Client Alert

New EU Investment Screening Rules: 10 Key Things Dealmakers Need to Know

13 May 2019


The EU has recently laid the ground to take a more active role in the screening of foreign direct investment (FDI). On April 10, 2019, the EU formally established a framework for foreign investment screening including a coordination mechanism between the EU and its Member States. The new rules will become applicable on October 11, 2020, but the effects of the new rules may be felt sooner, as national governments begin to amend their own FDI screening statutes to align with the new framework. Even though the Member States will still carry out the screening of FDI, the new rules will enable the EU Commission and other Member States to comment on national screenings and will add a new layer of complexity to the screening process.

The new law focuses on investments in critical infrastructure such as energy, health, media, telecommunication, and transport, and in critical technologies including, for example, data-driven businesses, robotics, and artificial intelligence. The adoption of the new EU-Foreign Direct Investment Framework Regulation (EU Regulation No. 2019/452) (FDIR) reflects growing concerns among Member States and the EU Commission about the sale of key technologies to foreign investors, governments, and government-funded entities. It comes as a reaction to investments made by Chinese investors in the past few years. The EU’s approach is in line with a broader trend to increase the authority of governments to restrict FDI that is assessed to pose national security threats. Examples include last year’s legislative changes in the United States to the Committee on Foreign Investment in the United States (CFIUS) process, as well as the adoption of stricter FDI screening mechanisms by certain EU Member State governments, including recent reforms in Germany and France.

Following the implementation of new EU rules and future screening regimes of the Member States, dealmakers and foreign investors will have to take into account increased notification requirements, extended timelines for screening procedures, and the regulators’ ability to consider additional factors such as the impact on critical technologies and the involvement of foreign governments. If not yet the case, these additional factors will soon become part of the substantive analysis of whether a specific investment could harm national security interests of a Member State and therefore may be blocked or otherwise restricted under national law. However, regulators will still have to be on solid ground should they plan to do so. Even though they have a certain degree of discretion under national law, in order to comply with applicable general EU law principles and EU court decisions, regulators will still have to demonstrate that a specific and sufficiently serious threat to national security interests exists.


1. The new framework is not a centralized EU CFIUS process: Member State authorities, not the EU Commission, will screen FDI and decide whether to restrict the investment. The regulation adds a new EU layer to the existing national FDI regimes. The new rules provide additional criteria that national regulators may (but are not required to) consider when they assess if specific FDI harms security or public order. In addition, the FDIR introduces a mechanism for cooperation and information sharing between Member States and the Commission. National governments will still have the final say on whether specific FDI must be screened, cleared, restricted, or blocked. Unlike the merger control regime where – if certain thresholds are met – the EU Commission is the competent authority, no autonomous decision-making competences are established at the EU level. The new law does not create a supranational regulatory body.

2. Regulators are expected to focus on transactions targeting or otherwise affecting critical infrastructure or critical technology, as well as government-backed investments. A variety of business sectors will be subject to national FDI screening. In particular, the new framework provides a non-binding and non-exhaustive list of economic sectors, facilities, and activities to be considered by EU Member States and the EU Commission when assessing whether an FDI is likely to affect security or public order, including:

  • Critical physical and virtual infrastructure (energy, transport, water, health, communications, media, data processing and storage, aerospace, defense, electoral and financial infrastructure, and sensitive facilities) as well as land and real estate crucial for the use of such infrastructure;
  • Critical technologies and dual-use items as defined by the EU dual-use regulation, including artificial intelligence, robotics, semiconductors, cybersecurity, aerospace, defense, energy storage, quantum and nuclear technologies, as well as nanotechnologies and biotechnologies;
  • The supply of critical inputs (energy or raw materials, as well as food security); and
  • Access to sensitive information (personal data or the ability to control such information), as well as freedom and pluralism of the media.

Furthermore, the FDIR lists relevant factors relating to the ownership structure and market activity of foreign investors, such as:

  • Direct or indirect control over the foreign investor by the government of a third country, be it through ownership structure or significant funding (including subsidies), as well as the pursuit of state-led outward projects;
  • Prior involvement of the foreign investor in activities affecting security or public order in EU Member States; and
  • A serious risk that the foreign investor engages in illegal or criminal activities.

Because the lists are not exhaustive, transactions targeting companies that are not active in one of the listed sectors are not per se out of scope and do not qualify for safe-harbor treatment by default. Rather, the actual impact on national security or public order remains the key element that regulators will assess. Regulators will have to provide solid ground for their assessment should they determine that a particular investment affects public order or security. Member State authorities generally have certain discretion in that regard, but the EU law’s fundamental principles of free movement of capital and freedom of establishment set limits. According to the Court of Justice of the European Union, public security may be relied on only if there is a genuine and sufficiently serious threat to a fundamental interest of society. This threshold will still need to be met when national regulators apply the new factors laid down in the FDIR. Investors can challenge the decisions made by regulators before national and EU courts if they restrict or even block acquisitions of EU-based companies by non-EU investors.

3. The EU Commission may issue opinions, and Member States can submit comments on national screenings. The Member State where the transaction occurs must take submitted comments and opinions into “due consideration.”

  • Member State authorities in jurisdictions where a screening mechanism exists remain in charge of actual FDI screening proceedings, but they will have to “give due consideration” to the EU Commission’s opinion and other Member States’ comments.
  • The same applies if Member States or the EU Commission submit statements to the Member State where a transaction is planned or completed but has not been the subject of a screening. Such statements can be submitted until up to 15 months after completion of the FDI. This does not affect transactions that were completed before the regulation came into effect on April 10, 2019. Transactions completed before July 10, 2019, will not fall under the new rules either because the regulation only applies as of October 11, 2020.
  • If the EU Commission believes the FDI in question may affect EU projects or programs, the Member State authority shall take “utmost account,” i.e., must seriously consider, of the EU Commission’s opinion. The FDIR lists the relevant EU projects and programs in its Annex. The Commission can amend this list by way of delegated regulation. The list currently includes the following projects: Galileo & EGNOS (satellite navigation), Copernicus (earth observation), Horizon 2020 (framework program for research and innovation), Trans-European Networks for Transport, Energy and Telecommunications, European Defence Industrial Development Programme, and PESCO (Permanent structured cooperation in security and defense). Even if these EU projects and programs are affected, the Member State authority in charge can disregard the Commission’s position, as long as it provides an explanation.

4. Member States are not required to adopt national FDI screening mechanisms, and investments in EU target companies occurring in Member States without national FDI control regimes remain unrestricted. The FDIR provisions do not require Member State governments to adopt national rules for the screening of FDI. According to the EU Commission, currently only 14 out of 28 jurisdictions have a screening mechanism in place. After the EU Commission made its initial proposal for the FDIR in September 2017, Hungary and the Netherlands prepared national screening procedures, joining Austria, Denmark, Finland, France, Germany, Italy, Latvia, Lithuania, Poland, Portugal, Spain, and the United Kingdom. The FDIR may thus lead to the adoption of new screening regimes in Member States, which so far do not control FDI.

5. Screening procedures are likely to take more time due to required cooperation and information exchange. The new coordination and information requirements will likely lead to prolonged screening processes. The standard deadline for issuing comments (for Member States) or opinions (for the EU Commission) ends 35 days after notification of an FDI. However, depending on the specific concerns regarding security and public order, the period of cooperation between Member States and the Commission may be easily extended. This will particularly be the case if the Commission or Member States request additional information on the transaction from the Member State undertaking the screening. It will also take additional time if the Commission issues an opinion only after Member States submit comments. Any upcoming amendments of national FDI control regimes will likely include adjusted timelines considering the new cooperation mechanism.

6. Investors will need to provide certain information to Member State authorities, which need to share that information with the EU Commission and other Member States. Member States – with or without a national FDI screening process in place – can always request that the EU Commission issue an opinion or that other Member States provide comments on an FDI that they consider might adversely affect their security or public order. The new rules establish an exchange of information between Member States and the Commission on the investor’s and the target’s ownership structure, their market activities, and locations of their economic activities, the approximate value of the investment, its funding, and its source, as well as the timeline of the investment. The FDIR obliges investors and target companies to provide information upon request by the Member State where the investment takes place, irrespective of whether that Member State has implemented a screening mechanism. Member States must establish contact points where they can share information. The new rules aim to secure confidentiality and protect all data that are collected and transmitted via the cooperation mechanism. The information shall only be used for the purposes for which it was requested. Member States and the Commission have to ensure that classified information will retain its status and level of protection. Investors need to be aware that information will be shared broadly and should consider the types of information to be shared.

7. Multijurisdictional analysis for relevant investments is required in order to assess if, when, and where screening procedures are triggered and whether a filing is mandatory. We note that the FDIR expressly does not apply to mere portfolio investments. However, such investments may still be subject to review under national control regimes. As Member States remain in charge of the screenings, and as the question of notification or screening for an FDI is an issue of national law, investors need to determine their obligations under various Member State laws and regulations. For global transactions, investors should conduct a multijurisdictional FDI analysis similar to the multijurisdictional analysis established for merger control laws. National screening mechanisms differ widely in their scope and design: thresholds, timelines, and notification requirements as well as the potential consequences and penalties for violation of the national law requirements are different in each Member State. Investors and sellers should evaluate timing and potential regulatory restrictions when planning a transaction.

8. There is a “dual track” of merger control and FDI screening proceedings. A transaction may fall within the scope of a national FDI screening while also reaching the thresholds of the EU Merger Control Regulation. For EU merger control, the parties must notify the EU Commission about the transaction. The Commission also renders a decision, as it holds exclusive jurisdiction in this respect. If a transaction does not reach the EU merger control thresholds, national merger control may still apply alongside FDI control. Accordingly, dual or multiple notifications with different authorities may be required. While an FDI screening may be politically driven, particularly with respect to the involvement of a foreign government in a specific FDI, EU merger control does not allow for political considerations. However, according to the European Merger Control Regulation’s regime, Member States can take “appropriate measures” to protect legitimate interests such as public security in respect of a transaction that requires notification. In order to avoid conflicting regulatory approaches, the new FDI regulation states that FDI control should be applied in a manner that is consistent with merger rules.

9. Germany has moved ahead and is already set to screen FDI in certain critical infrastructures, as well as certain related software and media companies, including 10% minority investments. The German government intensified its FDI screening rules in July 2017, when it introduced an obligation to notify authorities about investments in critical infrastructure and extended examination periods. Since December 29, 2018, the relevant threshold for FDI in critical infrastructure and companies subject to sector-specific control is now at only 10% of the voting rights, a significant drop from the 25% threshold formerly contained in the German Foreign Trade Regulation. The 25% threshold now only applies to transactions outside the scope of mandatory notification requirements. Furthermore, with regard to the media sector, investments in certain companies that contribute to shaping public opinion may now be screened to safeguard media pluralism and freedom of the press against foreign interference and disinformation. The German government will likely amend its national rules again to include additional infrastructures and technologies that are listed in the FDIR.

10. France added additional sectors and is further tightening its FDI control regime. Similar developments are taking place in France, where a government proposal to reform FDI screenings as part of the Action Plan for Business Growth and Transformation was adopted by the National Assembly on April 11, 2019. The reform will leave the competent French authorities with broader and more specified remedial powers to enforce compliance with prior authorization requirements relating to certain FDI as well as commitments obtained from foreign investors in order to safeguard French national defense and security interests. Furthermore, pursuant to a national decree in effect since January 1, 2019, the scope of French foreign investment control has been expanded to cover additional economic activities and sectors, such as specific IT systems needed for the police, as well as research and development in the sectors covered by the control regime and dealing with, inter alia, cybersecurity, artificial intelligence, robotics, and dual-use items. The decree also extends the scope of aspects to be considered by French authorities when assessing a proposed foreign investment, such as the protection of technologies and data.


The new framework offers both advantages and challenges for those involved in FDI transactions.

  • By design, the FDIR is not anticipated to significantly restrict foreign investments compared to the status quo. Indeed, the FDIR acknowledges that FDI is important to the EU’s growth and competitiveness. However, the FDIR will still have an impact on the number and duration of FDI screenings under national laws, which may add time and regulatory complexity to the screening process.
  • At the same time, the FDIR will likely also bring about a certain harmonization of the screening mechanisms already established in half of the Member States, and allow for the development of practices for sharing information and common procedural safeguards across the Member States.

It bears close watching how national regulators will proceed with screenings of transactions involving critical infrastructure and technologies or government-backed foreign investors, the extent to which such screenings are influenced by input from the EU Commission or other EU Member State governments, and how national and EU courts will interpret the new rules. Opportunities for Member State authorities to screen transactions of concern will likely arise sooner rather than later, as investors continue to eye EU-based target companies and national governments begin to make changes in advance of October 11, 2020.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.