National Security and Investment Act

The National Security and Investment (NSI) Act 2021 came into force on 4January 2022 and grants the government the right to scrutinise and intervene in certain acquisitions made by anyone, including universities, businesses, and investors, that could harm the UK’s national security.

Where deemed appropriate, the government will be able to impose certain sanctions on acquisitions and even, on rare occasions, block or unwind acquisitions where necessary.

The government can call in an acquisition for assessment if it reasonably suspects that it is a qualifying acquisition that has given rise to, or may give rise to, a risk to national security. The right to call in can occur up to five years after the acquisition or whilst the acquisition is in contemplation or progress. Acquisitions completed before 12 November 2020 are outside the scope of these call-in powers.

The rules apply to acquisitions involving qualifying entities and assets (see below for examples). The NSI Act applies to transactions involving British as well as foreign partners.

Qualifying entities

A qualifying entity is any entity other than an individual, including a company, a limited liability partnership, any other body corporate, a partnership, or an unincorporated association or trust.

Examples of qualifying entities relevant to the higher education sector include a foreign or UK:

University, which is registered as a charitable organisation
Private university
Trust
University spin-out
University subsidiary (for example a company that a university has incorporated and carries out specific activities that the university operates)
Research organisation
Private company or corporation doing contractual work with a higher education institution or research organisation.

Qualifying assets

A qualifying asset includes land, tangible, moveable property, and ideas, information or techniques which have industrial, commercial or other economic value (‘intellectual property’).

Examples of qualifying assets relevant to the higher education sector include:

Designs
Plans, drawings and specifications
Software
Trade secrets
Databases
Source code
Algorithms
Formulae
Land
Tangible moveable property, such as laboratory equipment

An acquisition of a qualifying entity or asset is a called a qualifying acquisition if you acquire a right or interest in it, or in relation to it, and the level of control you acquire meets the thresholds specified in the legislation (see Article 8 for entities and Article 9 for assets). In the legislation, this is defined as a trigger event.

The Act is administered by the Investment Security Unit (ISU) in the Cabinet Office.

The “call-in” power

The government can call in an acquisition for assessment if it reasonably suspects that it is a qualifying acquisition that has given rise to, or may give rise to, a risk to national security. The Statement for the purposes of Section 3 details how the Government expects to use the call in power.

The Government will consider the following “risk factors” when deciding whether to call in a qualifying acquisition:

Target risk - This concerns whether the target of the qualifying acquisition (the entity or asset being acquired) is being used, or could be used, in a way that raises a risk to national security.
Acquirer risk - This concerns whether the acquirer has characteristics that suggest there is, or may be, a risk to national security from the acquirer having control of the target.
Control risk - This concerns the amount of control that has been, or will be, acquired through the qualifying acquisition. A higher level of control may increase the level of national security risk.

If a qualifying acquisition is called in, the Government has 30 days to review it. This can be extended by a further 45 days. After this extension, further extensions are only possible with the agreement of the acquirer.

Call-in can happen up to 5 years after a qualifying acquisition if the necessary notification was not given to the Secretary of State, and up to 6 months after the Secretary of State has been made aware of an acquisition.

Notifications to government

The requirement for notifications only applies to qualifying acquisitions of entities in 17 sensitive areas the UK government considers likely to give rise to national security risks (see below).

17 sensitive areas of the economy

Advanced Materials
Advanced Robotics
Artificial Intelligence
Civil Nuclear
Communications
Computing Hardware
Critical Suppliers to Government
Cryptographic Authentication
Data Infrastructure
Defence
Energy
Military and Dual-Use
Quantum Technologies
Satellite and Space Technologies
Suppliers to the Emergency Services
Synthetic Biology
Transport

There are three kinds of notifications and applications universities can or must make to the government relating to the NSI Act:

Mandatory notifications: we are legally required to tell the government about acquiring entities (but not assets) in 17 sensitive areas of the economy (see Box 1).
Voluntary notifications: we can submit a voluntary notification if we are a party (acquirer or acquiree) to a completed or planned qualifying acquisition that is not covered by mandatory notification, and we wish to be certain whether the acquisition will be called in.
Retrospective validation applications: we can apply for retrospective validation if we have completed a notifiable acquisition without notifying.

The Research Governance & Compliance Team in R&IS will handle all notifications relating to research activities. Please contact R&IS if you think your activities require notification under the NSI Act, do not make notification directly without first contacting the Research Governance & Compliance Team.

Who to contact

Notifications to government

The requirement for notifications only applies to qualifying acquisitions of entities in 17 sensitive areas the UK government considers likely to give rise to national security risks (see below).

17 sensitive areas of the economy

Advanced Materials
Advanced Robotics
Artificial Intelligence
Civil Nuclear
Communications
Computing Hardware
Critical Suppliers to Government
Cryptographic Authentication
Data Infrastructure
Defence
Energy
Military and Dual-Use
Quantum Technologies
Satellite and Space Technologies
Suppliers to the Emergency Services
Synthetic Biology
Transport

There are three kinds of notifications and applications universities can or must make to the government relating to the NSI Act:

Mandatory notifications: we are legally required to tell the government about acquiring entities (but not assets) in 17 sensitive areas of the economy (see Box 1).
Voluntary notifications: we can submit a voluntary notification if we are a party (acquirer or acquiree) to a completed or planned qualifying acquisition that is not covered by mandatory notification, and we wish to be certain whether the acquisition will be called in.
Retrospective validation applications: we can apply for retrospective validation if we have completed a notifiable acquisition without notifying.

NSI Act resources

UK Government guidance for the higher education and research-intensive sectors
Universities UK International blog post
Universities UK guidance for universities

Contact

Research Governance & Compliance Team