On 21 April 2026, the Council of the EU formally adopted the Anti\u2011Corruption Directive, creating\u2014for the first time\u2014a fully harmonised EU\u2011wide criminal law framework to prevent, detect and sanction corruption across all Member States.<\/p>\n
This is not \u201cjust another compliance update.\u201d It is a structural shift with direct implications for governance, internal controls, procurement, reporting, and sustainability disclosures.<\/p>\n
And it aligns closely with the Draft ESRS G1 (Business Conduct)\u2014meaning companies will need to integrate anti\u2011corruption compliance into their CSRD\u2011aligned sustainability reporting.<\/p>\n
Harmonised EU definitions of corruption offences<\/strong><\/p>\n The Directive standardises what constitutes:<\/p>\n This closes long\u2011standing gaps between Member States and removes ambiguity for cross\u2011border operations.<\/p>\n Turnover\u2011based sanctions for companies<\/strong><\/p>\n For the most serious offences, companies face:<\/p>\n This mirrors the GDPR model and raises the stakes dramatically.<\/p>\n Corporate liability for lack of supervision<\/strong><\/p>\n Companies can be held liable when offences are committed for their benefit, including when failures in oversight or internal controls enabled the misconduct.<\/p>\n Extended jurisdiction & longer limitation periods<\/strong><\/p>\n Member States may prosecute offences committed abroad if the company benefits within their territory. Limitation periods extend to 8\u201310 years, reflecting the complexity of corruption cases.<\/p>\n Mandatory national anti\u2011corruption strategies & specialised bodies<\/strong><\/p>\n Member States must establish dedicated prevention bodies and structured risk assessments.<\/p>\n Whistleblower protection reinforced<\/strong><\/p>\n The Directive confirms the applicability of the EU Whistleblowing Directive to corruption cases and requires strong protection for individuals reporting or cooperating.<\/p>\n The Directive is not only about criminal sanctions. It directly intersects with corporate governance, procurement, sustainability reporting, and stakeholder trust.<\/p>\n And this is where ESRS G1 (Business Conduct)<\/strong> becomes central.<\/p>\n The Draft ESRS G1 requires companies to disclose policies, actions, targets<\/strong> and<\/strong> metrics <\/strong>related to business conduct, including:<\/p>\n Anti\u2011corruption & anti\u2011bribery policies<\/strong><\/p>\n Companies must disclose whether they have policies aligned with the UN Convention Against Corruption\u2014the same international standard the Directive incorporates.<\/p>\n Whistleblower protection<\/strong><\/p>\n ESRS G1 requires disclosure of whistleblower protection policies\u2014now reinforced by the Directive\u2019s mandatory protections.<\/p>\n Functions most exposed to corruption risk<\/strong><\/p>\n ESRS G1 requires companies to identify roles most at risk (e.g., procurement, public\u2011sector interactions, high\u2011risk geographies). The Directive\u2019s broad definitions of public officials and influence\u2011trading expand this risk perimeter.<\/p>\n Actions & procedures to prevent, detect, investigate corruption<\/strong><\/p>\n ESRS G1 requires disclosure of:<\/p>\n These map directly to the Directive\u2019s expectations for effective internal controls<\/strong> and corporate liability mitigation<\/strong>.<\/p>\n Metrics: convictions, fines, political influence, payment practices<\/strong><\/p>\n ESRS G1 requires transparency on:<\/p>\n The Directive\u2019s turnover\u2011based sanctions will make these disclosures far more material.<\/p>\n With a 24\u2011month transposition period (36 months for national risk assessments and strategies), companies should not wait.<\/p>\n Assess alignment with:<\/p>\n Ensure consistency with:<\/p>\n Given the Directive\u2019s broad liability scope, companies should:<\/p>\n Courts will assess the effectiveness, not the existence, of compliance systems.<\/strong><\/p>\n Ensure:<\/p>\n Integrate anti\u2011corruption data into:<\/p>\n The Directive explicitly requires training for roles most exposed to corruption risk.<\/p>\n Beyond compliance, this Directive is a catalyst for:<\/p>\n Companies that act early will not only reduce legal exposure\u2014they will strengthen their competitive position in a market where trust, transparency and accountability<\/strong> are becoming decisive.<\/p>\n —<\/p>\n The new Directive will enter into force 20 days after its publication in the Official Journal of the EU.<\/p>\n\n
\n
Why This Matters for Companies \u2014 Beyond Criminal Law<\/strong><\/h2>\n
\n
\n
\n
What Companies Should Do Now \u2014 A Practical Roadmap<\/strong><\/h2>\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
The Strategic Opportunity<\/strong><\/h2>\n
\n