New Belgian Criminal Code 2026, What Company Directors Must Do Now to Avoid Criminal Liability

Executive TL;DR, Belgium New Criminal Code 2026 Liability at a Glance

On 8 April 2026 the New Belgian Criminal Code entered into force, replacing legislation that had been in place since 1867 and fundamentally reshaping corporate and director criminal liability across every sector. The reform introduces an eight-level sanctions grid, broadens the organisational-fault test that can make a company criminally liable for acts of its employees, and significantly expands confiscation and asset-recovery powers. For directors, General Counsel and compliance officers, the practical consequence is immediate: governance frameworks, incident-response protocols and internal investigation playbooks must be updated now or risk personal prosecution alongside the entity they serve.

Five actions every director should take today:

1. Audit existing compliance policies against the new corporate-fault standard.
2. Update the board-level incident-response protocol and minute-taking procedures.
3. Engage external criminal defence counsel to review privilege boundaries.
4. Revise whistleblowing channels to align with the expanded reporting framework.
5. Brief the executive committee on the new confiscation and asset-recovery rules.

Why Directors Must Care, Overview of Belgium’s New Criminal Code Changes

Belgium’s criminal law framework had remained largely unchanged since its 1867 codification. The New Criminal Code, published in the Belgian Official Gazette (Moniteur Belge) and effective from 8 April 2026, constitutes the most comprehensive overhaul in over 150 years. Its scope is vast: an entirely reimagined set of general principles, a restructured catalogue of offences, and a modernised sentencing architecture designed for 21st-century white collar crime in Belgium 2026 and beyond.

For companies and their boards, three structural shifts demand immediate attention. First, the Code systematises and clarifies corporate criminal liability Belgium has built up through case law since the 1999 reform, replacing the old ad-hoc framework with a coherent statutory test. Second, the new eight-level sanctions grid replaces the former patchwork of fine ranges, capping the maximum pecuniary sentence for legal entities while simultaneously making confiscation far more potent. Third, the dual-liability principle, under which both the company and the individual director can be prosecuted for the same offence, has been retained and refined, meaning directors cannot assume the corporate veil will absorb their personal exposure.

Industry observers expect the practical effect to be a marked increase in criminal prosecutions of both companies and directors, particularly in areas where organisational shortcomings contributed to the offence. The Belgium new criminal code 2026 liability framework rewards proactive governance and penalises inertia.

Key Dates and Timeline for Director Liability Belgium 2026

Understanding the reform timeline is essential for compliance planning. Several legislative milestones preceded the 8 April 2026 entry into force, and each carries its own practical implications for directors.

Each milestone creates a distinct compliance obligation. Directors who treated the 21 June 2024 amendments as a payroll-only matter may now discover that the broader 2026 framework exposes them to personal criminal liability for failures they assumed were purely administrative.

What Changed: Corporate and Director Criminal Liability Explained

The New Criminal Code restructures the entire architecture of corporate criminal liability Belgium has developed over the past quarter-century. Two dimensions of this restructuring are critical for directors.

Legal Standard for Corporate Fault

Under the former regime, corporate criminal liability was introduced in 1999 and refined through successive Cassation decisions. The new Code codifies these developments while expanding them. A legal entity can now be held criminally liable for offences that are intrinsically linked to the realisation of its purpose or the defence of its interests, or for offences where the facts demonstrate that the entity committed them. Crucially, the Code explicitly states that the criminal liability of a legal entity does not exclude the liability of the natural person who committed the same acts, removing a concurrence limitation that had existed under the old regime.

The practical standard centres on organisational fault: where an offence resulted from a deliberate decision within the company, from negligence at management level, or from a structural failing in the company’s internal controls, the entity is exposed. This is broader than mere vicarious liability. It means that a compliance gap, an outdated anti-money-laundering procedure, an unmonitored whistleblower channel, a missing due-diligence protocol, can itself constitute the basis for corporate criminal prosecution.

Director-Specific Offences and Personal Liability

Director liability Belgium 2026 is no longer confined to situations where a director personally committed a criminal act. The Code retains and refines the principle that directors and officers can be prosecuted for their personal involvement in an offence committed by the entity, for failures in supervision that made the offence possible, and for governance shortcomings where a duty of care existed and was breached. This includes situations where a director had knowledge, or should have had knowledge, of conduct within the organisation and failed to act.

Early indications suggest that prosecutors will use the new framework to pursue directors in cases involving fraud, tax evasion, market abuse, environmental offences and social criminal law violations. The dual-track prosecution model (entity plus individual) is designed to prevent directors from sheltering behind the corporate structure.

New Offences and Risk Matrix Directors Must Watch

The New Criminal Code does not merely reorganise existing offences, it introduces modernised definitions, new qualifying elements and, in some cases, entirely new offence categories relevant to corporate life. For directors and compliance officers, the following risk matrix provides a starting point for self-assessment.

Reporting and Mandatory Disclosure, What Changes?

Belgian law does not impose a general obligation on private citizens or companies to report crimes. However, certain categories of professionals, financial institutions, notaries, auditors and, increasingly, compliance officers in regulated sectors, are subject to specific reporting duties. The New Criminal Code interacts with these sectoral obligations by increasing the consequences of non-reporting where a statutory duty exists, and by reinforcing the link between an entity’s failure to report and its own criminal liability for the underlying offence. Directors in regulated industries should revisit mandatory-reporting protocols as a matter of urgency.

Sanctions, Fines and Confiscation, Practical Impact Under Belgium New Criminal Code 2026 Liability

The reformed sanctions regime is one of the most consequential elements of the New Criminal Code for corporate actors. The old patchwork of fine ranges has been replaced with a structured eight-level system, and the approach to asset recovery and confiscation in Belgium has been significantly strengthened.

Under the new grid, pecuniary sanctions for legal entities scale across eight levels based on the gravity of the offence. The maximum fine for the highest level (level eight) is capped at EUR 5,760,000, a figure that, while providing legal certainty, also signals that Belgian authorities intend to use financial penalties as a meaningful deterrent. For directors personally, the sentencing framework includes imprisonment, fines, community service and professional disqualification orders.

Confiscation powers have been materially expanded. The Code enables courts to confiscate not only the direct proceeds of an offence but also assets of equivalent value, and facilitates extended confiscation where a conviction relates to certain categories of serious offences. For companies, this means that corporate assets, bank accounts, real estate, intellectual property, can be seized where they are linked to criminal proceeds, even if the connection is indirect.

The likely practical effect is that companies will need to maintain far more rigorous documentation demonstrating the lawful origin of key assets, particularly in sectors with elevated regulatory risk. Directors who cannot demonstrate proactive governance may face personal confiscation orders.

Immediate 0–72 Hour Response, A Director’s Checklist

When a suspected fraud, regulatory breach or criminal incident surfaces, the first 72 hours are decisive. Actions taken, or not taken, during this window will shape the company’s legal position, the scope of any privilege claims, and the personal exposure of every director involved. The following internal investigation checklist for Belgium reflects the requirements of the 2026 framework.

Hour 0–4: Contain and Preserve

• Activate the incident-response protocol. Notify the designated crisis lead (typically General Counsel or Chief Compliance Officer). Do not wait for full information before escalating.
• Issue a litigation hold. Immediately instruct all relevant personnel to preserve documents, emails, messages and data. Suspend any scheduled data-destruction cycles.
• Restrict access. Secure affected systems, accounts and physical locations. If the suspected offence involves financial systems, freeze relevant authorisation tokens.
• Do not conduct informal interviews. Unstructured questioning by non-lawyers can destroy privilege and produce statements that become prosecution evidence.

Hour 4–24: Assess and Organise

• Engage external criminal defence counsel. Under Belgian criminal procedure, privilege for in-house counsel is limited. External counsel provides a stronger privilege foundation for investigation materials.
• Convene an emergency board or executive committee meeting. Record a board minute that documents the directors’ awareness, the steps being taken, and the decision to investigate. A sample resolution: “The Board acknowledges the report dated [date] concerning a suspected [nature of incident]. The Board resolves to engage external counsel to conduct an independent internal investigation and to take all necessary steps to preserve evidence, protect the interests of the Company, and ensure compliance with applicable legal obligations.”
• Assess regulatory notification obligations. Determine whether the suspected breach triggers mandatory reporting to the FSMA, the Belgian National Bank, tax authorities, environmental regulators, or other supervisory bodies.
• Consider suspension of implicated personnel. Where specific individuals are suspected of involvement, precautionary suspension (with pay) may be appropriate to prevent evidence destruction.

Hour 24–72: Investigate and Communicate

• Scope the internal investigation. Define mandate, reporting lines, confidentiality protocols and the relationship between external counsel and internal compliance staff.
• Prepare a privileged legal memorandum. External counsel should produce a preliminary legal assessment covering potential offences, applicable sanctions, regulatory exposure and recommended next steps.
• Manage communications. Prepare holding statements for employees, regulators and (if necessary) media. Do not make premature admissions. All external communications should be reviewed by external counsel.
• Log all actions taken. Create a contemporaneous record of every decision, meeting, instruction and communication. This log will be critical evidence of the directors’ good faith and diligence.

Dealing with OLAF, EPPO and FSMA Investigations, Company Playbook

The Belgium new criminal code 2026 liability framework does not exist in isolation. Companies operating in Belgium, particularly those receiving EU funds, operating in regulated financial markets, or involved in cross-border trade, may face investigations by European-level authorities whose powers intersect with and amplify the new domestic rules.

OLAF investigations Belgium: The European Anti-Fraud Office (OLAF) has investigative powers to examine the use of EU funds and can conduct on-site inspections at company premises. OLAF findings are transmitted to national prosecution authorities and can form the basis for criminal proceedings under the New Criminal Code. Companies subject to an OLAF inspection should engage external counsel immediately, designate a single point of contact for the investigation, and ensure that all document production is logged and reviewed for privilege before handover.

EPPO investigations Belgium: The European Public Prosecutor’s Office (EPPO) has jurisdiction over offences affecting the EU’s financial interests, including fraud, corruption and money laundering involving EU funds. Unlike OLAF, the EPPO has the power to directly initiate and conduct criminal investigations and prosecutions in participating member states, including Belgium. When the EPPO exercises its competence, Belgian national authorities must defer. Directors should understand that cooperation with an EPPO investigation does not guarantee leniency, and that any statement made during an EPPO interview may be used in subsequent Belgian criminal proceedings.

FSMA enforcement: For companies in the financial sector, the Financial Services and Markets Authority (FSMA) retains significant investigative and sanctioning powers for market abuse, insider trading and conduct-of-business violations. The FSMA can refer matters to the criminal prosecution authorities, and the expanded sanctions under the New Criminal Code mean that a regulatory referral can now trigger substantially higher penalties than under the former regime.

Key principles for any EU/Belgian investigation:

• Preserve all evidence immediately upon becoming aware of any investigation.
• Do not make voluntary admissions without legal advice.
• Log every interaction with investigators (date, time, attendees, topics covered).
• Ensure any cooperation is coordinated between external Belgian counsel and any EU-level legal representation.
• Review insurance policies (D&O, professional liability) for coverage triggers.

Director Defence Strategies, Litigation, Privilege and Cassation Considerations

When a director faces personal criminal exposure under the 2026 Code, defence strategy must be structured early and informed by both Belgian procedural law and the evolving case law of the Court of Cassation.

Timing and detention risk: Belgian criminal procedure permits pre-trial detention where there is a risk of flight, collusion or repeat offending. Directors who can demonstrate strong governance records, cooperation with authorities and stable community ties are better positioned to resist detention applications. Early engagement of specialist criminal defence counsel is essential.

Privilege boundaries: Belgian law recognises professional privilege for communications between a client and an external lawyer (avocat/advocaat), but in-house counsel do not enjoy equivalent protection. This means that internal compliance memoranda, investigation reports drafted by in-house legal teams, and even email exchanges between directors and in-house counsel may be seizable during a criminal investigation. The practical response is clear: where privilege is critical, route all sensitive communications through external counsel.

Cassation and ECHR points: The Court of Cassation will be called upon to interpret the new Code’s provisions on corporate and director liability in the years ahead. Industry observers expect early challenges to focus on the scope of the organisational-fault test, the proportionality of confiscation orders, and the compatibility of dual-liability prosecution with fundamental rights under the European Convention on Human Rights, including the presumption of innocence and the principle of ne bis in idem. Directors facing prosecution should ensure their defence team identifies and preserves all available Cassation grounds from the outset of proceedings.

Preventive Governance: Policies, Training and Board Oversight Templates

The most effective defence against director liability under the 2026 Code is prevention. Boards that can demonstrate a documented, proactive compliance programme are far better positioned to argue that an offence did not result from an organisational failing.

Sample board minute language for compliance oversight:

“The Board reviewed the Company’s compliance framework in light of the New Belgian Criminal Code effective 8 April 2026. The Board resolved to (1) mandate an independent review of the Company’s criminal-risk exposure; (2) update the incident-response protocol and whistleblowing procedures; (3) require annual compliance training for all directors, officers and senior managers; and (4) establish a standing Compliance Committee to report to the Board at each quarterly meeting.”

Core compliance programme elements:

• Code of conduct. Updated to reference the 2026 Criminal Code obligations and the dual-liability principle.
• Whistleblowing policy. Compliant with the EU Whistleblower Directive and Belgian transposition; includes confidential reporting channels and non-retaliation protections.
• Third-party due diligence. Risk-based screening of suppliers, agents and joint-venture partners for corruption, fraud and sanctions exposure.
• Monitoring and audit. Regular internal audits of compliance controls, with findings reported to the board and documented in minutes.
• Training. Mandatory annual training on criminal-risk awareness, reporting duties and investigation protocols for all board members and senior management.

Conclusion, Next Steps for Boards Under Belgium New Criminal Code 2026 Liability

The New Belgian Criminal Code is not a distant legislative prospect, it is now in force. Every company director in Belgium must treat 8 April 2026 as the reset date for their governance, compliance and incident-response obligations. The expanded corporate-fault test, the restructured sanctions grid, the enhanced confiscation regime and the reinforced dual-liability principle mean that passive governance is no longer merely a business risk, it is a criminal one.

Boards should pass an immediate resolution adopting the compliance framework updates outlined in this article, engage specialist white collar crime defence counsel for a risk assessment, and ensure that every director understands their personal exposure. The cost of preparation is a fraction of the cost of prosecution.

Sources

1. Belgian Official Gazette / Moniteur Belge
2. Federal Public Service Justice (Belgium)
3. European Public Prosecutor’s Office (EPPO)
4. OLAF, European Anti-Fraud Office
5. FSMA, Financial Services and Markets Authority (Belgium)
6. Loyens & Loeff, New Criminal Code in Belgium
7. Freshfields, The Time for Change Is Now: The New Belgian Criminal Code
8. Deloitte Legal (Belgium)
9. CMS, Mandatory Reporting of Criminal Offences in Belgium
10. Global Law Experts, New Belgian Criminal Code