National Security and Investment Act 2021: Statement for the purposes of section 3
Updated 21 May 2024
© Crown copyright 2024
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/national-security-and-investment-statement-about-exercise-of-the-call-in-power/national-security-and-investment-act-2021-statement-for-the-purposes-of-section-3--2
Introduction
1. This statement is made under section 3 of the National Security and Investment Act 2021 (‘the NSI Act’). It sets out how the Secretary of State expects to exercise the power to give a call-in notice.
2. This statement must be reviewed by the Secretary of State every five years and may be reviewed more frequently.
3. This statement gives as much detail as is possible on how the Secretary of State expects to use the call-in power, given the sensitivity of national security.
4. See separate guidance on what types of acquisitions are covered under the NSI Act and when you need to tell the government about an acquisition.
National Security and Investment Act 2021 and the call-in power
5. Under the NSI Act, the call-in power can only be used for the purpose of dealing with risks to national security. The NSI Act is not a system for screening all acquisitions in the economy.
6. An acquisition must meet certain criteria in order to be assessed under the NSI Act. An acquisition can be called in for assessment if the Secretary of State reasonably suspects that the acquisition has given rise to, or may give rise to, a risk to national security, or arrangements are in progress or contemplation which, if carried into effect, will result in an acquisition that may give rise to a risk to national security. The Secretary of State may then clear the acquisition or, if necessary and proportionate, impose certain conditions, block or unwind it completely.
7. All acquisitions considered under the NSI Act are assessed on a case by case basis, taking account of all relevant considerations and with regard to the risk factors set out below and regardless of whether they involve parties only within the UK or involve parties overseas.
8. The NSI Act is a proportionate and targeted regime, providing the Government with the essential protections it needs to safeguard national security. This means protecting the UK against the small number of investments that could be harmful to national security, whilst leaving the vast majority of deals unaffected. The call-in power will be used solely to safeguard national security and will not be used to interfere unnecessarily with investment or to promote any other objectives. The UK has a proud record as one of the most open economies in the world and the Secretary of State’s use of the call-in power will not change that. The UK remains firmly open to investment and the government wants the UK to be the best place in the world to work and do business. But this openness to investment must not compromise the Government’s ability to conduct proper scrutiny.
What the Secretary of State is seeking to protect by using the call-in power
9. The powers granted to the Secretary of State under the NSI Act seek to protect the UK’s national security and are one of many tools and pieces of legislation that do this.
10. In line with other legislation, the Act does not define national security. This is longstanding Government policy to ensure that national security powers are sufficiently flexible to protect the nation. Therefore nothing in this statement should be interpreted as a definition of national security and the government intentionally does not set out exhaustive circumstances in which national security is, or may be, considered to be at risk.
11. The Secretary of State is likely to use the call-in power where an acquisition may present potential for immediate or future harm to national security.
12. The Secretary of State may consider whether an acquisition, or cumulative acquisitions, may lead to disruption, erosion or degradation to critical national infrastructure, or present risks to governmental and defence assets. This includes risks to related supply chains and ensuring that the acquisition does not create a dependency that could lead to a national security risk.
13. The Secretary of State may also consider risk to UK capabilities which may undermine the national security of the UK. For example, the Secretary of State may consider whether the acquisition may lead to the disruption or erosion of the UK’s military, intelligence, security or technological capabilities, or whether the acquisition enables actors with hostile intentions to build defence, intelligence, security or technological capabilities which may present a national security threat to the UK, now, or in the future. This could be through, but is not limited to, the acquisition of goods, technology, sensitive information (including data), intellectual property, know-how or expertise.
14. Some acquisitions of entities in certain areas of the economy are subject to mandatory notification because of their particular sensitivity. As a result, such acquisitions are more likely to be called in than acquisitions outside of these areas, as the activities in which these entities are engaged are more likely to give rise to risks to national security.
Factors the Secretary of State will take into account when deciding whether to exercise the call-in power
Risk Factors
15. Decisions on whether to exercise the call-in power will be made on a case-by-case basis. In deciding whether there is a reasonable suspicion that an acquisition may give rise to a risk to national security (and therefore whether to call in the acquisition), the Secretary of State will consider three primary risk factors, explained below.
16. The risk factors are:
a. Target risk
This concerns whether the target of the acquisition (the entity or asset being acquired) is being used, or could be used, in a way that raises a risk to national security.
b. Acquirer risk
This concerns whether the acquirer has characteristics that suggest there is, or may be, a risk to national security from the acquirer having some control of the target.
c. Control risk
This concerns the amount of control that has been, or will be, acquired through the acquisition. A higher level of control may increase the level of national security risk.
17. The Secretary of State expects to consider all three risk factors when deciding whether to call in an acquisition, but each risk factor will be different for each acquisition and assessed on a case-by-case basis.
18. The Secretary of State will also have regard to wider Government policy on national security in certain sectors, including published sector strategies, when deciding whether to exercise the call-in power.
Risk factors explained
Target Risk
19. The target of an acquisition is the entity or asset that has been or will be acquired. In assessing the target risk, the Secretary of State will consider what the target does, is used for, or could be used for, and whether that has given rise to, or may give rise to, a risk to national security. Assessment of the target risk may also involve consideration of any national security risks arising from the target’s proximity to sensitive sites.
Entities
20. The Secretary of State considers that entities which undertake activities in the areas of the economy subject to NSI mandatory notification, or closely linked activities, are more likely to raise a target risk than other entities. As a result, such acquisitions are more likely to be called in. Where an acquisition is not subject to mandatory notification, the parties may choose to notify the Secretary of State, so as to be certain whether the acquisition will be called in.
21. The NSI Notifiable Acquisition Regulations describe these target entities and the activities in which they are engaged. See guidance on the list of the areas of the economy currently subject to mandatory notification.
22. Acquisitions of control through material influence are not subject to mandatory notification. However, such acquisitions of entities carrying on activities in the areas subject to mandatory notification are more likely to be called in than acquisitions of control through material influence over entities in other areas of the economy.
23. In addition, acquisitions of entities which undertake activities closely linked to the activities in these areas of the economy (for example, if they are related to energy but are not within the definition of energy in the regulations) are more likely to be called in than those that are not closely linked.
24. Similarly, if the target holds a sensitive supply relationship to Government in these or related areas, the acquisition is more likely to be called in than in other areas. This is because the capability or capacity in a particular supply chain may be important to maintaining the UK’s national security.
25. The Secretary of State may also consider whether there are national security risks presented by cumulative acquisitions across different or related sectors, or within the same sector or supply chains.
26. The Secretary of State is also able to consider for call in acquisitions involving the incorporation of a new entity, if the incorporation includes a change of control over an existing asset or entity - for example, the transfer of intellectual property in certain joint ventures or greenfield investment, or control over certain assets in new build energy infrastructure. The Secretary of State will consider the target risk applying to the existing asset or entity, as well as the characteristics of the acquirer, and the level of control being transferred. The Secretary of State is more likely to call in such acquisitions if they are closely linked to activities in the notifiable acquisition regulations. There is separate guidance on the applicability of the Act to new build downstream gas and electricity assets
Assets
27. Acquisitions of control over assets are also in scope of the call-in power. This includes non-tangible assets such as ideas, information or techniques which have industrial, commercial or other economic value, and assets such as land. The Secretary of State may call in an acquisition of an asset if they have reasonable suspicion that it has given rise to, or may give rise to, a risk to national security.
28. Asset acquisitions are not subject to the mandatory notification requirements. Parties may make a voluntary notification to the Secretary of State about an acquisition if they wish to be certain whether or not the acquisition will be called in. The Secretary of State will consider what the asset is used for, or could be used for, the acquirer risk, and the control gained, and whether that use could give rise to a risk to national security.
29. The call-in power is more likely to be used for acquisitions of assets that are, or could be, used in connection with the activities set out in the Notifiable Acquisition Regulations or closely linked activities. This is because these acquisitions are more likely to pose a risk to national security.
30. For example, the Secretary of State will consider whether the asset acquisition would allow the transfer of technology, intellectual property or expertise to an acquirer, or parties linked to an acquirer, which could undermine or threaten national security now or in the future.
31. The Secretary of State will also consider whether the asset is subject to export controls and will take account of any controls and licences issued by the Export Control Joint Unit (ECJU), when deciding whether or not to call-in.
32. Land is mainly expected to be an asset of national security interest where it is, or is proximate to, a sensitive site. Examples of such sensitive sites include critical national infrastructure sites or government buildings. The Secretary of State may, however, also take into account the intended use of the land.
33. The Secretary of State expects only rarely to call in acquisitions of assets which do not fall into the above categories.
Example 1:
A UK investor is acquiring 49% of a UK start-up company which is developing innovative technology that uses artificial intelligence. The start-up carries out activities specified in the mandatory areas and so the investor must notify this acquisition under the NSI Act.
The target risk is likely high as this start-up is developing technology that could have dual-use applications. The acquirer is gaining a significant percentage of the start up, so there is control risk although it is unknown how much influence the investor will have over the policy of the company.
The acquirer risk is likely low, for a number of reasons, including that the acquirer is not seen to have any ties or allegiance to a state or organisation which may seek to undermine or threaten the national security of the UK. However, it is unclear who the ultimate beneficial owners are from the complex fund structure.
Given the high sensitivity of the target, the Secretary of State may determine to call in this acquisition to assess further the applications of the technology and its potential to be repurposed in manners which could pose a risk to national security. Government may also assess further the target company’s security processes and governance structures.
Example 2:
A university has a licence agreement to transfer intellectual property (the target asset) that relates to novel research into artificial intelligence applications within robotics. The acquirer, a large third party logistics provider, has agreed to acquire the intellectual property for application within its portfolio of smart warehousing solutions. The acquirer is minority-owned by an investment firm incorporated in a country whose laws allow the government access to private-sector data.
The matter is notified voluntarily to the ISU by the university. From the information submitted with the notification, the minority shareholders of the acquirer may be able to access operational data relating to the target via their indirect ownership.
Given that the intellectual property relates to emerging AI technologies that could have dual-use capabilities, this scenario flags a number of issues for further exploration. There may be target risk relating to the intellectual property and its capabilities, and acquirer risk given the acquirer’s minority shareholders may be able to access it. It is unknown what information those minority shareholders might be required to convey to their government at a future date.
There is likely to be control risk as the acquirer will acquire the intellectual property in full on day one of the transaction.
Therefore, it is possible the Secretary of State determines that this acquisition should be called-in for assessment because they reasonably suspect this acquisition may give rise to a national security risk.
Example 3:
The target is a UK-incorporated supplier of components to international civil aerospace customers and is a subcontractor to the UK Ministry of Defence. The acquirer is a business incorporated overseas that develops products related to commercial satellite launch capabilities, and is due to establish a joint venture with the target.
The proposed joint venture aims to combine the companies’ respective expertise with a view to exploring the technical and commercial viability of new and stronger composite materials for civil aerospace applications. The acquisition is notified voluntarily as, through the joint venture, the overseas acquirer is acquiring intellectual property and technical expertise from the UK target.
It is unknown if the characteristics of the acquirer may give rise to a risk to national security.
There may be target risk as the research and development to be carried out through the joint venture could produce new capabilities that may have dual-use applications. The Secretary of State may determine that this acquisition should be called in to further assess the agreements on licensing and sublicensing of any intellectual property produced and whether this may give rise to a risk to national security.
Acquirer risk
34. The Secretary of State will consider whether the acquirer, through its acquisition of control over an entity or asset, poses a risk to national security.
35. The Secretary of State considers the characteristics of the acquirer in order to understand the level of risk the acquirer may pose. Characteristics can include the past behaviour of the acquirer and the intent of the acquisition, the sector of activity the acquirer operates in and its existing capabilities (e.g., technological and security capabilities), whether it has cumulative acquisitions across a sector or linked sectors, and any ties or allegiance to a state or organisation which may seek to undermine or threaten the national security of the UK.
36. The Secretary of State considers acquisitions made by UK and foreign acquirers. In some cases, the target is so sensitive it will need to be investigated regardless of the acquirer risk. In other cases, risks may arise through a target company’s structures or security processes, regardless of the acquirer. For example, the acquisition of a sensitive part of a business by a UK company with poor information security may result in risks to national security. For these reasons, the Secretary of State considers each acquisition on a case by case basis even if the acquirer has previously notified the government of an acquisition and that acquisition has been cleared through the NSI system.
37. Considerations also include the intent and past behaviour of any linked parties. For example, the Secretary of State may consider the source of the funds (including individual members of investment consortiums, the fund managers and the ultimate beneficial owner) and whether actors with hostile intentions are seeking to obfuscate their identity by funnelling investment through other companies or corporate structures.
38. The Secretary of State will not make judgements based solely on an acquirer’s country of origin. However, an acquirer’s ties or allegiance to a state or organisation which is hostile to the UK will be considered when assessing acquirer risk. The Secretary of State will also look at requirements placed on the acquirer by other parties (such as other entities or foreign governments) to consider any political, military or state-backed influence or obligations. For example, in some jurisdictions intelligence agencies can compel organisations and individuals to carry out work on their behalf, share data, and provide support, assistance and cooperation.
39. The Secretary of State does not regard all state-owned entities, sovereign wealth funds or other entities affiliated with foreign states, as being inherently more likely to pose a national security risk. But where these entities have ties or allegiances to states or organisations hostile to the UK, this will inform the Secretary of State’s assessment of acquirer risk. If an acquirer has links to entities which may seek to undermine or threaten the national security of the UK, this does not automatically mean that the acquisition will be called in.
40. The Secretary of State may also consider whether the acquirer is, or has been, subject to UK or foreign sanctions in connection with activity that may indicate a risk to national security, and the level of control a sanctioned party will have in the target entity or asset
Example 4:
The Target business has underlying source code in its computer programmes which are used by UK air traffic control operators – an area of the economy in which certain acquisitions of entities are covered by mandatory notification.
The acquirer wants to buy the target to acquire the right to access and use the underlying source code. The acquirer is known by the government to have existing ties to a country that how shown hostile intentions to the UK and has laws which allow their security service to covertly monitor communications to, within, and out of the country, as well as compel businesses and organisation to share information and data with the security service and carry out work on their behalf.
The target risk is high as the source code may be used to identify vulnerabilities in the programmes used to monitor and communicate with aircraft in UK airspace.
The acquirer risk is high as the acquirer may be compelled to share private information to a country that may seek to undermine or threaten the national security of the UK.
There is a control risk as the acquisition of the right to access and use the underlying source code means that the acquirer could use the asset for malicious purposes. However, the acquirer does not have full ownership over the asset and so does not have full control.
Nonetheless, the Secretary of State is likely to determine that this acquisition should be called-in.
Control risk
41. The control risk refers to the amount of control the acquirer gains of an entity’s activities, policy or strategy. It also concerns the amount of control over an asset, which includes controlling or directing its use, as well as using it.
42. The Secretary of State will consider the control that has been or will be acquired through the acquisition. A greater degree of control may increase the possibility of a target being used to harm national security. Additionally, a large amount of control may enable parties to reduce the diversity of a market, or influence the market’s behaviour, in a way that may give rise to a risk to national security. In such cases, the acquisition is more likely to be called in.
43. The Secretary of State may consider whether there is a control risk from cumulative investments across a sector or supply chain. Some characteristics of control, such as a history of passive or long-term investments, or voting rights being held by passive investors compared to direct owners, may indicate less risk and would be taken into consideration, but each acquisition is assessed on a case by case basis.
44. The Secretary of State may also consider, when deciding whether to call in, whether the amount of control gives the acquirer the ability to influence the policy of the target, for example through access to board seats or other decision making arrangements.
45. The Secretary of State may also consider the amount of control an acquirer could gain through the exercising of financial instruments such as loans, conditional acquisitions, futures, and options that affects the control of an entity, for example the use of a debt-to-equity swap.
46. The control risk will be assessed alongside the target and acquirer risk. This is because when the target and/or acquirer risk is low, the level of control acquired is less likely to give rise to a risk to national security and so the Secretary of State is less likely to call in that acquisition.
Example 5:
An overseas acquirer with a large portfolio across the UK communications sector is taking over a company which operates a UK public communications network.
The target risk is considered to be high as public communication networks are a component of the UK’s critical national infrastructure. Communication networks are captured in the mandatory areas and so this acquisition must be notified.
The overseas acquirer is a publicly listed, global telecommunications provider which has invested previously in the UK and is likely to be seen as low risk.
The control risk is likely to be high as this acquisition may provide the acquirer with a cumulative level of control across the UK’s communication sector that could create supply dependencies, in a way that may give rise to a risk to national security.
The Secretary of State may determine that this acquisition is called in given the level of control acquired and the sensitivity of the target.
Example 6:
The acquirer is a global asset management firm and a major investor in the European energy sector. The target is a UK-incorporated energy infrastructure supplier and is considered to be a contributor of strategic importance to UK energy security.
The acquirer is to acquire a minority shareholding in the target and the percentage of shares acquired will not increase from 25% or less to more than 25%; therefore the acquisition does not qualify for mandatory notification. The acquirer will gain voting rights proportionate to the percentage of shares held, and will have the right to appoint a non-executive director to the target’s board. The target voluntarily notifies this acquisition.
The national security risk that the acquirer poses is likely to be low, for a number of reasons, including that there is no evidence that the acquirer intends to use the entity for any purpose other than to complement its existing portfolio.
The target, however, poses a potential risk given that it is considered of strategic importance to UK energy security.
On the information submitted, the acquirer will have the capability to govern the affairs of the target via its right to appoint a director to the board, raising the possibility of materially influencing the target.
The ISU, on behalf of the Secretary of State, may make use of information gathering powers to determine whether the combination of shares and voting rights will enable the acquirer to materially influence policy relevant to the behaviour of the target.
While the acquirer risk is low, the target risk and possible control risk mean the Secretary of State is likely to determine that this acquisition should be called-in.
Example 7:
The acquirer is a non-UK based entity that increases its share of the voting rights in the target from 15% to 26%. The target is a financial services company which holds public contracts with the UK government. The acquirer is a well-known investor to the UK government and there is no existing activity that would give rise to concerns around national security.
The target risk is low as, while the target is a supplier to the UK government, it undertakes activities that do not require mandatory notification nor are they closely linked to the activities which require mandatory notification.
The acquirer risk is low as the acquirer’s activities are well known to the UK government and there has been no history of activity that would give rise to national security concerns.
Despite the acquisition increasing the acquirer’s share of the voting rights in the target from 25% or less to more than 25%, the control risk is unlikely to increase materially the risk to national security as the target risk and acquirer risk are low.
Therefore, the Secretary of State is unlikely to determine that this acquisition should be called-in
Extraterritorial use of the call-in power
47. The call-in power for entities and assets that are outside the UK and the territorial sea is more likely to be used for acquisitions in connection with the activities set out in the Notifiable Acquisition Regulations or closely linked activities, than for those in the wider economy.
48. When considering whether to call in, the Secretary of State will consider how strongly the entity or asset is connected to the UK. The Secretary of State will consider to what extent people in the UK rely on entities and assets outside the UK and how this may affect national security risks.
49. There are also certain situations where Outward Direct Investment (ODI) may constitute an acquisition under the NSI Act, including, for example, the transfer of technology, intellectual property and expertise as part of the investment or when forming joint ventures overseas (there is separate guidance on how NSI interacts with ODI). When deciding whether to call in, the Secretary of State will consider whether the asset or entity is linked to the activities, or related activities, set out in the Notifiable Acquisition Regulations and whether this could give rise to a risk to national security.
50. There is separate guidance on the application of the NSI Act in relation to entities and assets outside of the UK.
Retrospective use of the call-in power
51. The Secretary of State may call in acquisitions that meet certain criteria under the Act, after they have taken place. This power is set out in section 1(1)(a) of the Act.
52. When deciding whether to call in an acquisition that has already taken place, the same assessment of risk factors will be applied as for acquisitions that have not already taken place.
53. The decision whether to call in an acquisition after it has taken place will be made according to the risk to national security at the point of the decision rather than the risk to national security at the point that the acquisition took place.