The New Foreign Investment Screening Regulation: From Trilogues to the Official Journal

EU flag by Daniel Kružík

Past summer, June 2025, as the trilogues on the revision of the EU's FDI Screening Regulation started in Strasbourg, the question whether the reform would move the Union’s FDI Screening framework from fragmentation to harmonisation, and from investment to security, was raised in a former blog post. One year later, on the 8th of June 2026, the Council formally signed off on the answer. The new Foreign Investment Screening Regulation (FISR) has been adopted, replacing Regulation (EU) 2019/452 after more than two years of legislative work. The Regulation will enter into force on 16 July 2026, 20 days after its publication in the Official Journal on 26 June 2026, and its application will start 18 months thereafter, making 17 January 2028 the operational deadline for investors and screening authorities, as stated by the Council’s Press Release of 8 June 2026. Time, therefore, to take a look: how did we get here, what made it into the final text, and what are the next steps?

 

1. To recap: the way to the Regulation

The 2019 FDI Screening Regulation was the EU's first legal instrument giving a framework to essentially national foreign direct investment mechanisms. Its main innovation and goal, a cooperation mechanism for information exchange between the Commission and Member States, was of voluntary nature in important respects: Member States were only encouraged, not required, to establish national screening systems, and remained entirely free to determine their scope, procedures and timelines. After five years of application, the patchwork that resulted was obvious, as the Fifth Annual Report on FDI showed. Greece only adopted a national screening mechanism in May 2025; several countries still did not have an established screening mechanism at the time the trilogues began at all (for instance Croatia and Cyprus); and Bulgaria lacked an implementing system and was thus de facto without FDI screening. Until today, many Member States lack (significant) case practice.

Beyond the missing links, the existing mechanisms had big variations in scope, timeframes, and procedural requirements. Additionally, an important structural gap remained unaddressed: intra-EU investments by entities ultimately controlled by third-country persons fell outside the Regulation entirely. This was illustrated by the Xella problem, confirmed by the Court of Justice in 2023.

Against this backdrop, the Commission published its quite far-reaching proposal on 24 January 2024, as part of a broader package of economic security initiatives. The proposal introduced mandatory screening for all Member States, a minimum sectoral scope set out in two annexes, coverage of indirect intra-EU investments, and enhanced cooperation mechanisms - including own-initiative procedures for both the Commission and other Member States. The Commission used a dual legal basis combining the common commercial policy (Article 207 TFEU) with the internal market (Article 114 TFEU).

The following trilogue showcased a classic battle of three positions. The European Parliament, adopting its mandate on 8 May 2025 based on Rapporteur Glucksmann's report, went even further in scope than the European Commission: it proposed widened scope, covering media services, critical raw materials, electoral infrastructure, farmland, Commission decision-making powers in cases affecting more than one Member State, and a single EU portal for all filings. The Council, adopting its mandate on 11 June 2025 pulled back considerably: scope limited to the export controls framework, no Commission own-initiative decisions, exclusive national decision-making preserved. The classic subsidiarity question of what is best done at Member State level and where action on Union level adds value played a big role during the trilogue. How can security across the Union be assured whilst still preserving national autonomy of the Member States?

The trilogue negotiations ran from June to December 2025 – quite swift –, until a political agreement was reached on 11 December 2025. The provisional text was then published on 10 February 2026; the European Parliament formally adopted the text on 19 May 2026; and the Council gave its formal sign-off on 8 June 2026. The publication in the Official Journal on 26 June 2026 makes the date of its entry into force 16 July 2026.

2. The final text

Mandatory screening - closing the gaps

The most fundamental change of the new Regulation in comparison to the 2019 framework is simple: all Member States now have the obligation to establish and maintain a national FDI screening mechanism, there are no more voluntary opt-outs (Article 3(1)). This alone addresses the principal structural weakness of the 2019 framework, that a chain can only work as well as its weakest link, thus the missing links must be dissolved. Whilst many Member States already had established screening mechanisms by the time of adoption, this shift from the voluntary encouragement towards the obligation turns a policy choice into a legal duty. Before the new Regulation, Member States’ governments could simply decide not to put a screening mechanism into place or to weaken it, now, the governments are bound by the Member States’ obligation arising from the FISR. This binding minimum standard thus also constitutes a safeguard for the Union in relation to Member States with governments showing weaker commitment to the EU rules or standards, as the FISR requires that baseline protection, no matter if national governments want to lower their guard on FDI screening.

Moreover, the new Regulation also requires all Member States to have the legal tools to screen foreign investments ex post after completion, closing a gap that several national systems had and obliging Member States to establish the required institutions.

A negotiated sectoral scope

On one of the most politically contentious issues, namely the mandatory scope, the co-legislators landed a compromise that reflects a middle ground between the Council's minimalist viewpoint and the Parliament's maximalist approach. The mandatory scope and minimum requirements of the national mechanisms under Article 4(15) of the final Regulation cover:

  • dual-use items subject to export controls,

  • military equipment under the Common Military List,

  • 'hyper-critical' technologies: semiconductors, quantum technologies, and AI research and development, aligned with the Commission's Outbound Investment Screening Recommendation of January 2025, as the Regulation’s Annex I limits the AI category to general purpose AI models suitable for defence or space applications (Annex I(3)), or general purpose AI models that pose a risk within the meaning of Article 51 of the AI Act,

  • critical raw materials,

  • critical entities designated through national risk-based assessments,

  • electoral infrastructure, and

  • critical entities and activities in the financial system.

The Parliament's additions on media services and farmland on the other hand did not make it to the final version, but feature as risk assessment criteria, whereas transport infrastructure was folded into the mandatory scope itself (Article 4(15)(d)), but subject to national risk assessment. Greenfield investments remain optional for Member States to screen, and internal corporate restructurings without a change of control are generally excluded.

The Xella fix

Furthermore, the revised Regulation solves the problem created by Xella case law: intra-EU investments by entities ultimately controlled by third-country persons now explicitly fall within scope. The Regulation introduces common definitions of 'foreign investor', 'foreign investment' and 'foreign investor’s subsidiary in the Union' (Article 2). On the concept of control, Recital 15 clarifies that 'decisive influence', the standard known from EU merger control, generally applies. However, questions around minority shareholdings and other arrangements falling short of decisive influence remain open, though the Commission has signalled that upcoming guidelines will address this.

Procedural harmonisation

The Regulation introduces a mandatory two-phase screening structure for all Member States. This showcases a significant change for some Member States, e.g. Spain, the only large Member State currently operating a one-phase system. Phase 1 is limited to 45 days (Article 4(2)(a)), a compromise between the Parliament's preferred 35-day window (aligned with the EU Merger Regulation and the Foreign Subsidies Regulation) and the longer pre-existing timelines that used to be the standard in several Member States. A notable gap on the other hand is the non-existing deadline for the second phase (Article 4(2)(b)).

For multi-jurisdictional transactions, Article 7(a) obliges investors to file with the relevant Member States simultaneously, or at least to endeavour to do so. In practice, this creates a significant coordination pressure for lawyers advising on cross-border deals, even if a harmonised single portal remains only an option (available if nine or more Member States request it). The Commission will moreover also publish a common minimum notification template for the Cooperation Mechanism.

Risk assessment

Article 19 introduces a standard minimum list of risk assessment criteria. These include factors already present in national practice, such as effects on the availability of critical technologies, security of supply, geographic proximity to military facilities, as well as new considerations reflecting the shifting geopolitical environment: opaque ownership structures, deficient AML/CFT regimes in the investor's home state, laws enabling forced disclosure of information to foreign governments and the investor's compliance record with conditions imposed in other Member States. The Commission will make a risk assessment form available, which should gradually foster more harmonised practice, even though Member States still have the discretion to add criteria.

Moreover, investors gain important procedural rights, namely a right to effective judicial recourse (Article 4(7)), and a right to be heard effectively before a screening decision is taken (Article 4(14)).

Call-in powers and retroactive review

All Member States are now obliged to have two routes for ex officio investigations. Firstly, an anti-circumvention route for investments that are subject to mandatory notification that were not filed (Article 4(5)), and secondly, a call-in power for investments below the mandatory scope where there are grounds to believe that they may still affect security or public order (Article 4(4)). This discretionary power of the Member States to call in investments below the mandatory scope simply on such grounds parallels the national call-in powers some Member States have introduced in EU Merger Control and, further, the Commission’s attempt to fix the killer acquisition problem in merger control by expanding Article 22 of the EUMR (see Illumina/GRAIL (2024)). If this call-in mechanism proves itself to be useful in FDI screening, this might become a template for a possible solution regarding the open debate in merger control. 

Furthermore, the retroactive review window extends to up to five years. This is a major change for Member States such as France and the Netherlands, which currently lack explicit call-in provisions in their sectoral screening systems. For Germany and Denmark, which already operate such broad retroactive review mechanisms, the change is thus less significant.

Cooperation and security solidarity

When it comes to the power distribution, the final Regulation still preserves exclusive national decision-making, as the Commission does not acquire its own screening or decision-making powers on individual cases and rather only holds an advisory position. This advisory power can be exercised in non-binding opinions. However, the cooperation mechanism is significantly reinforced. A new 'filtering mechanism' (Article 5) standardises which cases Member States pass to the mechanism. Once a case is notified, Member States and the Commission can issue comments and opinions, the host Member State must explain how these were considered, including reasons for any disagreement (Article 12(4)). The Commission may 'assist' host Member States in gathering information (Article 16(2)). A common database (Article 18) will allow Member States and the Commission to track and share information on outcomes, including decisions taken in specific cases to enhance transparency and reduce forum-shopping. All Member States must publish their own national annual reports (Article 4(8)) and additionally submit confidential data to the Commission for a separate public report to the Council and Parliament (Article 24).

3. What comes next

Upcoming Timeline

As the Regulation was published in the Official Journal on 26 June 2026, it will enter into force 20 days after that publication, meaning the entry into force will be on 16 July 2026. The 18-month application deadline is shorter than the two-year window originally feared, meaning the application date will be 17 January 2028 and that investors, lawyers and national screening authorities need to start preparing for the incoming change rather soon. Furthermore, the provisions establishing the EU database, EU online portal and the powers delegated to the Commission already apply from 16 July 2026 on (Article 31).

National implementation

Even though as a Regulation, the FISR is directly applicable in the Member States and requires no formal transposition stricto sensu like a Directive would, Article 3(1,2) still obliges Member States to adapt or establish screening mechanisms, meaning that national legislative adaptation is still required. Minimum harmonisation always carries the risk that Member States use the implementation window to introduce national specificities that undermine the spirit of the agreed framework. Germany has already announced plans to consolidate its investment screening rules (AWG/AWV) into a unified Investment Screening Act, with a draft expected by mid 2026, well ahead of the deadline on 17 January 2028, when all Member States must formally notify their national screening mechanisms to the Commission (Article 3(2)). Other Member States will need to add call-in powers, align Phase 1 timelines, introduce two-phase procedures where they do not yet exist and designate critical entities for the purpose of mandatory scope by this deadline.

The critical entities designation will be particularly complex: the Regulation does not itself define which entities qualify, pointing instead to national risk-based assessments. Many Member States will look to the NIS2 and CER Directives as reference frameworks, but those directives are themselves implemented with significant divergence across Member States, which risks perpetuating exactly the inconsistency that the new Regulation seeks to reduce.

Commission guidelines

Additionally, the Commission has committed to publishing guidelines on the Regulation's implementation, covering the application of risk assessment criteria, the concept of control and the screening of specific strategic sectors, making those guidelines crucial for a fair implementation. The December 2025 Joint Communication on Strengthening EU Economic Security announced further work on portfolio investments below the control threshold, a monitoring mechanism for cumulative investment risks and a possible revision of the dual-use export control framework - all of which will feed back into how the FISR operates in practice. Even though outbound investment screening remains separate, as the Commission’s Recommendation of January 2025 on outbound investment screening does not sit inside the FISR, the two are likely to be read together as part of the Union’s economic security toolkit.

Yet, the battle over 'economic security' as a concept did not end with the Regulation: the Parliament failed to include it as a constitutive element in Article 1(1), but Rapporteur Glucksmann's statement at the time of the political agreement - that 'these were intense negotiations because we had strongly diverged views between Parliament and Council on the concept of economic security and the Union's role in safeguarding it' - suggests the conceptual debate is very much alive. The Commission's guidelines may prove to be the back door through which economic security considerations enter investment screening in a more structured way.

Conclusion

The new FISR constitutes a genuine step forward. The now mandatory screening for all Member States, the Xella fix, two-phase procedures, call-in powers, risk assessment standardisation and security solidarity provisions present real advances and qualities that the 2019 framework lacked. For investors, the Regulation leads to greater predictability due to the clear timelines, common definitions and a more harmonised risk assessment baseline. For screening authorities, it provides a stronger legal toolkit and a more organised platform for cooperation.

Still, the structural limitations that have characterised FDI screening in the Union from the outset remain. There is still no screening authority on Union level, no Commission decision-making power on individual cases and, critically, no agreed definition of what constitutes a common EU security interest as distinct from a national one. Without this foundation, a genuine multi-level European screening system, similar to how EU merger control divides cases between the Commission and national authorities, rather remains a distant ambition. The EU still lacks, as already noted in “From Fragmentation to Harmonisation, From Investment to Security? - Entering the Trilogues on the Revision of the FDI Screening Regulation”, a clear definition and shared understanding of its common security interests. That gap is what makes it difficult to determine at what point a security risk becomes a European problem rather than a national one, and thus when Union action is actually necessary.

Whether the Commission's forthcoming guidelines, the economic security agenda and the practical operation of the Cooperation Mechanism can overcome that conceptual gap in the years ahead - that is to watch as Member States and authorities move into implementation.

 

(This blogpost includes insights gathered at the 4th Annual Conference on Investment Control in Austria and the EU.)

 

Comments (0)
Your email address will not be published.
Leave a Comment
Your email address will not be published.
Clear all
Become a contributor!
Interested in contributing? Submit your proposal for a blog post now and become a part of our legal community! Contact Editorial Guidelines