Executive summary

I The EU established a framework for screening foreign direct investment in 2020. Regulation (EU) 2019/452 (‘the Regulation’) establishes a framework for the screening by member states of foreign direct investment and a cooperation mechanism among EU member states and the European Commission to assess and potentially restrict foreign direct investment that may pose a threat to security or public order in the EU or its member states.

II The Regulation aims to ensure a coordinated approach to the screening of foreign direct investment in strategic sectors that are vital for the security and functioning of the EU's economy. Foreign direct investment in the EU amounted to approximately €117 billion in 2021 in terms of inflows (8 % of the world level). It provides for a cooperation mechanism which takes account of the EU dimension of foreign direct investment cases handled at national level by identifying their cross-border impacts, and addresses security and public-order risks to EU projects and programmes. The Regulation also recognises that certain foreign investments may have implications for critical infrastructure, technologies, or sensitive information, and seeks to safeguard EU interests in these areas.

III The main objective of this audit was to assess whether the EU framework for screening foreign direct investment (including the cooperation mechanism) is efficient and effective at addressing security and public-order risks. We examined both its design and its implementation by the Commission, reviewed a representative sample of cases notified by member states and assessed by the Commission, and all opinions the Commission issued between 2020 and 2022. The audit scope did not include the member states’ screening laws and decisions.

IV Overall, we conclude that the Commission has taken appropriate steps to establish and implement a framework for screening foreign direct investments in the EU. However, there remain significant limitations across the EU that reduce the effectiveness and efficiency of the framework at preventing security and public-order risks. Six member states do not have a screening mechanism and there are differences in terms of scope, coverage in terms of defining critical sectors and understanding of key concepts. This creates multiple blind spots compromising the effective protection of the entire EU. Improvements are also necessary in the Commission’s assessments and recommendations.

V Specifically, in terms of preventing risks to security and public order at EU level, the current framework is partially appropriate. To a certain extent, cooperation provided member states with information on foreign direct investment being screened, and gave them an opportunity to share concerns and address them together when necessary. However, the enabling rather than harmonising nature of the Regulation’s design results in inherent limitations to the effectiveness of risk identification and uniform screening. The Regulation does not have sufficiently clear provisions to ensure that key concepts are always interpreted consistently and that comparable rules are applied to comparable situations with the ultimate goal of avoiding undue restrictions to the free movement of capital and rights of establishment (e.g. in terms of intra-EU investment by foreign investors, the inclusion of indirect foreign investment, and the exclusion of portfolio investments).

VI We also found that there are significant divergences across the screening mechanisms of member states, and that the Commission has not completed any formal assessment of its compliance with the minimum conditions set in the Regulation. Member states do not provide any preliminary eligibility and risk assessments of the cases they notify. This leads to a high volume of low-risk or ineligible cases, which overburden the cooperation mechanism.

VII We found that the cooperation mechanism, and in particular the Commission’s eligibility and risk assessment, together with the quality of its opinions and related recommendations, is partially effective at adequately mitigating the risks posed by foreign direct investment at EU level. Although the assessments identify risks, and contribute to forward-looking thinking on potential vulnerabilities, we identified issues in the Commission’s assessments and aspects of the recommendations which may raise challenges for enforceability, or be inconsistent with a market-economy environment.

VIII We found that the Commission has implemented appropriate operational tools, IT systems and resources to handle the current case load arising from the cooperation mechanism on a timely basis and within the tight deadlines stipulated in the Regulation. It has also produced its annual reports as required by the Regulation. Nevertheless, we identified some room for improvement across these functions with a view to focusing on systemic issues and approaches that are relevant at EU level. Specifically, the Regulation does not require feedback from member states on their screening decisions that would enable the Commission to monitor and report on the effectiveness of the screening framework.

IX In view of the above, we recommend that the Commission should:

1. seek the necessary amendments in the Regulation to strengthen the EU foreign direct investment screening framework by clarifying the key concepts of the framework and avoiding the current blind spots and inefficiencies;
2. assess national screening mechanisms for compliance with regulatory standards, and streamline some practices like pre-screening and aligning criteria, timeframes and processes across member state screening mechanisms;
3. improve the cooperation mechanism and the Commission’s assessments for providing better justification of mitigating actions related to high-risk cases; and
4. improve the reporting process.

Introduction

01 Openness to foreign direct investments (FDI) has been and continues to be one of the key principles of the internal market. The EU Treaties¹ define common commercial policy as contributing to the harmonious development of world trade, the progressive abolition of restrictions on international trade and on FDI, and the lowering of customs and other barriers. However, perceptions have changed as a result of concerns about lack of reciprocity and the new geopolitical environment, including an increasing awareness of the vulnerabilities stemming from the EU’s dependencies.

02 In line with global developments, EU member states and the EU have taken steps to better protect themselves against the potential dangers relating to FDI. Figure 1 provides an overview of the evolution of the number of member states with screening mechanisms in the EU (see also paragraph 06).

© OECD, 2022: Framework for Screening Foreign Direct Investment into the EU – Assessing effectiveness and efficiency.

03 Foreign direct investment (FDI) is an investment of any kind by a foreign investor aiming to establish or to maintain lasting and direct links between the foreign investor and the entrepreneur to whom or the undertaking to which the capital is made available in order to carry on an economic activity in a member state, including investments which enable effective participation in the management or control of a company carrying out an economic activity². A foreign investor is a natural person or an undertaking privately or publicly owned, of a third country (i.e. outside the European Union).

04 The EU had inward FDI totalling €117 billion in 2021, i.e. 8 % of the world total level³. FDI is widely considered as beneficial for host and home economies and for the enterprises that carry out the investments. It can, for example, enhance growth and innovation in host countries, contribute to creating quality jobs and developing human capital, raise living standards and help spread good practice in management and with regard to responsible business conduct.

05 However, risks associated with FDI have become more serious, especially in cases concerning strategic autonomy and assets (e.g. nuclear plants or ports), sensitive sectors (e.g. those involving critical defence inputs such as semi-conductors or microchips of a dual-use nature), or the transfer of sensitive technology to a third country whose strategic intents are not aligned with EU interests. Box 1 provides a summary of the main factors affecting security and public order, as listed in Article 4 of Regulation (EU) 2019/452. Box 2 provides an example of a potentially harmful FDI.

06 Investment screening mechanisms (i.e. legal and administrative instruments that allow FDI to be assessed and investigated before authorisation with or without conditions or even prohibition) can be traced back to the 1960s in some countries. The introduction of such rules allows governments to scrutinise individual investment proposals for their potential impact on essential security interests. Until very recently however, many countries did not have investment screening mechanisms in place and were relying instead on single-sector authorisation requirements or similar mechanisms at most. For many years, few countries had legislated in this area – introducing new mechanisms or reforming existing ones – until policymaking activity surged in and after 2016.

07 The European Parliament launched a debate as early as 2012⁴ in response to global trade developments and specific transactions in strategic sectors, mainly as an approach to security and defence matters. In February 2017, the governments of France, Germany and Italy voiced concern about third-country investments, particularly in cases where state-owned enterprises investing as part of a strategic industrial policy acquired critical assets and key technologies from EU companies, but did not offer reciprocal rights to invest in the country from which the FDI originated. The three member states recognised that EU law already allowed “member states to prohibit foreign investments which threaten public security and public order”, and 11 member states already had a screening mechanism in place. However, given the Commission’s expertise, they called for additional protection based on economic criteria. This debate was seen as a way to defend European interests in a hostile geopolitical environment.

08 In May 2017, the Commission proposed establishing a framework for member states and the Commission to screen FDI in the EU, while allowing member states to take their individual situations and national circumstances into account⁵. On 13 September 2017, the Commission published a proposal for a regulation establishing a legal framework for the screening of FDI inflows into the EU. In 2019, the European Parliament adopted the proposal, and the Council formally endorsed it in March 2019. Thus, Regulation (EU) 2019/452⁶ (‘the Regulation’) became applicable on 11 October 2020.

09 Major trading nations across the world have FDI screening mechanisms with differences in their respective scope and powers, governance structures, sectoral emphasis, or obligations and penalties for investors and targets. For example, the United States has a centrally managed framework, run by the Committee on Foreign Investment in the United States (CFIUS). For more details, see Annex I. However, while similar principles may apply, screening across the EU poses a number of challenges that do not exist in countries where screening is limited to one jurisdiction. The US framework is more comparable to member states’ screening mechanisms in terms of its scope and powers.

Scope and objectives of the Regulation

10 The Regulation establishes a cooperation mechanism among EU member states and the European Commission to assess and potentially restrict FDI that may pose a threat to security or public order in the EU or its member states. It aims to ensure a coordinated approach to the screening of FDI in strategic sectors that are vital for the security and functioning of the EU's economy. The Regulation recognises that certain foreign investments may have implications for critical infrastructure, technologies or sensitive information, and seeks to safeguard EU security and public order.

11 The Regulation was established using the EU’s exclusive competence for common commercial policy, in particular with regard to foreign direct investment pursuant to Article 207 (2) TFEU. However, national security and public order are an area that is the sole responsibility of member states. Therefore, member states are free to introduce a screening mechanism and define its scope as long as they comply with EU law (including free movement for capital) and member state’s authorities are the only ones that can take decisions on individual foreign direct investments.

12 The key elements or mechanisms envisaged in the Regulation are the following:

• screening mechanisms of member states;
• cooperation mechanism in relation to FDI; and
• Commission’s assessment of FDI likely to affect projects or programmes of Union interest (ex officio).

13 The aim of the Regulation is to ensure that the EU and the member states are better equipped to identify, assess and mitigate potential risks to security or public order deriving from FDI. For that purpose, the Regulation:

• lays down certain requirements for those member states that wish to maintain or adopt a screening mechanism at national level. Regardless of whether they have a formal screening mechanism in place, member states have the last say on whether a specific investment operation should be allowed on their territory (Articles 3 to 5);
• creates a cooperation mechanism where member states and the Commission are able to exchange information, request further information when necessary, and raise concerns about specific investments Articles 6 to 7);
• takes account of the need to operate under short business-friendly deadlines and strong confidentiality requirements;
• allows the Commission to issue opinions when it believes an investment threatens the security or public order of more than one member state, or when an investment could undermine a strategic project or programme of interest to the EU as a whole, such as the EU’s research and innovation programme or Galileo⁷ (Article 8); and
• encourages international cooperation⁸ on investment screening, including sharing experience, best practices and information on issues of common concern.

14 The Regulation does not operate in isolation, but is part of a larger toolkit that regulates FDI inflows into the EU single market and outflows to external markets. It works in conjunction and shares objectives with other EU policies that potentially apply to the same transactions from different perspectives and legal positions. For example, EU dual-use technologies can be transferred not only by buying EU undertakings by third countries, but also by exporting goods to third countries or when EU undertakings acquire subsidiaries outside the EU. For this reason, Regulation (EU) 2021/821 sets up an EU regime for the control of exports, brokering, technical assistance, transit and transfer of dual-use items. Other examples are EU antitrust and competition policy and its control systems and the new rules on distortive foreign subsidies (Regulation (EU) 2022/2560).

Main players and the process for screening FDI in the EU

15 The main players are the member state authorities tasked with screening FDI, and the Commission (mainly through DG TRADE). The ECA has already pointed out in a specific case (see ECA review 03/2020: The EU’s response to China’s state-driven investment strategy) that in policy areas where the EU and member states both exercise competences, a concerted EU approach could be an advantage. However, the fact that both the EU and member states exercise competences means that there are possible diverging opinions and approaches. This could make it difficult to address the challenges faced by the EU as a whole in a timely and coordinated manner.

16 Member states are free to decide whether or not they want to introduce FDI screening mechanisms. However, once a member state establishes a screening mechanism, it is also responsible for reporting FDI cases undergoing screening to the Commission and other member states through the cooperation mechanisms stipulated in the Regulation. The timelines for the screening process in member states vary from two months in Malta to six months in Germany⁹. Member states are required to submit annual reports to the Commission that include information on the FDI that took place on their territory in the preceding year, and any requests received from other member states as part of the cooperation mechanism and the operation of their national screening mechanism.

17 The Commission has the following responsibilities¹⁰:

• publishing and maintaining an up-to-date list of screening mechanisms established in member states;
• managing the cooperation mechanism for FDI cases undergoing screening;
• assessing all FDI cases reported by member states;
• issuing opinions for those cases it considers likely to affect security or public order in more than one member state, or to projects or programmes of EU interest;
• issuing opinions when it has relevant information on a particular FDI, whether or not that FDI is undergoing screening;
• securing the rights and freedoms of foreign investors to establish and move capital within the EU;
• ensuring that EU international agreements regarding foreign direct investment are complied with; and
• submitting an annual report to the European Parliament and the European Council on the implementation of the EU FDI Screening Regulation¹¹.

18 Figure 2 summarises the framework for screening FDI in the EU.

Source: European Commission.

Audit scope and approach

19 The main objective of this audit was to assess whether the EU framework for FDI screening (including the cooperation mechanism) is efficient and effective at addressing security and public-order risks. The audit covered the period from the adoption/enactment of the FDI regulation until September 2023. The audit should also serve as an input for the Commission’s review of the framework and the accompanying legislative proposal.

20 We examined the design and implementation of the EU framework for FDI screening (including the cooperation mechanism) that was set up under Regulation (EU) 2019/452. We assessed whether:

1. the regulatory framework is appropriate for protecting against security and public-order risks derived from FDI;
2. the FDI screening mechanisms in place comply with the regulatory framework, and are appropriate for addressing consistently the FDI risks to security and public order;
3. the mechanisms for cooperation between member states and the Commission are appropriate for addressing FDI risks to security and public order; and
4. the Commission allocated the necessary resources, and implemented the appropriate operational tools and reporting, to ensure efficient FDI screening and cooperation (operational efficiency of the Commission).

The observations presented in the subsequent sections follow the order of the points set out above.

21 The audit criteria were derived from applicable legislation, including the EU Treaties, World Trade Organization agreements¹², case law of the Court of Justice of the EU (CJEU), principles of sound financial management as well as from relevant documents issued by the Commission, the Council and the European Parliament, and from international best practices, including those of international organisations.

22 Specifically, we:

• conducted interviews and meetings with EU officials, mainly at DG TRADE which has primary responsibility for FDI screening;
• reviewed and analysed a random and representative sample of 30 cases reported to the cooperation mechanism, plus a risk-based sample of cases analysed by the Commission, including ex officio cases and all those which resulted in a Commission opinion covering the period 2020 to 2022;
• reviewed and analysed relevant Commission guidance to member states, as well as internal guidelines and checklists;
• conducted interviews with six member state authorities, taking into consideration the size of the economy and geographical balance (Germany, Italy, Lithuania, the Netherlands, Austria and Sweden);
• surveyed the responsible authorities in all member states (25 of which replied); and
• consulted publicly available documents issued by relevant authorities, the OECD and other international organisations, and academics.

23 The audit scope did not include the assessment of member state screening laws, procedures and decisions. As the cases and other underlying documents we analysed are classified as “EU-restricted” and cannot be disclosed publicly, we provide only summary information that highlights specific problems, but without further details or specific examples.

Observations

The FDI screening framework enhanced cooperation, but its limitations reduce its effectiveness

24 To have an effective system, it is important to cover all relevant types and forms of investment and investors, and security and public order risks. The EU framework for FDI screening should be able to prevent circumvention and avoid security and public order criteria being used to apply protectionist measures. A balance should be struck between FDI screening detection and the mitigation of risks to security and public order on the one hand, and the openness of the EU to FDI on the other.

25 When determining and interpreting the definitions of key concepts in the Regulation, the Commission should take account of the principles enshrined in the EU treaties, in particular with regard to free movement of capital and commercial policy, and the competences of the EU and its member states on FDI, security and public order. There should therefore be clear definitions of the main elements and concepts relating to FDI and FDI screening in the Regulation, and these should be compatible with existing jurisprudence.

A first step in FDI screening and cooperation, but inherent limitations remain

26 We found that the cooperation mechanism established for the first time by the Regulation enables member states and the Commission to share screening information and risk assessments on FDI. This provides the member state that screens and authorises FDI with information on potential risks for other member states, or on risks posed to EU projects or programmes. The framework is thus a positive step, making it possible to detect risks that may otherwise go undetected given the complexity of ownership structures, state influence, criminal intent, or cross-border vulnerabilities and critical dependencies. Our survey confirmed that it also helps to develop a better understanding of investment trends in Europe and promote closer cooperation and peer learning among member state authorities in this area.

27 However, the framework also faces inherent limitations due to its design and to EU competences that limit its effectiveness at preventing security and public-order risks by allowing for blind spots that compromise the effective protection of the EU as a whole. The following are issues pointing at such limitations:

• the Regulation is an enabling rather than a harmonising framework. It authorises, but does not oblige, member states to introduce national rules that govern FDI screening;
• the member states have the option of determining the scope of their mechanisms in important areas such as what investments to screen; how to establish the notion of control by a third-country entity; which sectors to include as critical for security or public order; and even whether to screen FDI at all;
• the Commission cannot prohibit FDI transactions, or impose any binding condition upon them, even when EU interests are at stake;
• member states cannot block FDI in another member state, nor are they obliged to heed other member states’ concerns;
• member states are not obliged to inform the Commission or other member states of the final decisions taken on specific FDI transactions;
• although the Commission may assess FDI which is not undergoing screening, these provisions have a limited added value, given the lack of information available on the FDI transactions taking place, except for that available in the public domain.

28 Figure 3 shows the situation in September 2023, when 21 member states had a screening mechanism in place. The Commission considers it important for all member states to have a national screening mechanism, especially in the context of the Single Market¹³.

Source: ECA, based on the Commission’s 2022 annual report and updated information up to September 2023.

The Regulation does not define key concepts clearly, or provide for feedback

29 The Regulation does not have sufficiently clear provisions and definitions of key concepts. We found that this negatively affects the efficiency and effectiveness of EU-wide screening and exposes member states to unnecessary legal risks. The following are examples of these shortcomings:

1. no uniform interpretation of “likely”. We saw in our audit work that this interpretation currently differs between member state FDI screening authorities. As long as the Regulation remains vague, only the CJEU can ensure a uniform interpretation. In our view, the notion of “likelihood” as used in the Regulation (Article 4(1)) is vague and does not consider the potential impact of the risk, nor does it ensure that member states apply it consistently. In addition, it is not aligned with the notion of a “genuine and sufficiently serious threat” to a fundamental interest of society, as currently established by the CJEU, which also stated that restrictions cannot be applied to serve purely economic ends¹⁴;
2. the risk that restrictions constitute a means of arbitrary discrimination, and that the same rules are not applied equally to comparable situations. An investment from a third country enjoys the same freedom as an investment from within the EU, and any restrictions are prohibited except on grounds of security or public order. Consequently, any investment screening for security or public order should be neutral to an investment’s origin (whether from within the EU or from third countries) in order to avoid discrimination. The Commission currently considers intra-EU trade only in cases of suspected circumvention. Against this backdrop, the cooperation mechanism cannot be used to assess risks from foreign investment channelled through intra-EU acquisitions (i.e. when the European investor is held or controlled by a foreign investor). In our view, the fact that this approach is not made clear in the Regulation means that there is still exposure to risks from foreign investment channelled through intra-EU acquisitions (i.e. when the ultimate beneficial owner is a third country controlling an EU entity). While within national screening mechanisms, we observe different practice in different member states in this respect;
3. member states do not provide sufficient information on the outcome of cases to allow the Commission to evaluate the functioning and effectiveness of the Regulation. As the Regulation does not require member states to report the outcomes of cases undergoing their national screening procedures to the Commission, the Commission lacks the necessary authority to obtain information in order to comply with its obligation to evaluate the functioning and effectiveness of the Regulation and make this information available to the European Parliament and the Council. As the guardian of the Treaties, the Commission has also to ensure that investors are not discriminated against, or that the free movement of capital is not unduly restricted as a result of member state screening of FDI;
4. unclarity whether indirect investment being screened lies within the scope of the Regulation. For example, the Commission and most member states apply the cooperation mechanism to cases where the investor, the seller and the direct target are established outside the EU if a subsidiary of the direct recipient of the investment is within the EU. In our view, the Regulation’s definition of ‘foreign direct investment’ is not clear in this respect, and allows for differing interpretations and screening practices, which does not ensure a uniform approach across the EU. Another example is investments by EU citizens who have acquired citizenship through the ‘golden passport’; these are considered to lie outside the scope of the Regulation. Even though this loophole may be used by investors to circumvent the rules, the issue is not addressed by the current Regulation;
5. portfolio investments are not treated equally by everyone, i.e. outside the scope of the Regulation. While portfolio investments are considered to lie outside the scope of the Regulation¹⁵, Article 2 does not define what constitutes a portfolio investment. The CJEU has described ‘portfolio investments’ as “the acquisition of shares on the capital market solely with the intention of making a financial investment without any intention to influence the management and control of the undertaking”¹⁶. However, our assessment of a sample of cases showed that portfolio investments had been screened.

Effectiveness of the framework affected by a lack of compliance assessment and differences in member states’ FDI screening mechanisms

30 In order to ensure the effectiveness of the framework, screening mechanisms should comply with the minimum criteria set out in Articles 3, 4 and 6 of the Regulation, and the Commission needs to assess compliance with these criteria in order to assess the functioning and effectiveness of the Regulation. Among other things, member states setting up FDI screening mechanisms are required to:

• report all cases that are being screened to the cooperation mechanism, and provide the minimum information required by Article 9;
• inform investors that their cases are being processed;
• provide investors with explanations for their investments being blocked, and be able to appeal against decisions by member state authorities.

31 The Regulation aims to establish a set of uniform principles for FDI, and prohibits screening from being used as a barrier to free trade under the pretext of security or public order. Moreover, member states should report cases which reflect potential risks, and should provide sufficient and relevant information for other member states and the Commission so that they can assess risks to their security and public order.

No Commission assessment to ensure that screening mechanisms comply with the standards stipulated in the Regulation

32 Article 3 of the Regulation provides a set of common standards for screening mechanisms in the EU, and requires the Commission to maintain an updated list of the mechanisms in place. We found that the Commission maintains and publishes a list of screening mechanisms on its website, and provides a summary in its annual report¹⁷. It also co-financed a study carried out by the OECD, which resulted in an extensive overview of the different aspects of national screening mechanisms without having to provide an assessment of their compliance with the requirements of the Regulation. The Commission itself has not produced its own assessment of whether national screening mechanisms comply with the requirements of Article 3 of the Regulation to be able to assess the functioning and effectiveness of the Regulation. Therefore, there is no verified information available on to what extent member states comply with these requirements and how this affects the effectiveness and efficiency of the framework.

Significant differences between member states’ FDI screening mechanisms make the framework less effective

33 The OECD study which received financial support from the Commission in 2022, highlights a number of significant differences between national screening mechanisms. These differences¹⁸ have an impact on how effective and efficient the system is at mitigating threats to security and public order as they create blind spots and in some cases seem not to be fully in line with the Regulation. These include:

• differences in the sectoral scope of the mechanisms, with only a few member states able to screen transactions across any sector, while others are based on lists of sensitive sectors or specific assets;
• differences in exemptions for certain acquirers, with many member states exempting EFTA, non-EU EEA Members, NATO, or other OECD members – 20 jurisdictions in all – from applying part of their screening mechanism;
• different concepts of security and public order, where some member states still continue to refer explicitly to Articles 52 and 65 TFEU, which has been interpreted narrowly in the CJEU’s jurisprudence and could lead to under-use of the cooperation mechanism;
• different notification dates and timelines for multi-jurisdictional cases being applied across member states;
• differences in terms used to indicate the likelihood of risks, using wording such as “disrupt”, “threaten”, “pose a risk”, or “may affect”;
• different thresholds when determining control, such as shareholdings or voting rights required, which can be 10 %, 25 %, or 50 % plus one vote¹⁹;
• differences in powers to consider threats to other EU member states, with only a few member states’ screening laws containing explicit powers to act in the interest of other member states, or projects or programmes of EU interest²⁰.

34 Our audit (interviews, survey and analysis of the sample of cases) confirmed the differences highlighted by the OECD. In addition, we found that the following issues had a negative impact on the efficiency and effectiveness of FDI screening at national and EU level:

1. differences in determining the scope of certain types of investment. Namely, the Commission applies the EU framework to cases where the acquisition of an EU target involves direct investment by entities established outside the EU. However, we found that practices differed between member states. Some exempt certain foreign investors based on their nationality (e.g. EEA countries), while others even screen investors or entities that reside or have a seat in the EU, or screen investments made by EU persons and undertakings;
2. pre-screening used in some member states:
1. Article 6(1) of the Regulation requires member states to report any FDI that is undergoing screening. However, we found that some member states use an initial risk assessment referred to as “pre-screening” to decide whether or not to screen, resulting in notifications for only a subset of the cases they actually review;
2. the Commission has not yet required member states to provide notification of all cases undergoing screening, as stipulated by Article 6(1) of the Regulation, while the Regulation does not distinguish between phases of FDI screening which would exempt such early stage screening;
3. different treatment of multi-jurisdictional cases:
1. in certain cases, an acquisition of a group with subsidiaries across the EU may lead to notifications from several member states. We found that different notification filing dates by investors – or different national procedures – create additional challenges for screening multi-jurisdictional cases. For example, in one of the cases we reviewed, a gap resulted when investors did not provide notification in the member state of the EU parent target, but did provide notification in other member states for the EU subsidiaries;
2. we also found that the Commission makes an effort to assess such multi-jurisdictional cases as comprehensively as possible. However, the Regulation contains no provisions for streamlining processes across the EU.

35 The differences cited above also contribute to an uneven distribution of notifications between member states and limit the effectiveness of the framework. Figure 4 shows the aggregate number of notifications submitted by groups of member states in 2020 to 2022, and their respective FDI stock, based on 2019-2021 data. We would expect a level of correlation which did not actually materialise, between the size of economies, the level of inward FDI and the number of notifications. Six member states together submit 92 % of all cases, whereas a second group of nine member states with screening mechanisms submit the remaining 8 %. A third group of 12 member states did not screen or provide notification of any cases in the same period; these member states account for approximately 42 % of the EU’s average FDI stock. In our view, this has a significant impact on the effectiveness of the framework and limits the overview that the Commission and other member states could have.

Source: ECA, based on cases reported to the cooperation mechanism - Commission Annual Reports; Average inward investment stock - Eurostat - EU direct investment positions by country, ultimate and immediate counterpart and economic activity (BPM6), Inward FDI 2019-2021.

Notification of ineligible cases and lack of information on risk profiles in notifications undermine the efficiency and effectiveness of the framework

36 Article 9 of the Regulation outlines the type of information for any cases of FDI undergoing screening. Given its limited scope, the Commission and the member states agreed on a voluntary basis, in the FDI Screening Expert Group, to provide more extensive information in a “notification form”. These forms are submitted through a secure network by duly appointed authorities in the member states, and generally provide the information required. Whenever important information was missing, the Commission made additional requests, to which member states replied by providing further information. The system would be more efficient if notification forms included all essential information by default.

37 When assessing whether an FDI is likely to impact public order or security, the Commission and the member states may take into account the factors listed in Article 4 of the Regulation. These factors relate to the nature of the investment (e.g. when it involves critical infrastructure or technologies) and to the nature of the investor (e.g. past involvement in criminal activities, or controlled by third-country governments or armed forces). However, these factors are neither exhaustive nor mandatory.

38 We found that the cooperation mechanism is overburdened with ineligible, (i.e. out of scope) and with low-risk cases (i.e. not warranting an opinion) Figure 5 shows that 30 % of the 886 cases member states notified by the end of 2022 were either ineligible, or their eligibility was unclear. According to the Commission, 68 % were eligible, but of low risk. Only in 2 % of cases did the Commission identify likely risks or shared relevant information by issuing opinions.

Source: ECA, based on Commission data.

39 We found that member states are informed of screening activities in other member states through the cooperation mechanism, as our survey and interviews with member states also showed. The information obtained as a result of their requests or submitted comments helps to make better informed decisions before specific FDI transactions are authorised. However, in our view, the notification forms and the information they contain have the following weaknesses:

1. notifications do not provide detailed explanations of the threats FDI poses to security or public order (risks listed in Article 4 of the Regulation, or others that may apply). Although the forms require a description of relevant risk factors, these are very often filled in only with a short title of the sector or type of activity. In our view, risks to security and public order are not generally flagged in the notification, even if high risks were known in advance;
2. notifications do not require the member state authorities to reach a conclusion about the eligibility of a case; and
3. notification forms lack automatic validation for completeness of information and eligibility, based on a standard set of information fields.

40 These weaknesses resulted in additional work for the Commission, including having to gather further information from member states, thereby significantly reducing the efficiency of the framework.

The Commission’s opinions provide added value, but its assessments and recommendations are sometimes not sufficiently developed

41 As set out in the Regulation, the Commission is responsible for carrying out its own risk assessments and providing opinions when it believes that FDI poses a high risk to more than one member state or to EU projects and programmes. For this purpose, the Commission developed internal guidance that we took into account for our assessment. To carry out its risk assessments, the Commission needs to make sufficient resources available in order to assess the sensitivity of EU targets in relation to any of the factors mentioned in Article 4 of the Regulation that may represent a serious threat to security and public order from FDI, to identify the ultimate beneficiary owners and their risk profiles, and to take account of sanctions imposed by the EU and member states in relation to investment. As per the Commission’s internal procedures, DG TRADE should consult all other relevant DGs to ensure robust due diligence.

42 FDI may lead to a capital movement under Article 63 TFEU. This Article prohibits any restriction on capital movements between member states and between member states and third countries. Pursuant to Article 65 TFEU, restrictions on the free movement of capital may be justified when necessary and proportionate for the achievement of the objectives defined in the Treaty, including on public security and public policy grounds, as defined by the CJEU. FDI may also lead to the establishment of a third-country investor in the EU, e.g. when such an investment acquires a controlling stake in an EU-based undertaking.

43 As the explanatory memorandum accompanying its proposal for the Regulation states, with respect to movement of capital, such public interests must be interpreted strictly. They may be relied upon only if there is a genuine and sufficiently serious threat to a fundamental interest of society. Restrictions on fundamental freedoms must not be misapplied in order to serve purely economic ends. Furthermore, investment screening mechanisms should comply with the general principles of EU law, in particular the principles of proportionality and legal certainty. These principles require the procedure and criteria for an investment screening to be defined in a non-discriminatory and sufficiently precise manner, and should be reflected in the Commission’s risk assessment and recommendations.

The Commission’s risk assessment provides value, but the Commission has limited access to data on individual investor profiles

44 Article 4 of the Regulation provides a non-exhaustive list of risk factors relating either to the critical nature of the target company, its products or activity in the EU, or to the risk profile of the foreign investors. Our review of cases showed that the Commission described potential risks comprehensively including identifying spillover risks or critical dependencies. Our survey and our interviews with member state authorities corroborated their appreciation of the Commission’s role in assessing risks.

45 The Commission is uniquely positioned not only to assess whether FDI is likely to affect security or public order in more than one member state, or whether FDI may affect projects and programmes of EU interest, but also to estimate their impact at EU level, thus adding additional value to the cooperation mechanism. We found that DG TRADE collaborates with other Directorates-General and asks member states to provide more information where required. It also identifies those targets that participate in certain EU projects and programmes, as listed in the Annex to the Regulation.

46 Europol and Eurojust databases may shed light on certain risks relating to past engagement in illegal or criminal activity by individual investors. However, the Regulation does not contain any provisions enabling such cooperation and information-sharing that would help in better assessing security risks of individual investors.

Gaps in the assessment of the likelihood and impact of risk elements for high-risk cases

47 Our examination of the Commission’s opinions found the following issues in the quality of its assessments. To satisfy auditee confidentiality requirements, we have grouped our findings by type of issue (specific examples cannot be given due to the highly sensitive nature of the cases reviewed):

1. description of the identified risks and their likelihood – we found that certain risks identified were not sufficiently evidence based and lacked clear explanations of how likely such risks were to occur, with the consequence that the impact on security and public order may be overestimated;
2. the link between the risk and the investment– we found that security-of-supply risks in Europe, often linked to single or limited suppliers, may pose a risk to certain critical supplies or dependencies. However, the source of the risk stems from past industrial trends, past policy decisions, or market realities for which the investors are not directly responsible;
3. quantifying the potential impact of an acquisition – the Commission’s risk assessments do not quantify, to the furthest extent possible, the potential impact or disruption that may result from a specific investment;
4. consideration of other national and EU policies – most assessments do not explain which other national or EU instruments or policies should address the risks identified, and – where they do exist – why they are not sufficient to fully address the risks without any further case-specific measures. This relates to at least the following areas: export controls including dual-use items; data-protection laws; controls under financial-sector regulations; and EU sanctions intended to prohibit investments;
5. the distinction between the different roles and responsibilities of shareholders and management is not always taken into account, but may have a bearing on recommended mitigation measures, if any. There are various safeguards in place and legal distinctions made between an entity’s administrator or managing board, and its shareholders, which are taken into consideration to varying degrees in the examined opinions;
6. highlighting potential financial EU support to address certain risks the Commission does not assess whether there is scope for support or mitigation through direct EU resources (e.g. from the EU budget, the European Investment Fund (EIF), the Recovery and Resilience Fund (RRF), or any other available EU funding) or at member state level.

The Commission’s recommendations are partially effective at addressing the risks identified

48 We assessed the quality of the recommendations made by the Commission in its opinions. The key factors which led the Commission to issue an opinion include risks and measures relating to sensitive EU targets (such as security of supply of critical goods and technology, or dual-use products), and risks related to investors (such as foreign-state influence or control). We found that when the Commission identified what it regarded as a likely impact on security or public order, it recommended mitigating measures to the member state hosting the FDI.

49 In terms of the quality and relevance of the mitigating measures proposed, we found that in some cases the Commission:

1. proposes mitigating measures without explaining the extent to which they would address the risks identified;
2. recommends various safeguards which do not sufficiently distinguish between the roles and responsibilities of shareholders and management, or which may raise issues of enforceability and thus cannot effectively mitigate the risks identified. The commitments they impose are binding on the investor, but not necessarily on the target company and its management;
3. recommends restrictions or conditions on investors or target companies, which are not consistent with a market-economy environment. Measures which require EU targets and investors to increase inventories or production capacity place a financial and legal obligation on a private party to resolve a systemic market situation for which the investor is not directly responsible.

50 Our evidence showed that where certain transactions involved individuals on a sanctions list, the member states concerned did not block the investment. Our view is that if investors are on a sanctions list which prohibits them from investing, no further assessment by the Commission is necessary to issue an opinion, because any such investment would be illegal if the member state permitted it.

Appropriate operational tools and resources are in place, but reporting is not sufficiently focused

51 The Commission should adhere to sound financial management principles and to its Internal Control Framework. Thus, it should make the necessary resources available so that cases can be managed in a timely manner. It should also ensure that it has adequate information-management tools to carry out its own assessments, as well as secure communication tools to manage information exchanges with member states. The annual reports and the five-year evaluation of the functioning and effectiveness of the Regulation should explain the extent to which the Regulation has been implemented across the EU, and address any important systemic issues that emerge. Based on relevant and reliable data, the Commission’s reports should focus on key risks and how to address them.

The Commission has put appropriate tools and resources in place to support the implementation of the cooperation mechanism

52 We found that the Commission has adequate resources in place to handle the current case load in a timely manner, and that it provided assessments to tight deadlines. However, streamlining opportunities exist to improve the management of future caseload increases, including ensuring that Commission staff always use existing templates and checklists.

53 The Commission has set up an appropriate database to manage and document its work, with sufficient indicators relevant for assessing the effectiveness of the Regulation. It also set up appropriate IT tools to exchange information securely for the purposes of the cooperation mechanism.

54 The Commission established well-designed internal guidelines and processes. One procedure which we found very useful was the development of a dedicated checklist that requires Commission staff to identify, justify and provide evidence for determining a likely risk. Despite the importance of this checklist for facilitating consistent and comprehensive assessments, the other DGs involved in providing input to DG TRADE do not systematically use it.

55 In accordance with Article 12 of the Regulation, the Commission has convened a group of experts from all member state authorities, with the aim of providing it with advice and expertise, sharing examples of good practice and lessons learned, and exchanging views on trends and issues of common concern relating to foreign direct investments. We note that the Commission has set up the necessary platform for the experts’ forum, and that all member states – with or without a national screening mechanism – are participating.

56 Article 13 of the Regulation opens up the possibility for international cooperation between member states and the Commission on the one hand, and third-country authorities on the other. The Commission has participated in and organised various initiatives, such as talks with third countries, cooperation with the OECD and the US, and stakeholder conferences and events attended by third-country authorities.

The Commission’s annual reports place insufficient focus on the risks identified and common approaches for preventing them

57 As required by the Regulation, the Commission has published its first and second annual implementation reports. The Regulation does not specify the information to be included in the annual reports, but they do provide more information than member states included in comparable reports. However, even taking account of the need to balance transparency and security considerations due to the sensitive nature of data, we believe that the reports contain insufficient information and data for reporting purposes and, more importantly, for assessing the efficiency and effectiveness of FDI screening and EU-level cooperation. The reasons for this are as follows:

• the Regulation does not require any specific information to be included in the Commission’s annual report;
• the reports provide a comprehensive summary of legislative developments in member states and FDI screening activities being carried out at both EU and national level. However, we have found that the reports do not focus sufficiently on the types of risks being identified for the related sectors, or the types of risks relating to investors or deal structures (in particular, those included under Article 4);
• the reports provide information on FDI into the EU. However, the information on the volume of inward investment has limited added value, as it does not necessarily correlate with security and public-order risks (e.g. geographical concentration, or the location of sensitive or strategic assets);
• the FDI figures as reported misrepresent actual foreign capital flows into the EU because they quote the value of global deals rather than the relevant EU direct investment. This does not provide an accurate picture of the size of the relevant portion of FDI transactions within the EU. The challenge the Commission faces is the lack of reliable statistics or detailed information from member states, breaking down such global transactions by their different EU and non-EU elements;
• the lack of aggregate information on risk patterns and the frequency of mitigation measures make it more difficult to identify issues of common concern and to develop potential EU-level solutions or improvements over time.

Conclusions and recommendations

58 Overall, the Commission has taken appropriate steps to establish and implement a framework for screening foreign direct investment in the EU. However, significant limitations persist across the EU, reducing the effectiveness and efficiency of the framework at identifying, assessing and mitigating security and public-order risks.

59 The cooperation mechanism facilitated the sharing of screening information and risk assessments on FDI. However, some features in the design of the Regulation mean that the cooperation mechanism is less effective at protecting the EU’s public order and security. Firstly, as the Regulation does not require member states to set up an FDI screening mechanism, there were still six member states that did not have an FDI screening mechanism in place as of September 2023. Secondly, as the Regulation is silent on the scope of national screening mechanisms when they exist, there are significant differences in scope and approach between screening systems in the member states. Thirdly, member states are under no obligation to inform the Commission or other member states of their final decisions in cases where the Commission or other member states respectively issue opinions or send comments identifying likely risks to security or public order. Lastly, the Commission’s recommendations are not binding on member states carrying out screening, even when overall EU interests are at stake (see paragraphs 26-28).

60 The Regulation leaves room for interpretation with regard to the notion of “likely impact” on security or public order. Moreover, as a result of the Regulation’s design, comparable rules are not consistently applied to comparable situations (particularly in the treatment of intra-EU trade from entities that are foreign-owned and controlled, or of portfolio investments). Furthermore, member states can determine the scope of security and public order for themselves. All of these elements, together with the fact that member states do not have to report the outcome of their screening decisions to the Commission, make it very challenging for the Commission to monitor the implementation of the framework and to ensure that investors are not discriminated against, or that the free movement of capital is not unduly restricted (see paragraph 29). It also creates multiple blind spots, compromising the legitimate need for the EU to safeguard its security and public order interests. Improvements are also necessary in the Commission’s risk assessments and recommendations.

Recommendation 1 – Seek the necessary amendments in the Regulation to strengthen the EU FDI screening framework

Without prejudice to the decisions of the co-legislators, we recommend that the Commission should in its revision of the framework:

1. include the requirement that all member states establish screening mechanisms.
2. clarify key concepts such as:
1. the definition of ‘likely’ risk by aligning it clearly to the notion of “genuine and sufficiently serious threat to a fundamental interest of society”;
2. portfolio investments;
3. cover explicitly:
1. investments made in the EU by a foreign owned undertaking economically active in the EU
2. investments, whereby a foreign investor acquires a foreign target with subsidiaries in the EU;
4. include the obligation for member states to provide the Commission and other member states, as the case may be, with feedback on the outcome of their screening decisions, in particular where the Commission has issued an opinion and/or the respective member states have provided a comment.

Target implementation date: 2024

61 We found significant differences between the FDI screening mechanisms of member states, and the Commission has not completed any formal assessment of their compliance with the minimum conditions stipulated in the Regulation. As things stand, several member states pre-screen transactions and only notify the cooperation mechanism of those transactions that are likely to affect their own public order or security, thereby depriving the other member states and the Commission of a chance to assess whether a transaction can have an impact on them. All of this results in a large share of FDI that is not subject to screening, and a substantial number of low-risk or ineligible cases which overburden the system (see paragraphs 32-39).

Recommendation 2 – Assess whether national screening mechanisms comply with regulatory standards, and streamline concepts across EU screening mechanisms

The Commission should:

1. provide an assessment of whether national screening mechanisms comply with the standards set out in Article 3 of the Regulation;
2. clarify the practice of pre-screening; and
3. encourage member states to align their criteria, timeframes and processes so that cases spanning multiple member states can be coordinated effectively (multi-jurisdiction cases).

Target implementation date: (a) 2026; (b) and (c) 2025.

62 The Commission’s risk assessment provides EU added value not only by identifying risks to security and public order relating to factors under Article 4 of the Regulation, but also by contributing to forward-looking thinking on potential vulnerabilities and critical dependencies as they arise at EU level. However, this approach has limitations in covering all types of risk, such as assessing past criminal or security-related risks presented by individual investors at EU level (see paragraphs 44-46).

63 The Commission provided assessments to tight deadlines. However, we found issues with the quality of the Commission’s assessments that we reviewed (see paragraph 47) regarding:

• the description of the identified risks and their likelihood;
• links between the risk and the investment;
• quantification of the potential impact of an acquisition;
• consideration of other national and EU policies;
• the distinction between different roles and responsibilities of shareholders and management; and
• the highlighting of potential financial EU support to address certain risks.

64 The Commission’s opinions to member states may recommend mitigating measures or prohibition of FDI. In our view, recommendations are only partially effective at addressing the risks identified, as justification for the mitigation measures being recommended can be improved, notably by specifying how the proposed measures would reduce exposure to the risks if implemented. Furthermore, when recommending mitigating measures, the Commission proposes conditions which may raise issues of enforceability or be inconsistent with a market-economy environment (see paragraph 49).

Recommendation 3 – Improve the cooperation mechanism and the Commission’s assessments in order to provide better justification of mitigating actions relating to high-risk cases

The Commission should:

1. assess eligibility before it starts risk assessments;
2. make risk assessments more comprehensive by exploring the scope for cooperation with Europol and Eurojust to assess criminal or security risks presented by individual investors;
3. in its assessments, focus on risks which are reasonably likely to occur, and avoid hypothetical scenarios;
4. strengthen its opinions by indicating clearly if the opinion is just for sharing the information or for addressing serious threats to security and public order, and proposing proportional measures taking into account roles and responsibilities of investors, existing EU or national legislation, policies and instruments; and
5. recommend prohibiting cases where foreign investors are on a sanctions list banning investment, irrespective of the risk profile of the target.

Target implementation date: June 2024

65 The Commission has put appropriate operational tools, IT systems and resources in place to handle the current case load arising from the cooperation mechanism. It has reported in a timely manner in its annual reports, and has fulfilled its “reporting” role in implementing the Regulation. Nevertheless, given the need to balance transparency and security considerations due to the sensitive nature of the data, we believe that the information and data that the Commission and member states have provided are not sufficient to assess the efficiency and effectiveness of FDI screening and EU-level cooperation. The fact is that they do not sufficiently focus on the types of risk being identified for the related sectors, or the types of risk relating to investors or deal structures (see paragraphs 52-57).

66 Moreover, the Regulation does not provide for adequate feedback by the member state recipient of the Commission’s opinion, or for member state comments that would allow the Commission or the member state making those comments to monitor and report on the effectiveness of the system (see paragraph 29 (c)).

Recommendation 4 – Improve the quality of reporting

The Commission should improve the quality of its annual reports by focusing on critical risks and approaches to mitigating them. In cooperation with member states, it should also improve the scope and quality of the underlying data.

Target implementation date: 2024

This report was adopted by Chamber IV, headed by Mr Mihails Kozlovs, Member of the Court of Auditors, in Luxembourg at its meeting of 24 October 2023.

Annexes

Annex I – Comparison between EU and US screening frameworks

Abbreviations

CFIUS: Committee on Foreign Investment in the United States

CJEU: Court of Justice of the European Union

DG TRADE: The European Commission’s Directorate-General for Trade 

EEA: European Economic Area

EFTA: European Free Trade Association

EIF: European Investment Fund

Eurojust: European Union Agency for Criminal Justice Cooperation

Europol: European Union Agency for Law Enforcement Cooperation

FDI: Foreign Direct Investment

NATO: North Atlantic Treaty Organization

OECD: Organisation for Economic Co-operation and Development 

RRF: Recovery and Resilience Fund

TFEU: Treaty on the Functioning of the European Union

TTC: Trade and Technology Council

Glossary

Foreign direct investment (FDI) – an investment of any kind by a foreign investor that aims to establish or to maintain lasting and direct links between the foreign investor and the target company to carry on an economic activity in a member state, including other arrangements that enable effective control or participation in the management of a company carrying out an economic activity. This definition excludes portfolio investments.

Foreign investor – a natural person of a third country or an undertaking of a third country making a foreign direct investment.

Screening – a procedure allowing to assess, investigate, authorise, condition, prohibit or unwind foreign direct investments.

Screening mechanism – an instrument of general application, such as a law or regulation, and accompanying administrative requirements, implementing rules or guidelines, setting out the terms, conditions and procedures to assess, investigate, authorise, condition, prohibit or unwind FDI on grounds of security or public order.

Audit team

The ECA’s special reports set out the results of its audits of EU policies and programmes, or of management-related topics from specific budgetary areas. The ECA selects and designs these audit tasks to be of maximum impact by considering the risks to performance or compliance, the level of income or spending involved, forthcoming developments and political and public interest.

This performance audit was carried out by Audit Chamber IV Regulation of markets and competitive economy, headed by ECA Member Mihails Kozlovs. The audit was led by ECA Member Mihails Kozlovs, supported by Edite Dzalbe, Head of Private Office and Laura Graudina, Private Office Attaché; Juan Ignacio Gonzalez Bastero, Principal Manager; Georgios Karakatsanis, Head of Task; Jacques Sciberras, Joerg Genner and Joaquin Hernandez Fernandez, Auditors; Mari-Liis Pelmas-Gardin, secretarial support.

From left to right: Joerg Genner, Georgios Karakatsanis, Edite Dzalbe, Mihails Kozlovs, Laura Graudina; Juan Ignacio Gonzalez Bastero; Mari-Liis Pelmas-Gardin, Jacques Sciberras.

COPYRIGHT

© European Union, 2023

The reuse policy of the European Court of Auditors (ECA) is set out in ECA Decision No 6-2019 on the open data policy and the reuse of documents.

Unless otherwise indicated (e.g. in individual copyright notices), ECA content owned by the EU is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence. As a general rule, therefore, reuse is authorised provided appropriate credit is given and any changes are indicated. Those reusing ECA content must not distort the original meaning or message. The ECA shall not be liable for any consequences of reuse.

Additional permission must be obtained if specific content depicts identifiable private individuals, e.g. in pictures of ECA staff, or includes third-party works.

Where such permission is obtained, it shall cancel and replace the above-mentioned general permission and shall clearly state any restrictions on use.

To use or reproduce content that is not owned by the EU, it may be necessary to seek permission directly from the copyright holders:

Figure 1: © OECD, 2022: Framework for Screening Foreign Direct Investment into the EU – Assessing effectiveness and efficiency. This translation was not created by the OECD and should not be considered an official OECD translation. The OECD shall not be liable for any content or error in this translation.

Software or documents covered by industrial property rights, such as patents, trademarks, registered designs, logos and names, are excluded from the ECA’s reuse policy.

The European Union’s family of institutional websites, within the europa.eu domain, provides links to third-party sites. Since the ECA has no control over these, you are encouraged to review their privacy and copyright policies.

Use of the ECA logo

The ECA logo must not be used without the ECA’s prior consent.

Endnotes