Telecoms, data and payments M&A

Mergers and acquisitions in the telecoms, data, and payments sectors involve regulatory dimensions that general corporate lawyers do not routinely encounter. Spectrum licences, Ofcom general conditions, FCA authorisations, data protection registrations, and contractual counterparty consents all require specialist attention during the transaction process. A failure to address these regulatory requirements can delay completion, reduce value, or create post-completion compliance risk.

bratby.law advises buyers, sellers, investors, and management teams on M&A transactions across all three of our sector specialisms. Our managing partner has acted as in-house General Counsel on the buy-side and sell-side of telecoms and technology transactions and brings practical commercial judgment to the regulatory issues that arise in these deals.

Regulatory due diligence

Regulatory due diligence in telecoms, data, and payments M&A goes beyond reviewing the target’s contracts and financial position. The key regulatory workstreams include:

For telecoms targets: verification of Ofcom General Conditions compliance (particularly GC A1 notification obligations), review of spectrum licences and their transferability under the Wireless Telegraphy Act 2006, assessment of Electronic Communications Code rights and wayleave agreements, review of interconnection agreements and any Significant Market Power (SMP) obligations imposed by Ofcom under sections 87 to 91 of the Communications Act 2003, and assessment of compliance with the Telecommunications (Security) Act 2021 and the ECSM Regulations 2022.

For data-intensive targets: assessment of UK GDPR compliance, review of data processing agreements and controller/processor relationships under Article 28, evaluation of international data transfer mechanisms (including adequacy decisions, IDTAs, and Binding Corporate Rules under Article 47), review of data protection impact assessments under Article 35, and assessment of ICO enforcement history and any ongoing investigations.

For payments targets: review of FCA authorisation status under the Payment Services Regulations 2017 (PSRs 2017), assessment of safeguarding arrangements under regulation 23, evaluation of compliance with the Consumer Duty (PS22/9), review of anti-money laundering and financial crime controls, and assessment of operational resilience under the FCA’s SYSC 15A framework.

Transaction structuring and regulatory approvals

The structure of the transaction determines which regulatory approvals and notifications are required. Share acquisitions in the telecoms sector may trigger the National Security and Investment Act 2021 (NSI Act) notification obligation, as communications is a specified sector under the NSI Act regulations. The Investment Security Unit (ISU) within the Cabinet Office assesses whether the acquisition gives rise to national security concerns. Mandatory notification is required where the acquirer gains control (25%, 50%, or 75% thresholds) of a qualifying entity that meets the specified conditions.

For payments targets, a change of control may require FCA prior approval under PSRs 2017 regulation 7 (for authorised payment institutions) or regulation 14 (for registered small payment institutions). The FCA assesses the suitability of the proposed new controllers against the criteria in regulation 7(4), including financial soundness, reputation, and the risk of money laundering or terrorist financing. Processing times for change of control applications are typically 60 working days, and this must be factored into the transaction timetable.

Competition clearance under the Enterprise Act 2002 may also be required where the transaction meets the turnover test (target turnover exceeds GBP 70 million) or the share of supply test (combined share of supply of 25% or more in the UK). The Competition and Markets Authority (CMA) operates a voluntary notification regime, but completing without clearance risks a post-completion investigation and potential unwinding of the deal.

SPA provisions for regulated targets

Share purchase agreements for regulated targets require sector-specific warranties, indemnities, and conditions precedent. Standard warranties on regulatory compliance must be supplemented with warranties specific to the target’s regulatory regime: Ofcom notification status, spectrum licence conditions, FCA authorisation scope, safeguarding compliance, and data protection registration.

Conditions precedent must address regulatory approvals: NSI Act clearance (where applicable), FCA change of control approval, CMA clearance, and any consent requirements under the target’s material contracts (including interconnection agreements and spectrum licences). The allocation of regulatory risk between buyer and seller, particularly for pre-completion regulatory breaches and ongoing investigations, requires careful drafting.

Post-completion undertakings may include regulatory integration obligations, notification requirements to Ofcom and the FCA, and transitional service arrangements for shared regulatory infrastructure (such as interconnection gateways, payment processing systems, or shared data processing facilities).

How bratby.law helps

bratby.law provides specialist regulatory input to M&A transactions in the telecoms, data, and payments sectors. We work alongside the lead corporate team (whether an in-house legal team or an external law firm) to address the regulatory dimensions of the deal. Our work includes:

• Regulatory due diligence on telecoms, data protection, and payments compliance
• NSI Act notification assessment and preparation for telecoms and communications targets
• FCA change of control applications for payment institution and EMI acquisitions
• Drafting and negotiating sector-specific warranties, indemnities, and conditions precedent
• Spectrum licence transfer advice under the Wireless Telegraphy Act 2006
• Post-completion regulatory integration planning, including Ofcom and FCA notifications
• CMA merger control assessment for telecoms and payments markets

Book a call

For specialist regulatory input to an M&A transaction in the telecoms, data, or payments sectors, book a call with Rob Bratby.

FAQs

Do I need NSI Act clearance for a telecoms acquisition?

Communications is a specified sector under the National Security and Investment Act 2021. Mandatory notification to the Investment Security Unit is required where the acquirer gains control of a qualifying entity that carries on specified activities, including the provision of public electronic communications networks or services. The ISU has a 30 working day initial assessment period, extendable if a full assessment is required. Completing without mandatory notification where required is a criminal offence and the transaction is void.

What regulatory approvals are needed to acquire a payment institution?

A change of control of an FCA-authorised payment institution requires prior FCA approval under PSRs 2017 regulation 7. The application must demonstrate that the proposed controllers are fit and proper, financially sound, and do not pose a money laundering or terrorist financing risk. The FCA has 60 working days to assess the application. Acquiring control without prior approval is a regulatory breach and may lead to enforcement action, including revocation of the target’s authorisation.

How does data protection affect M&A transactions?

Data protection affects M&A at every stage. During due diligence, the buyer must assess the target’s GDPR compliance, data processing agreements, international transfer mechanisms, and ICO enforcement history. The due diligence process itself involves sharing personal data and may require a lawful basis under Article 6. Post-completion, the buyer must address data integration, update privacy notices, and ensure continued compliance with the target’s data protection obligations. Where the target processes large volumes of personal data, a data protection impact assessment of the integration plan may be required.

Can spectrum licences be transferred on a share sale?

On a share sale, the spectrum licences remain with the target company and are not technically transferred. However, a change of control of the licence holder may trigger conditions in the licence or require notification to Ofcom. On an asset sale, spectrum licences must be transferred or traded under the provisions of the Wireless Telegraphy Act 2006 and Ofcom’s spectrum trading regulations. The transferability of a licence depends on its class and any specific conditions attached to it. Ofcom consent may be required for certain licence transfers.

Related transactions pages

See also our other transactions pages:

• SaaS and Cloud Services
• Private equity
• Subsea cables
• MVNOs and MVNEs
• Interconnection, peering and access agreements
• Network sharing and co-location agreements
• Data commercialisation and licensing
• Digital Infrastructure Projects

Specialist Co-Counsel for Law Firms

bratby.law is regularly instructed as co-counsel to City, US and international law firms seeking sector-specific insight.
We provide concise, high-value input on:

• Telecoms and spectrum regulation in UK and EU markets.
• AI and data governance in technology acquisitions.
• Sector reports and due diligence summaries for lenders, sponsors and investors.
• Regulatory submissions and notifications to Ofcom, NSIA and other authorities.

See also: Am I regulated? and Authorisation and Licensing.

Our role is collaborative and efficient — designed to complement the lead firm’s corporate and finance advice.

Independent directory rankings

Our specialist expertise is recognised in major independent legal directories:

• Chambers & Partners: Rob Bratby is ranked in the UK Guide 2026 in the “Telecommunications” category: Chambers
• The Legal 500: Rob Bratby is listed as a “Leading Partner – Telecoms” in London (TMT – IT & Telecoms): The Legal 500
• Lexology: Rob Bratby is featured on Lexology’s expert profiles (Global Elite Thought Leader): Lexology

What clients say about bratby.law