The UK and the US continue to adapt to global threats and shared national security risks
The UK and the US are focused on common national security risks, including preventing foreign access to key emerging technologies, the integrity of the defence supply chain, protection of critical infrastructure, and advancements of research and development. There have been a series of announcements, rules, and regulations promulgated by the UK and the US over the last year, intended to better protect the common national security interests of both.
Providing "a point of view like no other”, members of WBD's Global Defence and Security Solutions team have co-authored paired articles with a focus on specific changes in each jurisdiction, with this article providing the UK perspective. The US corollary to this article is available here.
The evolving concept of national security in the UK and its impact on legislation
The National Security Act 2023 might have national security as its title but, on the face of it, this could be seen as misleading since the Act applies in a much broader context.
The Procurement Act 2023 contains a national security exemption and a number of exclusions and rights linked to national security, but without defining what the term means.
In the King's Speech in July 2024, we heard that the new Labour Government will conduct a Strategic Defence Review to ensure that the UK's defence capabilities are matched to the changing nature of global strategic threats.
In this article, we consider whether the approach to what is considered 'national security' is changing in the UK, and how this appears to be impacting on legislation. We also share insights from our WBD US counterparts on how the UK's approach compares to the position taken in the US.
The approach in the UK
The National Security Act 2023 (NSA) 'Espionage etc' offences
The NSA addresses the evolving threat of hostile state activity against the UK’s democracy, economy and values. The NSA equips law enforcement and intelligence agencies with updated tools to deter, detect and disrupt threats (including espionage, foreign interference, sabotage, disinformation and cyber operations). The NSA aims to keep the UK one step ahead of its foes, making it a harder target for hostile acts and responding to ever evolving technologies and methods.
We wrote about the NSA earlier this year and looked at the new measures it introduced. We noted that the NSA introduced three new espionage offences: obtaining or disclosing protected information, obtaining or disclosing trade secrets and assisting a foreign intelligence service. The Home Office says that these reformed offences enhance the UK’s capacity to counter espionage and help to keep the UK safe.
The offence of "obtaining or disclosing trade secrets" is introduced under the heading "Espionage etc". This suggests we might be concerned with trade secrets concerning covert surveillance or defence equipment, but in fact the offence occurs where a person "obtains, copies, records or retains a trade secret", or "discloses or provides access to a trade secret", in each case where they know or ought to know they did not have authorisation, and the "foreign power condition" is met. The foreign power condition also features in relation to the offence of "Obtaining or disclosing protected information".
One might therefore suspect that the foreign power condition, and the requirement for authorisation, are closely linked to the protection of national security. And the answer is probably yes, but depending on whether you have a very traditional view of what constitutes national security or reflect emerging and evolving concerns about the targeting of important, but not necessarily defence related, infrastructure. However, whereas the disclosing protected information offence requires that the conduct in question is for a purpose that was known, or ought reasonably to have been known, is prejudicial to the safety or interests of the United Kingdom, there is no similar wording in relation to the trade secrets offence. Instead reference is made to material that "has actual or potential industrial, economic or commercial value".
Foreign power condition
The application of the foreign power condition means that the offence will be committed if a person's conduct is carried out for or on behalf of, or to benefit, a foreign power. The NSA defines what is meant by a 'foreign power'. The definition includes foreign governments, heads of a foreign state and the governing political party of a foreign state. While the governing party in the Republic of Ireland is excluded, as well as registered political parties in the UK, the NSA does not exclude allies or friendly nations. On that basis, we see that the foreign power condition is drawn extremely broadly and could capture conduct which is carried out for any foreign power outside the UK, the Channel Islands, the Isle of Man or British overseas territories.
As noted above, in the case of the offence of obtaining or disclosing protected information, an offence is only committed where a person is acting for the benefit of a foreign power and the person knows that their acts would prejudice the safety or interests of the UK. The explanatory notes to the NSA state that the NSA does not define what is meant by 'the safety or interests of the UK' but that this has been interpreted in case law (Chandler v Director Public Prosecutions (1964) AC 763). We are therefore talking about the UK's safety and interests by reference to official state policy.
In contrast, the offence of obtaining or disclosing trade secrets contains a foreign power condition but does not require the person to know they are prejudicing the safety or interests of the UK. Instead, there is a requirement that the material has value and that the person's conduct is unauthorised and that they know (or should know) that it is unauthorised. The Home Office factsheet for the new espionage offences explains that the trade secrets offence reflects the "inherent wrongness of states seeking to acquire our trade secrets" and acknowledges the broader damage to the UK and our sectors from such actions. We see therefore the potential for the trade secret offence to apply to a broad range of trade secrets since the scope is not limited to military or classified material or to something that would prejudice the interests of the UK. This interpretation is reinforced by the explanatory notes to the NSA which includes examples of a person disclosing trade secrets relating to sensitive artificial intelligence technology and of a person disclosing access codes to a sensitive plan for a new clean energy technology. These are examples of trade secrets which have a commercial value but they could not, on the face of it, be said to relate directly to matters of national security.
Authorised
We will also need further guidance as to what is meant by "authorised" in the context of the disclosure of trade secrets in the NSA. The NSA itself gives little guidance, but the explanatory memorandum refers to a person obtaining a trade secret by breaching the terms of their employment contract or by unauthorised access to a computer system. There is no guidance as to whether any specific level authorisation is needed for the most sensitive of trade secrets, including trade secrets with a national security element.
So with the NSA, we are seeing a UK Act which purports (by its very title) to relate to matters of national security, but which in fact has a much broader remit. This leaves some uncertainty for UK suppliers to the defence industry, as well as to UK businesses more generally, in terms of when the sharing of trade secrets with overseas partners could constitute an offence under the NSA. For example, could a trade secret shared as part of a life sciences collaboration be caught by the NSA? UK businesses will want this certainty in order to provide necessary training and guidance to employees.
The Procurement Act 2023 (PA)
The PA consolidates three existing regulations into one legislative act.
We have been sharing updates about the PA over the past few months, looking at the Procurement Regulations 2024 and the progress of the PA. Most recently we have commented about what the PA means for defence related procurement and what is changing.
With the PA we see two changes which suggest a change in focus in respect of matters of national security.
The first is that the PA contains a national security exemption which is broader then the exemption currently included in the Defence and Security Public Contracts Regulations 2011. The contracting authority has the discretion to decide whether exempting the contract from the requirements of the PA is in the interests of national security. The Home Office guidance notes that the Act does not define national security to maintain flexibility. It gives the example of a procurement that is too sensitive to advertise or where the UK's national security interests mean that a UK supplier must deliver the contract. The PA also enables the contracting authority to exercise its discretion to exclude a supplier that is deemed by it to be a threat to national security and the PA provides a new mechanism to enable the termination of a contract if there is a change in circumstances relating to the threat posed to national security. So we see that the PA gives the contracting authority broad discretion to make decisions based on issues of national security, without defining what that term means.
The second is that the PA provides for the creation and maintenance of a centralised debarment list. This is a completely new concept for the UK, and is intended to provide additional protection against public contracts being awarded to unfit suppliers. Suppliers which are listed on the debarment list on the basis of a mandatory ground for exclusion must be considered an excluded supplier for the purposes of the procurement. The concept and terminology of "debarment" is well known in US law where the US government can take action to prevent businesses from contracting with the federal government. Could this represent the UK moving towards a more US approach in terms of how it approaches matters of national security and government contracting?
WBD's insight on the approach in the UK
The NSA and PA are very new Acts.
We know from the explanatory notes to the NSA that this is an Act which sees state threats in very broad terms, not only encompassing attacks on the UK's national security but also on its economy and democracy. We also know that the PA contains specific derogations for defence and security contracts and it remains to be seen how contracting authorities will exercise their rights and discretions in this space.
With these broader legislative approaches comes a degree of uncertainty for UK businesses. What will this new legislation mean in practice and how will it be applied? What do we mean by national security in the UK in 2024 and beyond?
WBD's insight on the approach in the US
The US is similarly focused on the impact of non-allied countries on national security, ranging from preventing access to key emerging technologies, impacting the integrity of the supply chain, acquisition of critical infrastructure or real estate, or the disruption of research and development of competitive advancements. There have been a series of announcements, rules, and regulations promulgated over the last year intended to better protect the national security of the US and its key allies such as the UK. A number of the approaches now being taken in the UK mirror developments in the US.
Similar to the UK, national security is now understood as a broad concept in the US. In particular, the US sees Foreign Ownership Control and Influence (FOCI) as an increasing risk to national security. FOCI exists when a business that provides products or services to the government is subject to control or influence by a foreign entity. More specifically, Foreign Ownership occurs when a foreign entity, whether a government, company, or individual, holds some form of an ownership interest in a business. Foreign Control occurs when a foreign entity has the power to influence or direct the policies, operations, or decisions of a business, through minority ownership, voting rights, board representation, executive management, contractual agreements, or other means. Foreign Influence refers to situations where a foreign entity has the ability to affect the decisions or actions of a business through subjective, informal, or indirect means, such as financial dependencies, strategic partnerships, or familial ties. Defence contractors subject to FOCI pose a risk to national security due to the ability of foreign entities to exploit their ownership, control, or influence, to access, manipulate, or sabotage sensitive government projects.
Another area of overlap is the concept of debarment introduced to the UK via the Procurement Act, which is also a familiar concept in the US. The US government uses both suspensions and debarment to protect federal government procurement from fraud, waste and abuse by non-responsible contractors. The US Federal Acquisition Rules (FAR) provides for contractors to be suspended or debarred where a contractor is directly or indirectly involved in wrongdoing or alleged wrongdoing, such as non-performance, fraud, forgery, bribery, falsification, adulteration of goods, making false statements, or destruction of records.
In a corollary to this article, U.S. members of WBD's Global Defence and Security team address how 'national security' considerations are changing in the US, and how those changes are impacting US national security related legislation. You can find the related WBD US Defence and Security team article here.
Do you want to know more about the National Security Act 2023, the Procurement Act 2023 or defence contracting?
Simply reach out to Stephen Anderson (if your query relates to UK contracting) or David Vance Lucas (if your query relates to US contracting).
This article is for general information only and reflects the position at the date of publication. It does not constitute legal advice.