Ofcom's BT Probe Signals Data Accuracy Is Now a Compliance Priority

The regulator announced on 29 April 2025 that it is examining whether BT Group (LSE: BT.A) complied with legally binding information requests issued in December 2023 under the Communications Act 2003, according to Ofcom's published statement. Those requests asked EE and Plusnet to submit detailed data on customer experiences, including orders and contracts for fixed phone and broadband services. Ofcom said initial evidence suggests "some" of the responses may not have been "complete and/or accurate."

BT shares fell roughly two per cent to 212p on the news, as first reported by City AM.

What Ofcom is investigating

The data in question feeds into Ofcom's annual "comparing customer service" report, a set of league tables that ranks telecoms providers on satisfaction, complaints handling, and service reliability. Providers are required under sections 135 to 137 of the Communications Act 2003 to respond to Ofcom's information requests fully, accurately, and on time. The obligation is not advisory; it is statutory.

Ofcom uses the submitted figures to compile published benchmarks that consumers rely on when switching providers and that the regulator itself uses to monitor market performance. If the underlying data is flawed, the rankings lose credibility, and Ofcom's ability to identify poor service across the industry is compromised.

The investigation will assess whether there are reasonable grounds to believe BT breached those requirements. Ofcom said it will gather further evidence before deciding on any enforcement action.

Notably, the probe arrives despite strong headline numbers from both brands in the most recent report. Plusnet ranked highest in the industry with 91 per cent overall satisfaction; EE scored above the market average. The possibility that those figures were compiled from questionable data underlines why the regulator treats accuracy as a distinct compliance obligation, separate from service quality itself.

The compliance risk behind statutory data requests

Ofcom stressed that its information-gathering powers are "central to monitoring the telecoms market and ensuring fair outcomes for consumers," according to its published statement. Providers are legally required not only to respond within the deadline but also to ensure the data they supply is reliable.

This is not a novel principle, but enforcement has historically been light. BT was fined £70,000 in 2018 and £42,500 in 2021 for similar information-provision breaches, according to Ofcom's enforcement records. O2 was fined £150,000 in 2021. Those sums are negligible for large operators and may have contributed to a perception that reporting failures carry little real consequence.

There are signs that perception is shifting. Since the 2021 cases, Ofcom has signalled a harder line on information-gathering compliance, framing accurate data submission as foundational to every other regulatory function it performs. A regulator that cannot trust the numbers it receives cannot set policy, identify harm, or hold providers to account.

For businesses outside telecoms, the pattern is recognisable. Regulators across sectors, from the Financial Conduct Authority to the Environment Agency, increasingly treat data integrity as a standalone compliance risk rather than an administrative footnote. Firms that supply statutory data, whether directly to a regulator or through a supply chain that feeds into regulatory reporting, face the same basic obligation: what is submitted must be complete and correct.

How large could the penalty actually be?

Under the Communications Act, Ofcom can impose fines of up to 10 per cent of relevant annual turnover. BT Group reported revenues of approximately £20.8 billion for the financial year ending March 2025, meaning the theoretical maximum penalty could run into the billions.

Alex Tofts, an analyst at Broadband Genie, noted the gap between theory and practice.

"For a corporation of BT's size, with revenues exceeding £20bn, this could theoretically reach into the billions. However, history suggests that for information-sharing failures, any fine would be much more modest, though still significant."

Past penalties support that assessment. The £70,000 and £42,500 fines levied on BT in 2018 and 2021 respectively, and the £150,000 imposed on O2 in 2021, were all orders of magnitude below the statutory ceiling. Even a significant escalation, say a fine in the low millions, would be immaterial against BT's revenue base or its net debt position, which stood at approximately £19.5 billion at the end of FY2025.

The financial impact on BT is therefore likely to be limited. The reputational and procedural impact may matter more. A formal finding would mark BT's third information-provision breach in under a decade, a record that could invite closer scrutiny of future submissions and erode the regulator's willingness to extend goodwill.

What regulated businesses should take from this

The BT investigation is instructive less for what it says about telecoms than for what it reveals about the direction of regulatory enforcement more broadly.

First, data accuracy is now treated as a compliance obligation in its own right. A business can deliver excellent customer outcomes and still face enforcement action if the data it reports to a regulator is incomplete or inaccurate. Plusnet's 91 per cent satisfaction score did not insulate it from the probe.

Second, the statutory framework already provides for severe penalties. The 10 per cent turnover ceiling exists in the Communications Act and equivalent provisions sit in other sectoral legislation. That regulators have historically imposed modest fines does not mean they always will. Enforcement policy evolves, and repeated breaches by the same operator make escalation more likely.

Third, compliance risk extends down the supply chain. SMEs that supply data to larger operators, or that sit in reporting chains feeding into statutory submissions, should understand that the accuracy obligation does not stop at the regulated entity's front door. If a subcontractor provides flawed data that ends up in a statutory return, the regulated firm bears the legal liability, but the commercial relationship with the supplier is unlikely to survive the fallout.

For finance directors and compliance leads, the practical takeaway is straightforward: statutory information requests deserve the same rigour as financial reporting. Internal controls, audit trails, and sign-off processes should apply to regulatory data submissions just as they do to annual accounts. The cost of getting it right is modest. The cost of getting it wrong, as BT is now discovering for the third time, compounds with each repetition.