Tips for orgs using NDAs in light of new UK legislation

19 June 2024

When it comes into force, Section 17 of the act will void any contractual provision insofar as it purports to prevent the disclosure of information concerning criminal conduct by a victim to law enforcement, professional advisers, regulators or close family members.

The legislation was fast-tracked before the dissolution of Parliament on May 30 following a crackdown on the misuse of nondisclosure agreements, or NDAs, announced by the Ministry of Justice on March 28. It also comes at a time of heightened regulatory and political scrutiny of the use of NDAs.

We summarise below the relevant background and explain the importance for those preparing and relying on NDAs that they assess their appropriateness and scope on a case-by-case basis.

Increased scrutiny on NDAs

There are many legitimate uses for NDAs, including to protect commercial, sensitive or confidential information being disseminated. NDAs have also historically often been used in settlement agreements relating to the termination of employment for various reasons.

In recent years, their use has come under heavy scrutiny in the context of claims involving allegations of sexual misconduct, harassment or discrimination. This has triggered a response from legislators and regulators to effect reform.

A common misconception has been that commercial, business-to-business NDAs, which are routinely agreed to in the context of merger and acquisition transactions, joint ventures and franchise arrangements, are unaffected by these developments.

However, the Solicitors Regulation Authority, or SRA, issued guidance in March 2018 and November 2020 that applies to all forms of NDAs, citing concerns that, even in a commercial context, they could prevent or discourage reporting to regulators and law enforcement, or disclosures that are protected by law.

A number of other public bodies have also considered the issue in recent years and provided advice and recommendations to the government, including the Women and Equalities Committee; the Equality and Human Rights Commission; and the Advisory, Conciliation and Arbitration Service.

In March, the Treasury Committee published a report titled "Sexism in the City," finding a "prominent theme" of NDAs being used to cover up the "[p]revalence of sexual harassment in financial services," and recommending a total ban on NDAs in harassment cases, which the government did not accept.

Disclosures covered by the new legislation

The Victims and Prisoners Act 2024 will void any contractual provision insofar as it purports to prevent a victim — or a person who reasonably believes they are a victim — of a crime from making a disclosure of information to the following:

  • law enforcement;
  • a qualified lawyer to seek legal advice;
  • a regulated professional to obtain professional support;
  • anyone providing support services to victims;
  • regulators for the purpose of cooperating with them;
  • anyone who is authorized to receive information on behalf of the above persons; or
  • a child, parent or partner in order to obtain support.

The scope of the legislation is narrow. It permits disclosures only by those who have, or reasonably believe they have, been directly harmed — or affected in certain prescribed ways — by criminal conduct, to a limited class of recipients, for the limited purpose of reporting or seeking support in relation to that criminal conduct.

The legislation does not permit disclosure of noncriminal conduct or of confidential information that does not relate to criminal conduct. It also includes an express provision that NDAs are not void insofar as they preclude disclosures made for the primary purpose of releasing information into the public domain.

In one sense, therefore, the legislation may have little impact on how NDAs are enforced by the courts. The likelihood of a party commencing a court claim to enforce, or claim damages for a breach of, an NDA for a disclosure covered by the legislation is low in any event.

However, the new law should still encourage victims to come forward to law enforcement and regulators, and seek support. It sends the important message to victims that they cannot be held to NDAs that seek to prevent any disclosure of criminal conduct.

The legislation is not yet in force pending the secretary of state implementing regulations, which may amend the scope of the disclosures covered.

What regulators are doing

The SRA has issued a warning notice and updates concerning NDAs. In summary, its view is that NDAs should not be used to prevent, impede or deter a person from the following.

  • cooperating with a criminal investigation or prosecution;
  • reporting an offence to a law enforcement agency;
  • reporting misconduct or a serious breach of regulatory requirements to the SRA or other regulators;
  • making a protected disclosure under the Public Interest Disclosure Act 1998;
  • making any disclosure required by law; or
  • making a proper disclosure of the NDA or circumstances surrounding the NDA to professional advisers — including tax, medical professionals and counsellors — who are bound by a duty of confidentiality.

Additionally, according to the SRA, NDAs should not be used to influence the substance of any such report, disclosure or cooperation, or include or propose (1) clauses known to be unenforceable, or (2) warranties, indemnities, and clawback clauses that prevent or inhibit permitted reporting or disclosures being made.

The SRA also conducted a thematic review on the use of NDAs in workplace complaints, the conclusions of which were published in August 2023. The review found that most NDAs complied with the SRA's warning notice, and there was no direct evidence of solicitors drafting NDAs with the deliberate intention of preventing the reporting of inappropriate behaviour.

However, the SRA also found that there were nonetheless certain common practices among solicitors that might discourage such reporting, and several prevalent inaccurate assumptions about NDAs within the profession.

According to a Legal Services Board report in February, the SRA has, since January 2023, issued 11 letters of advice, six warnings, six rebukes and one fine to solicitors regarding the improper use of NDAs. Further guidance from the SRA and other industry bodies is expected later this year or early next year.

Beyond the solicitors' profession, the Financial Conduct Authority, or FCA, also has an increasing focus on NDAs in the context of regulated firms' management of nonfinancial misconduct, which the regulator views as potentially inhibiting effective risk management within financial services and contributing to poor culture.

It has made it clear that NDAs should not deter whistleblowers from making confidential reports to the FCA and similarly, that firms should report internal disciplinary action to the FCA, regardless of the existence of an NDA.

The FCA recently issued a notice to insurers and insurance intermediaries requiring them to provide statistics on the number of NDAs they have used, and further inquiries in other sectors are expected. As part of being able to demonstrate appropriate mechanisms for addressing nonfinancial misconduct, regulated firms should therefore prepare to justify their use of NDAs to the FCA.

Key practical takeaways

The focus on NDAs is unlikely to diminish.

Although NDAs are not prohibited and regulators recognise their legitimate justification in many circumstances, those preparing and relying on them must be able to clearly and adequately explain that justification if challenged. This will involve careful consideration on a case-by-case basis as to whether an NDA is necessary at all and, if so, its appropriate scope.

Regulators are unlikely to look kindly on template NDAs being adopted without evidence of an assessment that all its provisions are justified in the circumstances.

Employees — particularly those who are vulnerable — or counterparties where the bargaining power is similarly unequal, should also be given time to carefully consider the implications of an NDA before entering into one. They should also have access to independent legal advice.

Overall, one party and its lawyers should not attempt to take unfair advantage of any imbalance in power in negotiating an NDA.

Organisations should monitor their use of NDAs to identify any potential systemic discrimination or conduct issues in their organisation, subject to data protection laws.

Finally, lawyers should continue to pay close attention to relevant legislation, SRA warning notices, and guidance from industry bodies when drafting NDAs.

They should be particularly careful when dealing with provisions that might not immediately appear to be an NDA, but which might similarly discourage legitimate disclosures, such as restrictive nonderogatory clauses or inappropriate clawback/penalty clauses.

This article was first published by Law360.