What is the OfS new Condition of Registration E6 and what do institutions need to do to comply?

The Office of Students (OfS) has published a new condition of registration for higher education providers. The new condition, ‘E6’, introduces requirements for institutions to protect students from harassment and sexual misconduct. The introduction of this new condition comes after a consultation that was launched in February 2023 on a new approach to regulation in this area. The consultation had been launched following an evaluation of progress made by the sector on a ‘statement of expectations’ published in April 2021. The new expectations and guidelines affect all higher education institutions and all students and academic staff in them. The need for such a condition is real and pressing: a recent OfS survey found that some 20% of students have experienced unwanted sexual behaviour, with nearly 70% of these experiences involving some setting having to do with a higher education setting.

What are the new requirements on higher education providers under the E6?

Policy requirement: All higher education providers registered with the OfS must publish and maintain a single comprehensive source of information (CSI) on how they handle harassment and sexual misconduct. This must meet minimum content and transparency requirements.
Commitment to action: Providers must take steps designed to make a “significant and credible difference” in protecting students, with actions tailored to their specific risks and student demographics.
Standardised definitions: OfS has set definitions of harassment and sexual misconduct, aligning with Equality Act 2010 and Protection from Harassment Act 1997. Sexual misconduct includes, but is not limited to, sexual harassment, sexual assault, and rape.
Student awareness: Policies must be prominently published, public, and clear, ensuring students and prospective students can easily access them.
Training obligations: Providers should implement mandatory training for students, witnesses, and staff, ensuring training is evidence-based and evaluated for effectiveness.
Student support: Institutions must provide appropriate support for students involved in harassment or sexual misconduct cases, including tailored assistance based on individual needs.
Reporting and handling: Providers must clarify how incidents can be reported, how reports will be handled fairly and sensitively, and how affected individuals will be kept informed.
Conflicts of interest: Institutions must protect students from abuse of power in personal relationships between staff and students, with OfS recommending banning or regulating such relationships.
Free speech considerations: Compliance measures must not unduly restrict lawful free speech, unless such restrictions are proportionate.
Ban on NDAs: From 1 September 2024, institutions cannot use non-disclosure agreements (NDAs) to prevent students from sharing information about harassment or sexual misconduct.
Regulatory oversight: OfS will adopt a risk-based approach to monitoring, focusing on providers most at risk of non-compliance.
Enforcement Actions: If breaches are found, providers may face fines, increased regulatory requirements, or even suspension of their registration.

What is the deadline for compliance with the E6?

Recognising the time needed for providers to implement effective policies and engage with staff and students, the OfS has extended the deadline for compliance to 1 August 2025, though the restriction on non-disclosure agreements (NDAs) takes effect from 1 September 2024, requiring urgent action from governors.

What are the implications for governance?

The E6 condition has significant governance implications, requiring institutions to develop and maintain a comprehensive source of information (CSI) on harassment and sexual misconduct. Governors must ensure their institution’s policies are robust, transparent, and tailored to the specific risks faced by their student population. Given the high level of public and regulatory scrutiny, oversight is crucial to ensure compliance and effective communication with students and staff. Governors must also oversee the implementation of evidence-based measures, such as student collaboration, data collection, and policy evaluations. A key governance challenge is managing staff-student relationships, with institutions expected to introduce safeguards against abuse of power. While the OfS suggests a ban on intimate relationships, it allows providers to adopt alternative approaches, requiring careful institutional decision-making. Additionally, upholding free speech remains a critical consideration, even as the Labour government pauses new free speech duties. Institutions must ensure that harassment policies do not restrict lawful academic discussion, teaching, or research. The condition applies not only to UK-based students but also to courses delivered through franchise, partnership, and transnational education arrangements. This means governors must oversee compliance beyond the UK, ensuring policies are applied, monitored, and maintained consistently across all locations.

What should providers be doing to prepare?

Providers should start by reviewing and updating their policies to ensure they align with the new E6 condition, including the requirement to publish a comprehensive source of information (CSI) on harassment and sexual misconduct. This means clearly outlining procedures, ensuring compliance with OfS minimum content requirements, and making the information easily accessible to students and staff. Institutions must also focus on training and awareness, introducing mandatory sessions for students, staff, and potential witnesses to ensure everyone understands their responsibilities. Strengthening reporting and support mechanisms is also crucial, with clear, confidential channels for reporting incidents and tailored support for both those who report misconduct and those accused. Governors and leadership teams must assess risks and institutional culture, particularly regarding staff-student relationships, deciding whether to implement a full ban or alternative safeguards such as mandatory disclosure. Policies must also uphold free speech obligations, ensuring they do not unduly restrict academic discussions. Institutions delivering education through franchise, partnership, or transnational arrangements must ensure their policies are effectively applied across all locations. Finally, providers should prepare for OfS monitoring and enforcement, establishing internal oversight processes, collecting relevant data, and addressing any compliance risks proactively.

HEFE compliance training

VinciWorks’ safety and compliance training package for higher and further education institutions includes over 50 courses that meet the training requirements of all staff and students in the most commonly used and requested areas. The package provides training in five suites – compliance, information security, health & safety, diversity & inclusion and performance & leadership.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”