The EU Anti-Corruption Directive: what it means for your compliance program

On April 21, 2026, the EU formally adopted its first unified criminal law directive against corruption. The European Parliament had endorsed it on March 26; the Council's adoption followed weeks later, and the Directive entered into force on May 11, 2026. It introduces harmonized definitions of corruption offenses, minimum criminal sanctions, and stricter enforcement mechanisms across all 27 member states. If your company operates in the EU, this changes how you manage anti-corruption risk.

Why this matters to your business right now

Until now, EU countries operated under fragmented corruption laws. A bribery scheme could result in vastly different criminal penalties, investigation timelines, and enforcement depending on which country discovered it.

That fragmentation created compliance complexity for multinational companies trying to enforce uniform anti-corruption policies. The regulatory exposure was unpredictable, and what qualified as a criminal offense in one jurisdiction might not in another.

The new Directive addresses this directly. For the first time, the EU establishes harmonized criminal law definitions, sanctions, and enforcement mechanisms across all member states. For compliance teams, clearer and more consistent rules simplify policy design — though they also raise the bar. You can no longer rely on jurisdictional differences to shield your company from liability.

The bottom line: Harmonized corruption law means reduced ambiguity about what constitutes an offense. It also means that compliance gaps — wherever they occur across your EU operations — carry consistent legal exposure. If one subsidiary operates under looser standards, that's now a liability.

What changes for your company's compliance program

1. Harmonized definitions mean uniform risk

The new Directive establishes EU-wide definitions of corruption offenses: bribery (both public and private sector), misappropriation of funds, trading in influence, and obstruction of justice.

Previously, what counted as "bribery" in one country might not legally qualify in another. For your compliance program, this is both clarifying and constraining. The definitions are now consistent, which simplifies policy design. This means, however, that you can't rely on jurisdictional differences to shield your company from liability anymore.

For companies already subject to the US Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act, it's worth understanding where the EU Directive sits relative to those regimes. On sanctions, the Directive's corporate fines of up to 5% of global annual turnover bring EU enforcement closer to the financial exposure already familiar under the FCPA and UK Bribery Act. On enforcement practice, there is a notable gap: the FCPA and UK Bribery Act both have established frameworks for Deferred Prosecution Agreements (DPAs), which allow companies to resolve investigations without a criminal conviction in exchange for cooperation and remediation. The Directive does not harmonize this — each member state will develop its own approach, or none at all. Companies with existing FCPA or Bribery Act compliance programs should review their policies against the Directive's definitions, paying particular attention to trading in influence and private sector bribery, where the EU framework has its own distinct scope.

2. Strengthened cross-border investigation and prosecution

The Directive reinforces cooperation among national authorities, OLAF (European Anti-Fraud Office), the European Public Prosecutor's Office, Europol, and Eurojust. A single bribery network could trigger simultaneous investigations in multiple countries, each with full access to evidence from the others.

3. Mandatory annual corruption data publication

Each member state must now publish detailed data on corruption cases annually in accessible formats. This transparency requirement means you'll be able to monitor enforcement trends by country and industry, but it also means regulators and prosecutors are documenting their activity publicly.

For your compliance benchmarking: use these annual reports to understand which countries are aggressively prosecuting corruption, which industries face heightened scrutiny, and how enforcement patterns are evolving in your regions of operation.

4. National anti-corruption strategies create local compliance expectations

Each member state must develop and publish a national anti-corruption strategy in consultation with civil society and relevant authorities. While the Directive sets a common floor, national strategies may establish additional compliance expectations — particularly for companies operating in regulated sectors such as public procurement, financial services, and pharmaceuticals.

Your compliance team will need to track these strategies as they're published and assess whether they impose sector-specific obligations on your business.

Key takeaway: Harmonization creates a common floor, not a ceiling. Your anti-corruption policy must apply equally across all EU operations. If your organization already has a pan-EU policy, now is the time to verify it meets the Directive's definitions — particularly on trading in influence and private sector bribery. If national strategies impose stricter local requirements, your policy needs to reflect that too.

The business corruption reality: what the data tells you

A 2025 Eurobarometer survey illustrates the scale of the challenge. Corruption isn't confined to the public sector — it's embedded in supply chains, procurement, and vendor relationships across European business.

35% of EU businesses say corruption is a problem in doing business

If over a third of European businesses report corruption as an operational challenge, your company likely faces it too. Ask yourself: are you seeing it in procurement, vendor relationships, or regulatory interactions?

5% of EU citizens report experiencing corruption in the past year — but just 1 in 5 reported it

Here's the compliance implication: if 5% of the population encounters corruption and 80% don't report it, corruption happening in your supply chain or vendor relationships may never surface through official channels. That leaves your company exposed to liability without knowing it. It's one of the strongest arguments for robust internal reporting mechanisms that employees and contractors actually trust and use.

The economic cost: The European Commission places the cost of corruption to the EU economy at EUR 179 billion to EUR 990 billion annually — a wide range that reflects significant variation in measurement methodology and data quality across member states, but one that makes clear corruption imposes substantial costs at the macro level. For individual companies, the direct costs are more specific: inflated procurement prices, regulatory delays, and exposure to fines of up to 5% of global annual turnover under the new Directive.

The business cost of corruption: why your company must address it

Direct costs to your business

Corruption in your supply chain or vendor relationships increases costs directly. Companies often overpay for goods and services to fund bribes embedded in the transaction.

• Inflated procurement costs: Companies often overpay for goods and services to fund bribes embedded in transactions
• Regulatory delays: Operations stall when government approvals require unofficial payments
• Duplicative spending: Managing multiple procurement channels to avoid corrupt officials

Operational and legal risk

Corruption in your operations creates legal exposure under EU regulations, national laws, and potentially the UK Bribery Act or US Foreign Corrupt Practices Act. With the new EU Directive, enforcement will be faster and more coordinated. Critically, the Directive introduces corporate fines of up to 5% of total worldwide annual turnover for serious offenses such as bribery and misappropriation — bringing EU sanctions closer to the severe penalties already seen under the FCPA and UK Bribery Act.

• Criminal liability: Individuals in your company can face prison time; the company faces fines up to 5% of global annual turnover
• Debarment from public contracts: A corruption conviction can exclude your company from government business for years
• Reputational damage: Public corruption investigations harm customer trust and investor confidence
• Cross-border exposure: Under the new Directive, a corruption scheme discovered in one country triggers parallel investigations across the EU

What constitutes corruption under the new Directive — and how it compares to the FCPA and UK Bribery Act

The Directive harmonizes definitions across the EU. For companies navigating multiple anti-corruption regimes, understanding the EU framework's distinct scope is essential for calibrating your global compliance program.

• Bribery of public officials and private sector actors: Both giving and receiving. For public sector bribery, the Directive does not require the official to act in breach of duty — that element is relevant only at sentencing (Article 12). Private sector bribery does require a breach of duty, giving it a narrower scope.
• Trading in influence: Paying intermediaries with access to public officials to exert improper influence — even if actual influence is never exercised. The offense is complete regardless of whether influence is actually exerted or leads to the intended result.
• Misappropriation of funds: By public officials or, where member states extend it, private sector managers who misuse entrusted property.
• Obstruction of justice: Interference with proceedings relating to any of the Directive's corruption offenses. Any person can be liable — including employees, agents, and third parties.
• Concealment: Intentionally hiding or disguising property derived from corruption, including cryptoassets. AML and anti-corruption frameworks should be coordinated accordingly.

For companies already compliant with the FCPA or UK Bribery Act, the EU Directive adds a third major regime to manage. Window dressing programs — maintained for appearance only — can be treated as an aggravating factor under the Directive. Genuinely implemented programs are a mitigating factor, whether established before or after an offense.

Five steps your compliance program must take now

1. Conduct a corruption risk assessment across all jurisdictions

With harmonized EU definitions now in force, you have a clearer legal framework than before. Use this to conduct a comprehensive corruption risk assessment across all countries where you operate. Focus specifically on:

• Procurement and vendor management: Identify vendors or suppliers that operate in high-risk environments or sectors
• Government relations: Map all interactions with public officials, permits, licenses, and regulatory approvals required for your business
• Customer relationships: Identify customers in government or state-owned enterprises that might create bribery risk
• Third-party intermediaries: Review any agents, consultants, or intermediaries you use to access government business — particularly in light of the trading in influence offense

2. Audit your compliance program for gaps

Your anti-corruption policy should now explicitly address the Directive's definitions. Specifically:

• Do your policies cover active and passive bribery equally?
• Do you prohibit trading in influence and access?
• Are your policies clear on gifts, entertainment, and business courtesies in government relationships?
• Do you have controls on third-party due diligence before engaging intermediaries?
• Do your policies align with the FCPA and UK Bribery Act where those regimes also apply?

3. Strengthen your whistleblowing channel

Given that most corruption in the EU goes unreported, establish or strengthen an independent, confidential whistleblowing mechanism. Ensure it:

• Is accessible to all employees and contractors (not just management)
• Allows for anonymous reporting
• Offers protection against retaliation for good-faith reports
• Is regularly promoted so employees know it exists
• Connects to senior management or a compliance officer who can act on concerns

4. Verify and consolidate your anti-corruption policy across EU operations

If your organization already has an EU-wide anti-corruption policy, now is the time to verify it against the Directive's harmonized definitions. Pay particular attention to any subsidiary-level variations. National strategies will also emerge over the coming years imposing additional expectations in specific jurisdictions or sectors — your policy framework needs to be flexible enough to accommodate those without creating compliance gaps elsewhere.

5. Implement monitoring and training programs

Establish ongoing training on the Directive's definitions and your company's anti-corruption policy. Focus training on high-risk roles:

• Sales and business development staff
• Supply chain and procurement teams
• Government affairs and regulatory professionals
• Finance and payment processors

Implement automated controls where possible: flagging high-value contracts, unusual payment patterns, or relationships with government officials. Monitor for changes in enforcement patterns using the annual corruption data that member states must now publish.

Timeline: The Directive entered into force on May 11, 2026, following adoption by the European Parliament on March 26 and the Council on April 21. Member states generally have 24 months to transpose most provisions into national law — with a deadline of June 1, 2028. Certain obligations (national anti-corruption strategies and risk assessments) carry a 36-month window, meaning some requirements won't apply until mid-2029. Enforcement will follow transposition at the national level. Don't wait for final transposition to strengthen your program — the definitions are clear now, and prosecutors are already coordinating across borders.

What happens next, and why timing matters

Member states have until June 1, 2028 to transpose most of the Directive's provisions. That timeline may feel distant, but it reflects the standard transposition window — not a signal to delay. National transposition will vary in pace; some jurisdictions (France, Italy) have existing frameworks that require targeted adjustment, while others (Germany) face more fundamental legislative changes.

Enforcement under the Directive will require national transposition to be in place. That means substantive enforcement is unlikely before mid-2028 at the earliest, and in some jurisdictions may extend into 2029. However, corruption is already illegal across the EU, and prosecutors are already coordinating across borders under existing instruments. The Directive formalizes and strengthens what is already occurring.

Companies that build robust programs now will be better positioned for the enforcement environment that follows transposition — and better able to demonstrate genuinely implemented compliance when it matters at sentencing.

Published: June 2026

‍

Sources:

Council of the EU – Council adopts  new EU-wide law to combat corruption (April 21, 2026)

Baker McKenzie – New EU  Anti-Corruption Directive Enters into Force (May 2026)

Latham & Watkins – EU  Anti-Corruption Directive: What Companies Need to Know (June 2026)

Eurobarometer – Citizens’ attitudes  towards corruption in the EU in 2025

European Commission –  Anti-Corruption Policy Framework