The UK Crime and Policing Act 2026: A New Era of Corporate Criminal Liability

On June 29, 2026, the Crime and Policing Act 2026 (the CPA) came into force, bringing the most significant expansion of corporate criminal liability in a generation. Section 250 creates a universal senior manager attribution test: if a senior manager commits any criminal offence under UK law within the scope of their authority, the organisation commits that offence too.

The regime covers the full range of UK criminal law - not only economic crime, but data protection, health and safety, environmental offences, modern slavery, competition law and more. It replaces the earlier and more limited test under the Economic Crime and Corporate Transparency Act 2023. There is no reasonable prevention procedures defence. For most offences newly in scope, no deferred prosecution agreement (DPA) is available, leaving a binary outcome of conviction or acquittal. Section 250 also reaches overseas organisations: any body corporate, wherever incorporated, whose senior managers have UK criminal law exposure may be caught.

Below, we set out the key actions organisations should take now. For further reading, please see our companion articles: Beyond the Directing Mind – How the UK Crime and Policing Act 2026 Rewrites Corporate Criminal Liability, which sets out the legislative background and mechanics of section 250 in detail; and No Middle Ground – the DPA Gap, International Exposure, and What Section 250 Means Beyond the UK. Our third piece, From Theory to Exposure, puts the law into action, examining the structural consequences of the new regime through worked examples across three sectors.

What This Means for Your Organisation

The CPA’s effect is straightforward: criminal liability attaches automatically where a senior manager commits any offence within the scope of their authority; there is no reasonable prevention procedures defence; and for most offences newly captured by section 250, no DPA is available. Together, these features represent a decisive shift in the UK’s corporate criminal liability framework.

Enforcement is already a live concern. The CPA, combined with the failure to prevent fraud offence in force since September 2025, has materially enlarged the pool of viable corporate prosecutions, and an increase in volume and breadth is expected. For many offences now in scope - including data protection, health and safety, environmental, and competition law - criminal prosecution will sit alongside parallel regulatory enforcement by the Information Commissioner’s Office, Competition and Markets Authority, Health and Safety Executive or Environment Agency, and organisations should anticipate coordinated action across both tracks. For international organisations, exposure may simultaneously attract scrutiny from multiple enforcement authorities across jurisdictions. The absence of a DPA pathway makes resolution harder, and a coordinated cross-border strategy from the outset is essential.

The window for preparatory action is narrow. Organisations that have not yet mapped their senior manager population, reviewed their compliance frameworks, and calibrated their incident response protocols are already exposed. The CPA attaches liability to outcomes, not intentions - and poor preparation will make a prosecution significantly harder to manage.

The legal and strategic judgments that arise, particularly in the context of an active investigation or regulatory inquiry, demand expert advice at the earliest stage. To discuss how the CPA affects your organisation or to review your compliance framework in light of the new regime, please contact our London Enforcement and Investigations team.

What to Do Now

The CPA exposes organisations to a materially wider range of criminal liability. If your organisation has senior managers with any exposure to UK criminal law, the following steps should be treated as immediate priorities.

• Conduct a risk assessment and gap analysis across the full range of criminal offences now in scope - not only economic crime. Compliance frameworks historically focused on bribery, fraud, and money laundering must now encompass data protection, health and safety, environmental liability, modern slavery, competition law and market misconduct. Use existing controls for a preliminary assessment, then identify and address areas of enhanced risk.
• Map your senior manager population. The functional nature of the senior manager definition requires identification of which roles satisfy the test based on actual decision-making responsibility, not job title. The exercise must document the scope of each senior manager’s authority - which determines the boundaries of attribution - and must extend beyond the UK entity to overseas senior managers who play a significant role in managing UK operations.
• Train senior staff and those with decision-making powers on the CPA: the scope of the senior manager test, the categories of offence now captured, and the absence of any reasonable prevention procedures defence. Programmes historically concentrated on economic crime will need recalibrating to address the expanded categories of offending, and the broader personal criminal exposure of senior managers is now directly relevant to governance and risk culture.
• Establish clear reporting lines to ensure potential criminal conduct by senior managers is escalated promptly. Where such conduct is identified, the organization must assess quickly whether it falls within the scope of that manager’s authority, since liability attaches automatically if it does. Board-level oversight of senior manager conduct now informs the legal and strategic calculus at every stage of any investigation or enforcement process.
• Review Directors and Officers (D&O) liability insurance coverage. Confirm that policies provide adequate protection for defence costs relating to prosecutions under the new regime.

The legal and strategic judgments that arise, particularly in the context of an active investigation or regulatory inquiry, demand expert advice at the earliest stage. To discuss how the CPA affects your organisation or to review your compliance framework in light of the new regime, please contact our London Enforcement and Investigations team.

Read more analysis of the implications of the UK Crime and Policing Act 2026 via the News & Insights tab below.