In focusStricter conditions for foreign investment

More industries and companies will be caught by the European Commission's new regime for foreign investment review. And there are strong indications that Sweden's traditional openness to foreign investment must now give way to a more restrictive approach.

Sweden has a long history of economic and political openness towards the outside world. As a small nation, where the technical manufacturing industry acts as an economic engine, we are entirely dependent on maintaining trade with the rest of Europe and the major economies of Asia and North America. The Swedish economy has also coped relatively well with the global transition to large cross-border flows of goods, services and capital. Swedish companies have expanded abroad and international players have set up in Sweden. It has been easy for foreign companies both to establish subsidiaries and acquire companies in the Swedish market.

Direct impact for many companies
Much now suggests, however, that Swedish openness to foreign investment may well be reined in. The reasons being a harsher international trading climate – largely between the US and China but affecting the rest of the world – and also technological development, where the attraction of an acquisition may be the access it provides to digital data on private individuals, companies and public institutions. While there is substantial value in "big data" in the digitisation of operations, there is a risk that some information collected by companies is sensitive and can be abused. Both the US and EU are seeking to prevent this, which will have direct consequences for a large number of Swedish companies not previously subject to trade restrictions like export controls or investment reviews. In addition to Swedish ports, airports, power plants and the defence industry, important public services – such as energy, transport and healthcare – may be affected by new regulations for safety and public order. Such regulations will now be implemented partly at the EU level and partly at the Swedish national level.

"In certain sectors, cross-border mergers and acquisitions will be more difficult. It will take more time and stricter conditions will be applied by both national and foreign authorities," says Carolina Dackö, partner at Mannheimer Swartling and international trade law expert.

During 2018, the US investment review mechanism, CFIUS, was strengthened with new categories and more resources, while the EU expended final efforts to adopt a new framework for foreign investment review. The Swedish system will need to be adapted accordingly in order to make the required information disclosures to other EU countries and the EU Commission. Sweden may also adopt its own controls. Countries such as Germany, Italy and France have been at the forefront in establishing clear investment controls to protect operations of national security concern.

Technology worth protecting
The new regulations will lead to tighter controls as to which Swedish companies may be acquired by foreign stakeholders and which foreign investors may buy into Swedish companies. A key issue is determining which technology warrants national protection.

"In Sweden, we have previously only had restrictions for companies active in the defence industry and certain infrastructure sectors, but the international trend is moving towards a substantially broader ambit. The boundaries for what is to be considered as nationally protected technology are subject to interpretation," says Erica Wiking Häger, partner at Mannheimer Swartling and expert on questions of privacy and data protection.

Erica identifies a number of industries that may be subject to stricter data control. Companies with operations in fintech, healthcare and social media are among those that can expect stricter regulatory requirements.

In the US, CFIUS, which is considered a precursor in this area, now covers broad categories of critical infrastructure, critical technology and sensitive personal data. The common denominator here is technical systems or digital data that could pose a threat to the personal integrity of the individual or the basic democratic principles of society. Technological developments, with digital footprints, the Internet of Things and web-based services, create almost endless opportunities to map individuals. Erica Wiking Häger and Carolina Dackö both take the view that the firm's clients have much to gain from being proactive rather than reactive.

Personal data and "big data" are often a central part of our clients' business operations, and can even be crucial to their development – but it is necessary to take a critical stance and review how sensitive information is handled. Operations of this kind may be considered worthy of particular protection. In the event that a potential foreign buyer of the operations has connections to a foreign state, the acquisition may be considered especially risky from a national security perspective.

A matter of rights
Emma Ihre, Head of Sustainability at Mannheimer Swartling, takes the view that issues of critical infrastructure, privacy and personal data are, by extension, a matter of human rights. Companies must assume greater responsibility – for suppliers and customers, as well as for the information they collect and share with third parties. But issues concerning critical infrastructure, personal integrity and foreign interests often prove challenging to handle for a company's management.

How, then, will companies be affected by the stricter regime for national security and foreign investment review? First and foremost, companies will have to consider whether their operations fall into those categories classed as sensitive under the Swedish and EU regulations. Such questions are likely to arise during contract negotiations with customers or suppliers, or from enquiries received from public authorities. The due diligence process in corporate acquisitions will be expanded with an additional stage. A company subject to a takeover bid from a foreign company will have to account for how it handles cyber security, privacy protection and critical infrastructure.

"Investment review, or rather – a company's own assessment followed by any required approval or imposition of conditions by public authorities – will become a critical stage in certain acquisitions. Several new regulations are being established in this area. In Sweden, legislation has been proposed that would introduce a form of approval for transfers of security-sensitive operations. It is essential to monitor developments and get prepared for the new regulations – both in Sweden and the EU – without delay", insists Carolina Dackö.