The UK's Crime & Policing Bill 2025 includes a number of provisions which respond to recommendations of IICSA. These include removal of the limitation period, which we have commented on previously, and making grooming an aggravating factor in the sentencing of child sexual offences. It also introduces a wider statutory duty to report known or suspected child sexual abuse for individuals working with children, and extends the enhanced checking possible with the DBS to include everyone in relevant roles regardless of whether or not they are working under supervision. 

For organisations and their insurers it is important to plan and consider strategies to ensure compliance with the mandatory reporting changes.

What is changing?

Mandatory reporting will be required by a much wider group of individuals than is currently the case, full details of roles to which it applies will be provided. Timescales for reporting and circumstances of what to report are included in the proposed Bill. 

The Bill includes criminal penalties for those who obstruct or deter reporting, alongside professional consequences for those who fail to report.

Practical implications for organisations

In preparation for the changes institutions should review policies and procedures to include:

• Board-level oversight and accountability
• Alignment between internal reporting policies and statutory duties
• Staff training and incident escalation protocols
• Documentation integrity and audit trails: not just record keeping, but defensible record keeping including timely incident reports, emails documenting internal escalation, minutes of safeguarding meetings, records of who was consulted (external agency, etc.), notes of decisions taken with rationale for the same, confirmation that statutory thresholds were considered, evidence of referral to police or local authority (if applicable) and details of follow-up actions.
• An engagement strategy with regulators: in this regard, a good engagement strategy would include:
  1. Clear trigger points for regulator notification
  2. A nominated senior contact for regulator communication
  3. Coordinated messaging (legal + compliance + leadership)
  4. Early legal input where appropriate
  5. Preservation of documentation
  6. Transparent but measured disclosure
  7. Alignment between regulatory response and civil liability considerations.  

It will be important for organisations to be able to evidence process rather than just refer to policy presence alone. Planning for implementation of these changes should begin now.