What Is a Dawn Raid Policy in Finland in 2026, FCCA Powers, Executive Obligations and On‑site Protocol

Understanding what is a dawn raid policy has become a board‑level priority for every company operating in Finland. A dawn raid is an unannounced inspection of business premises by competition or criminal authorities, designed to secure evidence before it can be altered or destroyed. On 31 March 2025 the Finnish Market Court issued a landmark penalty in the Attendo case for obstructing a Finnish Competition and Consumer Authority (FCCA / KKV) inspection, the first time obstruction of a dawn raid led to a significant fine in Finland.

With EU Regulation 1/2003 inspections continuing throughout 2026 and the FCCA signalling a more assertive enforcement stance, executives, in‑house counsel and compliance officers who lack a jurisdiction‑specific dawn raid policy face mounting financial, legal and reputational exposure.

What Is a Dawn Raid Policy? Definition, Purpose and Core Elements

A dawn raid policy is an internal compliance document that prescribes exactly how a company’s personnel should respond when regulators arrive without notice to inspect premises, copy documents and image electronic devices. Its purpose is twofold: to protect the legal rights of the company and its employees, and to ensure the business cooperates lawfully so that it avoids obstruction allegations. Every dawn raid policy should be tailored to the jurisdictions in which the company operates, in Finland, that means addressing both FCCA and European Commission inspection scenarios.

A robust dawn raid policy should contain, at minimum, the following elements:

• Designated response team. Named individuals (general counsel, site manager, IT lead, Data Protection Officer) with clear escalation paths and 24/7 contact details.
• Reception protocol. Step‑by‑step instructions for front‑desk staff: verify IDs, request the inspection decision, delay entry only long enough to alert counsel, never block access.
• Document and device handling rules. Guidance on which records inspectors may access, how to assert privilege claims, and how to manage personal (BYOD) devices.
• Communication controls. Rules preventing staff from tipping off colleagues, deleting data or discussing the inspection externally before counsel approves.
• Evidence‑preservation obligations. A litigation‑hold trigger that activates automatically when an inspection begins, covering email servers, messaging apps and cloud storage.
• Post‑inspection debrief. A procedure for documenting what was inspected, copied or seized, and for reporting to the board and external counsel.

Companies that operate in regulated sectors or have previously been involved in competition proceedings should treat dawn raid policy documentation as a living compliance tool, reviewed annually and tested through mock dawn raid training.

Who Oversees Dawn Raids in Finland? FCCA Powers vs EC Inspections

Knowing who oversees a dawn raid is critical because the authority conducting the inspection determines the legal framework, the scope of access, and the consequences for non‑compliance. In Finland three categories of authority may carry out an unannounced inspection, each operating under different statutory powers.

In practice, an FCCA dawn raid is the most common scenario for companies operating in Finland. The FCCA has published a dedicated brochure explaining inspection procedures and the rights and obligations of the undertaking being inspected. When the European Commission leads the inspection, FCCA officials typically assist on site, but the procedural rules of Regulation 1/2003 apply rather than the Finnish Competition Act alone.

Legal Basis and Procedural Framework, Finland and the EU

The legal authority for dawn raids in Finland rests on two parallel frameworks. Domestically, the Finnish Competition Act empowers the FCCA to conduct surprise inspections of business premises under Section 35, which allows officials to enter premises, examine business records (including electronic records), take copies and seal rooms or devices for the duration of the inspection. The FCCA does not require a court warrant to initiate an inspection of business premises, although inspecting non‑business premises (such as a private home) requires prior authorisation from the Market Court.

At the EU level, Regulation 1/2003 provides the European Commission with inspection powers under Article 20. These powers include the right to enter premises, examine and copy books and records regardless of the medium, seal premises and request oral explanations on the spot. Article 20 inspections are backed by a Commission decision, and the undertaking is obliged to submit to the inspection. Obstruction, including breaking seals, providing incomplete or misleading information, or failing to produce required documents, can trigger fines of up to 1 % of total worldwide turnover under the Regulation.

The Finnish Competition Act was amended to align with the ECN+ Directive (Directive 2019/1), strengthening the FCCA’s powers and ensuring that national procedural safeguards are consistent with the harmonised EU framework. Industry observers expect these enhanced powers to lead to more frequent and technically sophisticated FCCA dawn raids throughout 2026 and beyond.

Executive and In‑House Counsel Obligations During an On‑Site Inspection

Every individual present during a dawn raid carries obligations, but executives and in‑house counsel bear the greatest responsibility. Mishandling the first thirty minutes can escalate a routine inspection into an obstruction case, as the 2025 Market Court ruling demonstrated. The following roles must be clearly defined in advance.

• Receptionist / front‑desk staff. Greet inspectors calmly. Request identification and the inspection decision or authorisation document. Do not refuse entry. Immediately contact the designated response‑team leader using the pre‑agreed escalation protocol.
• Site manager. Accompany inspectors at all times. Provide access to the areas and systems covered by the inspection decision. Keep a contemporaneous log of every room entered, every document inspected and every device touched.
• In‑house counsel / General Counsel. Review the inspection decision on arrival. Confirm the scope (subject matter, time period, categories of documents). Assert legal professional privilege over clearly privileged documents, but do not withhold non‑privileged material. Contact external competition counsel immediately.
• External counsel. Attend the premises as soon as possible. Advise on privilege claims, negotiate practical arrangements for device imaging, and ensure the company’s rights are properly exercised without crossing into obstruction.
• IT / Security lead. Isolate backup and cloud systems only with counsel’s approval. Assist inspectors with access to servers, shared drives and email archives. Document all imaging and copying activities.
• Data Protection Officer (DPO). Monitor data‑processing activities to ensure GDPR compliance. Document lawful bases for any processing of personal data that occurs during the inspection.

Sample Scripts for the First Minutes

Preparation is everything. Staff who know what to say, and what not to say, dramatically reduce the risk of inadvertent obstruction. The following phrases can be adapted for a dawn raid policy manual:

• Reception: “Welcome. May I see your identification and the inspection decision, please? I will contact our legal team immediately. Please take a seat, someone will be with you shortly.”
• Counsel to inspectors: “We will cooperate fully. Before we begin, may I confirm the scope and subject matter of the inspection? We would also like to ensure that one of our team members accompanies each inspector.”
• To employees: “An inspection is under way. Please do not delete, move or alter any documents or messages. Do not discuss the inspection on any channel, including messaging apps, until instructed otherwise by legal.”

Ethical Considerations of Dawn Raids

Ethical considerations of dawn raids run in both directions. Authorities are expected to act proportionately, to respect the dignity of employees and to limit disruption to business operations. Companies, in turn, must cooperate honestly and may not mislead inspectors, destroy evidence or coach employees during the inspection. Ethical standards also require that privilege claims are made in good faith, asserting blanket privilege over entire servers or rooms without a legitimate basis can itself constitute an obstruction risk. In Finland, the FCCA’s inspection brochure addresses these principles directly, and the ECN+ Directive reinforces mutual obligations of proportionality.

On‑Site Protocol, From Reception to Exit: IT, Device Imaging, BYOD and GDPR

The operational heart of any dawn raid policy is the on‑site protocol, the step‑by‑step procedure that governs what happens from the moment inspectors arrive until they leave the building. A well‑rehearsed protocol reduces confusion, protects legal rights and ensures full cooperation.

Step‑by‑Step Arrival and Verification

• Step 1, Arrival verification. Confirm the identity of every inspector (photo ID, authority credentials). Record names, titles and badge numbers. Request and photocopy the inspection decision or Commission authorisation.
• Step 2, Scope confirmation. Read the inspection decision carefully with counsel. Identify the subject matter, the relevant time period, the categories of evidence sought and the premises covered. If inspectors request access to areas outside the stated scope, note the objection on the record but do not physically obstruct access.
• Step 3, Assign shadow teams. Pair each inspector with a company representative who will observe, take notes and flag potential privilege issues in real time.
• Step 4, Sealing. If inspectors seal rooms, cabinets or devices, do not break or tamper with the seals under any circumstances. Record every seal with a time‑stamped photograph.
• Step 5, Log of seized or copied items. Maintain a detailed inventory: description of each document or file, file path, device serial number, time of copying or seizure, and the inspector’s name. Obtain the inspectors’ counter‑signature on the log wherever possible.

IT, Device Imaging and Forensic Best Practices

Modern FCCA dawn raids are increasingly data‑focused. Inspectors routinely image hard drives, clone servers and extract messaging data. Companies should have a retained forensic vendor on standby, ideally one that can attend the premises within two hours, to shadow the authority’s forensic team and create a mirror image for the company’s own records.

• Live imaging vs physical seizure. Where possible, negotiate for on‑site forensic imaging rather than physical removal of hardware. This allows the business to continue operating and preserves a chain of custody.
• Isolation of devices. Disconnect devices from the network (with counsel’s approval) to prevent remote wiping or syncing, but do not power them off unless specifically instructed.
• E‑discovery hold. Trigger a litigation hold on all email, cloud, and messaging systems the moment an inspection begins. Notify IT administrators and third‑party hosting providers.

Handling BYOD (Personal Devices) and GDPR Obligations

Personal devices present one of the most sensitive issues during a dawn raid. Finland implements the EU General Data Protection Regulation (GDPR) through national legislation and guidance from the Office of the Data Protection Ombudsman. When inspectors request access to a device that an employee owns personally but uses for work, the company must balance its cooperation obligations with data‑protection rights.

Throughout the inspection the DPO should maintain a separate record of all personal‑data processing that occurs, including the categories of data accessed, the lawful basis relied upon, and any data‑minimisation measures applied. This record is essential for demonstrating GDPR compliance after the inspection ends.

Penalties for Obstruction, Market Court Dawn Raid Fine: The Attendo Case (2025)

The consequences of mishandling a dawn raid in Finland are no longer theoretical. On 31 March 2025, the Finnish Market Court imposed a penalty of €1.5 million on Attendo for obstructing an FCCA on‑site inspection. According to reporting by Krogerus and Merkurius Law, the obstruction involved the deletion of WhatsApp messages and call‑log data during the inspection itself, conduct the Market Court found to be a deliberate interference with the authority’s investigative powers.

This was the first time the Market Court imposed a fine specifically for obstructing a competition‑authority inspection in Finland. The decision signals a clear enforcement trajectory: the FCCA will pursue obstruction aggressively, and the Market Court will impose meaningful financial consequences.

Key takeaways from the Attendo decision for executives:

• Data destruction equals obstruction. Deleting messages, clearing call logs or wiping devices during an inspection is treated as deliberate interference, regardless of intent.
• Penalties are substantial. Under Finnish rules, penalty payments for obstruction can reach significant sums, and the EU framework under Regulation 1/2003 allows fines of up to 1 % of total worldwide turnover.
• Personal liability risk. Industry observers expect that future cases may explore personal liability for executives who instruct or permit evidence destruction.
• Immediate litigation‑hold protocols are non‑negotiable. Companies must have automated or rapid‑deployment holds that prevent any deletion from the moment inspectors identify themselves.

Practical Checklist and Mock Dawn Raid Training for Finland

Knowing what is a dawn raid policy on paper is not enough, companies must test their procedures under realistic conditions. A mock dawn raid is a simulated unannounced inspection designed to stress‑test people, processes and IT systems before a real FCCA or EC visit occurs.

Reception and Front‑Desk Checklist

• Verify inspector IDs and credentials, record names and badge numbers.
• Request and photocopy the inspection decision or authorisation.
• Contact the response‑team leader immediately using the emergency contact list.
• Escort inspectors to the designated waiting area; do not allow unaccompanied access.
• Do not discuss the inspection with colleagues, clients or third parties.

Counsel Checklist

• Review scope of the inspection decision, subject matter, time frame, premises.
• Assert privilege over clearly privileged documents; set aside disputed items in a sealed envelope.
• Assign shadow teams to accompany every inspector.
• Issue an immediate litigation‑hold notice across all relevant systems.
• Contact external competition counsel and, if needed, the retained forensic vendor.

IT and Data‑Preservation Checklist

• Suspend all auto‑delete and retention‑policy routines.
• Isolate devices from the network (do not power off) with counsel’s approval.
• Create a mirror image of any device that inspectors image or seize.
• Record file paths, serial numbers and timestamps for every item accessed.
• Involve the DPO to document GDPR‑relevant processing.

Designing a Mock Dawn Raid Training Programme

Mock dawn raid training in Finland should follow a structured format to deliver measurable preparedness improvements:

• Scenario design. Build a realistic inspection scenario, e.g., a suspected cartel involving pricing data on shared drives and WhatsApp groups. Tailor the scenario to the company’s actual risk profile.
• Unannounced execution. Conduct the drill without prior warning to the site team. Use external advisers as mock inspectors to add realism.
• Objectives and KPIs. Measure response time (reception to counsel notification), accuracy of privilege assertions, completeness of the seizure log and communication‑control compliance.
• Debrief and remediation. Within 48 hours, hold a structured debrief with all participants. Document gaps and update the dawn raid policy accordingly.
• Frequency. Run mock drills at least annually. Companies in high‑risk sectors or those undergoing organisational change should consider semi‑annual exercises.

Conclusion, Five Rules Every Executive Must Follow

A dawn raid policy is not a theoretical compliance exercise, it is the single document that separates a controlled, lawful response from an obstruction case that can cost millions. For companies operating in Finland in 2026, the following five rules should guide every board decision on dawn raid preparedness:

1. Cooperate fully, never refuse access, block inspectors or delay the inspection beyond a brief window to alert counsel.
2. Preserve everything, trigger an immediate litigation hold; any deletion of messages, call logs or files during an inspection is obstruction.
3. Know the scope, read the inspection decision carefully and record any requests that fall outside it, but do not physically resist.
4. Shadow every inspector, assign company representatives to observe, note and log every action taken.
5. Test your policy, run mock dawn raid training at least once a year and update your dawn raid policy after every drill and every regulatory development.

Companies that need specialist guidance on dawn raid preparedness in Finland can find an experienced investigations lawyer in Finland through the Global Law Experts directory.

Sources

1. Finnish Competition and Consumer Authority (KKV), Inspection of Business Premises Brochure
2. Krogerus, Finland Competition & Regulatory Newsletter
3. Merkurius Law, Market Court Decision on Obstruction Penalty
4. Practical Law, Finland Market Court Obstruction Case Note
5. Mayer Brown, What’s Happening in Dawn Raids Across Europe (2025)
6. MLex, Dawn Raid Enforcement Reporting