Section 250 of the Crime and Policing Act 2026 UK
The Crime and Policing Act 2026 came into force on 29 June, widening the scope of offences for which UK companies can be held criminally liable. Magnific/AI Generated thru CoPilot

UK companies became criminally liable this week for offences committed by their own senior managers, after Section 250 of the Crime and Policing Act 2026 came into force on 29 June. The law means a business can now be convicted and sentenced for a manager's crime even where the company did not authorise, approve or benefit from the conduct, so long as the manager was acting within their role.

Previously, companies could only be held criminally liable in narrow circumstances. This change extends that liability to virtually any offence under UK law, not just the fraud, bribery and tax crimes it previously covered.

How the Law Finally Closed a Century-Old Loophole

For most of the last century, prosecutors had to prove a company's 'directing mind or will', typically a board-level figure, had personally committed a crime before the business itself could be convicted. That standard, known as the identification doctrine, made it notoriously difficult to convict large, decentralised companies.

Transparency International UK's Business Integrity team noted that even the chief executive of a major company was found not to represent its 'directing mind or will' in a significant fraud case in 2018. The 2023 Economic Crime and Corporate Transparency Act partially addressed this by introducing a 'senior manager' test, but only for a limited list of economic crimes.

What Being 'On The Hook' Actually Means

Under Section 250, a 'senior manager' is anyone who plays a significant role in managing or organising a business, or making decisions about how it is run, regardless of their job title. If that person commits an offence while acting within their 'actual or apparent scope of authority', the organisation is automatically guilty of the same offence alongside them.

Crucially, there is no 'reasonable procedures' defence available once that threshold is met. Unlike the 'failure to prevent bribery' offence, where a company can avoid conviction by proving it had adequate procedures in place, Section 250 offers no equivalent escape route. Legal commentary from Slaughter and May has also flagged that, unlike US corporate liability law, there is no requirement for the offence to have benefited the company at all, meaning a business could face liability even where it was the victim of the manager's crime.

UK and EU Align on Corporate Criminal Liability

The UK reform lands alongside a parallel shift in the EU, where the new Anti-Corruption Directive sets minimum rules for holding companies criminally responsible for corruption offences. Companies face fines of at least two to five per cent of global turnover, or between €24 million and €40 million depending on the offence, alongside possible prison terms for individuals.

The practical effect is that businesses of all sizes, not just multinationals in high-risk sectors, now carry direct corporate exposure for the conduct of managers who were never board members and would previously have fallen outside the identification doctrine altogether.

Companies that have not reviewed who counts as a 'senior manager' within their own structure, and what authority those individuals hold in practice, may already be carrying risk they have not accounted for.

For companies with operations spanning both the UK and EU, the two regimes will need to be assessed side by side, since a single incident could now trigger liability under both frameworks at once. Compliance teams are likely to face pressure from boards in the coming months to update risk assessments and reporting lines well ahead of any enforcement action.