£104.4 million.
That is the IR35 tax liability the Post Office disclosed this week. It is the largest single IR35 bill ever made public. And the Department for Business and Trade has offered to bail them out, because the Post Office cannot afford to pay it.
The story, reported by Computer Weekly on 5 February, is linked to the Horizon IT scandal. Contractors working on the Horizon system were incorrectly classified over a sustained period. The liability accumulated year after year, assessment after assessment, until the total reached nine figures.
This article is not about the Post Office specifically. It is about what the Post Office case reveals about a problem that exists in organisations across every sector.
The Facts
HMRC investigated the Post Office's contractor arrangements and determined that IT contractors working on the Horizon system had been incorrectly assessed under the off-payroll working rules. The resulting liability, including unpaid PAYE, National Insurance, and interest, amounts to GBP 104.4 million.
The Post Office cannot pay it. A proposed government subsidy of up to GBP 37.4 million for 2026/27 will help cover the bill. Taxpayers, in effect, are funding the consequence of the Post Office's contractor governance failures.
This is not an isolated incident. It follows a pattern that has been building across the public sector for years.
A Pattern, Not an Outlier
The Post Office is the largest disclosed IR35 liability, but it is not the first. Consider the public sector organisations that have been through the same process:
- DEFRA — £86.5 million in IR35 liabilities
- Department for Work and Pensions — £87.9 million
- Natural Resources Wales — £14.6 million
Four organisations. Nearly £300 million in combined IR35 liabilities. These are not reckless employers making deliberately poor decisions. They are large, well-resourced institutions with governance frameworks, legal teams, and compliance obligations.
They all made the same fundamental mistake.
What Actually Went Wrong
The common thread across every major IR35 liability case is not incompetence. It is the absence of systematic, ongoing governance over contractor status determinations.
In each case, the organisation knew it engaged contractors. It may even have conducted some form of status assessment. But those assessments were not part of a coherent, documented, regularly reviewed process that could withstand HMRC scrutiny.
The Post Office had contractors. It made determinations about their status. Those determinations were wrong at scale, accumulated over years, and resulted in a liability that required a government bailout to resolve.
This is what happens when worker classification is treated as an administrative task rather than a governance responsibility. When assessments are done once and never revisited. When the process sits with a single team that lacks visibility of the full contractor population. When nobody at board level asks the question: how confident are we in our position?
It is, fundamentally, a failure of business management. Resource allocation decisions were being made without the information needed to make them properly. Contractor engagement was treated as a procurement matter or an HR matter or a payroll matter, but nobody owned the governance of the workforce as a whole.
The "No Bailout" Reality
The Post Office is getting a bailout. Your organisation will not.
When HMRC investigates a private sector organisation and finds years of incorrectly classified contractors, there is no government department writing a cheque. There is no proposed subsidy. There is a tax bill, potentially with penalties, and the reputational consequences of having your contractor governance found wanting.
The Post Office's situation is unusual because of the Horizon scandal and its status as a public institution. But the underlying problem, large-scale contractor misclassification resulting from inadequate governance, is not unusual at all. It is happening in private sector organisations right now, across manufacturing, financial services, higher education, and every other sector that relies on external workforce capacity.
The difference between the Post Office and a private sector organisation in the same position is simply who pays.
The Hidden Headcount Problem
Underlying every major IR35 liability case is a visibility gap.
Ask most organisations how many contractors they engage and you will get an answer. Ask HR, procurement, and finance to each answer independently and you will get three different numbers. The gap between those numbers is where risk accumulates.
Contractors come into organisations through multiple channels. Direct engagements managed by HR. Supplier relationships managed by procurement. Consultants embedded in project teams who arrived through a services agreement and appear nowhere in a headcount report. Agency temps who rolled over into long-term fixtures years ago and have been quietly renewed ever since.
Each of these workers represents a potential IR35 liability. But if nobody has a complete picture of who they all are, nobody can assess whether their status determinations are correct, current, and defensible.
The Post Office knew it had contractors. What it lacked was the visibility, governance, and systematic process to manage their status correctly at scale. Most organisations we speak with share more of that profile than they would like to admit.
What Good Governance Looks Like
There is no silver bullet for IR35 compliance. Anyone who tells you otherwise is oversimplifying a genuinely complex area. But the organisations that manage this well share common characteristics:
They know their numbers. They can tell you how many contractors are working in the business, through what structures, and under what terms. Not a rough estimate. An actual, reconciled figure that finance, HR, and procurement all agree on.
They assess individually. Every engagement gets a proper status determination based on the actual working practices of that specific role. No blanket assessments. No assumptions carried over from similar-looking engagements.
They document their reasoning. The determination itself is only half the story. The evidence behind it, the factors considered, the rationale for the conclusion, all of this needs to exist in a form that survives staff turnover and withstands external scrutiny.
They review regularly. A determination made when a contractor started may not reflect how the engagement has evolved eighteen months later. Working practices change. Roles shift. What was correct at the outset may no longer be defensible.
They own it at the right level. Contractor compliance is not an admin function. It is a governance responsibility that sits alongside other workforce risks at board level. The organisations that treat it as such are the ones that avoid nine-figure surprises.
Practical Steps You Can Take Now
You do not need to overhaul your entire contractor management process overnight. But you do need to know where you stand.
Audit your contractor population. Ask HR, procurement, and finance to each independently report how many contractors are working in the business. Compare the numbers. The gap between them is your first indication of where risk sits.
Review your assessment process. Are status determinations being made for every contractor, or only some? Are they documented? When were they last reviewed? If a contractor has been in place for more than twelve months without a reassessment, that engagement deserves attention.
Establish governance ownership. Who in your organisation is responsible for contractor classification? Not who processes the paperwork, but who owns the governance of the process? If the answer is unclear, that is a gap worth closing.
Check your supply chain. The Post Office's contractors were working on an IT programme. Many organisations have similar arrangements, contractors engaged through consultancies, service providers, and staffing agencies whose status may never have been properly assessed by the end client.
Brief your board. The Post Office case is a powerful illustration of what happens when contractor governance is left to operate below board-level visibility. If your leadership team does not know the size of your external workforce or the state of your compliance processes, now is the time to change that.
The £104 Million Question
The Post Office case is dramatic, but the lesson is straightforward. IR35 liability accumulates quietly. Incorrect assessments do not announce themselves. They sit in the background, compounding year after year, until someone, usually HMRC, asks to see the evidence.
The Post Office, DEFRA, and DWP all presumably believed their contractor arrangements were in order. They were not. The absence of systematic governance, regular review, and complete workforce visibility turned manageable compliance obligations into extraordinary financial exposure.
The question for every finance leader reading this is not whether your organisation has IR35 exposure. If you engage contractors, you do. The question is whether you have the visibility and governance to know where that exposure sits and the evidence to defend your position.
Not sure where your organisation's IR35 governance stands? Start with a contractor population audit. The gap between what HR, procurement, and finance each report is where your risk lives.