New UK foreign investment law to impact telecoms, digital and data transactions


By the end of 2021, many corporate transactions in the communications, data infrastructure, artificial intelligence, satellite and space technologies sectors (and some others) will be subject to mandatory notification to, and national security review by, the UK government.

Implementation timetable

The National Security and Investment Act 2021 (“Act“) became part of UK law on 29 April 2021, but has not yet been brought into force pending finalisation of statutory instruments (secondary legislation) addressing:

  • definitions of sectors and activities requiring mandatory notification
  • the form and content required for mandatory and voluntary prior notifications
  • the form and content required for retrospective notifications
  • procedure for service of notices and other documents
  • commencement date, transitional and saving provisions

The Goverment will also publish a final statement of policy intent relating to the discretionary exercise of its “call-in” power before the Act comes into force.

Whilst no firm date has been set, the Government says that its aim is to bring the Act into force by the end of 2021.

Which transactions will be in-scope?

Transactions will be within the scope of the Act if they involve a ‘trigger event‘ related to either a ‘qualifying entity‘ and/or ‘qualifying assets‘.

What is a trigger event?

The Act defines a ‘trigger event‘ as a person (‘the acquirer‘) acquiring control of a qualifying entity and/or qualifying asset.

What is gaining control?

Section 8 of there Act sets out that ‘a person gains control of a qualifying entity if the person acquires a right or interest in, or in relation to…’:

  • the percentage of shares in the qualifying entity held by the acquirer increasing to more than 25%, 50% or 75%
  • the percentage of voting rights in the qualifying entity held by the acquirer increasing to more than 25%, 50% or 75%
  • the acquisition of voting rights in the qualifying entity enabling the acquirer (whether alone or together with other voting rights it holds) to secure or prevent the passage of any class of resolution governing the affairs of the entity; and/or
  • The acquirer being able to exercise material influence over the qualifying entity’s policy.

Section 9 of the Act sets out that “a person gains control of a qualifying asset if the person acquires a right or interest in, or in relation to, the asset and as a result the person is able

  • to use the asset, or use it to a greater extent than prior to the acquisition
  • to direct or control how the asset is used, or direct or control how it is used to a greater extent than prior to the acquisition.

What is a qualifying entity?

The definition of a ‘qualifying entity’ (in Section 7 of the Act) is very broad being “any entity, whether or not a legal person, that is not an individual, and includes a company, a limited liability partnership, any other body corporate, a partnership, an unincorporated association and a trust.”

This includes all UK entities and non-UK entities if they either:

  • carry on activities within the UK; and/or
  • supply good or services in the UK.

What is a qualifying asset?

‘Qualifying asset’ is defined in Section 7 of the Act as land, moveable property and/or and ideas, information or techniques which have industrial, commercial or other economic value which may include:

  • trade secrets
  • databases
  • source code
  • algorithms
  • formulae
  • designs
  • plans, drawings and specifications
  • software

What do I have to do if my transaction is within the scope of the Act?

Potential acquirers of qualifying entities should first assess whether the proposed transaction is subject to mandatory notification. Even if it is not subject to mandatory notification acquirers will then want to consider whether and when to make a voluntary notification (to provide certainty that the transaction will not later be ‘called in’) or whether to make no notification.

Mandatory notification

Mandatory notification (and non-completion prior to approval) is required for transactions:

  • in which the qualifying entity is undertaking particular activities in the UK within a specified high-risk sector:
    • Advanced Materials
    • Advanced Robotics
    • Artificial Intelligence
    • Civil Nuclear
    • Communications
    • Computing Hardware
    • Critical Suppliers to Government
    • Critical Suppliers to the Emergency Services
    • Cryptographic Authentication
    • Data Infrastructure
    • Defence
    • Energy
    • Military and Dual-Use
    • Quantum Technologies
    • Satellite and Space Technologies
    • Synthetic Biology
    • Transport
  • AND, the acquirer gains control by either:
    • increasing the percentage of shares (or votes) that it holds in the entity to more than 25%, 50% or 75%; or 
    • acquiring voting rights in the entity that enable it to secure or prevent the passage of any class of resolution governing the entity’s affairs

The Government is still consulting on the detailed sector definitions – current drafts for telecoms and data infrastructure are set out below.

Draft Communications Sector Definition

The draft Communications Sector definition includes:

  • providers of public electronic communications networks or services by entities with relevant annual UK turn-over exceeding £50 million
  • the provision of associated facilities for relevant UK providers of public electronic communications networks or services, except hosting cables
  • providers of electronic communications networks or services by means of a submarine cable system or the making available of a cable landing system for connectivity to a public electronic communications network or service
  • the provision of a top-level domain registry service servicing more than 14 billion UK queries in an 168 hour period
  • providing a domain name system resolver service which services 500,000 or more different Internet Protocol addresses used by persons in the United Kingdom in any consecutive 168-hour period or providing a domain name system authoritative hosting service servicing 100,000 or more domains registered to persons with an address in the United Kingdom
  • providing an internet exchange point with a market share exceeding 30% in the UK
  • involved in the supply chain for public electronic communications networks or services or international cables.

Draft Data Infrastructure Sector Definition

The draft Data Infrastructure Sector definition includes:

  • owning or operating relevant data infrastructure, being infrastructure used:
    • for any other critical sector
    • by public communications providers for peering, interconnection or exchange of digital data
    • for connecting international cabling routes
  • managing relevant data infrastructure on behalf of other entities
  • managing facilities where relevant data infrastructure is located
  • providing specialist or technical services to entities above which gives the entity providing those specialist or technical services physical access to relevant data infrastructure
  • providing services where the provision of such services gives the entity providing those services administrative access to relevant data infrastructure and/or producing or developing software designed for use in those services which configures or manages the provision of administrative access.

Voluntary notification / no notification

If a proposed transaction does not fall within the mandatory notification regime, then the transaction can proceed to close without approval.

However, the UK Government has the power to ‘call-in’ for review any non-notified transaction that has happened in the prior five years within 6 months of the transaction becoming public, and then impose appropriate remedies – which could involved a forced sale.

As a result, parties may wish to make voluntary notifications to provide commercial certainty. There is flexibility since the regime allows for voluntary notifications both pre- and post- completion, although it is likely that most voluntary notifications will be made on signature before completion.

Substantive assessment of notified transactions

Making the notification

Notifications should be made by the potential acquirer to the newly formed Investment Security Unit (“ISU“). The form of notification is yet to be finalised, but will include:

  • who is notifying
  • a description of the proposed transaction, including
    • the parties involved
    • the key terms of the acquisition and trigger event including:
      • details of the controlling ownership structure for the acquired target before and after the transaction
      • how material influence is being acquired
      • the ownership chain of the target
      • anticipated completion date
      • whether the transaction has been notified to any other UK regulators
    • a description of the entity (or asset) being acquired, including its activities and sectors and whether any technology owned has military application
    • details of the controlling ownership structure of the acquirer, including the aggregate percentage of any beneficial ownership by investors by nationality, and details of whether any government (other than the UK government) has a direct role in the operation or decision-making of the acquirer
    • any other information that the notifying parties consider may be relevant to the Secretary of State’s assessment of the notification

Notification and review process

Accept/reject: On receipt of a notification, the ISU will assess whether a notification contains all required information and accept or reject on that basis.

30 working day initial screen: Once accepted, a notification enters an initial 30 working days screening process. Before the end of this period the Government must decide whether to clear the proposed transaction or exercise its ‘call in’ power and undertake a full national security assessment.

Called in’ National Security Assessment: If a transaction is not cleared following the initial screen, the ISU will the co-ordinate a full national security assessment. There is a further 30 working day assessment period, which may be extended by 45 working days (or, by agreement, longer) after which the Government must decide whether to approve the transaction or make an order imposing remedies.

In practice, these are not hard deadlines, as the clock is stopped for so long as there are unanswered outstanding information gathering requests.

Basis of review

The Act gives the UK government wide discretion in undertaking a national security review. Whilst not binding, the draft Statement of Policy Intent indicates that reviews will consider:

  • the target risk – the nature of the target and whether it is in an area of the economy where the government considers risks more likely to arise
  • the trigger event risk – the type and level of control being acquired and how this could be used in practice
  • the acquirer risk – the extent to which the acquirer raises national security concerns.