Authorisation to Release Confidential Info UK Guide
We're not a law firm — we help you find the right legal support. For advice on your situation, speak to a legal adviser or find a solicitor.
Most commercial relationships involve sharing something sensitive. It might be customer data, technical know-how, financial figures, or plans for a new product. When that information leaves your hands, you need a way to keep control of it. Two documents tend to sit at the heart of this: the confidentiality agreement (often called an NDA) and, running alongside it, an authorisation to release confidential information.
The first locks things down. The second gives a defined, written permission to let specific information out again, to a named person, for a named purpose. Used together, they let a business cooperate with partners, advisers and buyers without losing grip on what matters.
This guide walks through how the authorisation works in practice, when you are likely to need one, and what to think about before you sign.
What this document is
An authorisation to release confidential information is a short written permission given by the party that owns the information (the disclosing party) to the party that holds it under an NDA (the receiving party). It carves out a specific exception to the confidentiality obligations already in place.
Without it, passing the information to anyone outside the original agreement would usually be a breach. The authorisation names who the information can be shared with, describes what can be shared, and sets out any conditions attached, such as a requirement for the third party to sign their own confidentiality undertaking.
It is sometimes called a disclosure letter or consent to disclose. In practice, these documents are most often used when the receiving party needs input from a professional adviser, a subcontractor, a funder, or a regulator, and the original NDA did not already cover that specific onward sharing. Getting the wording right matters: a vague authorisation can unintentionally widen disclosure far beyond what was meant.
How to use this document
- Check what the NDA already allows. Before drafting anything new, read the original confidentiality agreement carefully. Many NDAs already permit disclosure to employees, professional advisers or affiliates on a need-to-know basis. If the onward sharing you have in mind is already covered, a separate authorisation may not be needed at all.
- Identify the third party and the purpose. Be specific about who will receive the information and why. Naming the organisation (and where possible the individual) keeps the permission tight. State the reason clearly, for example obtaining tax advice, carrying out technical due diligence, or evaluating a commercial proposal, so there is no ambiguity later.
- Define exactly what is being released. List the categories of information covered, or attach the documents themselves as a schedule. Avoid broad phrases like 'all project materials' unless that is genuinely what you intend. The tighter the description, the less room there is for disputes about whether a particular disclosure was authorised.
- Set the conditions of release. Spell out any strings attached. Common conditions include the third party signing a back-to-back confidentiality undertaking, limits on copying or onward sharing, a requirement to return or destroy materials after use, and a deadline after which the permission lapses. Conditions make the authorisation workable rather than open-ended.
- Sign, date, and keep a record. Both parties should sign and date the authorisation, and each should keep a copy alongside the original NDA. If disclosure ever becomes contested, a clear paper trail showing who agreed to what, and when, is usually the deciding factor. Store it with your contract records, not just in email.
Common questions
If you're dealing with this kind of situation, speak to an experienced legal adviser who can walk you through it — from £89.
Common questions
Q Is an authorisation to release confidential information the same as an NDA?
No. An NDA creates the duty of confidentiality in the first place. An authorisation to release sits on top of that NDA and gives written permission for a specific disclosure that would otherwise break it. You would typically have the NDA in place first, then issue an authorisation later when a particular situation calls for it.
Q When would I actually need one?
Common situations include letting a contractor share project details with their own accountant or solicitor, allowing a potential investor to pass information to their due diligence team, or permitting disclosure to a regulator. If the original NDA does not already cover that onward sharing, a short written authorisation avoids any suggestion of breach.
Q Does the third party need to sign anything?
It is sensible to require this. The authorisation can be conditional on the third party signing their own confidentiality undertaking before they receive anything. That way, your information is still protected once it reaches them, and you have a direct contractual relationship with the new recipient rather than relying solely on the original party.
Q Can I withdraw the authorisation later?
It depends on how it is drafted. Some authorisations are one-off permissions that expire once the disclosure has been made. Others are ongoing and can be revoked on notice. If you want the flexibility to pull the permission back, say so clearly in the document, along with what should happen to any information already shared.
Q What should count as confidential information?
The underlying NDA should define this, and the authorisation should work within that definition. Typical categories include business plans, financial data, customer lists, technical specifications, source code, pricing, and trade secrets. Information that is already public, or was lawfully known before the NDA, is usually excluded.
Q How long does a confidentiality obligation last?
There is no single answer under English law. Many commercial NDAs run for a set period, often between two and five years, though trade secrets can be protected for longer. The authorisation to release should not extend confidentiality beyond what the original agreement provided, but it can impose its own time limits on the permitted disclosure.
Q What happens if someone breaches the agreement?
Remedies usually include damages for any loss caused and, in more serious cases, an injunction to stop further disclosure. The exact outcome depends on what the agreement says about consequences and on the circumstances of the breach. Keeping clear records of what was authorised, and what was not, helps considerably if a dispute arises.
If you're dealing with this kind of situation, speak to an experienced legal adviser who can walk you through it — from £89.
Sources
This guide is based on primary UK law and official guidance.
- Guidance · UK GovIntellectual Property Office: non-disclosure agreementsgov.uk
- Official SourceInformation Commissioner's Office: guide to data protectionico.org.uk
- Guidance · UK GovGOV.UK: business and self-employed guidancegov.uk
Legal helpline
Not sure whether you need an authorisation at all?
Confidentiality paperwork is easy to get wrong, and a loose authorisation can widen disclosure much further than you intended. An experienced legal adviser can talk through how your existing NDA fits with what you want to release, based on what you describe on the call.
- A clear explanation of how an authorisation interacts with your NDA based on what you describe
- Practical perspective on what the document should and should not cover in your situation
- Plain-English answers to your specific questions about onward disclosure
- Help to think through what to watch out for before you sign anything
Legal disclaimer
This article is for general information only. It is a tool to help you find your way — not legal advice, and not a substitute for speaking to a qualified adviser about your situation.