By Emilios Charalambous
On the January 15, the European Commission published Commission Recommendation (EU) 2025/63 on reviewing outbound investments in technology areas critical for the economic security of the Union – the ‘Recommendation’.
The Recommendation, which builds on the relevant White Paper and public consultation, makes an argument for assessing potential risks to the EU’s security associated with outbound investments made by EU investors in key technological areas in third countries.
Consequently, it requires member states to collect data from individuals and/or companies within their jurisdiction about their relevant outbound investments made since January 1, 2021.
The background
Economic security has been identified as a strategic priority under the EU’s European Economic Security Strategy – the Strategy. While the EU positions itself as a global leader in investment and innovation, the Strategy reflects a growing recognition of the need to address emerging risks in an increasingly interconnected and competitive global economy.
The complex challenges outlined in the Strategy emphasise the importance of safeguarding the Union’s technological leadership, promoting its interests, and enhancing its resilience to economic shocks. At the same time, these measures highlight the delicate balance between fostering an open investment environment and implementing protective measures to mitigate security risks.
A dedicated expert group has noted that member states currently lack systematic processes for gathering data on individual outbound investment transactions or assessing their potential security implications.
To address this, the Recommendation seeks to enhance transparency and understanding of outbound investments, particularly those that may accelerate the development of critical technologies in third countries.
This approach raises important questions about how the Union can maintain openness while ensuring its security and stability in a rapidly evolving global landscape.
The Recommendation
As a starting point, outbound investments related to the following areas should be reviewed:
- Semiconductor technologies, based on the Recommendation’s specifications
- Artificial intelligence technologies used for generative AI systems trained using more than 10^25 floating point operations and those trained in a significant part on biological/genomic data, or designed to be used in a biotechnological, space or defence context
- Quantum technologies, relating to quantum computing, quantum communications and quantum sensing.
In terms of the review process, the following activities fall within the scope of review, including but not limited to acquisitions of companies/stakes in a company that enable effective participation, mergers, transfer of tangible or intangible assets, greenfield investments, joint ventures and venture capital.
The review excludes non-controlling investments aimed solely at generating a return on invested capital but includes indirect investments made by EU investors, such as those made through a third-country entity serving as an investment vehicle.
To enable member states to assess the potential risks arising from different transactions, activities, and the entities involved, the information to be collected should include, amongst other details:
- the parties to the investment transaction
- the type and approximate value of the investments
- the products, services and technologies related to the investment
- the date on which the investment is planned to be completed or has been completed
- information about previous and announced transactions entered into by the parties
- information on public funding provided to the investing entity by the EU or a member state related specifically to the technology areas in question
Using the information provided, member states, with the support of the Commission, should be able to perform a risk assessment to identify the presence or absence of risks to economic security.
What’s next
Member states have been asked to follow a common methodology and submit a progress report by July 15, 2025, followed by a comprehensive report on the implementation of this Recommendation and any identified risks by June 30, 2026. Accordingly, it is anticipated that further instructions related to the review process and templates will be shared in the coming months.
In line with these requirements and given that member states have been requested to designate at least one national authority to be responsible for the recommended review of outbound investments, the Republic of Cyprus can designate a local authority by March 15, 2025. This authority will be responsible for applying the existing instruments and countering any risks identified in the review set out in the Recommendation.
Some further thoughts
We cannot ignore the fact that lacking visibility in outbound investments does not support the proper assessment of security risks, which ought to be dealt with effectively. And yet, there are some additional key concerns and considerations about the way the Recommendation has been put forward.
Through the retrospective application of the Recommendation from January 1, 2021, affected companies will be subjected to additional workload which might be burdensome, let alone debatable as to the legal validity of a retrospective implementation; could this be in conflict with the fundamental principle of legal certainty?
One would have expected that the implementation of such a recommendation would have allowed for more time to be implemented and complied with. Furthermore, it is unclear regarding the reasons behind the need to draft it in a way that has a retrospective effect.
It could be argued that it is doubtful whether designating an authority by the middle of March 2025 and submitting a report by July 2025 provides enough time for member states to effectively and efficiently comply.
Emilios Charalambous is an Associate at Elias Neocleous & Co LLC
