EU ¦ The 2026 EU Anti-Corruption Directive

Directive Strengthens EU Criminal Response to Corruption – What Financial Crime Practitioners Need to Know

On 8 April 2026 the EU adopted a Directive that replaces and significantly expands earlier instruments (Council Framework Decision 2003/568/JHA and the 1997 Convention) and amends Directive (EU) 2017/1371. The new instrument sets common minimum definitions of a wide range of corruption offences, prescribes minimum penalties for natural and legal persons, requires Member States to adopt prevention strategies and anti‑corruption bodies, strengthens investigative and asset recovery tools, and tightens rules on jurisdiction, limitation periods and corporate liability. For anyone working in financial crime compliance, investigations, asset recovery or public procurement, the Directive makes several practical and legal changes that alter risk profiles, investigative options and cross‑border cooperation across the EU.

Core criminal offences and expanded scope

The Directive consolidates and harmonises offences across public and private sectors. It criminalises active and passive bribery of public officials; active and passive bribery in the private sector where employees or directors breach duties; misappropriation by public officials of entrusted property; trading in influence; unlawful exercise of public functions; obstruction of justice in corruption proceedings; enrichment from corruption by public officials; concealment of proceeds derived from corruption; and attempts, incitement and aiding/abetting for many of those offences.

Notably, the definitions for “public official” and “high‑level official” are broad. They explicitly include Union officials, persons performing public service functions even without formal office (including in state‑owned enterprises, asset management foundations and privately owned companies performing public services), staff seconded to Union institutions, arbitrators and jurors where relevant, and persons in international organisations or courts. Member States may define certain offences to apply to categories of public officials only, but the Directive’s design aims to close many historic accountability gaps.

Minimum penalties and corporate exposure

The Directive establishes minimum custodial penalties for individuals: at least five years’ maximum imprisonment for some public‑sector bribery scenarios (where the official acts in breach of duties), at least four years’ maximum for misappropriation and for enrichment/concealment, and at least three years for other bribery and trading‑in‑influence offences. Member States retain the right to set more severe penalties.

For legal persons the Directive requires effective, proportionate and dissuasive penalties and provides minimum fine benchmarks where applicable. For offences equivalent to serious bribery or misappropriation, Member States must ensure fines are either a percentage of worldwide turnover (5% or 3% depending on the offence) or fixed sums (EUR 40 million or EUR 24 million alternatives). The Directive also lists additional sanctions for companies: exclusion from public funding and tenders, withdrawal of authorisations, judicial winding‑up, closure of offending establishments, and publication of judgments (subject to privacy/data protection rules).

Crucially, corporate liability mirrors leading international standards: companies are liable when offences are committed for their benefit by persons in a leading position (representation, decision authority, control), and for offences enabled by a lack of supervision or control. That structure increases the need for robust compliance programmes, governance and supervisory controls to mitigate enforcement risk.

Bastian Schwind-Wagner _Follow

"The Directive establishes a stronger, more harmonised EU criminal framework against corruption, increasing risks for individuals and companies while creating clearer incentives for effective compliance, cooperation and voluntary disclosure. Its broad definitions and mandatory corporate liability rules mean organisations must demonstrate genuine prevention measures and be prepared for coordinated cross‑border enforcement.

Immediate action is required: strengthen anti‑corruption controls, update third‑party due diligence and whistleblower channels, and prepare cross‑border incident response plans. Legal and compliance teams should monitor national transposition closely and document improvements to compliance programmes to preserve mitigation opportunities."

Aggravating and mitigating factors – incentives for cooperation and compliance

The Directive identifies aggravating circumstances (committing offences within organised crime structures; involvement of high‑level officials; prior convictions; substantial benefit or damage; offenders exercising investigation/prosecution/adjudication functions; exploiting vulnerabilities; conduct by obliged entities under AML rules). It also provides mitigating possibilities: cooperation yielding otherwise inaccessible evidence; and, for legal persons, existence of effective internal controls, ethics and compliance programmes or swift voluntary disclosure and remedial actions after discovery.

Practically, this creates a clearer incentive structure for self‑reporting and negotiated remediation and for investments in effective compliance tailored to corruption risk – while underlining that “window dressing” compliance will not reliably mitigate exposure.

Enhanced investigative and asset recovery tools

The Directive mandates that Member States provide effective investigative tools, including tools used against organised crime, to detect and prove covert corruption. It requires asset tracing , freezing and confiscation measures for proceeds and instrumentalities of corruption, and aligns with existing EU instruments on asset recovery (Directive (EU) 2014/42/EU and Directive (EU) 2024/1260). Concealment and enrichment by public officials are criminalised, complicating concealment strategies and reinforcing the link between anti‑corruption and anti‑money laundering enforcement.

Cross‑border cooperation and information exchange

The Directive emphasises cross‑border coordination and requires Member States’ law enforcement authorities to use Europol’s SIENA for information exchange, consistent with EU data and information sharing frameworks. It encourages referrals to Eurojust for jurisdictional conflicts and envisages cooperation with EU bodies including OLAF , the European Public Prosecutor’s Office (where competent), and the Commission. For practitioners, this signals more routine, structured cross‑border investigation channels and higher likelihood of coordinated actions across jurisdictions.

Jurisdiction, limitation periods and procedural impacts

Member States must establish jurisdiction where offences occur within their territory or are committed by their nationals. They may extend jurisdiction in defined additional circumstances (habitual residence, offences committed for the benefit of a company established in their territory, and so on). Limitation periods for initiating proceedings are extended in many cases – minimum investigative/prosecution windows of at least five or eight years depending on the gravity of the offence – and minimum enforcement limitation windows after final conviction are also lengthened (with the most serious offences requiring enforcement periods up to ten years). The Directive also requires Member States to ensure privileges or immunities for national officials can be lifted so corruption investigations can proceed, consistent with constitutional constraints.

Prevention, national strategies and institutional requirements

Beyond criminalisation, the Directive requires Member States to adopt and publish national anti‑corruption strategies and to perform regular risk assessments identifying sectors and occupations most at risk. Member States must ensure bodies or organisational units exist to prevent and to repress corruption, staffed adequately and protected from undue interference. Preventive measures include asset and interest declarations, conflict‑of‑interest rules, transparency measures, revolving‑door regulations, rules on interactions between public and private sectors, and targeted training for public officials, judiciary and law enforcement. The Directive also expressly encourages the participation of civil society and protection for whistleblowers under Directive (EU) 2019/1937.

Data and reporting obligations

Member States must collect, publish annually and supply the Commission with anonymised statistics on registered and adjudicated corruption offences, dismissed cases (including due to expiry of limitation periods), numbers of prosecutions, convictions and fines against natural and legal persons, types and levels of penalties and non‑trial resolutions where they exist. This is aimed at better measuring scale, trends and enforcement effectiveness and supports EU monitoring and evaluation.

Practical implications for financial crime and corporate compliance professionals

Risk assessment escalation

Firms should reassess corruption risk across operations, particularly where firms provide public services, engage in public procurement, operate in sectors identified as high‑risk (e.g., investor citizenship/residence schemes flagged in the Directive), or have significant public interface.

Compliance programme upgrades

The Directive’s linkage of mitigation to genuine, effective compliance programmes means documented, tested, and measurable preventive controls are essential – risk mapping, third‑party due diligence, monitoring, internal audits, reporting channels and timely remediation. Policies should cover facilitation payments, gifts and hospitality, political contributions and interactions with public officials and high‑risk intermediaries.

Monitoring and recordkeeping

With broader criminal exposure for concealment and enrichment, firms should tighten controls over beneficial ownership, unusually structured transactions, and unexplained wealth indicators. Enhanced transaction monitoring and retention of documentation relevant to public contracts and politically exposed persons (PEPs) interactions will materially aid defence and mitigation.

Whistleblower channels and protections

Organisations should ensure internal reporting channels meet or exceed the Directive’s expectations and Directive (EU) 2019/1937 requirements, provide strong non‑retaliation safeguards and integrate prompt investigation and remedial procedures.

Cross‑border incident response

Given expanded SIENA use and expectations for cross‑border cooperation, multinational companies and financial institutions should have coordinated incident response plans and legal strategies that account for simultaneous investigations in multiple Member States, possible asset freezes, and increased Eurojust/OLAF involvement.

Tendering and procurement exposure

Because convictions may lead to exclusion from tenders and public funding (including below-threshold procurements), companies must harden compliance where public contracts are part of their business model. Pre‑contract compliance due diligence and contractual terms requiring anti‑corruption compliance from suppliers and intermediaries will be more important.

Investigations and evidence strategy

The Directive’s encouragement of specialised investigative tools and emphasis on cross‑border cooperation increases the likelihood of coordinated evidence collection. Legal teams should prepare for multi‑jurisdiction warrants, asset freezing requests and mutual legal assistance , ensure robust privilege management and plan for prosecution and settlement options where appropriate.

Corporate enforcement and remediation options

The Directive accepts non‑trial resolutions as pragmatic but warns of associated challenges; Member States are “encouraged” to handle such challenges appropriately. Where national frameworks allow corporate settlements or deferred prosecution mechanisms, companies that can show early, voluntary disclosure, cooperation and genuine remediation may obtain mitigating treatment – subject to judicial and national discretion. These opportunities will vary significantly between Member States; legal advice should be both local and specialised.

Next steps and timelines for Member States

Member States must transpose the Directive into national law within the specified timelines (generally 24 months after entry into force, with some prevention provisions allowed up to 36 months). The Commission will report within four years on transposition and within six years on the Directive’s added value, including an assessment of impacts on fundamental rights. In practice, many Member States will begin legislative drafting immediately, and enforcement bodies will review investigative resources and procedures in parallel.

Action checklist for practitioners

• Reassess country and sector corruption risk, focusing on public procurement, state‑owned enterprises and public‑service delivery chains.
• Review and, where necessary, redesign compliance programmes to be demonstrably effective, adequately resourced and tailored to corruption risks.
• Strengthen third‑party due diligence and contract clauses with suppliers, agents and intermediaries.
• Implement or upgrade internal reporting channels to meet EU whistleblower standards and ensure protection from retaliation.
• Prepare coordinated cross‑border incident response playbooks that account for SIENA, Eurojust, OLAF and national investigative cooperation.
• Revisit corporate governance and supervision controls to show active monitoring and reduce “lack of supervision or control” liability exposure.
• Ensure legal teams understand transposition developments in each Member State where you operate and plan for possible criminal exposure and remediation negotiations.

Conclusion – a more convergent, enforcement‑oriented EU landscape

The Directive represents a decisive shift toward a harmonised, enforcement‑oriented approach to corruption across the EU. It narrows legal fragmentation, raises corporate and individual exposure, and promotes stronger preventive governance and cross‑border investigative cooperation. For financial crime professionals, the message is clear: invest now in demonstrable, well‑documented anti‑corruption controls, adapt incident response capabilities for coordinated international probes, and prepare to engage constructively with national enforcement authorities should allegations emerge.

Dive deeper

• EUR-Lex ¦ Council Framework Decision 2003/568/JHA on combating corruption in the private sector ¦ Link
• EUR-Lex ¦ 1997 Convention ¦ Link
• EUR-Lex ¦ Directive (EU) 2017/1371 on the fight against fraud to the Union’s financial interests by means of criminal law ¦ Link
• EUR-Lex ¦ Directive (EU) 2014/42/EU on the freezing and confiscation of instrumentalities and proceeds of crime in the European Union ¦ Link
• EUR-Lex ¦ Directive (EU) 2024/1260 on asset recovery and confiscation ¦ Link
• EUR-Lex ¦ Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law ¦ Link