The EU is taking action to counter the EU's single market's vulnerability to geopolitical developments. Although national security still falls within the decision-making of individual member states, the bloc has encouraged its member states to screen investments by third country investors for potential national security threats. In the Netherlands, for example, a general screening regime went live in June 2023, when the Vifo Act entered into force. This act covers investments in vital providers, sensitive technology and highly sensitive technology companies, and operators of business campuses (see our June 2023 article explaining the regime here). Likewise, almost all other EU member states have implemented screening regimes on foreign direct investments (FDI).

The FDI regulatory landscape has not only expanded but also constantly continues to evolve. Recently, technology leakage has appeared more prominently on the EU's radar. Regulators are therefore broadening the list of sensitive technologies that are in scope of foreign investment into the EU. Moreover, the EU considers making outbound investment in sensitive technologies in third countries subject to regulation.

Inbound investments in sensitive technology

Under the Vifo Act, the Minister of Economic Affairs has designated technologies that are considered sensitive or highly sensitive. In December 2024, the government published a draft amendment to this decree for public consultation. This amendment aims to broaden the scope of the Vifo Act. Six new technologies will be added to the list of sensitive technologies: advanced materials; biotechnology (including pharmaceuticals, plants and seeds); artificial intelligence (AI) (limited to personal tracking and imitation, such as deepfakes); nanotechnology; sensor and navigation technology; and nuclear technology for medical purposes. This amendment is in line with the proposed amendment to the EU's FDI Regulation (see our February 2024 update here). The current sensitive technologies are: military goods and dual-use goods covered by the EU Dual-Use Regulation 2021/821, although certain dual-use goods related to graphite, ceramic materials and structural composites for filament winding machines have been explicitly excluded from this category.

The current decree also designates certain technologies as "highly sensitive" technologies: quantum technology, photonic technology, semiconductor technology and high-assurance products. Investments in those "highly sensitive" technologies are considered to pose a higher risk to national security than other sensitive technologies. Therefore, a lower notification threshold applies to investments in "highly sensitive" target companies. Where normally a change of control can trigger a notification obligation, the relevant threshold for "highly sensitive" technologies is the acquisition or increase of "significant influence": the ability of the acquiring party to exercise at least 10% of the votes at the general meeting. The draft amendment seeks to broaden the scope of "highly sensitive" technologies, adding technologies related to information security and satellite communications.

Outbound investments

Despite the fact that national security is the prerogative of the national member states, the EU coordinates investment screening through the FDI Screening Regulation and takes new initiatives in this policy domain.

In January 2025, the European Commission issued Recommendation (EU) 2025/63 on reviewing outbound investments in technology areas critical for the economic security of the Union. This is a concrete follow-up to the Commission's 2024 White Paper on Outbound Investment. This white paper foresees the possibility of a national or European mechanism for screening outbound investments in third countries by EU-based companies active in technology sectors (see our February 2024 update here). These outbound investments may involve the transfer of critical technologies or know-how. This can enhance the military and intelligence capabilities of foreign actors, who may use them to undermine international peace and security.

As a precursor to mandatory screening, the Commission is now requiring member states to start collecting data on outbound investments in certain technologies. These are investments in companies active in semiconductor technology, AI and quantum technologies. According to the Commission, these technologies are likely to pose the greatest risks of technology leakage. This follows a similar trend in the US, which recently implemented outbound investment screening for certain transactions in these sectors. The scope of soft-screening in the EU is limited to controlling investments and covers transactions completed since 1 January 2021, and even before that date if older transactions pose a real threat to technology security.

The 2025 Recommendation does not specify how member states should collect these data. The 2024 White Paper suggests that existing monitoring tools could be used, such as reporting obligations to central banks, national statistics agencies, national export control authorities and similar bodies. However, the Commission does not exclude that additional reporting requirements should be introduced to collect the relevant data. It is expected that member states' investment screening authorities will be responsible for this. This could lead to a type of "soft screening" obligation.

Based on the data collected, the Commission intends to assess whether foreign investment in these three technologies really poses a risk to technology security. If so, this will form the basis for further discussion on the screening of outbound FDI.

Technology research at universities and their spin-offs

In the Netherlands, the instruments to prevent technology leakage are manifold. The Dutch Vifo Act not only focuses on companies active in sensitive and highly sensitive technologies, but also requires screening of investments in business campuses. These are campuses where universities and the private sector collaborate and innovate. The immediate reason for introducing this type of investment screening was the sale of the High Tech Campus Eindhoven to a Singaporean state-owned company in 2021, which was not subject to investment screening.

Regarding possible technology leakage from universities, the Dutch government plans to introduce a bill with a mandatory screening mechanism for researchers and master's students who work with sensitive technologies at Dutch universities. This should increase the security of research and technology and is in line with the 2024 recommendation of the Council of the EU. The Dutch government has just informed parliament that to avoid discrimination, the group of persons screened before being allowed to work with sensitive technologies at universities should include all persons working with sensitive technologies, and not be limited to third-country nationals.

Implications for businesses

The broadened scope of investment screening in the technology sector means that a wider range of investments may require careful scrutiny and compliance with the new framework in the future. This scrutiny was already needed for inbound FDI, but more investments in the Dutch technology sector will fall within the scope.

A new feature is that outbound investments may also be subject to "data collection" by the FDI screening authorities and, consequently, to reporting obligations without being subject to standstill and approval. Transactions may even be subject to parallel FDI screening: outbound in the home member state of the investors and inbound in the host third country of the target company.