EU Adopts Bloc-Wide Anti-Corruption Directive

In April 2026, the EU adopted a new Anti-Corruption Directive introducing a harmonized anti‑corruption and corresponding corporate liability regime that Member States must transpose into national law within the next two years. One of the Directive’s main goals is closing enforcement gaps in cross-border cases.

Key aspects are:

• Harmonized definitions of core corruption offenses across the EU;
• Effective compliance measures as a mitigating factor in proceedings;
• Fines of up to 5% of worldwide turnover;
• Expansion of corporate liability to failures in supervision or control;
• Potential facilitation of more consistent cross-border enforcement;
• Potential application to misconduct abroad; and
• Close cooperation and data sharing between national authorities and EU bodies.

Companies should therefore:

• Review and update their anti-bribery policies;
• Assess internal controls and oversight mechanisms;
• Revisit risk assessments and training programs; and
• Monitor national transpositions, which can vary.  

I. Detailed Overview

The Directive establishes a minimum harmonization for corruption-related criminal offenses across the EU, i.e., (i) public/private sector bribery, (ii) trading in influence, (iii) misappropriation, (iv) unlawful exercise of public function, (v) obstruction of justice, (vi) enrichment from corruption offenses, and (vii) concealment. By aligning key definitions, the Directive aims to reduce divergences between national regimes.

Public and Private Sector Bribery: The Directive introduces harmonized rules on bribery across both the public and private sectors, covering both active and passive conduct. In the public sector, this includes the offering or granting, as well as the requesting or acceptance, of an undue advantage, whether tangible or intangible, pecuniary or non-pecuniary, in connection with the exercise of public functions (Art. 7). Notably, the concept of “public official” is defined broadly and extends beyond traditional public administration to include individuals performing public functions in state-owned or state-controlled enterprises, as well as in privately owned entities entrusted with public service functions (recital 9).

In the private sector, Art. 8 establishes comparable rules, covering both the granting and acceptance of advantages in a business context where such conduct is linked to a breach of professional duties. These provisions aim to strengthen the integrity of commercial relationships and ensure fair competition (recitals 10, 10a).

Trading in Influence: Art. 10 introduces a new standalone offense that will potentially require companies to review existing lobbying/public policy actions. Active influence trading is defined as intentionally promising, offering, or giving a benefit to someone to use their influence over a public official improperly to obtain an undue advantage. Passive influence trading is defined as accepting a benefit (or its offer/promise) to improperly influence a public official to obtain an undue advantage. Such behavior is prohibited regardless of whether or not the influence is exerted, or whether or not it leads to the intended results. Several Member States may not be familiar with this type of offense as national provisions often focus on the quid-pro-quo with a public official rather than the brokering or purchasing of influence by a third party. The legitimate exercise of acknowledged forms of interest or legal representation to legitimately influence public decision making is said to not be in scope (recital 12). However, the line between improper and legitimate influence may not be easy to draw – especially in Member States without clear transparency regulations (e.g., regarding lobbying, disclosure of conflicts of interest, “revolving doors” between the private and public sector, or the financing of political parties).

Corporate Liability and Turnover-Based Fines

The Directive introduces a corporate liability framework that will be new for some Member States. Companies may be held liable not only for offenses committed by individuals in “leading positions,” but also where a lack of supervision or control has enabled misconduct (Art. 16) – similar to the liability framework under the German Act on Regulatory Offenses (OWiG).

Regardless of the company’s liability qualifying as criminal or administrative misconduct, potential fines are steep and shall be based either on a percentage of the legal person’s worldwide turnover or, alternatively, fixed maximum amounts (Art. 17). The Directive provides for maximum fines amounting to (at least):

• 5% of the legal person’s worldwide turnover in the case of bribery (or EUR 40 million) or
• 3% of the legal person’s worldwide turnover in the case of trading in influence (or EUR 24 million).

Member states remain free to introduce steeper maximum fines.

Further sanctions measures, such as the following, are introduced:

• Exclusion from public procurement;
• Withdrawal of permits;
• Placing under judicial supervision;
• Restrictions on business activities; and
• Publication of the decision.

Additionally, the Directive introduces minimum limitation periods for corruption-related conducts of at least five years and up to eight years depending on the nature and severity of the offense (Art. 21). From a transactional perspective, longer limitation periods may expand the window of potential liability for historical conduct. This may have implications for M&A transactions, particularly in relation to due diligence processes.

Territorial Scope and Cross-Border Investigations

A Member State’s jurisdiction to prosecute a corruption offense will be established if the offender is a national or the offense was committed in whole or in part within its territory (Art. 20). This includes misconduct by means of information systems used on a Member State’s territory (recital 24), which raises the question whether jurisdiction could be established based only on a company’s digital connection to a Member State (e.g., by using an IT infrastructure in that Member State). Art. 20 also allows Member States to assert jurisdiction in a range of cross-border scenarios with a sufficient nexus to the Member State, including where (i) the offender is a habitual resident in its territory, (ii) the offense is committed against one of its nationals or its habitual residents, or (iii) the offense is committed for the benefit of a legal person established in its territory or in respect of any business done in its territory. This broader jurisdictional reach means that companies with operations or commercial links to the EU may be exposed to enforcement action by individual Member States, even where the relevant conduct took place outside their territory.

Furthermore, Art. 24 encourages cooperation between Member States’ authorities and the relevant EU institutions such as the Commission, Europol, Eurojust, the European Anti-Fraud Office (OLAF), and the European Public Prosecutor’s Office (EPPO) – thereby reflecting the increasingly international nature of corruption cases.

Compliance Measures as Mitigating Circumstances

With regard to corporate liability, the Directive emphasizes the importance of preventive and remedial measures. Art. 18a states that effective compliance programs, internal controls, and remediation efforts may be considered as mitigating factors when determining sanctions. Prompt collaboration with the authorities and disclosure of relevant information may also reduce sanctions. “Window dressing” programs, on the other hand, can have the opposite effect (recital 23). This increases legal certainty that investing in a robust compliance management system as well as professional and appropriate communication with authorities will pay off across the EU. Recital 5 underlines this by emphasizing that the private sector plays a key role in preventing and detecting corruption, and that Member States can encourage the elaboration and implementation of robust and effective compliance mechanisms within private companies. It also encourages Member States to cooperate in elaborating common guidelines for such compliance programs, which can include notably a risk map, a code of conduct, and third-party evaluation, as well as internal control and audit.

II. What’s Next?

The Directive will enter into force 20 days after publication in the Official Journal of the EU. Member States will then have 24 months to transpose the Directive into national law (certain prevention-related requirements are subject to a 36-month implementation period). They are also required to adopt national anti-corruption strategies, conduct regular risk assessments, and ensure the existence of dedicated bodies for prevention and enforcement. While all Member States have laws prohibiting bribery and corruption to some extent, many will have to amend their national laws to comply with the new liability and penalty regime determined by the Directive. Considering that the Directive, per the EU Parliament’s express statement, is aimed at closing enforcement gaps, a significant uptick in enforcement actions or, at least, increased scrutiny of the authorities is to be expected. 

III. Conclusion

Overall, the Directive represents a significant step toward a more harmonized bloc-wide anti‑corruption framework and respective enforcement. While it does not match the centralized enforcement or extraterritorial reach of regimes such as the U.S. Foreign Corrupt Practices Act or the UK Bribery Act, it does reflect the EU’s growing alignment regarding corporate liability and enforcement. Ultimately, the degree of harmonization throughout the EU will depend on how Member States transpose the Directive and enforce its provisions as they continue to have considerable discretion in this regard.

This client alert was drafted with the support of legal research assistant Fynn Noack.