EU Anti-Corruption Directive now in force: new corporate…

Key takeaways

The new EU Anti-Corruption Directive entered into force on 1 June 2026, introducing a harmonised minimum framework of corruption offences and penalties across participating EU Member States.
Corporate exposure is expected to increase across the EU with the Directive introducing harmonised corporate liability standards, including liability for failures in supervision and potential fines of up to 5% of worldwide turnover or €40 million, plus collateral sanctions, for key offences.
The Directive has notable extraterritorial features and sits alongside other regimes (such as the UK Bribery Act), creating overlapping but non-identical compliance expectations.
Member States must transpose core provisions by 1 June 2028; businesses should begin reviewing anti‑corruption programmes now.

Overview and legislative context

The new EU Anti-Corruption Directive (Directive (EU) 2026/1021) was published in the Official Journal of the European Union on 11 May 2026 and entered into force on 1 June 2026. The Directive creates a harmonised minimum framework for preventing and combating corruption across the EU. It consolidates and will substantially replace earlier EU anti‑corruption instruments, including the 1997 Convention on the fight against corruption involving EU officials and Council Framework Decision 2003/568/JHA on corruption in the private sector. It also amends Directive (EU) 2017/1371 on the protection of the EU’s financial interests.

Member States now have two years, until 1 June 2028, to transpose most of the Directive’s provisions into national law. Obligations relating to national anti-corruption strategies and sector risk assessments benefit from an additional year, until 1 June 2029. Businesses should use this window to review and consider upgrades to their anti-corruption programmes.

Key offences

A key feature of the Directive is a harmonised catalogue of criminal offences that all Member States must incorporate into their legal systems. The Directive aims to criminalise corruption offences when committed intentionally. Bribery offences may occur directly or through an intermediary. The key offences are as follows:

Bribery in the public sector (Article 3): The offence covers active bribery (the promise, offering, or giving of an undue advantage to a public official) and passive bribery (the request or receipt of such an advantage). The definition of “public official” is broad, extending beyond formal officeholders to cover any person exercising a public service function, including those working in state-owned or state-controlled enterprises or in privately-owned companies performing public service functions. The concept of “undue advantage” is broad and may include tangible or intangible, pecuniary or non-pecuniary benefits. Whether gifts, hospitality, or other benefits constitute an undue advantage will depend on the circumstances and applicable national rules.

Bribery in the private sector (Article 4): Active and passive bribery in the course of business is criminalised where a person directing or working for a private-sector entity acts (or refrains from acting) in breach of that person’s duties.

Misappropriation (Article 5): The misappropriation by a public official of property whose management is directly or indirectly entrusted to that public official, contrary to the purpose for which it was intended. Member States may optionally extend this to the private sector.

Trading in influence (Article 6): The Directive introduces a harmonised offence that was not part of previous EU measures on anti-corruption. It criminalises the giving or receiving of an undue advantage (including through an intermediary) to exert improper influence over a public official, regardless of whether the influence was real, actually exerted, or successful in affecting the public official’s conduct. The recitals make clear that the offence is not intended to criminalise legitimate interest representation activities, such as lawful lobbying, provided these do not involve an undue advantage or other corrupt conduct.

Other offences: The Directive also harmonises offences of unlawful exercise of public functions (Article 7), obstruction of justice in corruption proceedings (Article 8), enrichment from corruption offences (Article 9), and concealment of corruption proceeds (Article 10). Inciting, aiding and abetting, and (for certain offences) attempting to commit corruption offences is also criminalised (Article 11).

Corporate liability and sanctions

The Directive mandates that legal persons can be held liable for corruption offences on two grounds:

Offences committed by persons in leading positions: where a corruption offence is committed for the benefit of the legal person by an individual in a “leading position” (i.e., with authority to represent the entity, take decisions on its behalf, or exercise control within it).
Failure to supervise or control: a lack of supervision or control by an individual makes possible the commission of an offence for the benefit of the legal person.

For individuals, the Directive sets minimum maximum terms of imprisonment ranging from three to five years depending on the offence, alongside additional penalties such as fines and disqualification from public office or business activities.

For legal persons, the maximum fine must be at least 5% of total worldwide turnover (or €40 million) for core offences such as bribery and misappropriation, and at least 3% of worldwide turnover (or €24 million) for other offences, including trading in influence and obstruction of justice. Additional sanctions may include exclusion from public procurement, withdrawal of permits, judicial supervision, and publication of decisions.

Importantly, evidence of “genuine, effective and duly assessed” compliance programmes and rapid voluntary self-disclosure may be considered as mitigating factors when sentencing legal persons. However, “window dressing” compliance programmes will not qualify and may effectively operate as a negative factor.

Extraterritorial reach

Member States must establish jurisdiction where an offence is committed in whole or in part within their territory, or where the offender is a national. They may also extend jurisdiction to offences committed outside their territory where, amongst other scenarios, the offence is committed for the benefit of a legal person established in the Member State or in connection with any business done in whole or in part within its territory.

The Directive therefore has potentially significant extraterritorial implications. Depending on national implementation, non‑EU companies – including those headquartered in third countries but operating through subsidiaries or business activities in the EU – may face enforcement exposure in one or more Member States, in relation to conduct occurring outside the EU.

Comparison with the UK Bribery Act 2010

For businesses that have built anti‑bribery and corruption programmes around the UK Bribery Act 2010 (UKBA), the Directive is broadly comparable in ambition but differs in important respects:

Offence scope: the Directive harmonises nine offences (including trading in influence, misappropriation, and obstruction of justice); the UKBA focuses on four principal offences.
Corporate liability: the Directive requires liability for offences committed by persons in leading positions and for certain failures of supervision or control; the UKBA section 7 offence creates strict liability for failure to prevent bribery by “associated persons”, subject to an “adequate procedures” defence.
Compliance as defence vs mitigation: under the Directive, effective compliance programmes may reduce penalties but do not provide a complete defence; under the UKBA, adequate procedures provide a full statutory defence.
Corporate fines: the Directive mandates turnover-based thresholds (5% or €40 million); the UKBA provides for unlimited fines without prescribing turnover-linked caps.
Extraterritorial reach: both regimes have significant extraterritorial application, but the jurisdictional bases differ. The Directive permits Member States to adopt certain additional jurisdictional grounds for conduct occurring outside their territory, potentially increasing exposure for some businesses with EU operations or activities.

Recommended actions

Businesses with EU exposure – including EU-based companies and non-EU multinationals with operations, subsidiaries, or material business in the EU – should begin preparing now, well ahead of national transposition deadlines. In particular, companies should:

Refresh enterprise-wide anti-corruption risk assessments to reflect the broader catalogue of offences (notably trading in influence), cross-border activities involving EU jurisdictions, and interactions with public officials and state-controlled enterprises.
Review and enhance ABC programmes so that they can be demonstrated to be “genuine, effective and duly assessed”, including strong tone from the top, comprehensive policies, proportionate internal controls, and risk-based due diligence on third parties.
Map individuals in “leading positions” within EU operations and ensure that oversight responsibilities are clearly allocated, these individuals receive enhanced training on supervisory obligations, and reporting lines to board level are robust.
Review third-party and intermediary relationships, especially those with political or governmental connections, in light of the Directive’s trading in influence offence.
Ensure whistleblowing and speak-up channels explicitly cover corruption reporting and that incident response processes are ready for potential parallel proceedings against both individuals and the company.

Client Alert 2026-122

Related Insights

Our insights

Authors