Your compliance evidence has already lost in court.

Beer Express claimed £492,579 in R&D tax relief for four projects including AI forecasting software and craft beer development. HMRC rejected the claims. The tribunal accepted the founder as truthful but dismissed the appeal: the only technical records were reports written retrospectively by an external firm that had since become unavailable.

Appeal dismissed. £492,579 R&D relief disallowed. The tribunal explicitly found the appellant truthful. The claim failed for want of contemporaneous evidence, not fraud.

The ICO found that Advanced, an NHS software supplier, had procured a vulnerability scanning tool but had not been using it, and that its patching records were inaccurate. Following a 2022 ransomware attack affecting NHS systems, the company could not demonstrate that the security controls it claimed to operate were actually functioning.

£3.07 million fine (reduced from £6 million provisional). Underlying finding: claimed compliance that cannot be evidenced is treated as no compliance at all.

HMRC charged Bennett Verby Ltd, a Stockport accountancy firm, and six individuals under the Criminal Finances Act 2017 for over £16 million in fraudulent R&D claims. Over 100 HMRC investigators reconstructed the claim files and found the technical work the relief rested on was either not done, not done by qualified persons, or not documented at the time. With no contemporaneous record that could independently corroborate the activity claimed, the claim files could not be told apart from fabricated ones. This is the first use of the Corporate Criminal Offence against a tax advisory firm for R&D fraud.

Criminal charges filed. Trial set September 2027. A firm can be convicted without proving individual director culpability if it failed to prevent staff facilitating the fraud.

Craig Wright claimed to be Bitcoin's creator and produced thousands of supporting documents. The court identified 47 forgeries: anachronistic metadata, LaTeX versions unavailable in 2008, and fonts that post-dated the claimed creation date.

Wright declared not Satoshi Nakamoto. Worldwide anti-suit injunction granted. Referrals to CPS for perjury. Later contempt findings.

The defence mounted a full Daubert challenge to Chainalysis's centralised blockchain-tracing analytics, arguing the heuristic clustering method was untestable and unreliable. The prosecution had to supplement with multiple independent corroborating sources to sustain the conviction, illustrating that single-source centralised analytics alone is contestable.

Conviction upheld (12.5-year sentence). Daubert challenge survived only because of corroborating independent evidence sources.

The HHS Office for Civil Rights launched a targeted enforcement initiative against healthcare organisations unable to produce documentation of risk analyses, training records, or policy acknowledgments. OCR's stated position: if you cannot produce the documentation, OCR treats the safeguard as if it never existed.

Multiple settlements: PIH Health $600,000; BayCare Health System $800,000; Bryan County Ambulance Authority $90,000. All triggered by inability to produce documented evidence that required compliance processes had been completed.

Employees at Boeing's South Carolina facility falsified inspection records for the wing-to-fuselage join on 787 Dreamliners. Inspections were recorded as completed when the work had not been performed. Approximately 450 aircraft were affected.

Boeing agreed to plead guilty and pay up to $487 million. The falsification was only discovered because the aircraft showed physical evidence of incomplete work. No document audit could have detected it.

HMRC conducted coordinated raids on two Norwich-based R&D tax consultancies. 11 people arrested. The firms had filed over £100 million in R&D claims by employing English literature graduates to write retrospective technical reports for clearly non-qualifying businesses, including a horse stud farm and a butcher.

11 arrests. Investigation ongoing. The reports looked authentic in format, with plausible technology references, making them indistinguishable from legitimate contemporaneous documentation by standard review.

FAA and Moog investigators traced defective aircraft parts back to Chinese suppliers and pulled the test data and inspection records the suppliers had attached to each component. The records had been falsified at the component level even though the suppliers held valid IAF-accredited ISO 9001 and AS9100 certificates. The certificate documented the quality system; the per-part records that were supposed to prove each component was inspected and tested to the required standard were fabricated, and a standard document audit could not tell the authentic records from the falsified ones. The FAA issued Special Airworthiness Information Bulletin AIR-23-20 restricting use of affected parts.

Import restrictions on affected parts. A valid, independently-issued quality certificate coexisted with fabricated component-level records indefinitely, with no document audit able to distinguish the two.

A solicitor at Dentons backdated a memorandum of appropriation and sent a misleading covering email to conceal it. The fabrication was discovered in the course of professional proceedings.

Struck off the roll: the most severe sanction available to the tribunal.

An IRS employee backdated supervisory penalty approval signatures on internal lead sheets and filed false declarations with the Tax Court. When discovered, the IRS was sanctioned: over $15M in penalties were conceded and the taxpayer was awarded attorney fees.

IRS sanctioned. >$15M in penalties conceded. Attorney fees awarded to taxpayer.

An employee with epilepsy died after a seizure on a staff staircase. Morrison's own procedures required an individual risk assessment for any employee with a disability. No such assessment had ever been produced, despite the family raising formal concerns about that exact staircase.

£3.5 million fine. Convicted on all four charges. The absent document was the central evidence of failure.

A hospital repeatedly failed over three years to produce a complete, unaltered EMR audit trail in a newborn hypoxic-injury case. The judge conducted an on-site inspection, discovered withheld and misrepresented audit trail data, and entered a default finding of liability before depositions had even begun.

Default liability entered. Eight-figure damages exposure without trial.

A deed central to a property dispute was found to have timing and metadata inconsistencies that exposed backdating. The document could not be shown to have existed at the date it purported to bear.

Deed ruled unreliable and inadmissible on the key issues it was produced to prove.

The Irish DPC investigated 12 personal data breach notifications filed by Meta in 2018. Its formal finding was not that Meta lacked security controls, but that Meta had failed to have in place measures enabling it to readily demonstrate the security measures it implemented in practice.

€17 million fine. Landmark finding that inability to demonstrate compliance is itself a sanctionable breach of GDPR accountability provisions, regardless of whether the controls were in fact operating.

A tier-2 supplier to a major Australian construction contractor held a supply agreement requiring current ISO 9001 and ISO 45001 certification. A routine supplier audit found both certificates came from an unaccredited Indian certification body. The contract was terminated immediately.

$2.1 million annual contract terminated. The certificates appeared valid on their face. Neither the certificates nor the underlying quality system held up under scrutiny.

Documents purporting to evidence a 2000 Russian divorce, designed to defeat a £453M UK matrimonial award, were found to be forged. Metadata and forensic analysis exposed them as later fabrications.

Fabrication proven. UK's largest divorce award upheld. Son ordered to pay over $100M for assisting the concealment scheme.

In a custody dispute, the mother produced numerous digital records, including emails, messages and other documents, from her own devices. Court examination found multiple records had been spoofed or fabricated. The pattern of fabrication across multiple records was comprehensive.

Credibility destroyed entirely. Custody awarded against the mother, directly attributable to the fabricated digital evidence.

The plaintiff produced a screenshot of text messages as evidence of sexual harassment. The emoji design, iPhone UI, font rendering and contact-info layout in the screenshot did not match any version of iOS in existence at the claimed time, exposing the screenshot as fabricated.

Dismissed with prejudice. Sanctions awarded. Affirmed on appeal.

Craig Wright produced documents to support his claim to Bitcoin co-ownership. The magistrate judge found a "wilful and bad faith pattern" of fabrication, including emails bearing fonts copyrighted in 2015 that appeared on supposedly 2011 documents. Wright filed a false declaration and produced a fraudulent document.

Sanctions order. Jury found Wright liable for $100M to the W&K estate.

In a whistleblower retaliation case, the plaintiff falsely testified that disputed text message records did not exist. A court-ordered forensic examination of the plaintiff's phone proved they did, revealing targeted deletions and altered content.

$10,000 forensic-cost reimbursement. Dismissed with prejudice.

When National Grid Gas sold its distribution operations in 2016, safety records for 769 high-rise residential buildings were not properly transferred. When the HSE requested those records, the company could not demonstrate that gas risers in those buildings had ever been inspected, maintained, or surveyed.

£4 million fine, one of the largest HSE fines of 2021. No harm had occurred. The fine was imposed purely because safety could not be evidenced retroactively.

A West Yorkshire company, following a serious workplace injury, submitted backdated training records and a risk assessment, dated after the incident, to an HSE investigation. The court found the documents had been falsified to obstruct the investigation.

£70,000 fine for fabricating records to obstruct an HSE investigation. Detection required independent evidence outside the documents themselves.

TCS maintained an automatic 90-day email deletion policy even after receiving a court preservation injunction. The policy destroyed evidence, and the court issued an adverse-inference instruction telling the jury to assume the deleted emails would have been unfavourable to TCS.

Adverse-inference instruction issued. Initial $940M jury verdict (later reduced to $140M on appeal). TCS's email deletion policy treated as evidence destruction.

A retainer agreement produced as key evidence was shown by metadata to have been created approximately one year after its purported signing date, and critically, only two days before it was submitted to court. The document had been fabricated for the litigation.

Rule 26(g) sanctions against the attorney. Fabrication finding entered.

The Appellate Division issued a landmark ruling, the first appellate decision in New York on EHR audit-trail discoverability, holding that electronic health record audit trails must be produced in medical malpractice discovery. The trail had been withheld at the trial court level.

Reversal compelling full EMR audit-trail production. Established as binding authority across New York courts.

Forensic examination of ePRO's systems revealed 4,596 manually-deleted files, data-wiping software run during the litigation hold period, and OS reinstalls on 18 machines. The ESI destruction triggered $2.7M in sanctions, in a case where the underlying damages were only ~$20K.

$2.7M sanctions affirmed by the Second Circuit. $2.3M security bond ordered. Adverse-inference instruction.

Forensic metadata analysis of emails produced by the plaintiff showed they had been created or modified on the plaintiff's own devices in ways inconsistent with the claimed dates. The emails appeared in multiple altered locations on the plaintiff's devices, consistent with fabrication.

Entire complaint dismissed as a sanction for fabrication.

The defendant produced internal emails, letters, diary entries and screenshots in a commercial property dispute. The court found they were false: "a process of falsification and knowingly putting forward evidence that is false", and admitted the claimant's versions instead.

Defendant's documents ruled false. Possession order for claimant. Costs awarded.

Accident Exchange fabricated telephone records and altered expert reports across multiple personal injury cases, drawing on records held in Autofocus Ltd's centralised database. The systematic fabrication was proven through forensic analysis of the database records.

Systematic fabrication proven across multiple cases. Significant civil and related proceedings followed. Contempt findings against multiple parties.

A former executive's corporate iPad was factory-reset and a personal laptop was accessed within 48 hours before discovery production. Forensic examination exposed the pre-production device clearing as spoliation of electronic evidence.

Adverse-inference instruction. Judgment for plaintiff on appeal.

The plaintiff sought metadata production from the defendant's computers to determine the true creation date of a key contract. The defendant destroyed or withheld the electronically stored information, preventing the metadata from being produced.

Adverse-inference instruction at trial: jury directed to assume the withheld metadata would have been unfavourable to the defendant.

Paul Ceglia claimed to own 50% of Facebook, producing a "Work for Hire" contract and supporting emails. Forensic analysis showed the ink was less than two years old (not from 2003), embedded fonts were anachronistic, and email metadata proved fabrication. Ceglia was criminally indicted for wire and mail fraud.

Case dismissed with sanctions (~$76K). Criminal indictment for wire and mail fraud followed.

Excalibur pursued a $1.6 billion oil-field claim supported by documentation that the court found to be contradicted by metadata and contemporaneous records. The claim was dismissed and £22M in costs awarded against the claimant and its litigation funders.

Claim dismissed. £22M+ indemnity costs. Litigation funders held jointly liable for costs.

The defendant used BulkFileChanger, a free publicly available tool, to alter metadata timestamps on multiple files and conceal the use of an undisclosed Alienware computer. The bulk manipulation was detected through forensic analysis.

Adverse-inference instruction. Monetary sanctions awarded.

FDA inspections at Ranbaxy's Indian manufacturing facilities found broken documentation trails: incomplete batch records, inaccurate cleaning records, inadequate failure investigations. The agency could not verify whether manufacturing had been conducted to Good Manufacturing Practice because the documentary evidence needed to prove compliance was missing or inconsistent.

$500 million settlement. Import alert banning affected products from the US market. The finding was not proof that manufacturing was deficient, but that it could not be demonstrated compliant.

A hospital's own EMR audit trail showed the actual creation and modification time of a clinical note conflicted with the timestamp displayed to users. The discrepancy, buried within the centralised system's own logs, was used to impeach the medical record on critical timing issues in a malpractice case.

Medical record credibility impeached on critical timing. Audit-trail conflict admitted in evidence.

Rambus ran an internal "Shred Days" document destruction programme in 1998-2000, destroying documents it knew would be relevant to anticipated patent licensing litigation. The Federal Circuit held Rambus's patents unenforceable as a result.

Patents declared unenforceable (Micron / Hynix). $250M sanction (Hynix). Seven years of litigation ultimately resolved by the destruction of Rambus's own records.

Plaintiffs' counsel stripped metadata from documents before producing them in TIFF format, then misrepresented to the court that full production had been made. The metadata removal was designed to conceal the documents' true creation and modification history.

Business-interruption claims dismissed. $75,000 sanctions against plaintiffs' attorneys. Referral for professional discipline.

Qualcomm intentionally withheld over 300,000 pages of emails relevant to patent standards-setting proceedings. The suppressed communications directly contradicted Qualcomm's litigation position. Outside counsel were referred for professional discipline.

$8.5M+ sanctions. Waiver of patent claims. Outside counsel referred to the State Bar.

A contract dispute about whether the parties had agreed to arbitration turned on a string of emails offered as proof of the agreement. Neither side laid a proper authentication foundation for the emails under Federal Rule of Evidence 901, and Magistrate Judge Paul Grimm refused to admit them. He used the resulting 100-page opinion to establish, for the first time in this depth, the methods by which electronic evidence must be authenticated: metadata integrity, chain of custody, and independent corroboration. He held that records produced from a party's own centralised system are not self-authenticating. The doctrine has anchored almost every subsequent US federal challenge to digital evidence.

Foundational doctrine established: centralised digital records require independent authentication. Cited in virtually every subsequent US challenge to electronic evidence.

Morgan Stanley failed to produce relevant email from backup tapes in a major fraud claim, misrepresenting the state of its email production to the court. The court issued an adverse-inference instruction shifting the burden of proof.

Adverse-inference instruction. Jury awarded $604M compensatory + $850M punitive. (Reversed on substantive grounds; the spoliation sanctions themselves stand as precedent.)

The plaintiff brought a $25M claim based on a single email purportedly from the defendant's CEO promising stock warrants. A court-appointed computer forensics expert filed a 147-page report concluding the email was "clearly not authentic": server logs and headers proved fabrication. The plaintiff was subsequently criminally indicted.

Dismissed for fraud on the court. Criminal fraud indictment followed. Leading US authority on email-forgery as fraud on the court.