From 29 June 2026, the Crime and Policing Act 2026 will significantly expand corporate criminal liability in the UK.

For organisations of all sizes, this marks a fundamental shift. Businesses may now be held responsible for criminal offences committed by senior managers across a much wider range of activities, not just economic crime.

This change increases legal, financial and reputational risk, particularly for organisations with decentralised decision-making. Understanding who counts as a senior manager, and where liability may arise, is now critical.

How corporate criminal liability has changed in the UK

Most criminal offences apply to a “person”, which includes both:

• natural persons (individuals), and
• legal persons (companies and partnerships).

Historically, a company could only be found guilty of an offence at common law if it was possible to attribute to it the conduct and state of mind of an individual who was the organisation’s “directing mind and will”, typically limited to those at board level. This is known as the identification doctrine.

In practice, this test proved difficult to apply, particularly in large or complex organisations where decision-making is decentralised and responsibility is dispersed. As a result, prosecutions of corporates under the identification doctrine have been challenging.

The Economic Crime and Corporate Transparency Act 2023 (“ECCTA”) partially addressed this issue by extending the doctrine allowing liability to arise where a senior manager commits a specified economic offence whilst acting within their authority.

The Act has now extended the doctrine further so that the organisation may be liable when a senior manager commits any criminal offence when acting within the scope of their authority.

Who counts as a senior manager under the Crime and Policing Act 2026

A “senior manager” is an individual who plays a significant role in:

• making decisions about how the whole or a substantial part of the organisation’s activities are managed or organised; or
• actually managing or organising those activities.

The senior manager definition was used in ECCTA and is derived from the Corporate Manslaughter and Corporate Homicide Act 2007. However, there is very limited case law on its meaning,  so in practice the boundaries of who qualifies as a “senior manager” are likely to be tested and developed by the courts.

However, it is not limited to directors or board members but may include individuals below board level if they have real influence over how part of the business operates. For example, a senior manager could be:

• a CEO, CFO or other board director;
• a regional or divisional head;
• heads of key functions (e.g. compliance, operations, sales); or
• individuals with substantial decision-making authority over a business unit or function.

What the new law means for organisations in practice

The practical impact is a significant lowering of the threshold for establishing corporate criminal liability. With the changes taking effect from 29 June 2026, organisations have a narrow window to review governance, clarify accountability and strengthen controls.

Prosecutors will no longer need to establish that the individual offender was the organisation’s “directing mind and will”. Instead, liability may arise wherever a senior manager commits an offence in the course of their role and within their authority.

This materially increases exposure across all areas of criminal law, including health and safety, environmental, fraud and regulatory offences.

There is no standalone defence under the Act – the availability of any defence will depend on the underlying offence.  While some offences include statutory or common law defences (for example reasonable excuse or due diligence), these will only be available if their specific criteria are satisfied

What risks do organisations face under the new law

If an organisation is convicted, the primary penalty is typically an unlimited fine, the level of which will be determined by factors such as the seriousness of the offence and the organisation’s turnover.

Courts may also impose ancillary orders, including confiscation of profits, compensation to victims, and publicity orders. In addition, organisations are likely to face wider consequences, such as regulatory action, potential exclusion from public contracts, and reputational damage.

How businesses should prepare before 29 June 2026

Organisations should take practical steps ahead of 29 June 2026 to reduce exposure:

• Review governance structures: ensure clarity around decision-making authority and oversight across business units, particularly where decision-making is decentralised
• Strengthen compliance frameworks: identify key areas of risk.  Review and update policies, controls and monitoring across all risk areas, not just financial crime, to include health and safety, environmental, and regulatory risks.
• Identify “senior manager”: assess roles based on actual influence and responsibility , not just job titles.
• Enhance training and awareness: ensure senior managers understand both their personal exposure and the risk their actions may pose to the organisation.
• Test governance and oversight: ensure escalation routes, reporting lines and controls operate effectively in practice.

How we can support you

The expansion of corporate criminal liability is likely to affect organisations of all sizes, particularly those with complex or decentralised structures. Early review can help identify gaps before the new rules come into force.

Our regulatory and corporate teams support organisations with:

• assessing governance and accountability frameworks
• identifying senior manager risk exposure
• reviewing and strengthening compliance systems
• delivering tailored training for leadership teams

If you would like to discuss how these changes may affect your organisation, we can help.