• The UK government is consulting on proposals to amend the UK’s foreign direct investment regime. This is the first significant update to the National Security and Investment Act since coming into force in 2022 and materially changes the scope of certain activities that require approval, including semiconductors, critical minerals, AI and data infrastructure.
• At the same time, the government has also announced plans to narrow the categories of transactions that trigger a mandatory filing by removing certain low-risk types of transactions “to reduce unnecessary red tape for businesses”.
• Finally, the government has published its fourth Annual Report on the operation of the regime. This shows a marked year-on-year increase in the number of filings, more deals being subject to remedies, and a continuing focus on defence, critical suppliers to government and military/dual use technologies as areas of real sensitivity.

Introduction. On 22 July 2025, the UK government published its fourth Annual Report on the operation of the National Security and Investment Act 2021 (“NSIA”).

The Annual Report, which covers the period from 1 April 2024 to 31 March 2025, sets out detailed statistics relating to the review of transactions on national security grounds under the UK NSIA regime, as well as providing insight into the government’s priorities for the year ahead.

On the same day that the Annual Report was published, the UK government also announced that it was launching a public consultation to consider proposed amendments to the NSIA regime (the “Consultation”). If adopted, these amendments would represent the first significant update to the NSIA regime since it entered into force in 2022.

Both the foreword to the Annual Report and the press release which accompanied the announcement of the Consultation, emphasized that the UK government was focused on developing a national security screening regime which was robust, but also business-friendly and conducive to economic growth. As a result, the upcoming reforms are expected to reduce red tape for investments in certain types of business in the UK, while maintaining more stringent requirements for areas of national strategic importance.

Takeaways from the Annual Report. The statistics in the Annual Report reflect a number of key trends in the operation and enforcement of the NSIA:

• More transactions notified. In the 2024‒25 period, the UK government received 1,143 notifications—a 26% increase on the number of notifications received in the prior year. 954 of these notifications were mandatory, while 134 were voluntary and 55 were applications for retrospective validation. (The fact none of those resulted in fines for “gun-jumping” demonstrates the government’s willingness to engage with buyers to identify why the filing requirement was missed.) The NSIA continues to be one of the more active national security screening regimes internationally—consistently reporting a year-on-year increase in the number of notifications received. As in previous years, clearance remains the norm. The vast majority of notified transactions were cleared within 30 business days and only ~5% were called in for a detailed review, which is consistent with the previous year and down from the year before that. However, the average review period for deals that do get called in for an in-depth review is getting notably longer.

• Ongoing focus on defence. Unsurprisingly, “Defence” continues to be the sector of the economy most likely to trigger a filing. 56% of all notifications during the reporting period concerned activities in the defence sector, which is consistent with prior years. This was followed (again, the same as prior years) by “Critical Suppliers to Government”—i.e. where the target needs security clearance (21%) and “Military/Dual-Use” (19%). “Defence” and “Military/Dual Use” also accounted for both the majority of in-depth reviews and the majority of deals subject to remedies to get approval. However, the UK government also received a significant number of notifications relating inter alia to businesses active in “Artificial Intelligence”, “Data Instructure”, “Critical Materials”, and “Energy”.

• Nationality remains important. Of the transactions which were subjected to an in‑depth review, 48% involved a UK investor, while 32% involved a Chinese investor and 20% involved an investor based in theUnited States. This marks a development from the previous reporting period, when 41% of called-in transactions involved a Chinese investor (making transactions involving a Chinese investor the most likely to be called in during the 2023‒24 period). This highlights that, while the UK government continues to focus on Chinese investment, the nationality of the investor and the so-called “acquirer risk” is important but not determinative when assessing the risk profile of a transaction. Transactions in sensitive sectors, such as defence, AI and semiconductors can still raise concerns, even if the investors are based in “friendly” jurisdictions. Most deals cleared conditionally actually involved acquirers associated with the UK rather than being “foreign”.

• Intervention rates have increased. 56 transactions were called in for further assessment during the last reporting period, up from 41 in the previous year. Of these 56 transactions, only one transaction was forced to unwind. (That involved the Chinese acquisition of a Scottish chip design business that completed in 2021 prior to the NSIA coming into force but which was then called in and blockedretroactively.)  Further, 16 transactions were only allowed to proceed subject to conditions, which may indicate the government having an increased confidence in remedies being capable of alleviating any security concerns identified. Moreover, the type of remedies being accepted are getting more sophisticated. Common conditions included: (i) increased security vetting of key personnel; (ii) having a UK board of directors whose approval is required for strategic decisions; (iii) committing to maintain capabilities in the UK; and (iv) restricting access to sensitive data and technology. This serves as an important reminder that, while the likelihood of a notified transaction being entirely blocked remains low, businesses should keep in mind what potential remedies they can offer to the UK government to assuage concerns about sensitive investments.

Key proposals in the Consultation. Alongside the Annual Report, the UK government launched a wide ranging, public consultation to update the scope of the NSIA screening regime and remove “unnecessary red tape” affecting businesses, by ensuring that regulatory requirements are targeted and proportionate. The Consultation is part of the UK government’s wider pro-growth agenda and was trailed in its June 2025 UK Modern Industrial Strategy. There is, however, nothing unexpectedly radical in the proposals and they instead address many of the same issues where the prior Conservative government had already identified a consensus for reform.

Key proposals outlined for feedback in the Consultation include:

• Creating two new standalone sensitive sectors for semiconductors and critical minerals (both of which currently fall within the “Advanced Materials” sector).

• The prior treatment of semiconductors was somewhat patchy with various gaps in its coverage. The proposed changes combine the relevant segments of the existing regime into a single, more coherent and comprehensive definition that adds advanced packaging techniques and activities involving the wider design process of processing units and memory chips, such as R&D.

• For critical minerals the intention is to make clearer which activities are within scope as well as to update the section in line with the latest UK criticality assessment.

• Amending the scope of the artificial intelligence sector to exclude lower risk AI activities—for example, the use of off-the-shelf consumer AI where there is no further material research and development of the AI tool being performed by the licensee. At the same time, the revised definition more clearly captures businesses at the cutting edge of AI development whilst also highlighting concerns about the associated vulnerabilities and potential for misuse and disinformation.

• Amending the scope of the data infrastructure sector to include data centres for the first time. That includes certain cloud service providers and managed service providers; i.e. those who offer or resell Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). As such it brings the UK treatment of these assets more in line with the U.S. CFIUS regime.

• Adding water companies (specifically, certain businesses with statutory powers and duties to supply water and/or sewage services, but not companies operating solely as retailers in the non-household retail market) to the list of sensitive sectors of the economy. (The addition is a small part of a much wider proposed overhaul of the regulation of the water sector in the UK undertaken by the Cunliffe Commission that was published at the same time.)

In parallel, the government has also announced plans to narrow the categories of transaction which trigger a mandatory NSIA filing by removing certain low-risk types of transaction. In particular, the government has said that (under its proposals) internal reorganizations, as well as appointments of liquidators, special administrators and official receivers, would no longer trigger a mandatory notification. This would be a welcome change given the unlikeliness of such transactions raising security concerns. Secondary legislation will be required to bring any changes into effect.

This publication is for general information purposes only. It is not intended to provide, nor is it to be used as, a substitute for legal advice. In some jurisdictions it may be considered attorney advertising.