Right to work compliance sits at the heart of an employer’s obligations under UK immigration law. Despite that, many organisations continue to approach the checks as routine onboarding steps rather than legal requirements that protect the business from enforcement. The shift towards digital immigration status has created new opportunities for efficiency, yet it has also created new areas of risk in everyday hiring. Employers now face higher penalties, quicker enforcement and deeper Home Office scrutiny than at any point in the past decade. When a single missed step can lead to a civil penalty, the margin for error is slim.
The Home Office no longer relies on workplace visits or obvious red flags to detect problems. Data matching between HMRC, HMRC payroll submissions, digital status records and previous immigration applications gives caseworkers a clear view of where mismatches or gaps in compliance may exist. When those mismatches relate to right to work checks, an employer can find itself facing enforcement without any warning. The fact that many employers believe they are compliant does not protect them. The Home Office cares only about whether the technical steps were followed precisely and whether the employer can evidence that compliance months or years later.
To avoid penalties, employers need a detailed understanding of how checks must be carried out, what records need to be kept and how systems must operate day to day. This article explains the rules, the risk areas and the deeper implications a right to work failure can create for your business.
Section A: The Legal Foundations of Right to Work Checks
Right to work checks are governed by the Immigration, Asylum and Nationality Act 2006. The Act allows the Home Office to impose financial penalties where an employer is found to have employed someone who does not have permission to work. Importantly, the Act operates on a strict liability basis. The employer is liable even where it believed the worker had the right to work. The only protection is the statutory excuse, created by carrying out a correct right to work check and maintaining proper evidence.
Most employers only encounter the statutory regime when they receive a civil penalty notice or formal communication from the Home Office. At that stage, enforcement has already begun, and the question becomes whether the employer can produce clear evidence of compliance. Where evidence is incomplete, unclear or inconsistent, the Home Office is likely to proceed with a penalty.
The regime is designed to prevent employers from relying on good faith, common sense or informal verification. It does not matter whether the worker appeared credible or whether the employer trusted the document. If the correct statutory process has not been followed, the employer cannot rely on a defence. This is why right to work checks must be treated as legal steps, not administrative exercises.
Under the separate regime for civil penalty immigration enforcement, caseworkers consider both the substance of the breach and the strength of the employer’s evidence. Where systems appear inconsistent or unclear, the Home Office often interprets that as a sign of deeper compliance issues, which can in turn influence sponsor licence assessments.
The statutory duty applies across the entire workforce. It does not matter whether the worker is full-time, part-time, temporary or agency-supplied. Nor does it matter what job they perform. Employers who adopt different standards for different categories of staff often find that these inconsistencies create risk when enforcement begins. The Home Office expects uniform compliance across all hires, regardless of contract type.
Section B: Why Everyday Hiring Creates Enforcement Risk
Most right to work failures do not stem from deliberate wrongdoing. They arise from everyday hiring situations where assumptions, shortcuts or misunderstandings create gaps. These gaps only become visible during audits, data-matching or desk-based reviews. When the Home Office contacts an employer about such issues, it often already has internal evidence suggesting that checks were not performed correctly.
Employers often assume that enforcement is triggered by suspicious behaviour or tip-offs. In reality, checks frequently begin with routine data. Payroll submissions that do not match digital immigration status records are a common starting point. So are anomalies discovered when workers attempt to prove your right to work online. When the digital system indicates permission has expired but payroll remains active, the Home Office will normally pursue an inquiry.
The same applies to sponsorship records. Employers with a sponsor licence often assume their licence obligations sit separately from right to work checks. Yet enforcement teams cross-reference visa expiry, employer-issued Certificates of Sponsorship and right to work records (such as a valid positive verification notice). A civil penalty arising from a right to work failure can therefore feed directly into sponsor licence scrutiny.
Another common trigger is the publication of penalties for employing illegal workers. Once an employer appears on that public list, the Home Office may widen its review of the organisation. Caseworkers may examine whether similar weaknesses could exist elsewhere in the workforce. Employers often discover that the list acts as a signal to other government agencies, increasing the likelihood of further oversight.
Even where the business believes its recruitment processes are strong, the Home Office can still identify issues by reviewing earlier checks. This may include examining screenshots taken instead of official online outputs, unclear scans of identification, or email trails where managers relied on verbal assurances from workers. Each of these failures can become the basis for more serious enforcement action.
Section C: Digital Right to Work Checks and Their Weaknesses
Digital immigration status has now become the standard method for confirming permission to work for most non-British and non-Irish citizens. This introduces both efficiencies and vulnerabilities. A central part of the digital regime is the share code system. Workers generate a code and provide it to their employer so that the employer can verify their status through the Home Office online service. (‘Right to rent share codes’ refer to the specific regime for landlords and tenants in England.)
There are two common weaknesses in how employers use the right to work share code system. The first is treating the code itself as evidence. A code is not proof of right to work. It is merely a route to the evidence. The only statutory defence comes from the employer using the code to access the government service, viewing the official profile page and saving the correct output.
The second weakness is relying on anything other than the official online output. A share code check performed using screenshots or an image sent by the worker does not satisfy the statutory requirements. Caseworkers frequently reject such evidence, particularly where the image is unclear or incomplete. Employers who rely on these informal methods often discover too late that they have no valid defence.
Where workers have time-limited permission, employers must repeat the digital check before permission expires. Late checks do not create a statutory excuse, even if the worker held status at the time. Employers with large workforces often struggle to maintain accurate diary systems for repeat checks. This is one of the most common reasons for enforcement.
British and Irish workers may also be verified through right to work digital identity checks using certified providers. These checks still require careful oversight. Employers must ensure that the provider is properly certified and that the output file is stored clearly. Where employers treat digital identity checks as quick administrative steps, they risk failing to evidence compliance when required.
Digital checks exist within the broader framework of right to work checks. They do not replace the employer’s duty to ensure consistency, recordkeeping and clear audit trails. Many digital failures arise because employers have treated digital systems as self-proving, forgetting that statutory compliance still rests with the employer.
Section D: Manual Checks and Documentary Vulnerabilities
Despite digital expansion, manual document checks continue to apply in many situations. The Home Office expects employers to understand when a manual check is required and how it must be performed. This includes identifying whether the documents presented are genuine, whether they relate to the individual and whether they provide the correct type of permission for the role.
The process requires the employer to hold original right to work documents, inspect them in the presence of the individual and take clear, dated copies. Employers who rely on photocopies brought in by workers, or who accept digital images without seeing originals, cannot rely on the statutory excuse.
Manual checks often fail because of small oversights. The date may not be recorded. The scan may be incomplete. The image may be too dark to see key elements. These issues may seem minor in daily recruitment practice, but they become critical during enforcement. Caseworkers examine evidence with the expectation that employers have precise control over documentation. Anything unclear can be treated as a failure.
Another vulnerability arises when employers mix manual and digital processes without understanding which route applies. If a worker has digital status, the employer cannot treat physical documents as sufficient. Conversely, where a worker holds a physical document, the digital system may not provide confirmation. Employers who guess the correct route rather than verifying it often create avoidable risk.
Many employers also use internal forms or templates that have not been aligned with the statutory requirements. Where internal checklists omit crucial steps or fail to prompt clear recordkeeping, the employer may discover that compliance failures have been built into the process itself.
Section E: How Right to Work Failures Lead to Civil Penalties
Civil penalties arise when the Home Office concludes that an employer either employed someone without permission to work or cannot produce evidence of a valid check. The employer receives a penalty notice home office, which sets out the fine for employing illegal workers, and the basis of liability. Employers have a short window to object or pay at a discount.
In practice, the penalty usually reflects not only the specific breach but wider concerns about the employer’s systems. Caseworkers assess whether the employer followed the correct process, whether the evidence is complete and whether there are signs of systemic weaknesses. Even where the employer believed it acted correctly, the Home Office will proceed with enforcement if the evidence does not demonstrate compliance.
Civil penalties sit under the broader civil penalty under immigration act regime. Penalties can reach up to £45,000 for a first breach and £60,000 for repeat breaches. Where multiple workers are involved, the total can increase substantially. The Home Office also publishes employer names, which can create reputational harm.
Sponsors face additional risk. A civil penalty will normally trigger deeper review of the sponsor licence. Caseworkers may question whether the employer has adequate oversight, whether its HR systems are fit for purpose and whether improvements need to be imposed. Even where the civil penalty relates to a non-sponsored worker, sponsorship teams may conclude that the employer is not meeting its broader obligation to prevent illegal working.
Section F: Building Systems That Withstand Enforcement
The most effective protection against civil penalties is a structured, centralised compliance framework. This means treating right to work checks as a core legal obligation rather than an administrative formality. Employers who succeed in reducing risk tend to build systems that create clear evidence, consistent procedure and strong oversight.
The starting point is ensuring that each check aligns with the right to work checklist. That means identifying the correct route for the worker’s status, applying the right technical steps and storing the evidence in a way that can be retrieved quickly. Organisations that centralise evidence, rather than leaving it in the inboxes of individual managers, are better placed to satisfy caseworkers.
Training is central to strong compliance. Everyone involved in hiring, including HR advisers, managers and recruitment teams, must understand when to use the digital route, when to carry out a manual check and how to confirm the outcome. Employers who rely on a single compliance lead often discover that checks carried out elsewhere in the organisation are inconsistent.
Monitoring of visa expiry is equally important. Repeat checks must be carried out before the expiry of permission. Employers who rely on informal tracking often miss deadlines and only discover the failure when enforcement begins. A structured diary with clear ownership helps ensure that checks do not slip.
For sponsors, internal audits across right to work and sponsorship records help identify weaknesses early. This allows the organisation to address gaps before the Home Office becomes involved. Evidence of internal audits also supports the employer during any post-penalty review by showing an active commitment to compliance.
Finally, employers should ensure that their approach to right to work checks aligns with the framework for right to work more broadly. This includes understanding how share code systems operate, how to store output from prove your right to work checks and how to differentiate between manual and digital processes. Employers who integrate these processes into daily hiring routines operate with far less risk.
Conclusion
Right to work compliance is no longer simply a question of collecting documents at the point of hire. It has become a structured legal process that requires clarity, precision and oversight. Everyday hiring decisions carry enforcement risk when systems are inconsistent or poorly documented. Employers who rely on assumptions or informal practices often find that the Home Office interprets these gaps as evidence of deeper structural failure.
Author
Gill Laing is a qualified Legal Researcher & Analyst with niche specialisms in Law, Tax, Human Resources, Immigration & Employment Law.
Gill is a Multiple Business Owner and the Managing Director of Prof Services Limited - a Marketing & Content Agency for the Professional Services Sector.
