Summary

  • Confirmed boundary: The public record establishes Horizon as a central accounting and branch system supplied and supported by ICL Pathway and later Fujitsu, used by the Post Office in civil claims, suspensions, terminations, and criminal prosecutions. The High Court Horizon Issues judgment and later Court of Appeal criminal judgment made system reliability and disclosure central to the scandal. The supplier did not by itself prosecute sub-postmasters, but it controlled important technical evidence on which prosecution and recovery decisions depended.
  • Current inquiry status: The Post Office Horizon IT Inquiry's reports page records Volume 1 of the final report, published on 8 July 2025, covering human impact and redress. Sir Wyn Williams' 8 July 2026 progress update says the remaining five volumes are still being completed, that the Maxwellisation process is underway, and that the remaining volumes should be published together rather than sequentially. Supplier-culpability findings should therefore not be treated as final beyond the published record.
  • Redress status: GOV.UK's 26 June 2026 financial-redress data says approximately GBP 1.628 billion had been paid in financial redress. It also records live scheme data across HSS, GLO, HCRS, HSSA, and related routes. The existence of continuing redress work shows that the accountability record remains active, not only historical.
  • Supplier-accountability finding: Fujitsu's practical control sat in defect knowledge, support access, audit evidence, expert assistance, and later restorative commitments. Post Office and government actors held prosecution, contract, governance, and redress duties. Courts, regulators, police, and the public inquiry then became necessary because ordinary supplier-customer governance failed to surface and correct the reliability problem early enough.

The supplier question is not a side issue

Horizon became a public scandal because people were accused, bankrupted, prosecuted, imprisoned, shamed, and deprived of livelihoods after branch accounts showed shortfalls they disputed. The human impact belongs first. But the supplier question cannot be treated as a technical footnote. The branch accounts did not appear from paper ledgers. They came from a distributed IT system whose software, data flows, support tooling, defect history, and audit records were known in far greater detail to the Post Office and Fujitsu than to the individual sub-postmaster at the counter.

The Post Office Horizon IT Inquiry's reports and statements page is the best starting boundary. It shows that Volume 1 of the final report was published on 8 July 2025 and focused on human impact and redress. It also links to Sir Wyn Williams' 8 July 2026 progress update, which says the remaining five volumes are still being completed, warning letters have begun for those likely to be criticised, and the remaining volumes should be published together. That means the public record is substantial, but not complete.

The direct Volume 1 final-report page matters because it fixes the published scope of the inquiry's completed work. Volume 1 is not the whole Horizon answer. It is the official report volume focused on the human impact of the scandal and redress. That matters for supplier accountability because it prevents two opposite errors: treating Fujitsu as absolved because the remaining volumes are unpublished, or treating allegations and witness evidence as though they were already the inquiry's final allocation of responsibility. The careful position is harder but more useful. Fujitsu's supplier record can be analysed through court judgments, inquiry evidence, government redress records, restorative-justice commitments, and procurement consequences while still waiting for the inquiry's full findings on procurement, operation, knowledge, governance, and institutional conduct.

The accountability question for Fujitsu is therefore narrower than a final verdict and broader than a bug list. It asks what a supplier controlled when its system data was used as evidence. Did the supplier know about defects, remote interventions, balancing problems, data integrity limits, or support practices that should have changed how branch accounts were treated? Did it communicate those limits plainly to the Post Office, courts, defendants, and those making recovery decisions? Did its contract incentives reward service continuation and evidence defence more than early disclosure? Did individuals giving technical evidence understand and meet the duties attached to expert evidence?

Those questions matter because a public-service accounting system can become an accusation machine. A shortfall shown on a screen is not only a business record. It can become a demand for repayment, a suspension, a civil claim, a termination, a disciplinary file, a criminal charge, a guilty plea, or a prison sentence. The more severe the consequence, the higher the duty to keep the evidence boundary honest.

Horizon data was treated as authority

The architecture of power in the scandal was asymmetric. A sub-postmaster ran a branch and saw local transactions. The Post Office controlled the contract, audit process, investigation decisions, and prosecution route. Fujitsu controlled important technical knowledge about Horizon's behaviour and support operations. When a discrepancy appeared, the person most exposed to immediate loss often had the least access to system-level evidence.

The High Court's Common Issues judgment in Bates and others v Post Office addressed the contractual relationship and the way the Post Office treated sub-postmasters. The later Horizon Issues judgment addressed system reliability, bugs, errors, defects, and remote access. Those judgments did not turn every shortfall into a Horizon error. They did something more important for accountability: they rejected the idea that Horizon data could be treated as practically conclusive simply because it came from a central IT system.

That distinction should have shaped supplier conduct long before trial. If a system can create, alter, or misstate branch-account entries under certain conditions, the supplier's defect and support records are not internal housekeeping. They are potential evidence about whether a human being owes money or committed a crime. A defect register is not just a service-management artifact. A remote-access log is not just an operational convenience. A known workaround is not just a support note. In this setting, each can determine whether a shortfall is a debt, an error, or an unresolved uncertainty.

The Court of Appeal criminal judgment in Hamilton and others then showed the criminal-justice consequence. The Court quashed numerous convictions and addressed failures in disclosure and prosecution fairness around Horizon reliability. It is not necessary to say that Fujitsu prosecuted the cases to see the supplier role. If supplier evidence and expertise helped give Horizon data its courtroom authority, then supplier accountability follows the evidence chain.

The supplier's practical control had at least four parts. Fujitsu could know more than branch operators about defects and data flows. Fujitsu could know whether remote access or support activity had touched branch accounts. Fujitsu could provide or withhold technical context to Post Office investigators and lawyers. Fujitsu personnel could participate in expert or witness evidence that shaped court decisions. Those are control points even when the formal decision to prosecute sat with the Post Office.

Supplier control was evidential control

The most important supplier-accountability lesson is that technical control can become evidential control without anyone changing the supplier's job title. Fujitsu did not need to be the prosecutor, contract manager, shareholder, or compensation administrator to matter. If branch accounts were generated by Horizon, if exceptions were investigated using Horizon data, if remote support and defect history sat inside Fujitsu's operating knowledge, and if technical explanations came from Fujitsu staff or records, then the supplier had control over facts that others needed to make fair decisions.

That control is different from ordinary service delivery. In an ordinary enterprise system, a supplier may owe uptime, support response, data security, and change-management duties. In an evidence-generating public system, those duties are not enough. The supplier must also preserve adverse facts, maintain logs in a form usable outside the service desk, explain known error modes to non-technical investigators, and correct overconfident statements made about the system. A system can meet a service-level target and still be unsafe as evidence if it cannot show whether a contested balance was affected by a known defect, a correction, a support action, or an incomplete audit extract.

The High Court Horizon Issues judgment is central because it turned hidden technical uncertainty into judicially visible uncertainty. Once a court record addressed bugs, errors, defects, and remote access, the supplier record could no longer be treated as back-office material. It became part of the public answer to a justice question: how should a court, investigator, or branch operator treat a computer-generated shortfall when the system's operators and maintainers knew more than the accused person could know?

That question exposes a weakness in many outsourced public systems. Contracts often divide responsibility by function: the customer owns policy and enforcement; the supplier owns technology and support. But evidence does not respect that line. A prosecutor may choose the charge, yet the factual force of the case can depend on supplier logs. A government department may own public accountability, yet the immediate explanation for a citizen's loss may sit in a vendor ticket. A court may expect disclosure, yet the material that should be disclosed may be buried inside defect management, change control, and account-team correspondence.

For Horizon, the unfairness was intensified by the way system authority moved through institutional channels. A number on a branch account became a debt assertion. A debt assertion became pressure to repay. A disputed balance became suspicion. Suspicion became investigation. Investigation became witness evidence. Witness evidence became a plea, conviction, bankruptcy, or ruined reputation. At each stage, uncertainty should have become more visible. The public record shows that, too often, the opposite happened: the system's outputs were treated as more authoritative as they moved toward more severe consequences.

Supplier accountability therefore cannot be reduced to whether Fujitsu disclosed a particular bug on a particular day. That detail matters and may be addressed more fully in the remaining inquiry volumes. The broader lesson is that supplier governance should have required a live bridge between defect knowledge and downstream use of system data. If a defect was capable of affecting branch balances, it should have been visible to anyone deciding whether to accuse a branch operator. If remote access could affect branch data, the existence and limits of that access should have been visible before categorical statements were made about who could alter accounts. If a support note showed uncertainty, it should not have disappeared behind a simple assertion that Horizon was reliable.

The supplier should also have had a documented escalation threshold. When the same type of allegation recurs across branches, when users report discrepancies that cannot be locally reconciled, when courts or lawyers ask for assurance, and when a technical witness is asked to support a prosecution, the matter is no longer routine support. It is an evidence-integrity event. Treating it as ordinary account management creates a conflict between customer reassurance and truth-seeking. Public procurement should assume that conflict will arise and define what the supplier must do when it does.

The NAO record made management failure visible

The National Audit Office's investigation into the management of the Post Office Horizon IT system is useful because it places Horizon inside public-service governance rather than treating it as a private vendor dispute. The NAO described the long-running management and financial consequences of the Horizon system, the High Court litigation, settlement, compensation issues, and the government's relationship to the Post Office.

The NAO record supports a sober point: the supplier risk was never only technical. It was institutional. The Post Office depended on Horizon for branch accounting. Government depended on the Post Office to deliver a public service. Fujitsu depended on contract continuation and support relationships. Sub-postmasters depended on the integrity of a system they could not independently inspect. Courts depended on disclosure and expert evidence. When those dependencies aligned around defending the system rather than testing disputed evidence, ordinary accountability channels failed.

This is also where abuse-contact economics enters the case. A branch operator facing an alleged shortfall was not bargaining on equal terms. The Post Office could demand repayment, suspend the operator, withhold remuneration, or pursue prosecution. The operator had to contact help desks, investigators, auditors, lawyers, and scheme administrators while carrying immediate financial and reputational pressure. Every additional form, denial, inaccessible log, or unexplained technical assertion increased the operator's cost of resistance.

The supplier's internal economics also mattered. A long-term service contract creates incentives to preserve confidence in the system, manage support costs, avoid admission of systemic faults, and defend prior assurances. Those incentives do not prove wrongdoing. They identify why a public-sector customer cannot rely on supplier self-assurance alone when system data is used to punish individuals. Public service procurement needs independent evidence access, not just service-level reporting.

Defect disclosure is an accountability function

Software defects are normal. The scandal did not arise because a large IT system had defects. It arose because defects, support access, and evidential uncertainty were not translated into fair treatment for people accused on the basis of system outputs.

The Post Office Horizon IT Inquiry's evidence page shows the scale of the record: public hearings, witness statements, transcripts, exhibits, and phase-specific evidence across procurement, design, operation, action against sub-postmasters, governance, and current practice. That volume itself is an accountability signal. When a system's evidential limits have to be reconstructed years later through a statutory inquiry, the original governance failed to preserve and expose the relevant knowledge at the time it was needed.

A defensible supplier posture would have treated defect disclosure as a justice obligation once Horizon data was used in punitive processes. That means a branch shortfall investigation should have been able to ask: Were there known defects capable of producing similar discrepancies? Were there branch-specific incidents? Did support staff access the branch account remotely? Were balancing transactions, suspense accounts, reversals, or corrections applied? Was the audit extract complete? Did the person giving evidence know the limits of the data?

Those questions need structured answers. "No known issue" is not enough if the search scope is unclear. "Horizon is robust" is not enough if known bugs had caused discrepancies elsewhere. "No remote access" is not enough if support tooling allowed interventions but logs were incomplete or not searched. A supplier that controls the underlying evidence must make the uncertainty legible to non-technical decision makers.

The Court of Appeal record makes the disclosure problem concrete. In criminal cases, a defendant does not merely need the final account balance. The defendant needs material capable of undermining the prosecution or assisting the defence. Technical defect records, remote-access logs, and expert caveats can be such material. When a supplier's system supplies the central prosecution evidence, the supplier must understand that support documentation may become justice documentation.

The same principle applies outside criminal cases. A civil recovery demand, contract termination, suspension, or repayment agreement can be life-altering even without a conviction. A supplier that knows the system has generated disputed outcomes elsewhere cannot treat those outcomes as isolated customer-service complaints when the customer is using them to impose financial harm. The duty is not necessarily to decide every dispute. The duty is to make the system's limits visible enough that the decision maker cannot mistake an uncertain record for a settled debt.

That is why the inquiry evidence portal is not merely an archive. It is an anatomy of delayed disclosure. The public had to reconstruct phases of procurement, design, rollout, maintenance, investigation, governance, and remediation because the ordinary evidence channels did not work when individual branch operators needed them. A well-governed supplier-customer system would have made many of those questions answerable at the point of dispute. It would have preserved logs, connected defects to affected branches, documented support interventions, and supplied consistent explanations of known error modes.

The abuse-contact problem is also practical. A sub-postmaster who believes Horizon has created a false shortfall has to ask for help from the same institutional chain that may be accusing them. The cost of proving uncertainty falls on the least powerful party. Without supplier transparency, that person must challenge a system they cannot inspect, against organisations that can frame the issue as local error, cash handling, or dishonesty. Every missing log and every vague technical answer raises the cost of resistance.

This matters for future cloud and public-platform suppliers because many services now mediate sanctions, payments, eligibility, payroll, identity, tax, licensing, and welfare. The supplier may say it merely provides infrastructure or application support. But if its records determine whether a user is paid, punished, or believed, it has a duty to design evidence access before the crisis. Auditability cannot be retrofitted after thousands of disputes. It has to be built into incident response, support classification, retention policy, customer notifications, and contract terms.

Expert testimony changed the supplier role

Fujitsu's supplier accountability also turned on people, not just code. Technical witnesses were not merely explaining a product to a customer. They were assisting courts and prosecutions in cases where liberty, reputation, and livelihood were at stake. That changes the duty. An expert or technical witness must not become an advocate for the system's reputation.

The inquiry record includes extensive evidence about Fujitsu personnel and expert support. The article does not need to decide individual culpability beyond the public record. The structural lesson is enough: once a supplier's staff enter the evidential chain, the supplier needs governance for independence, disclosure, document search, privilege boundaries, and escalation. A help-desk knowledge base may be adequate for restoring a printer. It is not adequate as the sole basis for a witness statement about accounting integrity.

Supplier witness governance should include a map of known defects, clear statements of uncertainty, preservation of adverse material, independent legal advice on expert duties, and a route for staff to raise concerns outside the commercial account team. If the customer's preferred litigation story conflicts with the supplier's defect knowledge, the supplier's duty is not to smooth the conflict away. It is to surface it.

The same point applies to remote support. Remote access can be legitimate and necessary. It can fix branch problems, support updates, and reduce downtime. But when branch accounts become evidence against the branch operator, remote access becomes evidentially sensitive. The supplier must be able to say who accessed what, when, why, under whose authority, and with what effect. If it cannot, the evidential status of the account should be downgraded accordingly.

The cultural problem is that expert evidence can be pulled toward institutional loyalty. A supplier may want to protect a major customer relationship. A customer may want an expert statement that supports prior investigations. A technical employee may assume that admitting uncertainty will be read as disloyalty, incompetence, or commercial risk. Those pressures are exactly why governance has to separate evidential duties from account defence.

The safe model is not silence. It is structured candour. A witness should be able to say that a system is generally reliable while also identifying known exceptions, uncertainty, and records not searched. A supplier should be able to correct a customer's overstatement without waiting for litigation disaster. A contract should require the supplier to disclose material defects relevant to civil or criminal proceedings, even when the disclosure is commercially awkward. A public authority should not be able to buy technical reassurance that is insulated from contradiction by the supplier's own records.

There should also be accountability for absence. If the supplier cannot prove that a branch account was untouched by remote support, the answer should not become "therefore no remote support mattered." If the supplier cannot identify whether a known defect affected a branch, the answer should not become "therefore the branch operator is responsible." Evidence gaps should reduce certainty, not increase pressure on the person already accused. That standard is obvious in hindsight, but Horizon shows how easily the opposite can happen when system confidence is institutionally convenient.

For public-sector buyers, this means supplier contracts need provisions for independent technical review in live disputes, not only after a public scandal. They need audit rights that reach defect databases, support tools, and change histories. They need retention periods that match legal exposure, not only operational convenience. They need witness protocols for supplier employees who provide evidence to investigators or courts. They need escalation channels outside commercial delivery teams when the supplier's evidence may affect liberty, livelihood, or debt.

For suppliers, the lesson is equally direct. Selling an evidence-generating platform into a public service is not the same as selling an operations product. The supplier becomes a steward of records that may determine whether vulnerable users are believed. That stewardship survives the support ticket. It survives the quarterly service review. It survives the customer's desire for certainty. If the supplier cannot keep that boundary clear, the system's commercial success becomes a public risk.

Redress shows the cost of late correction

The current redress record shows how expensive and incomplete late correction can be. GOV.UK's Post Office Horizon financial redress data as of 26 June 2026 says approximately GBP 1.628 billion had been paid in financial redress by that date. It reports 14,196 Horizon Shortfall Scheme claims received, 11,772 HSS claims settled, 452 GLO claims settled, and 501 Horizon Convictions Redress Scheme full and final claims settled. Those figures are point-in-time administrative data, not a final total of harm.

The government's response to Volume 1 accepted or addressed many of Sir Wyn Williams' redress recommendations. It also dealt with the meaning of "full and fair" redress, scheme design, fixed-sum choices, senior legal oversight, appeal routes, family-member redress, and restorative justice. The separate GOV.UK full and fair financial redress statement records the government's response to the inquiry chair's recommendation on the phrase.

This redress architecture shows the consequence of weak original accountability. Once wrongful accusations have persisted for years, money alone cannot repair the damage. Redress has to address lost earnings, bankruptcy, health, stigma, legal costs, family harm, delay, and distrust. It also has to operate across different claimant groups: people whose convictions were quashed, GLO litigants, shortfall claimants, appellants, and family members. The supplier's early evidence failures, if proven in the final record, therefore had effects far beyond software maintenance.

GOV.UK's new family-member redress announcement says a scheme for close family members is expected to open in summer 2026 and that government, Post Office, and Fujitsu have agreed to jointly fund and support a restorative justice programme over five years. That is a striking admission about the radius of harm. The people harmed were not only legal defendants or contracting parties. Children, spouses, partners, and families absorbed consequences from a system-evidence failure they had no ability to inspect.

Restorative justice is not a substitute for accountability

The Department for Business and Trade, Fujitsu Services Limited, and Post Office Limited published a joint statement on restorative justice in response to Volume 1 Recommendation 19. The statement apologises again for damage caused by the three organisations, says a general apology is not sufficient, and describes work with the Restorative Justice Council, postmaster-led design, listening sessions, personal apologies, group circles, individual meetings, a support network, and a restorative listening and wellbeing service fully funded by Fujitsu Services Limited during the pilot.

That statement matters, but it must be kept in its lane. Restorative justice can help people be heard, receive direct apologies, and shape memorialisation or support. It cannot determine technical culpability, replace compensation, decide criminal liability, or substitute for public procurement consequences. It is an accountability supplement, not the accountability endpoint.

The supplier-specific question is what Fujitsu will do beyond apology. A meaningful supplier response would include financial contribution where responsibility is established, preservation and disclosure of technical evidence, cooperation with police and regulators, changes to expert-witness governance, contract reforms for public-sector evidence systems, and assurance that staff can raise concerns when customer pressure conflicts with evidential integrity.

The restorative record also shows how late the response is. The public apology and pilot programme arrived after High Court litigation, Court of Appeal quashing, public inquiry hearings, compensation schemes, and years of campaigning. That does not make the apology worthless. It does show why supplier governance must be designed to surface defects and evidence limits before harm becomes a national scandal.

Procurement consequences remain contested

Supplier accountability in public services also has a procurement dimension. A supplier whose system contributed to a major miscarriage of justice may still hold other public-sector contracts and capabilities. Immediate exclusion can create continuity problems, but business-as-usual contracting can look like impunity. The public record shows that this tension remains active.

Hansard's Fujitsu: Government Contracts debate records the government's position that Fujitsu had committed in January 2024 to withdraw from bidding for contracts with new government customers until the inquiry concluded. It also records concern about ongoing public-sector relationships. A later written-answer record on Fujitsu contracts says the commitment allowed bidding for existing government customers where Fujitsu already had a contract or where there was an agreed need for its skills and capabilities.

Those caveats matter. A voluntary pause is not the same as statutory debarment. A pause on new customers is not a pause on all public-sector revenue. An exception for existing capability may be operationally sensible, but it requires transparency. Without public reporting, the same supplier can appear both sanctioned and commercially protected.

The Business and Trade Committee's report on Post Office Horizon scandal: Justice for sub-postmasters presses this issue from a parliamentary accountability angle, including concern about Fujitsu's contribution to redress and continuing government work. The report is not a court judgment. It is a political accountability record showing that supplier consequences remain unresolved while redress costs continue.

The procurement lesson is not simply "ban the supplier." Public-sector systems often depend on incumbent knowledge, and abrupt exit can harm service continuity. The lesson is that evidence-critical suppliers need contractual duties that survive embarrassment: defect disclosure, independent audit access, cooperation with criminal and civil disclosure duties, public reporting of serious incidents, escrow or transition provisions, and financial consequences proportionate to the harm caused by concealed or mishandled defects.

Law corrected what governance did not

The Post Office (Horizon System) Offences Act 2024, available at legislation.gov.uk, created a legislative route for quashing certain convictions. Ministry of Justice quashed-convictions management information tracks implementation of that exceptional process. The need for an Act of Parliament is itself an accountability finding about the scale of institutional failure.

Ordinary governance should have stopped the harm earlier. The Post Office should have tested disputed shortfalls against known defects and disclosed uncertainty. Fujitsu should have elevated defects, remote access, and evidential limits when its system outputs were used in punitive processes. Government should have exercised ownership and public-service oversight earlier. Courts should have received fuller disclosure. Regulators and professional bodies should have detected recurring injustice signals. Instead, the system required group litigation, appeal judgments, a statutory inquiry, compensation schemes, police investigations, parliamentary scrutiny, and legislation.

This is why the supplier record matters. A software supplier can sit behind the public authority and appear secondary. But when the public authority's claims depend on the supplier's data, the supplier becomes part of the accountability chain. It may not own every decision, but it owns the truthfulness and completeness of the technical evidence it provides.

The same lesson applies to any public-sector cloud, finance, identity, benefits, health, or justice platform. If system records can trigger sanctions against individuals, the supplier must design for contestability. Users need access to relevant logs. Defendants need disclosure of known defects. Auditors need independent routes into the data. Contracts need to reward candour, not merely uptime. A platform that cannot explain its errors should not be treated as conclusively correct when a person's liberty or livelihood is at stake.

The remaining report matters

As of 10 July 2026, the most current inquiry status is Sir Wyn Williams' 8 July 2026 progress update. It says the remaining report volumes are still months away, that Maxwellisation is underway, and that Volumes 2 to 5 are inextricably linked. The article therefore cannot responsibly present final supplier culpability findings from those volumes. It can identify the supplier-control questions that the public record already supports.

Those questions are concrete. What did Fujitsu know about bugs, errors, defects, and remote access at each relevant time? What did it tell the Post Office? What did it tell courts? What did it tell sub-postmasters or their lawyers? How did it train staff who provided witness evidence? How did it handle support tickets that undermined confidence in branch accounts? What did contract managers do when technical candour threatened customer confidence? What did the Post Office request, and what did Fujitsu refuse or provide?

The answers will matter not only for history, but for future public procurement. Governments are buying more outsourced platforms that produce evidence about citizens, businesses, and public-service users. Supplier accountability cannot be postponed until after scandal. It has to be built into contracts, logs, disclosure rules, audit rights, expert-witness governance, and redress design from the beginning.

The practical test is simple enough to state before the remaining volumes arrive. If a supplier's system produces a record that can be used to accuse a person, the supplier must be able to show how that record was created, what known defects could affect it, what support actions touched it, what uncertainty remains, and who was told. If the supplier cannot answer those questions, the customer should not be allowed to treat the record as conclusive. That rule protects the public, but it also protects honest suppliers by making candour a contractual requirement rather than an act of commercial courage.

The Horizon scandal shows what happens when system authority outruns evidence humility. Fujitsu's accountability is not that it alone created every institutional failure. It is that the supplier of an evidence-generating system had practical control over facts that could have limited false certainty. In a public-accounting scandal, that control is not technical background. It is the heart of responsibility.