NSIA 2024-25 Report Analysis
Executive Summary
This report examines the implementation of the UK government’s National Security and Investments Act 2021 (NSIA) and implications for companies falling within its scope.
This is an excerpt from a longer report available upon request.
China and other states are using economic means to pursue strategic advantage through science and technology amid increasingly open competition and conflict. The NSIA is a key part of the UK government’s response.
The scope of the NSIA is expanding from the original 17 sensitive sectors of the economy identified in the Act, amid increased scrutiny of physical and digital supply chains supporting critical infrastructure.
Growing awareness of NSIA regulations and scrutiny has led to a shift in behaviour of Chinese-origin investors, who are structuring transactions to obfuscate their origins and pulling out of transactions once these connections have been identified.
An analysis of the UK government’s 2024-25 report on the NSIA illustrates a trend whereby transactions involving Chinese-origin investment are reversed after coming under scrutiny from the UK Investment Security Unit.
We provide recommendations for organisations and investors concerned that they may fall under the scope of the NSIA.
Security risk and the NSIA
Geopolitical risk will play an increasing role in enterprise risk and security risk assessments as the boundary between national and economic security blurs.
Adversaries are using commercial activity as a means to enable intellectual property theft and to hold critical infrastructure at risk in crisis or conflict scenarios. Tackling this is leading the US and UK governments, among others, to exercise greater scrutiny over investment [LINK, LINK, LINK].
For companies, this means that geopolitics will play a larger role in assessment of enterprise and security risk. A growing range of companies are being targeted by state threat actors, many for the first time.
NSIA interventions are affecting more sectors amid UK government concern over physical and digital supply chains.
The NSIA sets out 17 sensitive sectors of the economy [LINK]. This scope is likely to increase in the future, extending beyond companies directly linked to sensitive activity to include those companies’ suppliers and providers of key digital infrastructure and services. These organisations, while not immediately implicated in defence, may present vulnerabilities that could be exploited to influence or disrupt sectors vital to national security.
In response to the evolving threat landscape, the UK government is intervening in more sectors and the UK high courts are deferring to the government’s judgements. The ISU’s focus on defence and military dual-use sectors is highly likely to persist in the long term, given the direct impact on national security. Moreover, the scope of activities that are considered dual-use, particularly in the technology space, is likely to expand.
Identifying deliberate obfuscation of links to states and actors of concern requires a different approach to due diligence, moving beyond compliance to an investigative mindset.
UK organisations deemed essential to national security face significant challenges in identifying national security risk from transaction activity. Increasing use of obfuscation techniques and the shifting geopolitical landscape mean that low-risk partnerships can quickly become high-risk exposures causing significant operational, financial, and reputational damage.
Assessing the intent behind acquisitions highlights the challenge of distinguishing legitimate commercial interests from enablement activity for intellectual property theft, economic espionage, and infrastructure disruption. This underscores the importance of proactive open-source monitoring and additional security assessments to provide early insight into partnership opportunities and associated risks.
NSIA final orders regularly require the development of a more mature protective security function within the organisation. The identification and protection of key assets (data, physical) and the creation of strengthened governance structures are regular requirements. Organisations that can demonstrate that protective security arrangements are in place, and that they are operating effectively, will be in a stronger position to withstand scrutiny under the NSIA.
SECURED Recommendations
Leverage open-source information to guide action
Work with external experts to implement open-source monitoring to assess potential transactions for potential national security risk
Conduct security assessments to understand risk
Security risks are evolving as research and innovation organisations are targeted by malicious actors exploiting synergies between cyber, physical, and personnel vulnerabilities. External experts can help build a holistic understanding of your security posture and defend effectively across domains.
Build a strong security culture
Organisations should build security into their operations at an early stage. Develop a programme of training and assurance activities to support employees in acting securely every day.
Key points
Investigations into acquisitions of companies covered under the NSI Act are taking longer, potentially reflecting a greater caseload but also the increased complexity of investigations.
While defence and military dual-use remain the sectors most affected by NSI Act interventions, sectors such as AI, Energy, and Advanced materials are increasingly being affected by interventions.
Analysis of the final orders in the 2024-25 period shows a slight decrease in call-ins and final orders for Chinese-origin acquisitions, while indicating continued governance scrutiny of such investments.
This section draws on the quantitative data from the NSI Act report for the 2024-25 financial year, published in July 2025 [LINK].
An NSIA final order is the public record of the outcome of an investigation by the UK government’s Investment Security Unit (ISU) into a transaction; it details the findings and any mitigations required by the government. These mitigations can range from reversing the transaction to imposing behavioural requirements on the companies involved.
1. NSIA investigations becoming more complex
The median time taken to issue a final order from a notification increased from a median of 86 days in the previous reporting period to 103 days in the 2024-25 period [LINK, LINK]. This may reflect a greater caseload. It also suggests that investigations are becoming more complex, with longer time deemed necessary to assess high-risk acquisitions.
In assessing national security risk posed by investment activity, the key challenge is not distinguishing between legitimate investment and clearly malicious activity involving deliberate deception. Rather, the challenge is parsing activity in the ‘grey zone’ where legitimate commercial activity blurs into the potential for exploitation.
2. Continued focus on defence but expanding remit
Defence and military dual-use sectors remained the most affected across all stages of the NSI Act process in 2024-25, in line with the previous NSI Act reports [LINK]. However, data from the 2024-25 report indicated that NSI interventions are increasingly affecting sectors that are traditionally not immediately associated with national security in comparison to previous annual reports [LINK, LINK]. Sectors that are increasingly affected included Energy, Advanced Materials, and Critical Suppliers to the Government.
Targeting these sectors allows foreign actors to exert strategic influence over governments without directly engaging with traditional defence industries that are typically better protected. Recent malicious activity by malicious actors, for instance, has targeted complex supply chains to degrade government operations [LINK, LINK, LINK].
3. Artificial Intelligence in the spotlight
Government action in the 2024-25 period highlights the growing importance of AI to national security. The percentage of AI-related final notifications increased from 12.0% in 2023-24 to 29% in 2024-25 and there were three final orders relating to AI, in comparison to none in the previous reporting period [LINK, LINK]. Cryptographic Authentication and Data Infrastructure were also increasingly impacted by NSI Act interventions, as the number of final orders increased by 200% for both sectors [LINK, LINK].
Increased government action in these sectors suggests their growing importance to UK security and prosperity. The government has identified AI in particular as a threat given its potential to enhance cyber and conventional warfare capabilities [LINK]. Rising interventions may indicate either a growing threat amid consistent levels of vigilance, or lower threshold for perceived risk. This trend coincides with an intensifying cyber threat landscape and may be linked to parallel national security focused legislative efforts, such as the Cyber Security Resilience Bill [LINK, LINK].
4. Variable picture for Chinese-origin investment
Chinese-linked acquisitions of UK companies in sensitive areas of the economy are subject to heightened scrutiny given the Chinese Communist Party’s (CCP) strategic objective of technological and economic dominance [LINK]. China uses targeted investment in the UK and wider Western industries, both legitimate and illicit, to transfer to China intellectual property, expertise, and technology [LINK].
Legitimate investors may also seek to obfuscate connections to China for commercial reasons. Chinese investors may obscure their involvement in a transaction due to general concern about the potential for the transaction to be caught up in rising China-West geopolitical tensions. Perceived reputational risk may also be a factor.
The UK government’s prominent stance on economic security may paradoxically have increased the challenge of identifying malicious activity by leading more legitimate Chinese origin investment to adopt corporate structures intended to avoid falling under the scope of the NSIA.
Origins of investment are a challenging topic to decipher in the NSI Act annual report, as acquisitions can be associated with more than one origin of investment.
A decline in final orders involving Chinese-origin-investment, coupled with the high number of withdrawals, may reflect growing institutional effectiveness within the NSI framework or ISU [LINK]. Chinese investors may increasingly be deterred from transactions by NSIA investigations, prompting earlier withdrawals.
In 2024-25, acquisitions with Chinese links declined compared to 2023-24, dropping by 9 percentile points for call-ins (Figure 4) and 25 points for final notifications (Figure 5) [LINK, LINK]. The sharper decline at the final notification stage suggests that fewer Chinese-linked acquisitions are progressing that far, likely because Chinese investors have developed a clear understanding of the UK government’s red lines and are withdrawing earlier or adjusting their strategies.
The number of acquisitions involving Chinese-origin investment that were called in fell steadily throughout the three reporting periods. However, as Figure 5 shows, the number of final notifications issued in cases involving Chinese-origin investment increased in the 2023-24 period compared to the previous period, before dropping again in the 2024-25 reporting period.
Final orders with Chinese investment also fluctuated. Figure 6 shows that there were eight final orders in 2022-23, none in 2023-24, and seven in 2024-2025.
The absence of final orders in 2023-24 coincided with the withdrawal of eight Chinese acquisitions called in for review that year, highlighted by Figure 7.
SECURED is a security consultancy specialising in providing protective security for research and innovation entities of national security significance.
Act now to mitigate regulatory and security risks to investment and M&A activity
