Foreign direct investments regime in Norway and its implications for M&A

18 January, 2024 Articles and publications

Written by Associate Iva Svalina.

In the context of the current global economic landscape, cross-border investments are significantly contributing to Norway's economic growth, echoing similar trends worldwide. However, it's clear that this interconnectedness can bring both benefits and risks to national security interests. The concern arises from the possibility that investment in companies within specific sectors could compromise vital interests of the states. For instance, there is a risk that such investments might grant foreign states undesired access to critical knowledge, technology, or strategically located properties. Moreover, there is a growing concern that certain investments can be used to influence decision-makers in the states.

The intersection of economics and safety has led many European nations, including Norway, to re-evaluate existing regulations or institute new ones to control investments from third countries. The goal of these regulatory measures is to find a balance between economic interests, transparency, and protection of national security.

The European Union's framework for screening foreign direct investment (FDI), implemented on October 11, 2020, has triggered specific developments in Nordic FDI legislation, including that of Norway. The Norwegian Act of 1 June 2018 No. 24 concerning National Security (the "Security Act") came into effect on January 1, 2019. This legislation includes rules governing ownership control, requiring the assessment and approval of acquisitions that may conflict with national security interests within the framework of chapter 10 of the Security Act. The objective is to ensure that investments crucial to national security interests are thoroughly captured and assessed by the authorities. Importantly, the scope of chapter 10 of the Security Act extends beyond foreign investments, enabling the screening of acquisitions in entities covered by the Security Act by domestic acquirers.

In response to the evolving threat landscape, the Norwegian Parliament adopted amendments to the Security Act in June 2023. These changes aimed to refine the existing provisions on ownership control, acknowledging the increasing complexity of threats to security interests. In the proposal for the amendments to the Norwegian Parliament, the Ministry of Justice specifically referenced potential consequences stemming from the war in Ukraine on foreign investments, the increased Chinese investments in Norwegian companies, and the growing employment of tactics to gain access to sensitive technology in Norway. Crucially, the Ministry of Justice emphasized the delicate balance needed to address such risks while maintaining an open market for investors.

The following will briefly discuss the most important changes to the Security Act, considering that some of the amendments came into effect on July 1, 2023, while others are yet to come into force.


Entities subjected to FDI screening

When assessing the obligation to notify Norwegian authorities of an acquisition, two key factors must be considered: (i) the targeted company must fall under the scope of the Security Act, and (ii) the acquisition must constitute a qualified ownership interest in an entity subject to the Security Act.

With regard to the first point, effective as of July 1, 2023, the amendments expanded the scope of the Security Act to include entities that meet specific criteria. The Security Act now applies to governmental, county and municipal bodies, suppliers of goods or services in connection with classified procurements pursuant to Chapter 9 of the Security Act, and entities that, by decision of the relevant ministry, or alternatively the Norwegian National Security Authority, are subjected to the Act because the entity: i) handles classified information, ii) controls information, information systems, objects or infrastructure which are of vital importance to fundamental national functions, or of vital importance to national security interests, without being directly linked to a fundamental national function, and (iii) engages in activities which are of vital importance to fundamental national functions, or of vital importance to national security interests, without being directly linked to a fundamental national function. Furthermore, the relevant ministry has the authority to determine that entities with merely material importance to national security interests or fundamental national functions should be included in the FDI screening process concerning changes in control within these entities.

This, among other revisions, expands the scope of the Security Act, providing the relevant ministry with enhanced flexibility in deciding which entities fall under the FDI screening regime. As an illustration of entities that may undergo FDI screening, depending on the circumstances, the Ministry of Justice points to those operating in groundbreaking technologies such as artificial intelligence and cloud services.

It is crucial to highlight that, unlike many European countries where FDI screening encompasses all entities within specific sectors, the Norwegian screening regime is not limited to particular sectors. Instead, it extends to entities included in the scope of the Security Act through individual decisions made by Norwegian authorities. Notably, there is no publicly available list of entities subjected to the Security Act. Therefore, investors should seek to confirm with the target whether it has been subjected to the Security Act through such individual decision.


Lowering the thresholds invoking the notification requirement

Further amendments to the Security Act, enacted by the Norwegian Parliament in June 2023 (not yet in force), include a change to the definition of a qualified ownership interest, constituting the second requirement triggering the application of the FDI screening regime.

Under the forthcoming regulations, the direct or indirect acquisition of 10% of a company's share capital, interests or voting rights, along with subsequent acquisitions leading to ownership interests reaching or exceeding 20%, 1/3, 50%, 2/3, or 90%, will trigger the notification obligation. This expands the scope of the Security Act to include more transactions compared to the existing framework, which currently triggers the Security Act's application only for direct or indirect acquisitions of at least 1/3 of the ownership interest. The Ministry of Justice, in proposing the adjustment to the notification obligation's entry point of 10%, cited various reasons for this amendment, including the existence of a corresponding entry point in Denmark. Importantly, the recently enacted Swedish FDI Act, effective from December 1, 2023, adopts the same entry point.

Under the current rules, which will remain unchanged, a qualified ownership interest will also exist if the acquirer gains significant influence over the management of the company in another way. Consequently, acquirers of small minority shareholding in entities must conduct a thorough assessment to ascertain whether they fall within the scope of this provision. This assessment should particularly focus on the existence of specific provisions, such as those within shareholders' agreements, granting such minority shareholders certain rights within the entities.


Inclusion of seller's and target's obligation and introduction of the standstill obligation

Two more substantial changes are introduced by the amendments from June 2023. Firstly, the duty to notify now extends to both the acquiring entity and the seller/target entity, departing from the previous rule where the responsibility rested solely on the acquirer. The Ministry of Justice justified this alteration by emphasizing the importance of informing authorities about ownership changes, broadening the obligation to notify to include more involved parties, and thereby enhancing control in the application of the Security Act. It is worth noting that, given the potential challenge for the seller/target entity in determining the necessity for notification in cases of indirect acquisitions, the duty to notify applies to the seller/target entity only in instances of direct acquisitions that trigger notification requirements.

The further amendments concern the notification process. Under the existing regulations, the National Security Authority or the relevant ministry is required, within a 60-working-day timeframe, to either inform the acquirer of the transaction's approval or indicate that the matter will be referred to the King in Council for consideration. In the latter scenario, no statutory timeframe is prescribed for the approval of the transaction or, alternatively, for King in Council`s decision to impose certain conditions on the implementation of the transaction. However, under the newly introduced rule, while the existing deadlines remain unchanged, a novel provision stipulates a prohibition on advancing with the transaction until the relevant authority has completed the notification processing and reached a decision.

It`s crucial to note that the King in Council may prohibit the transaction or impose certain conditions only when the acquisition poses a not insignificant risk of threatening national security interests. Consequently, it is customary to include obtaining such approval as a condition for the completion of the transaction.


Sharing of information

The amendments of the Security Act also introduce a prohibition of information sharing in connection with the acquisition process, to the extent that the information could be employed for security-threatening activities, unless consent for such information sharing is obtained from the relevant ministry.

The rationale behind proposing this amendment is to ensure that potential acquirers, when initiating an acquisition process and before the implementation phase, do not obtain information that could be exploited for security-threatening activities. Examples include the use of information about technology and infrastructure by foreign states for their product development or the disclosure of vulnerabilities in specific industries or sectors. This modification will undoubtedly add complexity to the acquisition process for the involved parties, as they are now obliged not only to notify the acquisition but also to report any sharing of information falling under the provisions of this stipulation, as well as potentially impact a buyer's due diligence process.



While the current regulations do not envision legal penalties for failing to comply with the duty to notify business acquisitions, the amendments introduced in June 2023, though not yet in force, propose the possibility of fines for breaches, if the breach is determined to be either intentional or negligent. Additionally, in instances where the King in Council decides to prohibit an acquisition or mandates specific conditions for its implementation, and such decisions or orders are violated either intentionally or negligently, after the amendments take effect, criminal penalties may be imposed.


Moving forward and impact for investors and M&A players

As Norway fortifies its regulatory framework for foreign direct investment, the significant implications for existing or potential investors are yet to be fully realized. According to the information provided by the Norwegian National Security Authority, around 50 acquisitions were reviewed as security-threatening acquisitions in 2022 alone, with two-third of those transactions having connections with China or Russia. With a broader range of businesses potentially subject to the screening process and an increased risk linked to the imposition of sanctions, along with the necessity to evaluate the potential impact of the rules on transaction timelines, navigating this evolving landscape will demand investors' nuanced understanding of the amended Security Act. This understanding is crucial to ensuring that investments align seamlessly with the updated regulatory framework.

Despite the imposed amendments, questions about Norway's FDI regime alignment with European standards persist. This is illustrated by the report delivered by the Investment Control Commission in December 2023, appointed by the Norwegian government to examine the foreign direct investment framework in Norway. The Investment Control Commission concludes that the existing FDI regime faces dual challenges: it is considered too narrow and fragmented, resulting in a lack of systematic coverage, and it lacks predictability and standardization. As emphasized by the Investment Control Commission, these deficiencies may lead investors to prefer to invest in other markets over Norway. Crucial issues highlighted by the Investment Control Commission include the need for systematic and comprehensive coverage of relevant cases, transparency on investments subject to control, standardized assessment criteria, and the necessity to create a framework aligned with European standards and the EU's FDI Screening Regulation. Whether the Investment Control Commission's extensive proposals will translate into further reforms of the FDI regime remains unclear.

A recent case from Denmark vividly illustrates the intensified scrutiny of foreign investments. In 2023, Denmark marked a significant milestone with its first-known rejection of the authorization of a foreign investment. The Danish authorities declined the acquisition by the Japanese enterprise Hamamatsu Photonics K.K. of NKT's subsidiary NKT Photonics Management Europe S.R.L, a recognized supplier to the defense industry, emphasizing the heightened control and careful consideration surrounding foreign investments in the region.

Investors are therefore encouraged to thoroughly assess the FDI regime during the planning phase of their transactions to minimize risks related to the execution and timing of the acquisitions.



André Høgdahl
+47 477 98 304

Martin Gunnerius Unneberg
+47 477 98 301

Iva Svalina
+47 477 98 305


Contact us


Related posts

A clear and bold header