New proposals for the Norwegian Security Act

Some of the more important proposed changes to the Security Act are as follows:

1. an increased number of undertakings will fall under FDI screening requirements relating to change of control;
2. the obligation to notify the relevant authority in connection with the acquisition of an undertaking that is subject to FDI will be extended;
3. the threshold for notifying the relevant authority of a FDI will be lowered from one third of the ownership interest of an undertaking to 10% of the ownership interest of an undertaking;
4. there will be a new ban on implementation which means that a transaction cannot be completed before the authority has given approval;
5. a Norwegian seller will not be able to share certain information that is considered sensitive with a foreign investor until the authority has given approval; and
6. new sanctions and fees.

The Ministries have proposed amending the Security Act so that undertakings that i) control information, information systems, objects or infrastructure which are of vital importance to national security interests; or ii) engage in activities which are of vital importance to national security interests, without being directly connected to a fundamental national function, should also be fully or partly governed by the Security Act.

The scope of the Security Act is to be expanded to include undertakings of vital importance to national security interests regardless of whether the undertaking also supports a fundamental national function. A "fundamental national function" means services, production and other types of activity that are of such importance that a complete or partial loss of the function would have consequences for the State's ability to protect national security interests, e.g. infrastructure such as electricity and water supply, as well as certain financial services. The consequence of this extended scope is that it may include undertakings researching and developing emerging technologies that may be exploited by foreign states, such as artificial intelligence and surveillance technologies, even though this technology does not support any fundamental national function.

Further, the Security Act's FDI screening requirements on change of control may apply to undertakings having only a material importance to fundamental functions or national security interests. This will typically be an undertaking delivering one or more factor inputs to an undertaking of vital importance for fundamental national functions.

The duty to notify currently applies to investors (regardless of nationality). To ensure that the authorities receive information about the transaction, the Ministries have suggested that the duty to notify should be extended so that it also applies to the seller and the target.

Any person who currently wishes to acquire a qualified ownership interest in an undertaking which is subject to FDI screening shall notify the respective authority accordingly. A qualified ownership interest exists if the acquisition will give the acquirer, either directly or indirectly; (i) at least one-third of the share capital, participating interests or votes in the undertaking, (ii) the right to own at least a one-third of the share capital or participating interests; or (iii) significant influence over the management of the undertaking otherwise.

The Ministries suggest lowering the threshold of qualified ownership interest from one-third to 10%. Additionally, the Ministries suggest that the duty to notify should reactivate if the acquiring party's ownership interest reaches 20%, one-third, 50% two-thirds or 90%.

The Ministries suggest a new ban on implementation for undertakings subject to FDI screening. The purpose of the ban on implementation is to avoid a potential buyer gaining influence over the undertaking before the authorities' acceptance of the change of ownership. The parties must thus wait until the respective authorities have given their approval before the parties carry out the formal transfer.

Moreover, the Ministries suggest including a ban on sharing information in connection with a change of ownership that can be used for activities constituting a security threat without approval. Each undertaking must be assessed on a case-by-case basis but some examples of information and knowledge that may be used for activities constituting a security threat are:

1. vulnerabilities to values that the business or the business' customers control;
2. customer lists, suppliers and employees;
3. objects, information systems and infrastructures worthy of protection and also protective measures implemented; and
4. technical descriptions, production methods and development, technology and operations.

Moreover, even though isolated pieces of information may not be covered by the proposed ban, the information combined may be used for activities constituting a security threat. The proposal therefore may cause uncertainty regarding what type of information may be shared during a transaction process before approval has been given by the authority.

A new infringement fee has been proposed allowing the National Security Authority to impose a fine for intentionally or negligently not complying with the duty to notify.

An intentionally negligently breach of a decision laid down by the government to prevent activities which represent a threat to security, or other planned ongoing activities, which may present a not insignificant risk of a threat to national security interests, may be sanctioned with a fine or imprisonment.

A breach of a decision forbidding the implementation of an acquisition, or any mandatory conditions for allowing the acquisition, may also result in a fine or imprisonment.

An increased number of undertakings will likely be subject to FDI screening requirements and new legal obligations. Transactions should take into account lowering of the threshold to notify as well as new restrictions on sharing of information. New sanctions will increase the risk related to non-compliance.