Norway: The FDI Screening Regime And Its Potential Impact On M&A Transactions

FDI controls (Foreign Direct Investment Controls) are becoming relevant to an increasing number of transactions and jurisdictions. A change in ownership of companies or businesses that are operating within, from a national security perspective, critical infrastructure and/or security sensitive areas may require authorisation from the authorities in those countries where such activities are conducted.

Executive summary

In Norway, FDI is regulated by the National Security Act (the "NSA"). On 31 March amendments to the NSA were proposed by the Norwegian Government which are likely to be adopted and these amendments will increase the number of transactions that will be subject to filing requirements in Norway.

The fact that different countries have different FDI-regulations, which again are subject to frequent modifications, adds an extra layer of complexity. Certain countries uphold a mandatory duty to file, entailing a ban on the accomplishment (stand still) of the transaction if a notification to the national authorities is required. Further the authorities may impose terms and obligations (as a condition for approval) on the buyer and the target group that may limit the ownership rights that a buyer would otherwise expect to have after the completion of the transaction. Important to note is also that filing obligations also may be triggered by indirect transfers, meaning that a stand still obligation could be triggered abroad even if the acquisition of the ultimate target company or business takes place in Norway. The FDI regime covers acquisition of shares as well as assets.

In line with other public law notification requirements (for example pursuant to competition legislation and/or the new EU rules regarding foreign subsidies control; the Foreign Subsidies Regulation or FSR, which will come into force soon), also the FDI regulation could give rise to more insecurity around the completion of transactions and at what time the completion may take place.

This increased complexity in relation to regulatory approvals required for completion of transactions also requires market players to conduct a far more thorough analysis of both commercial and legal implications before signing a deal. First of all, for Norwegian entities in the target group it has to be clarified whether any of these entities has been subject to any decision from the authorities stipulating that they are subject to the NSA. Secondly, if the target group has ownership interests in foreign jurisdictions, a similar screening exercise needs to be conducted and it should be noted that even an ownership interest of (as low as) 10% in a foreign entity could trigger a filing obligation under FDI.

If the contemplated transaction is likely to trigger filing obligation(s), a buyer must thoroughly assess the consequences this might have in relation to the choice of, for example, pricing mechanism in the transaction documents (Locked Box versus Closing Accounts), interest mechanism related to purchase price payment, MAC clause, financing conditions and/or other reservations (CP's) that can protect against unexpected events in the target group in the waiting period between signing and closing. If the transaction is intended to be insured by a WI insurance, temporal delays in the completion of the transaction will mean that the buyer is further exposed to a lack of insurance if the breach of warranty occurs and becomes known between signing and completion. All of these circumstances must be assessed and possibly taken into account in the contractual terms relating to the transaction.

Below follows a more detailed overview of the existing regulations under the NSA and our Recommendations to what should be done early in a transaction process where FDI may play a role. Further, we address some of the most important amendments which were proposed on 31 March through a Bill on amendments to the NSA.

Duty to report under the National Security Act

The NSA currently contains a duty to report regime for certain transactions where an acquirer obtains (directly or indirectly) either significant influence or at least one-third of the shares and votes in a Norwegian entity. The regulations cover both national acquisitions and indirect investments (i.e. where the target company is located abroad, but has ownership interest in an entity or business located in Norway that is subject to the NSA). It is important to pay particular attention to three specific circumstances:

• the ongoing efforts to subject a larger number of enterprises to the duty to report regime in the NSA,
• the assessment of whether an acquisition is to be approved, possibly subject to conditions, is different today than what it was before the acute security situation in Europe, and
• the new Bill introduced on 31 March regarding amendments to the NSA will tighten the legislation further.

It is also important to note that the NSA contains a general clause giving the authorities the competence to take "necessary decisions" to prevent activities representing a threat to security, or other activities that may involve a not inconsiderable risk of national security interests being threatened. This gives the authority to stop acquisitions (cf. cases such as the "Bergen Engines case" from 2020, which was stopped by the Norwegian government).

In Norway, it is the ministries that are responsible for preventive security efforts within their areas of responsibility, and they make decisions according to which individual companies are subjected to the law. This is an ongoing effort. There is no official list that details which companies are subjected to such decisions of being placed under the NSA filing regime. In the case of an acquisition process, questions in this respect should be clarified early on in the process.

To be subject to a decision under the NSA, the conditions are, in short, that the enterprise (i) handles classified information, (ii) controls information, objects, etc. which are of vital importance to fundamental national functions ("FNFs"), or (iii) engages in activities which are of vital importance to FNFs. FNFs are services, production and other types of activity which are of such importance that a complete or partial loss of the function would have consequences for the State's ability to protect national security interests. The 43 FNFs identified as of 30 September 2022 are more closely described here. For example, enterprises that engage in activities that are of vital importance to the national power supply, food supply, health preparedness, water supply and critical public services are subject to the NSA.

The Bill proposes to introduce a provision stipulating that enterprises with "vital importance" to national security interests must be subjected. It further proposes to lower the threshold for which kinds of enterprises might be subjected to the NSA, for example by changing the wording "vital importance" to "material importance". In the Bill, it is estimated that 250-300 enterprises are of such material importance.

When does the duty to notify apply?

Whoever wishes to acquire a "qualified ownership interest" in an enterprise which is subject to the NSA, has a duty to notify. A qualified ownership interest exists if the acquisition will, overall, give the acquirer, either directly or indirectly:

• at least one third of the share capital, participating interests or votes in the enterprise,
• the right to become the owner of at least one third of the share capital or participating interests, or
• significant influence over the management of the company otherwise.

With respect to the assessment of "significant influence", rights pursuant to shareholders' agreements or articles of association will typically have an effect, and the assessment is discretionary. Veto rights in accordance with a shareholders' agreement can qualify as fulfilment of the condition "significant influence".

The new Bill proposes to lower the threshold for ownership interest, so that the duty to notify is triggered at 10%. Moreover, it is proposed that an additional duty to report be triggered when the ownership interest reaches 20%, 1/3, 50%, 2/3 or 90%. This is grounded in the need to follow the developments of influence and control in companies that are subject to the NSA.

A notification in accordance with the NSA is to be treated within 60 business days. The time limit is frozen each time the Ministry submits a written request for further information. The Ministry shall either approve the acquisition, or forward the case for consideration by the King in Council. The King in Council has the competence to stop the transaction or to impose conditions for the acquisition.

There is currently no formal implementation ban in Norway. However, any implementation before approval is granted can in the extreme result in a reversal of the transaction. In practice, it is therefore common in transaction agreements to include authority approval as a condition that must be met before completion.

Please note that the Bill proposes to introduce an implementation ban. If this Bill is adopted, transactions cannot be carried out until the authorities have finished processing the report. Besides, an infringement fee is proposed for breaches of the duty to notify.

The issue of the assessment is whether the acquisition may "entail a not insignificant risk of a threat to national security interests". There is no requirement for a preponderance of probability, but there is a requirement for proportionality between the financial disadvantage for the buyer and the enterprise, and the consideration of national security interests. Where the buyer and its controlling owners are domiciled may be of importance for the authorities' assessment, and circumstances that can come into play here, are whether they are domiciled in jurisdictions with which Norway has security cooperation. The authorities often have a broader basis of information that can be based on confidential intelligence that is not made known to the parties to the transaction. In such situations, a proactive and open dialogue with the authorities will often be an advantage. Such dialogue may constitute an appropriate context to exchange points of view and to conduct continuous assessments of any possible and acceptable terms for the parties to the transaction.

It is also important to note that there are relatively important differences between the different national regulations. A certain acquisition may be approved in one country, yet it can be subject to conditions or in the extreme be stopped, in another country.

The new Bill also proposes the introduction of an "information ban" for companies that are subject to the rules regarding ownership control. This will affect a buyer's due diligence. The Bill sets out certain examples of information that cannot be shared without consent from the authorities:

• values and vulnerabilities to values managed by the enterprise or the enterprise's customers;
• customer lists, suppliers and own employees;
• (protection-worthy) objects, information systems and infrastructure as well as protective measures for these;
• technical descriptions, product methods and development, technology and operations;

It is noted that the Ministry will specify further in new regulations what sort of information will be covered by the ban. The authorities can also give consent to information sharing on certain conditions, e.g. using "clean team" and overall reporting to the client.

Voluntary notification

Even if an enterprise is not subject to the NSA, voluntary notification can/should be considered if the enterprise has ties towards GNFs. This is especially relevant, all the while the authorities in parallel are working towards a situation where more companies/enterprises will be subject to the NSA. A specific assessment should be carried out of the enterprise's products and services, including whether the enterprise has a large number of security-cleared employees, has carried out a lot of classified acquisitions, has access to classified information or is an important participant for major state players.

The buyer's affiliations/identity may also play a role in the assessment. In the "Bergen Engine case", the buyer had ties to Russian authorities. This was a decisive factor for the decision to stop the acquisition. The consequence of the authorities' intervention could be a full reversal of the transaction. If there are sides to the transaction indicating that the authorities might intervene, it is possible to minimise the risk by submitting a voluntary notification, if it is possible in light of the transaction. It should be noted however that this process, including deadlines, is not regulated in the applicable NSA.

Other duties to notify

If the target company has facility clearance, it has a duty to notify the clearance authority of any changes to the board, management and ownership structure as soon as possible. If a security risk arises which cannot be eliminated through protective security measures, the clearance authority may rescind the facility security clearance. Pursuant to the current legislation, this duty to notify does not interfere with the transaction, but it can result in the facility clearance being rescinded. The Bill proposes to establish a traditional duty to notify regarding changes to ownership structure, also for companies that hold facility clearance. It is estimated that this would be applicable to 60-70 companies. In our view, this represents a major extension of the FDI legislation. The background for the Bill is that withdrawal of a clearance is not always an appropriate measure to remove or reduce the security risk. However, it is emphasised that the main instrument for notification of changes in ownership structure for this sort of suppliers is still to be a renewed assessment of the clearance.

Individual employees with a clearance or authorisation also have a duty to report circumstances that may affect security suitability. Changes to the employer's ownership are relevant in this context. These circumstances do not affect the execution of the transaction, but they can lead to the target losing important contracts and collaborating partners.

Recommendations and advice

• Wiersholm recommends to map various security aspects relating to the transaction as early as possible in the transaction process. Is the target group, including any of its affiliates (ownership interests at 10% or more) subject to the NSA or FDI regime in foreign jurisdictions?
• If the target company is subject to the NSA or FDI regulation elsewhere, sufficient time for approval has to be allowed.
• Are there aspects to the target company that entail a possible risk of being subject to the NSA foreign FDI regulation at a later stage? In addition to tying up resources to comply with obligations under the relevant FDI regimes, it could affect a possible resale.
• Does the target group handle classified information? If so, is this information that cannot be shared with potential buyers?
• Are there aspects to the target group's activity or buyer that makes it appropriate to consider voluntary notification?
• In addition, the technical and commercial assessments of the transaction mentioned in the introduction must be made in such a way that the transaction agreements can reflect a general increased risk of both delay of closing and, in the extreme, cancellation of the transaction.

Originally published by 17 April, 2023

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.