Protection of Official Data

Current project status

  • Initiation: Could include discussing scope and terms of reference with lead Government Department
  • Pre-consultation: Could include approaching interest groups and specialists, producing scoping and issues papers, finalising terms of project
  • Consultation: Likely to include consultation events and paper, making provisional proposals for comment
  • Policy development: Will include analysis of consultation responses. Could include further issues papers and consultation on draft Bill
  • Reported: Usually recommendations for law reform but can be advice to government, scoping report or other recommendations

A review of the Official Secrets Acts to make sure Britain is safe in the 21st century. The project has now concluded.

Read the full report here.

Read a summary of the report here.

The problem

In the last twenty years, new communications and data technology has changed the nature of espionage and leaks. For example, hostile states can conduct cyber-attacks on the UK through multiple servers across multiple countries. At the same time, the potential impact of spying and leaks has increased: a single disclosure could contain terabytes of data.

However, the four Official Secrets Acts that help protect the country from spying and leaks are outdated and no longer fit for purpose.

The criminal law provisions that protect official information are primarily contained in the Official Secrets Acts 1911-1939 and 1989.

The Official Secrets Act 1911 still provides the principal legal protection in the United Kingdom against espionage, despite the fact it was enacted in the run up to the First World War. Since its implementation over 100 years ago this legislation has been subject to very little independent scrutiny.

Certain categories of official information are protected from unauthorised disclosure by the criminal law. This includes information relating to security and intelligence, defence, and international relations. Unauthorised disclosure of these types of information might harm national security or other important state interests. The Official Secrets Act 1989 is the main statute protecting these categories of official information.

In addition, there are a number of miscellaneous unauthorised disclosure offences on the statute book.

The project

In 2015 the Cabinet Office, on behalf of the government, asked the Law Commission to review the effectiveness of the laws that protect Government information from unauthorised disclosure.

The Law Commission published a consultation paper on 2 February 2017 which suggested ways to improve the law that protects official information.

The open public consultation on the protection of official data ran until 3 May 2017.

We published a final report with recommendations for change on 1 September 2020. You can find the full report and a summary of it, at the top of this page.

Our recommendations

In our final report, we make 33 recommendations designed to ensure that:

  1. the law governing both espionage and unauthorised disclosures addresses the nature and scale of the modern threat;
  2. the criminal law can respond effectively to illegal activity (by removing unjustifiable barriers to prosecution); and
  3. the criminal law provisions are proportionate and commensurate with human rights obligations.

Our main recommendations can be summarised as follows:

  • Updating the archaic language of the Official Secrets Acts to ensure the legislation is fit for purpose. For example, we recommend replacing the word “enemy” with “foreign power”, which would include terrorist organisations and companies controlled by a state.
  • For prosecutions of public servants (crown servants and contractors) who leak information, we recommend removing the requirement to prove that the leak caused damage. Instead, the offence should require proof of a sufficiently culpable mental state (which should be decided by Parliament). For example, knowledge or belief that the disclosure would cause damage.
  • For cases of espionage carried out against the UK from abroad, we recommend that an offence would be committed irrespective of whether the individual is a British citizen, provided there is a significant link between the individual’s behaviour and the interests of the United Kingdom.
  • A statutory public interest defence should be available for anyone – including civilians and journalists – charged with an unauthorised disclosure offence under the Official Secrets Act 1989. If it is found that the disclosure was in the public interest, the defendant would not be guilty of the offence.
  • Public servants and civilians should be able to report concerns of wrongdoing to an independent statutory commissioner who would be tasked with investigating those concerns effectively and efficiently.
  • Parliament should consider increased maximum sentences for the most serious offences in relation to leaks. However, we do not make a recommendation on what new maximum sentences should be.

Next steps

The National Security Bill, which was introduced into the House of Commons in May 2022, implements many of the espionage recommendations set out in our Protection of Official Data report. The Bill is now passing through the House of Lords, having completed its passage through the Commons.

Documents and downloads

Project details

Area of law

Criminal law


Professor Penney Lewis