With the 9th amendment of the German Foreign Trade and Payments Ordinance (Außenwirtschaftsverordnung) (“FTAPO”) adopted on 18 July 2017, the German Federal Government has specified and extended its powers to review and approve the acquisition of companies by investors outside of the European Union (“EU”) and, in the event of companies being active in the military sector, outside of Germany. Under the FTAPO, the German Federal Ministry for Economic and Energy (Bundesministerium für Wirtschaft und Energie) (“FMEE”) can review and veto the acquisition of a German company by a foreign investor when it poses a threat to public order or security.

By changing the FTAPO, the German Federal Government is responding to an increased number of acquisitions by foreign investors outside the EU which were involving German companies with key technologies such as the takeover of the German robot manufacturer KUKA and the attempted takeover of the German technology company AIXTRON which ultimately failed due to national security concerns of the U.S. foreign investment authority Committee on Foreign Investment in the United States.

The amendments have two significant consequences: the universe of companies whose acquisitions are subject to a national security review process has been further specified and, in the case of companies in the military sector, even expanded. In addition, the time span for the two-stage review process has been significantly extended.

Specification and extension of filing obligations

Except for companies being active in the military sector, the FTAPO used to be rather vague when it comes to determining which companies are subject to a national security review. In the past, all transactions which pose a “threat to public order or security” were subject to a review without any further specification. With the amendment of the FTAPO, it has been clarified that the acquisition of (i) operators of “critical infrastructures”, (ii) software companies that provide software to such “critical infrastructure” operators, (iii) certain cloud computing providers and (iv) companies dealing with telematics infrastructure for the healthcare industry are now explicitly subject to a review and approval by the FMEE.

“Critical infrastructure” operators include companies in the energy, IT, telecommunication, transport, health, water, food, finance and insurance sector. Only those infrastructure providers are “critical” which exceed certain thresholds laid out in an ordinance whose original purpose was to impose cybersecurity obligations on such companies (Verordnung zur Bestimmung kritischer Infrastrukturen nach dem BSI-Gesetz). For example, server farms with an average of 25,000 or more ongoing instances per year, hospitals with 30,000 or more inpatients per year, power generation plants with a net rated electrical output of 420 megawatts or more per year, operators of cash withdrawal authorization systems with 15 million or more transactions per year or operators of passenger handling systems at airports with 20 million or more passengers per year, to name a few, are now deemed to be “critical infrastructure” providers.

Foreign acquirers of such companies are now subject to a reporting requirement if the investor or a shareholder of the investor holding25 % or more of the voting rights is from outside of the EU and, following the closing of the transaction, the investor directly or indirectly holds 25% or more of such German company’s shares. The planned acquisition of such a company must be notified in writing to the FMEE. If the FMEE comes to the conclusion that there is a threat to public order or security, it can prohibit the acquisition with the consent of the German Federal Government or it can make it subject to certain conditions.

In addition, the stricter military sector-specific regulations that were already in place have been extended. Up to now, only companies that manufactured weapons of war, engines and drives for armoured vehicles or encryption software products for classified government information have been subject to an approval requirement. The scope of these approval requirements have now been extended to manufacturers of other defence equipment such as reconnaissance and fire control systems whose export already requires approval by the FMEE.

Extended review periods

In addition to the above, the review process has also been amended. In the past, the transaction was deemed to be cleared if the FMEE did not take any action within three months after the share or asset purchase agreement has been signed. Now, this three-month period only starts when the FMEE has obtained knowledge of the transaction. After receipt of the complete documents, such as the acquirer structure, annual and group financial statements and possibly the business strategy of the acquirer, the FMEE now has four months instead of two months to decide on a possible phase two review. The expiration of the four-month review period is suspended as long as the FMEE negotiates with the companies involved in the proposed acquisition.

The approval of a transaction in the military sector-specific is now deemed to have been granted if the FEMM does not decide to review within three months instead of one month after receipt of the documents. The review period is now another three months. Thus, the total time span for a military sector-specific review can now be six months after a full set of documents has been received by the FMEE. Whether the documents are complete is largely at the discretion of the FMEE which may further drag out the review period.

The possibility to request a legally binding no-objection/white wash letter prior to signing of the transaction still exists unless the transaction is part of a military sector-specific review. However, the former one-month examination period has now been increased to two months.

Impact on the M&A practice

Overall, the amendment of the FTAPO has significantly broadened the scope of German national security reviews which will not remain without consequences for future cross-border M&A transactions involving acquirers outside of the EU. The extension of reporting requirements will lead to increased transaction costs by U.S., Chinese or Japanese purchasers for the preparation and execution of the documents required for a national security review by the FMEE. Also, the extended review periods must be taken into account which may put bidders outside of the EU at a disadvantage in an auction process.

On the other hand, the amendments of the FTAPO now provide more legal certainty for international acquirers (and sellers alike) as to which deals will be subject to a review while the criteria for approving or disapproving a transaction have not been changed and remain the same.

It is now much easier to determine whether a specific acquisition will be subject to a German national security review or not.