Companies House, the UK’s registrar of companies, is facing renewed scrutiny following the revelation that over 100 staff members have faced disciplinary action for compliance breaches over the past three years. The figures, obtained through a Freedom of Information request, come at a sensitive time for the agency, which recently admitted to a significant security flaw that allowed unauthorized access to company information. This latest development raises questions about internal oversight and the potential impact on the integrity of the UK’s corporate register.
Between December 2022 and November 2025, Companies House took disciplinary action against 131 employees, according to the data. The breaches encompassed a range of internal policy violations, including issues related to attendance, performance, grievance procedures, and general misconduct. The periods between December 2023 and November 2024, and December 2024 to November 2025, saw the highest number of actions, with an average of just over four cases per month. Although the specific nature of each breach remains confidential, the sheer volume suggests systemic issues within the organization.
Security Breach and Growing Concerns
The disciplinary actions are occurring against a backdrop of a major security incident disclosed earlier this month. Companies House acknowledged that a vulnerability in its system, present since October 2025, allowed unauthorized users to view and even modify details of companies registered on its database. The government has stated that no passwords or sensitive identification documents like passports were compromised, but the incident prompted a scramble among the five million businesses on the register to verify their information.
Experts have expressed concern about the implications of the breach. Graeme Stewart, head of public sector at Check Point Software, emphasized the trust placed in Companies House by company directors. “Millions of company directors put their trust in Companies House to uphold the highest standards of professional conduct and ensure their personal data remains protected,” Stewart said. “With cyber criminals seeking to damage the UK economy, the idea that such critical information was apparently easy to access is a wake-up call to the wider public sector to get its house in order.”
Internal Training and Governance Efforts
Companies House has responded to concerns about compliance and security by increasing internal training. The Freedom of Information data reveals that 12,684 training courses on compliance and ethics were completed by employees and contractors over the three-year period. These courses covered topics such as security and data protection, government security classification policies, and civil service expectations. The agency appears to be attempting to proactively address potential vulnerabilities through education and awareness programs.
However, some observers question whether training alone is sufficient. Kenny MacAulay, chief executive of Acting Office, stressed the importance of robust governance structures. “Governance isn’t optional, and when breaches of policy occur, from serious misconduct to performance, it’s vital to get a swift grasp of the problems,” MacAulay stated. “Without clear oversight and action, risk escalates fast.”
The Role of the Registrar
Companies House plays a crucial role in the UK economy, maintaining a public record of company information and ensuring transparency in the corporate sector. Its responsibilities include incorporating companies, collecting and publishing financial information, and enforcing compliance with company law. A well-functioning Companies House is essential for maintaining investor confidence and preventing financial crime.
The recent security breach and the high number of disciplinary actions raise questions about whether Companies House has sufficient resources and expertise to fulfill its responsibilities effectively. The agency has approximately 2,400 staff, and a spokesperson stated that it has “robust procedures in place to address misconduct or poor performance.” However, the data suggests that these procedures may not be consistently applied or effective in preventing breaches of compliance.
The agency is currently implementing enhanced security measures following the recent breach, including stricter identity verification procedures for those accessing company information. These changes are intended to prevent similar incidents from occurring in the future and to restore public trust in the integrity of the register. Companies House is expected to provide a further update on its security improvements and internal compliance measures in the coming months.
Looking ahead, Companies House will be closely watched by both businesses, and regulators. The agency’s ability to address these recent challenges and maintain the accuracy and security of the corporate register will be critical for supporting the UK’s economic stability and attracting investment. The next scheduled update from Companies House regarding the implementation of new security protocols is expected in late June 2026.
What are your thoughts on the recent events at Companies House? Share your comments below and let us realize how these changes might affect your business.
