The United Kingdom, Canada, and Germany have unveiled updates to their foreign investment screening regimes to improve each country’s ability to address foreign investments involving critical technology. These updates will increase regulatory risk and impose procedural hurdles for cross-border investments involving these jurisdictions. The United Kingdom’s updated regime requires mandatory notifications for transactions in 17 sensitive sectors and gives the Secretary of State for Business, Energy, and Industrial Strategy (Secretary of State) the power to call in for review completed investments that may pose risks to national security. Meanwhile, Germany has expanded the number of sectors involving critical technology that are subject to mandatory filings from foreign investors, and Canada has expanded the number of factors it considers when assessing national security risks.
Summary
- Countries around the world are updating their foreign investment review regimes based on best practices in other jurisdictions, such as rules implemented by the U.S. Committee on Foreign Investment in the United States (CFIUS). Updates in the U.K., Canada, and Germany include identifying critical technologies and sensitive sectors, requiring mandatory notifications from investors involved in certain transactions, setting up interagency mechanisms to facilitate efficient reviews, and empowering authorities to mitigate, prohibit, or unwind transactions if national security risks are identified. These updates may better position the United Kingdom and Canada to maintain, and Germany to obtain, “excepted foreign state” status from CFIUS, which would qualify investors from those countries as “excepted investors” and reduce their CFIUS filing obligations.
- Potential investors should consider the implications of these new review regimes when making investment decisions that involve multinational companies operating in these specific jurisdictions and critical technologies. Companies that operate in critical sectors should consider how mandatory filing requirements across jurisdictions may impact the structure and timing of investments. Other countries also are actively considering similar investment review regimes, increasing the likelihood that investments involving multinational companies and critical technologies may be subject to an increasing number of cross-border national security reviews.
The U.K.’s New Foreign Investment Review Regime
- The U.K.’s new foreign investment review regime establishes a standalone national security review process that is separate from the competition and national security reviews previously conducted by the U.K.’s Competition and Market Authority (CMA). On 29 April 2021, the U.K. passed the National Security and Investment Bill (Bill), which marks the first significant revision to the U.K.’s investment review process in almost 20 years1 in response to evolving investment patterns and technological and geopolitical changes. The CMA will now focus solely on reviewing mergers and acquisitions for competition purposes. The Bill will come into force on 4 January 2022.
- The Bill focuses the U.K.’s investment review process on national security concerns and primarily aligns the process with CFIUS. The U.K. regime, however, includes broader review authorities than CFIUS with respect to the review of acquisitions involving foreign entities.
- Mandatory Notification Requirements. The new regime establishes a mandatory notification procedure for acquisitions of businesses in 17 sensitive sectors2 where a person acquires a defined percentage of economic or voting interests in the target entity or acquires voting rights that enable the person to govern the affairs of the target entity. Persons acquiring economic or voting interests at the 25 percent, 50 percent, or 75 percent thresholds in a business in any of the 17 sensitive sectors are required to notify their transaction to the U.K. Secretary of State. The mandatory notification requirement would also apply to transactions where a person acquires voting rights with respect to the adoption of any form of resolution of an entity. Acquisitions subject to the mandatory notification requirement, but not notified to the U.K. Secretary of State, are legally void.
- Definitions of Sensitive Sectors Subject to Change. The United Kingdom is working to finalize definitions of the sensitive sectors in its regulations. The U.K. Department for Business, Energy, and Industrial Strategy is in the process of refining definitions of the seventeen sectors and expects to set out final definitions in regulations following input from industry.3 Although the current mandatory notification requirement only applies to acquisitions of entities, future regulations may mandate the notification of certain asset acquisitions.
- The U.K.’s New Call-In Power. The U.K. bill includes a broad call-in power that allows the U.K. government to review transactions outside of the 17 sensitive sectors that may raise national security concerns, including any deals that have occurred since the Bill’s introduction in Parliament on 12 November 2020. The Secretary of State can “call in” acquisitions of control over U.K. entities or assets,4 known as “trigger events,” where the Secretary of State reasonably suspects that there is a risk to national security or that there could be a risk to national security because of the trigger event. The U.K. Secretary of State can call in transactions for review up to five years post-closing or six months from the date the government is aware of the transaction, except for notifiable acquisitions as explained above.
- Thresholds for Reviewing Transactions Under the Call-in Power. The Bill establishes the degree of “control” required to subject transactions to the call-in power, including thresholds related to economic or voting interests, governance, and “material influence.” The bill defines “control” over entities as: (1) an acquisition of economic or voting interests in an entity from 25% or less to more than 25%; from 50% or less to more than 50%; or from less than 75% to 75% or more; or (2) an acquisition of voting rights in an entity that enable a person to secure or prevent the passage of any resolution governing an entity; or (3) any acquisition that enables a person to “materially influence” the policy of the entity. The “material influence” prong provides significant discretion to the United Kingdom to call in transactions in which the investor can participate in decision making but does not meet economic or voting thresholds. Asset acquisitions in which an investor acquires a right or interest to use the asset or use it to a greater extent than prior to the acquisition may be subject to review.
- Criteria for Assessing National Security Risk. The U.K. investment law prescribes national security-focused criteria to help guide decisions on whether to call in a transaction. When considering whether to exercise the call-in power, the U.K. Secretary of State must consider the “target risk,” the “trigger event risk,” and the “acquirer risk”—which align with the concepts of “threat,” “vulnerability,” and “consequence” applied by CFIUS.5 These three considerations are designed to ensure that the call-in power will be exercised to address potential national security concerns rather than economic or business considerations.
- Mitigation of Transactions that Present National Security Risk. The U.K. Secretary of State may impose conditions on transactions that are called in for review to address any national security risks. Once an acquisition has been called in, the U.K. Secretary of State will assess potential risks to national security posed by the acquisition and may impose necessary and proportionate remedies to the transaction to address national security risks. These remedies include imposing behavioral conditions such as access restrictions, or structural conditions such as walling off sensitive areas of a company.6 The U.K. Secretary of State may also prohibit or unwind transactions that pose heightened risks to national security.7 As a result of this broad call-in power, parties to transactions that are not subject to the mandatory notification requirement may wish to voluntarily notify the Secretary of State of the proposed transaction to receive comfort that their transaction will not be called in for review later.
- Extraterritorial Reach. The Secretary of State’s call-in power permits the review of acquisitions of non-U.K. entities or assets in certain circumstances. The call-in power may be used for acquisitions of non-U.K. businesses that conduct activities in the United Kingdom, or that supply goods or services to persons in the United Kingdom. Similarly, acquisitions of non-U.K. assets may be reviewable if the assets are used in connection with activities conducted in the United Kingdom, or in connection with the supply of goods or services to persons in the United Kingdom. The extraterritorial reach of the U.K.’s investment review regime appears to be designed to address supply chain concerns.
- Set Timeframes for Review Process. The new regime also establishes a formal timeline for national security reviews, which provides transaction parties with greater certainty on the timing of the national security review process. After receiving a notification of a transaction, the Secretary of State has a maximum of 30 days to decide whether to call in a transaction for further review on national security grounds. Once the Secretary of State calls in a transaction for review, the government has an initial 30-day assessment period to conduct a review of the transaction, which may be extended by an additional 45 days if the Secretary of State believes that further assessment of national security risk is needed. Following the 45-day additional assessment period, the Secretary of State may work with the acquirer to establish a voluntary extension period to complete its review if the Secretary believes that a national security risk may arise from a trigger event and that mitigation is necessary.
- Penalties for Noncompliance. The Bill also sets out potential enforcement responses for certain offenses including completing a notifiable acquisition without approval and failing to comply with interim or final orders. Parties that complete a notifiable acquisition without approval or that do not comply with the conditions of an interim or final order may face up to five years in prison as well as monetary penalties of up to 5 percent of the total worldwide turnover of the entity, or £10 million, whichever figure is higher.
Updates to Germany’s Foreign Investment Review Process
On 27 April 2021, Germany amended its Foreign Trade and Payments Ordinance to broaden the scope of its cross-sectoral foreign investment review process8 to require a mandatory filing for investments in sixteen new activities related to critical technology. Effective 1 May 2021, non-European Union investors are required to notify the German Ministry for Economic Affairs and Energy of the acquisition of a 20 percent or greater interest in German businesses that are engaged in certain activities in one of the 16 new critical technology activities, such as the manufacturing or development of autonomous vehicles, industrial robots, semiconductors, or certain healthcare products such as personal protective equipment.
- Broadened Scope of Transactions Subject to Review. Under Germany’s sector-specific review process,9 regulators can now review a foreign person’s acquisition of at least a 10 percent voting interest in companies that manufacture specified defense- or IT security-related goods. The scope of transactions subject to the sector-specific review process now include all military equipment that requires an export authorization, defense products covered by secret patents, encryption technology products, and infrastructure deemed essential for Germany’s defense.10
- Acquisition of Additional Rights Subject to Mandatory Notification. Germany’s revised regulations also stipulate that a foreign investor’s acquisition of additional voting rights in a German business subject to its review regime must be notified to the government if the additional acquisition exceeds certain voting rights thresholds. For transactions subject to the sector-specific review process, foreign investors must notify the German government of additional acquisitions in a German business beyond voting rights of 20%, 25%, 40%, 50%, or 75%. Additional voting rights acquisitions beyond 25%, 40%, 50%, or 75% apply to investments in healthcare and the 16 new critical technology sectors. Lastly, for all other German companies, foreign investors are required to notify the German government of additional voting rights acquisitions beyond 40%, 50%, or 75%.
- Certain Non-Controlling Acquisitions Included in New Scope. The German regime now includes “atypical” acquisitions of control such as investments that provide the foreign person with board seats, veto rights over strategic business or personnel decisions, and access to certain information rights if such rights would correspond to a share of voting rights that would trigger a review. This expansion is aimed at covering foreign investments that provide a shareholder with the ability to influence business decisions but may not reach the voting rights thresholds. Importantly, these atypical acquisitions of control do not trigger the mandatory notification requirement.
Recent Updates to Canada’s Foreign Investment Review Process
On 24 March 2021, the Government of Canada released updated investment review guidelines11 (the 2021 Guidelines) pursuant to the Investment Canada Act12 that identify areas of investment that could pose national security concerns such as sensitive personal data, sensitive technology areas, critical minerals, and investments by state-owned or state-influenced investors. These updated guidelines follow the April 2020 Policy Statement on Foreign Investment Review and COVID-19 (the April 2020 Statement),13 which specified that investments in critical goods and services, especially in the health sector, would be subject to enhanced scrutiny.
- Enhanced Scrutiny for State-owned Enterprises or Government-linked Investors. Under the 2021 Guidelines, all investments in Canadian entities by state-owned enterprises (SOEs) or SOE-linked investors are subject to enhanced national security scrutiny, regardless of the investment’s value.14 The 2021 Guidelines strongly encourage investors that are state-owned or subject to state influence to contact Canada’s Investment Review Division to discuss their investment and to file a notification or application for a net benefit review.
- Updated National Security Considerations and Circumstances for Mandatory Filing. The 2021 Guidelines list factors that Canada may consider when assessing the national security implications of transactions, providing investors with insight into the types of transactions that Canada may review on national security grounds. These 11 factors include the potential for an investment to permit sensitive technology or know-how transfers, or an investment’s potential to enable access to sensitive personal data, among other considerations. Notably, one of these factors is the “potential of the investment to enable access to sensitive personal data,” which would appear to include non-controlling investments that provide the investor with access to certain types of data.15
- Additional Clarity on Sensitive Sectors. The 2021 Guidelines provide a non-exhaustive list of 15 technology areas16 that the Canadian government may consider sensitive for the purposes of national security reviews. The list is broadly written and includes sectors such as advanced materials and manufacturing, aerospace, biotechnology, medical technology, artificial intelligence, and energy generation, storage, and transmission, among other areas. The 2021 Guidelines encourage investors in transactions that involve these 15 technology areas to contact Canada’s Investment Review Division to discuss the investment and to consider filing a notification.
Broader Implications
- Strengthened national security review regimes in the United Kingdom, Germany, and Canada may present both timing and substantive business, financial, and risk considerations for transaction parties, particularly if the investments involve businesses that operate in critical technology sectors or cross-border or multinational firms with business in a broad range of countries. Transaction parties may wish to consult foreign investment review experts to discuss the national security implications of a proposed deal for advice on how to navigate multiple national security review processes. A proactive effort to engage with governments early in the deal process will be preferable to mitigation, delays, unwinding, or penalties.
- The updated United Kingdom, Germany, and Canada regimes may permit these countries to obtain or maintain excepted foreign state and excepted investor status under the CFIUS regulations. The CFIUS regulations allow for investors with ties to certain countries to be exempted from mandatory filing requirements and its expanded jurisdiction over certain non-controlling investments and real estate transactions if the country meets a two-part test.17 The two-part test assesses whether the country cooperates with the United States on areas of foreign policy and national security and whether the countries adopt national security-related investment review regimes. Companies from excepted foreign states may have an easier time investing in the United States because they can acquire certain non-controlling interests in U.S. critical technology companies without having to file a declaration with CFIUS. For this reason, companies operating in Germany and in other countries that are revamping their foreign investment review regimes should closely monitor which countries are granted excepted foreign state status by CFIUS.
Endnotes
1 United Kingdom. “National Security Bolstered as Bill to Protect Against Malicious Investment Granted Royal Assent” (April 29, 2021) available at https://www.gov.uk/government/news/national-security-bolstered-as-bill-to-protect-against-malicious-investment-granted-royal-assent.
2 The seventeen sectors that are subject to the mandatory notification requirement are (1) Advanced Materials; (2) Advanced Robotics; (3) Artificial Intelligence; (4) Civil Nuclear; (5) Communications; (6) Computing Hardware; (7) Critical Suppliers to Government; (8) Critical Suppliers to the Emergency Services; (9) Cryptographic Authentication; (10) Data Infrastructure; (11) Defense; (12) Energy; (13) Military and Dual-Use; (14) Quantum Technologies; (15) Satellite and Space Technologies; (16) Synthetic Biology; and (17) Transport.
3 U.K. Department for Business, Energy, and Industrial Strategy. “National Security and Investment: Sectors in Scope of the Mandatory Regime” (March 2021), available at https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/965784/nsi-scope-of-mandatory-regime-gov-response.pdf.
4 Qualifying assets are land, tangible moveable property, and ideas, information, or techniques which have industrial, commercial, or other economic value. See United Kingdom. “Statement of Policy Intent” (March 2, 2021), available at https://www.gov.uk/government/publications/national-security-and-investment-bill-2020/statement-of-policy-intent.
5 The target risk is “the nature of the target and whether it is in an area of the economy where the government considers risks more likely to arise.” The trigger event risk is “the type and level of control being acquired and how this could be used in practice.” The acquirer risk is the “extent to which the acquirer raises national security concerns.” See United Kingdom. “Statement of Policy Intent” (March 2, 2021), available at https://www.gov.uk/government/publications/national-security-and-investment-bill-2020/statement-of-policy-intent.
6 United Kingdom. “National Security and Investment: A Consultation on Proposed Legislative Reforms” (July 2018), available at https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/728310/20180723_-_National_security_and_investment_-_final_version_for_printing__1_.pdf, p. 86.
7 United Kingdom. “National Security and Investment: A Consultation on Proposed Legislative Reforms,” p. 89.
8 Foreign Trade and Payments Ordinance. Section 55 Scope of application of the cross-sectoral examination, available at https://www.gesetze-im-internet.de/englisch_awv/englisch_awv.html#p0509
9 Foreign Trade and Payments Ordinance. Section 60 Scope of application of the sector-specific examination, available at https://www.gesetze-im-internet.de/englisch_awv/englisch_awv.html#p0509.
10 Dentons. “Major Reform of Foreign Direct Investment Rules in Germany” (April 30, 2021), available at https://www.jdsupra.com/legalnews/major-reform-of-foreign-direct-6871615/.
11 Government of Canada. “Guidelines on the National Security Review of Investments” (March 24, 2021), available at https://www.ic.gc.ca/eic/site/ica-lic.nsf/eng/lk81190.html.
12 Government of Canada. “Investment Canada Act” (last amended on April 1, 2021), available at https://laws-lois.justice.gc.ca/PDF/I-21.8.pdf.
13 Government of Canada. “Policy Statement on Foreign Investment Review and COVID-19” (April 18, 2020), available at https://www.ic.gc.ca/eic/site/ica-lic.nsf/eng/lk81224.html.
14 “State-owned enterprise” means “(a) the government of a foreign state, whether federal, state or local, or an agency of such a government; (b) an entity that is controlled or influenced, directly or indirectly, by a government or agency referred to in paragraph (a); or (c) an individual who is acting under the direction of a government or agency referred to in paragraph (a) or who is acting under the influence, directly or indirectly, of such a government or agency.” Investment Canada Act, available at https://laws-lois.justice.gc.ca/eng/acts/I-21.8/page-1.html.
15 The categories of sensitive personal data include, but are not limited to: (1) personally identifiable health or genetic information; (2) biometric data; (3) financial data; (4) communications data; (5) geolocation data; or (6) personal data of government officials. Government of Canada. “Guidelines on the National Security Review of Investments” (March 24, 2021), available at https://www.ic.gc.ca/eic/site/ica-lic.nsf/eng/lk81190.html.
16 The fifteen technology areas are (1) Advanced Materials and Manufacturing; (2) Advanced Ocean Technologies; (3) Advanced Sensing and Surveillance; (4) Advanced Weapons; (5) Aerospace; (6) Artificial Intelligence; (7) Biotechnology; (8) Energy Generation, Storage and Transmission; (9) Medical Technology; (10) Neurotechnology and Human-Machine Integration; (11) Next Generation Computing and Digital Infrastructure; (12) Position, Navigation and Timing; (13) Quantum Science; (14) Robotics and Autonomous Systems; (15) Space Technology.
17 Although the U.K. and Canada are already on CFIUS’s list of excepted foreign states, beginning on February 12, 2022, all countries must meet a two-part test to obtain the exemption. Under the two-part test, CFIUS must first determine that a country is an “eligible foreign state,” which means that the state is a U.S. ally and cooperates with the United States on issues of foreign policy and national security. Second, CFIUS must determine that the foreign state has a robust process to assess foreign investment for national security concerns. The updated regimes of the U.K., Germany, and Canada appear to check many of the boxes to meet the second criterion. CFIUS considers a number of factors when making the second determination, such as whether the review mechanism covers certain sensitive sectors including advanced technology and critical infrastructure, whether the foreign state has the authority to conduct an analysis of the national security risk posed by foreign investment transactions, and whether the foreign state has the legal authority to impose conditions on, prohibit, or unwind foreign investment transactions to protect national security. See U.S. Department of the Treasury. “Factors for Determinations Under § 800.1001(a) / § 802.1001(a),” available at https://home.treasury.gov/system/files/206/Excepted-Foreign-State-Factors-for-Determinations.pdf.