Raising the bar – Changes to mandatory and discretionary exclusions under the Procurement Act 2023

The mandatory grounds: expanding the net

Consistent with the old regime, mandatory exclusion grounds apply for five years. Under the new regime, a much wider range of offences automatically trigger mandatory exclusion:

Still included: Bribery, corruption, money laundering and modern slavery.

Now added: Human trafficking, fraud,  terrorist financing, additional tax offences and certain cartel offences.

Significantly, other new mandatory exclusion grounds do not require a conviction. For example, a final infringement decision by a competition authority (for example, for price-fixing) can now trigger exclusion. Similarly, the national security ground allows exclusion where the relevant authority determines that a supplier or connected person poses a threat to UK national security based on its own detailed analysis, even without any established wrongdoing.

Any finding of the relevant grounds will trigger exclusion (even if a supplier is exonerated later on appeal), whereas the previous regime usually required a “final conviction” before exclusion could apply.

We will explore the new Debarment List in detail in the third article of our series, but as part of this new regime, it is notable that a supplier that refuses to cooperate with a debarment investigation can now be automatically excluded where a government minister determines that the lack of assistance is "sufficiently serious".

A bidder will be subject to mandatory exclusion if a mandatory ground applies to it, or one of its connected persons or associated persons.  "Connected persons" and "associated persons" will be explored further in the next article in this series.

The discretionary grounds: heightened scrutiny

Authorities now have wider discretion to exclude bidders even where there is no conviction:

Still included: Grave professional misconduct, serious misrepresentation in procurement processes, anti-competitive conduct, breach of obligations in past contracts, bankruptcy or insolvency.

Now added or extended: breach of contract and poor performance, human rights abuses, labour market misconduct, environmental harm, ethical or other professional failings (for example, involvement in dishonesty or impropriety, even if not prosecuted). These grounds apply, as with the mandatory grounds, to suppliers and their connected or associated persons.

The new or beefed-up discretionary exclusion grounds have been introduced to enable contracting authorities "to take tougher action on underperforming suppliers and suppliers who pose unacceptable risks", according to Cabinet Office guidance. If this sounds a little cryptic, the Cabinet Office guidance clarifies that exclusions aim to manage five categories of "particular risk", including public confidence in the honesty, integrity and probity of suppliers, environmental and employee protection, and national security.

These categories reflect a shift towards a more holistic, risk-based assessment of suppliers – with a greater focus on social and environmental risks as well as the more usual legal and financial factors.

This is a significant shift. Whilst previously businesses could be excluded for "grave professional misconduct" which included unethical and non-criminal conduct, there was a lack of clear central guidance about when it could be invoked. On the one hand, the ambiguity of this ground meant it could be invoked to cover a wide range of possible wrongdoing. On the other hand, the central guidance issued by the Cabinet Office implied that this ground was to be reserved for very serious cases involving criminal or regulatory action. In addition, examples of grave professional misconduct in EU case law included competition law infringements resulting in financial penalties and pending criminal convictions.

The new grounds are more clearly articulated, with the Cabinet Office guidance confirming that a conviction is not required for many exclusion decisions. Under the old regime, authorities were required to consider self-cleaning measures taken by suppliers. Building upon this, the Act requires authorities to consider whether misconduct is “likely to occur again”. Consistent with existing best practice, authorities are therefore encouraged to take a forward-looking and risk-based approach (something we will explore in more detail in the second article in this series), recognising that past misconduct will not always justify exclusion where effective remediation has taken place and the risk of recurrence is low.

Another good example of this shift is the approach to poor performance in contracts. Previously, a bidder could be excluded for significant or persistent deficiencies in performing a substantive requirement under a public contract, but only where this had led to early termination, damages or other comparable sanctions. While there is a similar discretionary ground in the Act, an additional discretionary exclusion ground will be triggered if a business has not performed a contract to an authority's satisfaction and did not improve performance after it was given proper opportunity to do so. Authorities are also now required to issue Contract Performance Notices in circumstances of breach of contract or poor performance, which also act as triggers for discretionary exclusion.

The look-back period for discretionary exclusion grounds has been extended from three years to five years. Note that in the case of the new discretionary exclusion grounds, suppliers will not be subject to potential exclusion actions based on events which occurred before the Act came into force, nor can suppliers be subject to discretionary exclusion in relation to any of the old grounds for events occurring more than three years ago.

Practical examples

• A UK supplier manufactures goods in South Asia. A major NGO report produces hard evidence of exploitative labour practices and unsafe working conditions at one of its factories – but no formal enforcement action has been taken. Under the new labour misconduct and human rights discretionary grounds, these types of allegations may justify exclusion – particularly if the supplier has failed to investigate or take remedial action. Notably, a discretionary exclusion ground will apply to a supplier if the supplier has engaged in conduct outside the UK that a decision-maker considers could result in a slavery, trafficking or exploitation order or a labour market enforcement order being made had the conduct taken place in the UK.
• A water utility fails to disclose an ongoing Environment Agency investigation when asked during a procurement process about the existence of potential regulatory or criminal action against it. The utility is later convicted of illegally discharging raw sewage into rivers and coastal waters, causing harm to marine ecosystems. Discretionary exclusion grounds could apply under the environmental misconduct, improper behaviour in procurement and/or grave professional misconduct grounds.
• A facilities management firm repeatedly fails to meet KPIs across several NHS trusts, including missed service windows and poor hygiene compliance, but no contracts are formally terminated. At least one NHS trust considers that the firm is not performing satisfactorily under a public contract, has been given a proper opportunity to improve, and has failed to do so, and they issue Contract Performance Notices under section 71(5) of the Act in relation to this poor performance. Discretionary exclusion grounds will apply to the facilities management firm because of the Contract Performance Notices that have been issued in relation to its poor performance.

With the discretionary exclusion grounds having been carefully formulated or expanded, and backed by clear Cabinet Office guidance, a greater range of exclusion grounds are potentially available to authorities, and they are more likely than ever before to make use of these powers.

Build your shield: self-cleaning under the new Act

The Act retains and reinforces the concept of "self-cleaning" – the idea that companies can demonstrate rehabilitation through concrete remedial action.

Self-cleaning may be used to avoid exclusion under both mandatory and discretionary grounds, provided certain steps are taken.

What's different? There is more central guidance on how to assess a supplier's self-cleaning measures, giving authorities greater flexibility in the evidence they can use to assess them.

The new guidance spells out the types of remedial measures authorities should expect, which may include:

• Compensation paid to affected parties
• Termination of relationships with responsible individuals
• Restructuring or strengthening of compliance and oversight
• Demonstrable changes in culture, governance or internal controls
• Full cooperation with any investigations or inquiries

Authorities are required to assess the seriousness of the conduct, the credibility and timing of remediation, and whether future risk is meaningfully addressed – including through independent audits, if proportionate. The Cabinet Office guidance specifically mentions the Serious Fraud Office's corporate cooperation principles as a helpful benchmark.

Before deciding whether a supplier is an excluded supplier or an excludable supplier, the contracting authority must give the supplier a reasonable opportunity to make representations, including, for example, as to whether exclusion grounds apply, and to provide evidence that the circumstances giving rise to the exclusion ground are not continuing or likely to occur again (by reference to the information set out in the bulleted list above).

Takeaways for compliance professionals

1. Map the new exclusion landscape across your group

Identify exposure to both mandatory and discretionary exclusion grounds – including offences, poor performance, and ethical failings – across your business and all connected and associated persons.

2. Track risks in real time – not just legal outcomes

Maintain a central register of enforcement activity, whistleblowing reports, press scrutiny, ESG controversies, performance notices and internal investigations. With the new five-year look-back applying to both mandatory and discretionary grounds (for post-Act events), reputational and ethical risks now carry real exclusion consequences.

3. Identify your connected and associated persons

Review corporate structures, joint ventures and subcontractor relationships to determine who may be caught. Conduct by parents, subsidiaries, legacy companies and delivery partners can now trigger exclusion.

4. Treat legacy risk as live risk

Predecessor company misconduct and post-acquisition issues can affect procurement eligibility. Embed exclusion risk into due diligence processes and take clear post-transaction steps to mitigate inherited exposure.

5. Coordinate with contract owners to manage performance risk

Liaise closely with operational teams to flag and address underperformance in public contracts. Contract Performance Notices are now a trigger for discretionary exclusion, so performance should be carefully monitored.

6. Establish clear governance and accountability around exclusion risk

Assign responsibility for monitoring exclusion exposure, responding to authority inquiries and coordinating internal remediation.

7. Embed cross-functional risk detection

Create regular touchpoints between compliance, legal, audit, procurement and HR teams to spot potential exclusion triggers early – whether ethical, contractual or reputational.

8. Update training and guidance across the business

Refresh internal policies and training to cover the full scope of exclusion grounds – including tax offences, competition law breaches, modern slavery risks and national security concerns.

9. Build a robust self-cleaning framework

Design a clear and credible process for responding to risk events – including investigations, disciplinary actions, governance reforms and evidence of cultural change. Authorities will expect structured and proactive remediation.

10. Be ready to respond fast and persuasively

Authorities must offer the chance to respond before applying exclusion. Equip your teams to act quickly with a coordinated and evidence-based response demonstrating that the business is a trustworthy supplier.

Several of these compliance actions will also support readiness for the new failure to prevent fraud offence, which is coming into force in September 2025. For example, mapping connected and associated persons for exclusion purposes mirrors the exercise of identifying ‘associated persons’ whose conduct could trigger corporate fraud liability under the new offence. Strengthening controls in high-risk areas such as subcontracting, sales or finance will help address both discretionary exclusion grounds and fraud control weaknesses. Effective due diligence on third parties, delivery partners and group entities is central to both regimes. Similarly, maintaining a real-time risk log and enhancing training and guidance will be important in demonstrating compliance with the ‘monitoring and review’ and ‘communication’ principles in the Home Office guidance on reasonable fraud prevention procedures.

Conclusion

The Procurement Act 2023 shifts the conversation on exclusion from legalistic box-ticking to a broader question of corporate behaviour, governance and integrity. The bar has been raised.

If you would like assistance in addressing the new Act, please get in touch with our team today.

Authored by Ciara Kennedy-Loest, Claire Lipworth, Kathrine Eddon, and Reuben Vandercruyssen.