A memorandum of understanding between the IRS and Immigration and Customs Enforcement (ICE) has enabled, under certain conditions, the transmission of taxpayer identification data for criminal immigration investigations without prior judicial authorization. This agreement introduces early risks for employers, including heightened exposure to audits, site visits, administrative scrutiny, and potential legal actions.
The agreement, now facing a legal challenge, alters the application of tax secrecy in immigration enforcement and increases employers’ risks during audits, site visits, and requests.
Foley & Lardner LLP, in The National Law Review (October 20, 2025), explains that the protocol allows immigration authorities to obtain a target’s most recent mailing address for specific crimes.
Legal experts cite Title 8, Section 1253(a)(1), which concerns people staying over 90 days after a deportation order. Attorneys say this shifts tax practice from protecting declarative information.
Tax secrecy, guaranteed under Section 6103 of the Internal Revenue Code, generally prohibits any disclosure of taxpayer information. However, imagine Section 6103 as a large, secure wall protecting taxpayer data. The protocol takes advantage of a ‘criminal exception,’ which acts like a narrowly opened side door in this wall, allowing authorities to peek through under specific conditions. This opening authorizes disclosure to an authority when they are preparing proceedings or conducting investigations that could lead to prosecution.
Immigration authorities must request IRS data in writing. Requests must identify the target, tax periods, criminal basis (e.g., Title 8, Section 1253(a)(1)), deportation order details, justification for the information, and certify it will be used only as Section 6103(i)(2)(A) allows, for the specified crime.
The IRS checks if the request is complete and valid before sending information. Immigration authorities must follow sensitive tax data security standards.
For businesses, only address and identity information can be shared. The protocol does not let authorities access full tax returns, finances, or employer information. Use is limited to preparing or prosecuting criminal cases and related proceedings.
According to Foley & Lardner LLP’s analysis, this new channel could enable more precise residential targeting, allowing the agency to rapidly locate individuals subject to deportation orders, which would theoretically reduce the need for mass workplace raids. However, the authors note that in practice, large-scale operations remain administratively efficient, and there is no indication that they will be abandoned.
Recent budget laws add $170 billion to immigration enforcement, with over $75 billion for ICE. This will likely result in more audits, site visits, and document reviews, according to The National Law Review (October 20, 2025).
Ongoing Legal Challenges
Several lawsuits have challenged the agreement. In Centro de Trabajadores Unidos v. Bessent (D.C. District Court, No. 1:25-cv-00677), groups requested a preliminary injunction out of concern for civil removals. The court denied it, finding the protocol’s disclosure limits for criminal matters comply with Section 6103(i)(2).
On appeal in the D.C. Circuit (No. 25-5181), 93 members of Congress filed an amicus brief warning that the protocol could erode trust in the tax system, undermine voluntary compliance, and blur the lines between tax and immigration roles. They say Section 6103 was meant to shield tax data from political or unrelated use, unlike the interagency sharing now in place. The court heard arguments on October 3, 2025, and has yet to rule.
Such data-sharing without strict oversight might discourage honest and voluntary reporting of taxes, as taxpayers could fear their information being used beyond its original intent. This potential chilling effect on transparency could pose a broader challenge to maintaining systemic trust within the tax framework, compelling stakeholders to closely monitor the unfolding litigation.
The protocol primarily targets crime, but the authorities’ use of it is unclear. Currently, businesses are facing an increased number of administrative requests, audits, inspections, and potential employer prosecutions as law enforcement pledges to utilize every available tool.
To address these challenges effectively, it is essential to differentiate between strategic risks that may impact long-term reputation and operational risks associated with immediate administrative penalties. Strategic risks could involve public perception and brand image in response to adhering to legal protocols, while operational risks include audits and fines that require immediate action.
Legal practitioners recommend that employers take preventive measures: review recruitment and payroll procedures to ensure accuracy; verify document retention policies; update internal protocols by designating official contacts and establishing clear decision-making processes, engaging retained counsel, and maintaining control registers; provide training for human resources and compliance teams on how to receive and track official requests; and closely monitor the outcome of ongoing legal challenges regarding the protocol. A two-tier risk table could further help leaders allocate resources more effectively by highlighting where proactive investment yields the greatest return. Organizing risks into immediate and long-term categories empowers businesses to prioritize their responses more strategically.
In the short term, the new tax channel for identifying individuals targeted for criminal offenses, combined with enhanced operational capacity, increases the likelihood of immediate enforcement. Tactics such as residential checks, expedited documentary audits, and continued large-scale operations are expected. For employers, urgent action is required to minimize risk: conduct internal compliance reviews, update employee records, and provide compliance training now, before any intervention occurs, to avoid disruptions such as work stoppages, workforce losses, and media exposure.
