Requests to inspect a company’s register of members have become more common in recent years. That is not surprising. The register contains information which can be valuable to shareholders, potential investors, campaigners and others who want to communicate directly with a company’s members.
Recent cases show that requests may be made for many reasons, including shareholder engagement, concerns about governance, suspected irregularities, proposed offers to buy shares or wider shareholder activism. Those requests can be sensitive, particularly where they involve personal data or form part of a dispute about the company’s affairs.
A company should not assume that every request must be granted. The first question is whether the request is valid. If it is, the company must act quickly: failure to comply properly with a valid request, unless the court orders otherwise, is a criminal offence by both the company and every officer in default. This article considers what companies should do when they receive a request and how the “proper purpose” test applies.
Receiving an inspection request
Any person who wants to inspect a company’s register of members must make a request which includes prescribed information. This includes their name and address, whether the information will be disclosed to any other person and, crucially, the purpose for which the information is to be used.
When a company receives an inspection request, it should first check whether the request is valid. If the request does not include the information required by the Companies Act 2006, the request is invalid and the company is not required to comply with it or take any additional action. The statutory regime simply does not operate in those circumstances.
If, however, the request is valid, the company has only five working days within which it must either:
- comply with the request; or
- apply to court for an order that the company need not comply on the grounds that the request has not been made for a ‘proper purpose’.
Failing to comply with a valid inspection request made for a proper purpose is a criminal offence by both the company and every officer in default.
Whilst companies may be keen to protect information in the register, they will need to consider carefully whether to permit inspection as an unsuccessful court application would come with adverse costs implications.
The distinction between an invalid request and a valid request made for an improper purpose is important. A defective request does not trigger the company’s statutory obligation to comply or apply to court. But once the company has received a valid request, it needs to act quickly.
Guidance on ‘proper purpose’
As the Companies Act 2006 (CA 2006) does not define ‘proper purpose’, the Chartered Governance Institute (CGI) produced a Guidance Note to provide an industry view on, and examples of, what should constitute a proper purpose and what is likely to be an improper purpose.
The Guidance Note (which can be downloaded from the members’ section of the CGI website) was updated in June 2026 to reflect developing case law. It remains an important reference point for companies considering a valid request and includes the following guidance:
- Fact specific: What constitutes a proper purpose depends on the particular facts and circumstances of each case. It does not depend on whether the purpose is in the interests of shareholders as the person making the request, who may or may not be a shareholder, may have interests of their own in making the request.
- Member-related communications: Proper purposes may include members or others seeking to contact members about matters relating to the company, their shareholding, or the exercise of rights under the CA 2006, such as gathering support for a requisition or circulating statements relating to shareholder meetings.
- Commercial and regulatory purposes: Proper purposes encompass requests from regulatory or statutory bodies such as the Financial Conduct Authority, HMRC, or the Takeover Panel, as well as bidders or potential bidders requesting access before announcing a bid, persons seeking to make share purchase offers, and those analysing the register for statistical research of general public interest.
- Enforcement and investigation: The CGI recognises as proper purposes requests from creditors seeking to check shareholdings before accepting security, persons seeking to enforce judgments through charging orders or similar mechanisms, insolvency practitioners identifying assets, and persons investigating possible corporate impropriety.
- Improper purposes include unlawful activity and harassment: Improper purposes include any unlawful purposes such as identity fraud or data protection violations, representations or communications that would threaten, harass or intimidate members, offers relating to securities, and requests from asset recovery agencies seeking commercial gain, unless the company is satisfied this is in members’ interests. The onus is on the company to show, on the balance of probabilities, that the request is improper.
- Limit access where appropriate: The guidance recommends that where access to information about one or a limited number of shareholders would suffice, companies should limit access to that particular information rather than providing the entire register. Where registers are provided for research purposes, companies should impose conditions prohibiting direct contact with shareholders and disclosure of individual personal information to third parties.
- Companies should make enquiries when in doubt: Where companies have any doubt about whether a purpose is proper or whether the requesting person will use the information for the stated purpose, they should make further enquiries and seek assurances from the requesting party, such as regarding data protection requirements, and maintain an audit trail.
Comment
The period in which a company must make a decision about a valid inspection request is very short –just five working days – so early assessment is critical.
Companies should check whether the request is complete, consider the stated purpose and any surrounding evidence, and keep a clear record of the decision reached.
Where the request is defective, the company should explain that the statutory requirements have not been met rather than treating the request as one which must automatically be challenged in court.