Expansion of corporate criminal liability for all crimes committed by senior managers

The Crime and Policing Act 2026 (CPA 2026), which received Royal Assent on 29 April 2026, introduces a measure that will have significance for all companies operating in the UK.

Introduction

The CPA 2026, has reformed the legal test that will be used to determine whether a company can be held criminally liable for the acts of its senior personnel. The CPA 2026, should make it easier for prosecuting agencies to establish the criminal liability of a corporate body for the acts of its senior managers.

From 29 June 2026, a company may be liable for the commission of a criminal offence if that offence was committed by a "senior manager" acting within the actual or apparent scope of their authority. This builds on the important changes introduced by the Economic Crime and Corporate Transparency Act 2023 (ECCTA 2023), where this same test was introduced in respect of certain economic crimes. The CPA 2026, now extends that test to all criminal offences.

Background

The identification doctrine and the directing mind and will 

It is a long established principle that a corporate, by virtue of its separate legal identity, is capable of being prosecuted for most criminal offences. The primary basis under English law for establishing the liability of a corporate body is the identification doctrine. 

Following Tesco Supermarkets Ltd v Nattrass [1972] AC 153, the position at common law has been that a corporate may be liable for the commission of a criminal offence using the identification doctrine only if that offence can be attributed to a person who at the relevant time was the "directing mind and will" of that entity. In the years since that case was decided, the "directing mind and will" test has generally been interpreted narrowly, with only the most senior employees of a company, such as its Board, meeting the necessary threshold.

The "directing mind and will" test has attracted criticism for the high threshold it sets, not reflecting the commercial reality that decision-making and responsibility is often shared between numerous individuals across multiple levels of management, particularly in larger corporate groups with complex management structures. It has also received criticism for particularly affecting small enterprises, where it is easier to identify individuals responsible for decision-making.  

ECCTA 2023

The introduction of ECCTA 2023, reformed this test for a wide range of economic crime offences to better reflect modern, complex corporate structures. The identification doctrine remained the test for attributing the action of an individual to a company, but under section 196, ECCTA 2023, the "directing mind and will" test was replaced by a new test based on whether or not the individuals involved are "senior managers" of the company.

Senior manager test

Specifically,  ECCTA 2023 establishes that where senior managers commit offences whilst acting "within the actual or apparent scope of their authority", that conduct can be attributed to the corporate. 

Section 196(4), ECCTA 2023, defines "senior manager" (by adopting the definition provided in the Corporate Manslaughter and Corporate Homicide Act 2007), as an individual who plays a significant role in either the making of decisions about how the whole, or a substantial part, of the activities of the company are to be managed or organised, or who actually manages or organises those activities. This test has not been considered by the courts, but the effect of it is to create a wider group of individuals than those who are the "directing mind and will" of an entity.

CPA 2026

Section 254, CPA 2026, substantially mirrors the wording of the "senior manager" test introduced by section 196, ECCTA 2023, and extends the use of the "senior manager" test to all criminal offences.

Key implications for corporates

The CPA 2026 significantly broadens corporate exposure to criminal liability. 

With the expansion of the "senior manager" test from economic crimes to all offences, corporates face enhanced risks in areas such as environmental, data, health and safety and regulatory offences, that the conduct of their senior personnel can create liability and serious financial sanctions for the corporate itself, in addition to reputational damage. 

To limit potential exposure to the risks presented under the CPA 2026, companies should consider assessing which individuals, or groups of individuals, may meet the "senior manager" test and consider whether to implement additional safeguards or targeted training for these groups, in addition to conducting the usual company-wide risk assessments, and ideally before 29 June 2026.