Against a backdrop of concern regarding the use of NDAs, important rules affecting NDAs are coming into effect on 1 October 2025 in England and Wales.
The new rules will impact how you use confidentiality agreements in your organisation and could increase risk.
Driven by Section 17 of the Victims and Prisoners Act 2024 (the Act), these reforms tighten the rules on NDAs, allowing certain disclosures – particularly in cases where a person is a victim of a crime. In practice, NDAs were never legally enforceable to avoid reporting crime; the new rules make that position explicit in statute. By understanding what’s changing, how business practices are affected, and how to adapt, you’ll be better positioned to prevent risk and uphold your reputation for integrity.
What are the changes?
From October, any NDA (or confidentiality clause) you sign will be unenforceable to the extent that it tries to stop someone who is, or reasonably believes themselves to be, a victim of crime from disclosing information for specific allowed purposes.
NDAs entered after 1 October must not stop “permitted disclosures”. Permitted disclosures are disclosures about “relevant conduct” – the criminal conduct that makes someone a victim of crime. Victims, or those who reasonably believe they’re victims, can now make these disclosures to specific groups for defined purposes. The definition of a “victim of crime” is very broad.
Put simply, the rules mean that victims of crime can’t be stopped from disclosing information about relevant conduct to various parties such as the police, qualified lawyers, regulated professionals, victim support services, regulators, persons authorised to receive information on behalf of those groups, and certain close family members. However, the disclosures to such groups can only be for specific purposes.
Importantly, these disclosures must relate to obtaining support, legal advice, professional care, or to facilitate an investigation – not to release information into the public domain.
NDAs which were entered into before 1 October 2025 won’t be impacted by these new rules.
The law’s intention is clear: no agreement should be used as a gag to prevent genuine victims from seeking help, justice or support.
How do they affect businesses?
This doesn’t mean the end for NDAs in the commercial world. You are still able to use NDAs to protect your confidential information, trade secrets, proprietary intellectual property, M&A information, and genuinely sensitive business interests. (Concerns about disclosures to regulators affecting patents/trade marks are generally remote, as regulatory bodies have their own confidentiality obligations.)
What will change is the drafting and transparency required in your documentation. Old templates that seek to prohibit “any disclosure to any third party” without explicit carve-outs are now a risk – such blanket clauses may be unenforceable to the extent that they breach the new rules.
You may also find more crossover between HR, legal, compliance, and external bodies, particularly if someone in your organisation believes they are a victim of crime and needs to raise the issue with an authority or support organisation.
Confidentiality provisions within settlement agreements and exit packages require careful review and potential rewording. It is also advisable to remind managers that private assurances of secrecy may not be enforceable when statutory rights to disclose exist.
This clarity will be especially relevant to regulated clients who want to reflect best practice and give employees peace of mind that they can report crimes.
How can your business prepare for the changes?
Preparation is the hallmark of good compliance. Because the reforms prohibit NDAs from blocking crime reporting or silencing harassment/discrimination – and require clear, plain-English drafting and informed legal advice – now is the time to:
- Review and understand the new requirements so you know who disclosures can be made to and when, recognising what is prohibited.
- Review and, where needed, update all NDA and confidentiality templates to ensure compliance with the Act, including robust, carefully drafted permitted-disclosure provisions that do not restrict lawful disclosures.
- Apply these updates across both commercial NDAs and employment/HR agreements (including settlement terms).
- Update internal training and guidance to ensure that HR, legal, and management teams understand which disclosures are protected and how to handle them.
Seek legal advice on the drafting and use of your NDAs if you are unsure.
Next steps
Navigating these legal changes doesn’t have to be daunting. Our commercial law solicitors and employment law solicitors are here to help you audit your contracts and agreements, update your processes, and manage the transition with confidence. If you need tailored drafting, practical training, or strategic advice on handling NDAs in the new legal landscape, contact our team today. With proactive steps, you can keep your business protected and compliant.