National Security and Investment Act 2021

National Security and Investment Act 2021

National Security and Investment Act 2021

The National Security and Investment Act 2021 (NSI Act), received Royal Assent on 29 April 2021 and came into force on 4 January 2022, establishing a new, standalone statutory regime to enable the UK government to intervene in acquisitions and investments to protect national security. The new regime replaced the national security aspects of the government's current powers of intervention under the Enterprise Act 2002.

This Act was adopted due to concerns over long-term shifts in the balance of global economic and military power, increasing competition between states, and the emergence of powerful non-state actors; and that the general merger control regime was not adequate to address such concerns. 

"National security" as such is not defined under the NSI Act. However, the government has stated that in order to assess the likelihood of a risk to national security being caused by a qualifying acquisition, the Secretary of State (the Chancellor of the Duchy of Lancaster) will consider primarily three risk factors in conjunction (although one risk factor being triggered can be sufficient to give rise to a national security risk):

  • Target risk: this concerns whether the target of the qualifying acquisition (the entity or asset being acquired) is being used, or could be used, in a way that poses a risk to national security
  • Acquirer risk: this concerns whether the acquirer has characteristics that suggest there is, or may be, a risk to national security from the acquirer having control of the target
  • Control risk: this concerns whether the amount of control that has been, or will be, acquired through the qualifying acquisition poses a risk to national security (a higher level of control may increase the level of national security risk)

Scope of the regime

The Act introduced a mandatory notification regime applicable to any notifiable acquisitions that take place across 17 key sectors, the definitions of which have been set out in the National Security and Investment Act 2021 (Notifiable Acquisition) (Specification of Qualifying Entities) Regulations 2021:

  • Advanced materials
  • Advanced robotics
  • Artificial intelligence
  • Civil nuclear
  • Communications
  • Computing hardware
  • Critical suppliers to government
  • Cryptographic authentication
  • Data infrastructure
  • Defence
  • Energy
  • Military and dual-use
  • Quantum technologies
  • Satellite and space technologies
  • Suppliers to the emergency services
  • Synthetic biology
  • Transport

In addition, a voluntary notification regime applies to transactions in any other sector where the government’s call-in power would apply (see below).

Mandatory notifications

Mandatory notification of transactions to the government’s Investment Security Unit (ISU) will be required under the NSI Act where:

  • The target is a "qualifying entity", broadly any entity carrying on activities in the UK, or supplying goods or services to persons in the UK
  • The qualifying entity (or subsidiaries of that entity) undertakes activities in the UK within any of the above 17 sectors
  • The acquirer acquires or enhances its control of the entity to or above 25% of shares or voting rights (or increases the percentage of shares/votes in the entity to more than 50% or 75%); or acquires voting rights in the entity that enables it to secure or prevent the passage of any class of resolution governing the entity's affairs

It is important to note that the NSI Act also covers internal restructurings even where the ultimate group parent remains the same post-completion as pre-completion. 

Before the transaction occurs, the acquirer will need to submit the notification to the ISU via a digital platform, setting out specified information about the transaction.

Voluntary notifications and call-in power

For certain transactions that fall outside the mandatory regime there is a voluntary notification regime and "call-in" powers.

The voluntary regime applies to qualifying transactions that fall outside the 17 sectors listed above, or are within the 17 sectors but where the trigger event falls short of the acquisition of a controlling shareholding and instead results from:

  • Acquiring a material influence over a qualifying entity's policy (this will generally follow the "material influence" concept referred to in the Enterprise Act and can cover acquisitions of a shareholding or voting right as low as 15% or even less depending on the circumstances)
  • Acquiring or enhancing a controlling right or interest in a "qualifying asset". A qualifying asset is defined as:
    • Land
    • Tangible moveable property
    • Ideas, information or techniques which have industrial, commercial or other economic value – this includes trade secrets, databases, source codes, algorithms, formulae, designs, plans, drawings and specifications and software; and can thus cover the mere acquisition of intellectual property rights

These "call-in" powers can be exercised at any time while a transaction is in progress or contemplation or, where completed, up to six months after the date the Secretary of State become aware of the non-notified transaction, provided that the trigger event occurred within five years of that date. Transactions in relation to which this call-in power applies can also be voluntarily notified by the buyer or seller/target, which may be done at any time when in progress or contemplation.

The call-in power also applies retrospectively to any notifiable transactions potentially raising national security concerns that were completed in the period between the introduction of the Bill for the NSI Act on 12 November 2020 and the commencement of the new regime.


The NSI Act has extraterritorial reach, as it applies to acquisitions of any entity, including non-UK entities based overseas, if that entity has activities in the UK or supplies goods/services to persons in the UK. Assets situated outside the UK can be in-scope for the "call-in" power (or voluntary notification) if the assets are used in connection with activities carried on in the UK; or used in connection with the supply of goods or services to entities in the UK. 

Interaction with the CMA

Whilst the new national security regime is separate to the regular merger control regime under the Enterprise Act, there is certain interaction between the two regimes, as transactions may engage both. The government has stated an intention that, where a transaction engages both regimes, any national security remedies will be aligned with competition remedies and that timetables will be aligned to the extent possible within the statutory framework to achieve this.  The interaction between the national security regime and CMA’s merger control regime is covered in more detail in a Memorandum of Understanding.


Both mandatory and voluntary notifications are made to the ISU via a digital portal. Notified transactions will either be cleared to proceed or "called in" within 30 working days of acceptance of the notification. If "called in", the Secretary of State have a further 30 (or 45 if extended) working days to assess the transaction for any potential national security implications. In practice, the exercise of information gathering powers, which has the effect of pausing the statutory timetable, could also further extend the total investigation period.

Once the Secretary of State initiates the assessment, interim orders can be imposed to prevent any national security risks being realised during the course of the assessment period.

After the assessment is concluded, the Secretary of State must issue its final order, either:

  • Clearing the transaction, or
  • Where a national security risk has been found to arise:
    • Blocking a transaction (or requiring unwinding), or
    • Imposing conditions to address that risk, which may be "structural" and/or "behavioural", for example:
      • Restrictions on access to sensitive sites or confidential information
      • Requiring transfers of intellectual property
      • Compliance or monitoring requirements

Unlike the merger control regime, parties are not able to offer undertakings to obtain clearance under the NSI Act.

Sanctions for non-compliance

Completing a transaction that requires mandatory notification without prior approval is an offence under the NSI Act, implicating both the acquirer in question and its officers. Sanctions include the transaction being void; a fine of up to 5% of global turnover; and/or imprisonment for up to five years. Offences may be committed by conduct that occurs inside or outside the UK, irrespective of the offender’s nationality or, if a body, country of formation or recognition. Any penalty notice under the NSI Act can be appealed to the High Court within 28 days of receipt of the notice.

Given the new regime’s mandatory notification requirements, the potential sanctions involved and the close scrutiny that notifiable transactions will face, particularly for deals taking place in the 17 key sectors, businesses should be aware of the new rules and seek legal advice in relation to transactions that risk falling within the wide scope of the NSI Act.

Contact our experts for further advice

Search our site