White-Collar Crime in Germany: An Introduction

Executive summary

Corporate criminal enforcement has significantly increased in Germany in recent years, with rapidly growing fines against companies, in terms of both amount and recurrence. Administrative offences were criminalised on a large scale by regulation, and companies now face an unseen flood of regulatory compliance requirements, which increasingly result in fines or criminal investigations in the event of non-compliance. Ten years ago, German public prosecutors pursued corporate sanctions in exceptional cases only, but this has now become the norm. Corporate fines have proven to be a welcome source of revenue for the treasury, but also because German supervisory authorities themselves have become the focus of public attention. At the same time, board members are increasingly bound by regulation and individual liability risks to adequately prevent wrongdoing and to not save on legal costs when it comes to mitigating compliance risks and incidents.

The following three significant developments will certainly impact the white-collar crime enforcement landscape in Germany in the coming years.

• A stimulus package of EUR500 billion was recently passed by the newly elected German government and will likely boost the construction, building and real estate industry. Recent years have already seen a number of large-scale criminal investigations due to corruptive and fraudulent operational structures in the construction sector, and this trend will likely not decline.
• Since the beginning of the war in Ukraine, authorities have launched a wave of investigations into potential sanctions and export-control breaches. Companies trading in dual-use goods, hi-tech components and other industrial items now face far more audits, on-site inspections and criminal investigations, and many have begun systematic reviews of screening procedures, supply chains and customer due diligence.
• German and other European prosecutors are still in the midst of investigating and prosecuting one of the biggest tax evasion schemes in recent history. The so-called “cum-ex scandal” is a cross-border tax fraud scheme that is taking in dozens of financial institutions and many individuals. The large-scale criminal investigations and trials will likely continue over the coming years. Recent enforcement activities extent to “cum-cum” dividend stripping activities – another tax refunding scheme that could affect an even larger scale of tax evasion.

Confiscation and corporate fines

Confiscation (forfeiture) has become a major trend in law enforcement, and is now an almost ubiquitous consequence for non-compliance. Anything obtained by an offender or a corporation by a criminal or administrative offence is subject to confiscation, in many cases including any item used for or in connection with such offence. Since costs and expenses in most constellations remain unconsidered, confiscation can have profound effects.

On 17 October 2025, the Federal Ministry of Justice and Consumer Protection (BMJV) presented a draft bill proposing to quadruple the maximum fine for legal entities, from EUR10 million to up to EUR40 million per offence. In case of negligence, the maximum fine is planned to be quadrupled to EUR20 million.

New environmental criminal law

The European Parliament and the Council of the European Union have revised and tightened the Directive on the protection of the environment through criminal law (Directive (EU) 2024/1203). It obliges European member states to define more extensive criminal offences and sanctions in order to strengthen environmental protection throughout Europe. The deadline for transposing the directive into national law is 21 May 2026.

In future, lower requirements will be placed on the realisation of certain environmental criminal offences, and it will be increasingly possible to punish conduct that is merely capable of causing a violation of environmental law. The occurrence of a specific risk in an individual case should no longer be a prerequisite for criminal liability. In addition, a large number of actions previously punishable as administrative offences are to be upgraded to criminal offences. This is likely to lead to a shift from administrative to criminal investigations in the prosecution of breaches of environmental law.

Greenwashing – increased criminal liability

In recent months, German NGOs have made headlines with large-scale anti-greenwashing campaigns, and companies’ environmental and climate promises are being systematically scrutinised. If the NGOs find these policies to be misleading, they take action against such companies, with injunctions and warnings.

Looking ahead, the risk of criminal liability could also increase in this context. At the heart of such risks are misleading advertising statements. If statements remain sufficiently vague, it has so far been difficult to prove criminal deception. This might change in cases in which products placed on the European market do not meet certain requirements implied by EU regulation or national law – eg, a product is not compliant with the new Deforestation Regulation (Regulation (EU) 2023/1115).

Various current European legislative projects are increasing the requirements for corporate sustainability communication, such as the planned law to implement Directive (EU) 2024/825 on empowering consumers for the green transition, the EU Commission’s proposal for an EU Green Claims Directive, and the EU Deforestation Regulation, setting specific requirements for certain products sold on the European market.

At the core of the criminal liability risks associated with greenwashing is fraud (Section 263 of the German Criminal Code, or StGB), in the forms of subsidy fraud (Section 264 of the StGB) and capital investment fraud (Section 264a of the StGB), or misleading commercial practices (Section 5 of the Unfair Competition Act, or UWG) and misleading consumers or market participants by omission (Section 5a of the UWG).

An incorrect sustainability report in the annual financial statements or in the management report in accordance with Section 331 of the German Commercial Code (HGB) or the incorrect presentation of the company’s circumstances to the Annual General Meeting or to the auditor are also punishable (Section 400 of the German Stock Corporation Act, or AktG). Administrative offences for violating labelling, consumer protection and competition regulations are also possible. Companies are also liable under Sections 9, 30 and 130 of the German Administrative Offences Act (OWiG) in the event of misconduct by a manager or related breaches of supervisory duties by a manager.

What all these criminal offences have in common is that they require an intentional, untrue assertion of circumstances that do not actually exist. In the case of fraud, it is recognised that, in the case of “exaggerated advertising and puffery”, specific facts must be seriously alleged in order to constitute an offence. Until now, it has been difficult for investigating authorities and courts to establish such deliberate deception in connection with general sustainability promises; this should generally become easier with the newly defined requirements for corporate “green claims” and the stricter requirements for sustainable production lines. The more specific a claim is, the more likely it is to give the impression that it is based on fact.

If, in future, a product is incorrectly advertised as complying with statutory sustainability requirements (eg, by stating that a product has been produced “deforestation-free”), a corresponding factual basis is also declared. It is irrelevant whether consumers are aware of such detailed regulations and are concerned about their specific compliance: the decisive factor is whether the consumer believes that the statutory sustainability requirements have been met. The more a company gives the impression that a certain product complies with defined sustainability regulations or quality seals, the more likely it is that consumers will be mistaken if this statement is not correct.

Proposed EU Anti-Corruption Directive

Corruption undermines trust in the integrity and functionality of public administration, and damages the economy and society. To combat corruption in the European Union, the European Commission announced its Anti-Corruption Directive in May 2023. This proposal aims to update the current EU anti-corruption legal framework by establishing a more consistent approach to corruption offences. Until now, member states have relied either on their own national legislation or on OECD-based commitments.

Although changes may still be made, the proposed Anti-Corruption Directive signals the member states’ intention to take tougher action against corruption. For companies with operations in or connections to the EU, the proposed Anti-Corruption Directive presents both opportunities and challenges: the potential for streamlined compliance across jurisdictions is a welcome development, but it also introduces the risk of expanded extraterritorial exposure.

Once the Anti-Corruption Directive is implemented, companies will need to comply with the new EU requirements in addition to existing regulations in other jurisdictions, such as the US or UK. This may prove challenging in practice, as the way the Anti-Corruption Directive is enforced could differ among EU member states, and may also differ from frameworks in other jurisdictions. Therefore, it may be necessary to adhere to the strictest applicable standards.

In the long term, it is evident that companies will need to establish a coherent, risk-based approach to anti-bribery and corruption compliance. This will involve carefully reviewing current policies and procedures, investing in employee training and internal controls, and taking proactive measures to manage risks. In the short term, as trilogue negotiations on the proposed Anti-Corruption Directive continue, businesses should closely follow any updates and consult with legal advisers to evaluate their potential risks.

Fighting against financial crime and anti-money laundering

In its coalition agreement, the new German government has agreed to bundle the competencies of the federal government in the area of financial crime. Various models are currently being discussed. In parallel to that, some German states have created new authorities targeted at concentrating jurisdiction and enforcement powers for a wide range of financial crimes.

On 9 July 2024, the new EU anti-money laundering and countering the financing of terrorism (AML/CFT) framework entered into force and the European Anti-Money Laundering Authority (AMLA) was formally established. This new money laundering package consists of the EU-AMLR (the “Single Rulebook”; EU Regulation 2024/1624), which will apply for the first time in all 27 EU member states from 10 July 2027, and other directives such as the Anti-Money Laundering and Terrorist Financing Directive VI (2024/1640/EU).

The money laundering package brings EU member states closer to the goal of creating a uniform legal framework for combatting money laundering within the EU. On the one hand, the new AML framework broadens the scope of application to new entities, such as crypto-asset service providers and professional football clubs and agents. On the other hand, goods traders fall out of scope. The new AML framework also introduces new obligations, such as a EUR10,000 limit for cash payments and new reporting obligations for dealers in certain luxury goods, and optimises and harmonises current obligations.

The completely new authority AMLA (based in Frankfurt am Main, Germany) is currently being set up and is intended to play a central role in the uniform enforcement and control of anti-money laundering regulations in the EU. As the central European supervisory authority, it will assume direct supervision of the riskiest financial institutions in the EU. At the same time, it will also monitor and co-ordinate national supervisory authorities in EU member states to ensure that AML rules are applied consistently and effectively. The AMLA will also be empowered to conduct investigations and take enforcement action in the event of breaches of AML rules. For companies that are obligated entities, the new regulations mean a considerable implementation effort and will pose challenges, especially the new regulations for determining beneficial owners.

Tightened sanctions law

On 19 May 2024, Directive (EU) 2024/1226 came into force, which creates common minimum standards in EU member states for the criminal prosecution of violations of EU sanctions. It is intended to harmonise criminal sanctions law and, in addition to a catalogue of punishable offences, contains guidelines for the punishment of violations. For companies, a minimum-maximum level of fines is provided for, which is based either on global annual turnover (1% or 5%) or on specific fines of EUR8 million or EUR40 million (depending on the type of underlying infringement).

In mid-August 2025, the Federal Ministry for Economic Affairs and Energy published a draft law to implement EU Directive 2024/1226. It stipulates that numerous violations that are not currently subject to criminal or administrative fines or that can only be prosecuted as an administrative offence will in future be punishable as criminal offences. As even more violations of EU sanctions could trigger criminal investigations in the future, it will be even more important for companies to monitor changes to the extensive and complex EU sanctions on a daily basis, and to improve existing sanctions compliance management systems, particularly since the current grace period of three days following the coming into effect of new sanctions will no longer be applicable.

AI and white-collar crime

Artificial intelligence is transforming the corporate workplace faster than legislators can react, but the gap is closing. In August 2024, the EU adopted Regulation (EU) 2024/1689 – the Artificial Intelligence Act (AI Act). It is Europe’s first comprehensive framework for the development and use of AI and will gradually trigger obligations over the next two years. The AI Act applies to providers, deployers, importers and distributors of AI systems, and sets requirements for risk management, documentation, transparency and human oversight, with the level of obligation depending on the risk a system poses. High-risk systems must pass a conformity assessment, record key events, operate transparently enough for users to understand their outputs, and remain under effective human supervision. Breaches are costly, with fines reaching EUR35 million or 7% of global annual turnover.

At the national level, the Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin), which oversees banks, insurers and financial markets, has underlined that financial institutions must prevent unjustified discrimination through AI or machine learning. Firms are expected to test for bias and to ensure transparent governance and data management. Human supervision remains essential to correct technical flaws.

When AI is deliberately used to commit offences, the perpetrators can be held criminally liable. This will be different if AI is used in a legitimate way and the algorithm created an output that led or contributed to the commissioning of an offence. It is debated whether or under which conditions the manufacturer of the respective AI tool can be held criminally liable and which diligence duties the user of an AI application has to meet in order to avoid criminal liability.

Corporate liability adds complexity. In Germany, companies cannot be punished directly, but only through administrative fines. However, responsibility lies with individuals. In large organisations, where many contribute to a decision, identifying one culprit is difficult. The management is therefore often held accountable for weak oversight or poor documentation. The challenge is to supervise algorithms with the same care as needs to be applied to employees.

AI is also reshaping criminal procedure and enforcement. It assists in detecting money laundering, market abuse and other white-collar offences. In 2024, BaFin confirmed that it now uses AI to identify suspicious trading patterns. Germany still lacks an explicit statutory framework for such use, but both regulators and companies are expanding their reliance on AI in investigations.

Cross-border access to e-evidence

Electronic evidence plays an increasingly important role in criminal proceedings. The new E-Evidence Regulation (EU) 2023/1543, applicable from August 2026, will standardise how authorities in the EU obtain digital data stored in another member state. For service providers, the change is significant. National authorities in any EU country will be able to demand data directly, in many cases without co-ordination through the company’s home state. The accompanying Directive (EU) 2023/1544 requires all non-EU providers offering services within the EU to appoint a legal representative in a member state to receive and process orders.

The regulation introduces two new tools: the European Production Order (EPOC) and the European Preservation Order (EPOC-PR). It applies to all providers of electronic communications, internet or information-society services in the EU. Four categories of data are defined, the last two of which are considered more sensitive and subject to stricter safeguards:

• subscriber data;
• data requested solely for user identification;
• traffic data; and
• content data.

The Production Order requires the disclosure of data; the Preservation Order prevents deletion for 60 days, and for even longer upon request. Orders may be issued by courts, investigating judges, public prosecutors or other competent authorities, following each member state’s national procedural law.

Service providers must act quickly: data must be transmitted within ten days, or within eight hours in emergencies. Where an order concerns traffic or content data that is not requested solely for identification, the enforcing authority in the state where the provider is established must be notified. The provider may transmit the data only after the authority confirms that no ground for refusal exists or does not object within ten days. In urgent cases, the period shortens to 96 hours.

For service providers, the regime creates operational pressure. They must process cross-border orders under tight deadlines while observing German and EU rules on data protection and professional secrecy. Many service providers are already developing internal procedures to handle requests and document compliance.

Non-compliance may trigger substantial administrative penalties, with member states being required to introduce fines of up to 2% of a service provider’s worldwide annual turnover. In Germany, the draft implementing act (Elektronische-Beweismittel-Umsetzungs- und Durchführungsgesetz – EBewMG-E) foresees fines of up to EUR500,000 for serious breaches and EUR100,000 for minor ones. The 2% cap applies to service providers with turnover exceeding EUR25 million or EUR5 million. These figures underline the regulation’s focus on deterrence and the expectation for providers to establish robust procedures for handling cross-border orders.

Criminal withholding of wages and salaries

Recent investigations by law enforcement authorities into large brokerage networks are increasingly bringing the issue of bogus self-employment into the focus of criminal law. The use of third-party service providers is associated with considerable risks. If companies are contracting with “freelancers”, these might be considered as employees if they are acting under instructions or if they are integrated into the operations of the principal. This bears the risk of evading social security contributions, payroll taxes and VAT. Depending on the individual case, this may constitute a criminal offence under Section 266a of the German Criminal Code, according to which an employer who fails to duly pay social security contributions is liable to prosecution, or for tax evasion (Section 370 of the German Fiscal Act).

In addition, in order to avoid the administrative offence under Section 8 (1) of the Act to Combat Undeclared Work and Unlawful Employment (Gesetz zur Bekämpfung der Schwarzarbeit und illegalen Beschäftigung - Schwarzarbeitsbekämpfungsgesetz, or SchwarzArbG), which criminalises the unauthorised employment of bogus self-employed persons, and civil liability for unpaid wages, taxes and social security contributions, companies should have compliance mechanisms in place to ensure that they are only contracting with service providers that in turn meet all their obligations under foreign employment, tax and social security laws. Large-scale criminal investigations into those patterns are expected to increase in the coming years.