diff --git a/apps/cfp_review/__init__.py b/apps/cfp_review/__init__.py
index 66e7e2ecf..b32a9821b 100644
--- a/apps/cfp_review/__init__.py
+++ b/apps/cfp_review/__init__.py
@@ -1,4 +1,5 @@
-from flask import Blueprint, request
+from flask import Blueprint, request, session, redirect, url_for, abort
+from flask_login import current_user
 from sqlalchemy import func, or_
 
 from models.cfp import (
@@ -13,6 +14,7 @@
 from ..common import require_permission
 
 cfp_review = Blueprint("cfp_review", __name__)
+
 admin_required = require_permission(
     "cfp_admin"
 )  # Decorator to require admin permissions
@@ -20,6 +22,32 @@
 review_required = require_permission("cfp_reviewer")
 schedule_required = require_permission("cfp_schedule")
 
+CFP_PERMISSIONS = {
+    "admin",
+    "cfp_admin",
+    "cfp_anonymiser",
+    "cfp_reviewer",
+    "cfp_schedule",
+}
+
+
+@cfp_review.before_request
+def before_request():
+    if not current_user.is_authenticated:
+        return redirect(url_for("users.login", next=request.path))
+
+    # Check if the user has any CFP permissions
+    if len(set(p.name for p in current_user.permissions) & CFP_PERMISSIONS) == 0:
+        abort(404)
+
+    if (
+        not session.get("cfp_confidentiality")
+        and request.endpoint != "cfp_review.confidentiality_warning"
+    ):
+        return redirect(
+            url_for("cfp_review.confidentiality_warning", next=request.path)
+        )
+
 
 def sort_by_notice(notice):
     return {"1 week": 0, "1 month": 1, "> 1 month": 2}.get(notice, -1)
diff --git a/apps/cfp_review/base.py b/apps/cfp_review/base.py
index 02b81097e..376c87d98 100644
--- a/apps/cfp_review/base.py
+++ b/apps/cfp_review/base.py
@@ -1227,4 +1227,13 @@ def proposals_summary():
     )
 
 
+@cfp_review.route("/confidentiality", methods=["GET", "POST"])
+def confidentiality_warning():
+    if request.method == "POST" and request.form.get("agree"):
+        session["cfp_confidentiality"] = True
+        return redirect(request.args.get("next", url_for(".proposals")))
+
+    return render_template("cfp_review/confidentiality_warning.html")
+
+
 from . import venues  # noqa
diff --git a/apps/cfp_review/review.py b/apps/cfp_review/review.py
index e4e4f635f..28e246d40 100644
--- a/apps/cfp_review/review.py
+++ b/apps/cfp_review/review.py
@@ -95,7 +95,6 @@ def review_list():
             )
         )
     ):
-
         random.shuffle(to_review_again)
         random.shuffle(to_review_new)
         random.shuffle(to_review_old)
diff --git a/templates/cfp_review/confidentiality_warning.html b/templates/cfp_review/confidentiality_warning.html
new file mode 100644
index 000000000..0c1a0b5df
--- /dev/null
+++ b/templates/cfp_review/confidentiality_warning.html
@@ -0,0 +1,29 @@
+{% extends "cfp_review/base.html" %}
+{% block title%}CfP Admin{% endblock %}
+{% block body %}
+<h2>CfP Confidentiality</h2>
+
+<p>
+    You're about to view proposals in the EMF Call for Participation.
+</p>
+
+<p>
+    Please be aware that all proposals are confidential until the schedule is released.
+    Proposals which are not accepted will remain confidential indefinitely.
+</p>
+
+<p>
+    Don't share any information from the CfP with anyone else, including other members
+    of the EMF team who aren't involved in the CfP process.
+</p>
+
+<p>
+    If you have any questions, please ask the content team.
+</p>
+
+<form method="post">
+    <button name="agree" value="1" class="btn btn-primary" type="submit">I agree to keep proposals confidential</button>
+    <input type="hidden" name="next" value="{{ next }}">
+</form>
+
+{% endblock %}
\ No newline at end of file