In December 2025, the European Parliament and Council reached political agreement on the text of a new Directive on combating corruption (the “Directive”). The agreed text is expected to represent the final version, with formal adoption by both institutions anticipated shortly. The Directive is expected to enter into force in the spring of this year. It establishes the minimum rules on combating corruption, leaving Member States 24 months to transpose and implement its provisions into their national legal frameworks.

Definitions and Offences
The Directive includes relevant definitions that will now be harmonized across EU jurisdictions. It encompasses the following corruption-related criminal offences: active and passive bribery in both the public and private sector, misappropriation, trading in influence, unlawful exercise of public functions, obstruction of justice, and enrichment from criminal offences.

Sanctions
The Directive lays down minimum rules on sanctions for both natural persons and legal entities. The fines for legal entities, depending on the offence, are set at between 3 % and 5 % of the total worldwide annual turnover or alternatively, at a maximum amount ranging from EUR 24 million to EUR 40 million.

In addition to financial penalties, Member States must provide for other sanctions that may be imposed on legal entities, including among others, exclusion from public contracts and public funding (such as tenders, grants or concessions), disqualification from carrying out certain business activities, withdrawal of licences or permits, closure of establishments used to commit the offence, and even judicial winding-up of the company.

Preventative Measures
Member States are further required to adopt comprehensive preventive frameworks. These include national anti-corruption strategies, measures aimed at strengthening integrity and transparency in both the public and private sectors, and the establishment or designation of independent anti-corruption bodies.

Jurisdiction
A Member State must establish jurisdiction where:
1. The offence is committed, in whole or in part, within its territory; or
2. The offender is one of its nationals.

A Member State may extend jurisdiction to offences committed outside its territory, if (i) the offender is its habitual resident, (ii) the victim is one of its nationals or residents, or (iii) the offence is committed for the benefit of a legal entity established or conducting business in its territory.

Why This Directive Is Relevant
for Serbian Companies

Even though non-EU countries are not directly bound by the Directive, their citizens, companies, or officials can still fall under the jurisdiction of an EU Member State if they are involved in corruption offences connected to that Member State or conduct business in the EU.

It is expected that the Directive will significantly influence corporate compliance standards for companies from third countries that conduct business in the EU or are otherwise connected to the EU market, as well as their related entities. Therefore, non-EU companies with EU operations, subsidiaries, contractual relationships, or other market links, will need to ensure that their anti-corruption compliance frameworks meet the standards set out under the Directive.

The Directive introduces a higher level of criminal liability for legal entities by strengthening the link between the quality of the compliance program and criminal responsibility. Companies will be required to demonstrate that corruption was neither tolerated nor encouraged, and that reasonable and proportionate preventive measures were effectively implemented. This shifts the focus from formalistic compliance to actual effectiveness in practice.

The importance of preventive mechanisms is also heightened. In assessing corporate liability, competent authorities are likely to examine whether a company had in place:

• a risk assessment based on its actual business operations and exposure,
• defined internal controls and procedures,
• defined reporting and escalation mechanisms,
• training programmes implemented proportionate to the level of risk,
• management of third-party risks.

Analyses and risks related to third parties are becoming particularly significant, especially for multinational corporations, companies operating outside the EU, and sectors such as infrastructure, telecommunications, energy, and pharmaceuticals.

The Directive places increased emphasis on systems for detecting and addressing misconduct, notably through whistleblowing frameworks and internal reporting mechanisms.

In practice, effective and well-implemented compliance programmes are likely to be treated as mitigating factors in proceedings, whereas ineffective or merely formal programs may aggravate a company’s position.

In light of all the above, companies should promptly focus on: conducting risk assessments, implementing third-party due diligence, improving internal investigation protocols, and aligning compliance programs with governance structures.

Overall, the Directive represents a significant development of the European system of criminal law protection against corruption. Although Serbia is not directly bound by it, its jurisdictional reach, high financial penalties, and emphasis on effective compliance frameworks mean that Serbian businesses operating in or with the EU should treat it as a strategic compliance priority. Proactive alignment with these standards will not only reduce legal and reputational risk, but also strengthen corporate governance frameworks, reinforce business partner confidence, and enhance overall competitiveness in an increasingly regulated European business environment.

This article was prepared in cooperation with Mr Borko Nikolić, Certified Fraud Examiner (CFE).