National Security: The NSI Act

The UK’s National Security and Investment Act 2021 (NSI Act) introduced a comprehensive regime allowing the government to screen acquisitions of control over entities and assets that could affect national security. It applies regardless of deal value or investor nationality, meaning every UK transaction team – including accountants and company administrators – must understand when the Act is triggered and how to comply.

The NSI Act has become a standard checkpoint in due diligence. Accountants and company secretaries are often first to spot potential trigger events in share transfers, group restructures or share security arrangements, and are key to ensuring timely filings and accurate information. In addition, because the NSI Act applies to transactions involving technology and AI, the key importance of these sectors to the UK economy will make this a highly significant consideration for the foreseeable future.

What transactions are covered?

The NSI Act applies when an acquirer gains control over a ‘qualifying entity’ or ‘qualifying asset’. Qualifying entities include companies, LLPs and other corporate bodies (excluding individuals). Qualifying assets include land, tangible moveable property, and intangible assets such as ideas, IP and techniques with economic value used in connection with UK activities and supplies.

Importantly, there are no turnover or market-share thresholds, and UK investors are not exempt. The rules can also extend overseas if there is a sufficient UK connection – for example, a non-UK company supplying goods or technology into the UK. A filing or review may be required due to a range of trigger events that involve acquiring control over qualifying entities or assets. These events can arise through share issues, intra-group transfers, enforcement of security or even shareholder agreement amendments. Administrators and finance teams must review share registers and transaction steps carefully to identify potential triggers.

Notification requirements

A range of sectors are subject to mandatory pre-completion notification, including advanced materials and robotics, AI, defence, computing hardware, data infrastructure, energy, quantum, satellite and space, transport and communications.

If a company’s activities fall within these areas, any acquisition crossing the control thresholds must be notified and approved before completion. A transaction that completes without approval is legally void, exposing parties to significant penalties: up to the greater of £10 million or 5% of global turnover, and possible imprisonment for individuals.

For deals, this means that due diligence and sign-off processes must include an explicit NSI compliance check. Filing obligations can delay completion, so timing and conditionality should be built into transaction timetables.

If a transaction is not subject to mandatory notification but could still raise national security concerns – for example, where the target supplies a sensitive customer or handles critical data – a voluntary filing can offer greater certainty. Unlike mandatory cases, voluntary notices may be submitted before or after completion, but early engagement is strongly advised to avoid later intervention.

Even where no filing is made, the government can call in a transaction for review within six months of becoming aware of it, or up to five years after completion (unless a mandatory filing should have been made). The call-in power applies to any in-scope acquisition completed since 12 November 2020. In 2024–25, 56 deals were called in for full review – a rising trend that underlines the government’s appetite to scrutinise transactions beyond the obvious defence or tech deals.

Risk factors

The Secretary of State considers key risk factors. Target risk involves what the entity or asset does, its proximity to sensitive sites, and critical supply relationships. Control risk considers the type and degree of control being acquired and whether it could be used to harm national security. Acquirer risk covers the characteristics of the buyer, including previous conduct, ownership ties and exposure to hostile states.

UK nationality does not exempt a buyer; each case is judged on its facts. For accountants or administrators reviewing ownership structures or beneficial ownership declarations, documenting these details is essential.

The notification and review process

All filings are submitted via the NSI electronic portal to the Investment Security Unit (ISU) within the Cabinet Office. A representative, such as a law firm, may submit the form.

Once a notice is submitted, acceptance by the ISU typically takes about a week. Once accepted, the Secretary of State has 30 working days to clear the transaction or call it in for further review. If called in, there is an initial assessment period of 30 working days, extendable by 45 days if needed.

If a national security risk is identified and additional time is required to develop appropriate remedies, the parties may agree to a further voluntary extension. During the assessment period, the timeline may be paused if the Secretary of State issues information or attendance notices.

Throughout this process, the ISU may request detailed information about ownership, structure, customers and sensitive activities – areas where accountants and company secretaries play a critical evidentiary role.

If a mandatory filing was missed and the deal completed, the parties can seek a validation notice. If granted, the transaction is treated as approved and ceases to be void. However, the government may issue a call-in notice within six months of becoming aware of the deal. Swift voluntary disclosure is therefore the safer path.

Interim orders and information powers

During an investigation, the Secretary of State can issue interim orders to prevent completion or integration – for example, ordering the parties to refrain from sharing IP or other information. Breaching an interim order constitutes both a civil and a criminal offence.

The Secretary of State also has wide-ranging information powers, including the ability to compel interviews and documents from UK-linked individuals and businesses. False or misleading information is itself an offence – making careful review of filings and correspondence a key compliance function.

Following assessment, the Secretary of State may issue clearance, confirming no further action; or a final order imposing conditions such as access to sensitive sites or information, supply continuity, technology transfer or governance arrangements. In rare cases, deals can be prohibited or unwound entirely. Final orders are kept under review and can later be varied or revoked.

Sanctions and enforcement

Civil penalties apply for completing notifiable acquisitions without approval, breaching orders or failing to comply with information/attendance notices. For businesses, the maximum fixed penalty is the higher of £10 million or 5% of global turnover; for individuals, it is up to £10 million. Daily penalties may apply for continuing breaches.

Criminal penalties of up to five years’ imprisonment apply for completing a notifiable acquisition without approval or breaching orders.

Government guidance

Comprehensive government guidance is available to help parties navigate the NSI regime, including sector definitions for notifiable acquisitions and instructions for notification forms. Early engagement with the ISU can help to clarify borderline cases and prevent avoidable delays. For many businesses, this is becoming part of normal pre-deal planning alongside tax and accounting checks.

Practical takeaways for accountants

Build NSI screening into early due diligence: Check whether the target’s activities fall within sensitive sectors and whether any ownership changes could trigger a filing. Be alert to adjacent activities and supply chain roles, and to indirect acquisitions through chains of ownership.

Allow for timing: Factor in up to 30 working days for screening, and potentially 75 days if called in, when structuring completion dates or funding arrangements.

Consider voluntary filings: When in doubt, early notification can protect against future disruption.

Maintain accurate records: Ensure all filings, ownership details and correspondence are complete and verifiable. False information can reopen cleared cases and expose individuals to prosecution.

Keep abreast of reforms: Ongoing consultation means the scope of mandatory sectors may expand. Staying informed helps businesses plan ahead.

 

Author bios

Oliver Williams
Partner in Corporate
Katten Muchin Rosenman LLP

Edward A. Tran
Partner in Financial Markets & Funds
Katten Muchin Rosenman LLP

"Accountants and company secretaries are often first to spot potential trigger events in share transfers, group restructures or share security arrangements, and are key to ensuring timely filings and accurate information."

"Early engagement with the ISU can help to clarify borderline cases and prevent avoidable delays. For many businesses, this is becoming part of normal pre-deal planning alongside tax and accounting checks."