£104.4 million.
That is the IR35 tax liability the Post Office disclosed in February 2026. It is widely reported as the largest IR35 liability disclosed so far.
Reported by Computer Weekly on 5 February, it has been linked to the contractor workforce engaged to support Horizon-related remediation, inquiry response, and systems change activity.
The exposure accumulated quietly, year after year, assessment after assessment, until it reached nine figures.
The Department for Business and Trade has since indicated it will step in, because the Post Office cannot afford to pay.
The Post Office case reveals a systemic weakness in how many organisations govern contractor and service-based labour risk.
What We Know
In early February 2026, Computer Weekly reported that the Post Office has been informed by HMRC that it historically incorrectly assessed the IR35 status of a large contractor population connected to Horizon-related remediation, inquiry response, and systems change activity.
The figure most widely reported is £104.4m, which DBT proposes to cover via a subsidy to enable the Post Office to settle the historic IR35 liability.
DBT has asked the Competition and Markets Authority’s Subsidy Advice Unit to review a proposed subsidy of up to £141.8m, with the majority earmarked for the IR35 liability and the remainder intended to support Horizon remediation activity.
As with other large off-payroll settlements, public reporting indicates the final payable amount can be affected by penalties treatment and offsets (for example, tax already paid elsewhere in the chain), so organisations should treat headline figures as indicators of scale rather than a precise template for every case.
A Pattern, Not an Outlier
The Post Office’s liability is the largest disclosed IR35 bill to date, but it is not the first.
The Post Office’s liability is part of a consistent trend across the public and private sectors.
These are structured institutions with legal teams, governance frameworks and formal compliance obligations - so why are so many still getting this wrong?
Organisation
Reported IR35 Liability / Settlement
Post Office - £104.4 million
Department for Work and Pensions (DWP) - £87.9 million
DEFRA - £86.5 million
Natural Resources Wales - £14.6 million
The common factor is not intent. It is the absence of sustained, organisation-wide governance over how external labour is engaged and classified.
What Actually Went Wrong
A recurring feature of major liabilities is incomplete visibility and weak audit trails across engagement routes.
Organisations knew they engaged contractors. Initial status determinations may even have been made. But those determinations were not embedded into a process that was documented, reviewed, and defensible over time.
Assessments were treated as one-off events rather than living decisions. Engagements evolved, but classifications did not. Ownership sat with individual teams rather than at an enterprise level. No one had a complete, reconciled view of the external workforce population, and no one was accountable for its accuracy.
Service Providers and Hidden Headcount
In complex organisations, this failure is often most acute in the procurement of services.
Large populations of workers sit behind Statements of Work and consultancy contracts that were never designed to evidence employment status. These engagements fall outside traditional HR processes, beyond contractor registers, and are rarely reviewed through a workforce governance lens - even though they may represent the highest cumulative exposure.
This is how IR35 exposure compounds.
Not through dramatic missteps, but through small, unchallenged assumptions left to run for years.
Bailout
The Post Office is receiving a bailout. Most organisations will not.
When HMRC investigates a private sector organisation and finds years of incorrectly classified external workers, the outcome is straightforward: a tax bill, interest, potential penalties, and reputational damage - with no subsidy or safety net.
The Post Office’s situation is unusual because of its public status and the Horizon scandal. The underlying mechanics - large-scale misclassification driven by weak governance and poor visibility - are not unusual at all.
The only real difference is who ultimately pays.
The Hidden Headcount Problem
Every major IR35 failure begins with the same issue: incomplete visibility.
Ask an organisation how many contractors it uses and you will get an answer. Ask HR, procurement, and finance separately and you will often get three different numbers - or months of work to reconcile data. That timeframe is far too long for responding to an initial regulatory request. Responding promptly to HMRC compliance inquiries is critical; protracted reconciliation can complicate review outcomes and raise further line of enquiry.
And the gap between the different numbers is not administrative noise, but it is where risk accumulates.
Contractors enter organisations through multiple routes: direct engagements, agency arrangements, consultancies, and long-standing service contracts quietly renewed year after year. Many never appear in a central workforce view at all.
Each represents potential IR35 exposure. But if no one can confidently answer who is delivering work, through what structure, and under what assumptions, no amount of individual assessments will withstand scrutiny.
The Post Office knew it had contractors. What it lacked was visibility, ownership, and a systematic process to manage status at scale.
Most organisations recognise more of their own operating model in that description than they would like.
The Service Provider Blind Spot
Service provider engagements are often assumed to be outside worker classification risk because they are labelled as “outsourced services”.
That assumption is frequently wrong.
Service providers routinely supply named individuals who work day-to-day inside the organisation, use internal systems, attend team meetings, and deliver work under the direction of the end client. In substance, many of these arrangements look far closer to a supply of labour than a genuinely contracted-out service.
The risk is compounded by multi-tier supply chains.
The end client contracts with a consultancy.
The consultancy sub-contracts to a specialist firm.
That firm supplies one or two individuals, sometimes operating through personal service companies or as sole traders.
By the time the worker reaches the business, commercial and operational visibility has already been lost.
Procurement sees a supplier.
Finance sees an invoice.
HR sees nothing at all.
No single function can clearly answer who is actually doing the work, how they are engaged, or whether their status has ever been assessed based on real working practices.
Using a service provider does not automatically eliminate off-payroll risk. Where a supplier is effectively providing named individuals who work under the client’s direction, and those individuals operate via intermediaries (such as PSCs), the off-payroll rules can still bite. Labels like ‘managed service’ are not determinative if the delivery model in practice looks like labour supply.
This is where IR35 exposure becomes systemic - not because organisations are reckless - but because their operating model assumes that contractual labels equal compliance.
What Good Governance Actually Looks Like
There is no silver bullet for external workforce compliance and governance. Anyone claiming otherwise is oversimplifying a genuinely complex area.
But organisations that manage this risk well share a small number of characteristics.
They can reconcile external workforce numbers across HR, procurement, and finance. Ultimately, they have visibility and live system-of-record.
They can evidence not just the outcome of an employment determination, but the reasoning behind it.
They revisit determinations as roles evolve and checks are triggered, rather than assuming yesterday’s assessment still applies.
And ownership sits at a level where external workforce compliance is treated as a governance issue, not an administrative task.
Where those conditions exist, IR35 becomes manageable. Where they do not, exposure compounds quietly.
Practical Steps You Can Take Now
You do need to know where you stand.
Start by auditing your external workforce population. Is the data easy to gather? Was it centralised, are suppliers transparent? The answer is your first indicator of risk.
Review your assessment process. Are status determinations made for every engagement? Are they documented? When were they last reviewed? As a practical control, roles that have run for 6 months or more without a documented review are often worth sampling or revalidating.
Clarify ownership. Who is accountable for external workforce classification governance? Not who processes paperwork, but who owns the risk. If the answer is unclear, that is a gap worth closing by allocating it to an individual or a core stakeholder group. We recommend key people from the Office of the CFO (Tax, Procurement, FD), alongside HR, and Talent.
Look beyond direct contractors. Identify which service providers are supplying people, not just outcomes. Ask where those individuals sit, how long they have been embedded, and whether anyone has assessed their status based on actual working practices. If your assurance relies solely on contractual labels, that is a risk signal in itself.
Ask yourself: how and when do we triage service requests?
And brief your board. The Post Office case is a clear illustration of what happens when workforce governance operates below board-level visibility.
The £104 Million Question
The Post Office case is dramatic, but the lesson is simple.
In the UK, IR35 liability does not announce itself. Incorrect assessments sit quietly in the background, compounding year after year, until someone - usually HMRC - asks to see the evidence.
The Post Office, DEFRA, and the DWP all presumably believed their arrangements were in order. They were not.
The question for finance and risk leaders is not whether your organisation has IR35 exposure. If you engage contractors or service-based labour, you do.
The question is whether you have the visibility, governance, and evidence to know where that exposure sits - and to defend your position when it is challenged.
If you are unsure, start with a population audit.
The gap between what HR, procurement, and finance each report is where your risk lives.
