The Norwegian Security Act contains a limited form of investment screening mechanism. If a foreign actor buys a company of strategic importance in part or in full, the Norwegian Act gives the government the power to approve or reject an acquisition of critical infrastructure when vital national security could be undermined. In addition to security-sensitive information, critical infrastructure is at the core of the Act of Norway and on its way to be in the Act of Sweden.

Sweden does not currently have anything resembling an investment screening mechanism. Instead, much like the already mentioned Norwegian Act, the Protective Security Act focuses on situations related to running a business that holds information important for Sweden’s security. However, a governmental report was released in the end of 2018 regarding a potential future Protective Security Act that would cover situations involving the transfer of ownership of private companies holding sensitive security information. The proposal only relates to the security of the nation and not to the strategic security of society or, for that matter, ‘security or public order’. In mid-2019, another report suggested a limited investment screening mechanism covering seaports, airports and strategically important geographical sites.

Denmark does not have an investment screening mechanism; instead, Denmark has the Prime Minister’s Security Circular. The Circular is similar to the present Swedish Act in its focus on classified information. There are some area-specific rules concerning the screening of foreign investments in regard to the production of war materials, cyber-security, electricity and gas, and financial operations. However, the Danish Government has created an inter-ministerial working group whose task is to propose legislation on a national screening mechanism.

Moreover, critical infrastructure is mentioned in the EU Screening Regulation as an example of what is targeted by the Regulation. In the future, it will be of interest to follow the differences between what is covered by national security (national competence) and what is by the EU Screening Regulation (EU competence) and how these competencies will interact.

The three EU countries will most likely further converge in the future, with the EU Screening Regulation serving as a guarantee for the convergence. This likely would have happened anyway but not to the same degree and not as rapidly.

1 Introduction: Investment Screening in Four Nordic Countries

In recent years, much attention has been paid to foreign companies acquiring European companies that are of strategic importance. However, there is no effective overarching investment screening mechanism at the EU level.

Acquisitions have been identified for which there were no sound economic reasons,Footnote 1 and suspicions arose that the reasons for these acquisitions were to gain influence or knowledge about functions vital to state security. There have also been examples of companies that are forbidden to export certain products or services and that have been acquired by companies from the very countries to which it is forbidden to export.Footnote 2 These problems caught the attention of members of the EU Parliament,Footnote 3 who called for an EU regulation that would give EU Member States the tools to control these situations and ensure that the same rules would apply across the entire EU.

Before the negotiations on such EU Screening Regulation began, the EU Commission examined the investment screening mechanisms of the Member States and found that investment screening mechanisms existed in 13 of them (now 14).Footnote 4 There were wide variations between these mechanisms, and the argument was made that there should be greater conformity as well as increased information sharing between the Member States and the EU Commission. This was the rationale for having common rules across the EU Member States. The EU Member States have now reached an agreement among themselves and the EU Parliament on a future investment screening framework.Footnote 5

This chapter aims to give an overview of how Finland, Norway, Sweden and Denmark have (or have not) addressed investment screening until the present. To provide a more nuanced picture, the chapter also covers Acts regarding security-classified areas that require security protection agreements.

The chapter analyses the existing Acts in these four countries, as well as previous Acts and a potential future Act with an emphasis on the following questions: What acquisitions are screened? What sectors and factors are considered? What are the reasons for rejection?

The Finnish system will be used as an example of how an investment screening mechanism can be constructed and also to illustrate some of the characteristics of the EU Screening Regulation. The comparison between Sweden, Norway, Denmark and Finland shows that the countries have quite different systems. Out of the four countries, Finland has the only investment screening mechanism, but its Act needs to be updated to accommodate the new EU Screening Regulation. The Norwegian Act includes transfer of critical infrastructure, which is at the focus of this analysis, at the expense of security agreements.

Protective security agreements are agreements between on the one side a state entity or someone who acts on behalf of the state and on the other side a private actor. The content of the agreement is that security-classified information in public procurements, outsourcing and, in some cases, acquisitions must be handled with care, and if there is no agreement, there is no contract.

2 Monitoring Acquisitions in Finland

In Finland, the Act on the Screening of Foreign Corporate Acquisitions 2012Footnote 6 aims to screen and, if required due to key national interests, restrict foreign influence in Finnish companies.Footnote 7 The keyFootnote 8 national interests mainly refer to (1) national defence, (2) security of supply and (3) functions fundamental to society.Footnote 9

The Ministry of Economic Affairs and Employment must approve the corporate acquisition unless it potentially conflicts with such interest. If the corporate acquisition may potentially conflict with a key national interest, then the Ministry must refer the matter for consideration at a governmental plenary session.Footnote 10

The Finnish screening system targets ‘mergers and acquisitions’, whereas the new EU Screening Regulation concerns ‘foreign direct investment’ (FDI). However, in practice, there seems to be little difference between the two. This is because in the Finnish Act, the term ‘acquisitions’ targets the situation of ‘[w]hen a foreign owner gains control of at least one-tenth, at least one-third, or at least one-half of the aggregate number of votes conferred by all shares in the company, or a holding that otherwise corresponds to a decision-making authority in a limited liability company or other monitored entity’.Footnote 11

Recalling the difference between an FDI and a portfolio investment,Footnote 12 we can conclude that in this matter the Finnish Act is in line with the EU Screening Regulation that only covers FDI.Footnote 13 However, the Act does not cover real estate investments and green field investments.Footnote 14 Not long ago, in March 2019, a new legislation concerning the screening of foreign acquisitions of certain land and properties of importance to the total defence was approved in Finland and entered into force in January 2020. The Finnish Ministry of Defence is in practice responsible for these screening processes.

2.1 Which Acquisitions Are Screened?

A state can choose to require that investments be approved either in advance or after an acquisition. Finland provides for both, depending on the sector.

All corporate acquisitions in the defenceFootnote 15 and dual-useFootnote 16 sectors require advance approval by the Ministry of Economic Affairs and Employment. In the defence material industry, screening covers all foreign owners, including EU and EFTA investors.

Investors in other sectors covered by the Act can voluntarily notify of the acquisition in advance or even after the acquisition.Footnote 17 However, an advance notification can only be submitted immediately before the final conclusion of the acquisition.

If the acquisition concerns companies outside of the defence sector, the rules on monitoring only applies to foreign owners residing in or domiciled outside the EU or EFTA.Footnote 18 If a party considers that a company subject to screening could be critical to functions fundamental to society, it is recommended that they file a notification with the Ministry of Economic Affairs and Employment.

2.2 Which Sectors and Factors Are Considered When Determining to Allow an Investment?

The Act does not specify sectors (apart from defence) or operations in the private or public sector where companies would fall within the scope of screening. According to the Government of Finland, this is because it is not possible to determine which sectors or operations will be critical to securing the functions fundamental to society in the long term.Footnote 19 The needs of national defence, public order and security and other critical functions in society are ultimately decided by the conditions prevailing at that time.

Even if ‘security of supply’ is a key national interest, this does not mean that all companies operating in one of these sectors are screened under the Act. For example, a great number of companies operating in the food supply or logistics sectors are not considered as having a key role in the security of supply. Indicative information about the Act’s scope of application is available in the public guidance documents on security of supply and national security.Footnote 20

In the EU Screening Regulation, the EU has more or less followed that approach, with an amendment that includes a non-exhaustive and indicative list of factors and sectors, such as critical infrastructure.Footnote 21

As mentioned, new legislation on real estate investment and ownership has entered into force in Finland on 1 January 2020. This new legislation includes three new Acts, which allow the government to screen real estate transactions and ownership in Finland. The purpose of the legislation is to ensure that the ownership and use of real estate property, especially in strategically significant locations, does not pose a threat to Finland’s national security interests. Foreigners outside the EU and EES need to get approval in advance if they want to buy property in certain areas that are of importance for territorial integrity.Footnote 22

2.3 Which Procedure Is Applied When Determining Whether to Allow an Investment?

Application/notification must contain all information regarding the entity subject to screening, the foreign owner (including the ownership structure that is also mentioned in the EU Screening Regulation in regard to information requirementsFootnote 23) and the corporate acquisition necessary for examining the notified case at hand.Footnote 24 The Ministry must request information within 3 months after a notification of a corporate acquisition in any sector other than the defence sector.Footnote 25 The EU Screening Regulation is less specific in this regard and only states that EU Member States shall apply time frames.Footnote 26 The Act does not specify deadlines by which the Ministry can intervene in a defence sector acquisition or request information. To be in line with the EU Screening Regulation, this must be changed.

2.4 Competence and Reasons for Rejection

The Finnish Act refers to Articles 52 and 65 of the Treaty on the Functioning of the European Union (TFEU) and states that ‘a key national interest means securing national defence or safeguarding public order and security in accordance…’ with the above-mentioned articles. Both articles contain exceptions, including public policy and public security.Footnote 27 This is also the basis for denial of confirmation (approval) in the Finnish Act.Footnote 28

The new EU Screening Regulation is based on the EU’s exclusive competence to monitor foreign direct investments (FDIs) stemming from Article 207(2) TFEU within the Common Commercial Policy. The ground for refusal provided in the Regulation is ‘security or public order’. However, the Regulation reaffirms that this is without prejudice to the sole responsibility of the EU Member States to safeguard their national security, as provided for in Article 4(2) TEU. The recital states that the Regulation is without prejudice to the protection of the EU Member States’ essential security interests, in accordance with Article 346 TFEU,Footnote 29 and that the Regulation is without prejudice to the rights of Member States to derogate from the free movement of capital, as described in Article 65(1) TFEU.

Hence, a state may put in place a screening mechanism based on the EU Screening Regulation, which itself is based on Article 207(2) TFEU. But whether or not a country has implemented the Regulation, the country may refuse an investment using Articles 65(1) and 346 TFEU and Article 4(2) TEU. The author’s interpretation is that if a country puts in place a screening mechanism, thanks to the Regulation, the possibility to refuse an investment is broader than otherwise. This is why the ground for refusal in the Regulation is ‘security or public order’ and not ‘public policy and public security’. If this were not the case, the wording would have been the same.

To be clear, Article 3 of the EU Screening Regulation states that EU Member States may maintain, amend or adopt mechanisms to screen foreign direct investments on the ground of ‘security or public order’. This means that it is possible to have an investment screening mechanism that uses Article 65(1) TFEU to deny an investment, but if Finland desires wider possibilities to deny investments it needs to include a reference to the Regulation.

Then what is the difference between ‘security or public order’ and ‘public policy and public security’? The latter is defined in several decisions of the Court of Justice of the European Union (CJEU), whereas ‘security or public order’ is a new creature that has been imported from the GATS using a combination of two articles.Footnote 30

‘Public order’ comes from Article XIV GATS, and ‘security’ comes from ‘essential security interests’ in Article XIV GATS bis. ‘Security’ and ‘public order’ have been merged into one expression: security or public order.Footnote 31 The expected difference between ‘public policy and public security’ and ‘security or public order’ is that the latter will give EU Member States a broader possibility to deny entry of FDI compared to Article 65(1) TFEU.Footnote 32

2.5 Legal Consequences and the Possibility to Appeal

If the Finnish authorities do not approve the acquisition, then the foreign investor must dispose of the shares to a degree that diminishes the number of votes to less than ten percent of the total stock, or voting share, or to a previous allowed level.Footnote 33

Section 9 in the Finnish Act regulates the right to appeal. In principle, decisions made by the Ministry of Employment and Economy and the Government Plenary Session are open to appeal in the manner prescribed in the Finnish Administrative Judicial Procedure Act. Based on the Finnish Act, the right to appeal applies equally to the defence sector and other corporate acquisitions.

Decisions that cannot be appealed are the ones under:

  • Section 4(3) of the Act—referral from the Ministry to the Government’s Plenary session relating to acquisitions in the defence sector

  • Section 5(3) of the Act—referral from the Ministry to the Government’s Plenary session relating to other corporate acquisitions

  • Section 5(4) of the Act—decisions of the Ministry to further look into the application

The EU Screening Regulation states that foreign investors and the undertakings concerned shall have the possibility to seek recourse against screening decisions of the national authorities.Footnote 34 Seek recourse is a vague description, and the question arises if it is sufficient to provide a possibility to appeal to the government or if it is necessary to provide access to the domestic courts in accordance with Article 19 TEU.

3 Norway’s Security Act

Since 2002, Norway has no rules on acquisitions apart from acquisitions of critical infrastructure.Footnote 35 The first part of the analysis of the Norwegian system covers the former Norwegian Security Act (Sikkerhetsloven)Footnote 36 and the new Security Act (lov om nasjonal sikkherhet), which entered into force on 1 January 2019,Footnote 37 leaving the Competition ActFootnote 38 and the Stock exchange ActFootnote 39 aside.

The purpose of the new Act is to safeguard the Norwegian territory, the democratic system and national security interests.Footnote 40 In practice, this means that for functions such as production of services, products or other businesses that are of such importance, a partial or complete removal of their production would damage national security. The Act covers security-graded information as well as information, information systems, physical constructions and infrastructure that have significant meaning for fundamental national functions.Footnote 41

3.1 The Former and New Norwegian Security Act on Protective Security Agreements

A protective security agreement is of relevance when analysing a country’s investment screening mechanism since it is an agreement between the state and a supplier of a service or goods under a public procurement agreement. When using a security agreement, a country may set certain conditions that could make a supplier of service or goods hesitant to make an investment that would be necessary to fulfil the conditions set out in the procurement agreement. Hence, a security agreement could indirectly work as a way to deter investments.

The aim of chapter 7 of the former Norwegian Security Act was to guarantee security when a supplier of services or goods gained access to an object or information considered worthy of protection. When this was the case, the parties (state and supplier) had to enter into a protective security agreement, and in some cases, the supplier needed to be approved by the responsible Ministry. The new Security ActFootnote 42 came into force in January 2019, and in addition to physical infrastructure the new Act also includes information infrastructure, such as the Internet and mobile telephones.Footnote 43 The change of what is considered necessary to protect clearly reflects a world moving away from the production of goods to the production of services. What was needed to protect yesterday is not the same as what is needed today. There is also a chapter in the new Act on ownership control, to which we will return.Footnote 44

3.2 Monitoring Acquisitions in Norway

Recall that the Finnish Act and the EU Screening Regulation only affect FDI above 10% of the controlling power of a company. In the new Norwegian Act, only those acquisitions above qualified holdings are affected, which, in the Norwegian context, means 1/3 of the stock or the right to vote or any other significant influence over the company.Footnote 45 Therefore, to be applied, the new Act requires more than three times as much ownership than the Finnish Act or the EU Screening Regulation. To avoid foreign owners circumventing the Act, for example by using a Norwegian mailbox company to acquire a strategically important company, the Act also covers Norwegian owners. This is in contrast to the EU Screening Regulation, which only covers investments into the union.Footnote 46

3.2.1 Which Sectors and Factors Are Considered?

The scope of the new Act when it comes to acquisitions has been broadened in the sense that in critical infrastructure is now also explicitly included technical infrastructure. Each Governmental Ministry is responsible for identifying, classifying and monitoring objects and infrastructure worthy of protection. An object or infrastructure is worthy of protection if damage to it affects fundamental national functions. The different classifications of these objects and infrastructure are ‘very critical’, ‘critical’ and ‘important’.Footnote 47 Hence, only the first two categories are considered ‘critical’.

If an investor would like to acquire a qualified majority of anything wherein the Norwegian Ministry has deemed to include one or several of the following:

  • Security classified information

  • An information system

  • Object or infrastructure that is considered to be of significance to basic national functions or

  • Whether its operations include an activity that is considered to be of significance to basic national functions

then the buyer must report this to the responsible Ministry.Footnote 48

In the new Act, it is specified that the buyer is responsible for contacting a Ministry about the acquisition.Footnote 49

3.2.2 What Are the Reasons for Rejection?

According to the Act, the Ministry receiving the notification from a potential buyer (of critical infrastructure) may ask relevant agencies for information about the buyer’s ‘risk potential’ and ‘trustworthiness in security matters’. If the government finds that the transaction could bring about a more than insignificant risk, then the government can decide either to forbid the acquisition or to attach conditions. This is possible even if the acquisition has already been made.

There is no explicit condition in the Act that a buyer could get a clearance beforehand. Instead, it is stated that a negative decision can be taken even if the parties have already entered into a contract. If the buyer completes the acquisition before receiving an answer from the government, then the buyer risks being forced to sell if the acquisition is not approved.Footnote 50 Decisions not to approve an acquisition occur only in exceptional circumstances and can only be taken after a proportionality test in each specific case.Footnote 51

The Act gives the government an insight into the ownership structure of suppliers of goods and services, and the possibility to withdraw clearance to deliver if the owner structure, or a new owner structure, presents an increased security risk. However, the Act is restricted to concrete public procurement and deals less with the general need to control the ownership of strategically important companies. The Act cannot therefore ensure that essential national security functions will not be harmed if a foreign actor buys a strategically important company in part or in full.Footnote 52

3.2.3 The Possibility to Appeal

Negative decisions on the right to be or to continue to be a supplier can be appealed to the Ministry of Defence.Footnote 53 In regard to acquisitions, it is the governmentFootnote 54 that decides if the acquisition should be approved and if there should be conditions attached.Footnote 55 The decisions taken by the government cannot be appealed.

4 Sweden and the Protective Security Act

On the 1 April 2019, a Protective Security Act replaced the former Protective Security Act.Footnote 56 The new Act has primarily the same aim as the old one, i.e. to protect security-sensitive information of essential interest to Sweden’s security. In this regard, the Act is quite similar to the Norwegian Act in that it is not an investment screening mechanism; instead, it covers situations such as public procurement and public building contracts. Unlike the Norwegian Act, it does not cover acquisitions of critical infrastructure. That said, the Swedish Act is even less of an investment screening mechanism than the Norwegian Act.

The Protective Security OrdinanceFootnote 57 complements the Act and entered into force on the same date as the Act. In the Protective Security Ordinance, it is regulated that the seller of a security-sensitive business must report to the Swedish Security Service or the Swedish Armed Forces before the acquisition is completed.Footnote 58

According to the Act, an operatorFootnote 59 of a public or private business sensitive for national security is obliged to make a security analysis sharing the information one way or the other. Based on the results of such analysis, the operator must take actions related to what is required considering the specific operation, the existence of classified information and other circumstances.Footnote 60 If there are security concerns, then the operator and the other party needs to enter into a protective security agreement. The Act therefore places the onus on the business operator—not the acquirer. Furthermore, there are no sanctions connected to the Act. The Act focuses on information and is not an investment screening mechanism. If an acquisition concerns sensitive information, there is a requirement to inform the state, but the acquisition in itself does not need to be approved.Footnote 61

4.1 A Proposal for a New Protective Security Act

However, the government commissioned an investigator to analyse the need to amend the Act well in advance of the Act being approved by Parliament. The result of the investigator’s work was a reportFootnote 62 that identified situations where sensitive information can be exposed to outsiders and when there is no obligation to enter into protective security agreements. The report suggested that the obligation to enter into such agreements should be extended. The responsible authorities, NGOs and other concerned parties have commented on the report, and the Ministry of Justice has compiled the comments. However, the report proposes an additional 110 persons to conduct the work. For this reason, it is difficult to predict the end result of the report. Even so, since it is quite probable that some version of the proposal will be implemented, we will look into what is suggested below.

4.1.1 Which Acquisitions Are (or Should Be) Monitored?

As indicated above, Sweden does not currently have a general mechanism for screening FDIs or acquisitions. The simple answer to what acquisitions are being monitored today is, therefore, none.Footnote 63

The report mentioned above proposes that the requirement to enter into a protective security agreement should be extended to procedures other than public procurements and to other acquisitions. For what is relevant here the extended requirement means that in regard to acquisitions there should be an obligation for the current business operator to identify security-classified information and to assess whether or not it is appropriate that the other party gains access to such information (a special security assessment). If the business operator finds that there is sensitive information involved, then there should be an obligation to consult with the supervising authority. This should also apply when a company subject to the provisions of the Protective Security Act intends to transfer ownership of (1) all or any part of its security-sensitive activities or (2) any property involved in its security-sensitive activities that is of importance to Sweden’s security or to an international protective security commitment that is binding to Sweden.

In the case of a transfer of ownership, consultation may also include an order stipulating that the transfer may only be carried out under certain conditions; therefore, the result of failing to comply is that the transfer will be declared void. In this respect, the proposal is quite equivalent to an investment screening mechanism.

The proposal is limited in the sense that only acquisitions in privately owned security-sensitive companies are targeted and not transfer of stocks in public limited companies. Another difference compared to many investment screening mechanisms, such as the Finnish, is that it is the business operator that is targeted by the proposal and not the buyer/investor. Also, the Norwegian ActFootnote 64 regulates that it is the buyer that is responsible for contacting a Ministry about the acquisition and not the seller as in the Swedish case.

Furthermore, the proposal concerns matters related to the essential security of the nation and does not refer to ‘security or public order’.

4.2 Sweden and a Limited Investment Screening Act

A more recent parliamentarian inquiry named Enhanced protection for the total defence (2019:34)Footnote 65 proposes to put in place a limited investment screening Act.Footnote 66 A realistic schedule for the Act to take effect is in the end of 2021, if ever.

4.2.1 What Investments Are to Be Screened?

The authors of the inquiry suggest that the limited investment screening Act should be subordinate to the Protective Security Act.Footnote 67 Hence, if an investment is cleared after being controlled under the Protective Security Act, it needs not to be screened under the investment screening Act as well.

The proposition is to monitor acquisitions of seaports, airports and real estate in geographic areas of essential importance for military defence. There will also be a requirement that protected sites currently used by the civil defence may be sold or rented only after been given a permission by the state. It is the seller’s responsibility to acquire permission to sell.

4.2.2 Which Factors Are Considered?

It is difficult from the wording of the Act to understand what criteria are to be considered.

4.2.3 What Are the Reasons for Rejection?

It is in chapter 4 paragraph 2 wherein it is stated that a permission to sell may be given if there is no reason to assume that the acquisition will harm essential total defence interests. Hence, an acquisition may be denied if it is assumed that it may harm essential defence interests. How to decide if that is the case is not mentioned other than that the decision must be proportional to what is protected.Footnote 68

As was the case with the proposition to the Protective Security Act, the limited investment screening Act proposes that a transfer of ownership may be conditioned with an order stipulating that the transfer may only be carried out under certain conditions; the result of failing to comply is that the transfer will be declared void.Footnote 69

4.2.4 The Possibility to Appeal

The decision whether or not to approve an acquisition is to be taken by a County Administrative Board, and a negative decision may be appealed directly to the government.Footnote 70 It will also be possible to ask the Administrative Supreme Court to validate that a negative governmental decision is in accordance with Swedish law.

4.3 Sweden and a Comprehensive Investment Screening Act

The government has commissioned retired president to the Supreme Administrative Court Sten Heckscher to conduct an inquiry to adapt Swedish laws to the binding commitments in the EU Screening Regulation. The inquiry reported proposed changes in April 2020. The same inquiry shall also present a proposition to a comprehensive investment screening Act in November 2021. According to the directives to the inquiry, the purpose of the future Act is to control strategic acquisitions of companies whose business and technology are of importance for Swedish security or public order. Because of the special circumstances due to the Corona virus Covid 19, the Government has stated that it will implement an investment screening Act taking effect much sooner than previously expected. Hence, most likely the Government will not wait for the report in November 2021. Instead, an Act will take effect as soon as possible. The content of that Act is at the moment of writing not public. There are indications that the Inspectorate of Strategic Products will be responsible for the screening mechanism.

5 Denmark

In Denmark, security protection is regulated by the Prime Minister’s security CircularFootnote 71 covering both Danish information worth protecting as well as information from other countries and organisations. The Circular focuses on information security and does not give protection in other regards.Footnote 72 The Danish Circular is therefore reminiscent of the present Swedish Protection Security Act.

Industry security is not regulated by law, but the Circular contains a regulation stating that the National Security Authority can enter into agreements regarding security approval. Another ActFootnote 73 gives the secret service of the Defence Authority the same rights. These agreements are entered into between the state and a private contractor. The Secret Service of the Defence Authority decides whether or not the treatment of classified information is allowed or not.

Hence, Denmark does not have a national system in place for the screening of foreign investments. There are some area-specific rules concerning the screening of foreign investments in regard to the production of war materials, cyber-security, electricity and gas, and financial operations.

The Danish Government has convened an inter-ministerial working group tasked with proposing legislation on a national screening mechanism in Denmark. The working group consists of several ministries, including the Ministry of Justice, Ministry of Foreign Affairs, Ministry of Business, Ministry of Defence and Ministry of Finance. The Ministry of Justice heads the working group. The work is still in an early phase, and information from other countries with screenings systems, including Germany, the United Kingdom and other Nordic countries, is being compiled as inspiration for possible screening models for the Danish system.

6 Similarities and Differences

Norway, Sweden and Denmark have systems focusing on protecting sensitive information in the form of protective security agreements. In Norway there also exists, to some extent, protection for acquisitions of critical infrastructure (which also is at the heart of the EU Screening Regulation), and Sweden and Denmark are moving in that direction.

Of these three countries, Norway has most recently updated its security Act, moving further in the direction of investment screening of critical infrastructure. Sweden will probably soon have an act that also covers acquisitions of critical infrastructure. However, none of these three countries have presently anything close to a substantial investment screening mechanism, nor will they have such a mechanism in the near future, with the possible exception of Sweden if the screening Act would take effect much earlier than planed due to the Corona-situation.

Out of the four countries described above, only Finland has what could be defined as a proper investment screening Act. Finland is also working to modernise this Act.

In addition to security-sensitive information, critical infrastructure is at the core of the Acts covering protective security agreements. Moreover, critical infrastructure is mentioned in the EU Screening Regulation as an example of what is targeted by the Regulation.

The worldwide transition from production of goods to production of services seems to make protective security agreements a necessary complement to investment screening mechanisms since in reality the protection given by the agreements are of different nature to screening mechanisms even if there are some overlapping. A country with only an investment screening mechanism is well advised to also use protective security agreements. Denmark and Sweden have now learnt that these agreements are not enough. Instead, it is also necessary with a broad investment screening mechanism.