Annex S — FDI/National Security Screening & Change‑of‑Control Policy

Owner: General Counsel (GC)
Co‑Owners: Company Secretary, Compliance, CISO, DPO, CFO/Treasury, Regional Legal Leads
Review cadence: Annual and upon material law change or any proposed control/ownership transaction

Purpose. Protect the Nexus ecosystem against national‑security, sovereignty, and critical‑infrastructure risks by enforcing foreign direct investment (FDI) screening, SIRA/FDI triage, mandatory conditions precedent (CPs), and a pre‑clear process for sensitive investors, sectors, and rights. Applies equally across all regional operators (SNC), National Companies (NatCos), and Program SPVs.

1) Scope & Equal‑Treatment Baseline

• Applies to equity, convertibles/SAFEs/notes, options, warrants, asset or business transfers, joint ventures, board/observer seats, information or veto rights, and long‑term exclusive contracts that could confer control or material influence.
• Where host‑country rules differ, apply the strictest regime. Interlocks with Annex A (Competition), B (Regulatory Perimeter), C (Privacy), D (SDZ/Transfers), E/F (Security/IR), J (Sanctions/Export), M (RPT/COI), N (Dual‑Logging), R (Investor Compliance).

2) Key Definitions (Harmonised)

• Foreign Investor: Person/entity not ultimately controlled by nationals/residents of the host state; includes state‑owned/controlled investors (SOEs/FGIs).
• Control: Ability to direct or materially influence policy/strategy (not only >50% voting). Includes board seats, negative control (veto/reserved matters), special rights, and information rights enabling influence.
• Material Influence (catch‑all): Influence short of control (e.g., ≥10–25% stakes, board observer, key vetoes).
• Sensitive Sectors: Critical infrastructure, data/telecom/cloud, AI/ML, cyber, encryption, dual‑use tech, payments/financial market infrastructure, satellites/EO/GIS, energy/water/transport, health/biotech, critical minerals/semiconductors.
• Triggering Event: Any transaction or arrangement likely to meet filing/notification thresholds or raise national‑security concerns.

3) Governance & Roles

• GC (Owner): Runs FDI desk; maintains this Annex; engages external counsel; issues go/no‑go; approves CP language.
• Company Secretary: Controls board/committee calendars, minutes, and Class A dual‑logging (Annex N) for control events.
• Compliance: Sanctions/PEP screening; investor KYC/SOF (Annex J/R).
• CISO/DPO: Map SDZ/data and cryptography export; design access/segregation/escrow mitigations.
• CFO/Treasury: Escrow flows; blocked‑party controls.
• Regional Legal Leads: Host‑law overlays and authority engagement.

4) SIRA/FDI Triage — Risk‑Based Gate (Green/Amber/Red)

Inputs: Investor profile (UBOs, SOE/FGI status), sector mapping, jurisdiction(s), % stake and rights, data/crypto export, PoR/licences, and geography of operations/IP.

• Green (proceed; memo only): Private OECD investor; <10% non‑controlling, no board/observer, no special rights, not in sensitive sector; no SDZ/data export issues.
• Amber (advisory pre‑clear): 10–25% stake or board/observer or limited negative controls or sensitive‑sector adjacency or multi‑jurisdiction footprint where filings may be optional; prepare FDI Brief (S‑1) and consult authority informally via counsel.
• Red (mandatory filing/standstill): SOE/FGI participation or sensitive sector or ≥25% or control/material influence rights or cross‑border data/crypto export implications; no signing/closing without GC clearance and authority engagement.

Standstill: For Red (and designated Amber) cases, include no gun‑jumping undertakings; no access to sensitive data/source/keys until clearance and mitigations are in place.

5) Pre‑Clear Process — Steps & Timelines

1. Kick‑off (Day 0): Business owner notifies GC before term sheet; open FDI file; sanctions/PEP screening; collect investor KYC/SOF; request ownership chart to UBO ≥25% (or stricter).
2. FDI Brief (S‑1): Describe transaction, sector, rights, data/crypto touchpoints, SDZ/PoR, jurisdictions, timelines, proposed mitigations; legal basis for filings (e.g., SIRA in SG, CFIUS in US, EU FDI/FR regime, UK NSIA, CA ICA, UAE approvals, ZA/KE/SN overlays).
3. Counsel engagement: Retain local counsel as needed; request informal pre‑filing consult if available.
4. Term sheet controls: Insert CPs for clearances; hell‑or‑high‑water vs reasonable‑best‑efforts obligations as risk dictates; reverse termination fee optional for high‑risk.
5. Filing/clearance: Submit within agreed window; maintain standstill and clean‑team rules.
6. Mitigation negotiation: If required, agree measures (see §6).
7. Close only after clearances; dual‑log as Class A (Annex N); update registers and PoR/licensing entries.

6) Mitigation Measures — Menu (to tailor per authority)

• Governance: Limit board seats/observers; require independent directors; remove vetoes over security/SDZ/data functions; protective provisions on reserved matters.
• Information barriers: VDR redactions; clean‑team access only; no source code, SBOM only; telemetry limited/aggregated; no PII outside SDZ.
• Operational controls: Keep SDZ/data residency; key/crypto escrow; unilateral disconnect capability; separate networks and admin domains; ring‑fence sensitive contracts/PoR.
• Ownership covenants: Cap voting rights below control; prohibit transfer to restricted parties; call option in favour of a trusted entity on breach.
• Notification/audit: Periodic certifications; right of inspection; incident reporting; prior notice for changes in UBO/rights.
• Divestiture triggers: Agreed unwind if sanctions/NS risk emerges post‑close.

7) Conditions Precedent (CP) — Standard Language (Summary)

• FDI/National‑Security Clearance: Receipt of all required approvals (e.g., SIRA, CFIUS, NSIA, EU/FR clearance, ICA (CA), UAE approvals) without burdensome conditions beyond agreed mitigations.
• Sanctions/AML: Counterparties not sanctioned; KYC/SOF completed; funding via screened banks (Annex J).
• Export‑control: No prohibited transfer of controlled tech/crypto; licenses in place if needed (Annex J).
• No MAC: No material adverse change in regulatory environment specifically targeting the transaction class.
• Corporate approvals: Board/shareholder approvals; absence of injunctions.

Full clause pack in Appendix S‑3; choose hell‑or‑high‑water for strategic deals subject to Board approval.

8) Change‑of‑Control (CoC) & Key Contracts

• Maintain a CoC Register (PoR agreements; regulator permits; cloud/hyperscaler, telecom, data‑centre, critical SaaS; escrow; bank mandates; major customers/suppliers).
• Pre‑close: Identify CoC consents required; obtain comfort letters or waivers; ensure continuity of services and keys.
• Post‑close: Update licences/registrations; notify authorities/customers; confirm no breach of residency/SDZ obligations (Annex D).

9) Dataroom & Information Sharing Hygiene

• VDR gating: Jurisdiction and status attestation; NDA; watermarking; access logs; time‑bounded links; no export of PII or sensitive SDZ datasets.
• Clean‑team protocol: External counsel/clean team to review competitively sensitive or security‑sensitive materials; provide aggregated or redacted extracts only.
• No early integration: No merging of systems, staff, or pricing before close (avoid gun‑jumping).

10) Records, Dual‑Logging & Transparency

• Class A dual‑logging (Annex N) for any issuance, new share class, or change of control; AEP includes FDI filings, approvals, mitigation agreements, and CP bring‑down certificates.
• Maintain FDI Register (transactions, investors, jurisdictions, filings, decisions, mitigations, monitoring obligations).
• Include aggregate statistics in QPP (Annex N) — filings, clearances, mitigations applied.

11) Training, Drills & KPIs

• Training: Deal teams, IR, executives, and board members annually; scenario drills for SIRA/CFIUS/NSIA flows.
• KPIs: % deals triaged pre‑term sheet; lead time to file; clearance time; # deals with mitigations; # breaches of VDR/clean‑team; post‑close certification timeliness.

12) Exceptions & Waivers

• Rare; require GC memo, risk assessment, compensating controls, and Board approval; material exceptions disclosed in QPP aggregates.

13) Host‑Law Appendices (Equal Treatment)

Each appendix overlays local thresholds, sectors, timelines, regulator contacts, and call‑in powers; apply the strictest where conflicts arise.

• Appendix SG — Singapore: SIRA (Significant Investments Review Act) designated entities/sectors; IMDA/MAS sector overlays.
• Appendix US — United States: CFIUS (11 factors; TID US business), Team Telecom, state utility/PSC approvals.
• Appendix EU/FR — EU/France: EU FDI framework coordination; French foreign‑investment control (Code monétaire et financier; sensitive sectors list).
• Appendix UK — United Kingdom: NSIA 2021 — mandatory/voluntary notifications; call‑in powers; 17 sensitive sectors.
• Appendix CH — Switzerland: Federal FDI screening (as adopted/when in force) and SECO sectoral controls; interim guidance.
• Appendix CA — Canada: Investment Canada Act — net benefit and national security reviews; pre‑filing strategies.
• Appendix BR — Brazil: Sectoral approvals (telecom, energy, mining); CADE competition reviews; foreign land ownership limits.
• Appendix KE — Kenya: Capital Markets Authority and ICT/Comms approvals; sectoral/land rules; competition review.
• Appendix ZA — South Africa: Competition Amendment Act public‑interest/security conditions; sectoral approvals; PICC where relevant.
• Appendix SN/WA — Senegal/WAEMU: Investment codes; sectoral approvals; BCEAO/telecom/energy overlays.
• Appendix UAE — United Arab Emirates: Federal FDI rules (strategic impact activities), sector regulators (telecom/energy/AI/data); ADGM/DIFC overlays; Dubai SIRA (physical security industry) notes.

14) Effective Date & Governance

Adopted by the Board(s) of all regional operators on [●] and incorporated by reference into Charters/Bylaws, transaction playbooks, and IR/Comms SOPs. Class B required to amend/strengthen; Class A to relax standstill obligations, remove CPs, or bypass triage/filings.

Appendices (Templates)

S‑1 — FDI Screening Brief (transaction facts, investor, sector, jurisdictions, rights, SDZ/data/crypto touchpoints, proposed mitigations)
S‑2 — Investor Declaration & Ownership Chart (UBO to ≥25%/stricter; SOE/FGI status)
S‑3 — Conditions Precedent & Mitigation Clause Pack (CP, standstill, hell‑or‑high‑water, reverse termination, covenants)
S‑4 — VDR Gate & Clean‑Team Configuration Checklist
S‑5 — Mitigation Menu (governance, information, operational, ownership, audit)
S‑6 — Post‑Close Obligations Checklist (filings, notifications, registry/ledger, certifications)