The new NSI act

Adam Zoldan, Knight Corporate Finance co-founder and Director, unravels the implications of new legislation linked to national security risks on certain M&A deals in the UK comms channel…

In a market where we continue to see a huge volume of deal activity, we are also witnessing significant delays in building up due to a new piece of legislation designed to protect the national security of the UK.

The National Security and Investment Act 2021 (the Act) has a scope which is likely to become a major consideration for many deals involving comms providers, IT service providers, MSPs, ISPs, hosters, cloud service providers, data centres and technical specialists
across the whole spectrum of the UK channel.

The Act allows the Government to scrutinise and intervene in certain acquisitions made by anyone, including businesses and investors, which could harm the UK’s national security.

Subject to certain criteria, you are legally required to tell the Government about acquisitions that are involved in 17 sensitive or key sectors of the economy (known as a mandatory notification). Failure to comply may result in turnover-based fines, criminal liability and the risk of transactions being void.

The key sectors are wide-ranging and include robotics, military and quantum technologies.

However, there are a number of areas that are pertinent to the channel and invariably will now be a factor any acquirer will include as part of the acquisition process.

Currently, the four areas that most commonly apply to the IT and comms channel are communications, data infrastructure, critical suppliers to Government and suppliers to the emergency services.

It is early days for the Act and the guidance is ambiguous in places, but there are some clear limitations that hopefully will exclude your deal from the scope of the Act.

Within the communications area, if the target company has a turnover of less than £50million then it is outside the scope. Fortunately, this covers the majority of deal activity in this sector.

However, as the channel converges across industry sectors, you need to consider all areas that may be relevant to you. For example, data infrastructure deals with physical or virtualised infrastructure used for the storing, processing or transmitting of data in digital form will come under scrutiny.

It is early days for the Act, but we are seeing it become a factor in all of our deals

This area, while separate from ‘communications’, could pick up data centres (physical or virtualised), ISPs and comms providers including resellers that operate network infrastructure within the scope of the Act. The definition is relatively wide and can include companies that have no infrastructure but provide technical services or administrative access to data infrastructure where a public sector customer is involved.

If you clear these obstacles, the final two areas to check involve your customer base. In terms of being a ‘critical supplier to the Government’, unless you require listX accreditation, process or store information classed as ‘secret’, or have your employees vetted at a Security Check (SC) level, you are unlikely to fall into the scope of the Act. However, if you provide services to the emergency services the scope is relatively wide and includes aspects of infrastructure, voice and data communications. This means comms providers may fall into the scope of the Act even when the deal size is small.

Implications for comms providers

For anyone involved in or considering a deal, whether as an investment, an acquisition or an exit, preparation is key. It is worth taking the time to understand the Government guidance to ascertain whether there is a risk of your deal (which can involve any and all changes to the shareholders) falling into the scope of the Act.

For the vast majority of deals, the worst-case scenario should be no more than a delay. The Government has a maximum of 30 working days to clear a deal notified under the mandatory notification, but it can extend this to investigate further. It is important to understand that while your business may fall within the scope, it is the acquirer that will come under scrutiny rather than you or your business, although you would clearly need to assist the buyer with their enquiries and the preparation of any such notification.

It is very early days for the Act, but we are seeing it become a factor in all of our deals. We are seeing legal opinion showing some variance as legal advisers can interpret the guidance differently.

Currently, we have no clear visibility of how long the process will actually take as it is too early for any feedback on the process. However, we suspect hundreds of deals will have been submitted so far this year alone.

Hopefully, in time the process will become simpler and the guidance clearer, but for now it is important for all parties considering a deal to factor this Act into their timetables – and if there is a risk of falling into the scope, to ensure the acquiring party makes their submissions early, particularly if time is of the essence.