Changes to the German Foreign Trade and Payments Ordinance (Außenwirtschaftsverordnung – FTPO) will impact certain cross-border transactions.

Key Points:

• The changes, which entered into force on 18 July 2017, allow the German government to scrutinize more broadly the direct and indirect acquisitions of German companies active in “particularly security-sensitive areas.”

• The affected industry sectors subject to potential scrutiny now explicitly include energy, water, nutrition, information technology, healthcare, financial services and insurance, transport and traffic, as well as related software.


The FTPO revisions apply to non-EU investments in German companies and implement changes to both the substantive and procedural rules. The rules now in effect will significantly expand the scope of review proceedings in M&A transactions involving non-EU investors.

Previously, non-EU investors were not required to notify the German government of the direct or indirect acquisition (defined as an acquisition of at least 25% or more of the voting rights) of a German company, unless the company was active in developing or manufacturing of defense and encryption technology. Previously, the German Federal Ministry for Economic Affairs and Energy (BMWi) could conduct an ex officio review within three months of the acquisition. Non-EU investors could request a certificate of nonobjection from the BMWi prior to closing to avoid legal uncertainty.

By contrast, the new rules introduce a notification requirement for non-EU investment in critical infrastructure and security-related technologies and extend the review periods for the BMWi. Notably, the new review periods no longer align with the review periods in German merger control proceedings and may lead to delays in closing timelines.

Investments in critical infrastructure and security-related technologies

Under the amended rules, an acquirer of at least 25% of the voting rights of a German company that is active in the area of critical infrastructure or security-related information technology now has an obligation to notify the BMWi of the proposed acquisition.

The FTPO defines critical infrastructure in line with (and with explicit reference to) the German Act on the Federal Office for Information Security (Gesetz über das Bundesamt für Sicherheit und Informationstechnik) to include the following sectors:

• Energy (supply of electricity, gas, fuel, fuel oil, and district heating)

• Water (drinking and wastewater) and nutrition (food production, processing, and retail)

• Information technology (speech and data transmission, data storage, and processing)

• Health (stationary health care, supply of life-sustaining medical devices, prescription drugs)

• Financial services and insurance (cash money supply, monetary transactions, handling of security and derivative transactions, insurance services)

• Transport and traffic (air and rail transport, inland and maritime navigation, road, and local public transport)

In addition, the FTPO defines security-related technologies as:

• Software designed specifically for areas of critical infrastructure (e.g., hospital information systems, power plants software, drinking water facilities)

• Companies in the area of communications interception

• Cloud computing providers beyond certain infrastructure thresholds (e.g., access to server farms)

• Companies in the area of health telematics

Notification obligation

Upon notification, the BMWi will examine whether the transaction poses a threat to public policy or security. The amended rules define, for the first time, what might constitute a threat to public order or security. In particular, a threat may exist if the target has business activities in the area of critical infrastructure or security-related technology (as defined above).

In addition, the new rules clarify the FTPO will also apply to direct corporate acquisitions by EU entities that — except for the acquisition — have no significant business activities and no permanent presence in the European Union / European Free Trade Association area. The clarification confirms the FTPO’s scope to cover indirect corporate acquisitions by non-EU investors using EU entities to circumvent the notification requirement. Under the new rules, not only the direct acquirer, but also such indirect acquirers may be obliged to submit relevant documents upon the BMWi’s request.

Extended periods

The BMWi can decide to initiate formal review proceedings within three months of notice of the signed contract underlying the transaction. If the BMWi opens formal review proceedings, it can issue obligations and conditions or (in the worst-case scenario) prohibit the transaction based on public security concerns within four months of obtaining all relevant documents (instead of the former two-month period). If the parties do not submit a notice, the BMWi has jurisdiction to review the investment within three months of its knowledge of the signing. However, the BMWi cannot open formal review proceedings if more than five years have elapsed since the signing of the contract.

If an obligation to notify the transaction does not apply, the parties can request from the BMWi a binding certificate of non-objection. In the case of such a request, the BMWi must decide within two months (instead of the former one-month period) whether it wants to open formal review proceedings. If the BMWi does not make a determination within two months, the certificate of non-objection is deemed to have been issued.

Defense sector (sector-specific review procedure)

The amended FTPO expands the previous notification obligations to transactions specifically related to arms and defense involving non-German investors. Under the amended rules, a notification obligation will also apply to the key areas of encryption technology, reconnaissance sensor technology, armed platforms, and underwater units, as well as protection technologies. In an investigation proceeding, the BMWi will decide within three months of obtaining all relevant information (instead of the former onemonth period) on the compatibility of the transaction with German security interests or on possible conditions and obligations.

Conclusion and final remarks

In practice the amended FTPO will mean that more acquisitions involving non-EU investors will be notified to BMWi. Foreign investors looking to acquire German corporations should plan for additional time in their closing schedules, if acquisitions fall within any of the regulated industry sectors.

Investors should note that several other countries, including US, Canada, China, France, and Russia conduct similar reviews of foreign investments in businesses with operations in their jurisdictions. Therefore, multinational transactions may need to undergo separate national security reviews in more than one country.

In particular with respect to the US, the Committee on Foreign Investment in the United States (CFIUS) evaluates the US national security impact of acquisitions of ‟control” by foreign persons of US businesses, and Latham is also well-positioned to assist with respect to the CFIUS review process.