Providing References in the UK: Employer Obligations and Risks

As a small business, you’ll be asked to provide employment references sooner or later - by departing employees, former team members, or recruitment agencies.

It sounds simple, but references sit at the intersection of employment law, data protection and reputation risk. A careless line can expose your business to claims, while a clear, consistent process can save time and protect relationships.

In this guide, we break down when you must (and don’t have to) provide a reference, what to include, the legal risks to avoid, and the simple policies and templates that keep you protected from day one.

What Does UK Law Say About Providing A Reference?

In most cases, UK employers are not legally required to provide a reference. However, if you do provide one, you owe duties to both the ex-employee and the recipient employer to take reasonable care that the information is true, accurate and fair.

In practice, that means references should:

• Be factually accurate and not misleading (by what they say or omit)
• Be fair - avoid cherry-picking negative incidents without context
• Reflect evidence on file (e.g. performance appraisals or disciplinary outcomes)
• Avoid discriminatory content (e.g. protected characteristics under the Equality Act 2010)

If a reference is careless or inaccurate, you could face legal risk such as negligent misstatement (where a recipient relies on your comments and suffers loss) and, in some cases, defamation. The safest approach is to set a clear company position on references and follow it consistently.

There are also sector-specific rules. For example, certain financial services roles have mandatory regulatory references. If you operate in a regulated sector, make sure your process aligns with your regulator’s requirements.

Do You Have To Provide A Reference? When You Can Say No

As a starting point, most employers can choose whether to provide a reference. There are exceptions - for example, if an employment contract or settlement agreement promises a reference, or if a regulator requires one for particular roles.

It’s generally lawful to offer a “basic” or “factual” reference (confirming dates and job title) and to decline detailed character or performance references. It’s also fine to adopt a policy that your business only provides basic references.

That said, decisions should be consistent. Treating one ex-employee differently from others could lead to allegations of discrimination or victimisation. If you need to refuse a request, have a neutral, standard response ready so your team can reply quickly and consistently.

If you’re weighing up whether to decline, it can help to understand the legal boundaries around when an employer can refuse a reference and the narrow circumstances where you may have to provide one (for instance, where you’ve contractually agreed to it).

What To Include (And Avoid) In A Reference

There’s no single “right” format, but a safe employer reference tends to be short, factual and supported by your records. If you’re providing only a basic factual reference, keep it to the essentials. If you’re providing a fuller reference, stick to objective, evidenced statements.

Safer Ground: Factual References

A factual reference typically confirms:

• Full name and role
• Employment dates (start and end)
• Working pattern (full-time/part-time) and, if asked, whether the role was permanent or fixed-term
• Eligibility for rehire (optional and only if you have a clear policy)

Some employers also confirm salary on request, but you don’t have to. If you do, ensure the figure is correct and state whether it was base salary only or inclusive of allowances or variable pay.

If You Provide More Detail

If your policy allows fuller references, ensure any extra content is capable of being backed up by your files. Good practice includes:

• Linking performance comments to formal appraisals or documented objectives
• Referring to any formal disciplinary outcomes in neutral terms and stating the outcome date
• Avoiding opinions and adjectives (e.g. “unreliable”); use specific, evidenced facts instead
• Making clear the basis of knowledge (e.g. “based on records held by ”)

Never include information about health, disability, pregnancy, religion, ethnicity, sexual orientation or other protected characteristics. Avoid speculation about reasons for leaving. If an employee resigned, say so; if they were dismissed, state “employment ended on ” and only refer to dismissal where it is both necessary and evidenced by formal outcome letters.

References And Employment Contracts

Sometimes, employees (or agencies) ask for a reference clause during recruitment. You’re not obliged to include one, and most businesses prefer their Employment Contract to be silent on references so future requests are handled under your standard policy. If you do choose to commit to a form of reference (for example, for senior hires), make sure the wording is narrow, factual and subject to your legal obligations.

In exit situations, especially where disputes are being resolved, employers sometimes agree a short, pre-approved reference as part of a settlement. If you go down that route, it’s wise to put the wording in a Deed of Settlement so both sides are clear and your team has an approved template to issue later.

If you’re looking to standardise your approach, an employee reference template can save time and reduce risk - just ensure staff know when to use it and when to escalate requests for legal review.

Data Protection, Confidentiality And Record-Keeping

References involve personal data, so the UK GDPR and Data Protection Act 2018 apply. The key points for small businesses are straightforward:

• Lawful basis: You’ll usually rely on “legitimate interests” to share a fair and accurate reference with a prospective employer.
• Data minimisation: Share only what’s necessary for the purpose (i.e. assessing suitability for a role).
• Accuracy: Take reasonable steps to ensure the reference is correct based on your records.
• Security: Issue references through secure channels and restrict who can authorise them.
• Retention: Keep a copy of references issued and the data you relied on, in line with your retention schedule.

There’s also a specific “confidential references” rule under the Data Protection Act 2018. In simple terms, if you draft a confidential reference, you generally don’t have to disclose that reference to the individual if they later make a data request to you. However, the recipient organisation might still have to disclose the reference to the individual if they make a data request to the recipient. In other words, the exemption protects the provider more than the recipient.

Since employees and ex-employees can submit subject access requests about their data (including what records you hold that underpin a reference), make sure you have a clear process for handling SARs and for recording the factual basis behind any comments you include.

Finally, remember confidentiality obligations you owe to third parties. If information in your files relates to confidential clients or internal investigations, do not include those details in a reference unless you have a clear legal basis and it’s strictly necessary.

Policies, Templates And Training To Protect Your Business

The easiest way to reduce risk (and admin) is to adopt a simple references policy that your HR team and managers can follow. This ensures consistency and limits who can speak on behalf of the business.

Build A Clear, Short Policy

Your policy should set out:

• Who can provide references (e.g. HR only)
• What type of reference you will provide (e.g. basic factual by default)
• What must never be included (e.g. protected characteristics, medical data, opinions)
• When to escalate (e.g. requests referring to litigation, regulatory requests, or detailed performance commentary)
• How references are recorded and retained

This can sit in your Staff Handbook for visibility, with an internal template for HR to use. If you need a standalone rule for your intranet or HR system, a short Workplace Policy works well.

Standardise The Wording

Create a simple template your authorised team members can issue quickly. For most businesses, a basic factual reference covers the majority of requests. If a request asks for more, your policy can require legal sign-off before providing additional information. Having a consistent template reduces the risk of one manager saying more than another and helps avoid discrimination claims.

Train Your Managers

Many reference risks come from well-meaning managers replying informally by phone or email. A short training note goes a long way. Reinforce that:

• All reference requests must be redirected to HR
• No informal off-the-record comments should be given by line managers
• References should be in writing, on company letterhead or via a designated HR email
• Telephone references should be followed up with a written version

Connect The Dots With Other Documents

References are only as strong as the records behind them. Make sure performance reviews, warnings and outcomes are properly documented and consistent with what you’d be prepared to confirm externally. Clear contracts and policies across your employment lifecycle help here - from the initial Employment Contract through to any agreed exit terms in a Deed of Settlement.

Tricky Scenarios To Handle Carefully

• Bad leavers: Stick to facts you can evidence. If there was gross misconduct, you can confirm that employment ended on a particular date and, if asked, that dismissal followed a disciplinary process concluded on . Avoid commentary.
• Ongoing grievances or claims: Provide a basic reference and avoid commenting on issues that are unresolved or sub judice. Escalate to legal.
• Agency requests with tight deadlines: Your policy can set a standard turnaround for basic references. If an agency pushes for more, hold the line and ask for written questions that you can review properly.
• Former casuals or short-term contractors: Confirm the engagement dates and capacity accurately. For contractors, you may be asked to confirm the nature of the engagement; ensure your wording aligns with your contractor terms.
• Data requests: Have a clear playbook for SARs and diarise timelines. If a request is complex, consider your lawful basis and any exemptions carefully and, where needed, take advice.

When To Get Advice

If a request involves allegations of discrimination or whistleblowing, relates to regulatory roles, or asks you to disclose detailed performance issues, it’s worth speaking with a lawyer. Likewise, if you’re considering committing to references prospectively (for a senior hire) or agreeing wording as part of a settlement, don’t DIY the drafting - make sure it’s precise and enforceable. If your team is handling frequent data requests linked to references, our privacy specialists can help you streamline your SAR process and deadlines.

Key Takeaways

• Most UK employers don’t have to provide a reference. If you do, you must take reasonable care to ensure it’s true, accurate and fair.
• A short, factual reference is usually the safest option. If you include more detail, stick to evidenced facts and avoid anything discriminatory or speculative.
• Be consistent. Adopting a basic-reference-by-default approach - and documenting it in your Staff Handbook or a Workplace Policy - helps prevent discrimination claims and minimises risk.
• Data protection applies. Use a lawful basis (typically legitimate interests), minimise data, keep references secure, and be ready to manage subject access requests. Remember the “confidential references” exemption protects the provider more than the recipient.
• Keep reference wording standardised. Use an approved employee reference template and require legal sign-off where a recipient asks for more detail.
• If you promise a reference (for example, as part of exit terms), capture the wording carefully in a Deed of Settlement so your team has a clear document to follow later.
• When in doubt, it’s fine to issue a basic factual reference or, in some circumstances, to refuse a reference - provided you apply your policy consistently.

If you’d like tailored help setting your reference policy, drafting a safe template, or managing a complex request, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.