Defence investments and ownership control

In brief, investors and advisers must navigate a complex landscape in which the authorities' power to intervene in the interest of national security, enacted and forthcoming legislative changes, the export control regime and contractual obligations may all have implications for transactions in the sector.

This is a natural consequence of the current security policy situation. This year's threat assessments identify economic activity threatening national security, including acquisitions and investments, as a key instrument for state-sponsored threat actors seeking access to Norwegian technology. Ownership control is one of several instruments for managing these risks.

The ownership control regime under the Norwegian National Security Act

The Norwegian ownership control regime, set out in Chapter 10 of the Norwegian National Security Act (the "Security Act"), currently applies only to entities that are actively subject to the Act through an individual decision by a ministry or the Norwegian National Security Authority (Nasjonal Sikkerhetsmyndighet, “NSM”). Following the entry into force of the amendments enacted in 2023, however, ownership control will also apply to all suppliers in classified procurements holding a facility security clearance.

The acquirer of an entity subject to ownership control is obliged to notify the relevant ministry or NSM upon acquisition of one-third of the entity, or other significant influence over the entity. Following the amendments, the notification threshold will be lowered to acquisitions of 10 per cent, with further notification obligations upon increases to 20 per cent, one-third, 50 per cent, two-thirds and 90 per cent.

It is important to note that the notification obligation is also triggered where an ownership position confers, through articles of association, shareholders' agreements or de facto control, the right to appoint a majority of the board, block key decisions or otherwise exercise significant influence. The structure surrounding an investment, including board appointment rights, veto clauses, information rights and covenants in financing agreements, may therefore be decisive.

In contrast to the rules in many other countries, ownership control in Norway applies regardless of the acquirer's nationality or affiliation.

For defence suppliers that are not subject to the Security Act by way of a decision, there is currently no formal ownership control in Norway. In contrast to a number of other jurisdictions that have introduced sector-specific regimes for investment control in the defence sector, the Norwegian framework means that significant parts of defence-related business activity fall outside the ownership control regime under Chapter 10.

There are, however, mechanisms that may trigger notification or approval requirements also outside Chapter 10. Suppliers holding a facility security clearance are required under Section 9-3 of the Security Act to notify NSM of changes to their ownership structure, a notification obligation that is legally distinct from the notification obligation under Chapter 10. Defence suppliers may further have contractual notification obligations towards customers upon changes of ownership.

Finally, the King in Council (the government) has a safety valve in Section 2-5 of the Security Act, which allows intervention against any ongoing or planned activity that poses a "non-negligible risk that national security interests will be threatened". It was this provision the King in Council invoked when the sale of Bergen Engines to TMH International AG, a Swiss-registered subsidiary of the Russian Transmashholding Group, was blocked in March 2021. The King in Council emphasised, among other things, the group's ties to Russian power elites and the defence industry, the risk of transfer of sensitive technology to Russian authorities, the company's role as a supplier to the defence sector and the strategic location of the company's property in Bergen adjacent to defence installations.

Case handling and time limits

Where the target company in a transaction is subject to ownership control under Chapter 10 of the Security Act and a notification obligation applies, the relevant ministry or NSM is required to process the notification "as quickly as possible". The authority has a final deadline of 60 working days from receipt of the notification to inform the notifier whether the transaction is approved or whether the case will be referred to the King in Council. If the authority requests additional information within 50 working days, the deadline is suspended until the acquirer's response is received. Note that the 60-working-day deadline applies to the authority's obligation to inform the notifier, which does not necessarily coincide with the point in time at which a final decision is made.

Outside Chapter 10, there is no statutory deadline for the authorities' processing, for example in the event of recourse to the safety valve in Section 2-5. Depending on the nature of the transaction, there may nevertheless be good reasons to engage proactively with the authorities early in the process, even where this is not legally required, in order to avoid delays. The timeline for a transaction should allow for such processes to take time, and the long-stop date in the transaction agreement should be set accordingly.

Regulatory developments

As noted at the outset, the regulatory framework is evolving. Parties planning transactions in the sector should already factor in that enacted and forthcoming legislative changes may enter into force during the transaction process. The enacted amendments to the Security Act introduce, among other things, (i) a standstill obligation, meaning that notifiable acquisitions may not be completed until the notification has been processed, (ii) a prohibition on the sharing of information that may be used for security-threatening activity without consent from the authorities, even where the information is not classified, which will affect due diligence processes, and (iii) a standalone notification obligation for the seller and the entity subject to the Act, in addition to the acquirer's existing notification obligation.

The draft regulations that have been subject to public consultation further indicate that a broad range of financial and operational agreements may become subject to notification requirements where they confer control-like influence. The amendments will enter into force by Royal Decree and require new regulations; the consultation has been completed, and the matter is currently recorded as "under consideration".

In parallel, the Ministry of Trade, Industry and Fisheries is working on a new act on control of foreign investments outside the Security Act, based on the report of a government-appointed committee, NOU 2023:28 (Investment Control – An Open Economy in Uncertain Times). The committee recommended that a new, standalone act on investment control be drafted to consolidate and replace the current fragmented regime. At its core, the proposal envisages a notification scheme with a mandatory notification obligation for foreign direct investments in security-sensitive sectors, combined with a voluntary notification scheme for other sectors. The committee further recommended that all cases be handled by a single dedicated authority at agency level, and that the regulatory framework be aligned with European frameworks on screening of foreign direct investments. The legislative proposal is expected to be sent for public consultation in the first half of 2026.

Other regulatory considerations

Advisers and investors should also note that the Norwegian export control regime applies to the transfer of controlled knowledge and technology out of the country, including through digital access and to foreign nationals ('deemed exports'). This may have practical implications already during the transaction process, including in the structuring of data rooms and information sharing.

The regime discussed above concerns obligations in Norway. Even where a transaction is not subject to ownership control under Norwegian law, it may trigger notification obligations in other jurisdictions where the target company, or its subsidiaries, is registered or has operations. Many jurisdictions have significantly more extensive rules than Norway, particularly for suppliers to the defence sector. Potential notification obligations in other jurisdictions should be mapped early in the transaction process, and the timeline should allow for parallel processes that may need to be conducted with different deadlines.

The regulatory landscape is complex, but with thorough mapping of the relevant regulatory frameworks, early dialogue with the authorities where relevant, and a well-considered timeline, transactions can be completed in a sound and predictable manner.

This article is provided as general information and do not constitute legal advice.