Global menu

Our global pages


Challenging IT resilience – some key lessons Bates & Ors v Post Office Limited (No. 6) [2019] EWHC 3408 (QB)

Challenging IT resilience – some key lessons  Bates & Ors v Post Office Limited (No. 6) [2019] EWHC 3408 (QB)
  • United Kingdom
  • Technology - Articles
  • Technology, Media and Telecoms - Technology



The much anticipated sixth judgment (“the Horizon Judgment”) in the long-running group litigation against the Post Office (“POL”) brought by some 550 current and former sub-postmasters (“the Group Action”), was handed down on Monday 16 December 2019. The Horizon Judgment is a substantial one, running to over 300 pages, and covers a range of issues, including various aspects of the conduct of the litigation, but the core issues concerned the operation, resilience and functionality of the Horizon system, provided by Fujitsu (not a party to the proceedings). The Horizon system was used by the current and former sub-postmasters from 2000 for customer transactions and back-office activities, and was alleged by them to be unreliable and to have caused unexplained shortfalls and discrepancies in branch accounts. POL counter-claimed against the individuals, seeking damages for fraud. This briefing focuses on a number of practical themes running through the Horizon Judgment which are applicable both to IT providers and customers. A more detailed briefing will follow in the New Year.



The Group Action was brought by around 550 current and former sub-postmasters (“SPMs”), who run and manage Post Office branches on behalf of POL. As part of their claim, the SPMs alleged that the financial reporting software (“Horizon”) which they were required by POL to use in operating their branches was the cause of accounting errors, including erroneous trading shortfalls, for which they were held personally liable by POL and which, in some cases, led to SPMs losing their branches and/or being subject to criminal prosecution by POL for theft or false accounting.

The first two judgments in the Group Action were procedural rather than substantive. The third judgment (“the Common Issues Judgment”) ran to 315 pages and addressed a number of questions of contractual interpretation on which the parties agreed judgment was needed to inform future hearings. The Common Issues Judgment included key findings in favour of the Claimants.

The Common Issues Judgment was handed down during the trial which led to the Horizon Judgment (“the Horizon Issues Trial”) and prompted POL to make an application seeking the recusal of the Managing Judge of the Group Action, Fraser J, alleging that the Common Issues Judgment disclosed bias against POL on the part of Fraser J. Fraser J rejected this application by way of a fourth judgment (“the Recusal Judgment”). POL then sought to appeal both the Common Issues Judgment and the Recusal Judgment. The Court of Appeal refused both applications for permission to appeal. The fifth judgment dealt solely with the parties’ costs of the Common Issues trial.

The Horizon Trial

The Horizon Trial began in Spring 2019. The issues in dispute and to be resolved included: (i) whether bugs, errors and defects had the potential to affect the accuracy and integrity of data (and whether Horizon was robust and resilient); (ii) controls and measures for preventing/fixing bugs and developing the system; (iii) whether remote access to the system was possible: (iv) availability of information; (v) access to and editing transactions and accounts; and (vi) disputing shortfalls and corrections.

The court heard factual evidence from SPMs and from current and former employees of POL and Fujitsu (the developer of Horizon), as well as the evidence of two expert witnesses, on 32 agreed technical questions and sub-questions relating to the operation and functionality of three separate iterations of Horizon: “Legacy Horizon” (from 2000 to 2010); “Horizon Online HNG-X” (from 2010 to 2017); and “Horizon Online HNG-A” (from 2017 to the present).

The key issue before the court can be summarised as: what was the likelihood that bugs, errors or defects in Horizon may have been the cause of erroneous trading shortfalls which resulted in the forms of loss alleged by the SPMs? Broadly speaking, POL denied that Horizon could be the cause of the shortfalls alleged by the SPMs to be erroneous, instead attributing these shortfalls to user error, negligence or dishonesty by the SPMs or their employees.

Fraser J’s key findings were overwhelmingly in favour of the SPMs, and included findings that:

• “There was a significant and material risk on occasion of branch accounts being affected in the way alleged by the claimants by bugs, errors and defects.” The Court found that the evidence demonstrated that there were numerous bugs in Horizon, some present for many years, to a far greater extent than POL had previously acknowledged.

• “It was possible for bugs, errors or defects of the nature alleged by the claimants to have the potential both (a) to cause apparent or alleged discrepancies or shortfalls relating to [SPMs] branch accounts or transactions, and also (b) to undermine the reliability of Horizon accurately to process and to record transactions as alleged by the claimants. Further, all the evidence in the Horizon Issues trial shows not only was there the potential for this to occur, but it actually has happened, and on numerous occasions.”

In 2015, a BBC Panorama documentary alleged that it had been possible for POL’s external IT provider to access and alter branches’ Horizon data remotely. This was strongly denied by POL, both in public statements responding to the documentary and in statements made to interested Members of Parliament. Fraser J found that these public statements made by POL were incorrect.

Horizon did not enable SPMs to effectively investigate alleged shortfalls in their accounts and did not permit SPMs to raise disputes when faced with a shortfall they believed to be erroneous. Prior to the Horizon Judgment being handed down, but reportedly after the parties had been provided with a draft copy for review, the parties announced that the Group Action had been settled following mediation. It is reported that POL has agreed to pay the SPMs £57.75m under the settlement.

Practical points

• The Horizon error logs and incident resolution logs (known as KELs and PEAKs) were the key contemporaneous evidence of the operation and defects present in Horizon, as the Court found when relevant personnel’s “guard is down and their true thoughts are plain to see”. They formed a key element of the Judge’s reasoning for the conclusions reached, in preference to some of the witness evidence. The central importance and reliance placed on such information is unsurprising and is a key feature of the disputes we help resolve. What is surprising in this case is that thousands of these documents were only disclosed during and after the trial. POL appears to have been unaware of the content of KELs, their impact and how they were being resolved (or not) by Fujitsu. This is surprising too. The Court found that some PEAKs produced by Fujitsu drew incorrect conclusions, but were not challenged by POL.

• Fujitsu had remote access to Horizon, which allowed it make significant changes to the system and its data. It is clear from Fraser J’s findings that this was not fully appreciated by POL, or indeed the Court, until very late in these proceedings. What rights a supplier has to remotely access a system is a key element of service provision, support and maintenance. The fact that POL did not appreciate the rights and ability of the supplier to remotely access and change the system is again surprising. This is something that should have been contractually and operationally transparent.

• The value of witness evidence in describing incidents and errors concerning Horizon was mixed, which is not uncommon in these types of disputes. What mattered here was the ability of factual witnesses to describe particular incidents and errors in Horizon in a specific way. In addition, and unhelpfully for POL, one of POL’s key witnesses undermined POL’s own case to such a degree that by the time of closing submissions at the end of the trial, POL essentially sought to disavow him and was highly critical of the accuracy of his evidence.

• There was some debate as to the definition of whether an IT system is ‘robust’ and resilient. The Court found that legacy Horizon was not robust and did not justify the confidence that POL placed in its accuracy. POL placed unwavering support in the Horizon system and the Court found it was extremely sensitive concerning any information which may throw any doubt on the reputation of Horizon or expose it further scrutiny. Fraser J noted that investigating was “the only proper reaction” to the SPMs’ allegations and needed to be looked at “seriously and professionally”—a standard he found was not always met by POL. In addition, POL relied too heavily on Fujitsu for the investigations that were done. The Court found that this inability to objectively investigate and scrutinise the operation and resilience of the system was a key institutional failing.