
Life Sciences Law Update
In our first article in this series, we explored the expanded mandatory and discretionary exclusion grounds under the Procurement Act 2023 (the "Act").
The Act doesn't just expand the grounds for exclusion.
It also changes how those grounds are applied and, importantly, who triggers exclusion. At its core, the new regime reflects a familiar and growing theme: you can be held responsible not only for what your company does, but also for what others do on your behalf.
This article focuses on how that principle plays out in procurement exclusions, and why compliance teams must think broadly about their third-party risk landscape – drawing parallels with the wider concept of "associated persons" under the failure to prevent offences.
Under the old regime, authorities were required to consider self-cleaning measures taken by suppliers.
Building upon this, under the Act contracting authorities must now ask not only whether a ground for exclusion is present, but also whether the underlying conduct is continuing or is likely to occur again. Exclusion isn't just about past wrongdoing, but about future risk. Consistent with existing best practice, authorities are therefore encouraged to take a forward-looking approach.
This is consistent with the Cabinet Office guidance's emphasis on protecting public money and ensuring reliable delivery. Authorities must consider whether the supplier has remediated the issue, changed leadership, improved controls or otherwise reduced the likelihood of recurrence. Authorities must also give the supplier a fair opportunity to respond before any exclusion decision is made.
For example, a company convicted of a tax offence two years ago may not be excluded if it can show it has replaced senior leadership, overhauled its financial governance and cooperated fully with HMRC. Conversely, a supplier facing repeated whistleblowing complaints or unresolved regulatory findings may be excluded even without a conviction, if the underlying risk appears ongoing.
The most significant change under the new exclusion framework is how far liability can extend beyond the contracting entity itself.
The Act introduces a broader definition of "connected persons" than existed under the previous regime in the Public Contracts Regulations 2015. A supplier may be an excluded supplier or an excludable supplier if certain exclusion grounds apply to a connected person and if the circumstances giving rise to the ground are continuing or likely to occur again.
So who qualifies as connected? The definition includes:
This definition is designed to capture both formal and informal relationships of control, recognising that misconduct or risk may not be neatly confined to legal entities. It extends exclusion exposure beyond the supplier itself to its broader corporate group, key controllers and affiliated entities.
By contrast, under the old regime, the focus was on individuals with powers of representation, decision or control within the supplier, such as directors or board members. This test was perceived as allowing companies to rebrand or restructure to avoid scrutiny.
Where a supplier is excludable due to a connected person’s misconduct, contracting authorities may consider the strength of that connection when deciding whether to exclude. A weaker link may suggest lower risk to the procurement or contract delivery, supporting a decision not to exclude.
Unlike associated persons or subcontractors, connected persons cannot be substituted, so authorities are not required to offer the supplier an opportunity to replace them before exclusion.
The Act also introduces a procurement-specific version of the “associated person” concept – familiar from failure to prevent bribery, tax evasion and fraud offences. In those contexts, it includes anyone performing services for or on behalf of a company – employees, agents, intermediaries, subsidiaries, and more.
Under the Act, an associated person is someone the supplier relies on to:
This brings third-party conduct squarely into scope. If a subcontractor, delivery partner or consortium member is found to have committed a relevant offence – and the supplier relies on them to meet participation conditions or to perform the contract in a significant way – the supplier may be excluded. The definition is intended to cover material contributors to eligibility or delivery.
Exclusion may arise not just from the conduct of an associated person, but also from the conduct of a connected person of that associated person (e.g. a director of an associated person of the supplier). This introduces a layered risk.
However, unlike connected persons, the exclusion risk in connection with associated persons only arises if the supplier is relying on that individual or entity in the context of the specific contract.
If a supplier is an excluded supplier or an excludable supplier by virtue of an associated person (and the circumstances giving rise to the exclusion ground are continuing or likely to occur again), the supplier must be given the opportunity to replace the associated person before being excluded.
The Cabinet Office guidance provides a useful worked example of this in the context of an integrated facilities management (IFM) contract. The table below sets out examples using this hypothetical contract, and highlights the key differences between the concept of an associated person under failure to prevent offences and under the Procurement Act.
Example |
Role in IFM Contract |
Failure to prevent offences – Associated Person? |
Procurement Act – Associated Person? |
Notes |
Business development agent |
Introduces tender opportunities |
Yes ✅ |
No ❌ |
Performs services but not relied on for participation |
Key subcontractor |
Specialist buildings maintenance provider |
Yes ✅ |
Yes ✅ |
Performs services and relied on to meet eligibility criteria |
General service subcontractor |
Security services provider |
Yes ✅ |
No ❌ |
Delivers part of contract but not relied on for participation |
Temporary worker |
Short-term staff member supporting cleaning |
Yes ✅ |
No ❌ |
Performs services but not relied on for eligibility |
The Act therefore reinforces a familiar compliance message: effective risk management requires suppliers to have visibility and oversight not only over their own conduct, but across all entities and individuals they rely on – whether within their corporate structure or outside it.
It also introduces practical challenges:
Although the definition of “associated person” under the Act is narrower than under failure to prevent offences, the conceptual overlap is clear: if someone is acting on your behalf, their conduct can expose you to risk.
In fact, many of the controls designed to prevent bribery, tax evasion or fraud can be repurposed to mitigate exclusion risk in procurement. These include:
In some cases, conduct that triggers exclusion may also give rise to liability under the failure to prevent offences, or vice versa. The definitions are distinct, but the compliance approach can be integrated.
Know your connected persons – including legacy entities, parent companies, subsidiaries and joint ventures.
Identify who your associated persons are for each procurement. Focus on those relied upon for eligibility or performance.
A supplier can be excluded based on the conduct of a connected person of an associated person. This requires deeper due diligence; scrutinise ownership and influence across your supply chain.
If you're relying on an associated person who is later caught by an exclusion ground, you may be able to replace them – so always have a Plan B.
Your existing systems may also mitigate exclusion risk. Adapt and apply them as needed.
Authorities will assess whether risk is ongoing or likely to recur – not just past misconduct. Effective remediation may determine your eligibility.
The Procurement Act 2023 introduces a more dynamic and interconnected approach to exclusion – one that reflects the reality of modern supply chains, group structures and third-party relationships.
Understanding who counts as a connected or associated person is central to navigating exclusion risk.
For compliance teams, the message is clear: know your group, know your partners, and monitor how your eligibility could be affected by the conduct of others.
Authored by Claire Lipworth and Reuben Vandercruyssen.