Protecting national interests and sovereignty is a crucial duty for states in an always-evolving global economy. Governments establish laws to protect vital industries and resources from possible dangers, both local and foreign.

We explore the fast-evolving area of national security law in an era marked by intense geopolitical complexities.

Share

Not your usual M&A. Transportation sector M&As are unique. Don’t forget to assess whether local laws prevent the acquisition of defense or critical technologies.

UK

The National Security and Investment Act (NSIA), came into effect in April 2021. The NSIA’s main goal is to increase the level of scrutiny over foreign investments, especially those that might endanger national security. This law requires that investments made in a wide range of industries, which includes defense, energy and essential infrastructure, are carefully evaluated for any potential security consequences.

The NSIA identifies 17 sensitive areas of the economy that are ‘notifiable acquisitions’.

These 17 areas include:

1.    Advanced Materials

2.    Advanced Robotics

3.    Artificial Intelligence

4.    Civil Nuclear

5.    Communications

6.    Computing Hardware

7.    Critical Suppliers to Government

8.    Cryptographic Authentication

9.    Data Infrastructure

10. Defense

11. Energy

12. Military and Dual-Use

13. Quantum Technologies

14. Satellite and Space Technologies

15. Suppliers to the Emergency Services

16. Synthetic Biology

17. Transport

The NSIA mandates that individuals or entities are required to notify the government if an entity performs a certain activity that may fall under the purview of one of the above-mentioned “sensitive areas”.

NSIA’s information page (which you can find here) provides helpful examples. Obtaining government clearance or a lawyer’s opinion in an M&A transaction can provide comfort to parties.

Businesses should note that the NSIA mandates that if a deal requiring mandatory notification is completed without the compulsory approval, it will be considered void. In addition to this, businesses may even be subject to heavy fines for non-compliance. The fine can be the higher of £10 million or 5% of worldwide turnover of the entity. Penalties may even include something known as a “daily rate fine” i.e., a fine of up to £200,000, or 0.1% of the turnover for every extra day of non-compliance. The Secretary of State may even pursue civil litigation to obtain injunctions that order strict compliance, or even criminal litigation in the worst cases with penalties including fines, imprisonment and disqualification as a director.

Note: Even individual officers of an entity (and not just the entity as a whole) can be found guilty of an offence, as the case may be.

US

Now let’s take a look across the pond to the CFIUS in the U.S.

CFIUS has been around the block for a while, with its roots tracing back to an executive order from the '70s. Like its UK counterpart, CFIUS is all about keeping tabs on foreign investments that could spell trouble for national security. The legislation has been further updated to meet modern security standards, thanks to recent legislation like the Foreign Investment Risk Review Modernization Act 2018.

CFIUS carries out thorough evaluations to pinpoint and resolve possible threats to the country's security posed by foreign investments, especially in areas like defense, critical infrastructure, and sensitive technology. The committee can suggest mitigating activities or, in extreme circumstances, suggest that the President halt transactions that are thought to be harmful to national security.

But here's the kicker: it applies as largely voluntary process. Companies may choose file with CFIUS, but if they don't and things go sideways, well...

Failure to comply with the CFIUS may result in significant legal and financial repercussions overseen by the Office of Investment Security (OIS) of the U.S. Department of Treasury. Firstly, penalties and fines constitute a primary repercussion for individuals or businesses found to be in breach of CFIUS regulations. Such sanctions can be severe, encompassing monetary fines of up to $250,000 or even asset confiscation in certain cases.

Deliberate violations or significant non-compliance with CFIUS regulations may even prompt legal action, including civil or criminal prosecution against offending individuals or entities. Such legal proceedings can entail additional financial penalties based on enforcement and penalty guidelines published in October 2022. While costly penalties are few, publicly reported violations of certain orders or agreements have seen penalties ranging from $750,000 to $1,000,000.

Singapore’s new Significant Investments Review Bill

The Significant Investments Review Bill (SIRA), passed by the Parliament in January 2024, is like a high-tech security system for Singapore's defence sector. Before SIRA, Singapore relied on sector-specific legislation, such as legislative prohibitions on foreign ownership and licencing regimes where investors must seek approval from relevant regulators.

The goal of SIRA is to give Singapore an "updated toolkit" to handle the risks associated with large investments in important entities, while supplementing the current sectoral safeguards by establishing a new investment management framework for those entities determined to be essential to national security. Entities that are considered critical but are not yet protected by current law will be subject to the new law.

SIRA envisions that the provision of a critical function in connection to the nation's national security interests, such as serving as a major supplier of security-related services in situations when there are few or no alternatives.

The government says that, following the law's enactment, the list of designated entities will be made public in the Government Gazette. If designated entities no longer satisfy the necessary requirements, they may be excluded from the list.

Instead of designating by sectors (like the NSIA and CFIUS), it appears that Singapore has deliberately chosen an entity-based approach to lessen regulatory burden and better balance the effects on enterprises and national security.

Under the new law, entities that are designated must notify the authorities of changes in ownership or control or obtain their approval. Any transactions that take place without the required authorizations will be deemed void.

While we wait to see the effect SIRA would have on entities across Singapore, it is reassuring especially for businesses that the rights of the entities are also well-protected and enforced under the new law. Affected entities may appeal rulings to an impartial reviewing panel in order to request a reassessment of those decisions. Additionally, an office will be established by the Ministry of Trade and Industry to act as a special one-stop shop for all interested parties.

Now that you have an idea of how things work in the UK, US and Singapore, it is vital to understand that the endgame of the NSI, CFIUS, or SIRA is ultimately to protect national security. While each nation has done it in its own way, the objective of these regulations are the same.

So, keep these laws in mind as you steer your business journey into international waters. And more importantly, don't be hesitant to seek relevant legal expertise along the way. Compliance might look like a tall obligation at first, but precautionary measures always trump potential regrets.