New Swedish Merger Control Regime for Businesses and Assets Vital to National Security

Authors: Peter Forsberg and David Olander 

Sellers of security-sensitive businesses and assets will be obliged to obtain approval from the Swedish Security Service

On 1 January 2021, new provisions were enacted in the Swedish Security Protection Act (in Swedish: säkerhetsskyddslagen), which require sellers of security-sensitive businesses or assets "that are vital to Sweden's national security" to obtain approval from the Swedish Security Service (in Swedish: Säkerhetspolisen) before the transfer is carried out.

The new regulation does not apply to shares in publicly listed companies, real estate, or foreign direct investments, but the government has announced that it is contemplating new rules in these areas as well. The purpose of the new regulation is mainly to allow the government to intervene in transfers of critical infrastructure and technology to any “antagonistic actor” who is deemed inappropriate with regard to national security.

Unlike the merger control regime under competition law where the buyer is obliged to obtain approval, the Security Protection Act requires that the seller assess whether the business or assets are vital to Sweden's national security, and, if so, whether the transfer is appropriate. If the seller deems that the business is admittedly sensitive to national security, but that a transfer is still appropriate, the seller is obliged to consult the Swedish Security Service about the appropriateness of the transfer. The Swedish Security Service’s processing time has not been set forth in detail, but the Administrative Procedure Act generally requires that authority matters be handled as simply, quickly, and cost-effectively as possible without compromising the rule of law.

Businesses and assets covered by the new control regime

The Security Protection Act's merger regime is applicable to business activities and assets vital to Sweden's security. However, the law does not contain any definition of "Sweden’s security", nor has the Swedish Security Service issued any guidance on the matter. In the preparatory works of the act, it is stated that the term “Sweden's security” relates to business activities and assets of fundamental importance to Sweden and that both military and civilian activities are covered, as long as they have such significance.

In addition to military activities, this may include important civilian infrastructure, such as airports, energy facilities, and information systems for electronic communications. Another example is infrastructure critical to society, such as certain energy systems or systems for electronic communications, e.g. 5G infrastructure. The preparatory works also mention activities relating to data processing and information systems of crucial importance for control, e.g. regulation and monitoring of electricity and water supply, and digital infrastructure or data registers which are of fundamental importance to a functioning society. The health care sector is also mentioned briefly but is not dealt with in detail in the preparatory works.

The new regime may thus have a broad scope of application, which could possibly be explained by the logic behind the Security Protection Act, which is based on the business operator’s obligation to carefully analyse and identify whether there is a need to implement security protection measures.

The Swedish Security Service obtains far-reaching powers

If the Swedish Security Service finds that a transfer is unsuitable with reference to national security, it may block the transfer. There is no possibility for the Swedish Security Service to clear the transfer under certain specified conditions. A transfer in violation of a prohibition is automatically deemed invalid and the civil law consequence of this is that the relevant agreement cannot be enforced between the parties.

The Swedish Security Service may also, under penalty of a fine, order both the seller and the buyer to take any measures the Swedish Security Service deems necessary to prevent damage to Sweden's security. As an example, the Swedish Security Service may decide that a buyer must return certain assets or prohibit assets from being taken out of the country.

If a transfer is carried out without the Swedish Security Service having been consulted beforehand and the conditions for blocking the transfer are met, the Swedish Security Service may decide to prohibit the transfer after the transfer has been carried out. It should be noted that the possibility of the Swedish Security Service to intervene in transfers after closing has not been limited in time.

The Swedish Security Service’s prohibition may be appealed to the Swedish Government instead of a court, which has been justified on the grounds that these types of transfers often raise sensitive foreign, defence, and security policy considerations that should be handled by the Government instead of a court.

Implications for the M&A process

By its wording, the new regulation has a potentially broad scope of ​​application, and there may be some demarcation problems in connection with the seller’s assessment of whether a consultation with the Swedish Security Service is required. The fact that the Swedish Security Service may, without limitation in time, review the transfer retrospectively may also lead to a certain degree of uncertainty as to the completion of the transfer as the Swedish Security Service may invalidate agreements after closing. Against this background, it is advisable for the parties to any transaction that may relate to security-sensitive business activities or assets to carefully consider whether the Security Protection Act's control regime is applicable.