Paths beyond the Gateway: the function and future of Norwich Pharmacal orders | Fieldfisher
Skip to main content

Paths beyond the Gateway: the function and future of Norwich Pharmacal orders


United Kingdom

From 1 October 2022, CPR Practice Direction 6B was amended with the introduction of 'Gateway 25', which allows a claimant to serve an order out of jurisdiction for disclosure of documents to (i) identify a defendant or a potential defendant and/or (ii) establish what has become of their property.

As anticipated in our blog 'New service gateway to support crypto asset recovery', this is a huge step forward for claimants who wish to trace their assets or identify defendants given the court's previous refusal to grant Norwich Pharmacal Orders ("NPOs") against third parties "mixed up" in wrongdoing where those third parties are located outside England and Wales.

The usual respondents to NPOs tend to be banks, crypto exchanges or telephone providers. For instance, we obtained summary judgment in Foglia v The Family Officer Limited & Others [2021] EWHC 650 (Comm) partly based on triangulation of cell-tower data and the bank statements of the payment card used to purchase the SIM card used to make the call to perpetrate the fraud.

This blog looks at other innovative ways in which the court has allowed parties to obtain NPOs against less familiar data-holders and the ways in which such categories of material may be able to unlock a case.

Fraudsters and their digital footprints

In the case of Portakabin Limited v Google Ireland Limited [2021] IEHC 446, the claimant made an application for an NPO ordering Google to disclose registration information associated with a specific Gmail account.

Gaining access to an individual's email registration information has the potential to reveal large amounts of data, such as telephone numbers, physical addresses, payment information and details of accomplices.

Even where this data has been falsified, there will still likely be a record of the IP address used by the wrongdoer. In Smith v Backhouse [2022] EWHC 2011 (KB), an NPO was granted to identify a UCL academic via his London IP address.

NPOs against email providers and registrants may unlock various cases of fraud, either where a hoax email is sent masquerading as a genuine party or more indirectly where the fraudster uses an email address for other means, for example when setting up an account with Companies House to incorporate companies. Fraud is predominantly perpetrated online meaning that fraudsters inevitably leave digital footprints.

Down-the-rabbit-hole utility

In Kensington and Chelsea RBC v Airbnb Payments UK Ltd [2022] EWHC 2209 (Ch), the claimant successfully applied for an NPO against Airbnb to identify the fraudulent letting of properties. 

The information provided under the terms of the NPO would also allow the claimant to identify the defendant's contact details and identify payment details to enable the claimant to trace misappropriated assets or enforce any judgment against other assets held by the defendant. 

The information disclosed under an NPO may be used as a stepping-stone to further sources of information. A telephone number would very likely lead to a means of payment; an NPO against the relevant bank would reveal the transaction history; this in turn could disclose other individuals and other bank accounts.  Given the purpose of fraud is predominantly for economic gain, there typically would be an 'off-ramp' into which the fraudster would seek to transfer ill-gotten gains into real assets, as explored in our blog: 'Dirty money: how to control the flow of corrupt wealth'. 
While an NPO is not a general permission to fish for information, it is nonetheless an opportunity where other, separate information might be inadvertently disclosed. Failing this, an NPO still has the potential of becoming a springboard for a claimant, signalling where to go next should they still wish to pursue litigation.

There is also no finite list of categories of intermediaries against which NPO relief may be obtained. Data from a Google Watch, Fitbit or Uber journeys may identify an individual. In a previous case, we considered obtaining information from a Premier League football club in relation to a fraudster who was known to be a season ticket holder.  Information held by airlines would provide identification documents, electronic payment information, location history and contact information.

A question of jurisdiction

In the case of Azra Sabados v Facebook Ireland [2018] EWHC 2369, Ms Sabados sought an NPO against Facebook to disclose the identity of an unknown individual who had gain access to the account of her deceased partner, who had been based in Bosnia.

Ms Sabados was a UK resident.  The English court accepted jurisdiction despite the Facebook account having belonged to an individual who had been located in Bosnia, the unknown location of the perpetrator (presumed to be in Bosnia) and Facebook being incorporated in the Republic of Ireland.  

Similarly, a liberal approach to jurisdiction was taken in LMN v Bitflyer Holdings Inc & Ors [2022] EWHC 2954 (Comm) with the claim brought by a UK-incorporated group company offering technical services to the crypto exchange, rather than any of the entities which held the misappropriated assets.

As long as a potential claimant can establish at least some connection with England, there would likely be access to the English courts. England need not be the only place where it may be possible to launch proceedings. The connection to jurisdiction might be the fact a fraud was perpetrated through messages made by a UK SIM card, UK based creditors in Insolvency proceedings, or the fact that the fraudster was in UK at some point during the period through which a fraudulent enterprise was being carried out.


The introduction of Gateway 25, when used in conjunction with NPOs, now offer claimants a clear and succinct method of peeling back the layers of the onion in fraud and asset recovery cases with an international dimension.  For example, the claimant in LMN v Bitflyer Holdings Inc & Ors waited for more than a year to commence Part 8 proceedings for NPO relief against offshore crypto exchanges under Gateway 25, rather than go to the expense of pursuing a substantive claim against Persons Unknown.

Innovative litigation funding products such as FeeSolve are therefore well-placed to assist victims looking to retain legal expertise without fear of being turned down or handed a large invoice for work that achieves little in terms of hard results.

NPOs give claimants access to justice by helping them to trace their property and identify bad actors. As we choose to hand over more and more data to service providers in an increasingly electronic world, carefully crafted NPOs will be ever more useful tools to unlock cases of fraud.