National Security and Investment Act: key points you need to know

The National Security and Investment Act 2021 (“Act”) came into force on 4 January 2022. It brings in a new regime allowing for Government intervention in transactions on national security grounds, as well as requiring mandatory notifications by acquirers in some instances.

The new regime is of direct relevance to the Higher Education Institutions (HEIs) which work within many of the areas covered by the Act.

Overview

The new rules apply to so-called qualifying acquisitions, which has a wide meaning and includes the acquisition of votes or shares in excess of 25% and the acquisition of rights or interests in an asset. It is important to highlight that the rules apply to acquisitions by both UK and overseas acquirers.

The new system introduces a mandatory notification and pre-completion clearance system for the acquisition of shares/voting rights in companies or other entities that operate in any of the 17 specified sectors below:

• Advanced Materials
• Advanced Robotics
• Artificial Intelligence
• Civil Nuclear
• Communications
• Computing Hardware
• Critical Suppliers to Government
• Cryptographic Authentication
• Data Infrastructure
• Defence
• Energy
• Military and Dual-Use
• Quantum Technologies
• Satellite and Space Technologies
• Suppliers to the Emergency Services
• Synthetic Biology
• Transport.

Failure to make a mandatory notification means that a transaction is void and there are a range of civil and criminal penalties that can be imposed on both companies and individuals that fail to notify. These include fines of up to the higher of £10m or 5% of worldwide turnover and prison sentences of up to five years.

Asset acquisitions and other acquisitions outside of the 17 mandatory sectors are not subject to mandatory notification but can be voluntarily notified. A voluntary notification may need to be considered where possible national security concerns are identified. This assessment is important, as the Secretary of State has call-in powers in respect of qualifying acquisitions and, ultimately, can order the blocking or unwinding of a transaction.

The application of the Act to the higher education (HE) sector

The concept of a qualifying entity or asset is a wide one and includes:

• entities such as university spinouts, university subsidiaries and research organisations; and
• assets such as designs, databases, algorithms, formulae, software and laboratory equipment.

The Government has published Guidance on the application of the Act for HEIs, which includes a summary of how the rules could apply to the sector, and examples of different acquisitions that are within the scope of the Act and could be subject to mandatory notification requirements or called-in.

Examples given include:

• The requirement for a mandatory notification where a private company acquires 30% of the shares in a university subsidiary that carries out research in one of the 17 mandatory notification sectors.

• The ability of the Government to call in the acquisition through a collaboration arrangement by one academic institution of the right to use the background intellectual property (IP) of another academic institution, where it reasonably suspects that this has given rise or may give rise to a national security risk.

• The ability of the Government to call in the exercise by a private company of an option to take a licence of IP generated in a collaborative research project with a UK academic institution, where it reasonably suspects that this has given rise or may give rise to a national security risk.

• The requirement for a mandatory notification where a foreign research centre acquires 50% of the shares in a UK research centre that carries out research in one of the 17 mandatory notification sectors.

• The requirement for a mandatory notification where a venture capital fund acquires a 27% equity stake in a university spinout that carries out research and produces goods in one of the 17 mandatory notification sectors.

• Where the Government reasonably suspects that this has given rise or may give rise to a national security risk, the ability of the Government to call in an arrangement under which a private foreign company funds an employee through an academic placement and the employee’s contract assigns all IP generated to the company.

Addressing the risks – governance and control

The new regime increases the need for all institutions to put in place systems that assess and protect research and academic collaborations.

Helpful and sensible steps are outlined in guidance published by the Centre for the Protection of National Infrastructure and the National Cyber Security Centre. These include:

• Ensuring senior level oversight of research collaborations and partnerships, and putting in place a clear policy that helps staff identify and highlight high-risk research to senior leaders.

• Identifying research that is related to sensitive defence or national security technology.

• Putting in place policies and processes to identify threats such as the involvement of hostile states.

• Ensuring that appropriate due diligence is carried out on prospective research partners.

As with most areas of compliance, the key points are the need for senior level involvement; risk assessment; appropriate policies and procedures on the basis of the risks; communication and awareness raising; and ongoing review and monitoring.

If you would like any assistance with the interpretation or implication of the new guidance in your institution, please contact matthew.woodford@brownejacobson.com.