25 January 2022

The UK National Security Act 2021 – the effect on Mergers & Acquisitions

Written by Richard Gray

On 4 January 2022, the UK’s National Security and Investment Act 2021 (‘the Act’) came into force. The Act replaces the existing provisions relating to public interest merger regimes set out in the Enterprise Act 2002 where mergers may involve national security considerations. The introduction of the Act has been regarded as one of the biggest shake ups in the UK’s national security investment screening powers for 20 years.

The Investment Security Unit (‘ISU’) will operate the new regime. The ISU is a unit within the Department for Business, Energy and Industrial Strategy (‘BEIS’). The new regime is split into two parts, namely; a mandatory notification regime and a voluntary notification regime. It would be prudent for transacting parties to review the Act and new regime in detail

Mandatory Notification Regime

The Act set outs the thresholds used to determine whether an acquirer will need to lodge a mandatory pre-completion notification with the ISU. The obligation to notify will work in tandem with a ‘call-in’ power enabling the Government to call-in qualifying transactions for review. This power will apply to any sector and is not subject to any materiality thresholds.

If in doubt as to whether or not a transaction falls under the Act, best practice is to lodge a mandatory pre-completion notification with the ISU. Section 6 of the Act sets out the definition of a notifiable acquisition. This provides the criteria for determining when a notifiable acquisition occurs:

  • The acquisition must be a qualifying entity that undertakes certain activities in the UK within a high-risk sector of the economy; and
  • As a result of the acquisition, the acquirer gains control of a qualifying entity by either:
    • increasing the percentage of shares (or votes) that it holds in the entity to: (i) more than 25%; (ii) more than 50%; or (iii) at least 75%; or
    • acquiring voting rights in the entity that enable the person to secure or prevent the passage of any class of resolution governing the affairs of the entity.

There are 17 mandatory sectors that, if carried on in the UK, will fall within the mandatory notification regime. They are:

  • Advanced materials
  • Advanced robotics
  • Artificial intelligence
  • Civil nuclear
  • Communications
  • Computing hardware
  • Critical Suppliers to Government
  • Cryptographic authentication
  • Data infrastructure
  • Defence
  • Energy
  • Military and dual use
  • Satellite and space technology
  • Suppliers to emergency services
  • Synthetic biology
  • Transport
  • Quantum technologies

Voluntary Notification Regime

If the transaction triggers a voluntary notification regime, the transaction will not be caught by the criteria set out above in relation to the mandatory notification regime however, the ISU can call-in any unnotified transaction completed since 12 November 2020 for review that fall outside the mandatory notification requirement, including before the transactions have closed.

Remedies & Penalties

In relation to remedies, once a notification process is complete, a 30-day period commences. During this time, BEIS will indicate whether or not it intends to call in the transaction for review. If a transaction is called in, BEIS has up to a further 30 working days review which may be extended by an additional 45 working days (or more, if needed and agreed between parties). If a security risk is identified, consideration is given to allowing representations on remedies before making a final order. The ISU is given wide discretion to impose any necessary and proportionate remedies to prevent, remedy or mitigate the risk or in some circumstances prohibiting the transaction.

If a transaction completes without being approved, the acquisition will be void and have no legal effect. Under the Act, there are a number of offences including, completing a notifiable transaction without approval; breaching an order of the Secretary of State; or failure to comply with an information request. There are also potential criminal penalties which involve up to five years imprisonment and also, civil penalties including fines for individuals (up to £10 million) and businesses (up to the greater of £10 million or 5% of the acquirer’s total worldwide turnover).


As mentioned above, the introduction of this Act is one of the most drastic changes in the last 20 years relating to national security screening and extends to a broad spectrum of sectors some of which might not previously have been considered to present national security issues. The Act places responsibility on both sellers and buyers to consider the Act and whether or not a company operates in any one of the 17 mandatory sectors. Whilst determining whether or not a business falls within one of these sectors seems like a fairly obvious observation to make, it will not always be the case particularly in relation to technology. It is prudent that businesses undertake careful analysis of guidance issued by the Government to determine if they operate in one of the 17 mandatory sectors and whether the Act therefore, is likely to be applicable.

If you have any questions relating to this article, please do not hesitate to contact Richard Gray.

*This information is for guidance purposes only and does not constitute, nor should be regarded, as a substitute for taking legal advice that is tailored to your circumstances.

About the author

Richard Gray


Richard Gray is Partner and Head of the Corporate team at Carson McDowell. Richard's main areas of practice include corporate, corporate finance and projects work. He advises major domestic companies including SHS Group Lagan Investments and Eakin Healthcare, as well as leading public sector clients, such as Queen’s University Belfast.

Related Insights

All Insights