investments into critical EU assets from entities or persons related to the Russian or Belarusian governments.[22]

Concept of national security under institutional guidance

In conjunction with revised or new legislation, national screening authorities and the European Commission have released detailed guidance to provide market participants with a description of the industry sectors and activities that they consider relevant to their national security assessments.

For example, on 1 September 2022 the Commission published its second annual report on the screening of foreign direct investments into the Union. This second annual report on FDI screening, and the first one to cover an entire calendar year (2021), shows that the use of the mechanism has significantly expanded in 2021. The Commission takes the opportunity to reflect on the concept of national security, and highlights that only 1 per cent of transactions were blocked by Member States (compared with 2 per cent in the first report[23]), meaning that Member States have only blocked transactions that pose very serious threats to security and public order.

In Australia, the Foreign Investment Review Board (FIRB) released a detailed guidance note that provides market participants with a clear description of the industry sectors and activities that FIRB considers relevant to any national security assessment. This guidance provides a sectoral breakdown detailing particular subsectors and activities within sectors where FIRB considers approval would be mandatory or recommended. These industry sectors capture:

  • financial services, including large-scale financial institutions and providers of payments and clearing infrastructure;
  • communications providers and network operators;
  • broadcasting services and media;
  • commercial construction contractors that may be involved in the construction of government or other sensitive premises;
  • commercial real estate investors – particularly properties housing government tenants or sensitive industries;
  • businesses that are considered critical service providers or those involved in critical technologies or the extraction or processing of critical minerals;
  • defence contractors and providers;
  • energy, including electricity, gas, liquid fuels and nuclear, and operators of energy markets and infrastructure;
  • healthcare and medical sectors – particularly those that hold sensitive patient information;
  • tertiary education providers;
  • information technology and data storage providers;
  • transport, including ports, public transport providers and aviation; and
  • operators of water and sewage infrastructure.

Finally, the evolving and expanding concept of national security is clearly reflected in the evolution and empowerment of CFIUS as the reviewer of foreign investment in the United States. In the past 20 years alone, critical technologies, critical infrastructure, personal data and real estate have been formally acknowledged as potential national security concerns. Further, the formerly wholly voluntary process now has a significant mandatory element, and penalties may be imposed for failure to comply. Non-controlling investments now fall within CFIUS’s jurisdiction and can even trigger a mandatory review. The role and power of CFIUS will likely only continue to grow as national security concerns evolve further.


It is clear that the past five years alone have brought about significant changes in the approach to national security globally. A number of geopolitical concerns have arisen, in particular between China and the West, prompting several major Western economies to rethink the level of protection for domestically important industries. These concerns have been exacerbated by the effects of the covid-19 pandemic and Russia’s invasion of Ukraine, which have prompted fears about the supply of essential goods, energy, and services, while large parts of the economy ground to a halt in the wake of far-reaching lockdowns and restrictions on movement.

Given the additional anticipated stresses of climate change and related geopolitical changes, there is no doubt that governments are laying the foundations for an economy that is cushioned as far as possible against the effects of global pandemics and financial or environmental shocks. The effects of these actions on global investment are yet to fully take shape and, thus, deserve close monitoring. Although parallels can be drawn with certain other regulatory activities (such as merger control), foreign investment regimes are notoriously less transparent, with governments enjoying a greater degree of discretion, less stringent time limits for decision-making and less regard for following precedents. It may, therefore, be that the shift towards a chameleon-like concept of national security has only just begun.


1 Emily Xueref-Poviac is a counsel and Jennifer Storey, Mark Currell and Renée Latour are partners at Clifford Chance.

2 James K Jackson, The Committee on Foreign Investment in the United States, Congressional Research Service, 1, 5 (2020),

3 id. at 7; 50 U.S.C. app. § 2170 (1988).

4 31 C.F.R. § 800.102.

5 P.L. 102–484, 23 October 1992.

6 Jonathan Weisman and Bradley Graham, ‘Dubai Firm to Sell U.S. Port Operations’, The Washington Post (10 March 2006), p. A1.

7 P.L.110–49, 121 Stat. 246.

8 Senator John Cornyn, one of the authors and sponsors of the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA), speaks on this issue and how the 2017 version of the Defense Innovation Unit Experimental (DIUx) report influenced the earlier versions of the bill’s text. See also Kate O’Keeffe and Siobhan Hughes, ‘Congress to Toughen Foreign Investment Reviews Amid Trade Fight With China’, Wall Street Journal (19 July 2018),

9 The United States’ export control framework consists primarily of the International Traffic in Arms Regulations, which control defence articles, defence services and technical data, and the Export Administration Regulations, which control dual-use goods and technology – most commercial items.

10 Michael Brown and Pavneet Singh, ‘China’s Technology Transfer Strategy: How Chinese Investments in Emerging Technology Enable A Strategic Competitor to Access the Crown Jewels of U.S. Innovation’, DIUx (2018), 3–4,; David Hanke, Senator Cornyn’s lead staffer in the drafting process, states that the DIUx report became ‘one of the analytical underpinnings of the FIRRMA initiative’; David R Hanke, ‘Testimony before the US–China Economic and Security Review Commission’, Hearing on US–China Relations in 2021: Emerging Risks. Panel III: Assessing Export Controls and Foreign Investment Review (8 September 2021), at 6,

11 Statement from the US Treasury Department on the President’s Decision Regarding Ralls Corporation (28 September 2012),

12 Statement on the President’s Decision Regarding the US Business of Aixtron SE (2 December 2016),

13 Statement on the President’s Decision Regarding Lattice Semiconductor Corporation (13 September 2017),

14 Federal Register, Vol. 83 No. 197 (11 October 2018), p. 51322.

15 31 CFR. § 800.401.

16 The European Commission cannot itself prohibit transactions or impose remedies; but, for certain investments, EU Member States must take ‘utmost account’ of the Commission’s opinions.

17 Communication from the Commission – Guidance to the Member States concerning foreign direct investment from Russia and Belarus in view of the military aggression against Ukraine and the restrictive measures laid down in recent Council Regulations on sanctions, OJEU C 151 I, 6.4.2022, pp. 1–12.

18 Council Regulation (EC) No. 428/2009 of 5 May 2009 setting up a Community regime for the control of exports, transfer, brokering and transit of dual-use items (OJ L 134 29.5.2009, p. 1).

19 Austria, Czech Republic, Denmark, Finland, France, Germany, Hungary, Italy, Latvia, Lithuania, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Sweden and Spain.

20 Belgium, Croatia, Estonia, Greece and Luxembourg. With respect to Ireland, on 2 August 2022, the Irish Department of Enterprise, Trade and Employment published the ‘Screening of Third Country Transactions Bill 2022’, which is expected to be enacted in late 2022 or early 2023.

21 Bulgaria and Cyprus.

22 Communication from the Commission – Guidance to the Member States concerning foreign direct investment from Russia and Belarus in view of the military aggression against Ukraine and the restrictive measures laid down in recent Council Regulations on sanctions, OJEU C 151 I, 6.4.2022, pp. 1–12.

23 The first annual report covered a shorter period, i.e., from 11 October 2020 to 30 June 2021.

Unlock unlimited access to all Global Competition Review content