European Union: New EU Investment Screening Rules: 10 Key Things Dealmakers Need To Know

Last Updated: 20 May 2019
Article by Felix Helmstädter and Theresa Oehm


The EU has recently laid the ground to take a more active role in the screening of foreign direct investment (FDI). On April 10, 2019, the EU formally established a framework for foreign investment screening including a coordination mechanism between the EU and its Member States. The new rules will become applicable on October 11, 2020, but the effects of the new rules may be felt sooner, as national governments begin to amend their own FDI screening statutes to align with the new framework. Even though the Member States will still carry out the screening of FDI, the new rules will enable the EU Commission and other Member States to comment on national screenings and will add a new layer of complexity to the screening process.

The new law focuses on investments in critical infrastructure such as energy, health, media, telecommunication, and transport, and in critical technologies including, for example, data-driven businesses, robotics, and artificial intelligence. The adoption of the new EU-Foreign Direct Investment Framework Regulation (EU Regulation No. 2019/452) (FDIR) reflects growing concerns among Member States and the EU Commission about the sale of key technologies to foreign investors, governments, and government-funded entities. It comes as a reaction to investments made by Chinese investors in the past few years. The EU's approach is in line with a broader trend to increase the authority of governments to restrict FDI that is assessed to pose national security threats. Examples include last year's legislative changes in the United States to the Committee on Foreign Investment in the United States (CFIUS) process, as well as the adoption of stricter FDI screening mechanisms by certain EU Member State governments, including recent reforms in Germany and France.

Following the implementation of new EU rules and future screening regimes of the Member States, dealmakers and foreign investors will have to take into account increased notification requirements, extended timelines for screening procedures, and the regulators' ability to consider additional factors such as the impact on critical technologies and the involvement of foreign governments. If not yet the case, these additional factors will soon become part of the substantive analysis of whether a specific investment could harm national security interests of a Member State and therefore may be blocked or otherwise restricted under national law. However, regulators will still have to be on solid ground should they plan to do so. Even though they have a certain degree of discretion under national law, in order to comply with applicable general EU law principles and EU court decisions, regulators will still have to demonstrate that a specific and sufficiently serious threat to national security interests exists.


1. The new framework is not a centralized EU CFIUS process: Member State authorities, not the EU Commission, will screen FDI and decide whether to restrict the investment. The regulation adds a new EU layer to the existing national FDI regimes. The new rules provide additional criteria that national regulators may (but are not required to) consider when they assess if specific FDI harms security or public order. In addition, the FDIR introduces a mechanism for cooperation and information sharing between Member States and the Commission. National governments will still have the final say on whether specific FDI must be screened, cleared, restricted, or blocked. Unlike the merger control regime where – if certain thresholds are met – the EU Commission is the competent authority, no autonomous decision-making competences are established at the EU level. The new law does not create a supranational regulatory body.

2. Regulators are expected to focus on transactions targeting or otherwise affecting critical infrastructure or critical technology, as well as government-backed investments. A variety of business sectors will be subject to national FDI screening. In particular, the new framework provides a non-binding and non-exhaustive list of economic sectors, facilities, and activities to be considered by EU Member States and the EU Commission when assessing whether an FDI is likely to affect security or public order, including:

  • Critical physical and virtual infrastructure (energy, transport, water, health, communications, media, data processing and storage, aerospace, defense, electoral and financial infrastructure, and sensitive facilities) as well as land and real estate crucial for the use of such infrastructure;
  • Critical technologies and dual-use items as defined by the EU dual-use regulation, including artificial intelligence, robotics, semiconductors, cybersecurity, aerospace, defense, energy storage, quantum and nuclear technologies, as well as nanotechnologies and biotechnologies;
  • The supply of critical inputs (energy or raw materials, as well as food security); and
  • Access to sensitive information (personal data or the ability to control such information), as well as freedom and pluralism of the media.

Furthermore, the FDIR lists relevant factors relating to the ownership structure and market activity of foreign investors, such as:

  • Direct or indirect control over the foreign investor by the government of a third country, be it through ownership structure or significant funding (including subsidies), as well as the pursuit of state-led outward projects;
  • Prior involvement of the foreign investor in activities affecting security or public order in EU Member States; and
  • A serious risk that the foreign investor engages in illegal or criminal activities.

Because the lists are not exhaustive, transactions targeting companies that are not active in one of the listed sectors are not per se out of scope and do not qualify for safe-harbor treatment by default. Rather, the actual impact on national security or public order remains the key element that regulators will assess. Regulators will have to provide solid ground for their assessment should they determine that a particular investment affects public order or security. Member State authorities generally have certain discretion in that regard, but the EU law's fundamental principles of free movement of capital and freedom of establishment set limits. According to the Court of Justice of the European Union, public security may be relied on only if there is a genuine and sufficiently serious threat to a fundamental interest of society. This threshold will still need to be met when national regulators apply the new factors laid down in the FDIR. Investors can challenge the decisions made by regulators before national and EU courts if they restrict or even block acquisitions of EU-based companies by non-EU investors.

3. The EU Commission may issue opinions, and Member States can submit comments on national screenings. The Member State where the transaction occurs must take submitted comments and opinions into "due consideration."

  • Member State authorities in jurisdictions where a screening mechanism exists remain in charge of actual FDI screening proceedings, but they will have to "give due consideration" to the EU Commission's opinion and other Member States' comments.
  • The same applies if Member States or the EU Commission submit statements to the Member State where a transaction is planned or completed but has not been the subject of a screening. Such statements can be submitted until up to 15 months after completion of the FDI. This does not affect transactions that were completed before the regulation came into effect on April 10, 2019. Transactions completed before July 10, 2019, will not fall under the new rules either because the regulation only applies as of October 11, 2020.
  • If the EU Commission believes the FDI in question may affect EU projects or programs, the Member State authority shall take "utmost account," i.e., must seriously consider, of the EU Commission's opinion. The FDIR lists the relevant EU projects and programs in its Annex. The Commission can amend this list by way of delegated regulation. The list currently includes the following projects: Galileo & EGNOS (satellite navigation), Copernicus (earth observation), Horizon 2020 (framework program for research and innovation), Trans-European Networks for Transport, Energy and Telecommunications, European Defence Industrial Development Programme, and PESCO (Permanent structured cooperation in security and defense). Even if these EU projects and programs are affected, the Member State authority in charge can disregard the Commission's position, as long as it provides an explanation.

4. Member States are not required to adopt national FDI screening mechanisms, and investments in EU target companies occurring in Member States without national FDI control regimes remain unrestricted. The FDIR provisions do not require Member State governments to adopt national rules for the screening of FDI. According to the EU Commission, currently only 14 out of 28 jurisdictions have a screening mechanism in place. After the EU Commission made its initial proposal for the FDIR in September 2017, Hungary and the Netherlands prepared national screening procedures, joining Austria, Denmark, Finland, France, Germany, Italy, Latvia, Lithuania, Poland, Portugal, Spain, and the United Kingdom. The FDIR may thus lead to the adoption of new screening regimes in Member States, which so far do not control FDI.

5. Screening procedures are likely to take more time due to required cooperation and information exchange. The new coordination and information requirements will likely lead to prolonged screening processes. The standard deadline for issuing comments (for Member States) or opinions (for the EU Commission) ends 35 days after notification of an FDI. However, depending on the specific concerns regarding security and public order, the period of cooperation between Member States and the Commission may be easily extended. This will particularly be the case if the Commission or Member States request additional information on the transaction from the Member State undertaking the screening. It will also take additional time if the Commission issues an opinion only after Member States submit comments. Any upcoming amendments of national FDI control regimes will likely include adjusted timelines considering the new cooperation mechanism.

6. Investors will need to provide certain information to Member State authorities, which need to share that information with the EU Commission and other Member States. Member States – with or without a national FDI screening process in place – can always request that the EU Commission issue an opinion or that other Member States provide comments on an FDI that they consider might adversely affect their security or public order. The new rules establish an exchange of information between Member States and the Commission on the investor's and the target's ownership structure, their market activities, and locations of their economic activities, the approximate value of the investment, its funding, and its source, as well as the timeline of the investment. The FDIR obliges investors and target companies to provide information upon request by the Member State where the investment takes place, irrespective of whether that Member State has implemented a screening mechanism. Member States must establish contact points where they can share information. The new rules aim to secure confidentiality and protect all data that are collected and transmitted via the cooperation mechanism. The information shall only be used for the purposes for which it was requested. Member States and the Commission have to ensure that classified information will retain its status and level of protection. Investors need to be aware that information will be shared broadly and should consider the types of information to be shared.

7. Multijurisdictional analysis for relevant investments is required in order to assess if, when, and where screening procedures are triggered and whether a filing is mandatory. We note that the FDIR expressly does not apply to mere portfolio investments. However, such investments may still be subject to review under national control regimes. As Member States remain in charge of the screenings, and as the question of notification or screening for an FDI is an issue of national law, investors need to determine their obligations under various Member State laws and regulations. For global transactions, investors should conduct a multijurisdictional FDI analysis similar to the multijurisdictional analysis established for merger control laws. National screening mechanisms differ widely in their scope and design: thresholds, timelines, and notification requirements as well as the potential consequences and penalties for violation of the national law requirements are different in each Member State. Investors and sellers should evaluate timing and potential regulatory restrictions when planning a transaction.

8. There is a "dual track" of merger control and FDI screening proceedings. A transaction may fall within the scope of a national FDI screening while also reaching the thresholds of the EU Merger Control Regulation. For EU merger control, the parties must notify the EU Commission about the transaction. The Commission also renders a decision, as it holds exclusive jurisdiction in this respect. If a transaction does not reach the EU merger control thresholds, national merger control may still apply alongside FDI control. Accordingly, dual or multiple notifications with different authorities may be required. While an FDI screening may be politically driven, particularly with respect to the involvement of a foreign government in a specific FDI, EU merger control does not allow for political considerations. However, according to the European Merger Control Regulation's regime, Member States can take "appropriate measures" to protect legitimate interests such as public security in respect of a transaction that requires notification. In order to avoid conflicting regulatory approaches, the new FDI regulation states that FDI control should be applied in a manner that is consistent with merger rules.

9. Germany has moved ahead and is already set to screen FDI in certain critical infrastructures, as well as certain related software and media companies, including 10% minority investments. The German government intensified its FDI screening rules in July 2017, when it introduced an obligation to notify authorities about investments in critical infrastructure and extended examination periods. Since December 29, 2018, the relevant threshold for FDI in critical infrastructure and companies subject to sector-specific control is now at only 10% of the voting rights, a significant drop from the 25% threshold formerly contained in the German Foreign Trade Regulation. The 25% threshold now only applies to transactions outside the scope of mandatory notification requirements. Furthermore, with regard to the media sector, investments in certain companies that contribute to shaping public opinion may now be screened to safeguard media pluralism and freedom of the press against foreign interference and disinformation. The German government will likely amend its national rules again to include additional infrastructures and technologies that are listed in the FDIR.

10. France added additional sectors and is further tightening its FDI control regime. Similar developments are taking place in France, where a government proposal to reform FDI screenings as part of the Action Plan for Business Growth and Transformation was adopted by the National Assembly on April 11, 2019. The reform will leave the competent French authorities with broader and more specified remedial powers to enforce compliance with prior authorization requirements relating to certain FDI as well as commitments obtained from foreign investors in order to safeguard French national defense and security interests. Furthermore, pursuant to a national decree in effect since January 1, 2019, the scope of French foreign investment control has been expanded to cover additional economic activities and sectors, such as specific IT systems needed for the police, as well as research and development in the sectors covered by the control regime and dealing with, inter alia, cybersecurity, artificial intelligence, robotics, and dual-use items. The decree also extends the scope of aspects to be considered by French authorities when assessing a proposed foreign investment, such as the protection of technologies and data.


The new framework offers both advantages and challenges for those involved in FDI transactions.

  • By design, the FDIR is not anticipated to significantly restrict foreign investments compared to the status quo. Indeed, the FDIR acknowledges that FDI is important to the EU's growth and competitiveness. However, the FDIR will still have an impact on the number and duration of FDI screenings under national laws, which may add time and regulatory complexity to the screening process.
  • At the same time, the FDIR will likely also bring about a certain harmonization of the screening mechanisms already established in half of the Member States, and allow for the development of practices for sharing information and common procedural safeguards across the Member States.

It bears close watching how national regulators will proceed with screenings of transactions involving critical infrastructure and technologies or government-backed foreign investors, the extent to which such screenings are influenced by input from the EU Commission or other EU Member State governments, and how national and EU courts will interpret the new rules. Opportunities for Member State authorities to screen transactions of concern will likely arise sooner rather than later, as investors continue to eye EU-based target companies and national governments begin to make changes in advance of October 11, 2020.

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions