NDAs must contain specific carve outs from confidentiality obligations. NDAs cannot prevent individuals from reporting a crime to a law enforcement agency or regulator, or from making a “protected disclosure” (i.e. whistleblowing). Any clause that seeks to limit an individual’s ability to do any of these things is not valid or enforceable.
There are also regulatory restrictions on the use of NDAs, for example for solicitors.
It is also worth mentioning that from 1 August 2025 Higher Education Providers have had a duty to ensure that they do not enter into non-disclosure agreements with students, staff, members or visiting speakers where they come forward with a complaint of sexual misconduct, abuse or harassment, or any other form of bullying or harassment. Under the Higher Education (Freedom of Speech) Act 2023 any such non-disclosure agreements entered into from 1 August 2025 are void.
The Act broadens the scope of the carve outs that are required in NDAs.
Legislative changes in force from 1 October
Section 17 of the Victims and Prisoners Act 2024 ensures that victims of crime cannot be prevented from making a “permitted disclosure” about criminal conduct of which they are the victim. This applies equally where someone reasonably believes they are a victim of crime.
The Act defines a permitted disclosure as a disclosure by the victim to the following groups in the following circumstances:
- Police or other bodies which investigate or prosecute crime, for investigating or prosecuting the relevant conduct. This includes the Information Commissioner’s Office, the Financial Conduct Authority and the Health and Safety Executive, amongst others.
- Qualified lawyers, for seeking legal advice about relevant conduct.
- Regulated professionals, for obtaining professional support in relation to the relevant conduct. This includes regulated healthcare professionals, social workers and teachers, amongst others.
- Victim support services, for obtaining support in relation to the relevant conduct.
- Regulators, for cooperating with the regulator in relation to the relevant conduct.
- People authorised to receive information on behalf of any of the above, for the relevant purposes mentioned above.
- A victim’s close family, for the purposes of obtaining support in relation to the relevant conduct. This includes the child, parent or partner of a victim.
A disclosure will not be a permitted disclosure (and so it can be prohibited under the terms of an NDA) if:
- it is made to anyone other than the above groups
- it is not made for the purpose specified above
- it is made to one of the above groups, but the primary purpose of the disclosure is making the relevant information public and provided that there are no other protections that apply in relation to that disclosure, for example whistleblowing protections.
Future legislative developments
Draft regulations widening the scope of permitted disclosures have also been placed before Parliament. Subject to Parliamentary approval, these Regulations will also permit disclosures to the following groups in the following circumstances:
- The Criminal Injuries and Compensation Authority for a claim for compensation in relation to the relevant criminal conduct.
- A court of Tribunal for issuing or pursuing any proceedings in relation to a decision of the Criminal Injuries and Compensation Authority.
In addition to this, the Government has indicated that it is considering further restrictions on when NDAs can be used. Under the Employment Rights Bill, disclosures by a worker about sexual harassment will be a protected disclosure for whistleblowing purposes and therefore such disclosures will be excluded from the scope of confidentiality provisions in NDAs. Similarly, the Government is proposing that contractual provisions which purport to prevent a worker from making allegations of or disclosing information about workplace discrimination and harassment (or how an employer responded to such allegations or disclosures) will also be void, unless contained in an “excepted agreement” (which is currently undefined and will be specified in Regulations). It is unlikely that a settlement agreement will be an “excepted agreement” for these purposes.
Key takeaways for employers
To ensure compliance with the Act, employers should review and update any template settlement agreements or COT3s to ensure that permitted disclosures are expressly carved out. They should also check confidentiality obligations in employment contracts.
In complex situations involving criminal activity, employers should seek legal advice on the use of NDAs.