On 21 April 2026, the Council of the EU formally adopted the Anti‑Corruption Directive, creating—for the first time—a fully harmonised EU‑wide criminal law framework to prevent, detect and sanction corruption across all Member States.

This is not “just another compliance update.” It is a structural shift with direct implications for governance, internal controls, procurement, reporting, and sustainability disclosures.

And it aligns closely with the Draft ESRS G1 (Business Conduct)—meaning companies will need to integrate anti‑corruption compliance into their CSRD‑aligned sustainability reporting.

What the Directive Changes — at a Glance

Harmonised EU definitions of corruption offences

The Directive standardises what constitutes:

• Public and private bribery
• Misappropriation
• Trading in influence
• Obstruction of justice
• Enrichment from corruption
• Concealment
• Serious unlawful exercise of public functions

This closes long‑standing gaps between Member States and removes ambiguity for cross‑border operations.

Turnover‑based sanctions for companies

For the most serious offences, companies face:

• Fines of at least 5% of global turnover or €40M
• For other offences: 3% of global turnover or €24M

This mirrors the GDPR model and raises the stakes dramatically.

Corporate liability for lack of supervision

Companies can be held liable when offences are committed for their benefit, including when failures in oversight or internal controls enabled the misconduct.

Extended jurisdiction & longer limitation periods

Member States may prosecute offences committed abroad if the company benefits within their territory. Limitation periods extend to 8–10 years, reflecting the complexity of corruption cases.

Mandatory national anti‑corruption strategies & specialised bodies

Member States must establish dedicated prevention bodies and structured risk assessments.

Whistleblower protection reinforced

The Directive confirms the applicability of the EU Whistleblowing Directive to corruption cases and requires strong protection for individuals reporting or cooperating.

Why This Matters for Companies — Beyond Criminal Law

The Directive is not only about criminal sanctions. It directly intersects with corporate governance, procurement, sustainability reporting, and stakeholder trust.

And this is where ESRS G1 (Business Conduct) becomes central.

3. How the Anti‑Corruption Directive Connects to ESRS G1 (Nov 2025)

The Draft ESRS G1 requires companies to disclose policies, actions, targets and metrics related to business conduct, including:

Anti‑corruption & anti‑bribery policies

Companies must disclose whether they have policies aligned with the UN Convention Against Corruption—the same international standard the Directive incorporates.

Whistleblower protection

ESRS G1 requires disclosure of whistleblower protection policies—now reinforced by the Directive’s mandatory protections.

Functions most exposed to corruption risk

ESRS G1 requires companies to identify roles most at risk (e.g., procurement, public‑sector interactions, high‑risk geographies). The Directive’s broad definitions of public officials and influence‑trading expand this risk perimeter.

Actions & procedures to prevent, detect, investigate corruption

ESRS G1 requires disclosure of:

• Training for high‑risk roles
• Supplier engagement and ESG due diligence
• Procedures for investigating allegations

These map directly to the Directive’s expectations for effective internal controls and corporate liability mitigation.

Metrics: convictions, fines, political influence, payment practices

ESRS G1 requires transparency on:

• Convictions and fines for corruption
• Political contributions and lobbying
• Payment practices (especially late payments to SMEs)

The Directive’s turnover‑based sanctions will make these disclosures far more material.

What Companies Should Do Now — A Practical Roadmap

With a 24‑month transposition period (36 months for national risk assessments and strategies), companies should not wait.

1. Conduct a corruption‑risk gap analysis

Assess alignment with:

• New EU offence definitions
• Corporate liability triggers
• Turnover‑based sanctions
• ESRS G1 disclosure requirements

2. Update policies and codes of conduct

Ensure consistency with:

• Harmonised EU definitions (e.g., “undue advantage”)
• Broader scope of public officials
• Trading in influence and misappropriation

3. Strengthen procurement & third‑party due diligence

Given the Directive’s broad liability scope, companies should:

• Screen intermediaries, agents, distributors
• Reinforce supplier ESG assessments
• Monitor high‑risk relationships continuously

4. Enhance internal controls & audit mechanisms

Courts will assess the effectiveness, not the existence, of compliance systems.

5. Reinforce whistleblowing channels

Ensure:

• Confidential reporting
• Anti‑retaliation measures
• Awareness and training

6. Prepare for ESRS G1 reporting

Integrate anti‑corruption data into:

• Policies (G1‑1)
• Actions (G1‑2)
• Targets (G1‑3)
• Metrics (G1‑4 to G1‑6)

7. Train leadership and high‑risk functions

The Directive explicitly requires training for roles most exposed to corruption risk.

The Strategic Opportunity

Beyond compliance, this Directive is a catalyst for:

• Stronger governance
• More resilient value chains
• Better investor confidence
• Enhanced CSRD‑aligned transparency
• A culture of integrity

Companies that act early will not only reduce legal exposure—they will strengthen their competitive position in a market where trust, transparency and accountability are becoming decisive.

—

The new Directive will enter into force 20 days after its publication in the Official Journal of the EU.

Source: https://www.consilium.europa.eu/en/press/press-releases/2026/04/21/council-adopts-new-eu-wide-law-to-combat-corruption/

—

👉 Want to strengthen resilience, compliance and stakeholder trust? Get in touch — Cleerit can help you operationalise all of this efficiently.

#SustainabilityReporting #Governance