February 23, 2026

Revised EU Foreign Investment Screening Regulation Published Ahead of Formal Adoption

Download PDF

Practices & Industries

View Related Practices & Industries
Lawyers

Lawyers

The proposed near-final text of the EU’s revised FDI screening regulation (the “Regulation”) has been published and it represents a welcome step towards greater standardisation of Europe’s FDI regimes. However, material divergence between national regimes is expected to persist as the Regulation only goes so far as establishing minimum requirements for national-level FDI screening across the EU, leaving Member States free to apply more expansive rules (which many are already doing today).

Essential points in the new Regulation

  • Alignment of review process. The Regulation will introduce a common Phase 1 period of 45 days (from acceptance of the filing), require notifying parties to endeavour to submit filings on the same day where FDI filings are required in multiple Member States and require Member State authorities to coordinate closely on timing and remedies. However, certain critical details are not included in the Regulation, including time limits for pre-notification (giving discretion on when the 45 day clock will start ticking) or in-depth reviews. This will continue to give rise to timeline uncertainty on multi-jurisdictional deals.

  • Minimum requirements not harmonisation. National security remains the exclusive competence of the 27 individual Member States. The Regulation seeks to reduce fragmentation by setting minimum requirements (see section below). However, the Regulation allows Member States to adopt a more expansive approach in relation to the sectors in scope of their national FDI regimes and the criteria for substantive assessment (which many Member States already do). Material divergence between the FDI regimes of EU Member States is therefore expected to continue.

  • Legislative timetable. The legislation must be implemented by EU Member States by the end of 2027 / early 2028 but some Member States (including Germany) plan to move faster with their national reforms (further details below).

  • Origin of ultimate controller determines the obligation to file. Use of an EU acquisition vehicle will not exempt investments from notification—all regimes will look through to the ultimate controller. The practical implications will be limited as the principle is already generally applied and many Member States already go further in screening intra-EU investments.

  • Call-in powers. All Member States are required to introduce call-in powers for non-notifiable investments (for at least 15 months and up to five years after closing) and for qualifying investments that were not filed (up to 24 months after closing). Call-in powers over non-notifiable deals will be a significant change in, for example, the French, Italian and Dutch regimes.

  • Greater coordination and transparency. The Regulation provides for more structured cooperation between Member State authorities and the Commission, including formal exchanges of views and a requirement on the deciding authority to take the Commission’s opinion or other Member State’s comments into account (further details below). The Regulation provides for a secure database to be created for past filings and outcomes, increasing transparency across the network of EU FDI authorities and the Commission, including in relation to a failure to file or to comply with remedies in any particular Member State. For investors this will increase the importance of ensuring consistency of disclosures across filings (both with respect to the transaction in question and also prior transactions).

  • Economic Security. Plans for the Regulation predate the EU’s Economic Strategy package. Leaked drafts of the planned “Industrial Accelerator Act” include significant additional FDI controls. However, these are currently expected to apply to investment in green technologies (battery tech, electric vehicles and hybrids, solar PV tech) and critical raw materials by investors from countries with 40% or more of global manufacturing capacity in those sectors. The proposed draft legislation may be published as early as 4 March, ahead of the EU leaders summit in mid March.

Further details of aspects of the Regulation

Common minimum scope of mandatory national screening requirements

  • All EU FDI regimes will apply to the acquisition of “effective participation” in the management or control of a company active in any of the following sectors:

    • military and dual use equipment;

    • “hyper-critical technologies”, meaning:

      • the full supply chain for semiconductors;

      • quantum computing, communications and sensing; and

      • research and development in relation to (a) general‑purpose AI models suitable for defence or space applications and (b) general‑purpose AI models with systemic risk;

    • critical raw materials;

    • electoral infrastructure;

    • certain financial market infrastructures and systemically important financial entities; and

    • “critical entities” in the energy, transport or digital infrastructure sectors.

  • Member States will be required to make a risk-based assessment to identify their domestic critical entities, for example, energy storage facilities and gas transmission system operators; airports, core ports and essential ancillary installations; and providers of cloud computing services and public communications networks in the digital sector.

  • In addition to these common core categories, Member States will also be able to specify further sectors to be subject to mandatory screening under their national regimes.

  • The core minimum scope of mandatory screening does not apply to greenfield investments into the EU. However, Member States can choose to extend their regimes to capture greenfield investments (as the U.S.’s America First Investment Policy initiative in 2025 proposes to do).

How the authorities will assess FDI risk

  • The Regulation provides for a common core set of security risk factors, including:

    • In relation to the investment: its effect on critical infrastructure, critical technologies and intellectual property; on continuity of supply of critical inputs; on the protection of sensitive information and personal data; on risks to electoral processes, public health, food security and media freedom; and the security of military or sensitive public facilities closely located to the target.

    • In relation to the identity of the investor: whether the investor or a related entity:

      • is linked to a foreign government;

      • is subject to EU sanctions;

      • has previously had an investment blocked or had conditions imposed on it that it did not comply with;

      • is subject to laws requiring it to share information with a foreign intelligence service; or

      • has an opaque ownership structure.

    • However, Member States are able to add additional factors or can reach decisions on a different basis.

    • The Commission can publish a “risk evaluation form” for the assessment of the above factors. It may also make available its own risk assessments of particular sectors, critical technologies, foreign investors or EU businesses—these will be available to Member States but it is not clear if they will also be published.

    • In its Economic Security Strategy package, the Commission indicated that it plans to issue guidelines to ensure the same strategic considerations drive FDI assessment across all Member States.

Potential outcomes of screening

  • Consistent with the powers already held by many of the EU FDI regimes, the Regulation provides that where necessary, conditions can be imposed on clearance which might include: changes to governance of the target; changes to the voting rights acquired by the foreign investor; conditions on access to sensitive technologies or information; commitments to secure a specific supply channel or to supply to a specific client; measures to ensure continuation of business activities; requirements to source critical components from secure and reliable suppliers; implementation of cybersecurity protocols to protect against potential threats; or an obligation to store and process specific data within the EU.

  • The Regulation requires Member States to give their FDI authorities power to impose effective, proportionate and dissuasive penalties for non-compliance with mitigating measures or failure to notify.

Expanded role of the Commission

  • The Commission’s role in FDI screening will be expanded. A notified investment must be forwarded to the Commission by a Member State where (a) it falls within mandatory scope and (b) one of the following risk factors is present in relation to the foreign investor:

    • It is directly or indirectly controlled by a third-country government (including through ownership, significant funding, special rights or state-appointed directors / managers);

    • It (or related parties) are subject to EU restrictive measures (sanctions); or

    • It was previously involved in a foreign investment that was blocked or authorised subject to mitigating measures that were significantly or repeatedly not complied with.

  • Member State authorities can also notify the Commission and other Member States of any other investment within its national FDI regime if it considers the investment could negatively affect security or public order in another Member State.

  • The Regulation rationalises timelines for the cooperation mechanism, fixing strict deadlines that the Member States and the Commission are required to follow. While decision-making remains with the host FDI authority, the new timings are structured to ensure sufficient time for consideration of Member States’ comments or a Commission opinion. The deciding authority is under an obligation to take into account the security concerns of other Member States in their review of an investment.

  • The Commission’s opinion on a case under review is given greater weight under the Regulation. The deciding Member State authority must duly consider the opinion of the Commission and comments of Member States. Within 7 days of reaching its decision, it must provide them with the operative part and a summary of its reasons, including the extent of due consideration given to the Commission’s opinion and Member States’ comments and reasons for disagreement, if any. Member States cannot disregard cross-border concerns on the basis that they lack legal tools to address them—they must ensure the necessary legal means and powers are in place.

Timing of changes

  • The Regulation is expected to become law in the second half of this year, following formal adoption by the Parliament and Council of the EU (comprising Member State ministers). Member States will then have 18 months to conform their national regime to the Regulation’s minimum requirements. Some Member States have already expressed their intention to move quickly to update their regimes: Germany, for example, plans to publish proposed legislative reforms by this summer.

* * *