New EU Anti-Corruption Directive: What Companies Need to Do Now
Update Compliance 8/2026
The EU Anti-Corruption Directive entered into force on 31 May 2026. It tightens criminal anti-corruption law across the EU while simultaneously creating clear incentives for effective prevention. Effective compliance programs, ethics training, and swift remedial measures may in future be taken into account as mitigating circumstances – but only if they are genuinely implemented in practice. For companies, this means: now is the right time to put compliance programs to the test. Those who assess risks early can reduce their potential exposure to fines. The Directive replaces Framework Decision 2003/568/JHA and the EU Convention on Corruption. It does not have direct effect. Member States must, as a rule, transpose the Directive’s requirements into national law within 24 months of its entry into force. A longer period of 36 months applies for national anti-corruption strategies and risk assessments.
What Is Coming: An Overview of the New Criminal Offences
The Directive harmonises European criminal anti-corruption law. The catalogue of offences comprises:
- Bribery in the public sector (Art. 3): Granting an advantage to a public official in exchange for an act in breach of, or in accordance with, their duties
- Bribery in the private sector (Art. 4): Granting an advantage to employees of private-sector entities in exchange for a breach of duty
- Misappropriation (Art. 5): Misuse of entrusted assets by public officials (and optionally by private individuals)
- Trading in influence (Art. 6): Granting an advantage in exchange for the exercise of improper influence over public officials – new for Germany
- Unlawful exercise of public office (Art. 7): Serious breaches of the law in the exercise of public office – already covered under German law
- Ancillary offences (Arts. 8–11): Obstruction of justice, enrichment through corruption offences, concealment of proceeds of crime, incitement/aiding and abetting/attempt
Art. 6 is of particular relevance for Germany: anyone who grants an advantage to a third party in exchange for that party exercising improper influence over a public official commits an offence – irrespective of whether the influence is actually exercised. The German legislature will need to create a new criminal offence here, since section 108f of the Criminal Code (StGB) only covers holders of elected mandates. For companies, the distinction from legitimate lobbying activities remains unclear for the time being.
Sanctions and Prevention
The Directive requires effective, proportionate, and dissuasive sanctions. For natural persons, maximum penalties must reach at least three, four, or five years’ imprisonment depending on the offence. In the case of bribery in the public sector involving a breach of duty, Art. 12 requires a maximum penalty of at least five years.
Legal persons face increased scrutiny. They may be held liable where persons in a leadership position commit corruption offences for the benefit of the entity, or where inadequate supervision or controls made the offence possible. The existing German system of corporate fines under sections 30 and 130 of the Administrative Offences Act (OWiG) is already compliant with EU law.
For core offences (bribery, misappropriation), the fine framework must provide for maximum amounts of at least five percent of total worldwide turnover or EUR 40 million, whichever is higher. For trading in influence, obstruction of justice, and enrichment, the threshold is at least three percent of worldwide turnover or EUR 24 million, whichever is higher. The planned amendment of section 30 OWiG to implement the EU Environmental Crime Directive will already meet these requirements.
Compliance as a Shield: Mitigating Circumstances for Companies
The Directive does not rely solely on repression but also on prevention. Art. 16 expressly identifies effective internal controls, ethics awareness programs, and compliance programs as mitigating circumstances for legal persons. Similarly, a prompt voluntary report to the authorities and the adoption of remedial measures may have a mitigating effect.
Recital 29, however, makes clear: mere “paper tigers” without practical implementation are disregarded. Only those who can demonstrate in a critical situation that their program is genuinely implemented in practice will benefit from the mitigating effect.
In addition, Art. 20 obliges Member States to implement preventive measures and highlights specific risk areas: conflicts of interest, party financing, and “revolving door” situations involving transitions between the public and private sectors. Art. 25 strengthens the protection of whistleblowers.
Practical Guidance
Companies should not wait for the transposition deadline. Those who already have a functioning anti-corruption program in place should review it against the new requirements. Those who do not yet have one should use the time until national transposition to establish one.
The practical benefit of an anti-corruption program lies in its resilience in a critical situation. Documentation is key: only those who can demonstrate that controls, training sessions, and audits have actually taken place will benefit from the mitigating effect. The Directive provides a good opportunity to subject one’s own program to a structured review.
This includes, in particular, the following steps:
- Update the anti-corruption policy: Establish clear rules on gifts, hospitality, donations, sponsoring, conflicts of interest, and the use of consultants. Subject payments to intermediaries to particular scrutiny.
- Sharpen the risk assessment: Identify corruption risks by business area, region, transaction type, and business partner. Document findings and derive appropriate measures.
- Strengthen third-party due diligence: Conduct risk-based reviews of intermediaries, sales consultants, joint venture partners, and public affairs service providers. Combine contractual clauses, approvals, and monitoring.
- Target training effectively: Train sales, procurement, public affairs, management, and international operations using concise case studies. Include trading in influence and contacts with public officials.
- Test the whistleblower system: Review reporting channels, responsibilities, response deadlines, and documentation. Reports must be demonstrably processed.
- Secure compliance records: Document controls, audits, approvals, and remedial measures in a manner that allows them to be promptly presented in the event of an investigation.
This article was written in collaboration with our research assistant Saskia Reimann.