National Security and Investment (NSI) Act 

The National Security and Investment (NSI) Act came into force on 4 January 2022. The Act gives the government powers to scrutinise and intervene (block, unwind etc) acquisitions in business transactions to protect national security, while providing businesses and investors with the certainty and transparency they need to do business in the UK.  

The government has provided general guidance and guidance for academia which includes case studies. 

“Acquisitions” can include acquisition of entities, control of entities and extends to assets.   

An “entity” can include other universities, research organisations, spin-out companies or any company doing contractual work with the university. 

As well as tangible items, equipment or property, “asset” can include “ideas, information or techniques which have industrial, commercial or other economic value (‘intellectual property’)” = potentially information and deliverables etc. which may be provided in the context of a research project / collaboration. 

Action Required to Comply 

Universities are generally the asset provider, which means we are normally considering voluntary notifications. Declarations are voluntary when providing assets. 

Declarations can be ‘called-in’ (reviewed) by the Secretary of State and if so our due diligence processes would be investigated, and a decision would be made if the acquisition could proceed. 

When an agreement is proposed where there is potential acquisition additional questions may need to be asked about the technology and the acquirer to assess if it falls within the scope of the Act and the risk level involved. 

The University Approach 

The University takes a risk-based approach to voluntary declarations. We consider the target (subject) risk, acquirer (partner) risk and control risk – plus reputational & financial risk to University. Where such a risk is identified the case will be referred to the Trusted Research Advisory Group for a decision as to whether a voluntary notification is required.  

The Research Governance and Integrity Team will work with researchers and other teams at the University as appropriate, (e.g. the Commercialisation & IP team, Contracts team, Project Coordinators), to make a risk-based assessment of each case and determine if it requires escalation to the Trusted Research Advisory Panel for further discussion.  

Assessing Risk 

What is being acquired? (“Target Risk”) 

The target is the entity (e.g. company) or asset (e.g. IP) that has been/will be acquired. In assessing the target risk, the Secretary of State will consider what the target does, is used for, or could be used for, and whether that has given rise to, or may give rise to, a risk to national security. Assessment of the target risk may also involve consideration of any national security risks arising from the target’s proximity to sensitive sites.  

The Secretary of State considers that qualifying entities which undertake activities in the 17 areas of the economy listed below, or closely linked activities, are more likely to raise a target risk than other qualifying entities.  

  • Advanced Materials  
  • Advanced Robotics 
  • Artificial Intelligence  
  • Civil Nuclear  
  • Communications  
  • Computing Hardware  
  • Critical Suppliers to government  
  • Cryptographic Authentication  
  • Data Infrastructure  
  • Defence  
  • Energy  
  • Military and Dual-Use  
  • Quantum Technologies  
  • Satellite and Space Technologies  
  • Suppliers to the Emergency Services  
  • Synthetic Biology  
  • Transport 

If the target subject is in one of the 17 sensitive areas of the economy the UK government has identified ,then the risk is considered high 

Activity that falls outside of the 17 sensitive areas, related to one of the 17 areas but not within the definition of them in the regulations also carry higher risk. 

Export controls may also apply.

Researchers can find out more details about the sectors here: 


Who is acquiring it? (“Acquirer Risk”) 

The sector(s) of activity, technological capabilities and links to entities which may seek to undermine or threaten the national security of the UK, are likely to be considered in order to understand the level of risk the acquirer may pose. 

If an acquirer has links to entities which may seek to undermine or threaten the national security of the UK, this does not automatically mean that the acquisition will be called in, and judgements will not be based solely on the country of origin. However, ties or allegiances to states/organisations hostile to the UK will be considered. 

The acquirer risk would be higher if there are any end-user concerns, arms embargo, sanctions etc. against the acquirer entity. Researchers should ensure that appropriate due diligence [link to Partner Due Diligence page] is done on each partner / funder / acquiring entity at an early stage and before engagement as that will help inform the risk level and enable decision-making. 

What’s the nature of the exchange? (“Control Risk”) 

The control risk will be assessed by understanding the degree of control being obtained. In relation to an entity, this may include voting rights that allow the acquirer to pass or block resolutions governing affairs; board membership or right to appoint board members to influence strategic direction or voting outcomes; directing or controlling use; acquiring a smaller degree of control but has material influence over entity, for example the acquirer is able to pass or block resolutions governing the affairs of the entity. In relation to a qualifying asset (such as intellectual property) this may include the acquisition of a right or interest in, or in relation to, the asset providing the ability to: (i) use the asset, or do so to a greater extent than before the acquisition; or (ii) direct or control how the asset is used, or do so to a greater extent than before the acquisition.