M&A: Safeguards for sharing commercially-sensitive information during due diligence

Insights / / London

In this article we consider UK competition law rules applying to the sharing of commercially-sensitive information (CSI) during the due diligence stages of a transaction and the procedural safeguards a seller can put in place to ensure compliance with UK competition law.

What is the key legislation in this area?

Chapter I of the Competition Act 1998 (Competition Act)¹, known as the ‘Chapter 1 prohibition’, prohibits “agreements between undertakings, decisions by associations of undertakings and concerted practices” which may affect trade within the UK and have as their object or effect the prevention, restriction or distortion of competition within the UK. 

Anti-competitive agreements include: express written contracts, non-binding arrangements and understandings, oral agreements, inferences from conduct, “gentleman’s agreements”, and other types of collusion and concerted business practice. An agreement may fall outside the Chapter I prohibition if it is not caught by the Competition Act. It may also be formally excluded from the scope of, or exempt from, the Chapter I prohibition.

In the context of an M&A deal, competing parties will remain competitors until merger clearance (if required) is granted and the transaction closes.²

What body has responsibility for enforcing UK competition law?

The Competition and Markets Authority (CMA) is the main competition law authority in the UK, it has extensive powers to investigate and enforce competition law including (but not limited to) conducting on site, unannounced inspections, questioning current and former employees and imposing fines.

What are the legal risks of infringing UK competition law?

The main legal risks of an agreement or practice infringing the Chapter 1 prohibition are (non-exhaustive):

  • the parties may be fined up to 10% of their annual worldwide group turnover;
  • an agreement may be rendered void and unenforceable;
  • where a director is involved in the breach they may be disqualified and, in the most serious cases, prosecuted; and
  • third parties may bring an action for damages.

In practice, non-legal risks such as the negative impact on a company’s reputation, may be of equal concern and detrimental effect.

What is CSI?

What is and is not deemed CSI will vary depending on the context. The key is whether the nature of the information exchanged reduces the strategic uncertainty of competitors in the relevant market.

The CMA adopted a guide published by the now defunct Office of Fair Trading which sets out some of the circumstances in which the CMA considers that agreements will or may be regarded as anti-competitive.³ Set out in the table below are a few examples of the types of information which may/not generally be exchanged between competitors.

CSINon-sensitive information
Individualised informationPublic domain information
Recent or future sales or commercial strategy which is disaggregatedStatistical/aggregated/general information
Prices, or price terms, including discountsHistorical information e.g. financials
Strategic and marketing plansGeneralised customer preferences or needs
Particular customer or supplier informationGeneral industry trends, generalised data








There is however no “safe harbour” for when information exchanges may be presumed lawful as the exchange of information would always be considered by the CMA in context. Therefore, when considering the proposed transfer of information to a competitor, it would be advisable to implement the procedures set out below under the heading “How can we share CSI safely?” and to seek legal advice.

What are the rules surrounding the sharing of CSI?

UK competition law stipulates that companies should act independently when supplying and purchasing products or services. When a company divulges commercially sensitive or confidential information, there is a risk that the sharing of strategic data mutes competition between them and leads to a collusive outcome.

That said, the UK competition regime is not intended to prevent legitimate commercial activity such as legitimate M&A between competitors. In such situations, the CMA recognises that due diligence needs to be conducted and that parties need to exchange some CSI to determine whether to go through with a transaction and to value a target (amongst other things).

However, if a transaction is aborted, parties may be left with commercially confidential information, which could amount to an unlawful information exchange. As a result, a balance needs to be struck between providing information necessary for a reasonable due diligence exercise and not providing information that would be in breach of the UK competition regime.

It should be noted that whilst information exchange is often encountered in conjunction with other infringements (e.g. to facilitate a price-fixing cartel), the one-off passing of information can be sufficient to be determined an infringement.⁴

How can we share CSI safely?

There are various ways that competitors can protect the information they share during the due diligence process. A few examples include:

  • require individuals receiving/reviewing CSI to enter into an appropriate confidentiality/non-disclosure agreement;
  • disclose CSI to a limited set of named individuals (a ‘clean team’) and ensure that personnel with direct sales, pricing, marketing or commercial decision-making responsibility do not have access to CSI via the data room;
  • exchange CSI on a ‘need to know basis’ only;
  • share CSI in an aggregated, anonymous and/or redacted format; and
  • keep a detailed record of the CSI that is shared and how/with whom it is shared (always mindful it should not be shared with the individuals mentioned at bullet 2 above).

In summary

The concern regarding the exchange of commercially sensitive or confidential information is that it could lead to the co-ordination of competitive activities or otherwise influence the offering of a competitor. Divulging such information can give the appearance of unlawful activity, even if none was intended. Exchanging commercially sensitive or confidential information with a competitor therefore poses a serious risk under UK competition law.

Whilst opening up the process of sharing such information is possible, as we have emphasised in this article, the risks must be closed down before doing so. The contractual and technological processes highlighted in this note can assist sellers in keeping close control over the sharing of CSI throughout the due diligence process.

Caution should be taken in order to mitigate competition law risks as well as seek protection in case the deal aborts.

The above does not constitute legal advice nor does it consider a complete list of issues to consider in the context of the disclosure of CSI and other competition issues that may require consideration during the M&A process. Should you have any queries, please do not hesitate to contact the authors of this article or your usual contact at Ince.


¹ Text available at

² This article does not consider merger clearance.

³ See OFT report of 1 December 2004 “Agreements and concerted practices”

⁴ See Balmoral Tanks Limited and Balmoral Group Holdings Limited v Competition and Markets Authority  [2017] CAT 23

Mona Patel

Mona Patel Partner

Francesca Jus-Burke

Francesca Jus-Burke Senior Associate

Related services: