Skip to main content

It’s a matter of national security

The need to gain national security approval for corporate transactions is nothing new in many countries—and it makes sense that governments would want to avoid the possible influence in their economies of malign state and non-state actors. And the UK is joining the ranks by introducing new wide-ranging national security legislation with effect from 4 January. 

Seek permission now because there’s no forgiveness after

The M&A market is strong – our Deloitte Insights team found that a record $40bn of deals were announced just in the first week that news of a COVID-19 vaccine was reported, and it has been strong ever since. In some jurisdictions, seeking approval from a government body is part of the process, but many businesses may not be aware of the new law – or least the details of it - coming into force in the UK on 4 January 2022. The National Security and Investment Act 2021 requires that businesses submit themselves to the relevant UK authorities for approval before they proceed with their qualifying transaction. 

Broadly the new legislation will apply to any acquisition of “material influence” in a company (i.e., well below the level of control) as well as the acquisition of control over assets (including land and intellectual property), which potentially gives rise to national security concerns in the UK. 

Unusually for national security legislation, the UK version is agnostic as to the “nationality” of the target entity; it could potentially bite on an acquisition by a UK company of a UK group. Equally, it could also apply where the buyer and the target entity are outside of the UK, so long as the target group has a UK connection.   

The legislation, by design, does not attempt to define the concept of “national security”, thereby affording much discretion to the Secretary of State in vetting deals. The legislation focuses on 17 sectors of the economy which includes AI, communications, and cryptographic authentication, and parties will have to seek approval before completing a qualifying transaction in any of these sectors. 

The consequences of not complying are particularly severe.  Not only could the transaction be treated as being void, but fines of up to 5% of worldwide turnover or £10 million (whichever is the greater) could be imposed and/or imprisonment of up to 5 years. 

 Controversially, the Secretary of State has the ability to retrospectively “call in” transactions that completed between November 2020 and the date the new law comes into force.  This has caused some concern and illustrates quite how seriously the government is taking UK national security threats. 

Tangled up in legal red tape 

The new national security regime will inevitably add to the workloads of General Counsel of corporates doing M&A transactions. They will need to consult very early in the M&A process with their internal corporate development teams and external advisors to determine if a potential M&A transaction is in scope and, if so, what effect this might have on the deal timetable.    

The parties to the transaction will also need to consider how to allocate risks and costs between them if the transaction is not approved or otherwise subject to conditions. 

Add to the M&A checklist

In the short to medium term, GCs will need to create, or at least update, their organisation’s M&A procedures or playbook to reflect the new legislation. This may include: 

  • Updating due diligence information request lists (IRLs) to include specific questions addressing UK national security. 
  • Setting out new, or updated, procedures for internal approval for any proposed corporate transaction that might be impacted by the new legislation.
  • Identifying transaction “triggers” and setting out an internal escalation process, to mitigate the risk of a deal completing without any K national security analysis.
  • Setting out “red lines” for the organisation in terms of how much execution risk it is willing to take on a deal which raises UK national security concerns. 

Large corporate groups that routinely engage in cross-border M&A will be adept at dealing with local regulatory (including national security) requirements, but this is yet another item to add to the checklist. 


Author: Glafkos Tombolis - Partner, Deloitte Legal UK