Foreign Direct Investment: Cyprus’s new guardrails between opportunity and security
Cross-border investment has long been one of the most powerful engines of economic integration, shaping markets, supply chains and corporate strategies across jurisdictions. In an increasingly interconnected world, capital no longer flows merely to seek returns, but to secure access to technology, resources, infrastructure, and strategic capabilities.
Against this backdrop, foreign direct investments (“FDIs”) have become a central pillar of economic growth, innovation, and international market access. In Cyprus, sustained inflows of foreign capital have played a key role in the development of sectors such as energy, shipping, technology, tourism, and financial services. At the same time, the protection of national security, public order, and critical infrastructure has moved to the forefront of public policy, reflecting broader geopolitical and economic realities.
It is within this evolving landscape that Cyprus has introduced its first FDI screening framework through Law 194(I)/2025 (the “Cyprus FDI Law”).
The EU FDI screening in context
At European Union (“EU”) level, Regulation (EU) 2019/452, adopted on 19 March 2019 and effective as of 11 October 2020 (the “Regulation”), established a framework for screening of FDIs that seeks to reconcile continued openness to foreign capital with the need to safeguard security and public order within the union. Rather than creating a centralised EU approval regime, the Regulation operates as a coordination and information-sharing mechanism that sits alongside national screening systems. It requires member states to notify the European Commission and, where relevant, other member states, of potentially sensitive investments, enabling them to submit comments and allowing the Commission to issue non-binding opinions in cases that may affect projects or programs of the Union’s interest to assist each member state with taking an informed approach. In all instances, final screening decisions remain with the competent national authorities.
Since 2020, the framework has driven a gradual shift away from a fragmented landscape towards greater alignment of national regimes, increased use of screening tools, and a broader substantive focus on areas such as critical infrastructure, sensitive technologies, energy, data and supply chain resilience. This trajectory has continued with the European Commission’s 2024 proposal to revise the Regulation, as well as the subsequent provisional political agreement reached in 2025, which indicate an intention to further strengthen coordination, procedural alignment and the scope of screening across the Union.
Against this evolving European regulatory landscape, Cyprus’s adoption of a national FDI screening mechanism represents a natural and strategically necessary development, reflecting its growing regional role and increasing investment interest from third countries. The Cyprus FDI Law, must therefore be understood not as an isolated regulatory initiative, but as part of a wider EU-level shift towards coordinated investment governance, carefully calibrated to balance necessary security and public order safeguards with the country’s objective of remaining an attractive European destination for FDI, taking into account Cyprus’s economic profile, market structure, strategic positioning and geopolitical relevance.
The Cyprus FDI Law: Purpose and scope
The Cyprus FDI Law, which takes effect on 02 April 2026, introduces a formal national screening regime for FDIs in Cyprus. Its purpose is not to restrict foreign capital, but to introduce targeted oversight where foreign participation may raise concerns relating to national security or public order
It applies only in defined circumstances and is focused on investments that combine foreign control, economic significance, and strategic relevance.
Definitions
Foreign Direct Investment - adopts the definition of the Regulation: “an investment of any kind by a foreign investor aiming to establish or to maintain lasting and direct links between the foreign investor and the entrepreneur to whom or the undertaking to which the capital is made available in order to carry on an economic activity in a Member State, including investments which enable effective participation in the management or control of a company carrying out an economic activity”.
Foreign Investor: “(a) a natural person who is not a national of a Member State of the European Union (EU), a Member State of the European Economic Area (EEA), or Switzerland, and who intends to make or has made a foreign direct investment; or
(b) an enterprise of a third country, which intends to make or has made a foreign direct investment”.
Third Country: “Any country outside the Member States of the European Union (EU), the Member States of the European Economic Area (EEA), and Switzerland”.
Competent Authority: “The Ministry of Finance of Cyprus with the assistance of an advisory committee”.
Strategically important enterprise: “An enterprise that carries out activities falling within particularly sensitive sectors as these are defined in the Annex of the Cyprus FDI Law”.
Enterprise: “(a) any entity, whether or not it is a legal person, that is not a natural person, and includes a company incorporated under the provisions of the Companies Law or any entity established in any other manner, and includes a partnership, association, foundation, and trust;
(b) an entity that has been recognized or established under the law of a country or territory outside the Republic of Cyprus and
(i) carries out activities in the Republic of Cyprus; or
(ii) supplies goods or services in the Republic of Cyprus”.
The blueprint of the Cyprus FDI Law
Under the Cyprus FDI Law, Foreign Investors are required to notify and obtain prior approval from the Competent Authority before completing a covered investment. Notification is mandatory and subject to a standstill obligation, meaning that the transaction may not be completed until approval is granted, and related agreements are treated as being subject to a condition precedent of obtaining such approval, where all the following conditions are met:
Special participation and control: The investment results in the acquisition of a special participation which arises where a Foreign Investor acquires 25% (twenty-five per cent) or more of the shares or voting rights of an enterprise, or otherwise obtains the ability to exercise decisive influence over its management or decisions, whether through formal legal rights or de facto control;
Value threshold: The value of the investment reaches or exceeds EUR 2,000,000 (two million euros) either in a single instance or cumulatively over a twelve-month period; and
Enterprise of strategic importance: The investment concerns an enterprise of strategic importance, namely an enterprise operating in particularly sensitive sectors linked to critical physical or digital infrastructure, including energy, transport, telecommunications, digital and data infrastructure, financial services infrastructure, health, education, tourism, and land or real estate of critical importance, where foreign control may affect Cyprus’s national security or public order.
As a Cyprus specific carve out, transactions involving vessels are generally excluded from the screening regime, reflecting the importance of the shipping sector. This exemption does not extend to floating storage and regasification units, which remain subject to notification due to their relevance to energy security.
The Cyprus FDI Law also captures follow-on investments. If a Foreign Investor initially acquires a minority stake and later increases its participation so that it reaches or exceeds 25% (twenty-five per cent) or 50% (fifty per cent), a notification is required at that stage regardless of the value of the additional investment. This prevents transactions from avoiding review through staged acquisitions or incremental increases in shareholding. The same approach applies to indirect investments made through Cyprus based entities where ultimate control rests with a Foreign Investor.
Notification, review and decision-making process
Notification is submitted by way of a written application, which describes the intended FDI in Cyprus and provides information listed in section 4 of the Cyprus FDI Law, including inter alia, details relating to the investor, the target enterprise, and the ownership and control structure, as well as any additional information requested by the Competent Authority.
Upon receipt of a complete notification, the Competent Authority determines within 20 (twenty) working days whether the investment falls within the scope of review.
An advisory committee supports the screening process by providing reasoned written input to the Competent Authority, both at the stage of determining whether an investment warrants review and during the substantive assessment phase. Where no risks to national security or public order are identified, the investment may proceed. Where concerns arise, the Competent Authority may clear the investment subject to conditions or prohibit it. It is further noted that the decisions of the Competent Authority are subject to appeal before the Administrative Court pursuant to Article 146 of the Constitution of the Republic of Cyprus.
Failure to notify a covered investment may have serious consequences. Non-notified transactions remain legally vulnerable and may be subject to review by the Competent Authority for a period of up to 5 (five) years following the completion of the transaction, with the Competent Authority empowered to order a reversal where appropriate. In addition, the Competent Authority may also review investments outside the mandatory notification framework where there are reasonable grounds to consider a potential impact on security or public order, within 15 (fifteen) months of completion. Closing a transaction without approval constitutes a breach, exposing the Foreign Investor and/or any person exercising direct or indirect control over the investment, to administrative fines ranging from EUR 5,000 (five thousand euros) to EUR 100,000 (one hundred thousand euros) depending on the nature and seriousness of non-compliance. Where measures are imposed and not complied with, additional sanctions may apply, including daily administrative fines of up to EUR 8,000 (eight thousand euros) per day, and restrictions on the exercise of rights attaching to the investment, including voting, management, and control rights.
Impact on Foreign Investors
For Foreign Investors, Cyprus’s FDI screening framework introduces defined jurisdictional thresholds and procedural requirements that have direct implications for transaction planning and execution, particularly in the context of mergers and acquisitions (“M&A”). Transactions that result in the acquisition of qualifying shareholdings, voting rights, or other forms of control, whether through share deals, asset transfers, reorganisations, joint ventures, or equity investments, may now be subject to mandatory prior notification and clearance. This significantly reduces uncertainty as to the regulatory scope but introduces an additional pre-closing condition that must be factored into transaction timetables and documentation.
The Cyprus FDI Law requires early and rigorous due diligence to assess whether a transaction falls within the scope, including an analysis of direct and indirect ownership, ultimate beneficial ownership, governance rights, and any anticipated increases in participation. For M&A practitioners, this necessitates careful structuring and sequencing of transactions, the inclusion of appropriate conditions, long stop dates, and regulatory cooperation clauses, and alignment with parallel regulatory approvals where applicable.
The Cyprus FDI regime must also be considered alongside other domestic regulatory frameworks. Depending on the sector and transaction profile, clearance or engagement with the Cyprus Competition Commission (CCC) and sectoral regulators such as the Cyprus Securities and Exchange Commission (CySEC), the Central Bank of Cyprus (CBC), or the Cyprus Broadcasting Authority (CBA) may be required. As a result, transactions may be subject to multiple, overlapping regulatory processes that must be coordinated to avoid execution risk.
In addition, the EU cooperation mechanism enables other member states and the EU itself, to provide comments or opinions on notified transactions, introducing a further dimension of regulatory scrutiny, including for transactions that might previously have fallen outside any national screening process. Practitioners should therefore anticipate enhanced information requirements, longer review timelines in complex cases, and the potential imposition of conditions, or in exceptional cases, prohibition or post-closing remedies. In this environment, proactive regulatory assessment and integrated transaction planning are essential to ensure deal certainty and mitigate execution risk.
In parallel with this expanded regulatory scrutiny, the regulatory architecture of the Cyprus FDI regime is underpinned by a structured confidentiality and data governance framework. Information submitted by Foreign Investors is used exclusively for screening purposes and processed in accordance with applicable Cyprus and EU data protection law, including GDPR standards. Foreign Investors may designate information as confidential or as business sensitive, subject to appropriate justification and the provision of a non confidential version where required. The Competent Authority and advisory bodies are bound by strict statutory confidentiality obligations, codified by the Cyprus FDI Law with disclosure permitted only where necessary for the operation and enforcement of the FDI regime, including EU level cooperation and information exchange mechanisms.
National security v investment climate in Cyprus
From Cyprus’s national perspective, the new FDI screening framework is designed to bolster national security and public order, in line with the EU’s coordinated approach to overseeing sensitive foreign investments. The Cyprus FDI Law empowers the Competent Authority to vet and potentially block or unwind investments that could affect critical infrastructure, supply security, or other strategic interests. This marks a policy shift for Cyprus, which historically prided itself on an open, investor-friendly regime. By adopting an FDI screening mechanism, Cyprus aligns with a growing number of EU member states that have introduced controls in respect of strategically sensitive investments, signalling that it will rigorously protect key sectors, but without closing the door to genuine investments.
In fact, adopting the screening law is also a strategic move to reinforce Cyprus’s position as a credible investment hub within the EU. It aligns the island with EU norms and can enhance investor confidence that the playing field is fair and secure. The European Commission’s latest annual FDI Report highlights that member states have managed to increase vigilance without deterring investment with the vast majority of transactions in 2024 being approved unconditionally. This suggests that Cyprus’s new oversight mechanism, much like those in other EU countries, seeks to strike an appropriate balance between safeguarding security and public order while maintaining an open investment climate.
Closing reflections
The enactment of the Cyprus FDI Law marks a significant turning point in the country’s investment landscape, aligning with EU-level initiatives and embedding national security and public order considerations into the assessment of foreign participation in strategically important sectors.
This development does not represent a retreat from foreign investment. Rather, it introduces a structured and proportionate framework that seeks to protect critical interests without undermining the economic dynamism that bona fide foreign capital brings. While investments in sensitive sectors will now be subject to closer scrutiny, the framework encourages greater discipline, foresight, and awareness of strategic implications on the part of all participants.
For investors and advisers alike, the practical emphasis is on preparation rather than restraint. Early screening, careful transaction structuring, and informed engagement with the regulatory process will be essential to managing execution risk and preserving deal certainty as the regime takes effect.
Ultimately, by combining openness with targeted oversight, Cyprus reinforces its position as a mature, credible, and secure investment jurisdiction within the EU, remaining open to sustainable foreign investment while ensuring that its strategic interests are appropriately safeguarded.
Co-authors
Theodora Alexandrou
Maria Vyronos
Alexandra De Gouveia
Key takeaways
New FDI screening regime: Cyprus introduces its first formal FDI screening framework under Law 194(I)/2025, effective 02 April 2026, aligning Cyprus with EU-wide practices on investment security.
Targeted, not restrictive: The regime focuses on foreign investments that combine control, value, and strategic relevance, aiming to protect national security and public order without deterring bona fide
Mandatory prior approval: Foreign Investors acquiring 25% or more (or decisive influence) in Strategically Important Enterprises, with an investment value of EUR 2 million or more, must notify and obtain clearance before closing.
Sectoral coverage: Screening frameworks apply to investments in areas considered strategically important or sensitive to national security and public order, including critical infrastructure, essential services, and assets of strategic significance to the economy and the state.
Data protection and confidentiality: Information submitted by Foreign Investors is subject to statutory confidentiality and specified-use requirements, although sensitive material must be expressly identified as confidential at submission to benefit from such protections.
Execution risk for non-compliance: Failure to notify can result in fines, post-closing review for up to five years, or even unwinding of transactions.
Greater planning required: Investors and advisers must factor FDI clearance into due diligence, transaction structuring, and timelines, alongside competition and sectoral regulatory approvals.
30 January 2026
