Notice

National Security and Investment Act 2021: Statement for the purposes of section 3 - 2021 version

Updated 21 May 2024

This is a previous version of the section 3 statement, which was published in November 2021 ahead of the NSI Act’s commencement. Following the 2023 NSI Call for Evidence, the Government published a refined section 3 statement in May 2024.

Introduction

1. This statement is made under section 3 of the National Security and Investment Act 2021 (‘the NSI Act’). It sets out how the Secretary of State expects to exercise the power to give a call-in notice. An acquisition can be called in for assessment if the Secretary of State reasonably suspects the acquisition has given, or may give, rise to a risk to national security or arrangements are in progress or contemplation which, if carried into effect, will result in an acquisition that may give rise to a risk to national security. The acquisition must also meet certain criteria to be a qualifying acquisition under the NSI Act. The Secretary of State may then clear the acquisition or, if necessary and proportionate, impose certain conditions, block or unwind it completely.

2. This statement gives as much detail as is possible on how the Secretary of State expects to use the call-in power, given the sensitivity of national security. The call-in power will be used solely to safeguard the UK’s national security and not to promote any other objectives. This statement must be reviewed by the Secretary of State every five years and may be reviewed more frequently.

3. This statement refers to ‘qualifying acquisitions’, which means those acquisitions that the Act defines as ‘trigger events’. It is hoped that this will aid readability and general understanding. See separate guidance on the scope of qualifying acquisitions.

National Security and Investment Act 2021 and the call-in power

4. The Act intentionally does not set out the circumstances in which national security is, or may be, considered at risk. This reflects longstanding government policy to ensure that national security powers are sufficiently flexible to protect the nation.

5. Each qualifying acquisition will be assessed on a case-by-case basis, taking account of all relevant considerations and with regard to the risk factors set out below. This applies to all qualifying acquisitions, whether they involve parties only within the UK or involve parties overseas.

6. The call-in power will not be used to interfere arbitrarily with investment. The UK has a proud record as one of the most open economies in the world and the Secretary of State’s use of the call-in power will not change that. The UK remains firmly open to investment and the government wants the UK to be the best place in the world to work and do business.

Areas of the economy in which qualifying acquisitions are more likely to give rise to a risk to national security and more likely to be called in

7. Qualifying acquisitions across the whole economy are in scope of the NSI Act but the call-in power may only be used in respect of qualifying acquisitions that the Secretary of State reasonably suspects give rise to or may give rise to a risk to national security. The NSI Act is not a system for screening all acquisitions in the economy.

8. Some qualifying acquisitions of target entities in the 17 areas of the economy listed below are subject to mandatory notification because of their particular sensitivity. As a result, such acquisitions are more likely to be called in, as the activities in which these entities are engaged are more likely to give rise to risks to national security.

9. The National Security and Investment Act 2021 (Notifiable Acquisition) (Specification of Qualifying Entities) Regulations 2021 (‘the Notifiable Acquisition Regulations’) describe these target entities and the activities in which they are engaged.

10. The 17 areas of the economy are:

a. Advanced Materials
b. Advanced Robotics
c. Artificial Intelligence
d. Civil Nuclear
e. Communications
f. Computing Hardware
g. Critical Suppliers to government
h. Cryptographic Authentication
i. Data Infrastructure
j. Defence
k. Energy
l. Military and Dual-Use
m. Quantum Technologies
n. Satellite and Space Technologies
o. Suppliers to the Emergency Services
p. Synthetic Biology
q. Transport

11. While not subject to mandatory notification, acquisitions of control through material influence over such target entities are also more likely to be called in.

12. In addition, qualifying acquisitions of entities which undertake activities closely linked to the activities in these 17 areas of the economy (for example, they are related to transport but are not within the definition of transport in the regulations) are more likely to be called in than those that are not closely linked.

13. Qualifying acquisitions which occur outside the above areas of the economy subject to mandatory notification are unlikely to be called in as national security risks are expected to occur less frequently in these areas.

14. Where a qualifying acquisition is not subject to mandatory notification, the parties may choose to notify the Secretary of State, so as to be certain whether the acquisition will be called in.

15. Parties should be aware that loans, conditional acquisitions, futures, and options are unlikely to pose a risk to national security and so are unlikely to be called in.

What the Secretary of State is seeking to protect by using the call-in power

16. The powers granted to the Secretary of State under the NSI Act seek to protect the UK’s national security and are one of many tools and pieces of legislation that do this. The government intentionally does not set out the exhaustive circumstances in which national security is, or may be, considered at risk. This is longstanding policy to ensure that national security powers are sufficiently flexible to protect the nation. Therefore nothing in this statement should be interpreted as a definition of national security.

17. The Secretary of State is likely to use the call-in power where there may be a potential for immediate or future harm to UK national security. This includes risks to governmental and defence assets (infrastructure, technologies and capabilities), such as disruption or erosion of military advantage; the potential impact of a qualifying acquisition on the security of the UK’s critical infrastructure; and the need to prevent actors with hostile intentions towards the UK building defence or technological capabilities which may present a national security threat to the UK. The call-in power will not be used when the acquisition of infrastructure or technological capabilities does not present a national security risk to the UK.

18. Under the Act, the call-in power can only be used for the purpose of dealing with risks to national security.

Factors the Secretary of State will take into account when deciding whether to exercise the call-in power

Risk Factors

19. Decisions on whether to exercise the call-in power will be made on a case-by-case basis. In order to assess the likelihood of a qualifying acquisition giving rise to a risk to national security (and therefore whether to call in the acquisition), the Secretary of State expects to consider primarily three risk factors, explained below.

20. The risk factors are:

a. Target risk

This concerns whether the target of the qualifying acquisition (the entity or asset being acquired) is being used, or could be used, in a way that raises a risk to national security.

b. Acquirer risk

This concerns whether the acquirer has characteristics that suggest there is, or may be, a risk to national security from the acquirer having control of the target.

c. Control risk

This concerns the amount of control that has been, or will be, acquired through the qualifying acquisition. A higher level of control may increase the level of national security risk.

21. The Secretary of State expects that, when calling in an acquisition, all 3 risk factors will be present, but does not rule out calling in an acquisition on the basis of fewer risk factors.

22. For most qualifying acquisitions, the overall consideration of these risks is expected to indicate a low risk to national security.

Risk factors explained

Target risk

23. The target of a qualifying acquisition is the qualifying entity or qualifying asset that has been or will be acquired. In assessing the target risk, the Secretary of State will consider what the target does, is used for, or could be used for, and whether that has given rise to, or may give rise to, a risk to national security. Assessment of the target risk may also involve consideration of any national security risks arising from the target’s proximity to sensitive sites.

24. The Secretary of State considers that qualifying entities which undertake activities in the 17 areas of the economy listed in paragraph 10, or closely linked activities, are more likely to raise a target risk than other qualifying entities.

Acquirer risk

25. The Secretary of State will consider whether the acquirer poses a risk to national security. Characteristics of the acquirer such as the sector(s) of activity, technological capabilities and links to entities which may seek to undermine or threaten the national security of the UK, are likely to be considered in order to understand the level of risk the acquirer may pose.

26. Some characteristics, such as a history of passive or long-term investments, may indicate low or no acquirer risk. The Secretary of State does not regard state-owned entities, sovereign wealth funds or other entities affiliated with foreign states, as being inherently more likely to pose a national security risk.

27. In assessing an acquirer, the Secretary of State may consider several factors, including:

a. the ultimate controller of an acquirer, or if the acquirer can be readily exploited;
b. whether the acquirer may pose a risk to national security in the light of their pre-existing holdings;
c. whether the acquirer, or their ultimate controller, has committed, or is linked to, criminal or illicit activities that are related to national security, or activities that have given rise to or may give rise to a risk to national security.

28. If an acquirer has links to entities which may seek to undermine or threaten the national security of the UK, this does not automatically mean that the acquisition will be called in.

29. The Secretary of State will not make judgements based solely on an acquirer’s country of origin. However, an acquirer’s ties or allegiance to a state or organisation which is hostile to the UK will be considered when assessing whether their qualifying acquisition has given, or may give, rise to a risk to the UK’s national security.

Control risk

30. The control risk refers to the amount of control the acquirer gains of an entity’s activities or strategy. It also concerns the amount of control over an asset, which includes controlling or directing its use, as well as using it.

31. The Secretary of State will consider the control that has been or will be acquired through the qualifying acquisition. A greater degree of control may increase the possibility of a target being used to harm national security. Additionally, a large amount of control may enable parties to reduce the diversity of a market, or influence the market’s behaviour, in a way that may give rise to a risk to national security. In such cases, the acquisition is more likely to be called in.

32. The control risk will be assessed alongside the target and acquirer risk. This is because when the target and/or acquirer risk is low, the level of control acquired is less likely to give rise to a risk to national security and so the Secretary of State is less likely to call in that acquisition.

Example 1: Qualifying acquisition of a qualifying entity that is likely to be called in

Company A is undertaking activities in the UK which include the development of cryptographic authentication for the purpose of activities that would be in scope of mandatory notification in the sector. Party B acquires shares in Company A that are below a 25% acquisition of shareholding stake or voting rights but which enable Party B materially to influence the policy of Company A. The UK government has concerns that the activities of Party B may be linked to hostile activity.

The target risk is high. The activities of Company A are in an area of the economy likely to give rise to risks to national security, as the cryptographic authentication technology could be used for malicious purposes.

The acquirer risk is high as the activities of Party B may be linked to hostile activity and requires an assessment by the government to identify possible national security risks.

While material influence is the lowest form of control over entities, there is a control risk as the acquisition enables Party B materially to influence how Company A’s technology could be used or sold.

Therefore, this acquisition is likely to be called in.

Example 2: Qualifying acquisition of a qualifying entity that is unlikely to be called in

Investor C is a non-UK based entity that increases its share of the voting rights in Company D from 15% to 26%. Company D is a financial services company which holds public contracts with the UK government. Investor C is well-known to the UK government and there is no existing activity that would give rise to concerns around national security.

The target risk is low as, while Company D is a supplier to the UK government, it undertakes activities that do not require mandatory notification nor are they closely linked to the activities which require mandatory notification.

The acquirer risk is low as Investor C’s activities are well known to the UK government and there has been no history of activity by Investor C that would give rise to national security concerns.

Despite the acquisition increasing Investor C’s share of the voting rights in Company D from 25% or less to more than 25%, the control risk is unlikely to increase materially the risk to national security as the target risk and acquirer risk are low.

Therefore, this acquisition is unlikely to be called in.

Assets

33. Acquisitions of control over qualifying assets are also in scope of the call-in power. This is principally so that acquisitions may be called in if control of an asset is acquired instead of an entity that owns it, or in the event that an asset, such as land, is located near a sensitive site, which may give rise to a national security risk.

34. Asset acquisitions are not subject to the mandatory notification requirements and so no one is required to submit a notification in relation to a qualifying acquisition of an asset. Parties may make a voluntary notification to the Secretary of State about an acquisition if they wish to be certain whether the acquisition will be called in. The Secretary of State may call in a qualifying acquisition of an asset if they have reasonable suspicion that it has given rise to or may give rise to a risk to national security. The Secretary of State will consider what the asset could be used for and whether that use could give rise to a risk to national security.

35. The call-in power is more likely to be used for qualifying acquisitions of assets that are or could be, used in connection with the activities set out in the Notifiable Acquisition Regulations or closely linked activities. This is because these acquisitions are more likely to pose a risk to national security.

36. Land is mainly expected to be an asset of national security interest where it is, or is proximate to, a sensitive site. Examples of such sensitive sites include critical national infrastructure sites or government buildings. However the Secretary of State may also take into account the intended use of the land.

37. The Secretary of State expects to call in rarely acquisitions of assets which do not fall into the above categories.

38. Overall, the Secretary of State expects to call in rarely acquisitions of assets compared to acquisitions of entities.

Example 3: Qualifying acquisition of a tangible asset that is unlikely to be called in

Company A has bought Building B located in the UK for residential use. Building B is a house adjacent to a sensitive military site. Company A is an overseas pharmaceutical company that is known to the UK government with no evidence of ties to hostile activity in the UK.

The target risk is medium as there is a proximity risk as the target to a sensitive site. However, it is unlikely that owning the adjacent property for residential use could pose a risk to national security, given other security protections in place at the military site.

The acquirer risk is low as there is no evidence to suggest that the acquirer, Company A, is linked to hostile activity, so the possibility of the target being used to threaten the UK’s national security is low. Company A has also demonstrated that it intends to use the asset as a place of residence, which does not pose a national security risk.

As Company A has purchased the asset outright, enabling Company A to use or to control or direct Building B’s use, this represents a higher level of control risk.

Nonetheless, this acquisition is unlikely to be called in because of the levels of target and acquirer risk.

Example 4: Qualifying acquisition of a tangible asset that is likely to be called in

Company C seeks to acquire Machinery D. Company C is based in the UK but owned by an organisation based overseas and is of concern to UK security organisations. Machinery D is specialised and used in the manufacture of military hardware.

The target risk is high since this is specialised hardware with a military purpose.

The acquirer risk is high because the acquirer is owned by an organisation with potentially concerning behaviour.

This acquisition would result in a high level of control as it would enable Company C to use or to control or direct the use of Machinery D and is therefore likely to increase the level of national security risk.

Therefore, this acquisition is likely to be called in.

Example 5: Qualifying acquisition of an intellectual property asset that is likely to be called in

Asset F is the underlying source code used by Business E in its computer programmes, which are used by UK air traffic control operators – an area of the economy in which certain acquisitions of entities are covered by mandatory notification. Business E is approached by Party G who wishes to acquire the right to access and use Asset F. Party G is known by the government to have existing ties to an organisation that is hostile to the UK.

The target risk is high as the source code may be used to identify vulnerabilities in the programmes used to monitor and communicate with aircraft in UK airspace.

The acquirer risk is high as the acquirer, Party G, has existing ties to an organisation that is of concern to the UK government.

There is a control risk as the acquisition of the right to access and use Asset F means that Party G could use the asset for malicious purposes. However, Party G does not have full ownership over the asset and so does not have full control over the asset.

Nonetheless, this acquisition is likely to be called in.

Extraterritorial use of the call-in power

39. Acquisitions of qualifying entities that are outside the UK and assets that are outside the UK and the territorial sea are less likely to give rise to national security risks than those within the UK and so these are less likely to be called in. Similarly, the risk to national security will be related to how strongly the entity or asset is connected to the UK. The Secretary of State will consider to what extent people in the UK rely on qualifying entities and assets outside the UK and how this may affect national security risks.

40. There is separate guidance on the application of the NSI Act in relation to entities and assets outside the UK.

Retrospective use of the call-in power

41. The Secretary of State may call in qualifying acquisitions after they have taken place. This power is set out in section 1(1)(a) of the Act.

42. When deciding whether to call in a qualifying acquisition that has already taken place, the same assessment of risk factors will be applied as for qualifying acquisitions that have not already taken place.

43. The decision whether to call in a qualifying acquisition after it has taken place will be made according to the risk to national security at the point of the decision rather than the risk to national security at the point that the qualifying acquisition took place.