The government has announced plans to curb the use of non-disclosure agreements (NDAs) where they would prevent victims and direct witnesses of a crime from speaking out. We explore the proposal and its implications for employers, as well as setting out some practical next steps to prepare for the changes.
What is in force today
Since 1 October 2025, section 17 of the Victims and Prisoners Act 2024 (VPA) renders void any clause that prevents a victim of crime (or someone who reasonably believes they are a victim) from sharing information with specified people for defined purposes, such as the police, regulators, lawyers and support services. For more detail, you can read our previous blog here.
What the government now proposes
An amendment to the Victims and Courts Bill would extend the VPA regime so that both victims and direct witnesses can disclose information to anyone, for any reason, including family, friends, employers, journalists and on social media. Limited “excepted NDA” criteria may be set by the Secretary of State in narrow, legitimate circumstances. Timing depends on the Bill’s passage and commencement.
Interaction with the Employment Rights Bill
Government-backed changes to the Employment Rights Bill would make void NDA terms that stop workers speaking about alleged harassment or discrimination. This sits alongside the VPA regime rather than replacing it. Employers should plan on the basis that confidentiality terms that suppress reporting of misconduct will not be enforceable. For further information on this proposal, you can read our earlier blog here.
Implications for employers
Employers will no longer be able to rely on settlement agreements or COT3s to keep sensitive allegations confidential where they may amount to discrimination, harassment or criminal conduct. This may act as a disincentive to settle claims, with the appeal of a “clean break” off the table.
The ability to speak freely will also invite greater public scrutiny of past incidents. This reinforces the need for employers to adopt a more transparent, victim-centred approach and to move away from over-reliance on confidentiality as a risk management tool.
Certain guardrails do remain – disclosures will remain subject to laws on defamation and data protection.
Practical next steps for employers
Employers should begin preparing for this new landscape now:
- Refresh internal investigation and reporting procedures to support safe disclosures and include clear communications protocols, such as social media guidance.
- Train HR, Legal and management colleagues on the new limits of confidentiality obligations. Ensure they understand that it is still possible to protect trade secrets, settlement package details and personal data.
- Update template NDA, settlement agreements and COT3 forms to ensure they contain appropriate exceptions to comply with the VPA regime and plan to update them again if this proposed extension becomes law.
- Develop an “appropriateness” check for any proposed NDA. Rather than rely on template or boilerplate confidentiality wording, ensure drafters assess the scope of any proposed confidentiality obligation on a case-by-case basis.
