CIS Fraud Liability from April 2026

From 6 April 2026, HMRC has expanded its powers under the Construction Industry Scheme (CIS). Contractors and their directors can now face liability for fraud anywhere in the supply chain if they knew or should have known about it, even where there is no deliberate wrongdoing. The two main consequences are loss of Gross Payment Status (GPS) and personal director liability for the resulting tax losses.

For construction businesses that bid for public sector work or large private contracts that require GPS holders, losing that status is more than a cashflow issue. It can immediately exclude the business from contract eligibility, with the deeper risk that directors may also be pursued personally for unpaid taxes.

Sources: Construction News, new CIS measures and Fakta, HMRC expands CIS fraud powers. Background scheme guidance: GOV.UK, Construction Industry Scheme.

What Is the Construction Industry Scheme?

The CIS is a UK tax scheme for construction work. Contractors deduct tax from payments to subcontractors and pass it to HMRC, with the deduction rate depending on the subcontractor's CIS registration status.

Subcontractors registered for CIS are deducted at 20%
Unregistered subcontractors are deducted at 30%
Subcontractors with Gross Payment Status (GPS) are paid gross with no deduction

GPS is a commercial asset, not just a tax category. Many tier-1 contractors and public sector procurement frameworks require subcontractors to hold GPS as a condition of award. Losing GPS does not just create a 20% deduction on payments received: it can mean immediate exclusion from contract eligibility.

The full scheme detail is set out in CIS 340 (HMRC's guide for contractors and subcontractors).

What Is Changing on 6 April 2026?

Three substantive changes take effect:

HMRC can revoke a contractor's GPS where a director knew or should have known of fraudulent activity anywhere in the supply chain.
Directors may face personal liability for the tax losses HMRC suffers as a result.
The test is objective. Absence of deliberate wrongdoing is not, by itself, a defence.

The previous CIS focus was on whether the contractor had correctly verified, deducted, and remitted CIS tax on its own subcontractor payments. The new test reaches further down the chain and into the contractor's wider due diligence.

The "Should Have Known" Test

The "knew or should have known" test will be familiar to VAT practitioners. It is borrowed from settled VAT case law on missing trader fraud (the Kittel principle), where a business loses its right to deduct input VAT if it knew or should have known its transaction was connected to fraud.

The test is objective. HMRC does not need to prove the contractor actually knew about the fraud. It needs to show that a reasonable contractor exercising reasonable due diligence in similar circumstances would have spotted it.

This is a substantial uplift on the prior CIS test. It changes the documentation a contractor needs to keep from "we deducted the right tax" to "we took reasonable steps to spot fraud in our supply chain, and here is the evidence."

The Gross Payment Status Risk

For contractors holding GPS, the most immediate risk is revocation. Revocation triggers a 20% deduction on every payment received from clients, loss of eligibility for contracts that require GPS holders, and a reapplication process to regain GPS once compliance is restored.

For contractors paying subcontractors who hold GPS, the new powers mean that fraud in the chain can implicate the contractor directly. Documentation of due diligence at each step is the primary defence.

The compliance tests for retaining GPS (turnover test, business test, compliance test) are unchanged. What is new is that HMRC can now revoke GPS on supply-chain fraud grounds even where those underlying tests are met.

Personal Director Liability

The new powers can pierce the corporate veil. Where HMRC concludes that a director knew or should have known of supply chain fraud, the director may be held personally liable for the tax losses. This sits alongside existing personal liability rules for VAT and PAYE evasion.

For directors of small construction firms, this is a meaningful change. A subcontractor fraud uncovered three or four tiers down the chain can now reach the directors of a tier-1 or tier-2 firm if HMRC concludes those directors should have spotted it.

Director and officer liability cover should be reviewed. Many policies exclude tax liabilities or have narrow definitions of "wrongful act" that may not respond to a CIS "should have known" finding.

What Contractors Must Do Before and After 6 April

The defence to a "should have known" challenge is documented evidence of reasonable steps. The exact steps depend on the size and complexity of the supply chain, but the core elements are consistent.

Strengthen subcontractor vetting at onboarding. Verify identity, UTR, VAT registration, Companies House filings, references, insurance, and CIS status with HMRC. Document each check.
Implement ongoing monitoring. Periodic re-verification of CIS status and key data points, especially before significant payments. Use a risk-rated approach so higher-risk subcontractors are checked more often.
Build a documented audit trail. Every decision to engage, retain, or terminate a subcontractor should have a record. Where flags were raised and dismissed, the rationale must be recorded.
Train procurement and finance staff on red flags. Frontline staff are the first line of defence. They need to know what to escalate and how.
Review supply chain visibility. Contractors who only see direct subcontractors are exposed if fraud sits two or three tiers down. Tier-2 and tier-3 visibility is increasingly expected.
Take advice early. If a red flag emerges, engaging tax advisers and recording the response is part of the documented defence.

Subcontractor Red Flags to Document

A reasonable due diligence process should look for, and document responses to, the following indicators:

Newly incorporated entities with thin trading history, particularly where they are bidding for sizeable work
Frequent director or company name changes
Pricing significantly below market
Reluctance to provide ID, UTR, VAT registration, or insurance evidence
Payments routed to third-party accounts or to accounts in different names
Companies House filings inconsistent with the activity claimed
Subcontractors who in turn use chains of subcontractors with limited visibility

Spotting one of these flags is not by itself proof of fraud. The point is that a documented response to each flag is what evidences "reasonable steps" if HMRC later challenges the contractor.

Documentation That Evidences Reasonable Steps

A defensible CIS due diligence pack typically includes:

Subcontractor onboarding form with required documents
Companies House check, UTR verification, VAT check, ID verification
HMRC CIS verification confirmation
Reference checks (documented, not just verbal)
Insurance evidence (employer's liability, public liability)
Risk rating and re-verification schedule
Audit trail of decisions, especially where flags were raised and dismissed

Most modern construction procurement systems automate the data capture. Contractors using manual processes need a structured filing system that will survive HMRC scrutiny.

Impact on SMEs

Many smaller construction contractors do not have formal procurement or supply chain compliance functions. The "should have known" test raises the bar for every contractor regardless of size.

SME contractors carry the highest relative compliance burden because their back-office functions are leaner and their margin headroom is thinner. A single revocation of GPS can put a small subcontracting business out of large-contract eligibility for months.

A practical first step for SMEs is a written CIS subcontractor compliance policy that sets out vetting requirements, ongoing monitoring, and escalation routes. This becomes the defensible record of "reasonable steps" if HMRC challenges.

Common Errors to Avoid

Treating CIS as purely a tax-deduction exercise. The new test reaches into supply chain due diligence beyond the direct contractor-subcontractor relationship.
No formal subcontractor onboarding pack. Verbal references and ad hoc checks are not defensible against a "should have known" challenge.
Failing to re-verify CIS status periodically. Status can change without the contractor being notified, and stale verification undermines the defence.
Not escalating flags. Where a procurement officer raised a concern but no action was recorded, that is now a documentation gap.
Missing records of decisions where concerns were raised and dismissed. The rationale matters as much as the decision.
Relying on tier-1 visibility only. Fraud often sits deeper in the chain, so a defensible policy explains how the contractor obtains visibility into lower tiers.

Enforcement Risk After 6 April

The combination of GPS revocation, personal director liability, fines, and reputational damage represents a substantial shift in CIS enforcement. The risks are concentrated on construction businesses that bid for large or public sector contracts where GPS is a prerequisite, and on directors who may not previously have considered themselves personally exposed.

For background on the broader 2026 enforcement environment running alongside this, see The Fair Work Agency Launches April 2026 and our Employment Rights Act 6 April 2026 employer checklist.

How Policy Pros Can Help

Policy Pros writes and reviews construction-sector compliance documentation including subcontractor vetting frameworks, CIS due diligence packs, and supply chain compliance policies. We help construction SMEs put in place the documented "reasonable steps" defence that the new HMRC test now expects.

Our construction policies and procedures and health and safety policies for the construction industry pages cover the wider compliance context. For supply chain documentation specifically, see our supply chain management policies.

If your existing documentation needs review, our policy review service can identify everything that needs changing and deliver updated documents on a fixed-price basis.