Whilst ESG compatibility and fund structuring create the foundation for defence investment, as we explored in part 2, successful execution requires mastering the complex and evolving regulatory frameworks and transaction dynamics that define this sector. Investors must navigate multiple overlapping jurisdictions whilst managing security requirements that do not affect traditional private equity.
Understanding the regulatory architecture
Defence transactions operate within a regulatory framework designed primarily for national security rather than commercial efficiency. This fundamental tension shapes every aspect of deal execution, from initial due diligence through post-completion integration. Governments maintain extensive oversight powers that have expanded significantly since Russia's invasion of Ukraine, reflecting heightened security awareness across Western Europe.1
Success in these conditions requires early engagement with regulatory authorities and deep understanding of their concerns and decision-making processes. This engagement must begin well before transaction announcement, involving preliminary discussions that shape deal structure and timeline expectations.
While this broad regulatory framework establishes the overarching context for defence transactions, specific legislative instruments translate these principles into operational reality - none more consequentially than the UK's National Security and Investment Act.
Unpacking the National Security and Investment (NSI) Act
The NSI Act has fundamentally reshaped defence transaction execution in the UK, creating mandatory notification requirements and extensive government intervention powers.2 Experience with numerous NSI notifications reveals patterns enabling efficient navigation whilst maintaining transaction momentum.
The Act's scope encompasses both traditional defence contractors and sub-contractors and companies with potential dual-use applications. Notification thresholds require careful analysis of the transaction structure, target companies' commercial relations and technology applications. For unproblematic transactions, the initial 30 business day review period is typically sufficient to obtain clearance. However, transactions concerning targets whose activities are particularly sensitive, or involve purchasers from sensitive jurisdictions, can give rise to a detailed assessment process that can add several months to transaction timetables (with scope for further, mutually agreed extensions).
Even in circumstances where mandatory notification thresholds are not satisfied, voluntary notification is increasingly common for sophisticated transactions in the broader defence sector, providing certainty and preventing subsequent intervention. Structuring considerations including staged investment structures enable investors to establish initial positions below notification thresholds whilst securing rights to subsequent tranches subject to regulatory clearance.
Yet notification requirements represent only one dimension of the regulatory maze - equally critical are the export control regimes that govern how defence technologies move across borders and between entities, adding layers of operational complexity that persist long after transaction closing.
Export control compliance: multi-jurisdictional complexity
Export control regulations create overlapping compliance requirements that significantly influence transaction structuring and ongoing operational management. UK Strategic Export Controls encompass broad dual-use technology definitions, often capturing civilian technologies with potential military applications.3 Notably, the UK expanded licensing requirements in April 2024 to cover certain advanced materials such as semiconductors.4 These changes reflect a global trend of tightening controls on emerging technologies, with the UK now requiring licences for both physical exports and intangible transfers such as sharing controlled technical information via video calls or cloud access. The US has continued to expand its controls. ITAR contamination represents one of the most challenging aspects, particularly for companies with US-origin technology, creating global limitations on technology sharing. The EU and several member states have introduced their own national controls on high-tech items, sometimes going beyond the unified EU Dual Use List. China, meanwhile, has responded with its own regime upgrades and retaliatory measures, such as export bans on critical minerals. The impact of Brexit also means that companies conducting business in the UK and EU must navigate regulations in both jurisdictions.5
Addressing these challenges may require compliance frameworks started from transaction initiation, such as:
- technology classification matrices mapping products against relevant control lists;
- automated screening systems enabling real-time customer verification; and
- organisational firewalls separating controlled and non-controlled technology teams.
Export control enforcement has also become more assertive with the creation of the Office of Trade Sanctions Implementation (OTSI) in December 2023, which has been empowered to levy significant civil penalties, and the publication of revised compliance codes by the Export Control Joint Unit (ECJU). HMRC have issued 17 compound settlements in relation to export control breaches since the start of 2024. Regulators have urged firms to self-disclose violations and reinforce internal compliance, with recent enforcement actions demonstrating the risks of non-compliance.6 Enforcement coordination has also increased, with joint high-priority lists, intelligence-sharing and the formation of alliances such as AUKUS.
While export control frameworks shape the regulatory boundaries of defence transactions, the sensitive nature of many defence programmes demands equally sophisticated approaches to information gathering and verification.
Due diligence in sensitive and classified environments
Defence due diligence presents unique challenges requiring specialised approaches and security-cleared advisory teams. The classified or otherwise sensitive nature of many defence programmes precludes traditional due diligence methods, necessitating alternative assessment approaches that can provide investors with confidence whilst respecting security requirements.
Sensitive Compartmented Information Facilities (SCIFs) designed for classified document review may become essential infrastructure. Security clearance requirements may often extend beyond transaction principals to include lawyers, accountants, and technical advisors, adding significant time to transaction timelines requiring early planning.
Nonetheless, new assessment methods have evolved to provide investment comfort without complete classified access, including customer reference discussions with government stakeholders, analysis of public contract awards, past performance ratings assessment, and evaluation of facility security clearances and key personnel qualifications.
These constrained information environments fundamentally reshape not just how investors assess opportunities but how transactions themselves must be structured to accommodate ongoing security requirements while protecting commercial interests.
Transaction structuring for complex environments
Defence transactions require bespoke structuring approaches addressing security requirements, regulatory compliance, and commercial objectives within integrated frameworks. Warranty and indemnity frameworks should address defence-specific risks including enhanced compliance warranties covering export controls and sanctions, specific indemnities for historical contract performance issues, and government audit rights reflecting ongoing oversight powers.
Exit planning requires consideration from deal inception due to unique market characteristics, including limited buyer universes necessitating early relationship building, government consent requirements affecting sale process timing, and potential technology changes triggering new restrictions.
Traditional structuring approaches, however, carefully crafted, face new pressures as defence investment increasingly centres on technologies that blur civilian-military boundaries and challenge existing regulatory categories.
Emerging technologies
Artificial intelligence and autonomous systems represent the defence sector's most significant technological transformation, occurring within regulatory frameworks that struggle to address their rapid evolution and deployment. Export control frameworks designed for traditional defence articles struggle with AI/ML technologies that do not fit existing categories. Existing and prospective autonomous weapons conventions under development create potential future restrictions that could influence current investment decisions.7
Successful investment approaches balance opportunity capture with risk management through modular investment structures enabling business model evolution, strong governance frameworks addressing ethical concerns, and emphasis on defensive and protective applications aligning with emerging regulatory preferences.
Building sustainable investment practices
Effective defence transaction execution requires capabilities and relationships that translate to sustainable competitive advantages for investors. Early engagement with regulatory authorities, experienced teams with appropriate security clearances and sector expertise, flexible transaction structures accommodating regulatory uncertainty, and patient capital accepting extended timelines remain vital ingredients for success.
The complexity inherent in defence transaction execution creates significant barriers to entry that, once mastered, provide enduring opportunities. Investors who develop specialised capabilities, build appropriate relationships, and create repeatable execution playbooks will identify opportunities that others find elusive.
This article is part of our "rethinking European defence" series:
Part 1: Market dynamics and sector opportunities
Part 2: ESG framework evolution and fund structuring
Part 3: Executing transactions amidst regulatory complexity
- Genini, Davide (2025), How the war in Ukraine has transformed the EU’s Common Foreign and Security Policy, Yearbook of European Law.
- UK Public General Acts (2021), National Security and Investment Act 2021, c. 25 (UK).
- BEIS (2023) UK strategic export controls.
- Dereskevicute, Reminta et al., (2024) How the United Kingdom approaches export controls, Global Investigations Review.
- clearBorder (2022) International Traffic in Arms Regulations – Understanding ITAR Regulations in the UK.
- BEIS (2023) UK strategic export controls.
- Ams, Shama (2023), Blurred lines: the convergence of military and civilian uses of AI and data use and its impact on liberal democracy, Journal of International Politics.