National Security Governance in the UK Defence Sector

Navigating the National Security and Investment Act (NSIA)

‍

The convergence of increased UK defence appropriations and zero-tariff aerospace trade with the US has catalysed significant institutional interest in the UK defence industrial base. However, these opportunities are inextricably linked to a rigorous and mandatory regulatory architecture.

‍

The Regulatory Landscape: Mandatory Filings

M&A activity within the UK defence sector almost invariably necessitates sovereign approval under the National Security andInvestment Act 2021 (NSIA). While the majority of transactions are cleared unconditionally, the Government, acting via the Cabinet Office, retains the authority to impose restrictive conditions or prohibit transactions entirely.

The Trigger Mechanism for Mandatory Notification: A filing is mandatory when the following criteria are met:

1. Sectoral Sensitivity: The target’s operations fall within one of 17 defined sectors, including Defence, but also dual-use technology such as Cryptographic Authentication, Advanced Robotics, and Satellite Technology.
2. Control Thresholds: An investor acquires 25% or more of shares or voting rights, or crosses existing thresholds of 25%, 50%, or 75%.

Unlike the CFIUS regime in the US, the NSIA applies to both domestic and foreign investors and lacks a de minimis revenue threshold. Furthermore, non-UK entities may be captured if they undertake "qualifying activities" within the UK or supply goods/services to UK persons.

‍

Process, Timelines, and Sanctions

Approval must be secured prior to transaction completion. Failure to comply renders the transaction voidable and exposes the acquirer to significant civil and criminal penalties.

• Standard Review: Typically requires approximately two months.
• Transactional Drafting: Regulatory timelines must be hard-coded into transaction documents, utilising NSIA clearance as a Condition Precedent (CP) and     establishing realistic long-stop dates.

‍

Conditional Approvals and "Behavioural"Remedies

Investors must remain cognizant of the Government’s power toimpose "remedies" to mitigate perceived national security risks.Notably, scrutiny is not limited to hostile actors; nearly 50% of called-indeals in the last year involved UK-based investors, with 20% involving USentities.

‍

Common Regulatory Measures:

SecureCos: Ring-fencing sensitive assets within dedicated, secure corporate vehicles.

Information Barriers: Restricting access to proprietary or classified data.

Governance Mandates: Appointment of UK-resident directors and Government "step-in" rights.

Operational Commitments: Requirements to maintain UK-based R&D, supply chains, and employment levels.

‍