Legislative changes to IR35 thresholds are here. What are the implications for employers?

With upcoming legislative updates coming into effect, businesses must prepare to ensure compliance with the revised IR35 thresholds. These changes, announced earlier this year by HMRC, will impact how company size is determined for the off-payroll working rules, commonly known as IR35. Employers and engagers of off-payroll workers, often called ‘end users’, need to understand the implications of these changes and take action to align with compliance requirements.

What are the IR35 threshold limit changes?

From April 2025, the thresholds defined in the Companies Act 2006 also apply to IR35 rules, affecting businesses engaging workers through intermediaries such as personal service companies. A key aspect of determining IR35 applicability is assessing the size of the engaging business, which includes medium and large-sized private sector companies. This assessment must be conducted at the group level rather than at an individual company level.

The new thresholds for IR35 compliance are as follows:

  • Turnover: No more than £15 million (previously £10.2 million)
  • Balance sheet total: No more than £7.5 million (previously £5.1 million)
  • Number of employees: 50 monthly average employees (unchanged)

If a company exceeds two out of these three conditions, the responsibility for operating IR35 rules falls on the end user. This means that the end user must determine whether a contractor, if not for their intermediary, would be considered an employee for tax purposes. However, if a business meets only one or none of the criteria, the contractor must assess their own IR35 status.

For public sector end users, the responsibility for determining IR35 status remains in place regardless of company size.

Do businesses still need to worry about IR35 compliance?

These updated thresholds are expected to relieve many smaller businesses from the administrative burden of IR35 compliance. Small businesses often rely on contractors for short-term projects and may lack the resources to conduct the necessary assessments. The increased thresholds could reduce regulatory red tape for such businesses.

However, despite the eased burden, businesses must still be diligent. While the responsibility shifts more toward contractors, end users must continue assessing engagement terms to determine whether PAYE and Class 1 National Insurance should be deducted from payments. Contractors also retain the right to appeal decisions, and end users must respond within 45 days of an appeal.

Furthermore, HMRC has recently launched a compliance campaign targeting off-payroll worker arrangements in the not-for-profit sector. This initiative aims to identify individuals working outside payroll, analyse service contracts, and assess procurement procedures. Notably, this campaign extends beyond IR35 to examine directly engaged self-employed workers and the tax obligations of their engagers.

Upcoming regulations on umbrella companies

Looking ahead, additional legislation is set to take effect in April 2026, targeting compliance issues related to umbrella companies. These employment intermediaries, commonly used to provide temporary workers, have come under scrutiny for non-compliance, tax avoidance, and fraudulent activities. HMRC has identified significant compliance failures within this sector.

The IR35 changes will impact umbrella companies as well, placing PAYE and National Insurance responsibilities on the agency supplying the worker. If no agency is involved, the responsibility will rest with the end user.

What should employers do now?

With many organisations now exempt from direct IR35 obligations, this regulatory shift removes a complex burden at a time when businesses face growing compliance and financial pressures. However, this also means that more workers and contractors must take responsibility for determining their employment status and tax obligations.

To ensure full compliance as the April 2025 changes take effect, businesses should:

  • Review engagement practices: Assess whether contractor arrangements align with the revised thresholds.
  • Update internal policies: Ensure procurement and tax teams understand the changes.
  • Enhance compliance training: Educate staff on IR35 responsibilities to mitigate risks.
  • Communicate with contractors: Help workers understand their obligations and rights under the new framework.

Vinciworks’ tax evasion training

VinciWorks’ tax evasion training incorporates requirements of the Criminal Finances Act and other global measures to ensure corporate compliance with tax evasion. VinciWorks can protect your firm with reasonable procedures to prevent tax evasion.


Learn more

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.