IRS Issues Key Tax Guidance & Updates

Mid-July 2025 was not exactly a lazy summer for the Internal Revenue Service. While most people were thinking about
vacations and iced coffee, the IRS rolled out a string of releases between July 12 and July 29 that quietly reshaped how
tax professionals secure data, how large corporations are examined, and how late filers can minimize the financial sting of
missing the April deadline.

In that brief window, we saw four headline items:

• Cybersecurity warnings and guidance for tax professionals, including a major focus on phishing and data breaches.
• New interim guidance to streamline and “customer-focus” audits of large businesses and international taxpayers.
• Practical help for individuals who still hadn’t filed their 2024 returns by the April 2025 deadline.
• A broader policy backdrop shaped by the One Big Beautiful Bill Act (OBBBA) and the IRS’s 2025–2026 Priority Guidance Plan.

Let’s unpack what changed, why it matters, and what real-world actions taxpayers and advisors should take before these
“summer updates” show up as surprises on returns, in audits, or in your inbox courtesy of a very determined phisher.

1. Why the July 12–29, 2025 Window Matters

The July guidance didn’t overhaul the tax code overnight, but it did tighten several screws:

• It raised the bar on cybersecurity for tax professionals by tying long-standing expectations (like having a
  Written Information Security Plan, or WISP) to explicit enforcement messaging and education campaigns.
• It pushed the IRS Large Business & International (LB&I) division to handle audits more efficiently and collaboratively,
  reflecting growing pressure to do more with fewer resources.
• It reminded late-filing individuals that they still have options, online tools, and payment arrangements that can keep
  penalties from snowballing.

All of this lands in the shadow of the OBBBA, which reshaped credits (especially clean energy and vehicle incentives) and
spawned a wave of follow-on guidance for 2025 and beyond.

2. Cybersecurity & Identity Theft: The IRS Turns Up the Heat

2.1. Phishing Attacks: “Tax Pros, Please Stop Clicking Everything”

On July 15, 2025, the IRS and its Security Summit partners released IR-2025-75, warning tax professionals about increasingly
sophisticated phishing schemes and other attacks targeting taxpayer data.

The release, part of the “Protect Your Clients; Protect Yourself” summer campaign, highlights several flavors of phishing:

• Classic phishing: Bulk emails with malicious links or attachments.
• Spear phishing: Highly targeted messages that impersonate specific clients or firm partners.
• Clone phishing: A legitimate prior email is copied and subtly altered to insert a malicious link.
• “Whaling” attacks: Attempts aimed at high-value targets like managing partners or CFOs.

These warnings line up with broader cybersecurity research showing that phishing incidents continue to rise and that even
security leaders themselves still fall for realistic-looking scamsespecially now that AI can generate clean, typo-free,
context-aware messages.

For firms, the July 15 message is not just “be careful.” It’s effectively a mandate to:

• Run recurring staff training on recognizing phishing red flags.
• Lock down remote access, email rules, and multifactor authentication.
• Have a documented incident response playbook for when (not if) someone clicks the wrong link.

2.2. Written Information Security Plans (WISP): From “Nice to Have” to “Do It Now”

On July 29, 2025, IR-2025-79 drove home a point the IRS and Security Summit have been making for years: every tax practice
that handles taxpayer data must have a Written Information Security Plan.

A WISP is a documented roadmap showing how a firm:

• Identifies and classifies sensitive data (SSNs, bank details, income records).
• Implements administrative safeguards (policies, training, access control).
• Implements technical safeguards (encryption, MFA, secure backups, patching).
• Implements physical safeguards (locked file rooms, visitor logs, device security).

The July release doesn’t create the WISP requirementit emphasizes that it’s already embedded in federal rules and IRS
guidance and that enforcement expectations are rising. IRS Publication 5708 and Security Summit resources give step-by-step
frameworks for building or updating a WISP scaled to a firm’s size.

In practical terms, if your “security plan” is a one-page Word file last updated during the dial-up era, this July guidance is
the universe politely nudging you: upgrade now.

3. LB&I Interim Guidance: Faster, More Collaborative Corporate Audits

The July 25, 2025 release, IR-2025-77, targets the Large Business & International divisionresponsible for auditing large
corporate and cross-border taxpayers. The IRS issued an Interim Guidance Memorandum titled
“Reinforcing the Customer Focused, High Efficiency Large Business & International Examination Process,” which sounds like
buzzword bingo but actually contains tangible changes.

Three key shifts stand out:

1. Phasing out the Acknowledgement of Facts (AOF) IDR process.
   Historically, LB&I exam teams used AOF requests to “lock in” the facts of a case before moving on to legal analysis.
   The IRS now views the AOF process as adding delay without enough value, and it plans to eliminate it entirely by 2026.
   Through the end of 2025, taxpayers can choose whether to use AOF, giving the IRS time to gather feedback before finalizing
   the change.
2. Clarifying and expanding Accelerated Issue Resolution (AIR).
   AIR allows the IRS and taxpayers to resolve recurring issues for multiple years under a single closing agreement. The July
   guidance confirms that AIR is available to Large Corporate Cases (formerly under the Coordinated Examination Program),
   potentially reducing year-by-year re-litigation of the same issues.
3. Tightening review of Fast Track Settlement (FTS) denials.
   FTS is an alternative dispute resolution mechanism where Appeals mediates disputes while the exam is still open. Under the
   new guidance, LB&I personnel must meet stricter review and approval standards before rejecting a taxpayer’s FTS request,
   making it harder to say “no” without a solid reason.

Put simply, the IRS is trying to move large audits away from “endless back-and-forth” toward earlier, more comprehensive
resolution. With staffing cuts and budget constraints in the background, efficient exam tools like AIR and FTS are becoming
survival strategies for both the IRS and large taxpayers.

4. Summer Help for Late Filers: It’s Not Too Late, But Don’t Wait

On July 22, 2025, IR-2025-76 reminded taxpayers who missed the April deadline that they’re late, but not doomed.

The IRS emphasizes three main points:

• File as soon as possible. Penalties and interest accrue until the return is filed and the tax is paid.
• Use IRS online tools. Taxpayers can e-file, check refund status, make payments, set up payment plans, and
  view account balances through IRS Online Account and other self-service options.
• Seek help when needed. Taxpayer Assistance Centers, phone lines, and online resources are still available,
  even deep into summer, to help late filers understand their options.

This message dovetails with other 2025 guidance announcing that, under OBBBA, withholding tables and information return formats
for 2025 won’t drastically change, even though more structural adjustments (like new deductions for tips and overtime) kick in
for 2025 through 2028.

5. How July’s Guidance Fits Into the 2025–2026 Tax Landscape

These July releases don’t live in a vacuum. They sit on top of:

• The 2025–2026 Priority Guidance Plan, which outlines over 100 projects Treasury and IRS will prioritize, including
  implementation of OBBBA provisions, retirement plan updates, and clean energy credit phase-outs.
• New rules related to deductions for qualified tips and overtime pay, which were fleshed out in late-2025 guidance.
• Continual adjustments to bond rates, mortality tables, and other technical parameters in the Internal Revenue Bulletin that
  feed into pension funding and other long-term calculations.

From a planning standpoint, mid-2025 is a pivot moment: taxpayers are working under OBBBA-era rules, but many credits and
deductions have sunset dates approaching in late 2025 and 2026, especially in the clean energy space.

6. Practical Action Steps by Audience

6.1. Solo Practitioners & Small Tax Firms

• Build or overhaul your WISP. Use IRS Publication 5708 and Security Summit materials as a checklist for data
  classification, access control, incident response, and training.
• Run a phishing drill. Simulate suspicious emails internally and see how staff respond. Use failures as
  training opportunities, not punishment.
• Document policies. If your security procedures live only “in someone’s head,” they don’t exist from a
  regulatory perspective. Put them in writing and revisit them annually.

6.2. Large Corporate & Multinational Taxpayers

• Map your open LB&I cycles. Identify where AIR or FTS could be used to close multi-year issues more efficiently
  under the July 2025 guidance.
• Revisit AOF-heavy strategies. If your current approach relies on Acknowledgment of Facts IDRs, start planning
  for a world where that procedural tool goes away by 2026.
• Coordinate with legal and audit committees. The changes affect not just tax computations but also how quickly
  disputes can be resolved for financial reporting purposes.

6.3. Individual Taxpayers (Especially Late Filers)

• File even if you can’t pay in full. The failure-to-file penalty is generally harsher than the failure-to-pay
  penalty. Filing stops the former from growing, even if the latter continues.
• Use payment plans. The IRS offers online installment agreements and other arrangements for manageable balances.
• Watch for future guidance on OBBBA deductions. If you receive significant tips or overtime, emerging guidance
  for 2025–2028 may open new deduction opportunities.

7. Experience-Based Insights from the July 2025 Guidance

While every taxpayer’s situation is unique, certain patterns are already emerging in how firms and businesses respond to the
July 12–29, 2025 guidance. The following examples are composites based on common scenarios and commentary from tax and
security professionals.

7.1. The “Copy-Paste” WISP That Wasn’t Enough

Many small tax practices entered 2025 with a WISP that was essentially a template downloaded years ago, populated with the
firm’s name, and never touched again. After IR-2025-79 and repeated Security Summit messaging, advisors began comparing those
dusty documents with current IRS and FTC expectations. The gap was hard to ignore.

Firms that took the July reminder seriously typically started by:

• Inventorying who actually had remote access to client data.
• Requiring multifactor authentication for email and tax software accounts.
• Formalizing backup and recovery procedures (instead of “we think IT handles that”).
• Running tabletop exercises to practice what happens if a staff member clicks a malicious link.

The result wasn’t just better complianceit often uncovered inefficiencies, like unused accounts or outdated software, that
were quietly increasing risk without adding any value.

7.2. A Large Corporate Audit That Finally Moved

On the LB&I side, law and accounting firms report that the interim guidance shook loose some long-running audit cycles.
Cases where the same transfer-pricing or inventory accounting issue appeared year after year became prime candidates for
AIR and FTS.

In a typical scenario, a multinational company with multiple open years agreed with LB&I to:

• Use AIR to settle a recurring issue across several tax years under a single closing agreement.
• Explore FTS for the few remaining disputed items, with Appeals facilitating the discussion.

Even when the final tax cost didn’t decrease dramatically, the overall process became more predictable and less disruptive.
For public companies, that predictability matters almost as much as the actual dollar amount.

7.3. Late Filers Who Discovered the “Online IRS”

On the individual side, late-filing taxpayers who assumed they were “in trouble forever” discovered, often through the July
22 release and related social media posts, that they could log into IRS Online Account, see their balances, and set up payment
plans without waiting on hold.

In practice, taxpayers who:

• Filed electronically in July or August,
• Set up a payment plan based on realistic monthly amounts, and
• Avoided new under-withholding for the rest of the year,

often found that penalties and interest remained annoying but manageablenot the life-ending disaster they had imagined.

7.4. Security Culture as a Competitive Advantage

Finally, one subtle theme in the July 2025 guidance is that “security culture” is becoming a differentiator. Tax pros who
communicate clearly about WISPs, phishing training, and data safeguards can turn mandatory compliance into a selling point
for clients increasingly worried about identity theft and data breaches.

In a world where a single compromised email account can expose thousands of SSNs, being able to say “we take security as
seriously as your tax planning” is more than just a taglineit’s a survival strategy.

8. Conclusion

The IRS updates issued between July 12 and July 29, 2025, may not grab front-page headlines, but they pack a punch for anyone
who prepares returns, manages large corporate tax positions, or simply filed late and hoped for the best. Stronger emphasis
on WISPs and phishing defenses, streamlined LB&I exam tools, and practical help for late filers all point toward a tax system
that’s tryingunder real-world constraintsto be more secure, more efficient, and slightly more forgiving.

The takeaway is simple: don’t treat these July releases as one-day news items. Treat them as a mid-year checklist. Update your
security plan, reconsider your audit strategy, and, if you’re a late filer, take advantage of the tools that exist before
penalties and interest grow any further.