Practical guidance – Understanding criminal record disclosure legislation

Rehabilitation of Offenders Act 1974

The Rehabilitation of Offenders Act 1974 (ROA) supports the reintegration of people with convictions into society by giving them legal protection from having to disclose their record after a certain period of time of not re-offending.

In short, the ROA is the law that:

  • Determines when criminal records become ‘spent’
  • Gives people with spent convictions and cautions the legal right not to disclose them when applying for most jobs and for other purposes, like when buying insurance.

After a certain period of time (known as the rehabilitation period, and based on the sentence or disposal received) criminal records can be considered spent. Once spent, the person is considered ‘rehabilitated’ and, where the law applies, they are treated as if they haven’t got a criminal record. The result is that they don’t need to disclose it when applying for most paid or voluntary jobs. It also applies to buying insurance, applying for housing and enrolling on education courses.

The effect of this is that it makes it illegal for employers to discriminate against an ex-offender on the grounds of a spent conviction, for roles where the law applies.

Most roles are covered by the ROA (although many roles are ‘exempt’ – see below). Where the ROA applies, it is illegal for an employer to discriminate against somebody with a spent criminal record, so employers should ignore spent criminal records. Where the criminal record is unspent, it is generally at the discretion of the employer whether or not to employ the person.

On 28 October 2023 the Police, Crime, Sentencing and Courts (PCSC) Act came into effect significantly reducing the time it takes for community orders, prison sentences and suspended sentences to become spent. The changes allow for some prison sentences of over 4 years to become spent after 7 years, depending on the offence the individual was convicted of.

Prison sentences and community orders

Prison sentences of over 4 years

A prison sentence of over 4 years can be spent after 7 years providing the offence you were convicted of is not listed in Schedule 18 of the Sentencing Act 2020 or is a Public Protection Sentence.

The types of offence which would be excluded from rehabilitation are:

Other community sentences


Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975

The Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2020 lists the positions, professions, offices and licences that are not covered by (known as ‘exempt’ from) the ROA.

If something is ‘exempt’ from the ROA, it means that the Rehabilitation of Offenders Act 1974 (see above) doesn’t apply. It also means that either standard or enhanced check can be carried out (which check can be carried out is specified in law).

The nature of this order means that there is no single comprehensive list of positions exempt from the ROA. Additions and amendments come into force through secondary legislation.

Common positions include:

  1. Nurses
  2. Social workers
  3. Primary and secondary school teachers

Some professions include:

  1. Actuaries
  2. Solicitors – on entry to the profession
  3. Barristers – on entry to the profession
  4. Veterinary surgeon
  5. FCA ‘approved person’
  6. Membership of the Master Locksmiths Association

Offices include:

  1. Crown Prosecution Service
  2. Gambling Commission
  3. HMRC
  4. Revenue and Customs Prosecutions Office

Licences include:

  1. Security Industry Authority licence
  2. Taxi driver


Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2013

It sets out the situations in which cautions and convictions become ‘protected’ from disclosure on standard and enhanced checks. To implement this, the DBS introduced a system of ‘filtering’ (whereby, broadly speaking, once a caution or conviction becomes ‘protected’, it would no longer be disclosed on (or, would be filtered from) a standard or enhanced certificate) – this came about via amendments to the Police Act (see below)

The order also made it unlawful for an employer to take into account a caution or conviction that is ‘protected’ (and that would not be disclosed on a standard or enhanced disclosure certificate).

Employers often refer to this order when they ask applicants to disclose their criminal record for a post that involves a standard or enhanced check.

The image below is taken from Unlock’s guidance on the filtering process.



Part V of the Police Act 1997

Part V of the Police Act 1997 is the central piece of legislation that enabled the creation of the DBS (or CRB, as it was then). It established the provision of criminal record certificates (and of different types). It also established the content of these certificates, and the broad legislative framework by which the system of obtaining them would operate. It established the legal basis for employers to ask exempted questions, and to obtain information about an applicant’s spent cautions and convictions. Amendments to the Act placed limits on which spent cautions and convictions could be obtained.

Section 122 of the Police Act established the role of a code of practice for overseeing the operation of criminal record certificates.

Section 123 of the Police Act established offences relating to the process. Of particular importance for this site are sections 123(2) and 123(3), which are:

(2) A person commits an offence if he knowingly makes a false statement for the purpose of obtaining, or enabling another person to obtain, a certificate under this Part.

(3) A person who is guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale, or to both.

Effectively, this makes an employer potentially liable if it carries out a criminal record check at a level that is not legally allowed under the relevant legislation.

Police Act 1997 (Criminal Record Certificates: Relevant Matters) (Amendment) (England and Wales) Order 2020

The Police Act 1997 (Criminal Record Certificates: Relevant Matters) (Amendment) (England and Wales) Order 2020 is linked to the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2020

The Police Act order amended the definition of ‘relevant matter’ in the Police Act 1997 – a ‘relevant matter’ is what is disclosed on a standard and enhanced criminal record disclosure certificate. Effectively, the order sets out what information can be disclosed by the DBS – it restricts this definition to information that doesn’t qualify for filtering.

Police Act 1997 (Criminal Record) regulations

These regulations set out the positions that are eligible for enhanced checks. They also specifically include positions that are able to check the appropriate barred list(s). These positions will also be included in the ROA Exceptions Order. Like that order, there is no single comprehensive list.

General Data Protection Regulation (GDPR) and Data Protection Act 2018 (replacing the Data Protection Act 1998)

The GDPR makes it a requirement that organisations identify both a lawful basis (Article 6) and a schedule condition (Article 10) before processing criminal records information. Failing to do so exposes an organisation to significant fines and the potential for a civil claim by an individual if information is unlawfully collected.

Section 184 of the Data Protection Act 2018, which came into force on 25 May 2018, replaced section 56 of the Data Protection Act 1998, which came into force on 10 March 2015. This makes it a criminal offence for an employer to require an applicant or existing employee to make what’s known as an ‘enforced subject access’ request and then share the information with the employer.

An enforced subject access is where, for example, and employer requires an applicant to obtain a copy of their police record directly from the police (not through the DBS) as part of the application process for the job. This type of record displays significantly more personal information than what an employer is legally entitled to be in possession of.

The Information Commissioners Office (ICO) has indicated that it intends to prosecute those who continue to make enforced subject access requests.


This guidance was last updated in February 2024



Print Friendly, PDF & Email