The Crime and Policing Act 2026:corporate criminal liability and business preparedness

The Crime and Policing Act 2026, (“the Act”) which received Royal Assent on 29 April 2026 marks a significant shift in the landscape of corporate criminal liability in the United Kingdom. 

Set to come into effect on 1 July 2026, the Act introduces a suite of reforms aimed at enhancing accountability and transparency within corporate entities, with a particular focus on tackling misconduct that had previously evaded prosecution.

Under the Act, the “identification doctrine” is expanded, meaning senior managers and officers may be held responsible for criminal acts committed within their organisations, even if the wrongdoing was not directly authorised. 

This means that companies can now face prosecution for offences committed by individuals acting on their behalf, where those individuals are deemed to be representing the “directing mind and will” of the business.

Offences under the Act include environmental breaches, health and safety violations, modern slavery, data protection offences, and violent crimes.

Sanctions under the Act are robust and designed to deter corporate wrongdoing. 

Businesses found guilty of criminal offences may face substantial fines, disqualification of directors, confiscation orders, and, in severe cases, restrictions on trading. 

The Act also introduces new compliance orders, requiring organisations to implement remedial measures, such as enhanced training or revised internal controls, to prevent future breaches. 

These sanctions are intended not only to punish but also to drive meaningful change in corporate behaviour.

Key Takeaways

For businesses, the key takeaways from Act are clear:
•    Liability for criminal acts is now wider, encompassing senior managers and officers, not just board-level decision-makers.
•    Sanctions are more severe, including financial penalties, director disqualification, and mandatory compliance orders.
•    The Act places greater emphasis on proactive compliance and risk management.

To prepare for the Act’s commencement, organisations should take immediate steps to review and strengthen their internal controls, compliance programmes, and reporting mechanisms. 
Such steps should include conducting thorough risk assessments, updating policies to reflect the expanded liability provisions, and providing targeted training to senior staff and managers. Legal teams should also be engaged to ensure that governance frameworks are robust and able to withstand scrutiny under the new regime.

Businesses must act swiftly to ensure they are not only compliant, but also resilient in the face of increased scrutiny and potential sanctions. 

By prioritising transparency, robust risk management, and comprehensive training, organisations can mitigate their exposure and demonstrate a commitment to lawful and ethical conduct.