You will be redirected to the website of our parent company, Schönherr Rechtsanwälte GmbH: www.schoenherr.eu
According to estimates by the European Commission, corruption causes economic damage of at least EUR 120 billion each year and negatively affects sustainable economic growth. Member States still differ in their criminal law approaches to combating corruption.
Against this background, the European Union has recently adopted a comprehensive reform of its anti-corruption criminal law. Besides establishing EU-wide minimum standards defining types of conduct punishable as criminal offences, the Directive most notably includes more stringent penalties for legal entities, counter-balancing such introduction with the implementation of effective compliance measures and cooperation with authorities as mitigating factors.
In May 2023, the European Commission presented a proposal for a Directive on combating corruption. The aim of the proposal was to establish EU-wide minimum standards for punishable corruption-related conduct in both the public and the private sector as well as for sanctions applicable to such conduct. Following the political agreement reached in December 2025, the Directive has recently been formally adopted and will require transposition into national law by the Member States within 24 months (and 36 months for certain provisions) from the date of its publication in the Official Journal of the EU.
In order to give effect to the Directive, Member States are required to criminalise certain forms of conduct in a harmonised manner. These include in particular bribery in the public and private sectors, misappropriation, trading in influence, obstruction of justice, as well as enrichment derived from corruption offences and related concealment activities. In addition, certain serious breaches related to the unlawful exercise of public functions are also to be criminalised.
As to bribery, the Directive harmonises bribery rules across both sectors, covering active and passive conduct. In the public sector, it criminalises offering, giving, requesting, or accepting any undue advantage or the acceptance of the offer or the promise of such advantage – tangible or intangible – connected to the exercise of public functions (art 7). "Public official" is defined broadly to include individuals in state-owned or state-controlled enterprises and privately owned entities performing public service functions regardless of whether they hold formal office (recital 9). In the private sector, art 8 establishes comparable rules where advantages are linked to a breach of professional duties, aiming to protect commercial integrity and fair competition (recitals 10, 10a).
Art 10 introduces an offence potentially requiring companies to review lobbying and public policy practices. It criminalises both promising, offering or giving an undue advantage to someone to improperly influence a public official (active) and accepting such an advantage for the same purpose (passive) – regardless of whether influence is actually exerted or yields results. Given that the legitimate exercise of recognised forms of interest representation is excluded (recital 12), extensive debates can already be expected on the distinction between improper and legitimate influence, particularly in Member States lacking clear transparency regulations on lobbying, conflicts of interest, revolving doors or political party financing.
Depending on the offence, Member States must provide for maximum prison sentences of at least three or at least five years.
However, the sanctions regime for legal entities represents perhaps the Directive's most significant practical development:
As has already become apparent in recent years, a stricter liability of legal entities is moving more and more into the focus of legal frameworks, especially of that on the level of the European Union. Of particular importance is that the Directive also provides for turnover-based fines, to be applied if offences are committed for a company's benefit by persons in leading positions or where lack of supervision by such persons enabled the commission of the offence.
The fines may either be calculated on the basis of the company's worldwide annual turnover amounting to at least three to five percent or alternatively on the basis of fixed minimum amounts of EUR 24 million or EUR 40 million.
Further sanctions measures are introduced, such as the following (art 14):
Additionally, the Directive introduces minimum limitation periods for corruption-related conducts of at least five years and up to eight years depending on the nature and severity of the offence (art 21).
Importantly, the Directive provides for mitigating circumstances for legal entities to reduce sanctions, relating to compliance management systems and internal investigations. Such measures must, however, deliver tangible results, namely by
However, the Directive also explicitly states that "window dressing" programmes might have the opposite effect (recital 23).
All of this increases legal certainty that investing in a robust and effective, i.e. tailored compliance management system as well as professional and appropriate reaction to offences having been detected and respective communication with authorities will pay off across the EU. This is further underlined by recital 5 according to which the private sector plays a key role in preventing and detecting corruption.
Art. 18 establishes jurisdiction where offences are committed wholly or partly within a Member State's territory or by its nationals. The Directive also makes clear that territorial jurisdiction may extend to misconduct carried out through information systems used within a Member State, regardless of whether the underlying technology infrastructure is physically located there. This may prove significant for companies relying on cloud-based or centralised IT infrastructure, as solely a digital nexus could suffice to establish jurisdiction in a particular Member State.
As to corporate criminal liability, art 18 (2) allows Member States to extend jurisdiction to offences committed outside their territory where the offence benefits a legal entity established there – regardless of where the offence actually took place. As a result, companies headquartered outside of the EU but with operations or commercial interests within the EU could face criminal proceedings in a Member State even where the underlying conduct occurred elsewhere.
If offences fall within multiple jurisdictions, Member States must cooperate to determine which State conducts the criminal proceedings, referring matters to Eurojust where appropriate. The Directive mandates use of Europol's SIENA system for information exchange.
Austrian criminal law already contains comprehensive provisions for combating corruption in Sections 302 and 304 to 308 of the Austrian Criminal Code (Strafgesetzbuch) for the public sector and Sections 153a and 309 for private sectors. Said provisions cover the core of the provisions now harmonised by the Directive. Hence, the core substance of Austrian corruption law is unlikely to require fundamental changes.
Equally, the Austrian Corporate Criminal Liability Act (Verbandsverantwortlichkeitsgesetz), introduced 20 years ago, does already provide for corporate criminal liability in line with the Directive. No significant changes are expected here, either.
However, the Corporate Criminal Liability Act does not provide for turnover-based fines. The Directive alone will make it necessary for the sanctions-regime in Section 5 of the Act to be amended. Given that turnover-based fines are also provided for in particular in Directive 2024/120 on the protection of the environment through criminal law and as perceived from competent authorities at the Ministry of Justice, it is to be expected that the sanctions-mechanism pursuant to the Act will be amended in general and converted to a system providing for turnover-based fines. This will certainly increase the pressure on companies to implement and regularly update their compliance management systems, conduct proper internal investigations in cases of suspicion of misconduct and to establish communication with the investigating authorities. It is to be hoped that this development will also enhance discussions on the implementation of non-trial resolutions (non-prosecution or deferred prosecution agreements) for companies.
The EU Anti-Corruption Directive significantly tightens the sanctions regime applicable to legal entities for offences committed for a company's benefit by persons in leading positions or facilitated by a lack of supervision. Beyond financial penalties, companies face additional measures including exclusion from public procurement, withdrawal of permits, judicial supervision and publication of decisions. The Directive's broad jurisdictional provisions further amplify exposure.
Critically, however, the Directive rewards genuine compliance investment by recognising effective compliance management systems and internal investigations as mitigating factors that can reduce sanctions, provided they deliver concrete results. Companies should therefore prioritise implementing robust and tailored compliance frameworks, establishing clear protocols for internal investigations and maintaining proactive communication with authorities in the event of suspected misconduct.
Authors: Oliver M. Loksa, Dimitra Geronta, Marc Cistota
Oliver Michael
Loksa
Counsel
austria vienna