‍

The global technological and geopolitical landscape has been rapidly evolving, highlighting a growing concern among nation states about protecting their strategic interests and economic sovereignty. Given this accelerating technological advancement and the critical importance of certain sectors to countries’ sustained growth, the United Kingdom – an open economy reliant on foreign investment – is no exception.

In response to this reality and to modernize its legal framework for contemporary threats, the UK government implemented the National Security and Investment Act – NSIA. This legislation marks a radical shift in the UK’s approach to mergers, acquisitions, and investments, introducing a robust scrutiny regime for transactions potentially posing risks to national security.

‍

1. Contextualization and Approval: a response to geopolitical dynamics

Before the NSIA, the UK had limited powers to intervene in transactions on national security grounds, relying primarily on the Enterprise Act 2002. While this law permitted intervention in mergers, it focused chiefly on competition and media issues, with national security serving as a rare and relatively narrow exception Intervention powers were reactive, requiring case-by-case assessments by the Secretary of State without a formalized investment screening process.

As security threats grew more complex and diverse – extending beyond defense to critical technology, digital infrastructure, and sensitive data – the need for a proactive and comprehensive regime became evident. Heightened concerns about adversarial state actors accessing sensitive technologies and vital infrastructure, alongside observations of more robust regimes in countries like the United States (via the Committee on Foreign Investment in the United States – CFIUS) and Australia, catalyzed the push for reform.

The NSIA’s legislative process began with the introduction of the National Security and Investment Bill to the UK Parliament in November 2020. The proposal was driven by the perception that the UK lagged behind other nations with more developed investment screening mechanisms. The COVID-19 pandemic further heightened the urgency, revealing the importance of protecting supply chains and domestic capacity in vital sectors such as vaccine and medical equipment manufacturing.

The bill underwent rigorous debate and amendments in both UK Houses of Parliament – the House of Commons and the House of Lords. Discussions centered on balancing national security protection with maintaining the UK’s reputation as an open, attractive destination for foreign investment. Concerns were raised about the breadth of government powers, the definition of national security, and potential impacts on competitiveness. After revisions, the National Security and Investment Bill received Royal Assent in April 2021, becoming the National Security and Investment Act 2021.

Though enacted in April 2021, the core provisions and scrutiny regime took effect on January 4, 2022, following the publication of secondary regulations detailing 17 sensitive sectors and mandatory notification triggers. This date heralded a new era for foreign investment in the UK.

‍

2. Purpose and Objectives: a comprehensive view of national security

The central purpose of the NSIA is to empower the UK government to intervene in and mitigate national security risks arising from acquisitions of control over entities or assets. Unlike the previous reactive regime, which focused on a limited number of sectors, the NSIA establishes a proactive investment screening framework. This allows the government to assess potential risks before transactions are complete in many cases.

The specific objectives of the NSIA are multifaceted, reflecting a modern and expanded understanding of national security:

• Protecting National Security: this is the primary objective. The NSIA enables the government to identify and evaluate transactions that could compromise national security – whether through access to sensitive technology, critical infrastructure, classified information, or military capabilities. The law avoids a rigid definition of "national security," granting the government with flexibility to adapt to evolving threats. Published guidance, however, clarifies that it encompasses protecting the UK’s territory, population, democratic institutions, armed forces, essential infrastructure, vital supply chains, and sensitive intellectual property (IP). This includes resilience against cyberattacks, safeguarding government and commercial data integrity, and ensuring continuity of essential public services.
• Safeguarding Strategic Sectors: identify and protect economic sectors are vital to the country's security. The list with 17 sensitive sectors (detailed in Section 4) reflects the recognition that modern national security extends beyond defense to include advanced technology, data, and infrastructure – acknowledging the dual-use nature of many technologies
• Mitigating Risks without Halting Investment: the government seeks a delicate balance. The UK values foreign direct investment (FDI) as a driver of economic growth, innovation, and job creation. The goal is to mitigate specific national security risks, not indiscriminately deter FDI. The regime aims to be transparent and predictable for investors, though government flexibility remains debated. The government has reiterated that most transactions will be approved without intervention.
• Modernizing the Legal Framework: replace a fragmented and outdated regime with an agile system suited to 21st-century complexities. It addresses threats from state and non-state actors while aligning with international best practices.
• Preventing the Transfer of Sensitive Technology: prevent cutting-edge technologies, research, and critical knowledge (including IP and trade secrets) from falling into the hands of entities that could use them adversely. This safeguards the UK’s strategic advantage and counters hostile states’ development of military or surveillance capabilities.
• Strengthening Supply Chain Resilience: in an interconnected world, reliance on external sources for critical components creates vulnerabilities. The NSIA allows scrutiny of transactions that could compromise vital supply chains, ensuring the UK avoids over-dependence on single suppliers or regions for essential goods and services.

The NSIA is not intended as a tool for economic protectionism or industrial policy but as an instrument of national security. Nevertheless, its interpretation and application may indirectly impact the UK’s investment landscape and competitiveness.

‍

3. Obligations and Requirements: level of control and notification

The NSIA imposes significant obligations on parties involved in certain transactions, especially those with potential implications for national security. The regime operates through a system of mandatory and voluntary reporting, alongside the government’s power to “call in” transactions for review.

• Mandatory Notification: this is the core of the NSIA. A mandatory notification occurs when a trigger event takes place in an entity operating in one of the 17 sensitive sectors specified in the regulations. Failure to comply with mandatory notification renders the transaction legally void and may result in severe penalties.
  • Penalties for Non-Notification: Non-notified mandatory transactions are null and void, meaning the buyer does not legally acquire the entity or asset. This can have devastating consequences for the transaction and the parties involved, potentially requiring the reversal of all legal acts. In addition, defaulting parties may be subject to civil fines of up to £10 million or 5% of the group's global turnover (whichever is greater) and/or criminal penalties for individuals, including imprisonment of up to 5 years. The severity of these penalties underscores the critical importance of compliance.
• Voluntary Notification: for transactions outside the 17 sensitive reporting sectors or those that do not meet mandatory control triggers, but which the parties believe could raise national security concerns, there is the option of voluntary notification.
  • This option creates legal certainty for parties. Once the government decides not to intervene (by issuing a “call-in notice”) or after a defined period of no intervention, the risk of the transaction being “called in” for retroactive review is mitigated. It is a way to obtain an official “green light,” providing security for the investment.
• Power to Call-in for Review: even if a transaction is not notified (either because it is not mandatory or the parties have chosen not to notify voluntarily), the Secretary of State for Business, Energy, and Industrial Strategy (now within the Department for Business and Trade – DBT) has the power to “call in” a transaction for review.
  • This power can be exercised up to 5 years after the transaction is completed or 6 months after the Secretary of State becomes aware of the transaction, whichever is later. This creates considerable uncertainty about transactions that do not qualify for mandatory reporting but pose some potential national security risk. The government may become aware of the transaction through media reports, third-party information, or internal analysis.
  • If a transaction is called in, the parties are required to provide detailed information, and the government can impose conditions on the transaction or even block it.
• Review Process: the review process is conducted by the Investment Security Unit (ISU), a dedicated unit within the Department for Business and Trade (DBT). The ISU evaluates the notifications and makes recommendations to the Secretary of State. The process follows defined deadlines:
  • After a notification is submitted, the ISU has 30 working days to decide whether to “call in” the transaction for further review.
  • If “called in,” the ISU has an additional 30 working days to conduct a detailed assessment, which can be extended by a further 45 working days if necessary.
  • Additionally, the government and parties may agree to voluntary extensions, which is common in complex cases.
  • The review may lead to:
    • No Action: The transaction raises no national security concerns and is cleared.
    • Remedy Orders: the transaction may proceed, but with certain conditions to mitigate risks. For instance: restrictions on access to sensitive information, corporate governance requirements such as the appointment of independent directors, supply guarantees to the government, or the need to maintain certain operations in the UK.
    • Final Orders: in extreme cases, the transaction may be completely blocked or, if already completed, the buyer may be forced to divest control or part of the asset/entity

‍

4. Protected Assets: the 17 sensitive sectors

The NSIA does not explicitly define “national security” but instead provides a list of 17 sectors of the economy considered sensitive. Transactions in these sectors trigger a mandatory notification if certain control thresholds are met. This list reflects the government’s assessment of where national security threats are most likely to emerge. The sectors are:

1. Semiconductors: covers the design and manufacture of silicon wafers, chips, and other semiconductor components, including research and development. These components are the foundation of modern technology, from defense systems to consumer electronics and critical infrastructure, and are vital to the digital economy and national security.
2. Critical Minerals: exploration, mining, processing, and recycling of minerals considered essential to national security due to their importance in strategic technologies (e.g., rare earths, lithium, cobalt, graphite). The security of these minerals' supply chains is vital to high-tech and defense industries.
3. Artificial Intelligence (AI): Technologies including algorithms, software, and hardware that enable machine learning, reasoning, and decision-making. AI is seen as a general-purpose technology with significant applications in defense, surveillance, cybersecurity, and autonomous control systems.
4. Data Infrastructure: Includes data centers, cloud computing services, and other critical data storage and processing infrastructure. Protecting the integrity, confidentiality, and availability of sensitive data – whether government, military, or industrial – is critical to digital sovereignty.
5. Defense: manufacture and supply of military equipment, services, and technologies, including weapons, vehicles, communications systems, and defense software.
6. Energy: generation, transmission, distribution, and storage of electricity, oil, and gas, including nuclear infrastructure. Energy security is a pillar of national security.
7. Communications: telecommunications networks, satellites, broadcasting services, and internet service providers. The integrity and resilience of communications networks are crucial to society and government.
8. Transportation: airport, port, railway, and road infrastructure, including traffic control and management systems. Efficient and safe transportation is vital for the economy and mobilization in times of crisis.
9. Quantum Computing: technologies related to quantum computing, sensing, and communications, which have the potential to revolutionize cryptography, computing, and sensing, with profound implications for security and intelligence capabilities.
10. Cryptographic Technology: technologies and services related to cryptography for data and communications security, essential for protecting confidential government and commercial information.
11. Positioning, Navigation, and Timing (PNT) Technology: technologies such as GPS and navigation systems that are essential for a wide range of civil and military applications, from transportation to defense operations.
12. Advanced Materials: development and manufacture of materials with unique properties and strategic applications in sectors such as defense, aerospace, and energy.
13. Robotics: development and manufacture of robots and autonomous systems, with applications in defense, manufacturing, logistics, and surveillance.
14. Aviation and Space: manufacturing of aircraft, space vehicles, satellites, and related systems. The space sector is increasingly strategic for communications, observation, and defense.
15. Nuclear Engineering: activities related to the research, development, and application of nuclear technology, including nuclear power and decommissioning.
16. Military and Dual-Use Technology: encompasses technologies that can have both civilian and military applications, such as certain software, electronic components, or materials that, although developed for civilian purposes, can be adapted for military use.
17. Postal Services: national postal services, given their importance for government communication, the transportation of sensitive goods, and national logistics.

This list highlights the UK’s broad interpretation of what constitutes “national security” in today’s digital and geopolitical age, covering a much wider spectrum than traditional definitions.

‍

5. Impact on Key Sectors: challenges and opportunities

The NSIA significantly impacts all 17 designated sectors, particularly those involving high technology and critical infrastructure, such as semiconductors, critical minerals, artificial intelligence, and data infrastructure, due to their strategic nature and rapid pace of innovation.

• Semiconductors: this sector is globally strategic and capital-intensive, with complex and interconnected supply chains. The NSIA aims to protect the UK's ability to design and, to a lesser extent, manufacture chips, as well as the associated IP, which is an invaluable asset.
  • Positive Effects: provides greater protection against hostile takeovers that could transfer vital technology or production capabilities to strategic competitors or adversarial states. It fosters domestic supply chain resilience at a time of global chip shortages and high dependence on a limited number of suppliers.
  • Challenges: may create uncertainty for foreign investors interested in UK semiconductor companies, potentially slowing or preventing the investment needed for growth and innovation. The broad definition may encompass companies that only design chips but do not manufacture them, yet whose IP is crucial. High-profile cases, such as the acquisition of Newport Wafer Fab (a Welsh semiconductor factory) by the Chinese-owned firm Nexperia, were subject to intense scrutiny and eventual forced divestment by the government. This sent a clear signal about the state’s red lines regarding the protection of strategic assets.
• Critical Minerals: global dependence on limited sources of critical minerals, essential for batteries, electronics, green technologies, and defense, represents a strategic vulnerability. The NSIA allows the government to review acquisitions that could compromise the UK’s security of supply.
  • Positive Effects: helps ensure that the UK's critical mineral supply chains remain secure and diverse, thereby protecting key industries that rely on these materials. Promotes the development of domestic mining and processing capabilities, reducing dependence on geopolitically unstable sources.
  • Challenges: the UK does not have large reserves of critical minerals and is therefore heavily dependent on imports. Enhanced scrutiny could hinder the foreign partnerships necessary for processing or gaining access to new sources, which often require significant investment and international expertise.
• Artificial Intelligence: AI is viewed as a transformative technology with vast implications for national security, from cybersecurity to autonomous defense systems. The NSIA aims to control access to core technologies, including algorithms, training datasets, AI models, and R&D capabilities.
  • Positive Effects: protects the UK's leadership in AI research by preventing adversaries from gaining access to technologies that could be used for military, surveillance, or offensive cybersecurity purposes. This encourages the development of ethical and safe AI which aligns with the country's values.
  • Challenges: the AI sector is highly internationalized, capital-intensive, and relies on global collaboration. The NSIA could be perceived as an obstacle to investment and cross-border partnerships, which are essential for rapid advancement. The Act’s broad definition of “AI” could impact startups and smaller companies developing dual-use technologies (with both civilian and military applications), creating uncertainty with regards to notification requirements.
• Data Infrastructure: data protection is essential in the digital age, where information is a strategic asset. The NSIA focuses on data centers, cloud services, and other infrastructure that store and process large volumes of sensitive information, including government, military, healthcare, and financial data.
  • Positive Effects: safeguards critical government, business, and personal data from unauthorized access, manipulation, or disruption by hostile actors. This strengthens the UK's data sovereignty and the resilience of its digital services.
  • Challenges: the data sector is global and requires massive ongoing investment in infrastructure. Restrictions on foreign investment in data centers or cloud services could limit capacity expansion and reduce price competitiveness in the UK. Global companies may hesitate to expand operations in the country if there is a perceived risk of government intervention, potentially diverting investments to jurisdictions with less onerous regulatory regimes.

In general, the NSIA adds a layer of complexity and uncertainty to transactions within these sectors. Companies and investors must now incorporate a national security risk assessment into their due diligence and be prepared for potential delays or imposed conditions. On the other hand, the regime can provide greater certainty for domestic companies, creating a clear demarcation of the strategic capabilities the UK intends to protect. This could potentially attract investment from entities seeking a stable and secure regulatory environment for sensitive assets.

‍

6. Transactions Requiring Authorization or Registration: control triggers

The NSIA establishes specific triggers to determine when a transaction is subject to mandatory notification or may be “called in” for review. These triggers focus on the acquisition of control over entities or assets.

6.1. Mandatory Notification Triggers: apply only when the target entity operates in one of the 17 sensitive sectors and one of the following acquisition events occurs:

• Increase in Shareholding or Voting Rights:
  • Acquisition of more than 25% of the voting rights or shares in an entity.
  • Acquisition of voting rights or shares that increase from 25% or less to more than 25%.
  • Acquisition of voting rights or shares that increase from 50% or less to more than 50%.
  • Acquisition of voting rights or shares that increase from 75% or less to more than 75%.
  • Example: a foreign investment fund acquires a 26% stake in a UK startup that develops algorithms for defense applications. As this transaction crosses the 25% threshold in a sensitive sector, it requires mandatory notification.
• Acquisition of Control over an Entity: involves acquiring voting rights or shares that allow the acquirer to:
  • Pass or block resolutions within the entity (e.g., through veto rights over strategic decisions).
  • Direct or control the entity’s activities (even without a majority stake, if a shareholders' agreement or other arrangement grants this power).
  • Example: a foreign energy company acquires 10% of the voting shares in a UK operator of critical power grid infrastructure. The acquisition agreement grants it the right to veto strategic board decisions, such as the sale of assets or the appointment of key executives. This may be considered an acquisition of control for NSIA purposes and trigger a mandatory notification if the target is in the energy sector.
• 6.2. Call-in Power Triggers (for Voluntary or Retroactive Notification): the government can “call in” a transaction for review even if it does not fall under the mandatory notification rules. This occurs if a qualifying acquisition is made that, in the Secretary of State’s assessment, could raise national security concerns. Broader “call-in” triggers include:
  • Transactions Outside the 17 Sectors: transactions in sectors not designated as sensitive can be called in if they raise national security concerns.
  • Acquisition of Material Influence: lower, more subjective threshold, which occurs when the acquirer gains the ability to materially influence the policy of the target entity, even if without a majority stake or explicit veto rights. This may be inferred from a smaller shareholding (e.g., and 15-25%), the right to appoint directors, or commercial agreements that confer significant decision-making power.
  • Example: a foreign company acquires a 15% stake in a small UK cryptographic technology firm, secures a board seat, and enters a strategic collaboration agreement granting it privileged access to technical information. Although it does not reach the 25% mandatory notification threshold, the government may determine that material influence over a sensitive technology has been acquired and “call in” the transaction.
  • Asset Acquisition: the NSIA is not limited to corporate acquisitions. It also applies to the acquisition of certain “assets” in any sector should the acquisition pose a risk to national security. Assets include:
    • Land: property that is strategically located (e.g., near military or intelligence installations).
    • Tangible assets: equipment, machinery, and physical infrastructure (e.g., a factory producing sensitive components, a port, or an airport).
    • Intellectual Property: patents, copyrights, trade secrets, databases, software, designs, or any other sensitive technical knowledge.
  • Example: a foreign entity acquires a crucial patent for quantum computing technology developed by a UK university, or an exclusive license for its commercial exploitation. This standalone acquisition, without the purchase of the entire company, may be “called in” for review as the IP is considered a strategic asset.

‍

7. Future Vision of the UK Parliament

The forward-looking vision that guided the UK Parliament in approving the National Security and Investment Act reflects a deep understanding that national security in the 21st century extends beyond the traditional boundaries of defense and intelligence into the realm of technological and economic sovereignty. By establishing a comprehensive scrutiny mechanism for 17 critical sectors, the UK legislature envisions a future in which the country not only defends against immediate threats but also builds a resilient foundation for sustained development. This legislation is seen as an crucial tool to ensure strategic supply chains remain under national control, protect its most valuable IP, and maintain and capitalize on leadership in emerging technologies – such as semiconductors, AI, and quantum computing – on UK soil, thereby ensuring long-term prosperity and security.

Thus, the control exercised through the NSIA over sectors such as energy, communications, and data infrastructure is not limited to risk prevention; it extends to nurturing domestic innovation ecosystems and attracting investment that aligns with the UK's strategic interests. Protecting critical minerals and advanced materials, for example, is considered vital for securing access to the essential resources needed for future industries, from electric vehicles to advanced defense systems. The intention is to foster an environment in which international collaboration is encouraged, while always safeguarding the know-how and capabilities that provide the UK with a competitive advantage and ensure its resilience in the face of global shocks and geopolitical competition. Parliament anticipates that by proactively managing investments in these vital areas, the country will be able to direct capital to where it best serves national development objectives.

Ultimately, the parliamentary vision for the UK's future, as shaped by the NSIA, is of a nation open to the world while intelligently protecting its fundamental pillars. This strategy aims to strengthen the industrial and technological base, foster sovereign innovation, and ensure the integrity of critical infrastructure. This strategic control over the 17 sectors, far from being an obstacle to investment, is presented as a pillar of trust and stability. The goal is to create fertile ground for the country not only to prosper economically but also to solidify its position as a technological powerhouse and a reliable partner on the global stage, safely navigating the challenges and opportunities of the next decade.