Open navigation
Search
Search
All expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS United Kingdom
All insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in focus View all
Insights by type
CMS Spotlight: join our events and webinars!
CMS News
Stay up to date with our growth, evolution and our many successes.
CMS Press Office
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Legal Update

Crime and Policing Act 2026: corporate criminal liability unbound

30 Apr 2026 United Kingdom 6 min read

The Crime and Policing Act received Royal Assent on 29 April 2026, further expanding the circumstances when organisations may be criminally prosecuted for wrongdoing by senior staff. 

The Act now applies the less restrictive model of corporate criminal liability, first seen in the Economic Crime and Corporate Transparency Act 2023 in relation to certain economic crime, to all offences — a development that is likely to broaden legal, compliance and governance risk across all industry sectors.

What the law said before

Section 196 of the Economic Crime and Corporate Transparency Act 2023 (“ECCTA”) created an expanded route to prosecute organisations when a “senior manager” (as defined) commits certain economic offences within the actual or apparent scope of their authority. In those cases, prosecutors can treat the organization as having committed the offence itself.

The term “senior manager” is defined broadly as: someone who plays a significant role in decision-making about the whole or a substantial part of an organization’s activities, or in managing or organising those activities. In practice, falling within the definition of a “senior manager” is likely to turn on the specific facts of each case rather than job titles or any certification (such as in the regulated sector), and may also vary from time to time, creating significant scope for argument in contested cases. 

The senior manager route to corporate liability under ECCTA was limited to a specific list of “economic” crimes (such as fraud and false accounting). It was designed to loosen the traditional and more confining “directing mind and will” corporate attribution doctrine which prevailed throughout the 20th century, but its reach was deliberately confined to specified offences.

What changes now

Coming into force on 29 June 2026, section 254 of the Crime and Policing Act 2026 replaces s196 of ECCTA with that same “senior manager” corporate attribution model but for any criminal offence, again provided the individual was acting within the actual or apparent scope of their authority.

The broadened test means companies can, in principle, be prosecuted for offences that are far outside the normal range of business misconduct, so long as prosecutors can link the conduct to a qualifying senior manager and their role. The scope of any alleged “authority”, particularly, “apparent authority” is very likely to be a focal point for future disputes.

Where exposure could broaden

It is too early to predict how aggressively the new provision will be used by different prosecuting authorities. However, the removal of the “economic crime” constraint will widen the range of scenarios in which prosecutors can consider pursuing organisations - particularly where the public interest in prosecution is heightened by topical events or high profile campaign. Examples may include:

Environmental offences: Offences under the Environmental Protection Act 1990 or the Environmental Permitting (England and Wales) Regulations 2016, such as knowingly causing or permitting polluting discharges, may now be attributed to the corporate body where authorised or directed by a senior manager.

Computer misuse offences: Offences under the Computer Misuse Act 1990, such as unauthorised access to computer material or unauthorised acts with intent to impair the operation of a computer, may be attributed where a senior manager directs or authorises such conduct (for instance, in the context of corporate espionage or competitive intelligence gathering).

Modern slavery and human trafficking offences:  Offences under the Modern Slavery Act 2015 committed by a senior manager acting within the scope of their authority — such as arranging or facilitating the travel of another person with a view to exploitation — could now be attributable to the organisation.

Perverting the course of justice:  If a senior manager directs or carries out acts tending to pervert the course of justice — such as the destruction of documents relevant to regulatory investigations — the organisation itself may now face prosecution for this common law offence.

Data protection offences: Criminal offences under the Data Protection Act 2018, including the unlawful obtaining or disclosure of personal data, may now be attributed to the corporate body.

Offences against the person: Some offences tend to be seen as very closely linked to the offender’s individual character, such as assault, harassment or similar. On the terms of the Act, these are also in scope. So, for example, if a figure such as a senior doctor or medical administrator uses their role and apparent authority to facilitate wrongdoing against person under their care, the organization could now face both civil and criminal liability.  

What it means for business

For most companies, the immediate risk of prosecution will be low, as senior managers very rarely commit crimes, whether in the course of business or in their private lives. That said, whilst rare, when incidents do occur, they are very high impact and, it can be expected that some high-profile prosecutions are likely to emerge - particularly in areas where prosecutions have failed in the past because establishing the “directing mind and will” was difficult in large, complex organisations. 

More generally, the breadth of the new test is likely to change how boards and general counsel think about non-economic criminal exposure — particularly in highly regulated or operationally complex industries.

Any early enforcement actions are likely to generate test cases on the meaning of “senior manager” and the boundaries of actual and apparent authority. Those decisions, in turn, could feed into risk registers, insurance underwriting, HR policies, directors’ duties, transaction diligence and many other features of the economic landscape. 

Organisations with UK operations should consider whether existing controls — often built around financial and economic crime — are calibrated for a wider set of criminal risks tied to decision-making and oversight by senior staff.

Practical areas to review include:

  • Risk assessment and audit programmes, including how non-financial criminal risks are identified and escalated.
  • Financial controls and due diligence, including whether existing anti-money-laundering procedures adequately cover corporate asset misuse and third-party risk.
  • Governance and delegations of authority, including documentation and practical controls around who can bind the organization — and how “apparent authority” is managed.
  • Training, monitoring and speak-up channels, to reflect a wider spectrum of potential criminal exposure.
  • Insurance and critical incident response planning, including D&O cover, investigation protocols and HR processes for senior-leadership misconduct allegations.
More insights

Explore more

Event United Kingdom

IP Insights webinar series 2026

03 Jun 2026
Expert Guide International

AI laws and regulation in the United Kingdom

15 min read
Publication United Kingdom

How are banking disputes changing in 2026?

29 Apr 2026 1 min read
Back to top Back to top
You will now find all Law-Now content on CMS.law
Explore more
Law-Now, RegZone, LEXplicite and Blogtt have moved to CMS.law. Law-Now has moved to CMS.law. RegZone has moved to CMS.law. LEXplicite has moved to CMS.law. Blogtt has moved to CMS.law.
Learn more Learn more Learn more Learn more
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.