Guidance

Guidance: Exclusions Annex 2: National Security Grounds (HTML)

Updated 24 February 2025

© Crown copyright 2025

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/procurement-act-2023-guidance-documents-procure-phase/guidance-exclusions-annex-2-national-security-grounds-html

About this document

1. This document is an annex to the Procurement Act 2023 (the “Act”) Exclusions guidance, Terminations guidance and Debarment guidance. Commercial teams in contracting authorities should ensure they have read and understood these before utilising this annex which provides further detail specific to the national security exclusion grounds.

2. This guidance focuses solely on exclusions and terminations on national security grounds. Under the Act, contracting authorities must assess the national security threat posed by suppliers, their associated persons and (intended) sub-contractors in all covered procurements.

3. The document does not concern ‘exempted contracts’, to which the requirement to competitively tender, and the exclusions and debarment provisions, do not apply. These include contracts which a contracting authority determines should not, in the interests of national security, be subject to the Act, and certain types of defence and security contracts[footnote 1]. The document is applicable to other types of defence and security contracts[footnote 2] where there is a requirement to competitively tender contracts, and where the exclusions and debarment provisions apply.

4. Although the exclusion and debarment provisions do not apply to below-threshold contracts, contracting authorities may wish to consider the debarment list when awarding contracts other than public contracts (such as exempted contracts or below-threshold contracts).

5. While this guidance and the Act relate to contracting authorities in the public sector, the questions and resources contained in it may be of benefit to any organisation or business which may have national security sensitivities, and is seeking to assess the threat posed by a supplier in a procurement or contract.

6. This document is composed of five parts. Part One covers introductory material; Part Two covers the exclusions regime overall; Part Three covers the exclusions process in detail; Part Four covers the terminations process in detail, and Part Five covers further information.

Part One: Introduction

Context

7. The threat to contracting authorities sits within the context of geopolitical shifts, COVID-19, and Russia’s invasion of Ukraine, which have exposed vulnerabilities and dependencies within the global trading environment[footnote 3]. Tackling these challenges and building a strong economy are complementary objectives – the UK’s long-term growth needs to be secure and resilient, including by building a secure supply of critical goods.

8. Contracting authorities are situated on the front line of protecting the UK public sector from threats that arise from their supply chains. All covered procurements should follow supply chain security best practices and standards. However, these may not be sufficient to address the most serious risks to national security. The new national security exclusion grounds under the Procurement Act enable contracting authorities to exclude suppliers that pose a threat, or to terminate their contracts.

9. The UK has a proud record as one of the most open economies in the world. Any action to exclude suppliers on national security grounds should therefore be targeted and proportionate, and be taken only where necessary to address risk. In the likely small number of cases where a supplier may present a threat to the national security of the UK, action should always be considered carefully, and take into account all relevant considerations.

Roles and responsibilities

National Security Unit for Procurement (NSUP)

10. NSUP sits in the Cabinet Office. It supports Ministers in assessing referrals made by contracting authorities which are required to obtain Ministerial agreement to national security exclusions and terminations in line with the Act. Decisions on whether to agree referrals will be made by Cabinet Office Ministers.

11. NSUP also has a monitoring function for all exclusion actions taken under the national security grounds, and will receive notifications from contracting authorities.

12. Finally, NSUP supports Ministers in the identification, assessment, prioritisation and investigation of suppliers for debarment on national security grounds. Debarment decisions will be taken by Cabinet Office Ministers.

Contracting authorities

13. Contracting authorities must assess the national security threat posed by suppliers, their associated persons and (intended) sub-contractors in all covered procurements. It is assumed that commercial teams will lead on this process drawing on the available security and legal expertise. Guidance on the step-by-step process is set out in Part Three.

14. In order to ensure that any intervention is proportionate, we expect the exclusion of suppliers on national security grounds to be targeted to more sensitive procurements or contracts, which could present more opportunity for harm to the national security of the UK. Contracting authorities should conduct a preliminary sensitivity check to help them to determine whether it would be proportionate to continue to assess the threat posed by a supplier.

15. For these more sensitive procurements, contracting authorities should consider at the earliest stage of the procurement process the additional time this step could require. A referral to NSUP for Ministerial agreement may take around two months to process. Contracting authorities should also consider any additional information they may need from suppliers to carry out an assessment, which may take the form of additional questions for the supplier in the Procurement Specific Questionnaire.

16. Where contracting authorities are Ministers of the Crown, government departments or the Corporate Officers of the Houses of Parliament, they do not need to seek agreement before excluding suppliers or terminating contracts under the Act. However, in order to ensure consistent and robust decision-making, they are expected to work closely with NSUP on their assessment.

17. Contracting authorities will make all final decisions on whether to exclude a supplier or terminate a contract on national security grounds, although they must first seek Ministerial agreement where a national security ground applies.

18. Contracting authorities must submit notifications of certain exclusion or termination actions taken (see section on notification of exclusion action taken below).

19. Contracting authorities should process and store information relating to potential exclusion decisions on national security grounds in an appropriate manner, given their sensitivity.

20. It is expected that the capability of contracting authorities to assess national security risk in public procurement may vary and will develop over time.

21. Contracting authorities may also refer suppliers for a debarment investigation on national security grounds. Guidance on submitting a debarment referral.

Why is national security important in procurement and what is the threat?

22. Contracting authorities may be exposed to security threats when they contract with suppliers. Malicious actors such as individuals, groups or states could target contracting authorities as a means to undermine the national security of the UK for economic, political, or military gain. In addition, malicious actors may seek to exploit suppliers’ and sub-contractors’ legitimate access to, or control of, data, systems, locations or personnel, to achieve their aims.

23. If these malicious actors are able to exploit public procurement for their aims, the harm to the national security of the UK could include:

01. Critical National Infrastructure

  • Disruption or degradation to critical national infrastructure, or risk to governmental and defence assets

02. UK Capability

  • Disruption or erosion of UK capability such as military, intelligence, security or technological capability

03. Adversary Capability

  • Enabling actors with hostile intentions to uplift their defence, intelligence, security or technological capability

24. Some procurements and contracting authorities may be more attractive targets for malicious actors as a way to achieve these aims, especially if they provide a means for access to, or control of, more sensitive locations, systems or data.

25. Malicious actors may target contracting authorities through various means. The Government Functional Standard 007 (PDF, 308KB) describes four interconnected domains through which attacks are perpetrated: cyber, physical, technical, and personnel. These can all be facilitated through the supply chain via suppliers and sub-contractors.

26. Cyber - A supplier or sub-contractor’s access to IT systems, networks and data could be exploited by external actors to enable malicious actors to gain access to contracting authority systems or information. Contracting authorities should consider vulnerabilities in suppliers’ cyber security which could lead to unauthorised access.

27. Physical - Vulnerabilities in a contracting authority’s physical security could lead to unauthorised access, destruction, or disruption of its assets, either onsite or during transportation. Contracting authorities should consider how their infrastructure, estates, physical assets and employees are protected against attacks or compromises in the physical (i.e., tangible, real world) environment.

28. Technical - Malicious actors may use access through contracts to steal information via technical means, such as deploying eavesdropping devices or compromising of protective security systems.

29. Personnel - A supplier or sub-contractor’s employees may be in a position of privileged access to contracting authorities’ assets or systems. Individuals could join suppliers with the intent to commit malicious acts, or decide to do so after employment. Contracting authorities should consider what access a supplier’s employees have to assets and what level of personnel security checks are in place to detect and disrupt threats arising from such individuals.

How foreign ownership, control or influence may be relevant to your contract

30. The means of targeting contracting authorities set out above (cyber, physical, technical or personnel) are examples of opportunities for exploitation of the supply chain by which a malicious actor could gain access to information or obtain control of assets. A supplier or sub-contractor that can be influenced by a foreign state, including through ownership, control or location, may also provide access or control - wittingly or unwittingly - to that foreign state. State-ownership, or affiliation with foreign states, is not regarded as being inherently more likely to pose a national security threat. However, it is of particular concern when there is potential influence or control from a foreign state or jurisdiction that is known to threaten or seek to undermine the national security of the UK, or known to engage in activity which has that effect.

31. The location in which a supplier is headquartered, operates, has connections to, or where persons or entities which have majority control may reside, may also provide an opportunity for foreign states to influence a supplier and, in some cases, cause a security threat to arise. This is because the supplier likely falls under the laws of that jurisdiction, which may include provisions to compel private entities (including suppliers) to engage in, or to take, actions which facilitate foreign interference activities. The UK National Protective Security Authority publishes guidance for practitioners on supply chain security, including geographic risks and example scenarios.

Part Two: The exclusions regime

Exclusions and terminations under the Procurement Act 2023

32. The Act enables, and where appropriate requires, the exclusion of suppliers where they pose particular risks to public procurement, on a range of grounds. It provides a framework within which contracting authorities must consider a supplier’s recent past behaviour and circumstances to determine whether it should be allowed to compete for, or be awarded, a public contract. This is covered in Part Two. The Act also implies rights into public contracts for contracting authorities to terminate contracts if certain conditions are met. This is covered in Part Four. Guidance on the overall exclusions regime.

The national security exclusion grounds

33. For national security, there are two exclusion grounds that can apply to suppliers: a mandatory ground and a discretionary ground.

Mandatory Exclusion

34. The mandatory national security exclusion ground applies where a supplier poses a threat to the national security of the UK in relation to public contracts of a particular description on the debarment list. The description may include goods, services or works, location or the contracting authority.

35. This means that for the ground to apply, the procurement must be for a type of contract which matches the description of contracts in the supplier’s debarment list entry. The debarment list is available on gov.uk.

36. A supplier to whom a mandatory exclusion ground applies, due to there being a relevant entry on the debarment list, is referred to as an ‘excluded supplier’ and must be excluded unless an exception applies. ‘A relevant entry’ on the debarment list refers to an entry for a supplier; or for an associated person; or (intended) subcontractor where the supplier has been provided with an opportunity to replace the associated person or subcontractor, and has not done so. See general exclusion guidance for further information.

37. One exception is that mandatory exclusion does not apply to private utilities. This means that even if there is a relevant entry on the debarment list in relation to the mandatory national security exclusion ground, in a covered procurement carried out by a private utility, that supplier would only be regarded as an excludable supplier, not an excluded supplier (i.e., they do not have to be excluded). See below for further information on excludable suppliers.

Discretionary Exclusion

38. The discretionary national security ground applies where a decision-maker determines that the supplier or a connected person poses a threat to the national security of the UK.

39. In contrast to the mandatory exclusion ground, the discretionary exclusion ground is not specific to contracts of a particular description and can apply to any type of public contract where either:

a. a supplier, associated person or intended sub-contractor has been placed on the debarment list on the basis of discretionary national security ground OR,

b. a contracting authority concludes that the discretionary national security ground applies to a supplier, associated person or intended sub-contractor and follows the process outlined below.

40. A supplier to whom a discretionary exclusion ground applies is referred to as an ‘excludable supplier’. Contracting authorities have discretion as to whether to exclude such a supplier.

High-level process summary

Three tests

41. There are three tests that a contracting authority will need to consider to determine whether it should exclude a supplier from a procurement or terminate a contract on the basis of the national security grounds.

42. At a high level, Tests 1 and 2 revolve around a determination of whether the supplier is an excluded or excludable supplier on national security grounds. If the supplier is on the debarment list on a mandatory ground for contracts of the same description as the contract being procured or terminated, or is on the debarment list on a discretionary ground, the supplier is already an excluded or excludable supplier and the contracting authority is not required to consider Tests 1 and 2.

43. Where the supplier is not on the debarment list or is on the list in relation to contracts of a different description to the contract being procured or terminated, the contracting authority will need to carry out its own assessment of whether the discretionary ground applies by determining if Tests 1 and 2 are met.

44. Where the contracting authority is making its own assessment of whether the discretionary ground applies, in order to ensure a proportionate approach which targets the greatest harm to national security, the contracting authority should undertake a preliminary check of whether its procurement is more sensitive.

45. Test 1: the contracting authority should begin its assessment by determining whether the discretionary national security ground applies because the supplier could pose a threat to national security.

46. Test 2: having notified the supplier that it could pose a threat, the contracting authority must then consider any representations or evidence provided, determine whether the supplier does pose a threat to the national security of the UK, and whether the circumstances giving rise to that threat are ongoing or likely to reoccur.

47. Test 3: once the contracting authority has established that the supplier is excludable in Tests 1 and 2, either because it is on the debarment list on the discretionary ground, or because it has determined the supplier is excludable based on its own assessment, it will need to determine whether the supplier should be excluded from the specific procurement or whether its contract with the supplier should be terminated. This will involve considering the risks to national security in the specific procurement or contract, and any mitigations within the contract terms and specifications.

48. Where the supplier is on the debarment list on the mandatory ground for contracts of the same description as the contract being procured or terminated, there is no requirement for the contracting authority to consider Test 3, unless it is a private utility.

49. A question checklist is provided to guide contracting authorities through the three tests.

50. Contracting authorities should undertake the tests as soon as reasonably practical so that the procurement process is not hindered. Timeframes may vary depending on the complexity of the procurement or contract.

Other steps

51. If the contracting authority decides all three tests are met, and intends to take action to exclude a supplier or terminate a public contract on the basis of the discretionary national security exclusion ground, it will need to make a referral to NSUP for agreement from the Cabinet Office Minister, unless the contracting authority is a Minister of the Crown, government department or Corporate Officer of the Houses of Parliament. The contracting authority will only be able to exclude or terminate if the Minister agrees.

52. If action is taken to exclude or terminate, the contracting authority may be required or asked to notify the Minister or publish a termination notice.

STEP-BY-STEP PROCESS FOR CONTRACTING AUTHORITIES

Part Three: Process overview for exclusions in detail

See Figure 1 and Table 1 for a high-level overview of the process a contracting authority should follow.

*Ministerial notification and agreement for discretionary exclusion of a supplier on national security grounds is not required where the contracting authority is a Minister of the Crown, government department or corporate officer of the Houses of Parliament.

Table 1 - Routes to an exclusion referral

Route Relevant entry on debarment list on a national security exclusion ground Requirements - Sensitivity check Requirements - Test 1 Requirements - Test 2 Requirements - Test 3 Requirements - Referral
A Match to mandatory ground and contract description - - - - Not required
B Match to discretionary ground - - - Yes Yes
C No match: not on list, or on list on mandatory ground but contract does not match description Yes Yes Yes Yes Yes

Supplier on the debarment list

When a supplier, associated person or sub-contractor matches an entry on the debarment list

53. Contracting authorities must check whether suppliers and their associated persons or intended sub-contractors are excluded or excludable suppliers at certain points during a covered procurement. This means that contracting authorities must check the debarment list at those specific points. If the supplier is on the debarment list, it could be on the basis of either the mandatory national security exclusion ground (in which case the supplier must be excluded) or the discretionary national security exclusion ground (in which case contracting authorities may exclude the supplier), or both.

On the debarment list: mandatory ground

54. If a supplier, associated person or intended sub-contractor is on the debarment list by virtue of the mandatory national security exclusion ground, contracting authorities must consider whether their procurement is for a contract of the type described in the relevant entry on the list.

55. Relevant contract (Route A). Where the supplier is on the debarment list in relation to contracts of a particular description and the procurement is for a contract which falls within that description, the contracting authority must exclude the supplier from participating or progressing in a competitive flexible procedure or disregard their tender in the case of a competitive award. If an associated person or intended sub-contractor is on the debarment list in relation to contracts of the same description as the contract which is being procured, the supplier must only be excluded or their tender disregarded if the supplier decides not to replace the associated person or intended sub-contractor, having been given the opportunity to do so.

56. Where a contracting authority excludes or terminates on the basis of a mandatory exclusion ground, agreement from a Minister is not required. However, NSUP must be notified via the referral mechanism about any exclusion action within 30 days (see section on notification of exclusion action below).

57. If the contracting authority is a private utility for which an excluded supplier is to be treated as excludable, it should follow route B, as an exclusion is discretionary.

58. The one other exception to the requirement to exclude a supplier on the mandatory exclusion ground for a relevant contract above is where the contracting authority is making a direct award of the contract under section 41 of the Act, and there is an overriding public interest in awarding the contract to the supplier. Further details of what is meant by overriding public interest are outlined in the exclusions guidance on gov.uk. It must be noted that this should only ever be in exceptional circumstances.

On the debarment list: discretionary ground (Route B)

59. If a supplier, associated person or intended sub-contractor is on the debarment list on the basis of the discretionary national security exclusion ground, contracting authorities should consider whether to exercise their discretion in Test 3. If they intend to take any exclusion action, contracting authorities (other than Ministers of the Crown, government departments and the Corporate Officers of the Houses of Parliament) must notify and seek Ministerial agreement via NSUP before excluding a supplier.

Subcontractors

60. With respect to intended sub-contractors, contracting authorities must request information about whether a supplier intends to use sub-contractors and seek to determine if any intended sub-contractors are on the debarment list. They should also decide whether to request information in order to determine if any intended subcontractors are excluded or excludable suppliers, and which categories of sub-contractors they want to seek further information about[footnote 4]. The threat to the national security of the UK that might be posed by sub-contractors can be assessed in the same way as for suppliers, i.e., by using the question checklist.

Connected persons

61. Even where a supplier is not on the debarment list, it is possible that a connected person of the supplier is on the list; for example, a parent company or subsidiary of the supplier. Contracting authorities should also check the debarment list for suppliers’ connected persons. If a connected person is on the debarment list on the basis of either national security exclusion ground, this means the supplier may be an excluded or excludable supplier. Contracting authorities must follow the process set out, make the necessary referrals and, where appropriate, seek Ministerial agreement via NSUP before taking any action on this basis.

Supplier not on the debarment list (Route C)

When a supplier, associated person or sub-contractor does not match an entry on the debarment list

62. If the supplier is not currently on the debarment list, the contracting authority must seek to determine whether a supplier is otherwise excludable, including considering whether to conduct its own assessment of the supplier, following the process set out below.

63. This also includes instances where the supplier is on the debarment list on the mandatory ground but the procurement is not for a contract of the description specified in the relevant entry. In making its own assessment of the threat posed by the supplier to a contract of a different description, the contracting authority should consider any relevant information published regarding the addition of the supplier on the debarment list, as this may provide indications that the supplier is excludable.

Preliminary check: is this a higher sensitivity procurement?

64. The process of assessing the threat posed by suppliers is likely to take time and may be complex. To ensure that an intervention is proportionate, as a preliminary stage before assessing the threat posed by suppliers, contracting authorities should first consider whether the procurement could be of a more sensitive type that presents more opportunity for harm to the UK national security, as these are the cases in which exclusion on national security grounds could ever ultimately be considered appropriate. In order to assist contracting authorities in considering this, some indicative characteristics are set out below. The list is not exhaustive.

65. If the contracting authority considers that the procurement does not present more opportunity for harm to national security, it may not be proportionate to continue to assess the threat posed by suppliers as it is not likely ultimately to be considered appropriate to exclude the supplier from this procurement on national security grounds. If a contracting authority decides not to proceed to assess the threat to national security posed by suppliers in the procurement, the reasons should be recorded.

66. The questions in the sensitivity check that are being considered at this stage will also be considered in more detail at Tests 1 and 3 when determining whether the supplier poses a threat, and whether the supplier should be excluded from the specific procurement.

Sensitivity indicators

67. Review the procurement context – Why might this procurement or your organisation be targeted to harm UK national security?

a. Does it provide access to, or control of assets, data, computer systems or networks that are part of UK critical national infrastructure?

b. Does it provide access to or control of locations such as sensitive sites[footnote 5] or where material classified at SECRET or above is processed, or where there is a requirement for employees to be vetted at or above Security Check (SC) level, or where there is a requirement for Facility Security Clearance or Industry Personnel Security Assurance?

c. Does it provide access to data which is of national significance, including sensitive personal data, data classified at SECRET or above, sensitive nuclear information, large-scale data (national or regional level datasets, big data)?

Assessing the threat posed by a supplier

68. Figure 1 gives an overview of the process that contracting authorities should follow to assess whether a supplier poses a threat and is an excludable supplier before determining whether a supplier should be excluded. As part of this assessment, contracting authorities should use the Tests 1-3 question checklist provided in this document.

69. Contracting authorities should draw on all the resources and evidence available to help them assess whether a supplier poses a national security threat, including engaging with their internal security and legal teams. Government departments may provide additional guidance to contracting authorities in their areas of responsibility. See the section on where to go for more information, guidance and training, where further advice is given on the types of information and resources that should be utilised.

70. A supplier will be an excludable supplier on national security grounds if it is determined that the supplier or a connected person poses a threat to the national security of the United Kingdom and the circumstances giving rise to that threat are continuing or likely to occur again. The supplier may also be excludable if it is determined that an associated person or intended sub-contractor poses such a threat and the circumstances giving rise to that threat are continuing or likely to occur again (and, after being given the opportunity, the supplier does not replace them).

71. The Tests 1-3 Question Checklist is provided to assist contracting authorities when assessing whether any particular supplier, connected person, associated person or intended sub-contractor poses a national security threat and is an excludable supplier that should be excluded from the procurement in three sequential tests (Figure  2).

  1. Test 1 - Could the supplier pose a threat to national security?
  2. Test 2 - Is the national security threat continuing or likely to reoccur?
  3. Test 3 - Should they be excluded from this procurement?

Figure 2: The three tests a contracting authority must answer during the assessment process

72. Following Test 1 and consideration of any representations or any evidence provided by the supplier, the contracting authority must then determine whether or not the supplier does pose a threat to national security and whether the circumstances giving rise to that discretionary national security exclusion ground are continuing or likely to occur again in Test 2, before proceeding to Test 3.

73. Contracting authorities should consider whether it is appropriate to complete the question checklist, taking account of all relevant factors such as publicly available information and any information they hold about the relevant entity or person.

74. Under section 28(2) of the Procurement Act 2023, contracting authorities may request information regarding any intended sub-contractors for the purpose of determining whether they are an excluded or excludable supplier. Contracting authorities should take a proportionate approach when asking for information about intended sub-contractors under section 28(2), including in seeking information to determine whether intended sub-contractors should be subject to exclusion on national security grounds.

75. Before determining whether a supplier is excludable on national security grounds, contracting authorities must give the supplier a reasonable opportunity to make any representations they wish to make and to provide evidence as to whether the discretionary national security exclusion ground applies to it, and whether the circumstances giving rise to the application of the ground are continuing or likely to occur again (i.e., on Test 1 and Test 2).

76. Paragraph 15(4)(e) of Schedule 7 provides that in determining whether the discretionary national security exclusion ground applies to a supplier, a decision-maker must ignore any event (meaning any conviction, decision, ruling, failure or other event by virtue of which the exclusion ground would apply to a supplier) that occurred before the coming into force of this Schedule. For the avoidance of doubt, any information which indicates that a supplier currently poses a threat to national security can be taken into account.

77. Where the contracting authority considers that a supplier is an excludable supplier and intends to take an exclusion action, s.29 of the Act requires the contracting authority to secure Ministerial agreement before that intended action can be taken. Contracting authorities should make a referral to a Minister via NSUP on gov.uk. This requirement does not apply to contracting authorities that are Ministers of the Crown, government departments or Corporate Officers of the Houses of Parliament.

78. On receipt of a referral, the Minister will consider whether the supplier is an excludable supplier and whether the exclusion action should be taken. In doing so, the Minister will also assess the compliance of the intended action with the UK’s international trade obligations[footnote 6]. If the Minister does consider the supplier to be excludable and that the intended exclusion action should be taken, the contracting authority will be informed and can then determine whether to proceed.

Tests 1 to 3 - Question Checklist

79. This checklist is designed to assist a contracting authority when assessing whether a supplier is an excludable supplier under the discretionary national security exclusion ground. Links to further guidance which can assist contracting authorities to answer these questions can be found in the section on ‘where to go for more information’ below. Each question should be considered fully, to the extent possible with the information available. At the end of each test, a section on ‘drawing a conclusion’ is provided to assist contracting authorities in deciding whether the test is met. The preliminary sensitivity check should already have been considered before this stage.

Test 1 - Could the supplier pose a threat to national security?

Jurisdictional Hazard and Control

Question 1: Could the supplier be linked to a foreign state? Indicators of state ownership, control or influence include:

a. the supplier is subject to material influence from state ownership or control structures, including significant shareholding or voting rights; or,

b. there are politically affiliated, or otherwise exposed, persons in senior leadership roles; or,

c. there are unusual, or otherwise notable, state funding streams, including in initial supplier establishment and/or contracts or agreements.

Question 2: Could the significant majority of the corporate control over the supplier be reasonably inferred to reside[footnote 7] in a jurisdiction where:

a. there are legal frameworks and/or policies which enable a foreign government to compel the supplier to take direct or indirect steps in another jurisdiction which could lead to harm to the national security of the UK, without reasonable aims; or,

b. there are relevant sanctions[footnote 8], arms export controls, entity lists or other restrictions in place which may indicate a national security concern?

Question 3: What can reasonably be inferred about the intent of the foreign state with ownership, control or influence or the jurisdiction where corporate control resides? Indicators include:

a. is that country known to seek to threaten or undermine the national security of the UK, to engage in activity which has that effect?

b. is there a documented history of malicious cyber activity towards the UK, which is attributed to that country?

c. is there a documented history of government sanctioned intellectual property theft and/or technology transfer campaigns targeting the UK and/or allies?

Technical Vulnerability

Question 4: What are the typical goods or services provided by the supplier in the UK public procurement? Does the supplier supply technologies which due to their inherent nature, design, and functionality, are likely attractive opportunities for exploitation? This may include but is not limited to:

a. backbone services which act as the fabric or foundation of a network and may have high levels of privileged access, e.g., cloud services or content delivery networks;

b. operational technology where there is risk of significant real-world impact from a disruption, e.g., industrial control systems;

c. security technology which due to the nature of these products, often require high levels of privileged access, e.g., firewalls, antivirus software, networked surveillance equipment; or,

d. network infrastructure devices that transport communications needed for data, applications, services, and multi-media, e.g., routers, switches, wireless access points.

Question 5: Do the technologies, goods or services provided by the supplier have known vulnerabilities? Is the supplier known to have shortcomings in security practices or policies?

Customer Sensitivity

Question 6: Does the supplier typically provide goods or services to higher sensitivity contracting authorities? This could include those with access to or control of: 

a. assets, data, computer systems or networks that are part of UK critical national infrastructure;

b. locations such as sensitive sites, or where material classified at SECRET or above is processed, or where there is a requirement for employees to be vetted at or above Security Check (SC) level, or where there is a requirement for Facility Security Clearance or Industry Personnel Security Assurance;

c. data which is of national significance, including significant data (sensitive personal data, data classified at SECRET or above, sensitive nuclear information, large-scale data such as national or regional level datasets, big data).

TEST 1: Drawing a conclusion - consideration of the threat to national security

80. For these purposes, a supplier could pose a potential threat to UK national security if:

a. it is subject to state ownership, control or influence and/or resides in a jurisdiction (such as in question 1 or 2); and,

b. that state and/or jurisdiction is known to seek to harm or undermine UK national security or to engage in activity which has that effect (such as in question 3); and,

c. the supplier produces or provides goods or services of a particular type that are more likely to present an opportunity for exploitation or associated with known vulnerabilities or security failures (such as in question 4); and,

d. the supplier provides goods or services to customers of higher sensitivity, such as those with access or control of sensitive locations, systems or data (Question 5).

Test 2 - Is the national security threat continuing or likely to occur again?

Question 7: Is the national security threat continuing or likely to occur again?  

In order for a supplier to be considered an excludable supplier, the threat must be continuing or it must be likely that the threat will occur again.

a. If there used to be a threat, but the threat is no longer present and not likely to occur again, the supplier is not an excludable supplier and the contracting authority will not be able to exclude the supplier on this basis.

b. Contracting authorities should consider whether there was a specific event which gave rise to suspicions of national security threat which has subsequently been resolved.

Contacting the supplier

81. The contracting authority must give the supplier a reasonable opportunity to:

a. make representations; 

b. provide evidence as to whether the exclusion ground applies and whether the circumstances giving rise to the exclusion ground are continuing or likely to occur again, before determining whether a supplier is an excludable supplier.

82. This may be the point at which the supplier first becomes aware that they are being investigated on national security grounds. The template which should be used to indicate to a supplier that the contracting authority is considering whether they could pose a threat to national security can be found at Annex 1. This notifies the supplier that an assessment is under way, together with a list of required actions.

83. The contracting authority should ensure that the supplier is aware that representations and evidence provided will be shared with NSUP, and any other relevant authorities, for the purposes of the Act.

Reviewing representations and evidence provided

84. Section 58 of the Act suggests general factors that may be taken into account by a contracting authority in assessing whether a threat is continuing or likely to occur again, and these are explained in the exclusions guidance on gov.uk along with the circumstances in which contracting authorities may request further information from suppliers.

85. Contracting authorities should specifically consider whether any representations made or any evidence provided by the supplier change the assessments made in the question checklist under Tests 1 and 2.

TEST 2: Drawing a conclusion - is the national security threat continuing or likely to occur again?

86. Once all relevant information, including representations and evidence from the supplier have been considered, the contracting authority must determine whether the supplier does pose a threat to national security and the circumstances giving rise to that threat are continuing or likely to occur again. If the answer is yes, the contracting authority should proceed to Test 3. If the answer is no, then the contracting authority should notify the supplier that the contracting authority has concluded on the basis of all relevant available information that the supplier is not excludable and can continue with the procurement exercise.

Test 3 - Should exclusion action be taken against the supplier in relation to the particular procurement?

87. At this stage, the contracting authority must make a decision as to whether exclusion action should be taken. In Test 3 contracting authorities should evaluate the risks associated with the threat posed by the supplier (in Tests 1 and 2) within the specific circumstances of the procurement, including the potential impact or harm the use of the supplier could cause to national security and the opportunity the procurement could provide for that to occur.

Customer sensitivity

Question 8: Consider contracting authority sensitivity and the potential for harm to UK national security within this procurement

a. What access to, or control of assets, data, computer systems or networks that are part of UK critical national infrastructure could potentially be gained?

b. What access to sensitive locations could potentially be gained? This includes sensitive sites or where material classified at SECRET or above is processed, or where there is a requirement for employees to be vetted at or above Security Check (SC) level, or where there is a requirement for Facility Security Clearance or Industry Personnel Security Assurance.

c. What access to data which is of national significance could potentially be gained? This includes significant data (sensitive personal data, data classified at SECRET or above, sensitive nuclear information, large-scale data including such as national or regional level datasets, big data).

d. How critical is the contract? What is the potential severity of disruption or exploitation? How severe would the impact be if this contract had to be terminated at short notice?

Technical vulnerability

Question 9: Understand the product/service offering - access, control and connectivity are the greatest determinants in establishing threat exposure.

a. What is the product, good or service being provided in this procurement? Does the contract involve supplying goods or services of the type listed in question 4 above? How could the good or service be exploited?

b. What is the level of access to or control of data, information and systems that will be provided to the supplier? How could access or control be exploited? Please consider the whole life of the contract.

c. Is the supplier, or the products, goods or services known to have vulnerabilities or failures in security practices? How could these be exploited? If known, have they been adequately addressed?

Jurisdictional Hazard and Control

Question 10: Consider the potential for foreign influence 

a. What is the relevant legislation impacting the supplier’s susceptibility, which may include provisions to compel private entities to engage in or to take actions which facilitate foreign interference activities?

b. How and where does the supplier have control of, or access to, and use of, your information and/or assets?

c. Who may have access to your information and/or assets?

TEST 3: Drawing a conclusion - consideration of the risk to national security within this specific procurement

88. For these purposes, a supplier is likely to present risk of harm to UK national security within the specific procurement if:

a. the customer of the procurement is of higher sensitivity, and the procurement will, or has the potential to, grant access, control of, or proximity to sensitive sites, critical national infrastructure, or data of national significance (question 8) and,

b. the supplier, goods or services that will be provided in this procurement are of a type that are more likely to present an opportunity for exploitation or are known to have vulnerabilities or security failures, and these have not been adequately addressed (such as in question 9); and,

c. the supplier is subject to material influence from state ownership, control or influence and or resides in a jurisdiction (such as in question 2); and that state and or jurisdiction is known to seek to harm or undermine UK national security or engage in activity which has that effect (such as in question 10).

89. The contracting authority should then consider whether sufficient mitigations are in place within the contract terms and specifications to address these risks. If not, they should consider whether additional mitigations such as security controls could be put in place within the contract terms and specifications, which could be relied upon to effectively address the specific risks arising in the procurement as part of routine contract management. Modifications must be within the parameters permitted by the Act or the procurement may need to be re-run[footnote 9].

90. Contracting authorities should also consider any actions they could take outside of the contract to reduce the potential opportunity or impact of harm to national security. NSUP is not able to provide advice to contracting authorities on mitigations and actions or security controls. Contracting authorities should refer to the section on security guidance and/or obtain advice from security professionals.

91. The contracting authority should only form the intention to exclude and make a referral to the Minister via NSUP, if, having determined that the supplier is excludable and after considering mitigations and actions, the contracting authority considers that the national security risk warrants an exclusion.

92. If the contracting authority has reached this point in the process and is in a position to form an intention to exclude on the basis that the national security risk warrants an exclusion, but considers that there are extenuating factors that mean it may not exclude the supplier, it should consider contacting NSUP for advice before making a final decision. Extenuating factors may include potentially severe non-national security impacts that may result from the exclusion, such as disruption to essential or public services or critical operations. It is likely that such extenuating factors will only materialise in extremely rare circumstances.

Referral to the Minister for agreement

93. A referral to the Minister for agreement to exclude a supplier or terminate a contract on national security grounds is a serious step for a contracting authority to make. This guidance should be carefully considered before making a referral.

94. If a contracting authority is satisfied that its intention to take exclusion action is appropriate in the circumstances, it must make a referral to seek Ministerial agreement before it can proceed.

95. To do this, contracting authorities should make a formal referral to NSUP, and provide the question checklist assessment, as well as copies of any representations and evidence provided by the supplier. NSUP may request additional information as part of its consideration of the referral. It is important that contracting authorities provide as much relevant information as possible as part of their referral to support the process.

96. If the Minister agrees with the intended exclusion action, NSUP will notify the contracting authority.

97. Where contracting authorities are Ministers of the Crown, government departments or Corporate Officers of the Houses of Parliament, they are not required to make a referral but should consult NSUP from the beginning of their assessment.

Contracting authority decision to exclude

98. The final decision to exclude the supplier will rest with the contracting authority. Such a decision could be subject to legal challenge. See section 89 on Rights of appeal and legal challenge.

99. If the Minister agrees with the contracting authority’s intended exclusion action but the contracting authority subsequently decides that it will not exclude the supplier, it can continue the procurement without taking any exclusion action. However, in these circumstances, the contracting authority should notify NSUP of its final decision via the referral mechanism.

100. There is no requirement on contracting authorities to make exclusion decisions public and we expect that national security-related exclusion decisions will not generally be made so, given the commercial and security sensitivities.

Notification of exclusion action taken

101. Once any contracting authority has taken exclusion action, it is required by section 59(2) of the Act to notify the relevant appropriate authority within 30 days.

102. Which authority must be notified depends on whether the contracting authority is a devolved, transferred or reserved authority (as defined in the Act).  For contracting authorities that are not a devolved Welsh authority or transferred Northern Ireland authority, the contracting authority will notify NSUP via the referral mechanism. For the purposes of a centralised record of exclusions, devolved Welsh authorities and transferred Northern Ireland authorities should report any exclusions to NSUP via the referral mechanism, as well as to the Welsh Ministers or Northern Ireland department (as appropriate).

103. This requirement applies if the contracting authority has taken exclusion action against a supplier who is not on the debarment list or who is on the debarment list on the basis of the mandatory national security exclusion ground.

104. Where suppliers are on the debarment list on the basis of the discretionary national security ground and a contracting authority has decided to proceed to take exclusion action following a referral for Ministerial agreement, contracting authorities should notify NSUP via the referral mechanism where exclusion action has been taken, to help inform the overall understanding of national security risk in public procurement and the operation of the Act.

Referral for debarment investigation

105. Where a contracting authority has identified a supplier as an excludable supplier and identified risks to national security which are of concern in a procurement, which it considers may be applicable in other procurements, it should refer the supplier to NSUP for investigation for debarment on national security grounds.

Part Four: Terminations

106. Under the Act, a contracting authority may, but does not need to, terminate a contract if a termination ground listed in section 78 applies. The right to terminate where a termination ground applies is implied into every public contract entered into from the date of commencement. Termination grounds can include a supplier becoming an excluded or excludable supplier, including by reference to an associated person, since the award of a contract, or a sub-contractor of the supplier being an excluded or excludable supplier. The legal and financial risk of terminating a contract lies with the contracting authority.

107. A contracting authority must notify a Minister (if the supplier is on the debarment list on the basis of the mandatory national security ground) or seek agreement from a Minister (where the discretionary national security ground applies) before terminating a contract in reliance on section 78.

Table 2 - Routes to a termination referral

Route Relevant entry on debarment list Requirements - Sensitivity check Requirements - Test 1 Requirements - Test 2 Requirements - Test 3 Requirements - Notify supplier of intention to terminate Requirements - Referral
D Match to mandatory ground and contract description - - - - Yes Notification only
E Match to discretionary ground - - - Yes Yes Yes
F No match: not on list or on list on mandatory ground but contract does not match description Yes Yes Yes Yes Yes Yes

Process overview for terminations

108. The termination procedure follows a similar process to exclusion (see Figure 3 and table 2). The contracting authority must independently assess if the contract should be terminated. To do this, the contracting authority may also need to assess whether the supplier is excludable. One key difference from exclusions is that contract termination notices, which contracting authorities are required to issue after terminating a public contract, will be public.

109. The contracting authority should consider this guidance to identify the threat, consider any impacts of their intended termination, and seek representations from the supplier about whether the termination ground applies and the contracting authority’s decision to terminate.

Supplier matches an entry on the debarment list

Debarment list: mandatory ground; relevant contract (Route D)

110. If a contracting authority decides to exercise its right to terminate a contract with a supplier that has been added to the debarment list since the award of contract on the basis of the mandatory national security ground for a contract of the same description, the contracting authority is not required to make a referral for Ministerial agreement, but is required to notify the Minister before terminating).

111. If the contracting authority is a private utility, it should follow route E below.

Debarment list: discretionary ground (Route E)

112. If a supplier has been added to the debarment list on the basis of the discretionary national security ground, and is therefore an excludable supplier, the contracting authority should proceed to Test 3 (‘should the contract be terminated?’). For terminations, in Test 3 contracting authorities should evaluate the risks posed by the supplier in the same way as for exclusions, but consider whether the contract should be terminated, rather than whether the supplier should be excluded. The contracting authority will be required to make a referral for Ministerial agreement before terminating.

Supplier does not match an entry on the debarment list (Route F)

113. To terminate a contract with a supplier that is not on the debarment list, a contracting authority should follow the steps from the preliminary sensitivity check. As with exclusions, the contracting authority must first consider if the supplier is an excludable supplier by referring to the questions checklist and, if they are, it must provide the supplier with an opportunity to provide representations and evidence as to whether the exclusion ground applies and whether the circumstances giving rise to any application are likely to occur again. The contracting authority must then consider if the contract should be terminated. Contracting authorities will be required to make a referral for Ministerial agreement before terminating.

114. Route F also applies to instances where the supplier is on the debarment list on the mandatory ground but for contracts of a different description from the contract being considered for termination. In making its own assessment of the threat to national security posed by the supplier and whether the supplier is excludable, the contracting authority should consider the debarment entry for the supplier and any applicable published report. The contracting authority will be required to make a referral for Ministerial agreement before terminating.

Notifying supplier of termination and seeking representations

115. When relying on section 78 to terminate a contract with a supplier, a contracting authority must notify the supplier of its intention to terminate, including which termination ground applies and why they have decided to terminate. During this stage, the supplier must be given a reasonable opportunity to make representations about whether the termination ground applies and the contracting authority’s decision to terminate. The template which should be used for notifying the supplier and seeking representations can be found in Annex 2.

Referral

116. If, following supplier notification and representations, a contracting authority wishes to terminate the contract under routes E or F, it must then submit a termination referral for Ministerial agreement through the referral mechanism via NSUP. Under route D only a notification would be submitted.

117. For terminations, the Minister will consider if the supplier is excludable and if the contract should be terminated. If the Minister agrees, the contracting authority may terminate the contract.

Subcontractors

118. The terminations guidance sets out the circumstances in which terminations may apply to subcontractors. Before terminating a contract on the basis that a sub-contractor of the supplier is an excluded or an excludable supplier, the contracting authority must give the supplier a reasonable opportunity to stop using and, if necessary, replace that sub-contractor. If the supplier does not replace the sub-contractor, the contracting authority may proceed to terminate the contract and follow the relevant notification or referral process depending on whether the sub-contractor is excluded or excludable. The threat posed to the UK national security from subcontractors can be assessed in the same way as for suppliers using the question checklist.

Publication of termination notice

119. Once a contract has been terminated, the decision to terminate will be made public as contracting authorities will be required to publish a contract termination notice (PDF, 468KB). There is an exception for private utilities.

120. This notice will set out that the public contract has been terminated by the contracting authority and must include certain information. As outlined in s.80(1) this must be within 30 days of the contracting being terminated. See guidance on contract terminations.

Part Five: Further information

121. Further guidance on legal challenge to exclusion decisions under Part 9 of the Act can be found in the remedies guidance on gov.uk in the section on “managing the risk of legal claim”. The debarment guidance sets out how the Minister’s decision regarding debarment can be challenged and how that might impact procurements.

122. Contracting authorities should consult their legal advisors to ensure that their decision-making processes are robust and satisfy public law requirements.

Where to go for more information, guidance and training

Procurement Act 2023

123. Contracting authorities should consult the exclusions guidance and debarment guidance on gov.uk to understand the legislation and mechanisms of the new regime. Further guidance on the Procurement Act 2023 and information and training can be found in the Transforming Public Procurement (TPP) collection.

Threat information

124. The threat landscape is always evolving and commercial and security leads should maintain their awareness of potential threats through effective joint working. This information will be particularly relevant to determining whether a supplier could pose a threat to national security and whether it is ongoing or likely to recur (Test 1 and Test 2). Contracting authority internal security leads should have an up-to-date understanding of the threat environment. Parent departments may also be able to provide sector-specific advice to support contracting authorities.

125. The UK National Technical Authorities, including the National Cyber Security Centre and the National Protective Security Authority, publish a wide range of information on the threat to UK organisations. Further information available to contracting authorities on threat includes:

MI5 Countering State Threats

NCSC Threat Reports

NCSC Advisories

PPN 01/22: Contracts with Suppliers from Russia and Belarus

NPSA Network Connected Security Technologies Guidance

126. Other documentation

National Security and Investment Act 2021: Statement for the purposes of section 3

Consultation on Invest 2035, the UK’s modern industrial strategy

UK sanctions list

Security guidance

127. Each contracting authority is responsible for managing their own security risk and approaching risk differently based on their risk profile. Substantial guidance is provided by the National Technical Authorities to assist UK organisations in managing security risk arising from the supply chain. This information will be relevant to contracting authorities at the earliest stages of a procurement. Where the contracting authority has decided to consider threat to national security following a preliminary sensitivity check, and where Tests 1 and 2 have been met, it will also be relevant to consideration of the potential risks of harm to national security that may arise in the procurement and the effectiveness of mitigations in Test 3.

NCSC Supply Chain Security Guidance

Tackling Security Risk in Government Supply Chains

NPSA Protected Procurement Guidance

Guidance on modular security schedules

NPSA Personnel and People Security Guidance

NPSA Protected Procurement Scenarios Booklet

Additional Information

National security related exclusion provisions - legislative framework

Mandatory national security exclusion ground

128. Paragraph 35 of Schedule 6 sets out the mandatory national security exclusion ground. This ground applies to a supplier where the supplier or a connected person poses a threat to the UK’s national security and would pose such a threat in relation to contracts of a particular description.

129. If a supplier is an “excluded supplier” on the basis of any of the other mandatory exclusion grounds, they must be excluded from or their tender disregarded in any covered procurement. However, section 57(3) stipulates that if a supplier is an “excluded supplier” because either the supplier itself or an associated person is on the debarment list on the basis of the mandatory national security exclusion ground, then the supplier is only to be treated as an excluded supplier in relation to the kind of contracts specified in the entry.

130. Section 59(1)(b)(ii) and 59(2) together require a contracting authority to notify the relevant appropriate authority if it has taken exclusion action against a supplier because that supplier is on the debarment list on the basis of the mandatory national security exclusion ground. This notification requirement does not apply where a contracting authority takes exclusion action against a supplier because they are on the debarment list on the basis of any of the other exclusion grounds. There is a separate notification requirement imposed by sections 59(1)(b)(i) and 59(2) which applies where a contracting authority has taken exclusion action in relation to a supplier who is not on the debarment list.

Discretionary national security exclusion ground

131. Paragraph 14 of Schedule 7 sets out the discretionary national security exclusion ground. This ground applies where the supplier or a connected person poses a threat to the UK’s national security.

132. Section 29 of the Act prohibits a contracting authority from taking exclusion action on the basis of the discretionary national security exclusion ground unless it has first notified a Minister of the Crown of its intention to do so and the Minister, effectively, agrees with the contracting authority’s assessment and proposed approach. The notification requirement in section 29 is referred to in the guidance as ‘a referral’. If the Minister agrees, the contracting authority can proceed with their intended action.

133. Section 29(3) clarifies that a contracting authority must secure Ministerial agreement to its intended exclusion action before it can tell a supplier that it intends to exclude them because one of their associated persons or intended sub-contractors is an excludable supplier (on the basis of the discretionary national security exclusion ground), and offer the supplier the chance to find an alternative.

Terminations

134. Section 78(1) of the Act provides that it is an implied term of every public contract that contracting authorities can terminate the contract if a termination ground applies. Section 78(2) sets out the three specific circumstances which constitute ‘termination grounds’ including where a supplier has, since the award of the contract, become an excludable supplier.

135. If a contracting authority intends to rely on section 78(1) to terminate a public contract on the basis of the discretionary national security exclusion ground, section 79(1) of the Act requires the contracting authority to notify the Minister and seek their agreement first. The contracting authority may only terminate the contract if the Minister agrees that the supplier or sub-contractor is excludable and the contract should be terminated. 3. Before terminating a contract in reliance on section 78(1), a contracting authority must:

(a) notify the supplier of its intention to terminate,

(b) specify which termination ground applies and why the authority has decided to terminate the contract, and

(c) give the supplier reasonable opportunity to make representations about:

(i) whether a termination ground applies, and

(ii) the authority’s decision to terminate.

Whilst section 78(8) requires a contracting authority to give a supplier reasonable opportunity to:

(a) cease sub-contracting to the excluded or excludable supplier, and

(b) if necessary, find an alternative supplier to which to sub-contract

before terminating a contract under s.78(1) because one of the supplier’s sub-contractors is an excluded or excludable supplier.

ANNEX 1 - Blank template letter for an exclusion notification and request for representations and evidence from a contracting authority to a supplier

[Name/Address/Contact of Contracting Authority]

[Date]

RIGHTS PURSUANT TO SECTION 58(2) OF THE PROCUREMENT ACT (2023)

To [Company]

This is a notification that an assessment is being conducted in relation to the potential application of the exclusion ground set out in paragraph 14 of Schedule 7 to the Procurement Act 2023 (‘the Act’) [threat to UK national security].

It is important to note this is a preliminary step in the assessment and does not predetermine the final [exclusion/termination] decision. We will undertake a full assessment, in line with the provisions in the Act. If this assessment indicates an application of the exclusion ground and that the circumstances giving rise to such application are likely to occur again, we may make a referral to a Minister of the Crown regarding our intent to [exclude/ terminate] on this basis, and to seek agreement for this decision as required under the Act. If the Minister of the Crown agrees with the decision, [supplier] will be notified of our decision.

Rights

This letter is to inform you that under section 58(2) of the Act, [Company] has the right to:

  • make representations, and
  • provide evidence as to whether the exclusion ground applies and whether the circumstances giving rise to any application are likely to occur again.

Section 58(1) of the Act provides that, in considering whether the circumstances giving rise to the application of an exclusion ground to a particular supplier are continuing or likely to occur again, regard may be had to the following matters:

  • evidence that the supplier, associated person or connected person has taken the circumstances seriously, for example, by paying compensation;
  • steps that the supplier, associated person or connected person has taken to prevent the circumstances continuing or occurring again, for example, by changing staff or management, or putting procedures and training in place;
  • commitments that such steps will be taken, or to provide information or access to allow verification or monitoring of such steps;
  • the time that has elapsed since the circumstances last occurred;
  • any other evidence, explanation or factor that is considered appropriate.

Deadline

The factors which the contracting authorities should be taking into account in making their determination as to whether the exclusion ground applies and whether to exclude or terminate are set out in the published guidance linked below:

If [Company] wishes to provide any evidence/make representations pertaining to the above, this must be provided by 23:59 GMT on [INSERT DATE - must be within a reasonable timeframe].

[Company] can provide this via email to [CA email] or in-person. If [Company] would like to request a meeting with representatives of [CA] , please contact [CA Contact Details] and confirm dates/times/locations that would be convenient for [Company].

Yours sincerely,

[CA signature]

Annex 2 - Blank template letter for an intent to terminate from a contracting authority to a supplier

[Name/Address/Contact of Contracting Authority]

[Date]

NOTIFICATION OF INTENT PURSUANT TO SECTION 78(7) OF THE PROCUREMENT ACT (2023)

To [Company]

This is a notification of [insert contracting authority] intention to terminate [contract] based on its determination that [insert supplier] has, since the award of the contract, become an [insert as applicable: excluded or excludable] supplier by virtue of the exclusion ground in [insert as applicable: Paragraph 14 of Schedule 7 to the Procurement Act 2023 (“the Act”) or Paragraph 35 of Schedule 6 to the Procurement Act 2023 (“the Act”)]. Accordingly, we consider that the termination ground under section 78(2)(b) of the Act applies.

[Any relevant information regarding the contracting authority’s decision to terminate can be provided here].

Rights

This letter is to inform you that under section 78(7) of the Act, [insert supplier] has the right to make representations about-:

  1. whether a termination ground applies, and
  2. the contracting authority’s decision to terminate.

[Insert ‘Referral’ section where it is considered that the supplier has become an excludable supplier by virtue of the exclusion ground in Paragraph 14 of Schedule 7 to the Act]

Referral

It is important to note that, in line with the provisions of the Act, [insert contracting authority] intention to terminate does not predetermine the final termination decision. We will assess any representations provided by you by the deadline set out below. If, following that assessment, we consider that the termination ground applies and we intend to terminate, a referral will then be made to a Minister of the Crown regarding our intent to terminate on this basis, seeking agreement for this decision as required under the Act. If the Minister of the Crown agrees with the decision, [supplier] will be notified of our decision.

Deadline

The factors which the contracting authorities should be taking into account in making their determination as to whether the termination ground applies, and the decision to terminate are set out in the guidance linked to below:

[link to public guidance]

If [insert supplier] wishes to provide any evidence/make representations pertaining to the above, this must be provided by 23:59 GMT on [INSERT DATE - must be within a reasonable timeframe].

[Insert supplier] can provide this via email to [CA email] or in-person. If [insert supplier] would like to request a meeting with representatives of [contracting authority] , please contact [contracting authority details] and confirm dates/times/locations that would be convenient for [insert supplier].

Yours sincerely,

[Contracting authority signature]

© Crown copyright 2025

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at www.gov.uk/government/publications

Any enquiries regarding this publication should be sent to us at procurement.reform@cabinetoffice.gov.uk.

  1. Such as where the operational needs of the armed forces require the contract to be awarded to a particular supplier that is located outside of the UK in an area in which the armed forces are deployed.  See paragraphs 25 to 30 of Schedule 2 of the Act for a full list. Guidance on exempted contracts can be found on gov.uk. 

  2. Such as contracts for the supply of military or sensitive equipment or for goods, services or works for wholly military purposes. See section 7(1) of the Act for a full list. Guidance on defence and security contracts can be found on gov.uk. 

  3. Invest 2035: the UK’s modern industrial strategy 

  4. As per s.28 of the Act 

  5. Sensitive sites include any building or complex that routinely holds SECRET material or above; any location that hosts a significant proportion of officials holding developed vetting clearance; any location which is routinely used by Ministers; and any government location covered under the Serious Organised Crime and Police Act 2005. 

  6. The UK has entered into trade agreements with various countries, including the WTO Government Procurement Agreement, which require that suppliers, goods and services from those countries are treated no less favourably than UK suppliers, goods and services in procurements that are covered by those agreements. The Minister will consider whether the intended exclusion would comply with those agreements. 

  7. Such as is headquartered in, manufactures, designs, monitors or maintains products, or provides services from a jurisdiction. Or whose parent company, beneficial owner or persons of significant control are residents or citizens of that country, or who is subject to the laws of that country. 

  8. UK sanctions list 

  9. See Procurement Act guidance on contract modifications

Back to top