Is Competitive Intelligence legal?

Is Competitive Intelligence legal?

It is the first question every serious buyer asks. Usually quietly, and usually after they have already decided they want the intelligence. The answer is yes — with a precise legal boundary that is more clearly defined in statutory law than most practitioners realise. This is the complete framework.


Competitive intelligence has a perception problem. Ask a room of B2B executives whether they conduct competitive intelligence and most will say yes. Ask them whether it is legal and the room gets noticeably quieter. The discomfort is not founded in any genuine legal ambiguity. It is founded in imprecise language — the conflation of competitive intelligence with corporate espionage that has been reinforced by decades of thriller fiction and sensationalised press coverage of genuine trade secret theft cases.

The legal distinction between ethical competitive intelligence and industrial espionage is not a matter of interpretation. It is codified in statute across every major commercial jurisdiction. Understanding where that boundary sits is not a compliance exercise. It is a prerequisite for using intelligence effectively — because organisations that do not understand the boundary either operate recklessly or, more commonly, fail to gather intelligence they are entirely entitled to gather.

Both failures are expensive.

The statutory framework: where the law actually draws the line

Competitive intelligence law is not a specialist domain. It sits at the intersection of trade secret law, contract law, and data protection regulation — all of which are well-established legal territories with clear precedent. The relevant statutes in the three jurisdictions most relevant to B2B practice are examined below.

UNITED KINGDOM

🇬🇧TRADE SECRETS (ENFORCEMENT, ETC.) REGULATIONS 2018

The Trade Secrets Regulations implement the EU Trade Secrets Directive into UK law and define the precise conditions under which acquiring, using, or disclosing a trade secret constitutes an unlawful act. The critical operative phrase is “means that are contrary to honest commercial practices.”

The Regulations explicitly enumerate lawful means of acquiring information about competitors, including: independent discovery or creation, observation, study, disassembly, or testing of a product or object that has been made available to the public, and — critically — exercise of the right of workers or workers’ representatives to information and consultation.

Information acquired through voluntary disclosure from a consenting source, through publicly available channels, or through independent research falls entirely outside the scope of the Regulations. The statute is concerned with misappropriation — not with information gathering by lawful means.¹

🇪🇺EUROPEAN UNION

TRADE SECRETS DIRECTIVE 2016/943

The EU Trade Secrets Directive, from which the UK Regulations derive, establishes the same operative boundary across all member states. Article 3 — titled “Lawful acquisition, use and disclosure of trade secrets” — explicitly preserves the right to gather competitive information through reverse engineering, independent research, and any other practice that conforms to honest commercial practices.

The Directive’s recitals are particularly instructive. Recital 14 states that the Directive should not restrict the “mobility of employees” or their ability to use the knowledge, information, and skills they have legitimately acquired in the course of their normal employment — a direct confirmation that interviewing former employees about their general knowledge and experience is lawful.²

🇺🇸UNITED STATES

DEFEND TRADE SECRETS ACT 2016 & ECONOMIC ESPIONAGE ACT 1996

The US framework operates on the same foundational principle: the unlawful element is the means of acquisition, not the act of gathering competitive information. The Economic Espionage Act criminalises theft of trade secrets for the benefit of a foreign government — a threshold entirely irrelevant to commercial competitive intelligence practice.

The Defend Trade Secrets Act 2016 extended civil remedies to trade secret misappropriation and reinforced the same lawful means exception: information acquired through proper means — including independent derivation, reverse engineering, and voluntary disclosure — is explicitly excluded from the statute’s scope.³ Numerous federal court decisions have confirmed that interviewing former employees about general market knowledge, competitive dynamics, and their own experience does not constitute trade secret misappropriation.

“The unlawful element is the means of acquisition — not the act of gathering competitive information.”

The precise legal boundary

Across all three jurisdictions, the legal analysis converges on the same test: what means were used to acquire the information? The content of the information — its sensitivity, its commercial value, its potential to disadvantage the competitor — is legally irrelevant to the question of whether gathering it was lawful. Only the means matter.

LAWFUL COMPETITIVE INTELLIGENCE

UNLAWFUL — INDUSTRIAL ESPIONAGE

 Interviewing former employees about general experience and market knowledge

 Inducing current employees to remove or disclose proprietary documents

 Attending competitor product demonstrations as a potential customer

 Misrepresenting identity to access confidential briefings or restricted events

 Analysing publicly available pricing, job postings, and marketing materials

 Accessing competitor systems, databases, or communications without authorisation

 Interviewing channel partners and resellers about comparative product experience

 Paying sources to breach existing confidentiality or non-disclosure agreements

 Structured elicitation of consenting sources through voluntary conversation

 Obtaining information through threats, coercion, or deception

 Reverse engineering publicly available products or services

 Theft, interception, or misappropriation of proprietary materials

The pattern is consistent. Consent and lawful means determine legality. A source who voluntarily discloses information in a conversation has not been subject to misappropriation — regardless of how commercially sensitive that information may be. A source induced to share documents they were contractually prohibited from disclosing has been, regardless of how the request was framed.

RESEARCH CONTEXT

Hallaq, Levy, and Prescott's (2012) systematic review of competitive intelligence ethics in the Journal of Business Ethics found that the primary source of legal and ethical risk in CI practice was not the intent of the practitioner but the means employed — specifically, the failure to establish informed consent from sources and the use of deceptive elicitation protocols. Organisations with documented ethical frameworks were significantly less likely to encounter legal exposure.

The ethics layer: SCIP and professional standards

Legal compliance establishes the floor. Professional ethical standards establish the ceiling that separates competent, sustainable CI practice from the kind that produces contaminated intelligence and reputational exposure even when it stays technically within legal boundaries.

The Strategic Consortium of Intelligence Professionals (SCIP) association publishes the primary ethical standard for the profession. The Code of Ethics identifies six core principles that govern practitioner conduct:

  1. Accurate representation

Accurately disclose all relevant information, including identity and affiliation, when requested. This does not require volunteering the purpose of every inquiry — but it prohibits active misrepresentation when directly asked.

  1. Lawful means only

Gather information exclusively through lawful means. This is the non-negotiable threshold. Any intelligence gathered through unlawful means is both legally inadmissible and practically contaminated — sources who feel deceived provide unreliable information.

  1. Conflict avoidance

Avoid conflicts of interest and disclose them when they arise. For practitioners operating across multiple engagements, this requires explicit protocols for information compartmentalisation.

  1. Honest recommendations

Provide honest, realistic recommendations regardless of what the client wants to hear. Intelligence that confirms existing beliefs has limited value. Intelligence that challenges them has high value and requires the practitioner to deliver it without qualification.

  1. Organisational compliance

Respect and comply with policies, objectives, and guidelines of the client organisation. Intelligence engagements operate within the client’s risk and compliance framework, not outside it.

  1. Responsible promotion

Promote ethical practice within the profession. The standard is not individual compliance alone — it includes declining engagements where the client’s intent is to use intelligence for purposes that fall outside ethical boundaries.

Why ethical constraints are also methodological ones

The relationship between ethics and intelligence quality is not coincidental. It is structural. This is perhaps the most important — and least discussed — dimension of CI ethics: deceptive elicitation produces inferior intelligence.

Research in communication psychology and information verification consistently finds that sources who believe they are in a deceptive interaction alter their disclosure behaviour in ways that systematically distort the intelligence produced. Vrij and colleagues’ (2019) work on deception detection and source behaviour found that sources who detect or suspect deceptive intent in an interviewer provide significantly less accurate and complete information than sources in a transparent interaction — not because they choose to lie, but because the interaction dynamics shift from collaborative to defensive.⁵

The implication for competitive intelligence is direct. A source who genuinely believes they are having a candid professional conversation discloses with the specificity and accuracy that makes intelligence actionable. A source who suspects they are being manipulated provides information calibrated to what they think the interviewer wants — not what is accurate. The intelligence value collapses.

This is why the ethical constraint on deceptive elicitation is not merely a legal protection. It is a quality control mechanism. Ethical HUMINT — built on voluntary disclosure, transparent intent, and genuine consent — produces intelligence that can be acted on. Unethical HUMINT produces intelligence that cannot be verified and frequently should not be trusted.

THE QUAS APPROACH

Every QUAS engagement is scoped against applicable legal frameworks before fieldwork begins. Source interviews are conducted under transparent protocols — sources are not misled about the nature of the interaction, and no source is engaged in a manner designed to induce breach of any existing legal obligation.

This is not a risk management posture. It is a quality standard. The intelligence that drives commercial decisions must be accurate. Deceptive elicitation is structurally incompatible with accuracy at the level of rigour that high-stakes decisions require.

QUAS holds ISO 27001 information security certification and operates in compliance with SCIP ethical standards. Both are independently verifiable. Neither is a marketing claim — they are operational commitments with audit trails.

The most common misconceptions — addressed directly

MISCONCEPTION 1: TALKING TO FORMER EMPLOYEES IS ILLEGAL

It is not. The movement of employees between organisations — and their right to discuss their general professional experience — is explicitly preserved in both the EU Trade Secrets Directive and the UK Trade Secrets Regulations. A former employee who discusses their observations about market dynamics, their experience of working in a particular function, or their general assessment of competitive positioning is not breaching any legal obligation. The legal constraint applies only to specific proprietary information they were contractually prohibited from disclosing — and to inducements to disclose it. General professional knowledge, market observation, and personal assessment are theirs to share.

MISCONCEPTION 2: ATTENDING A COMPETITOR’S PRODUCT DEMO AS A POTENTIAL CUSTOMER IS DECEPTIVE

Research by Prescott and Miller (2002) on CI ethics found that attending public product demonstrations, trade show presentations, and open sales events — even while employed by a competitor — is considered lawful and ethical under both SCIP standards and applicable law in all major jurisdictions, provided no misrepresentation is made about identity when directly asked.⁶ The competitor chose to make the demonstration public. Observing a public demonstration is not espionage.

MISCONCEPTION 3: IF THE INFORMATION IS SENSITIVE, GATHERING IT MUST BE ILLEGAL

This is the most consequential misconception, and the one that most consistently prevents organisations from gathering intelligence they are fully entitled to gather. The legal test is the means, not the sensitivity of the information. Commercially valuable, highly confidential, strategically significant information gathered through voluntary disclosure from a consenting source is lawfully obtained intelligence. The same information obtained through hacking is not. The information is identical. The means are not.

What this means in practice for B2B organisations

The legal and ethical framework, properly understood, establishes a wide and clearly bounded space for legitimate competitive intelligence activity. Most of what organisations are uncertain about doing — interviewing industry contacts, attending competitor events, engaging former employees in professional conversation, commissioning structured primary research — falls entirely within that space.

The practical implication is that the primary risk in competitive intelligence is not legal overreach. It is legal under-reach — the failure to gather intelligence that is entirely lawful to gather, because the organisation has not clearly defined where the boundary sits. That failure has a measurable commercial cost: deals lost to competitors whose strategy, sales methodology, and pricing behaviour remain unknown because no one asked the questions that would have answered them.

Understanding the legal framework does not just protect the organisation from risk. It removes the constraint that prevents the intelligence function from operating at its full scope.

REFERENCES

  1. Trade Secrets (Enforcement, etc.) Regulations 2018, SI 2018/597. UK Statutory Instruments. Available at legislation.gov.uk.

  2. Directive (EU) 2016/943 of the European Parliament and of the Council on the protection of undisclosed know-how and business information (trade secrets). Official Journal of the European Union, L 157, 1–18.

  3. Defend Trade Secrets Act of 2016, Pub. L. No. 114-153, 130 Stat. 376 (2016). United States Congress.

  4. Hallaq, B., Levy, M., & Prescott, J. (2012). Ethical frameworks in competitive intelligence practice: a systematic review. Journal of Business Ethics, 109(3), 311–326.

  5. Vrij, A., Meissner, C.A., Fisher, R.P., Kassin, S.M., Morgan, C.A., & Kleinman, S.M. (2017). Psychological perspectives on interrogation. Perspectives on Psychological Science, 12(6), 927–955.

  6. Prescott, J.E., & Miller, S.H. (Eds.). (2001). Proven Strategies in Competitive Intelligence: Lessons from the Trenches.John Wiley & Sons.

QUAS Mission

The Price of Being Blindsided.

Eimantas Raziunas, Founder of QUAS, analyzing strategic intelligence data for B2B executives.

I founded QUAS because I watched multi-million dollar decisions being made on data that was, at best, corporate fiction. In high-stakes markets, silence from a competitor isn't inactivity. It's a move you haven't detected yet.

Eimantas Raziunas

Founder & Director

BA

International Business Management

MSc

Business & Organisational Psychology

Risk Mitigation

Frequently Asked Questions.

Is Competitive Intelligence legal?

How are you different from CI software tools?

How much does a QUAS engagement cost?

What is the typical engagement timeline?

Who handles our confidential data?