Skip links

UK government publishes guidance on security rules for tech takeovers

The UK government has published guidance describing what technologies may be caught within the National Security and Investment Act 2021, which is set to give ministers the power to halt mergers and acquisitions.

The legislation, due to come into force in January, gives the government leeway to scrutinise buyouts and investments, impose certain conditions on an acquisition or, if necessary, unwind or block it. The statement issued this week, did, however say it expects to do this rarely, while the “vast majority” of deals will be able to proceed without delay.

The issue of technologies considered important to national security has become relevant to the tech sector in recent months, as stories about chip plant ownership and advanced materials hit the news. In the new guidance, the government said it wanted businesses and investors to get ready for the changes in the law. It wants them to assess whether the government must be notified of an acquisition and understand what they are to expect when they go through the notification and assessment process.

Business minister Lord Callanan said the government would not hesitate to intervene where necessary to protect our national security.

“The new investment screening process will be simpler and quicker, giving investors and firms the certainty they need to do business, and I urge them to make sure they are ready for the changes before they come into force in January,” he said.

The guidance says that “if an entity you are acquiring performs a certain activity, it could put you in scope of the National Security and Investment Act and you may be legally required to tell the government about it (known as a ‘mandatory notification’). This guidance tells you what these activities are.”

The guidance covers a long list of technologies, not all of them relevant to IT, but included in the box below.

Technology areas covered by the National Security and Investment Act 2021, which comes into force in January 2022

  1. Advanced Materials
  2. Advanced Robotics
  3. Artificial Intelligence
  4. Civil Nuclear
  5. Communications
  6. Computing Hardware
  7. Critical Suppliers to Government
  8. Cryptographic Authentication
  9. Data Infrastructure
  10. Defence
  11. Energy
  12. Military and Dual-Use
  13. Quantum Technologies
  14. Satellite and Space Technologies
  15. Suppliers to the Emergency Services
  16. Synthetic Biology
  17. Transport

The list includes Artificial Intelligence. Regarding AI, it says investors should consider if their target does research into, develops or produces goods, software or technology that uses AI and whether that technology is used to identify or track advanced robotics or “cyber security.”

To determine if a qualifying entity you are seeking to acquire is in-scope of the “Computing Hardware” part of the regulations calls for an assessment of whether the target company owns, creates, supplies or exploits the intellectual property of hardware products or functions.

The rules stretch to data infrastructure, which includes data centre operators, cloud storage service providers, managed service providers, specialist or technical service providers, software providers with access to customer data. They do not cover off-the-shelf software though.

Within scope for cryptographic authentication are technologies that identify a physical person using an access token, or use a biometric property of an individual to access a restricted area.

The guidance also includes chip-and-pin technology and e-passports in this category.

The government is putting forward two pieces of secondary legislation. The Procedure for Service Statutory Instrument sets out how the government sends and receives documents under the Act while the Form and Content of Notification Forms Statutory Instrument sets out what information is required in the Act’s notification forms, which parties can submit to the government under the Act.

In a statement on National Security and Investment Act 2021 the government made it clear it would not set out the circumstances in which national security is, or may be, considered at risk, reflecting a policy to ensure that national security powers are sufficiently flexible to protect the nation.

In September, the UK government issued a surprise public interest intervention notice against the proposed takeover of Welsh advanced materials specialist Perpetuus Group, claiming it represents a potential threat to national security.

Founded in 2013, the Perpetuus Group’s main subsidiary is Perpetuus Advanced Materials, a company that recently boasted of a breakthrough in the production of plasma-processed P-doped graphene and the creation of a “drop reactor” prototype which could produce surface-modified graphene in one-thirtieth the time of its previous approach.

In July, Prime Minister Boris Johnson promised a national security investigation into a China-backed corporation’s takeover [PDF] of Britain’s largest producer of semiconductors, Newport Wafer Fab (NWF) in a deal reported to be worth £63m ($87m).

Yesterday, the Competition and Markets Authority said it was moving its probe of the Nvidia/ Arm merger into Phase 2, and will undertake deeper scrutiny. Digital Secretary Nadine Dorries stated explicitly this is due to “national security” issues. ®