with No Comments

355 Bryant Street, Suite 403 | San Francisco, CA 94107 | Phone: 650.843.0988 | Fax: 650.618.0488


Comparing CFIUS and NSI in Transactions

The National Security and Investment (“NSI”) Act came into effect on January 4, 2022, and expands the powers available to the UK government to screen investments on national security grounds. This new regulation is analogous to the Committee on Foreign Investment in the U.S. (“CFIUS”), the equivalent in the United States. For the NSI, there is both a mandatory and a voluntary notification requirement, as well as a power to “call-in” an applicable transaction[1]. Compared to CFIUS in the United States, the NSI Act is administered by the newly formed Investment Security Unit (“ISU”), which operates within the Department for Business, Energy, and Industrial Strategy (“BEIS”)[2].


I.    NSI Mandatory Regime


The new mandatory notification regime will require investors to notify the Secretary of State of proposed transactions involving “qualifying entities” and, subject to regulation, assets active in the UK in certain “key sectors”, as listed in the chart below[3]. A qualifying entity” may be formed or recognized under the laws of another country if it carries on activities in the UK or supplies goods or services to persons in the UK.


Regulation Scope Sectors Trigger Event
NSI Entities that carry on activity in the UK or supply goods and services to its residents; and/or assets that are used in connection with activities carried on in the UK or the supply of goods or services 1. Advanced materials

2. Advanced robotics

3. Artificial Intelligence

4. Civil Nuclear


6. Computing Hardware

7. Critical Suppliers to Government

8. Cryptographic Authentication

9. Data Infrastructure

10. Defense

11. Energy

12. Military and Dual-Use

13. Quantum Technologies

14. Satellite and Space Technologies

15. Suppliers to the Emergency Services

16. Synthetic Biology

17. Transport

– Shares or voting rights by an acquirer increases

·        From 25% or less to more than 25%

·        From 50% or less to more than 50%

·        From 75% or less to more than 75%

– It enables the acquirer to secure or prevent the passage of any type of resolution governing the affairs of the target

– It enables the acquirer to materially influence the policy of the target

– Acquisitions of a right or interest in, or in relation to, a qualifying asset enables the acquirer to:

·        Use the asset or use it to a greater extent than before the acquisition

·        Direct or control how the asset is used

Direct or control how it is used to a greater extent than before the acquisition

CFIUS Extends to (a) foreign-to-foreign deals in which the target has one or more US

subsidiaries, or US assets or operations; (b) the formation of a joint venture to which one party contributes to an

existing US business (with “US business” defined broadly); and (c) deals involving long-term leases of US assets

that operate as de facto transfers of US businesses

TID[4] US Business:

1. Critical Technology: Produces, designs, tests, manufactures, fabricates, or develops one or more

critical Technologies (e.g., certain export-controlled “dual-use” items with both civilian and military

applications, defense articles, nuclear technologies, select agents and toxins, and emerging and

foundational technologies);

2. Critical Infrastructure: Owns, operates, manufactures, supplies, or services critical Infrastructure; or

3. Sensitive Personal Data: Maintains or collects sensitive personal Data of US citizens[5].

Mandatory where[6]:


i. the US business involved in the transaction produces, designs, tests, manufactures, fabricates, or develops certain types of “critical technologies” and

ii. a “U.S. regulatory authorization” would be required to provide such critical technology to any of the following persons, based on principal place of business, nationality (for individuals), or other reasons (eg, if the person is designated on the Entity List under the EAR):

–        any person that could “directly control” the US business as a result of the covered transaction

–        any person that is “directly acquiring an interest” or already has a “direct investment” in the US business and is acquiring certain relevant non-controlling rights or

–        any person that individually holds or is part of a group of foreign persons that holds a 25 percent or more voting interest[3] in a foreign person described in (ii)(a) and (b) above[7].


II.    NSI “Call-in” Powers


In addition to the introduction of a new mandatory regime, the NSI bill empowers the Secretary of State to “call-in” transactions that have national security implications[8]. This power is exercisable for up to five years after a “trigger event”, or within six months after the Secretary of State has become aware of such event[9]. In this context, a “trigger event” occurs where an investor has acquired, or will acquire: (i) more than 25%, 50%, or 75% or more of shares or voting rights of a qualifying entity; (ii) voting rights that enable or prevent the passage of any class of resolution governing the affairs of a qualifying entity; (iii) a material influence over the policy of a qualifying entity (which could catch relatively small investments); or (iv) use or control (or use or control to a greater extent) over a “qualifying asset”[10].

The NSI bill defines “qualifying assets” as: land; tangible moveable property; and ideas, information, or techniques that have industrial, commercial, or other economic value[11]. Examples of the latter include trade secrets; databases; source code; algorithms; formulae; designs; plans, drawings and specifications; and software. Land or moveable property located outside of the UK or any ideas, information, or techniques that have industrial, commercial, or other economic value are “qualifying assets” if they are used in connection with activities carried on in the UK or in connection with the supply of goods and services to persons in the UK[12].


III.    NSI Voluntary Regime


For voluntary notifications under the NSI Act, these are required when:

  • The target entity is not active within a sensitive sector, but the acquisition meets the criteria listed under mandatory notifications.
  • If the transaction involves the acquisition of material influence over an entity’s policy, whether or not the target entity is in a sensitive sector.
  • If the acquisition of a right or interest in, or in relation to, an asset provides the ability to use or control the asset (entirely or to a greater extent), whether or not the asset relates to a sensitive sector.


The ISU anticipated that less than 10% of cases would require a detailed national security assessment, and of these that receive an assessment, the ISU stated that “we expect only a small proportion of such assessments will result in government intervention[13].” The Impact Statement that was released in advance of the BEIS becoming effective estimated that there will be 1,000 – 1,830 notifications each year, resulting in 70 – 95 detailed national security assessments and 8 – 10 remedies each year[14].


IV.    Comparing Statutory Review Processes


Once a notification is received by BEIS that a potentially applicable transaction has occurred, the Secretary of State has 30 working days to undertake its preliminary screening[15]. At this stage, a decision will be taken as to whether the transaction can proceed or should be “called-in” for further investigation on national security grounds[16]. Where a “call-in notice” is issued either following a mandatory or voluntary filing, or ex officio, a (further) 30 working day assessment period will commence, which can be extended by 45 working days if the Secretary of State reasonably considers it required, or longer if agreed with the investor[17].

CFIUS also mandates a specific statutory timeline for review once a filing is received. This timeline is dependent on whether a party files a declaration or a notice. For a declaration, CFIUS has 30 days to review a submission[18]. At the end of its review, CFIUS may clear the transaction, conclude its review without formally clearing the transaction, or require the parties to file a notice.

For a notice, a party is effectively required to submit a draft to CFIUS. CFIUS generally is required to provide comments on draft notices within 10 business days[19]. Once the parties revise the notice to address any feedback, they file a formal version of the notice. The statutory timeline for review does not commence until CFIUS officially accepts the notice by issuing a letter to that effect. After accepting the notice, CFIUS has 45 days to review the transaction and decide whether to clear it or commence an investigation. That investigation generally lasts an additional 45 days, although the process can be terminated at any point during the 45-day investigation period[20]. During the review and investigation periods, any of the agencies that make up CFIUS can submit written questions to the parties through the Treasury Department case officer. When a party receives questions from CFIUS, the party has three business days to respond absent an extension[21].

If CFIUS cannot resolve national security concerns by the end of the investigation period, it must make a formal recommendation to the President as to the action the President should take with respect to the transaction. The President then has up to 15 additional days to decide whether to clear, suspend, prohibit, or impose conditions on the deal[22]. In practice, to extend the statutory review period, CFIUS can also suggest that the parties voluntarily withdraw and then immediately refile their notice, thereby extending the statutory timeline for CFIUS review.


V.    Comparing Penalties for Violations


Under the NSI Act, if the Secretary of State determines that a risk to national security arises from a notifiable acquisition or trigger event, the Secretary of State will also have the power to impose final orders to prevent, remedy or mitigate such risk, including blocking a transaction, requiring it to be unwound, or imposing operating or other conditions[23]. The Secretary of State also has the power to issue interim remedies while it is carrying out its assessment.

Sanctions for non-compliance under the new regime include fines of up to 5% of worldwide turnover or £10 million (whichever is the greater) and/or imprisonment up to five years[24]. In addition, transactions subject to a mandatory notification requirement that proceed without obtaining clearance will be void[25].

In the U.S., in many cases, CFIUS can clear a transaction subject to conditions to mitigate the perceived risks the transaction otherwise would pose. If necessary, CFIUS will engage with the parties to negotiate such conditions. If CFIUS foresees national security concerns early in the process, it may open such negotiations even in the pre-filing phase, before the parties submit their formal notice. Mitigation instruments can range from assurance letters between CFIUS and the parties (whereby the parties undertake minimal corporate steps to address security concerns) to complex agreements that can impose burdensome operational restrictions or even require restructuring aspects of the transaction itself.

If a person fails to comply with the mitigation measures, they can be liable for a civil penalty of up to $250,000 or the value of the transaction, whichever is greater, per violation[26].


VI.     Conclusion


As organizations continue to seek financing from both domestic and foreign entities, the UKs NSI Act indicates a growing trend to more regulation from nations seeking to review these transactions. In its impact statement, the NSI Act specifically referenced CFIUS as a model for the new regulations.  Founders are increasingly having to represent to their investors that they are compliant with CFIUS as part of these financings; it is thus imperative that organizations operating internationally not only seek counsel on U.S. compliance, but UK compliance as well.


If you have any questions about this memo, please contact Christopher L. Rasmussen, Managing Partner, Inventus Law, PC., at chris@inventuslaw.com or 408-482-3216, or Linnea Vail, Commercial Associate, Inventus Law, PC., at linnea@inventuslaw.com or 650-338-9391.

Disclaimer: This Memo is being provided for information purposes only and is drafted entirely on the basis of public resources. Information contained on or made available herein is not intended to and does not constitute legal advice, recommendations, mediation, or counseling under any circumstance. This information and your use thereof do not create an attorney-client relationship. You should not act or rely on any information provided herein without seeking the advice of a competent advocate licensed to practice in your jurisdiction for your particular business.


[1] See https://www.mofo.com/resources/insights/201116-foreign-direct-investment.html

[2] See https://www.gov.uk/government/publications/national-security-and-investment-bill-2020-factsheets/overview-of-the-investment-security-unit-factsheet

[3] See https://www.mofo.com/resources/insights/201116-foreign-direct-investment.html

[4] CFIUS has authority to review certain non-controlling investments in US businesses. A covered investment is one in which (1) a foreign person invests in a US business that is involved in critical technology (T), critical infrastructure (I), or sensitive personal data (collectively, TID US business).

[5] See https://www.lw.com/thoughtLeadership/committee-foreign-investment-united-states-key-questions-answered-CFIUS#:~:text=CFIUS%20stands%20for%20the%20Committee,could%20impair%20US%20national%20security.

[6] Certain transactions involving foreign government-controlled investors and target US businesses dealing in critical technology, critical infrastructure, or sensitive personal data continue to be subject to mandatory CFIUS review.

[7] https://www.dlapiper.com/en/us/insights/publications/2020/09/new-cfius-regulations-change-mandatory-filing-requirements/#:~:text=Under%20the%20existing%20CFIUS%20regulations,either%20used%20by%20the%20US

[8] See https://www.mofo.com/resources/insights/201116-foreign-direct-investment.html

[9] See https://www.mofo.com/resources/insights/201116-foreign-direct-investment.html

[10] Id.

[11] Id.

[12] Id.

[13] See https://www.gov.uk/government/publications/national-security-and-investment-bill-2020-factsheets/overview-of-the-investment-security-unit-factsheet

[14] See https://www.mofo.com/resources/insights/201116-foreign-direct-investment.html, see also https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/934276/nsi-impact-assessment-beis.pdf

[15] See https://www.mofo.com/resources/insights/201116-foreign-direct-investment.html

[16] Id.

[17] Id.

[18] See https://www.lw.com/thoughtLeadership/committee-foreign-investment-united-states-key-questions-answered CFIUS#:~:text=CFIUS%20stands%20for%20the%20Committee,could%20impair%20US%20national%20security.

[19] Id.

[20] Id.

[21] Id.

[22] Id.

[23] https://www.pillsburylaw.com/en/news-and-insights/nis-bill-uk.html

[24] Id.

[25] Id.

[26] https://www.lw.com/thoughtLeadership/committee-foreign-investment-united-states-key-questions-answered-CFIUS#:~:text=CFIUS%20stands%20for%20the%20Committee,could%20impair%20US%20national%20security.

2024 Inventus Law. All rights reserved. | Website Designed By Blue Astral