Understanding the VIFO Act: a practical guide for critical sector businesses
Despite its significance, the VIFO Act is frequently overlooked by businesses. Non-compliance can lead to delays, financial penalties, or even the invalidation of transactions. This guide will help you navigate the requirements of the VIFO Act, ensuring you are well-prepared to safeguard your business and maintain continuity.
By Marieke Pols
Expertise: Corporate Law
17.02.2025
On December 19, 2024, the Dutch government opened a consultation to expand the Decree on the Scope of Application Sensitive Technology (Besluit toepassingsbereik sensitieve technologie, Decree). The Decree further defines which technologies qualify as "sensitive" or "highly sensitive" under the Dutch Investments, Mergers, and Acquisitions (Security Screening) Act (Wet veiligheidstoets investeringen, fusies en overnames, VIFO Act).
In force since summer 2023, the VIFO Act aims to strengthen national security by regulating transactions in critical sectors, addressing a wide range of risks, including threats to infrastructure, loss or misuse of sensitive technologies, foreign influence, cybersecurity vulnerabilities, and espionage. It grants the Dutch government the authority to block transactions that pose such risks, aligning with broader European efforts to regulate Foreign Direct Investments (FDI). Incidents such as the discovery of Chinese malware by the Dutch Military Intelligence Service underscore the importance of this regulation.
Despite its significance, the VIFO Act is frequently overlooked by businesses. Companies deemed "target companies" under the VIFO Act must – together with the investor or acquiror – report certain transactions – such as mergers or acquisitions – to the Investment Screening Bureau for approval. Non-compliance can lead to delays, financial penalties, or even the invalidation of transactions.
The proposed expansion would add more technologies to the VIFO Act’s scope, potentially impacting businesses not currently covered. While still in consultation, if adopted, the changes could take effect immediately upon publication in the Staatsblad, with no transition period.
This guide will help you navigate the requirements of the VIFO Act, ensuring you are well-prepared to safeguard your business and maintain continuity.
Step 1: Confirm applicability
The VIFO Act applies to specific categories of companies, referred to as "target companies." These include:
The proposed expansion of the Decree would broaden the list of highly sensitive technologies to include the additional sensitive technologies mentioned above, as well as systems, equipment, and their associated technologies for (non-cryptographic) information security and laser communication (classified as 5A002, 5A003, 5B002, 5E001.b2, and 5E002 in Annex 1 of the Dual Use Regulation).
The VIFO Act only target companies that are active in the Netherlands. The legal form of the company is not determinative, nor is it relevant under which jurisdiction the entity is incorporated. Instead, the critical factor is the actual connection to the Netherlands, which is assessed based on the location of the company's activities and the actual management (i.e., decision-making processes) relating to these activities.
Step 2: Identify the transaction type
If your company is subject to the VIFO Act, the next step is to assess the nature of your planned transaction. The VIFO Act applies to a wide range of transactions, including mergers, acquisitions, equity investments, asset transfers, licensing arrangements, and even internal restructurings. The key is whether the transaction results in either control or significant influence over the target company.
The threshold depends on the nature of the company and the business as determined in step 1. For all categories, obtaining ‘control’ triggers application of the VIFO Act to the transaction. Control, as defined under EU competition law, can be established by acquiring more than 50% of a company’s voting rights or obtaining strategic veto rights. Significant influence, on the other hand, applies specifically to companies involved in highly sensitive technologies. It is triggered when a party acquires voting rights of 10%, 20%, or 25% in the general meeting. Each threshold passed requires the involved parties to notify the BTI. Carefully reviewing the terms of your transaction and understanding these thresholds is essential to ensure compliance.
Step 3: Prepare for delays
If your transaction falls under the VIFO Act, delays due to mandatory screening by the Investment Screening Bureau (Bureau Toetsing Investeringen, BTI) are in most cases unavoidable. Clearance from the BTI is required before the transaction can proceed, and the screening timeline can significantly impact your plans. On average, the mandatory screening by the BTI in 2023in relation to the VIFO Act took 40 days to complete, with the longest screening period being 83 days and the shortest screening period being 13 days. Several more extensive screenings were not completed at the date of publishing of the statistics and were not taken into consideration when calculating the average screening time.
As the statutory terms for this screening far exceeds the average, we highly recommend to carefully plan such transactions subject to the VIFO Act regime. The BTI's initial screening (Phase 1) may take up to two months, with a possible extension to six or nine months if further review is needed. During this phase, the BTI assesses national security risks; if none are identified, the transaction can proceed.
If risks are found, Phase 2 begins, which can take an additional two months, with potential extensions of similar nature in Phase 1. In this Phase 2, the BTI conducts a more detailed review and may require mitigating measures, such as adjusting the transaction or transferring sensitive assets, to address security concerns. If these measures don’t eliminate the risks, the transaction may be prohibited.
Overall, the entire process can take up to thirteen months from start to finish. It's important to factor in these delays when planning your transaction – and ensure your cash flow and financing can accommodate the waiting period and set realistic timelines for stakeholders. Proactively preparing for these delays will help reduce their impact on your operations.
Step 4: Seek early feedback
Before formally reporting your transaction, consider requesting an informal view (informele zienswijze) from the BTI. This optional step allows you to provide preliminary details about your transaction and receive early feedback. The BTI will typically respond within one to four weeks with insights into how your transaction might be assessed. This can clarify whether a formal notification is required and identify potential risks early on.
An informal view can be particularly useful for addressing any uncertainties about whether your transaction falls under the scope of the VIFO Act. It also offers an opportunity to adjust your transaction structure or timeline based on the BTI's feedback, saving time and resources later in the formal review process.
Step 5: File the formal notification
When preparing to formally notify the BTI, it is crucial to ensure your submission is thorough and complete. Potential red flags, such as an investor’s origin outside the EU, ties to foreign governments, violations of export control rules, criminal offenses (e.g., embezzlement, money laundering, or forgery), or the refusal of certain export licenses, should be proactively addressed with supporting documentation.
The formal notification process is a critical step, and any omissions or inaccuracies can lead to significant delays. Maintain close communication with the BTI throughout the screening process and be ready to provide additional information promptly if requested. Collaborating with your legal advisors will help ensure that the process runs smoothly and that any potential regulatory challenges are addressed in a timely manner.
Final thoughts
To ensure compliance with the VIFO Act and minimize disruptions, it’s essential to take a structured approach. Start by confirming whether the VIFO Act currently applies to your business or will apply once the proposed expansion takes effect. Then, identify the type of transaction and assess whether it meets the criteria for reporting. Plan for potential delays by aligning timelines and cash flow expectations with the review process. Tools like informal BTI feedback can provide early clarity, while submitting complete and well-prepared notifications can streamline the formal review. Need tailored advice? Contact Marieke Pols or Dennis de Waard for support.
In force since summer 2023, the VIFO Act aims to strengthen national security by regulating transactions in critical sectors, addressing a wide range of risks, including threats to infrastructure, loss or misuse of sensitive technologies, foreign influence, cybersecurity vulnerabilities, and espionage. It grants the Dutch government the authority to block transactions that pose such risks, aligning with broader European efforts to regulate Foreign Direct Investments (FDI). Incidents such as the discovery of Chinese malware by the Dutch Military Intelligence Service underscore the importance of this regulation.
Despite its significance, the VIFO Act is frequently overlooked by businesses. Companies deemed "target companies" under the VIFO Act must – together with the investor or acquiror – report certain transactions – such as mergers or acquisitions – to the Investment Screening Bureau for approval. Non-compliance can lead to delays, financial penalties, or even the invalidation of transactions.
The proposed expansion would add more technologies to the VIFO Act’s scope, potentially impacting businesses not currently covered. While still in consultation, if adopted, the changes could take effect immediately upon publication in the Staatsblad, with no transition period.
This guide will help you navigate the requirements of the VIFO Act, ensuring you are well-prepared to safeguard your business and maintain continuity.
Step 1: Confirm applicability
The VIFO Act applies to specific categories of companies, referred to as "target companies." These include:
- Providers of vital services: Companies that operate, manage, or deliver services crucial to the continuity of Dutch society. These services include sectors such as heat transport, nuclear energy, air transport (including ground handling services), ports, banking, financial market infrastructure, extractable energy, gas storage, and other sectors that may be designated in the future through administrative decree.Examples: Schiphol, KPN, Port of Rotterdam, ABN AMRO.
- Managers of business campuses: Companies that oversee sites where multiple businesses operate and where public-private collaboration focuses on technologies and applications that are economically and strategically important to the Netherlands.Examples: High Tech Campus Eindhoven, TU Delft Science Park, Biotech Campus Delft (note: the campus administrator, not individual businesses, falls under this category).
- Companies involved in sensitive technologies: This category encompasses companies dealing with technologies classified as sensitive, including:
- Dual-use goods: Products, services, and technologies that can be used for both civilian and military purposes, with their export governed by the Dual Use Regulation. Examples include energy dense batteries, drones, navigation equipment, certain chemicals, sensors and lasers and radar systems.
- Military goods: Items listed under the EU Common Military List, such as firearms, ammunition, armored vehicles, combat aircraft, warships, explosives, electronic warfare systems, protective equipment, and components for chemical and biological weapons.
- Other sensitive technologies: Technologies such as quantum, photonic, semiconductor, and high-assurance technologies, as outlined in the Decree.
- Companies involved in highly sensitive technologiesThis category pertains to technologies explicitly classified as "highly sensitive". This includes certain dual-use products, military goods under ML19.d (such as directed energy weapons systems and related equipment), and advanced technologies such as quantum, photonic, semiconductor, and high-assurance technologies.
The proposed expansion of the Decree would broaden the list of highly sensitive technologies to include the additional sensitive technologies mentioned above, as well as systems, equipment, and their associated technologies for (non-cryptographic) information security and laser communication (classified as 5A002, 5A003, 5B002, 5E001.b2, and 5E002 in Annex 1 of the Dual Use Regulation).
The VIFO Act only target companies that are active in the Netherlands. The legal form of the company is not determinative, nor is it relevant under which jurisdiction the entity is incorporated. Instead, the critical factor is the actual connection to the Netherlands, which is assessed based on the location of the company's activities and the actual management (i.e., decision-making processes) relating to these activities.
Step 2: Identify the transaction type
If your company is subject to the VIFO Act, the next step is to assess the nature of your planned transaction. The VIFO Act applies to a wide range of transactions, including mergers, acquisitions, equity investments, asset transfers, licensing arrangements, and even internal restructurings. The key is whether the transaction results in either control or significant influence over the target company.
The threshold depends on the nature of the company and the business as determined in step 1. For all categories, obtaining ‘control’ triggers application of the VIFO Act to the transaction. Control, as defined under EU competition law, can be established by acquiring more than 50% of a company’s voting rights or obtaining strategic veto rights. Significant influence, on the other hand, applies specifically to companies involved in highly sensitive technologies. It is triggered when a party acquires voting rights of 10%, 20%, or 25% in the general meeting. Each threshold passed requires the involved parties to notify the BTI. Carefully reviewing the terms of your transaction and understanding these thresholds is essential to ensure compliance.
Step 3: Prepare for delays
If your transaction falls under the VIFO Act, delays due to mandatory screening by the Investment Screening Bureau (Bureau Toetsing Investeringen, BTI) are in most cases unavoidable. Clearance from the BTI is required before the transaction can proceed, and the screening timeline can significantly impact your plans. On average, the mandatory screening by the BTI in 2023in relation to the VIFO Act took 40 days to complete, with the longest screening period being 83 days and the shortest screening period being 13 days. Several more extensive screenings were not completed at the date of publishing of the statistics and were not taken into consideration when calculating the average screening time.
As the statutory terms for this screening far exceeds the average, we highly recommend to carefully plan such transactions subject to the VIFO Act regime. The BTI's initial screening (Phase 1) may take up to two months, with a possible extension to six or nine months if further review is needed. During this phase, the BTI assesses national security risks; if none are identified, the transaction can proceed.
If risks are found, Phase 2 begins, which can take an additional two months, with potential extensions of similar nature in Phase 1. In this Phase 2, the BTI conducts a more detailed review and may require mitigating measures, such as adjusting the transaction or transferring sensitive assets, to address security concerns. If these measures don’t eliminate the risks, the transaction may be prohibited.
Overall, the entire process can take up to thirteen months from start to finish. It's important to factor in these delays when planning your transaction – and ensure your cash flow and financing can accommodate the waiting period and set realistic timelines for stakeholders. Proactively preparing for these delays will help reduce their impact on your operations.
Step 4: Seek early feedback
Before formally reporting your transaction, consider requesting an informal view (informele zienswijze) from the BTI. This optional step allows you to provide preliminary details about your transaction and receive early feedback. The BTI will typically respond within one to four weeks with insights into how your transaction might be assessed. This can clarify whether a formal notification is required and identify potential risks early on.
An informal view can be particularly useful for addressing any uncertainties about whether your transaction falls under the scope of the VIFO Act. It also offers an opportunity to adjust your transaction structure or timeline based on the BTI's feedback, saving time and resources later in the formal review process.
Step 5: File the formal notification
When preparing to formally notify the BTI, it is crucial to ensure your submission is thorough and complete. Potential red flags, such as an investor’s origin outside the EU, ties to foreign governments, violations of export control rules, criminal offenses (e.g., embezzlement, money laundering, or forgery), or the refusal of certain export licenses, should be proactively addressed with supporting documentation.
The formal notification process is a critical step, and any omissions or inaccuracies can lead to significant delays. Maintain close communication with the BTI throughout the screening process and be ready to provide additional information promptly if requested. Collaborating with your legal advisors will help ensure that the process runs smoothly and that any potential regulatory challenges are addressed in a timely manner.
Final thoughts
To ensure compliance with the VIFO Act and minimize disruptions, it’s essential to take a structured approach. Start by confirming whether the VIFO Act currently applies to your business or will apply once the proposed expansion takes effect. Then, identify the type of transaction and assess whether it meets the criteria for reporting. Plan for potential delays by aligning timelines and cash flow expectations with the review process. Tools like informal BTI feedback can provide early clarity, while submitting complete and well-prepared notifications can streamline the formal review. Need tailored advice? Contact Marieke Pols or Dennis de Waard for support.
