Yellow abstract of floor level.

White Paper on National Security and Investment

17 December 2018. Published by Neil Brown, Partner and Charles Buckworth, Senior Associate

In our last blog, published on 11 December 2018, we explained the motivation behind the UK government's white paper on national security and investment. In this blog, we explain more of the detail in those proposals.

What would the proposals capture?

Whilst the proposals are still only at white paper stage, there is no doubt that that the legislation would be very broad reaching.  The government would have the power to intervene in relation to any "trigger event" which gives rise to "national security concerns".

Trigger events would not just be corporate transactions in the traditional sense, but could include more or less anything, including the granting of IP licences, the entry into of outsourcing arrangements or even the appointment of a director to a board. 

There will be no "safe harbours" and no thresholds based on turnover or deal value or other economic criteria.

What are "national security concerns"?

The white paper does not attempt to give definitions, but sets out a series of often overlapping principles.  The white paper is accompanied by a draft "statement of policy intent".  This statement of policy intent will require approval by Parliament at least every five years, and is intended to provide guidance on the types of risk the government is seeking to address.

It is almost impossible to extrapolate a single and coherent statement of what "national security concerns" is intended to mean.  However, the white paper and draft statement of policy intent set out a number of examples which show that the concept is intended to be extremely broad.  For example:

- acquiring control over a business providing data-hosting servers to a defence contractor

- acquiring the IP used by a third party service provider to run data servers for an energy company

- acquiring land that is adjacent to national infrastructure sites

- acquiring a business that designs computer hardware components found in electrical goods that could be remotely accessed to undermine UK national security (e.g. listening devices in TVs and computers)

- acquiring deep sea cables which supply energy to the UK

What is the "acquirer risk"?

The "acquirer risk" is stated to be a relevant consideration.  Whilst this is perhaps the key point of the entire proposals, it is the one with the least explanation or detail.

The draft statement of policy intent refers to "hostile states", "hostile parties" and "hostile actors".  No list of hostile states is provided, although the limited press commentary to date identifies China is the main target of the proposals.  Hostile actors do not always identify themselves as clearly as Dr Evil from the Austin Powers franchise, so it is not certain how civilian parties (who do not have access to state intelligent services) are supposed to know who they can and cannot deal with.

The white paper also makes the perhaps provocative statement that "foreign states and foreign nationals are comparatively more likely to pose a risk than UK-based or British acquirers". 

What are the powers?

Whilst the government will encourage voluntary notifications, the government will also have power to "call in" any trigger event where it has a "reasonable suspicion" it "may give rise to a national security risk". 

Of encouragement is the statement that it would be possible to engage with the government at an early stage for informal guidance on whether a notification would be appropriate.

If the government decides that a full assessment is required, the government would have up to 75 business days to make that assessment (with the "clock stopped" while parties respond to any information requests made by the government").

The government could impose conditions or outright block proposed trigger events.  The government could also unwind trigger events which had already taken place.

Government decisions would be subject to appeal to the High Court on principles similar to judicial review.

What are the sanctions?

Failure to comply with conditions imposed by the government would be a criminal offence liable to unlimited fines and up to five years imprisonment.

In addition, civil financial penalties could be imposed of up to 10% of worldwide turnover for a business (or for an individual, the greater of 10% of total income or £500k).  These civil penalties are proposed as being more "nimble" than criminal prosecution. 

Who needs to think about this?

Given the very broad ranging scope of "trigger events" and "national security interests", these proposals will be not just be relevant to those engaged in traditional military or defence industries.  In fact, the rules will need to be considered by those engaging in activities of an entirely civilian character. 

For example:

- suppliers to national infrastructure facilities such as hospitals, airports and power plants

- those researching tech and digital developments for civilian use, but which could be acquired and turned to military use

- the providers of services on which everyday economic activity depends (such as digital banking or payment systems)

- anybody proposing to transact with a Chinese entity

What happens next?

Consultation on the white paper has now closed.  The next step is for the government to present a bill to Parliament.  Once this has been done, the timing for implementation should become clearer.