UK Government Announces Targeted Refinements to the National Security and Investment Act Regime

The UK has announced a series of targeted refinements to the National Security and Investment Act 2021 (NSI Act), signalling where future deal‑making friction may arise and where unnecessary notifications will be reduced. The changes recalibrate, not overhaul, the mandatory notification regime, sharpening definitions in some areas while expanding the perimeter in others.

On 12 March 2026, the government published its response to the consultation on changes to the Notifiable Acquisition Regulations (NARs). The objectives are clear:

• Align the screening framework with current national security risks, and
• Reduce low‑risk, unnecessary notifications by giving businesses greater clarity

Secondary legislation and updated guidance will follow later in 2026. Until then, the current rules remain in force, but the policy direction is now unmistakable.

For firms involved in M&A, minority investments, restructurings, internal reorganisations, or strategic stakes in sensitive sectors, these refinements matter. The NSI regime already mandates pre‑completion notification for acquisitions involving entities active in 17 sensitive areas of the UK economy. The March 2026 announcement does not replace that framework, it refines how several sector definitions operate and expands the regime in one major new area.

At a Glance: What’s Changing

• AI: Routine and “off‑the‑shelf” use pushed out of mandatory screening
• Water: Added as a new notifiable sector
• Communications: Narrowed to avoid low‑risk captures
• Data Infrastructure: Clarifications to scope and drafting
• Critical Suppliers to Government: Precision improvements
• Energy: Thresholds retained, with more guidance coming
• Advanced Materials & Synthetic Biology: Updated schedules retained

What Has the Government Actually Changed?

The consultation response confirms five main outcomes. The government will:

• Refine the Critical Minerals, Semiconductors, Artificial Intelligence, and Communications schedules to reduce low‑risk captures
• Make clarifying amendments to Critical Suppliers to Government, Data Infrastructure, Energy, and Suppliers to the Emergency Services
• Create a new Water sector schedule
• retain the updated Advanced Materials and Synthetic Biology schedules
• Publish more detailed guidance to address recurring interpretation issues

Below are the commercially significant points.

1. “Off-the-shelf” AI use is being pushed out of mandatory screening

Summary: The AI schedule will focus on developers and modifiers, not routine users

The government wants AI screening to target activities with a direct national security connection. The response confirms exclusions for:

• routine business use of non‑consumer AI systems
• use of licensed third‑party AI systems
• routine modifications, testing and deployment activities
• internal IT policy‑driven adjustments

The schedule will be refocused to capture entities that create or materially modify AI systems, rather than ordinary end‑users.

Commercial impact: This should materially reduce unnecessary filings for businesses that use AI internally but do not develop or significantly alter it. Investors and corporate groups may find fewer transactions falling into mandatory notification solely because AI tools are used in operations.

2. Water is being added as a new notifiable sector

Summary: The most consequential expansion is the creation of a new Water schedule.

For the first time, the water sector will fall within mandatory notification. The government cites the sector’s national security relevance and the need for consistent oversight.

In scope:

• water and sewerage undertakers
• NAVs, subject to a minimum size threshold so that only larger NAVs are captured

Commercial impact: For infrastructure investors, utilities specialists, sovereign investors, private equity houses, and lenders with step‑in or enforcement rights, this is likely to be one of the most significant changes in the 2026 package. Deal timelines, diligence processes, and transaction structuring will need to adjust.

3. Communications rules are being narrowed to avoid low-risk captures

Summary: Refinements aim to reduce inadvertent captures of peripheral service providers.

Key changes include:

• narrowing the repair and maintenance limb to companies operating a cable repair vessel for subsea cables
• limiting the schedule to repair and maintenance of fibre optic cables used for signal conveyance or relevant network equipment within a cable landing station
• ensuring that only activities requiring access to the network or service are captured

Commercial impact: These refinements should reduce the risk that low‑risk or peripheral service providers are inadvertently brought into the mandatory regime, improving certainty for communications infrastructure transactions.

4. Data infrastructure and government supplier definitions are being clarified

Data Infrastructure

The government will:

• retain the broader focus on third‑party operated data centres, cloud providers and managed service providers
• remove public sector authority processing from this schedule where it is better addressed under Critical Suppliers to Government
• make a technical amendment to the data centre definition
• publish updated guidance

Materiality thresholds for data centres were considered but rejected, as smaller facilities can still be mission‑critical.

Critical Suppliers to Government

Changes are mainly drafting clarifications:

• adjusting the OFFICIAL‑SENSITIVE data wording to “will or is likely to result in”
• clarifying the meaning of “ministerial department”
• identifying which other bodies are in scope

The government emphasises these are clarificatory, not a policy expansion.

5. Energy thresholds are staying, with more guidance to come

Summary: Thresholds remain, but drafting fixes and clearer guidance are expected. The government will retain the proposed 500MW minimum and incremental thresholds, while making drafting improvements and issuing clearer guidance.

Commercial impact: For firms building acquisition strategies across generation, storage, aggregation, and interconnection assets, cumulative holdings and increment‑based triggers can create filing obligations that are easy to miss without robust pre‑deal analysis.

What Does This Mean for Transaction Parties?

The rules have not changed yet. Secondary legislation and updated guidance will follow later in 2026. But the announcement provides a clear signal of where UK policy is heading.

Three immediate implications stand out:

1. Review NSI screening logic now

Firms with exposure to AI, digital infrastructure, communications, energy, and now water should refresh internal decision trees. Some areas are narrowing; others are expanding.

2. Expect a period of definition‑driven analysis

Distinguishing:

• end‑use vs development
• routine deployment vs material modification
• ordinary service provision vs critical infrastructure access

…will remain central to determining whether a filing is mandatory.

3. NSI is only one part of the control framework

NSI analysis often sits alongside:

• merger control
• sectoral approvals
• foreign direct investment regimes
• issuer‑specific or national security ownership constraints

Coordinating these regimes quickly enough to keep execution on track remains a core challenge.

Why This Matters for Funds‑Axis Clients

For firms managing complex holdings, delegated structures, multi‑jurisdictional portfolios, and high transaction volumes, NSI compliance is difficult to run manually with confidence.

Regulatory scope evolves. Sector definitions change. Guidance matters. Facts must be mapped to rules consistently and evidenced clearly.

The 12 March 2026 announcement illustrates why firms need a structured, rules‑driven approach to investment screening and regulatory event detection:

• A narrowed AI definition may reduce unnecessary filings.
• A new Water schedule may create entirely new mandatory touchpoints.
• Small drafting revisions can shift a transaction inside or outside the filing perimeter.

This is exactly where a rules‑based system adds value: turning evolving legal definitions into repeatable operational logic, supported by transparent data, auditable analysis, and timely escalation.

Final thought

The UK government’s 12 March 2026 announcement is best understood as a targeted recalibration of the NSI mandatory notification regime. The goal is to preserve national security oversight in genuinely sensitive areas while reducing avoidable friction for lower‑risk business activity.

For market participants, the message is clear:
Now is the time to review NSI workflows, refresh sector mapping, and prepare for the 2026 legislative updates before they become a deal execution issue.

If your firm is reassessing how it identifies and manages UK national security screening risk, Funds‑Axis can help translate changing NSI requirements into practical operational controls, screening logic, and audit‑ready workflows.

Source note: Primary sources used for this article were the UK government’s 12 March 2026 press release and the consultation response on the NSI Act Notifiable Acquisition Regulations.