Key takeaways
Third-party fraud can break the chain of causation
Even if breach assumed, sophisticated email fraud may break causation, preventing liability.
Confidentiality clauses have limits
Such clauses don’t impose duty to protect against cyber fraud unless explicit.
Commercial parties must manage payment risk proactively
Decision reinforces importance of independent verification for payment instructions in commerce.
On 29 April 2026, the Court of Appeal handed down its judgment in Logix Aero Ireland Ltd v Siam Aero Repair Company Ltd [2026] EWCA Civ 510, providing important guidance on causation, scope of duty, and contractual risk allocation in the context of email interception fraud.
The decision will be of particular interest to commercial parties operating in cross-border transactions, where cyber fraud risks are increasingly prevalent and contractual protections are frequently relied upon.
Background
The case arose out of a sophisticated email interception fraud during negotiations for the sale of two aircraft engines. Unknown fraudsters infiltrated email correspondence between Logix Aero Ireland Ltd (Logix) (buyer) and Siam Aero Repair Company Ltd (Siam) (seller), impersonating both parties by altering email addresses and manipulating genuine communications.
As part of the fraud:
authentic emails were intercepted, altered, and forwarded.
bank account details in purchase agreements and invoices were replaced with those of the fraudsters.
Logix ultimately transferred approximately USD824,900 to a fraudulent account.
Both parties were unaware of the deception until after payment had been made and the funds dissipated. Logix brought proceedings against Siam alleging (among other things) that Siam’s disclosure of information to the fraudsters amounted to a breach of a confidentiality clause in a Letter of Understanding, which caused its loss.
The Court of Appeal’s decision
The Court of Appeal dismissed Logix’s appeal upholding the High Court’s decision to strike out the claim. While the court accepted it was arguable that Siam’s communications could amount to disclosures in breach of the confidentiality clause, it held that any such breach did not cause Logix’s loss. Instead, the loss was caused by the intervening actions of the fraudsters which broke the chain of causation.
Breaking the chain of causation
The central issue was whether Siam’s assumed breach was the effective cause of Logix’s loss.
The Court of Appeal confirmed that:
although the ‘but for’ test of causation was satisfied, this was not sufficient.
a claimant must show that the breach was the dominant or effective cause of the loss.
Here, the fraudsters’ conduct:
occurred before any alleged breach by Siam; and
was both the cause of the disclosure and an independent intervening act thereafter.
As a result, Siam’s conduct was merely one stage in the fraud and provided the opportunity for the loss rather than its cause. The court described the claim as ‘artificial’, noting that the fraud depended on communications from both parties, and that the ultimate loss arose from Logix being deceived into making payment to the wrong account.
Scope of duty and remoteness
Although the appeal was decided on causation, the Court of Appeal also made important observations on the scope of contractual duties:
the confidentiality clause was intended to protect against commercial misuse of confidential information, such as disclosure to competitors.
it did not impose a specific duty to prevent fraud or cybercrime.
The court indicated that:
loss from email fraud would likely fall outside the scope of duty; and
may also be too remote to be recoverable.
This reinforces the principle that contractual duties are interpreted in light of their commercial purpose, and will not lightly be extended to cover fundamentally different risks.
Distinguishing London Joint Stock Bank v Macmillan [1918]
Logix relied on the House of Lords case - London Joint Stock Bank v Macmillan [1918] AC 777 - where a party was held liable for loss arising from a forgery it had facilitated.
The Court of Appeal rejected the analogy, emphasising that:
Macmillan involved a specific duty to take reasonable care to prevent the very fraud that occurred.
in that case, the breach directly caused the loss and the fraud was a foreseeable consequence.
By contrast:
the confidentiality clause in Logix/Siam did not impose any equivalent duty, and
the fraud was not within the risks the clause was designed to address.
Comment and practical considerations
Contract drafting should reflect cyber risk allocation
This case highlights that standard confidentiality clauses are unlikely to offer protection against fraud losses. Parties should consider whether express provisions dealing with payment verification, fraud risk, or cybersecurity obligations are required.
Verification procedures remain critical
The fraud succeeded in part because payment instructions were not independently verified. Businesses should implement robust processes (for example, telephone confirmation of bank details) to mitigate this risk.
Limits on contractual liability
The decision confirms the courts’ reluctance to impose liability where a party’s conduct is merely part of the background to a fraud, rather than its legal cause.
For further information on this topic, please contact our Commercial Dispute Resolution team.
