National Security and Investment Act 2021: An Update

read time: 9 mins

The National Security and Investment Act 2021 (the "Act") has been in effect for almost 9 months now, and following further guidance issued by the Department for Business, Energy and Industrial Strategy ("BEIS") and the issue of a few call-in notices and final orders  under the Act, the implications of the Act and how it might affect the healthcare sector are becoming clearer.

Executive summary

The Act introduced stronger regulatory powers for the UK government with regard to any investment in or acquisition of any company with UK operations or any assets used in connection with such operations which may give rise to national security concerns. Given the broad range of powers granted to the Secretary of State for Business, Energy and Industrial Strategy (the "SoS") to intervene in transactions to protect national security, and the fact that “national security” is not defined, questions were initially raised as to what effect the Act would have on transactions in practice, and how the SoS would exercise his new powers.

It has become apparent that:

  • the potential requirement for clearance and the potential risk of intervention need to be dealt with early in transactions involving many parts of the UK healthcare sector, particularly in the case of businesses harnessing artificial intelligence, focusing on synthetic biology or supplying emergency services;
  • despite any requisite notification being an obligation of the investor or acquirer, any notification requires close collaboration between the parties (at that early stage); and
  • in the case of most transactions, the Investment Security Unit at BEIS is processing submissions quickly, providing clearance within 30 working days (or sometimes a shorter period) of accepting the notification and responding to requests for informal guidance.   

How does the act operate?

For a more detailed overview as to the Act's operation, please see our useful guide here.

Broadly, the Act will apply where certain 'trigger events' occur in relation to (i) an entity which is formed, carries on activities or supplies goods and services in the UK or (ii) land, other tangible property or intellectual property in, or used in connection with activities or the supply of goods and services in, the UK (or arrangements in contemplation will result in such an event taking place), and the event may give rise to a risk to national security.

These trigger events in relation to an entity are the acquisition of:

  1. more than 25% of the shares or votes in the entity;
  2. more than 50% of the shares or votes in the entity;
  3. more than 75% shares or votes in the entity;
  4. voting rights in the entity that enable an investor to prevent the passage of any class of resolution governing the entity; or
  5. a right or interest which enables the person to materially influence the policy of a qualifying entity.

The trigger event in relation to an asset is acquiring a right or interest in the asset that enables the acquiror:

  1. to use the asset, or use it to a greater extent than prior to the acquisition; or
  2. to direct or control how the asset is used, or direct or control how it is used to a greater extent than prior to the acquisition.

Where a qualifying entity operating within one (or more) of 17 'key sectors' is subject to the trigger events set out in 1 – 4 above, it is likely that a mandatory notification to the Investment Security Unit ("ISU") will be required to be made.

Where a qualifying entity is subject to trigger events 5 - 7 set out above, a voluntary notification may be made to the ISU to flush out whether the SoS will decide to take any action in relation to that transaction. A voluntary notification can be made for parties to gain transactional certainty – to get confirmation from the SoS that they will not 'call in' the transaction or take enforcement action in the interests of national security.

The ISU has up to 30 working days to assess notifications, and on review such notifications may be 'called-in' for further review, extending the period further.

The burden of making a notification falls upon the acquirer or investor. Completing a notifiable acquisition without SoS approval will mean the acquisition is void. An investor or acquirer which completes a notifiable acquisition without SoS approval may also commit an offence, and officers (e.g. directors) may also commit offences in this respect and be subject to criminal sanctions.

The SoS has wide powers to reduce the impact of the transaction on 'national security'. Typically, such powers may be expected to be exercised in reducing the shares/voting rights being granted to an acquirer/investor or preventing the deal from occurring.

Whilst the Act applies to acquirers from within the UK or internationally, it is generally regarded as being designed for the purposes of regulating foreign investment, conferring powers akin to those of the Committee on Foreign Investment in the United States (CFIUS).

How is the Act affecting transactions?


Parties involved in healthcare transactions, and UK transactions generally, are becoming more aware of the impact of the Act, and questions regarding whether a transactions will be within the purview of the Act are being introduced earlier in the transaction timeline. The main sectors of concern are usually artificial intelligence, focusing on synthetic biology or supplying emergency services; providers of social care, for example, are less likely to be caught. Ultimately, assessing whether a particular target business conducts activities that may fall into the scope of the Act and in particular into one of the key sectors designated under it (and are therefore subject to the notification and/or potential enforcement procedures) can be difficult, and a concrete answer as to whether a transaction is in the Act's scope is often not possible to ascertain.

For example, the definition of synthetic biology includes (but is not limited to) the design and engineering of biological-based parts of enzymes. However, the Act excludes from its scope qualifying entities carrying out activities in industrial biotechnology research, development and production using enzymes that have not been modified through the application of systematic bio-design techniques. No further guidance is given as to what 'modification' or 'systematic biodesign techniques' might involve, and so assessing whether a qualifying entity involved in the use of enzymes is operating in a key sector can lead to issues of interpretation. The definition of what constitutes artificial intelligence is also highly technical.

Accordingly, questions about the impact of the Act are being raised as early as the heads of terms stage in a transaction so that buyers or investors, the target company and their respective legal advisers can assess the bearing of the Act on the transaction and act accordingly, with the benefit of having the time available to make a notification (and waiting the subsequent 30 working days for the ISU to respond) with minimal impact on the transaction timeline. The risk can, on some deals, be managed through a split exchange and completion, whereby terms are agreed and documents signed with completion subject to confirmation from the ISU that no further action will be taken by the SoS in relation to that transaction.


The Act can create a dilemma in that the burden of the notification process falls on the acquirer or investors, but they are reliant on the information provided by the target as to its operations. A qualifying entity may consider that its healthcare or life sciences work is outside the scope of the Act, but may have not engaged adequate resource to assess whether that view is accurate. The burden may then fall on the investor/acquirer to try to confirm this assessment. To address this imbalance, investors or acquirers may issue a specific questionnaire to the target entity, to ascertain the activities of the entity and probe whether its management has properly considered in the scope of the Act. The acquirer/investor will then require warranties as to the responses to that questionnaire, so in the event that the transaction is called in by the ISU, such an acquirer / investor may have some recourse by way of a claim for breach of warranty.

In those circumstances it's beneficial for both sides to discuss, in detail, the activities of the qualifying entity and where such activities fall, or may fall, within the scope of the Act. Parties can collaborate to form a view as to whether a notification is required and if so as to what the contents of the notification should be, drawing on their and their advisers’ sector knowledge and insight.

For businesses in and involved with the healthcare sector, it's also important to note that, whilst the most obvious features that may bring your business into the purview of the Act are a focus on AI, the emergency services or synthetic biology, the extent of other key sectors such as defence (whereby suppliers and sub/contractors to Ministry of Defence locations may fall under the scope of that key sector) or “critical suppliers to government” is such that their scope may be broader than may be considered initially. A qualifying entity may be potentially active in multiple key sectors, and more recent guidance issued by BEIS notes that notifications are being rejected for giving incomplete responses to queries as to which key sectors are relevant to a notification.

How has the Act been enforced?

As at the date of writing, 9 transactions have been called in for a full national security assessment by the SoS under the Act, and 6 of these transactions have been subject to 'final orders' (which set out the SoS's reasons for exercising his powers). None of the transactions have been identified as relevant to the AI, supply to emergency services or synthetic biology key sectors.

Given the inevitable nuances of each transaction that has been called in, it is unsurprising that there does not appear to have been a 'blanket' approach applied by the SoS. Investments, share acquisitions and asset purchases have all been called-in pursuant to the Act, involving acquirers from the Czech Republic, France and China (amongst others).

The enforcement action taken by the SoS has also been varied as a result, from taking no further action in relation to Altice Europe's investment in BT Group which took their shareholding from 12% to 18%, subjecting the acquisition of Reaction Engines Limited by an Emirati based acquirer to certain provisions to mitigate the risk to national security, and preventing the acquisition of intellectual property from the University of Manchester by a Chinese based purchaser. The SoS has proved to be as willing to apply restrictions on transactions (which they have done on two transactions to date) as to preventing transactions (which they have also done on two transactions to date), and so no overall consistent approach to the majority of transactions has been demonstrated.

The SoS's actions so far demonstrate the breadth of powers available to the SoS, and that the SoS is willing to exercise these. Acquirers, investors and qualifying entities should be alert to the risk of their proposed transaction either being prevented outright, or being restricted to a degree which may make the commercial outcome a far different proposition than originally envisaged.

For more information on this article, please contact Charles Davies.

Sign up for legal insights

We produce a range of insights and publications to help keep our clients up-to-date with legal and sector developments.  

Sign up