The new EU Anti Corruption Directive – cross-border perspectives (Germany, Ireland, France, Poland, Spain & UK)

EU Anti-Corruption Directive

Germany:

Germany currently lacks a dedicated corporate criminal liability statute, relying on administrative fines for companies (with a €10 million cap in most cases). The Directive will require Germany to introduce much tougher measures. German lawmakers will need to raise maximum corporate penalties (to align with 5% of turnover or €40M ceilings) and possibly embed compliance and cooperation incentives into law. These changes might revive proposals for a corporate sanctions law, moving Germany closer to formal corporate criminal liability. The Directive also calls for specialised anti-corruption bodies, which Germany does not currently have in a centralised form. Overall, German enforcement is expected to become more robust and proactive, closing gaps (like trading in influence offences) and pursuing companies more aggressively once the new legislation is in place.

Ireland:

Ireland has the Criminal Justice (Corruption Offences) Act 2018, which already criminalises domestic and foreign bribery (including trading in influence) and can be used to hold companies, including US and UK companies with a subsidiary, or otherwise carrying on activities in Ireland, liable for corruption by “senior persons”. The EU Directive enables Ireland to maintain stricter rules and possibly higher penalties to align with the EU thresholds. Enforcement is expected to intensify, with authorities likely to engage in greater cross-border cooperation and mutual assistance and taking pro-active compliance efforts into account. In its sentencing of corporate offenders, Ireland will need to formalise mitigation (whether a company had “adequate procedures” or cooperated). Overall, the Directive should reinforce the seriousness of corruption enforcement in Ireland, giving added impetus to investigations and alignment with EU partners.

France: 

France’s anti-corruption framework is one of the most advanced in Europe. The Sapin II Law requires large companies to implement compliance programmes, and France has pioneered the CJIP (Convention judiciaire d’intérêt public), a settlement mechanism comparable to deferred prosecution agreements. The proposed EU Anti-Corruption Directive is broadly aligned with existing French approaches in terms of criminalisation of conduct and emphasis on corporate liability and compliance. Many of its core offences are already criminalised under French law. In practice, French prosecutors already have the ability to negotiate significant corporate settlements, as illustrated by major CJIP cases. While the Directive may further harmonise EU-wide standards, some adjustments to French law may still be required, particularly in relation to the formalisation and harmonisation of aggravating and mitigating factors and sanctioning frameworks across Member States. However, French enforcement practice already takes compliance programmes and cooperation into account as key mitigating factors, consistent with the Guidelines on the Implementation of the Judicial Public Interest Agreement (CJIP) by the French National Financial Prosecutor’s Office (PNF). Overall, the Directive is expected to reinforce existing French enforcement trends and further strengthen EU-level cooperation in anti-corruption investigations.

Poland: 

Poland will have to make significant reforms to comply. Currently, Poland’s corporate criminal liability law in practice has a relatively limited scope due to the difficult-to-meet conditions for establishing liability. The government has attempted reforms to toughen corporate liability rules, but progress has stalled. The Directive will require Poland to introduce more stringent corporate sanctions and likely expand the catalogue of offences that can be committed corporately. We would also expect Poland to increase its maximum fines to align with the EU’s thresholds. We anticipate greater regulatory scrutiny and enforcement in corruption cases, and a general push for transparency. Polish companies will face new obligations to implement robust anti-corruption compliance as part of this shift.

Spain: 

Spain has had corporate criminal liability (including a compliance defence for companies) since 2010 (with several subsequent reforms), and its Penal Code covers bribery, trading in influence, etc.. The new Directive will possibly result in rising penalty levels and ensuring all the Directive’s definitions and offences are reflected. Spanish enforcement authorities already consider effective compliance programmes as a possible defence or mitigating factor under Spanish law (if a company had effective controls, it can avoid liability) and the Directive validates this approach. We would also expect that guidance or internal instructions issued by the Spanish Public Prosecutor’s Office in connection with the implementation of the Directive may require prosecutors to revisit certain interpretations of anti-corruption rules and review investigative approaches or prosecutorial practices in light of the Directive’s provisions, potentially affecting the course of ongoing and future investigations. Spain also may actively enforce the new concept that post-incident remediation and voluntary disclosure can earn a company leniency, building on practices seen in other jurisdictions. 

United Kingdom:

The UK, having left the EU at the end of 2020, will not implement the Directive directly into its own law. However, usual jurisdictional principles mean that UK companies doing business in EU countries will be subject to those countries’ laws. In practical terms: a UK-based company’s EU subsidiaries or operations will need to ensure compliance with any local laws that emerge. UK companies should therefore be aware of the need up to treat the Directive as a new compliance baseline for their Europe-wide operations. That said, the Directive’s provisions echo many elements of the UK’s existing regime under the UK Bribery Act 2010, such as the dedicated offence for failure to prevent bribery (with an “adequate procedures” compliance defence).UK enforcement (through the SFO) already encourages self-reporting and cooperation via the use of Deferred Prosecution Agreements (DPAs). Both the Directive and the UKBA have similar philosophy of rewarding those who self-police and come forward voluntarily. UK authorities have also recently been given new tools including the “failure to prevent fraud” offence and statutory model of the identification principle (for corporate attribution) heralding tougher corporate enforcement across a wider variety of misconduct. This has been met with a more holistic emphasis on compliance across the UK corporate landscape. However, UK businesses should not underestimate the need for precise compliance with the Directive as implemented in EU national law, even where the principles are consistent with those applicable in the UK.

Germany: 

This is a game-changer in Germany. With a view on recent lawmaking activity, it is likely that the German government will not switch to linking administrative fines to turnover. However, an upscaling of maximum fines by factor 4 (i.e., from 10 to 40 million Euros), which is actually under way to transpose another EU directive, sets a new tone still. While German prosecutors already use administrative law to sanction companies (including disgorgement of profits), large companies could see multinational-scale fines akin to those in US FCPA, and UK SFO cases. By formalising the requirement that companies can be held liable for corruption if management failed to prevent it, it’s clear German companies will face both higher financial stakes and more risk of accountability.

Ireland: 

Ireland’s approach to corporate offending currently focuses on a senior individual’s involvement to attribute liability. This may evolve toward the EU standard of liability based around lack of supervision. The likely outcome is greater financial exposure for companies prosecuted in Ireland and possibly new rules enabling prosecutors to sanction companies more directly and severely.

France: 

France already imposes substantial corporate penalties in corruption cases (negotiated CJIP fines have reached hundreds of millions of euros). The proposed EU Directive is broadly consistent with this enforcement approach, aiming to ensure that penalties are effective, proportionate and dissuasive across Member States. While the Directive may lead to some upward convergence in statutory maximum penalties in certain jurisdictions, it is unlikely to fundamentally change the French enforcement framework, which already operates at a high level of sanctions in practice.

Poland: 

We expect the new Directive to make the corporate criminal liability regime more realistic, which at present is somewhat dormant, and to prompt Poland to overhaul its corporate sanction provisions to ensure that fines can reach the Directive’s baselines. The legal hurdles to holding companies accountable will be lowered once these reforms take place.

Spain: 

Spain’s Penal Code already provides a system of graded fines, often calculated in quota/day fines, which can effectively reach millions. The EU Directive will likely require Spain to confirm that its maximum fines meet at least the new EU thresholds – which might involve setting explicit high caps for serious bribery offences. Because, under Spanish law, a company can avoid liability if it had effective compliance controls in place, large companies (particularly listed companies and major corporate groups) are generally already relatively advanced in the designs and implementation of anti-bribery and corruption compliance systems, although this is not always the case for smaller companies. However, sanctions for those companies who fail will become steeper and we might also see more use of ancillary penalties like exclusion from public procurement or permits.

UK:

The most significant change is likely to be the race to the table, because different EU regulators might scrutinise UK parent companies in cross-border cases. UK companies might see their traditional reporting routes to UK regulators, such as the SFO, adapted to avoid the risk of liabilities or penalties abroad.

Germany: 

The Directive introduces a concept new to Germany’s statutes: explicit credit for compliance programs and voluntary disclosure. Under future German laws transposing the Directive, courts will have to consider if a company had effective internal controls and compliance measures when determining sanctions. They also must consider if the company self-reported promptly and took remedial action. This codifies what was previously only informal practice in Germany. For German companies, the message is clear – invest in robust ABC compliance now, and if an incident does occur, act fast to investigate internally and report. Germany is essentially catching up with the Anglo-French model. We expect companies in Germany to respond.

Ireland: 

While Irish regulators and enforcement bodies have historically had fewer formal guidelines on self-reporting than the SFO or DOJ, the culture is shifting. We expect that as Ireland implements the Directive, it will issue guidance or regulations on strong compliance programmes and clarifying that proactively reporting wrongdoing will result in lower penalties. Irish corporate culture will shift to treat anti-bribery compliance compliance programs as a strategic necessity, not just a box-ticking exercise.

France: 

Under Sapin II, large companies are required to implement comprehensive compliance programmes covering the eight key pillars defined by French law, and the French Anti-Corruption Agency (AFA) actively monitors and audits compliance frameworks. In practice, the existence and effectiveness of a compliance programme, as well as cooperation with authorities, are important factors in enforcement decisions and CJIP negotiations.

The proposed EU Directive reinforces this existing approach by encouraging stronger compliance standards and greater convergence across Member States. While robust compliance may positively influence enforcement outcomes, it does not provide immunity from prosecution. The Directive is expected to further encourage early engagement with authorities where potential misconduct is identified.

Poland: 

The concept of credit for compliance is relatively new. The Directive will likely push Poland to formally incorporate factors like corporate compliance systems and voluntary disclosure into its laws or prosecutorial guidelines. This would be a major cultural change requiring Polish companies to strengthen internal anti-corruption controls and internal investigation and reporting procedures. EU-level pressure will likely prompt Polish regulators to help companies understand better what qualifies as “effective” compliance.

Spain: 

The ability to reward compliance is already reflected in Spanish practice – courts and prosecutors assess corporate compliance efforts closely when deciding cases. Spanish companies will continue to refine their compliance systems, likely guided by both Spanish guidance and the new EU benchmarks for “genuine and effective” programs. Spain may formalise incentives for remediation and voluntary disclosure. This will ensure Spanish businesses see investment in compliance as part and parcel of doing business and not an optional extra.

UK: 

We expect UK multinationals will likely leverage group-wide compliance improvements to ensure their EU subsidiaries meet the new standards – raising the bar internally across all operations.

Multinational companies should see the new Directive as a call to action to check the status of their anti-corruption compliance programmes in all jurisdictions in which they operate and reassure themselves that they can stand behind a programme that is “genuine, effective, and duly assessed”. They may need to make adaptations to elevate anti-corruption safeguards. Key immediate steps could include:

• Update risk assessments: Do you need new controls for trading-in-influence or misappropriation type risks?. 
• Align company policies with the EU’s broad definitions e.g. who is a “public official”?
• Bolster internal investigation protocols for allegations of corruption. 
• Stay informed on national implementing legislation. 
• Since the Directive puts emphasis on management oversight and responsibility, ensure country managers and board understand the new duty to prevent corruption proactively and the consequences of failing to do so.