On 26 March 2026, the European Parliament formally adopted the European Union’s first comprehensive anti-corruption directive — a landmark piece of criminal legislation that closes one of the most glaring gaps in the EU’s legal architecture (hereinafter, the “Directive”). The text was approved by 581 votes in favour, 21 against, and 42 abstentions, and had been provisionally agreed with the Council in December 2025 (1).
The context underscoring the urgency of this intervention is striking. According to a 2025 Eurobarometer, 69% of Europeans believe corruption to be widespread in their country, and 66% consider efforts against high-level corruption to be insufficient (1). Earlier EPRS studies estimated the total cost of corruption risk in EU public procurement alone at €29.6 billion between 2016 and 2021, with an additional €4.3 billion attributable to contracts involving EU funds. More broadly, Europol has reported that 71% of the most threatening criminal networks active in the EU use corruption to facilitate their activities or obstruct justice (2).
The path to the directive began on 3 May 2023, when the European Commission tabled an anti-corruption legislative package based on Article 83 TFEU — the provision empowering Parliament and the Council to establish minimum rules on criminal offences and sanctions in areas of particularly serious cross-border crime (1). The proposal followed calls by the European Parliament for EU-wide harmonisation of corruption offences and was shaped by the EU Security Union Strategy (2020–2025) and the EU Strategy to Tackle Organised Crime (2021–2025), which had tasked the Commission with assessing whether existing rules were adequate to address evolving criminal practices.
The pre-existing framework was acknowledged as fragmented. It consisted principally of Council Framework Decision 2003/568/JHA on private-sector corruption, a 1997 Convention on corruption involving EU officials, and the PIF Directive (2017/1371) (2). A 2023 external study mandated by the European Commission confirmed that “the lack of a coherent European framework including provisions for all corruption-related crimes identified by international standards” constituted “a source for legislative and operational challenges in tackling cross-border corruption cases” (3). The Commission’s own questionnaires to Member States revealed wide divergence: definitions differed substantially, certain UNCAC-mandated offences were absent from national legislation, and limitation periods varied significantly (3).
Following the Commission proposal, the LIBE Committee of the European Parliament adopted its report in January 2024 with near-unanimous support. The Council agreed its general approach in June 2024, and trilogue negotiations concluded with a provisional agreement in December 2025. The Parliament gave its final endorsement on 26 March 2026 (4).
The Directive (5) establishes a catalogue of corruption-related offences that Member States are required to criminalise if committed intentionally. These include (Articles 3 to 11):
Public-sector bribery (active and passive): promising, offering, or granting an undue advantage to a public official, or a public official soliciting or accepting such an advantage, to perform or abstain from an act in the exercise of their functions;
Private-sector bribery (active and passive): the same conduct involving directors or employees of private entities, acting in breach of their professional duties within the context of economic or commercial activities;
Misappropriation: the use by a public official of assets entrusted to their management for a purpose other than that intended, to their benefit or that of a third party, or to the detriment of the relevant public or private entity;
Trading in influence: promising or granting an advantage to any person to exercise improper influence on a public official, irrespective of whether the influence was actually exerted or produced the intended result;
Unlawful exercise of public functions: intentional serious violations of the law committed by a public official in the exercise of their functions;
Obstruction of justice: use of violence, threats, or inducements to interfere with testimony, evidence, or the official functions of judicial or law-enforcement officers in proceedings related to corruption offences;
Enrichment from corruption offences: acquisition, possession, or use of assets by a public official in the knowledge that those assets derive from corruption offences committed by another public official;
Concealment: intentional disguise or concealment of the nature, origin, or movement of assets derived from the above offences.
Incitement, aiding and abetting, and attempt are also covered.
The Directive (Article 2) defines key concepts including “public official” (covering EU and national officials, persons performing public service functions, and officials of international organisations), as well as “high-level official” — a category encompassing heads of government, ministers, members of parliament, constitutional and supreme court judges, prosecutors-general, and members of the European Commission and European Parliament.
Member States retain the right to adopt stricter standards, seeing as the Directive establishes only minimum rules.
Sanctions for natural persons (Article 12) are tiered according to the gravity of the offence: a minimum maximum penalty of five years’ imprisonment for public-sector bribery where the official’s act constitutes a breach of duty; at least four years for misappropriation, enrichment from corruption, and concealment; and at least three years for other offences, including private-sector bribery and trading in influence. Additional penalties may include fines, removal from public office, temporary disqualification from standing for election, exclusion from public procurement, and revocation of licences.
The Directive (Article 19) also harmonises limitation periods, requiring at least eight years from the commission of offences punishable by a maximum of at least four years’ imprisonment, and at least five years for less serious offences, with reduced minimum periods permissible only where interruption or suspension mechanisms exist.
Prevention obligations (Article 20 and following) require Member States to adopt national anti-corruption strategies, establish independent anti-corruption bodies, introduce asset disclosure mechanisms for public officials, regulate conflicts of interest and “revolving doors”, and conduct periodic risk assessments by sector. Whistleblower protection under Directive (EU) 2019/1937 is expressly extended to reports of corruption offences under this Directive (Article 25). Enhanced cooperation between national authorities and EU bodies — including OLAF, Eurojust, Europol, and the EPPO — is also mandated (Article 32).
One of the most significant innovations of the Directive lies in its approach to the liability and sanctioning of legal persons. Member States must ensure that companies can be held liable for corruption offences committed for their benefit by persons in a leading position, or where inadequate supervision by such persons enabled the commission of the offence (Article 13).
Sanctions must be effective, proportionate, and dissuasive. Beyond fines, they may include exclusion from public procurement, suspension from business activities, judicial winding-up, and publication of the judgment (Article 14).
The headline provision, however, concerns the calibration of pecuniary sanctions. For the most serious offences — public-sector bribery, private-sector bribery, and misappropriation (Articles 3 to 5) — the maximum fine must reach at least 5% of the legal person’s total worldwide annual turnover in the preceding financial year, or alternatively €40 million in absolute terms. For trading in influence, obstruction of justice, and enrichment from corruption (Articles 6, 8, 9), the threshold is set at 3% of global turnover or €24 million.
This turnover-based mechanism represents a structural break from the traditional Italian framework under Legislative Decree 8 June 2001, no. 231 (hereinafter, the “231 Decree”), which determines corporate sanctions through a “quotas” system: the judge fixes the number of units (quote) — between 100 and 1,000 — and the monetary value of each unit — between €258 and €1,549 — resulting in a maximum fine of approximately €1.55 million for corruption offences under Article 25 of the 231 Decree (6). While this system allows for a degree of judicial discretion calibrated to the gravity of the offence and the entity’s degree of responsibility, it was not designed to scale with the actual size or financial capacity of large multinationals.
The turnover-based model, by contrast, ensures that the sanction bears a direct and proportionate relationship to the economic weight of the offending entity — a principle that resonates with the regulatory logic already adopted in other European instruments. Most notably, Legislative Decree 30 December 2025, no. 211 — the Italian Decree implementing Directive (EU) 2024/1226 on criminal penalties for violations of EU restrictive measures — introduced a new Article 25-octies.2 into the 231 Decree, expressly providing for fines calculated as a percentage of the global annual turnover of the offending entity (7). Under that regime, fines range from 1% to 5% of global turnover for the most serious violations (or €3 million to €40 million where turnover cannot be determined), and from 0.5% to 1% for less serious ones (or €1 million to €8 million as an alternative).
The EU anti-corruption Directive now introduces a parallel and closely analogous structure. The alignment between the two instruments is deliberate: both reflect the EU legislator’s evolving preference for sanctions that penalise conduct in proportion to the economic capacity of the offender, thereby addressing the risk that fixed-sum fines may be absorbed as a ‘cost of doing business’ by large corporations. The same philosophy underpins the GDPR (fines up to 4% of global annual turnover), the Digital Markets Act, and various other EU sectoral regulations.
From an Italian implementation standpoint, the transposition of the Directive will require to amend Article 25 of the 231 Decree, which currently governs corporate liability for corruption-related offences. The existing quota-based system will need to be either replaced or supplemented by a turnover-referencing mechanism to achieve compliance with the Directive’s minimum standards.
From a corporate compliance perspective, the said directives make it critical for companies to promptly recalibrate their trade compliance and anti-bribery and corruption (ABAC) frameworks. The shift to turnover-based corporate fines substantially increases the (also, financial) exposure attached to corruption risks and makes “static” control systems harder to defend as effective. In practical terms, this calls for an immediate refresh of risk assessments (including sectoral and geographic corruption risks, public-touchpoints, and third-party channels), tighter third‑party due diligence and ongoing monitoring, strengthened controls over gifts/hospitality, sponsorships, facilitation-risk, and conflicts of interest (including revolving-door scenarios), and testing of reporting/escalation mechanisms (also in light of the Directive’s express linkage to the EU whistleblowing framework).
For Italian entities subject to the 231 Decree, transposition will likely require a targeted update of the so-called Model 231 (compliance program). Companies that treat the Directive as a “legislative update” rather than a compliance redesign risk finding that their Model 231 is no longer viewed as adequately implemented or effective when scrutinized by prosecutors and courts.
The Directive now awaits formal adoption by the Council of the EU, after which it will enter into force 20 days following publication in the Official Journal of the European Union (1). Member States will have between 24 and 36 months from entry into force (depending on the obligations concerned) to transpose the Directive.
Bibliography
(1) europarl.europa.eu/news/en/press-room/20260323IPR38831/parliament-greenlights-eu-anti-corruption-rules
(2) EPRS_BRI(2024)762406_EN.pdf, P. 2
(3) EPRS_BRI(2024)762406_EN.pdf, P. 5
(5) https://www.europarl.europa.eu/doceo/document/TA-10-2026-0094_EN.html
(6) https://www.normattiva.it/uri-res/N2Ls?urn:nir:stato:decreto.legislativo:2001-06-08;231
