The U.K.'s National Security and Investment Bill currently working its way through Parliament represents a major shift in the U.K. government's approach to screening investments for national security risk.
Once enacted, the new legislation will bifurcate the screening of national security risks from the remit of the U.K. merger control regime and grant the Department for Business, Energy and Industrial Strategy, or BEIS, broad new powers to review — and in some instances block — transactions that could undermine U.K. national security.
The U.K. government presented the bill to Parliament in November 2020. It is expected to obtain Royal Assent in May 2021, with its commencement to follow later this year.
A notable aspect of the bill is that it will impose a mandatory notification requirement on parties to certain acquisitions involving sensitive industrial sectors. BEIS has identified 17 sectors that it considers to present the highest risk from a national security perspective, and certain acquisitions involving entities operating in these sectors will require parties to notify and obtain approval from BEIS prior to completion.
Parties who are obligated to take these steps but fail to do so will not be able to close the relevant transaction.
Concurrent with the publication of the bill, BEIS published draft definitions for each of the 17 high-risk sectors and subsequently ran a public consultation seeking input on the proposed definitions. Following extensive feedback from law firms, industry participants and government agencies, BEIS published a consultation response on March 2 that sets out revised — but not final — definitions of the high-risk sectors.
BEIS narrowed the high-risk sector definitions.
The updated high-risk sector definitions are narrower than the initial definitions. In the consultation response, BEIS explained that it "significantly narrowed the definitions of the acquisitions within the 17 sectors proposed as within scope of the mandatory regime." BEIS took this step to "ensure that the regime is targeted and proportionate" such that the high-risk sectors only cover the most sensitive industrial areas.
Key examples illustrating how the definitions have been narrowed include:
- The revised "artificial intelligence" sector definition only covers three specific AI applications: (1) the identification of objects, people and events; (2) advanced robotics; and (3) cyber security. The original definition did not contain such a limitation.
- The amended "communications" sector definition is limited to public electronic communication networks and services. The initial definition covered entities that provided either public or private electronic communications networks, and their associated facilities.
- The updated "critical supplier to government" sector definition removed several criteria in the initial definition, including: (1) processing and storing of personally identifiable information; (2) the collection, distribution or handling of government monies; and (3) the provision of energy and fuel supplies to government. BEIS also limited this definition to entities that enter into direct contracts with relevant government agencies. The initial definition covered direct government contractors and subcontractors as well.
- The new "synthetic biology" sector — referred to as "engineering biology" in the initial consultation — expressly carves out certain areas, including DNA synthesis and bioremediation, which were within scope of the initial definition.
These changes will reduce the number of trigger events that require filings. As a result, BEIS should be able to carry out more efficient reviews of trigger events that remain subject to the mandatory notification regime.
BEIS moved to more specific criteria.
In the revised definitions, BEIS moved away from general and potentially ambiguous terms — e.g., "state of the art," "significant," "tiny sensors," "functional capability," "provides support," "operational," "critical," etc. — and replaced them with more specific criteria.
Along the same lines, where possible, BEIS has altered the definitions to reference recognized industry terms and concepts from other legislation, as opposed to novel criteria.
BEIS has made some relevant criteria less subjective as well. For example, the initial definition of "critical supplier to government" would have required parties to assess whether an entity which stopped providing goods or services pursuant to a government contract could "result in a detrimental impact on the availability, integrity of delivery of government services, or an adverse impact on national security."
The new definition simply obligates parties to consider whether an entity holds a public contract with government that meets the specified criteria.
The revised definitions also cross-refer to other legislation to clarify and to harmonize the definitions of certain terminology, such as "contracting authority" and "network and information systems."
Similarly, BEIS revised the "communications" definition to include objective thresholds. The revised definition contains a new monetary turnover threshold of £50 million for entities operating within this sector. Entities with less revenue will be excluded from this sector.
BEIS further clarified the new definition by: (1) referencing criteria contained in the Communications Act 2003; and (2) expressly listing a number of businesses that are within scope, such as providers of submarine cable systems and cable landing stations.
The shift to more objective criteria is expected to aid parties in assessing whether a trigger event fits within one or more high-risk sectors. Consequently, the revised definitions should reduce — but not eliminate entirely — borderline or ambiguous situations, which should result in parties submitting fewer defensive notifications to BEIS.
The revised definitions are not final.
The revised high-risk sector definitions are not final definitions. The consultation response makes clear that BEIS is considering altering certain definitions — e.g., communications — and will alter other definitions — e.g., critical suppliers to the emergency services, energy, quantum technologies.
The final definitions for the high-risk sectors eventually will be published through secondary legislation after the bill is passed, but before it comes into force. Along with these final definitions, BEIS will publish several other statutory instruments over the coming months to provide further details of the new regime.
The revised definitions for the high-risk sectors provide for narrower, more objective and detailed definitions. These changes clarify the high-risk sector definitions and will make it easier for parties to assess whether a transaction requires mandatory notification, which is critically important given the severe consequences of a failure to do so when required.
Marcus Thompson and Mike Casey are partners, and Jack Davies is an associate, at Kirkland & Ellis LLP.
Kirkland trainee solicitors Georgia Cooper-Dervan and Brian Ramamoorthy contributed to this article.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
 The high-risk industrial sectors comprise: Advanced Materials; Advanced Robotics; Artificial Intelligence; Civil Nuclear; Communications; Computing Hardware; Critical Suppliers to Government; Critical Suppliers to the Emergency Services; Cryptographic Authentication; Data Infrastructure; Defense; Energy; Military and Dual-Use; Quantum Technologies; Satellite and Space Technologies; Synthetic Biology; and Transport.