The Boris Files are a trove of leaked data from the office of Boris Johnson, the former prime minister’s private office. The data shines a spotlight on Johnson’s commercial interests since he left Downing Street in September 2022.

It reveals how the former Conservative leader is using the relationships he forged in the UK’s highest elected office to facilitate his personal enrichment. He appears to be doing so via his private office, which is subsidised by the public.

It raises a number of serious questions for the ex-PM. Has he broken “revolving door” rules that restrict post-ministerial jobs? Did he breach the ministerial code? Has he been misusing public funds for private gain?

The leak also contains documents from Johnson’s time in office, raising questions about secret, undeclared meetings and potential breaches of Covid lockdown rules during the pandemic.

The Guardian is the only UK media organisation known to have viewed the Boris Files, and the first to have published stories based on the leak.

Where did the trove come from? What does it contain? And how has the Guardian decided what should be made public?

Emails, invoices, spreadsheets

The Office of Boris Johnson is a limited company that takes advantage of a scheme that allows former prime ministers to claim a six-figure sum in annual expenses from the Cabinet Office. The money is for administrative and secretarial costs “arising from their special position in public life”.

As leaks go, this one is relatively small: approximately 2GB of data, or 1,820 files. It includes emails, letters, invoices, spreadsheets, speeches and business contracts. These mostly postdate September 2022, when Johnson left office, but there are some files covering the entirety of his time in Downing Street.

The data was obtained by Distributed Denial of Secrets (DDoS), which archives data leaks. A US-registered non-profit committed to transparency, DDoS hosts a library of more than 360 data leaks online.

Data hosted by the group has in recent years formed the basis of hundreds of public-interest articles published by outlets including the Guardian, BBC, Washington Post, Financial Times and New York Times.

DDoS told the Guardian it did not know the provenance of the Boris Files, which it obtained earlier this year.

The leak will nonetheless raise security questions about potentially lax security provisions in Johnson’s office, given the data contains some confidential government documents and other sensitive materials.

In contrast to WikiLeaks, which was criticised for sometimes dumping raw data online, DDoS limits who can access its most sensitive data. Only approved journalists or researchers can access such leaks, including the Boris Files. Data is hosted on DDoS servers but can be viewed remotely.

Johnson claims public subsidies via the public duty costs allowance (PDCA), which enables former prime ministers to claim up to £115,000 a year to help fund their office, for example by contributing to salaries. Ex-PMs can also claim a pension allowance to contribute towards the pension costs of their office staff.

These funds are not supposed to cover security costs or private interests. The leak raises questions about blurred lines.

A senior Cabinet Office source confirmed Johnson had claimed PDCA funds to pay for staff salaries in his private office.

Johnson’s office employs three full-time staff. The data shows that all three have been involved in his commercial or business affairs. So how has Johnson ensured that the £182,000 claimed in PDCA funds has not been used for private gain?

The Guardian asked this and other questions of Johnson. He did not respond to multiple requests for comment. After publication, Johnson emailed a statement denying his office had misused the subsidy scheme. “This story is rubbish. The PDCA has been used entirely in accordance with the rules. The Guardian should change its name to Pravda,” he said.

The PDCA was created by Robin Butler, Margaret Thatcher’s loyal cabinet secretary. According to a report in the Times from 1991, it was introduced after friends of Thatcher, by then a backbench MP on a reduced salary, “let the considerable difficulties she faced on leaving office be known at Westminster”.

The money was always intended to pay for the public functions expected of former prime ministers, not to subsidise profit-generating business.

The private offices of John Major, Tony Blair, Gordon Brown, David Cameron and Theresa May all claim PCDA allowance, as does the office of Liz Truss, to some consternation given she only served for 49 days.

Given the minimal oversight over how the money is spent, the Boris Files will fuel calls for greater transparency.

‘Different expectations’

There is no suggestion that any other prime minister has used their private office to drum up business, although some may be using taxpayer-funded staff to arrange paid speeches, and others have certainly faced scrutiny over the manner in which they have sought financial gain after leaving Downing Street.

Blair was criticised after his consultancy, Tony Blair Associates, advised the kleptocratic leaders of Kazakhstan. Cameron found himself at the centre of a scandal arguably bigger than any he faced in office when it was revealed he had been lobbying former colleagues on behalf of Greensill Capital.

There is no suggestion that Cameron’s private office was involved in the Greensill affair. However, last year it became the subject of a decision by the Information Commissioner’s Office (ICO) that confirmed the public’s right to know about private offices run by ex-PMs.

The statutory data regulator issued its ruling after the Cabinet Office sought to resist a freedom of information request to release invoices and purchase orders from Cameron’s private office, claiming it contained the personal data of his staff.

The ICO ordered the release of some data, concluding there was a “clear and legitimate public interest” in providing the public with an understanding of how PDCA payments are being used by former prime ministers.

Cameron’s staff, the ICO added, “should arguably have different expectations” about what may be disclosed about them, given their company is “partly funded from the public purse and working in support of an ex-prime minister”.

The Guardian’s decision to review the Boris Files was based on similar principles. Former prime ministers and their state-subsidised private offices warrant scrutiny. Journalists are not statutory watchdogs, but in a functioning democracy they too have a role to play in holding power to account.

Journalists must act responsibly, weighing the public interest in the context of legal and ethical considerations. The stories we are publishing from the leak are based on a small proportion of the files.

The decision to publish them was the result of careful consideration, after concluding that a sufficient public interest threshold had been met.

Johnson, like Cameron, is no ordinary private citizen. He is a recently departed prime minister who, much like his predecessor, appears to be profiting lavishly from the privileges bestowed on him through public office. The public has a right to know.

The Boris Files reporting team: Harry Davies, Henry Dyer, Pippa Crerar, Tom Burgis, Rowena Mason, Jessica Elgot, Rob Evans and David Pegg.