Insurance & reinsurance

NDA for UK Insurance: Protecting Underwriting Data, Actuarial Models and Claims Information

UK insurers, reinsurers, Lloyd's syndicates, brokers, actuarial consultants and insurtechs routinely share underwriting data, proprietary pricing models, claims information and reinsurance structures under conditions of strict confidence. This guide explains when an insurance NDA is needed, what it must cover, and which template to use.

By Richard Wood, Founder7 min readUpdated 21 June 2026Last reviewed 21 June 2026NDAinsurancereinsuranceLloyd's

The UK insurance market — one of the largest in the world, anchored by Lloyd's of London and a major London Market — runs on the exchange of commercially sensitive information. Insurers, reinsurers, brokers, managing general agents (MGAs), actuarial consultants and insurtech companies routinely share underwriting data, proprietary pricing models, client risk profiles, claims information and strategic plans before, during and after commercial negotiations. An NDA ensures that information shared in confidence remains confidential, is used only for the agreed purpose, and can be recovered through enforceable legal remedies if misused.

This is general information, not legal advice

NDASafe is a document preparation service, not a law firm. Our templates are legally reviewed against applicable UK law at the point of release, but every situation is different. Where significant value, unusual risk or a cross-border element is involved, take independent legal advice before you sign.

When UK insurance businesses need an NDA

NDAs are needed in the UK insurance sector at the following stages:

Reinsurance negotiations: before a cedant shares its loss history, reserve data, exposure analyses and pricing assumptions with a reinsurer or reinsurance broker during programme placement.
Lloyd's syndicate participation: before a capital provider or corporate member reviews a managing agent's underwriting strategy, book of business, claims experience and financial projections.
Broker and MGA appointments: before an insurer shares its rating models, underwriting guidelines, risk appetite documentation and bordereaux requirements with a prospective MGA or broker partner.
Insurtech and technology partnerships: before an insurer shares historical claims and underwriting data with a technology vendor, or before a vendor shares proprietary AI models, data science methodology or software architecture with a prospective insurance client.
M&A and portfolio transfers: before an acquirer or reinsurer conducts due diligence on a book of business, reserve adequacy, claims history or underwriting performance.
Claims management partnerships: before claims data, litigation strategy or reserve information is shared with an external loss adjuster, legal panel firm or claims management company.
Actuarial and consulting engagements: before an actuarial consultant accesses a client's loss development triangles, reserving assumptions, pricing models or regulatory capital calculations.

What an insurance NDA must cover

A standard commercial NDA may be inadequate for insurance transactions. An insurance NDA should address:

Comprehensive definition of confidential information: explicitly covering underwriting data, actuarial models, claims information, loss histories, pricing algorithms, reinsurance programme terms, binding authority guidelines, client risk profiles, and strategic or financial plans.
Purpose restriction: limiting use of disclosed information strictly to the specific transaction, evaluation or engagement — prohibiting use of a counterparty's pricing data, loss ratios or claims experience for any commercial purpose outside the agreed negotiation.
Multi-party sharing in the London Market: if information is shared across co-insurers, following markets, brokers and capital providers, the NDA should identify each party, impose parallel obligations, and specify which party bears responsibility for each recipient's compliance.
Data protection consistency: provisions governing personal data (policyholder, claimant and employee data) must be consistent with UK GDPR and accompanied by a data processing agreement where the sharing creates a controller–processor relationship.
Regulatory permissions: the NDA should confirm that sharing is consistent with each party's FCA regulatory obligations — particularly for firms subject to FCA Handbook requirements on data security and outsourcing.
Return or destruction: loss development triangles, reserve schedules, actuarial reports and other highly sensitive documents should be returned or securely destroyed if negotiations conclude without a transaction.

Insurance NDA duration: how long is appropriate?

Duration depends on the type of information shared:

Pricing models and actuarial assumptions: three years from the date of disclosure, with a trade secret survival clause for genuinely proprietary models and methodologies that remain commercially sensitive beyond that period.
Claims data and loss histories: five years, reflecting long-tail liability, potential regulatory investigations and litigation timelines in UK insurance.
Reinsurance programme terms: for the life of the programme and three years after expiry — reinsurance claims can emerge long after a policy period ends.
Client and policyholder personal data: subject to UK GDPR retention limits regardless of the NDA term; data must not be retained beyond what is lawful under applicable data protection law.
M&A due diligence materials: two to three years from the date of disclosure, or until the transaction completes or is terminated, whichever is later.

Which NDASafe template to use

The appropriate template depends on the structure of the insurance transaction:

Mutual NDA (£29): the default for most insurance negotiations — reinsurance placement, Lloyd's syndicate discussions, MGA appointments and insurtech partnerships — where both parties are sharing genuinely sensitive information.
One-Way NDA, Disclosing (£29): use where only one party is sharing confidential information — a broker sharing a client's risk profile with a panel of insurers, or an actuarial consultant sharing methodology documentation with a prospective client.
M&A Due Diligence NDA (£29): use for portfolio acquisitions, book transfers and Lloyd's syndicate M&A — covers data-room provisions, no-poach during diligence and confidentiality that survives a collapsed deal.
NDA with IP Assignment (£29): use where an insurtech vendor is developing proprietary technology or data science models specifically for an insurer and the insurer needs to own the output.
Complete NDA Bundle (£79): all eight NDA variants. Suitable for insurers, managing agents, brokers and Lloyd's syndicates managing a range of client, partner, reinsurer, technology and investment relationships.

UK insurance NDA templates — legally reviewed, instant download

NDASafe's NDA templates are editable Word documents appropriate for UK insurers, reinsurers, Lloyd's syndicates, brokers, MGAs, actuarial consultants and insurtechs. Single template £29. Complete bundle (all 8 variants) £79. Delivered instantly as an editable .docx file.

Step by step

1
Sign before sharing any underwriting data, pricing models or claims information
The risk in insurance transactions runs from the earliest exploratory conversation. Before a broker shares a client's loss history and risk profile with a prospective insurer, before an insurer shares its actuarial assumptions with a reinsurer, and before an insurtech vendor shares proprietary technology architecture with a potential insurance partner — the NDA should be signed. A single inadvertent disclosure of a client's claims history, an insurer's pricing model or a reinsurance programme structure without an NDA in place leaves both parties without contractual recourse if that information is misused.
2
Define confidential information to cover all insurance-specific data categories
A standard commercial NDA may not explicitly cover the categories of information most sensitive in insurance transactions. The definition should include: underwriting data, rating factors, pricing models, actuarial assumptions and reserving methodologies; claims data, loss histories, reserve schedules and exposure analyses; client and policyholder risk information; reinsurance programme structures, treaty terms and cession percentages; binding authority terms, delegated underwriting guidelines and bordereaux; proprietary technology, data science models and scoring algorithms; and strategic plans including product development, market entry and acquisition strategy.
3
Address the layered structure of the London Market
In London Market transactions — co-insurance, Lloyd's syndicate participation, reinsurance — information is shared across multiple parties simultaneously: lead underwriters, following markets, brokers, managing agents and capital providers. The NDA should identify all parties who will receive confidential information, impose parallel confidentiality obligations on each, and specify that information shared in a slip, placing memo or claims bordereau is covered. Where a Lloyd's managing agent is involved, the NDA should be consistent with the managing agent's Lloyd's regulatory obligations.
4
Restrict use to the specific transaction or engagement
Insurance professionals routinely encounter information about competitors' pricing, loss ratios, risk appetite and reinsurance structures in the course of commercial negotiations. The NDA should expressly restrict each party's use of disclosed information to the specific transaction or engagement, and prohibit: using a counterparty's pricing data to calibrate your own rating models; using claims or loss data disclosed in a reinsurance negotiation for any purpose other than pricing the specific programme; and using technology architecture or data science methodology shared by an insurtech vendor for any purpose outside the agreed evaluation or partnership.
5
Set duration appropriate to the nature of the information
Appropriate duration varies by information type. Pricing models and actuarial assumptions should be protected for at least three years from disclosure, with a trade secret survival clause for proprietary models that remain commercially sensitive beyond that period. Claims data and loss histories should be protected for five years, reflecting potential long-tail liability and regulatory retention requirements. Reinsurance programme terms should be protected throughout the life of the programme and for three years after expiry. Client and policyholder personal data must be handled in accordance with UK GDPR regardless of any NDA term.

Frequently asked questions

Why does the UK insurance sector need NDAs?

Insurance businesses share three categories of information that are highly sensitive and commercially valuable: underwriting data (loss histories, risk profiles, pricing models and actuarial assumptions); client and claims data (personal and commercial information subject to data protection law); and strategic information (reinsurance structures, distribution agreements, product development plans and technology systems). An NDA creates binding confidentiality obligations, limits use of disclosed information to the agreed purpose, and provides enforceable remedies — including injunctive relief — if information is misused. For regulated insurers, an NDA also documents the basis for sharing certain categories of data with third parties.

Should an insurance NDA be mutual or one-way?

It depends on the commercial relationship. Mutual NDAs are appropriate where both parties are sharing genuinely sensitive information — for example, between a Lloyd's syndicate and a reinsurer discussing a new reinsurance programme, or between an insurer and an insurtech company negotiating a technology partnership. A one-way NDA is appropriate where only one party is disclosing — for example, a broker sharing a client's risk information with a prospective insurer, or an actuarial consultancy sharing proprietary modelling methodology with a potential client.

Can an NDA protect an insurer's pricing models and actuarial assumptions?

Yes. Proprietary pricing models, rating algorithms, actuarial assumptions, loss development factors and reserving methodologies constitute trade secrets and confidential information under UK law. An NDA that defines these as confidential information and prohibits the recipient from using, copying or disclosing them outside the agreed purpose will protect them contractually. The NDA should be complemented by practical measures: share models in an approved format, limit access to named individuals, and include a specific prohibition on reverse engineering.

What is the position of Lloyd's and the London Market on NDAs?

Lloyd's of London and the London Market have no prohibition on NDAs, and they are routinely used for reinsurance negotiations, Lloyd's syndicate investments, managing agent acquisitions and insurtech partnerships. However, Lloyd's regulated activities and binding authority agreements are governed by Lloyd's market regulations alongside any NDA. The NDA governs pre-contractual disclosure; once a binding authority or syndicate arrangement is in place, the contractual terms typically also contain confidentiality provisions. Both sets of obligations run in parallel.

Does an insurance NDA need to address UK GDPR and FCA requirements?

If the disclosure involves personal data — as most claims information and retail insurance underwriting data does — the NDA must be accompanied by or incorporate data protection provisions consistent with UK GDPR. The sharing of personal data between insurers and third parties (brokers, loss adjusters, reinsurers) must have a lawful basis and appropriate contractual safeguards. The NDA governs commercial confidentiality; UK GDPR and any data processing agreement govern the lawful handling of personal data. For FCA-regulated firms, data sharing must also be consistent with their regulatory obligations under the FCA Handbook.