Technology Sovereignty: Managing FDI and “Call-In” Risks in Tech Acquisitions

The era of frictionless global M&A has been replaced by a new doctrine: Technology Sovereignty. In the UK, this shift was codified by the National Security and Investment (NSI) Act, which granted the government sweeping powers to scrutinise and block acquisitions in sensitive sectors. As we navigate the current landscape, “National Security” has expanded its definition to include not just defence and dual-use tech, but also quantum computing, synthetic biology, and advanced semiconductors.

For boards and investors, Foreign Direct Investment (FDI) is no longer just a capital flow—it is a regulatory minefield. Managing the “call-in” risk—the power of the Secretary of State to retroactively review a deal—is now a critical component of transaction strategy.

Deal Uncertainty

Historically, a higher bid from an overseas buyer was often an easy choice for shareholders. Today, that bid comes with a “sovereignty discount” to account for the risk of a lengthy investigation or an outright block.

The NSI Act creates three distinct tiers of risk that buyers must navigate:

1. Mandatory Notification: Deals in 17 specific sectors (such as Energy, Communications, and AI) must be notified before they close.
2. Voluntary Notification: For sectors that fall just outside the mandatory list but could still pose a risk, parties often notify voluntarily to gain legal certainty.
3. The “Call-In” Power: The government can “call in” any deal for review up to five years after the event if it wasn’t notified and is later deemed to pose a security risk.

1. The Expanding Definition of “Sensitive”

The challenge for tech acquisitions is that “sensitivity” is a moving target. In 2026, the focus has shifted from hardware to Data Sovereignty. If a UK tech firm holds a significant dataset on UK citizens—even if that data is anonymised—an acquisition by a buyer from a “non-aligned” jurisdiction is likely to trigger a review.

Furthermore, the concept of Systemic Criticality is now a factor. If a startup provides a niche software component used by the NHS or the National Grid, it may be deemed “sovereign” tech, even if its revenue is modest.

2. De-Risking the Deal

To navigate these hurdles, sophisticated buyers are adopting “Sovereignty-First” strategies long before they reach the letter of intent (LOI).

• Pre-Emptive Engagement: Engaging with the Investment Security Unit (ISU) early in the process. This “informal” dialogue can help gauge the temperature of a deal before it becomes a public or political issue.
• Carve-Outs and “Ring-Fencing”: In some cases, a buyer may agree to “ring-fence” the UK-based R&D or sensitive data assets, ensuring they remain under UK jurisdiction and management even if the parent company is foreign.
• Governance Undertakings: Buyers are increasingly offering binding commitments regarding board composition (e.g., ensuring a majority of UK citizens on the board) or guaranteeing continued R&D investment within the UK for a set period.

3. The Geopolitical Lens

It is an uncomfortable but necessary truth: the jurisdiction of the buyer is the single biggest predictor of NSI risk. While the Act is technically “country-neutral,” the level of scrutiny applied to a buyer from a Five Eyes nation (USA, Canada, Australia, NZ) is vastly different from that applied to buyers from jurisdictions with “divergent interests.”

Boards must perform their own “Geopolitical Due Diligence” on potential suitors. A high-value offer from a buyer with links to a foreign state could lead to a deal being stuck in regulatory limbo for 6–12 months, during which time the target company’s value may depreciate as talent flees the uncertainty.

4. Protecting IP Post-Acquisition

Sovereignty isn’t just about who owns the company; it’s about where the IP “lives.” The UK government is increasingly concerned about “IP Leakage”—the slow migration of critical research and patents to overseas headquarters.

Acquirers must be prepared to provide “Asset Protection Agreements.” These legal frameworks ensure that the “Crown Jewels” of the technology stay within the UK ecosystem, supporting the local industrial base even under foreign ownership.

“In 2026, a successful tech acquisition is no longer just about the right price; it is about the right passport.”

Final Thoughts

Managing FDI risk is no longer a task for the legal team alone; it is a strategic discipline for the board. Directors must understand that the UK’s “open for business” stance is now balanced by a “protective by design” regulatory framework. By integrating NSI risk into the very beginning of the deal-making process, companies can avoid the reputational and financial damage of a “call-in” and ensure a smoother path to completion.