When money crosses borders and lands in Britain, it doesn’t just slip quietly into the market. It’s met at the gate, checked, questioned — especially if it’s heading for industries the government sees as vital to the nation’s heartbeat. Think defense, energy, advanced tech: the kind of sectors where a single deal can tilt the balance of security.
That vigilance got sharper on 4 January 2022, when the National Security and Investment Act (NSIA) came into effect. This law handed the Secretary of State the authority to call in acquisitions, probe them, and—if the risk is too great—shut them down entirely. It’s less about mistrust of outsiders and more about not letting strategic levers slip into hands that might pull in the wrong direction.
In the chapters ahead, we’ll look at how this framework operates day to day, which deals raise red flags, and the mechanisms used to protect national interests — all within the broader story of how foreign direct investment in the United Kingdom is encouraged, welcomed, and, when required, firmly regulated.
FDI Oversight in the UK Through the Lens of the NSIA
Before the National Security and Investment Act reshaped the landscape, Britain took a comparatively light-handed approach to foreign investment control. The focus was mostly on keeping markets competitive and safeguarding public interest, rather than policing who bought what. The Competition Act 2002 was the anchor legislation of the time — establishing an independent antitrust body, the Competition and Markets Authority (CMA), to stop unfair market practices. Foreign investors could notify the CMA about their deals if they wished, but the agency would step in only when there was a clear reason. And even then, its gaze rarely wandered beyond competition concerns.
When the NSIA went into effect, that changed for good. This law granted the government the power to become involved in some deals if they could threaten the country's safety. The goal was clear and sharp: to keep ownership of strategically vital firms or assets from getting into the hands of people who could be a threat to the state.
The NSIA’s reach is broad. It covers acquisitions of shares, equity stakes, operational control over assets, as well as access to intellectual property and critical technologies. It applies not only to foreign players but also to UK-based investors, regardless of their nationality or registration address. At the heart of the regime lies a key concept — the trigger event — a point at which the level of influence gained by an investor becomes significant enough to demand official scrutiny.
A trigger event can take many forms. It might be acquiring voting rights that allow steering a company’s strategy, gaining the authority to decide how a key asset is used, or obtaining formal and informal levers of control. Once such a threshold is crossed, qualified investors are obliged to notify the authorities — even if they personally see no threat in their deal. The point is not to choke off investment, but to ensure that certain types of control do not compromise national security.
“Control” in this legal sense is interpreted widely. It includes direct command over a company’s operations, influence on high-level decision-making, and rights over the management of assets. Sometimes it’s explicit — a board seat or decisive voting power — and sometimes it’s subtler, such as contractual rights or operational dependencies that effectively give the investor the final say.
The law casts its net over both UK-incorporated entities and foreign organisations that do business in the country or supply goods and services to UK residents. Qualifying entities are not limited to private companies; they also include partnerships, trusts, and other non-individual structures. But simply belonging to one of these categories does not automatically trigger a review — the decisive factor is whether a trigger event occurs that grants real influence.
As for assets, the scope is even wider. Qualifying assets are not just property or machinery; they include intangible resources such as technologies and commercially valuable innovations. The law even extends to assets located abroad if they are linked to the UK — for example, an overseas data centre storing personal information of UK residents, or a foreign-controlled system that manages critical British infrastructure. Under the NSIA, such assets can still be brought under the protective umbrella of national security review.
Mandatory and Voluntary Paths Under the UK’s NSIA
The UK’s national security screening law splits investment oversight into two distinct lanes. One lane is fenced off — you need official clearance before moving ahead. The other is technically open, but with a signpost reminding you the government can still pull you over after the fact.
Mandatory clearance — deals in the “red zone”
This tighter process applies when buying a UK-registered company — not simply a building, a machine, or a trademark — whose work falls into one of the government’s strategic priority areas. These are the fields Whitehall sees as integral to the country’s long-term security and technological edge. If you’re operating here, a pre-deal green light from the authorities isn’t optional; it’s a starting requirement.
- When control or voting power changes, it goes beyond certain points. That could mean going from having a small stake to a large one, or from having some power to having almost complete control over strategic decisions. It can count even if the final owner stays the same during an internal restructuring as long as it changes who makes the decisions.
- In the Act, the goal is a "qualifying entity." A single business, a partnership, a trust, or some other kind of group can be meant by this. On the list are companies that are not based in the UK but do business in or sell directly to people in the UK.
- People think that its work is very sensitive. You can study advanced materials and AI, make things for defense, nuclear energy, and safe communications, and more. These are not niche areas. Some of the other industries in the "red zone" are data infrastructure, cryptography, robotics, aerospace, synthetic biology, quantum tech, and key service supply chains.
The exact roster has 17 sectors in total, but the principle is simple: if the activity underpins military capability, keeps the lights on, secures vital data, or preserves the UK’s high-end tech lead, it’s on the watchlist.
Voluntary notifications — a safety net with hidden stakes
When a deal sits outside the mandatory zone, the investor has the option — not the obligation — to tell the government in advance. This move is less about courtesy and more about hedging risk. Under the NSIA, the Secretary of State can still rewind the tape after completion if a transaction raises security concerns. A “call-in” can mean months of uncertainty, frozen assets, and reputational fallout.
Voluntary notifications cover a far wider playing field. They can be triggered by situations where the buyer gains enough influence to sway major decisions, even without holding a majority stake. That influence could be won through a seat at the boardroom table, contractual veto rights, or other levers built into corporate governance.
This path doesn’t just apply to company shares. It also extends to qualifying assets, which can be anything that, if controlled, might affect the UK’s security position. These include:
- Physical property such as land, facilities, or industrial installations.
- Technical resources like patented processes, proprietary software, or algorithms.
- Sensitive know-how — from manufacturing techniques to confidential data sets.
- Research outcomes or lab equipment with high commercial or strategic value.
The common thread is not ownership for its own sake, but the ability to decide how that asset is used — whether that’s deploying it, modifying it, or restricting others from access.
The Gatekeepers of the UK’s Investment Security
The Investment Security Unit isn’t a distant policy group — think of it as the control tower inside the Cabinet Office, scanning the radar for deals that could veer into sensitive territory. It answers directly to the Secretary of State, but its day-to-day job is far more hands-on than it sounds.
In practice, the ISU can freeze a deal mid-flight, request stacks of extra documentation, and even place temporary limits on who’s allowed to steer a newly acquired company. It can also turn back the clock on mergers and acquisitions that have already closed, sending them back for a fresh security check.
Failing to file a required notice under the NSIA isn’t a harmless oversight — it’s treated as a criminal offence. That can mean multi-million-pound fines, forced unwinding of the deal, and, in severe cases, prison time for those responsible. The reputational hit can linger even longer, making it harder to win government trust or industry partnerships in the future.
Once the ISU gives a transaction the green light, however, the matter is effectively closed. Investors can move forward knowing the government won’t revisit the deal later on security grounds — a certainty that’s worth as much as the approval itself.
Seasoned investors start their compliance work before any negotiation begins. That means checking whether the target company or asset sits within the NSIA’s scope, assessing the likelihood of a security flag, and preparing the paperwork well in advance.
This kind of caution is particularly important in high-tech manufacturing, defence supply, energy networks, or any infrastructure vital to public safety. It also matters for young companies taking foreign capital — a single line of code, patented process, or dataset with national-security value can bring an otherwise routine deal under the ISU’s microscope.
Contact our experts and get answers to your questions.
How the UK Screens Foreign Direct Investment
In the UK, a merger or acquisition involving an overseas buyer is more than a business handshake — it’s an event that can trigger a full-scale security review, especially when the target’s work touches defence, high-end technology, infrastructure, or any sector deemed critical to the country’s stability. The review process follows three main lines of inquiry.
How much control changes hands
The first lens focuses on the degree of influence the investor would gain. Once a stake reaches roughly a quarter of the shares or voting rights, the transaction enters the zone where formal notification is expected. Larger holdings mean more leverage over strategic direction, which in turn increases the potential security impact.
What the company does and where it operates
Here the attention shifts to the nature of the target. A company located near sensitive military facilities, working with dual-use technologies, engaged in cyber-security, or embedded in essential infrastructure will naturally raise the stakes. The risk rises further if the same company operates across more than one strategic sector.
Who the buyer is
Finally, regulators examine the acquiring party’s background. Prior conduct, links to unfriendly states, influence from foreign governments, or even indirect affiliations can weigh heavily on the decision. It’s not just about capacity to invest — it’s about the context in which that capacity is exercised.
ISU is the first checkpoint. It has up to five working days to verify whether the submitted notification is complete and compliant. If the form is incomplete or misses legal requirements, the ISU can request extra details or send it back entirely, forcing the applicant to restart the process.
Once a notification passes that stage, it moves to the Secretary of State, who has 30 working days to decide whether to approve the deal or trigger a deeper investigation. A full review adds another 30 days, and — if both sides agree — a further 45 days can be bolted on.
The government’s final stance on a deal can take several forms:
- Unconditional approval — the transaction proceeds as planned.
- Conditional clearance — permission comes with strings attached, such as changes in corporate structure, adjustments in board composition, or limits on information access.
- Outright prohibition — the deal is blocked entirely.
Structural conditions reshape how the company is run; behavioural conditions dictate how the parties act after completion — anything from periodic security audits to regular reporting obligations.
It's still possible to get a deal done even if you don't give notice ahead of time. The Secretary of State has 30 working days from the time they learn about it to start a review. They can also consent to a 45-day extension. From then, the process is the same as it is for notified cases.
There’s no government fee for filing, whether under the mandatory or voluntary route. Information on approved or blocked deals usually stays behind closed doors. Only in exceptional circumstances, where public interest demands it, will details be made public.
Legal Risks of Closing a Deal Without Prior Notification
Because the UK requires foreign investment, it is against the law to go through with a notifiable deal without first getting permission. People who don't follow the rules could get a fine of up to £10 million, which is equal to 5% of the buyer group's global sales. People who do deals like this can also spend up to five years in jail. Making a deal that doesn't follow the rules is against the law.
There is, however, a remedial route: a retrospective notification. If the Secretary of State later approves the deal, it becomes valid from the moment of that approval, with full legal effect as if cleared in advance.
Sector-Specific Features of UK FDI Regulation
NSIA introduced stricter notification and review rules for foreign investment in several priority sectors. Below are the key sector-by-sector features.
The Financial Conduct Authority (FCA) and the Bank of England (via its Prudential Regulation Authority (PRA) branch) are in charge of supervision in this field. Before a foreign buyer can buy an interest in a UK bank, insurance company, or investment business, they must first be checked for honesty and the ability to pay. According to FCA rules, if you possess more than one-tenth of a regulated firm, you have to let them know. The deal can't go through until the regulator says it's okay.
Telecoms, digital infrastructure, and high-tech businesses are being watched more closely. Regulation puts a lot of emphasis on protecting data, keeping networks safe from hackers, and making sure that communication networks can handle stress. NSIA covers deals that give over control of telecom businesses, data centers, encryption systems, or companies that make AI and machine learning technologies.
The requirements apply to more than just full purchases; they also apply to deals that give the buyer less than 50% ownership but provide them real power over management. The UK has also made it harder for vendors from high-risk areas to use government IT systems since 2023. They are especially concerned about the security of hardware and software and making sure they follow cyber-resilience standards.
Ecommerce, logistics, and digital platform sectors are expanding rapidly in the UK, and the foreign investment plays a major role. Yet deals involving control of large logistics hubs, delivery networks, or online marketplaces can trigger NSIA review — particularly if they involve access to personal data or control of key digital infrastructure. Post-Brexit, the UK’s GDPR-equivalent regime (UK-GDPR) continues to protect user rights, meaning non-whitelisted foreign investors must adopt extra compliance measures to meet domestic data protection requirements.
The UK Tax Landscape for Investors
One reason the UK remains such a draw for international capital is that, beyond its stable economy and well-oiled financial system, the rules are transparent enough for investors to plan years ahead. Tax policy is part of that clarity — but the details matter, and they vary by business size, activity, and income source.
The headline rate is 25%, applying to companies with annual profits over £250,000. At the other end of the scale, firms making £50,000 or less pay 19%. Between these points, the rate rises on a sliding scale — not in sudden jumps — so mid-sized businesses feel the increase proportionally as profits grow.
If part of a company’s income comes from exploiting patented inventions, the “Patent Box” regime can reduce the effective tax on that stream to 10%. It’s a deliberate policy lever: reward companies that create intellectual property and keep them developing it within UK jurisdiction.
Interest and royalties sourced in the UK are normally subject to a 20% withholding before the funds leave the country, whether the recipient is based in London or halfway around the world. Tax treaties can soften or remove this charge, but without such an agreement, the default rate applies.
Regulation of FDI in the United Kingdom and the European Union
Early 2025 brought a clear change of mood in London and Brussels: a tighter grip on who invests, where money travels, and what that means for security—both into their markets and out of them. On 15 January 2025, the European Commission issued Recommendation (EU 2025/63). It isn’t law, but it asks national governments to map and watch EU companies’ overseas bets more closely, with special attention to semiconductors, artificial intelligence, and quantumwork—fields where technology and security are tightly linked.
The document also sets two check‑in dates so progress doesn’t vanish into paperwork: updates by 15 July 2025 and 30 June 2026. The ambition is a shared, transparent picture across the bloc, so that high‑impact projects are assessed in a consistent way rather than through fragmented national practices.
Ireland introduces a new law on FDI screening
Another headline arrived on 6 January 2025: Ireland began enforcing its first statute requiring certain foreign investments to be examined before they close, with sensitive technologies front and centre. The law covers deals that shift control over Irish assets or change ownership levels in local companies.
Special attention falls on investors from outside the EU or EEA who lift their holding or voting power to 25% or 50%. Reaching those levels means the parties must file for review and secure clearance in advance. The upshot is greater clarity over who ultimately controls important Irish businesses—especially in technology‑heavy areas—and fewer opportunities for quiet changes of control in sectors that matter for national resilience.
A clear parallel can be drawn with the mechanisms regulating foreign direct investment in the United Kingdom, where similar safeguards have long been used to protect strategic industries and scrutinize changes in ownership within sensitive sectors of the economy.
Netherlands Moves to Widen “Critical Technology” Oversight
The Netherlands is taking steps to cast a wider net over foreign investments linked to advanced technology. At the end of 2024, the government outlined amendments to its screening regime that would bring more emerging fields under regulatory watch.
The proposal adds to the current roster of protected areas by naming six more: artificial intelligence, biotech, nano-scale engineering, innovative materials, precision sensor and navigation systems, and nuclear tech designed for medical purposes.
A key change is the much lower reporting threshold: if an investor acquires just a 10% voting share in a company working in any of these areas, the transaction would have to be declared to the Bureau for Investment Screening (BTI). The move is designed to make changes in ownership more transparent and to cut the risk of hidden influence in sectors central to security and innovation.
Greece Plans National FDI Review Rules
On 2 April 2025, Greece began taking public feedback on a draft law that would, for the first time, create a dedicated mechanism for screening certain foreign investments. The law is intended to align the country with the EU’s approach, while addressing its own security priorities.
Among the sectors slated for heightened review are energy networks, transport links, digital systems, defence production, cyber-protection services, AI-driven technologies, critical port and subsea facilities, and tourism hubs located in border regions.
Consultations closed on 17 April 2025, with lawmakers expected to act quickly. The measure is framed as both a safeguard for key industries and a way to ensure Greece can intervene early if a transaction raises strategic concerns.
Conclusion
For anyone eyeing the UK market, the regulatory environment changed fundamentally in 2022 when the National Security and Investment Act came into force. The law gave ministers broad power to review — and, if necessary, halt — deals considered a threat to national security.
Its reach is wide, taking in sectors from high-tech R&D and telecoms to defence suppliers, energy grids, and transport infrastructure. Breaching the rules isn’t a minor offence: it can mean financial penalties, blocked transactions, or court-ordered reversals. The smartest approach is to understand the regime in detail before you move — and to have advisers who can keep your deal both compliant and on track.
Our telegram channel
