NDAs and confidentiality clauses: the impact on employers following the Victims and Prisoners Act 2024

New legislation will come into force on 1 October 2025 which will impact Non-Disclosure Agreements. In this article we consider the changes from an employment perspective and any steps an organisation can take to ensure that it does not contravene these new provisions.

As referenced in our previous briefing, the Victims and Prisoners Act 2024 will void provisions in any agreement which purport to prevent a victim (or someone who reasonably believes they are a victim) from making disclosures about criminal acts to law enforcement agencies, regulators or professional advisors/support services. The relevant provisions will be effective from 1 October 2025.

In anticipation of the new law, the Ministry of Justice has issued guidance on the upcoming changes to Non-Disclosure Agreements (NDAs).

The use of NDAs in the employment relationship

In the employment context, this new law means that confidentiality agreements (‘gagging orders’) – whether as standalone NDAs or clauses as part of a COT3 or a Settlement Agreement - cannot operate to prevent the reporting of criminal activity or to prevent victims obtaining support. The provisions will apply to all sectors.

Taking it back to basics, NDAs are legal contracts which place confidentiality restrictions on information known between the parties in exchange for something of value (which is usually a sum of money). And typically speaking, we often see these types of clauses in the form of confidentiality provisions within a COT3/Settlement agreement where an employment dispute is settled and/or when an employee is exiting an organisation.

The use of NDAs and confidentiality clauses have been widely scrutinised in the press and the political sphere, although the spotlight is not just on employers. Whilst that scrutiny has increased over the years and there are concerns that such clauses have been misused, particularly in cases involving allegations of sexual harassment since the #MeToo movement, there is not a call for an outright ban on NDAs/confidentiality clauses.

The use of COT3/settlement agreements is a useful tool and allows parties to document the resolution of their dispute(s) without the need to go to a Court or Tribunal – and for some, the inclusion of a confidentiality clause will be important.  However, they should be used with care and not operate to take unfair advantage – which has been stressed to solicitors by the Solicitors Regulatory Authority in its warning notice on the use of NDAs. 

Section 17 of the Victims and Prisoners Act 2024 

As it currently stands, NDAs cannot operate to seek to prevent a person from reporting a crime to the police or to prevent an individual from making a protected disclosure relating to a criminal offence (i.e. whistleblowing). However, the current position is that NDAs can be used to prevent parties from making other types of disclosures such as telling family or support services about the criminal conduct they have been a victim of.

Section 17 of the Victims and Prisoners Act 2024 means that permitted disclosures will be wider than the current position and from the 1 October 2025, any contractual provision would be void if it seeks to prevent the disclosure of information concerning criminal conduct by a victim, or a person who reasonably believes they are a victim, to the following categories of people:

• Police or other bodies which investigate or prosecute crime, for investigating or prosecuting the criminal conduct. This could include the Financial Conduct Authority, the Health and Safety Executive, the Competition and Markets Authority, the Environment Agency, the Gambling Commission, the Information Commissioner’s Office and the Serious Fraud Office.
• Qualified and regulated lawyers, for the purposes of seeking legal advice about the criminal conduct.
• Regulated professionals (including regulated healthcare professionals, social workers and school teachers), for obtaining professional support in relation to the criminal conduct.
• Victim support services, for obtaining confidential support in relation to the criminal conduct.
• Regulators, for cooperating with the regulator in relation to the criminal conduct.
• To a person authorised to receive information on behalf of any of the above, for the relevant purposes as mentioned above (in this regard, we foresee this including any staff at a law firm, for example).
• A victim’s close family member, including a child, parent or partner, for the purpose of obtaining support in relation to the criminal conduct.
  
  The provisions do not apply however, where the primary purpose of the disclosure is to release information into the public domain (this applies even where the disclosure has been initially made to a permitted person and that person then discloses to the public).
• Draft regulations have also been put before Parliament to widen the permitted disclosures (the Victims and Prisoners Act 2024 (Permitted Disclosures) Regulations 2025). These Regulations are expected to be in force from 1 October 2025 and will include disclosures to:
terms and conditions

• The Criminal Injuries Compensation Authority, for the purpose of a claim for compensation in relation to the relevant criminal conduct.
• A court or tribunal, for the purpose of issuing or pursuing any proceedings in relation to a decision of the Criminal Injuries Compensation Authority made in connection with a compensation claim.

Who is a victim?

The definition of victim is fairly wide - not only does the legislation define a victim of crime as someone who has suffered harm (being physical, mental or emotional harm or economic loss) as a direct result of being subjected to criminal conduct, but it also includes other circumstances, such as where a person has suffered harm as a direct result of having seen, heard of otherwise directly experienced the effects of criminal conduct, so in other words a witness to a crime.

There does not have to be a formal investigation or a conviction for someone to be a victim of crime or to reasonably believe they are a victim of crime. Individuals will also be considered a victim regardless of whether they have told anyone about that crime, including reporting it to the police.

Practical guidance

The use of NDAs/confidentiality clauses are not prohibited and when used correctly, they can be a valuable tool. However, this update reinforces the need to undertake the following:

     1. Consider the approach on the inclusion of NDAs

As a matter of good practice, the inclusion of NDAs/confidentiality clauses should not be routinely used, and they should be tailored to the case at hand. If any NDAs/confidentiality clauses are to be used, be prepared to adequately explain the justification if ever challenged.

     2. Update any COT3/settlement agreement templates, as necessary

Any NDAs/confidentiality clauses used in COT3/settlement agreements should expressly carve out permitted disclosures, and many employers may find that the existing carve outs are wide enough to capture the new provisions. However, it will be important to check this and make relevant updates if necessary. Please do get in touch if you would like our help or advice in doing this.

     3. Seek legal advice

Where there are circumstances involving criminal activity, and an employer is considering the use of NDAs/confidentiality, this could be potentially complex and as such, we would recommend that further advice is sought.

England and Wales only

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at June 2025. Specific advice should be sought for specific cases. For more information see our .