EUROPEAN COMMISSION

Brussels, 16.7.2025

COM(2025) 546 final

WHITE PAPER

for the Anti-fraud Architecture Review

1.Introduction

The Treaties of the European Union (“EU”) provide that countering fraud and any other illegal activities affecting the EU’s financial interests is the shared responsibility of the EU and its Member States  1 . The European Commission has a key responsibility to protect the EU’s financial interests 2 , through its Authorising Officers by Delegation (“AODs”), and works to fulfil this together with several specialised bodies, offices and agencies that have been set up over the years. It also takes into account the recommendations of the European Court of Auditors (the ECA). Together with the Member States’ competent authorities and the AODs of all institutions, bodies, offices and agencies (IBOAs), they form the EU anti-fraud architecture.

The EU anti-fraud architecture (AFA) has evolved over time to address the ever-changing threats to the EU’s financial interests. Transnational fraud, including VAT fraud, or the activity of organised crime networks targeting EU funds have increased. There is also growing evidence of the key role of organised crime in fraud schemes, and, conversely, of the important role of fraud in financing other forms of serious and organised crime, including terrorism. Fraudsters now make use of advanced technologies like artificial intelligence (AI), encrypted communication, and crypto currencies, to carry out and hide their criminal activities adds to the challenge. Moreover, management modes are evolving and the sheer increase in the size of the EU’s budget, driven by NextGenerationEU, has led to a rise in the amounts that are at risk of fraud and irregularities. Reviewing the AFA framework is an opportunity to better address all challenges and bridge existing gaps in the protection of the EU’s financial interests. The AFA review process will also be an opportunity to improve and streamline cooperation between the various AFA actors. The present White Paper seeks to prepare the process by putting forward for a broad reflection several key questions that could be explored in the upcoming review.

The AFA review complements the preparatory work on the next multiannual financial framework (the MFF). The aim is to ensure that the next MFF can benefit from a strengthened and more efficient anti-fraud architecture to protect the EU’s financial interests by making the best possible use of resources (particularly as regards the complementarity and coordination of the functions and activities of all relevant actors). It will contribute to delivering on the objectives set out by the Commission in its proposals for the EU’s next long-term budget. It will do so by, in particular, addressing the complexities, weaknesses and constraints of the current system; maximising the impact of every euro spent on focusing on EU priorities and objectives where the EU action brings most added value; and ensuring the accountability and traceability of EU funds.

The AFA review also complements a number of other recent or ongoing policy initiatives in areas closely related to anti-fraud, such as the proposal for a directive on combating corruption through criminal law 3 , the Conditionality Regulation 4 and monitoring under the annual Rule of Law Report.

The European Parliament attaches significant importance to the review of the AFA. The European Parliament’s Committee on Budgetary Control, in its ‘Report on the protection of the EU’s financial interests – combating fraud – annual report 2023’ (the CONT Report)  5 , highlighted the urgent need to strengthen and modernise the AFA in response to emerging challenges and opportunities  6 . In particular, the CONT Report emphasises the need to assess and minimise duplications and overlaps of AFA actors; promote anti-fraud strategies at national level; boost the use of digital tools and databases; consider a centralised governance structure; provides strategic oversight and address structural gaps; and improve the reporting framework by incorporating results from all components into the annual report on the protection of the EU’s financial interests (the PIF Report) in order to enhance transparency and accountability.

The ECA has also adopted several special reports on anti-fraud  7  and is conducting other fraud-related audits  8 . In particular, it is assessing the working arrangements and coordination between the European Public Prosecutor’s Office (EPPO), the European Anti-Fraud Office (OLAF), the EU Agency for Criminal Justice Cooperation (Eurojust) and the EU Agency for Law Enforcement Cooperation (Europol) 9 ; as well as the effectiveness of the national control systems in managing the funds of the Recovery and Resilience Facility (RRF) 10 in preventing, detecting and, where appropriate, correcting fraud 11 . A third ongoing audit 12 will assess the effectiveness of the action plan of the Commission’s 2019 anti-fraud strategy (CAFS) 13  .

The AFA review will be carried out using a holistic approach. It will map the key AFA actors; identify and address loopholes that can be detrimental to the EU’s financial interests; and promote efficiency at every stage of the anti-fraud cycle (prevention, detection, investigation, prosecution and corrections/recoveries). As set out in ProtectEU - the European Internal Security Strategy  14 , the results of the AFA review will support the enhancement of complementarity between the AODs, the EPPO, OLAF, Europol, Eurojust, the Anti-Money Laundering Authority (AMLA) and the proposed EU Customs Authority. The fight against fraud can benefit from focusing on better information collection, a better use of information and data sharing, a strengthened access to data, the use of modern technologies, including AI, for better detecting and investigating fraud, improved synergies in the use of investigative means, both criminal and administrative, and improved cooperation. Effective deterrence and response will be at the heart of the review. While the review will focus specifically on improving the anti-fraud architecture to ensure that EU funds are better protected against fraud, the review may also support the fight against other serious crimes.

This white paper puts forward some avenues to be explored in the upcoming AFA review. The outcome of the AFA review will be presented in a Commission Communication in 2026, which will be accompanied by possible legislative proposals, as appropriate. This will follow the results of the ongoing evaluations of the legal frameworks applicable to certain actors relevant to the AFA, and of the Regulation on the protection of EU financial interests 15 , as well as the Directive on the fight against fraud against the EU’s financial interests (the PIF Directive)  16 .

2.The EU AFA and its actors

The EU’s capacity to combat fraud and irregularities has evolved over the years and has been strengthened with new actors, each contributing to a concerted effort. At EU level, the responsibility for safeguarding the EU’s financial interests was first entrusted to the Anti-Fraud Coordination Unit (UCLAF) in 1988 17 , and then to OLAF. Several other entities involved in anti-fraud efforts have since been gradually established in order to enhance the effectiveness of the system protecting the EU’s financial interests.

These are the main actors at EU level whose responsibilities are relevant to the fight against fraud and who together form the EU AFA:

·In the institutions, bodies, offices and agencies, the Authorising Officers by Delegation (AODs) are responsible for the regular expenditure and sound use of the EU budget, in line with the policy priorities and modalities defined by the co-legislators in pluriannual programmes, also taking into account the recommendations of the Internal Audit Service. In doing so, they must also detect and prevent fraud and irregularities and take administrative measures to protect the EU budget and recover unduly spent EU funds in accordance with the relevant provisions of the Financial Regulation (also “FR”) 18 . Under the Recovery and Resilience Facility Regulation, where the primary responsibility to prevent, detect and correct fraud, corruption and conflict of interest lies with the Member States. the AODs need to provide assurance that the Member States fulfil this obligation 19 . In the revenue area, the AODs make sure that the Member States fulfil their responsibility to make the own resources available to the EU budget in a timely and correct manner.

·OLAF is responsible for carrying out administrative investigations to protect the EU’s financial interests against fraud, corruption and any other illegal activity. OLAF exercises its investigative powers (including on-the-spot checks) in full independence in both the expenditure and revenue areas. Several regulations govern its investigations as well as its cooperation with Member States’ competent authorities and other AFA actors  20 . In addition, OLAF is the Commission’s lead service in the conception and development of a European Anti-Fraud policy. 21  

·Since 2021, the EPPO 22 has been operating as a single office across the participating EU Member States  23 , which have transferred to the EPPO the power to investigate, prosecute and bring to court perpetrators of criminal offences that affect the EU’s financial interests as set out in the PIF Directive (“PIF offences”), including fraud, corruption and money-laundering, as well as organised crime when the focus is on PIF offences, in accordance with the EPPO Regulation. The EPPO combines EU and national prosecutorial efforts in a unified approach to the fight against PIF offences.

·Eurojust 24 was set up in 2002. It is an EU agency that acts as a hub so that national judicial authorities can work together to fight serious cross-border crime, including corruption. It supports and coordinates the efforts of national authorities (from non-EU countries as well as EU Member States) in investigating and prosecuting transnational crime (e.g. fraud, organised crime and terrorism).

·Europol 25  started its operation in 1999. Its mission is to support the EU Member States law enforcement authorities in preventing and combating all forms of serious international and organised crime, cybercrime and terrorism. It provides analytical and operational assistance to these authorities and collaborates with non-EU partner states and international organisations to enhance cooperation.

·As the EU’s external auditor, the ECA examines all the EU’s revenue and expenditure accounts with a view to providing the European Parliament and the Council with an annual statement of assurance on the reliability of the accounts and the legality of the underlying transactions. In doing so, it also reports on irregularities. In addition, the ECA adopts special reports and reviews on a broad range of areas of EU spending and policies.

·AMLA was created in 2024 to prevent money-laundering and the financing of terrorism. It will be fully operational as from 1 January 2028. Its powers will enable it to support the operational coordination of national authorities tasked with supervision or with producing financial intelligence. In addition, AMLA has been conferred direct supervisory powers, including the possibility to impose pecuniary sanctions and administrative measures on operators and financial institutions (including banks) under its direct supervision,  to ensure that they correctly and consistently apply the EU rules on anti-money laundering and on countering the financing of terrorism. These rules have been overhauled and will apply across the EU as of mid-2027.

·On 17 May 2023, the Commission proposed the establishment of an EU Customs Authority as part of the customs reform package 26 . The aim is to adopt via this new authority a more centralised digital approach, especially with respect to customs risk management and controls, to ensure a more efficient, strengthened and fraud-proof customs union and play a key role in fighting fraud at the EU external borders.

Cooperation between EU institutions and Member States, and between Member States themselves, is key because the protection of the EU’s financial interests is a common responsibility for the EU and national authorities. The Member States are responsible for adopting, implementing and enforcing the rules and procedures that effectively safeguard the EU’s financial interests. They also have a leading role and specific obligations in detecting, reporting and addressing fraudulent activities against the EU’s budget. For instance, in the field of taxation, the Eurofisc Member States’ network 27 was set up in 2010 to combat cross-border VAT fraud. Its mandate covers joint processing and data analysis, coordination of follow-up actions, and access to customs data on VAT exempt importations 28 .

EU law provides for a sincere and effective cooperation between the Commission through OLAF and the Member States’ competent authorities, as well as for OLAF supporting EPPO’s criminal cases  or complementing them with administrative investigations. A good level of cooperation has already been achieved between the anti-fraud actors. This includes OLAF supporting the EPPO’s criminal cases or complementing them with administrative investigations; coordinating investigative activities of Member Sates’ authorities, providing assistance to those authorities, conducting joint investigations with the support and participation of EPPO, Europol, Eurojust, OLAF and Member States’ authorities, operational meetings, and an annual exchange of views between OLAF 29 , the EPPO, Europol, Eurojust and the ECA with the European Parliament, the Council and the Commission.

A strategic focus on synergies and resource optimisation has become essential, given both the diverse mandates and capabilities of the various anti-fraud actors and the addition of the new actors to the architecture. It is key that each entity can play its part in a seamless and efficient system to prevent and combat fraud affecting the EU financial interests.

3.Areas of focus for the AFA review

3.1 Strengthened preventive measures

Strong anti-fraud prevention systems for EU funds are already in place and the Commission has taken steps to continuously improve them as part of its internal control strategy. In addition, the 2024 Financial Regulation (the ’FR’) 30 has introduced several innovations that will help further strengthen the prevention and detection, correction and follow-up of irregularities, including fraud and corruption from the next MFF onward. They include:

-several improvements 31 to the Early Detection and Exclusion System (EDES) 32 and the extension of its scope to shared management (and to direct management with the Member States) as from 1 January 2028. The EDES allows to detect fraudulent or unreliable economic operators at an early stage and based on alleged facts. If misconduct is established, an economic operator can be temporarily excluded from receiving EU funds for up to five years. EDES cases can also, in certain conditions, lead to the imposition of financial penalties. Decisions are registered in a central database that can be accessed by all IBOAs and Member State authorities.

-the compulsory feeding of the single data mining and risk-scoring tool (Arachne+) for audit and control purposes as from 1 January 2028. Data collected by all Member States’ authorities as regards all funds will be included in a single EU-wide tool. This will enhance control and audit functions across the EU and assist national authorities and AFA actors in the prevention, detection, correction and follow-up of fraud, corruption and irregularities, including conflicts of interest and double-funding. The use of Arachne+ by managing authorities will remain voluntary, but the European Parliament, the Council and the Commission have agreed to re-examine the compulsory use of Arachne+ based on an assessment of the readiness of the tool to be delivered by the Commission in 2027.

Fraud prevention efforts must continue and could be further enhanced. OLAF has developed considerable experience and an extensive network of contact points with Member States and third countries and in developing anti-fraud strategies in Member States and non-EU countries. OLAF’s invaluable expertise in fraud and corruption prevention should be used by all AFA actors to the maximum possible extent. AFA actors should also be encouraged to use the anti-fraud coordination services (AFCOS), which are coordinated by OLAF, to bolster collaboration between national and EU-level bodies in fraud and corruption prevention. Information exchange under Council Regulation (EC) No 515/97 should also be better used to enhance mutual assistance between national administrative authorities in the context of fraud prevention 33 .

Fraud prevention is particularly important in the revenue area where authorities are unlikely to be able to recover from the perpetrators the amounts that they have evaded. It is the Member States’ responsibility to recover the amounts lost (especially VAT and customs duties). However, most losses cannot be recovered by national authorities (even when the fraudsters are identified, prosecuted and convicted) because they usually organise their insolvency or bankruptcy or are located outside the EU’s jurisdiction. The focus of administrative investigations is therefore currently to detect fraud at an early stage, and coordinate controls by national authorities to prevent further fraudulent imports and adopt precautionary measures to protect the EU budget. The focus of criminal investigations in this area is largely on identifying the criminal networks behind fraud, stopping their activities, disrupting criminal networks and avoiding future fraudulent activity and the related losses.

Anti-fraud strategies are essential for tackling fraud and corruption in a comprehensive manner that integrates measures throughout the anti-fraud cycle, including prevention. The Commission’s anti-fraud strategy and its action plan were revised in 2023. The new action plan includes 44 actions under 7 themes that cover the Commission’s priorities in fighting fraud. Digitalisation is the plan’s first theme and a quarter of the actions focus on improving the Commission’s and Member States’ use of IT tools for anti-fraud purposes (e.g. Arachne, EDES and the IMS 34 ). The action plan also provides for increased cooperation within the Commission and with key external partners and civil society to protect EU funding. Other themes include the RRF, customs fraud and further strengthening ethics and the anti-fraud culture in the Commission. Implementation of the action plan is ongoing. In addition, Commission services and executive agencies have sectorial anti-fraud strategies which further strengthen the anti-fraud framework in place.

To further enhance prevention, anti-fraud strategies with related action plans could also be put in place at the national level. Not all Member States have national anti-fraud strategies at present and the existing strategies do not necessarily follow a consistent approach. This can lead to weaknesses and gaps in the global anti-fraud approach. 

3.2 Improving detection

Detecting irregularities, fraud and other illegal activities affecting the Union’s financial interests at the earliest possible stages is a necessary precondition for the effective implementation of the anti-fraud cycle at both national and EU level.

a. Reporting

At national level, Member States have the main responsibility for detecting and timely reporting fraud and corruption to the EPPO for investigation and prosecution, and to swiftly report other irregularities to OLAF, providing it with reliable data on fraud activities. These are a fundamental step for the Commission to be aware of the indispensable information on the established or suspected irregularities and fraud detected in the Member States. In this regard, the next MFF is an opportunity to review the appropriateness of national reporting procedures.

The use of existing instruments, such as the IMS, OWNRES 35 and EDES (for its early detection part), can significantly contribute to further disseminating the information that may lead to taking the appropriate preventive measures and the early detection of fraud cases.

Moreover, whistleblower protection is a powerful tool in the fight against fraud and corruption. It can play a pivotal role in supporting the transparency and accountability both of government and of corporate conduct and bring to light fraudulent activities that are otherwise difficult to detect. The effective implementation of the EU Whistleblower Directive 36  can contribute to better and earlier detection of fraudulent activities affecting the financial interests of the EU.

b. Information exchange between the AFA actors

Eurojust and Europol enhance the EU’s capacity to combat fraud by ensuring effective coordination between the respective judicial and law enforcement bodies and facilitating the exchange of information. They help overcome the limitations posed by national borders and differing legal frameworks, thereby strengthening the EU’s collective response to fraud and corruption as well as hindering perpetrators’ ability to exploit disparities between national systems. It is crucial for Europol and Eurojust to enhance their collaboration to ensure comprehensive coverage of the entire criminal justice process, thereby facilitating the transition of investigations into successful prosecutions and convictions of criminals.

Cooperation and the sharing of data and information between AFA actors is crucial for detection. Taking into account the growing volume of data, any mechanism that would facilitate information exchange, based on consistent and harmonised data, could be helpful. If feasible, such exchange could be done in real time and on an interoperable basis, in compliance with data protection rules, to improve the effectiveness of information sharing and to facilitate timely and coordinated action by all the relevant actors. For example, an immediate sharing of actionable information, is key in view of facilitating the reporting of suspicions of crimes to the EPPO without undue delay 37 . Another example is that data collected by OLAF during investigations on customs fraud can be useful to Europol in its work on combatting the circumvention of EU restrictive measures (sanctions).

c. Use of new technologies and AI, data analysis and intelligence sharing

Fraudsters are using new technologies to find new ways to commit fraud. However, AI and new IT tools can also help AFA actors step up the fight against fraud. These tools’ capacity to analyse large amounts of data can be particularly helpful in detecting fraud at early stages.

3.3 Improving investigation and prosecution capabilities

a. Data-sharing, operational analysis and forensics capacities in the investigation phase

There is a significant potential for collection, sharing and analysis of the data available in the respective AFA actors’ digital tools, including with the use of AI. However, this potential is constrained by the differences in how the Member States use and exchange information. Such discrepancies may occur at different stages of the anti-fraud chain but still have important consequences in the investigation phase.

AFA actors can already access each other’s databases, but the conditions in which such access and data-sharing take place can be improved still further. For instance, it may be useful to create, under certain conditions and subject to appropriate procedural and data protection safeguards, specific rules that allow OLAF and the EPPO to exchange information with Eurofisc and provide them with centralised access at EU level to certain VAT information so that they can investigate potential fraud or VAT-related irregularities.

Another area where better synergies can be developed relates to the use of expertise. All AFA actors use internal analytical capabilities and/or forensic expertise to carry out their work. In the context of resource constraints for EU administration, appropriate administrative arrangements could be put in place to allow the pooling of existing expertise and the building of joint capacities for modern anti-fraud investigations involving different AFA actors.

Among EU AFA actors, OLAF and Europol have a unique longstanding experience in forensics and operational analysis. Europol already facilitates the exchange of information between law enforcement authorities, including police and customs. Without pre-empting the results of the ongoing evaluation, an increased role for Europol as potentially the key EU player for data analysis and forensic acquisition could be considered in the AFA review and in the context of the update of Europol’s mandate, announced in ProtectEU – the European Internal Security Strategy 38 . Furthermore, close cooperation and information exchange between the AFA actors could also allow follow up on leads for other serious crimes, that may emerge in fraud investigations.

Finally, the EU Customs Data Hub, operated by the new EU Customs Authority 39 , will provide a pool of real-time data on customs flows and enhanced data analytics capacity that will allow for a better risk management and customs controls at the external borders.

b. Enhanced complementarity and coordination between the EPPO and OLAF

Given the EPPO and OLAF’s common objective to protect the EU budget, the EPPO Regulation expressly prohibits parallel administrative investigations by OLAF on the same facts on which the EPPO is conducting a criminal investigation, while the EU legislator has made it clear that the EPPO and OLAF should establish and maintain close cooperation aimed at ensuring the complementarity of their respective mandates and avoiding duplication. The EPPO Regulation specifies that the EPPO may request OLAF ‘to support or complement’ the EPPO’s activities, including by conducting administrative investigations 40 . The subsequently amended OLAF Regulation labelled these administrative investigations as ‘complementary investigations’ although they may not always involve investigative activities, providing a specific legal framework for OLAF to conduct them and cooperate with the EPPO.

OLAF’s support to the EPPO and complementary investigations are also reflected in the Working Arrangement between OLAF and the EPPO 41 , which states that ‘they should aim at facilitating the collection of relevant information for the adoption of precautionary measures or the conduct of financial, disciplinary or administrative measures’. Complementary investigations and activities from OLAF may be needed, in particular, in the following situations: (i) the statute of limitations applicable to the criminal offence investigated by the EPPO poses a concrete obstacle to the effective recovery; (ii)  there is a need to take administrative precautionary measures, and, whenever possible, launch recovery actions at an early stage, pending the EPPO’s criminal investigation; (iii) there is a threat to the EU’s budget by virtue of the damage deriving from the presumed criminal offence; (iv) there are reasonable grounds to believe that recommendations could be needed or justified for disciplinary or administrative measures to be taken (including recommendations to refer the case to the EDES panel); and (v) there is evidence of non-fraudulent irregularity.

However, the use of complementary administrative investigations has remained rather limited so far  42 , although both types of investigations (criminal and administrative) are essential and contribute to fully protect the EU budget and prevent or limit damage. For example, for an effective protection of the EU budget, adequate administrative measures taken to safeguard the funds already disbursed and to prevent further funds from being unduly spent, including EDES measures, need to be taken as early as possible. By employing all available tools to their full extent, and at the same time ensuring that there is no duplication between criminal and administrative investigations, the EU can better protect its financial interests and promote a transparent, accountable and sustainable financial environment.

It is therefore worth considering concrete ways of enhancing cooperation and complementarity between the EPPO and OLAF (as well as with other AFA actors) in order to avoid the risk of uncoordinated actions; ensuring the clearest possible demarcation of their respective roles; and formalising the conditions under which different activities are carried out.

c. Better support to prosecution

The EPPO is competent to investigate, prosecute and bring before national courts perpetrators of criminal offences that affect the EU’s financial interests as set out in the PIF directive, in accordance with the EPPO regulation.

In light of experience, some improvements may be necessary at both the national and the EU level for the EPPO’s activities to be more effective. At national level, dedicated and specialised law enforcement authorities could support the EPPO more effectively, in particular in areas such as customs, tax fraud, and financial crime. At EU level, increased cooperation with Europol as regards risk analysis and operational support, and with Eurojust as regards the functioning of the Joint Investigation Teams (JITs), would allow for greater support to EPPO, particularly in cross-border cases. In addition, a semi-automated hit/no-hit system tailored for the EPPO, Eurojust, Europol, and OLAF, which, while respecting procedural guarantees and mandates of each of the bodies and agencies, could improve early detection of cross-border criminal patterns and facilitate cooperation.

3.4 Towards a more efficient recovery process for the EU budget

The recovery process relies on Member States (particularly on the revenue side) and IBOAs (on the expenditure side). It is a complex process which requires cooperation not only within the Commission but also with a number of other actors (including independent investigative bodies such as OLAF and EPPO and the relevant national authorities)  43 . The establishment of the EPPO has significantly strengthened the overall AFA, and its prosecution activities have brought results as regards indictments, convictions and confiscation of assets, although in the current legal framework the EPPO has only a limited role in the recovery process. Recent case law of the Court of Justice of the European Union 44 related to the PIF Regulation 45 and the Financial Regulation provide the legal bases for the development of additional tools for recovery, including from physical persons that are responsible for the fraud, by means of administrative decisions. Overall, as ECA also noted  46 , further improvements are needed in order to increase the efficiency of the recovery process for the EU budget.

a. Revenue

In terms of revenue, Member States have primary responsibility for the establishment and the collection of customs duties which are referred to as traditional own resources (“TOR”) and which directly finance the EU budget. Therefore, Member States are obliged to put in place adequate control systems to ensure that their national customs authorities carry out their customs controls in an appropriate way. National customs authorities play a crucial role in the AFA, acting as the first line of defence against illegal activities that impact the EU’s financial interests. In the current MFF (2021-2027), Member States retain a 25% share of the total collection of customs duties collected. The financial damage estimated by the EPPO and OLAF in this area is mostly related to customs fraud resulting in a lower collection of customs duties, and consequently the corresponding TOR made available to the Union budget being lower than what is due. Since recoveries from fraudulent importers tend to be limited, the focus of administrative investigations is to detect fraud at an early stage in coordination with the Member States, to facilitate the adoption of precautionary measures to protect the EU budget.

Furthermore, the new EU Customs Authority will allow for additional coordination of risk management at EU level, while integrating the results of the identified frauds in future actions, e.g., via the future EU Customs Data Hub.

Regarding VAT, the VAT-based own resource to which the EU is entitled is calculated on the basis of VAT actually collected by Member States. Accordingly, any shortfall in VAT collection not only reduces revenue for Member States, but also reduces VAT own resources for the general budget of the EU, with consequences for the level of the GNI-resource for all Member States  47 . Moreover, a significant amount of the VAT-related damage comes from cross-border VAT fraud, often committed in the framework of criminal organisations. This can be more effectively and efficiently tackled through closer cooperation between Member States and EU institutions and bodies (EPPO, OLAF, Commission, etc.); and closer cooperation in the judicial area including with non-EU countries and international organisations, building on the many administrative arrangements concluded by OLAF that significantly improve transnational administrative cooperation and facilitate access to information and the support that can be provided by Eurojust Furthermore, Eurofisc will continue to have a pivotal role in the fight against VAT fraud.

b. Expenditure

Financial recommendations issued by OLAF between 2012 and 2023 show that recovery rates depend on different variables (e.g. the budget management mode and the legal complexity of the individual cases).

The expenditure side covers direct, indirect and shared management modes. In direct management, the lessons learned from OLAF recommendations have already resulted in the Commission adopting, on 6 February 2024, an enhanced corporate strategy for the management of the Commission’s debtors. This strategy aims at recovering more and faster and has a double objective:

-to close the gap between the amounts recommended by OLAF for recovery and the amounts established to be recovered 48 , through better interaction between OLAF and the AODs; and

-to close the gap between established and recovered amounts by enhancing the Commission’s internal monitoring mechanism for following up to OLAF recommendations.

Recoveries for the EU budget still need to improve. Reflections should therefore continue on how to effectively ensure in practice that the Union budget obtains compensation for the damage it has suffered.

At the request of the Commission, the EPPO agreed to revise its notification templates in order to transmit to AODs the timely, detailed and actionable information needed to take the appropriate measures to protect the EU’s financial interests 49 .

Without prejudice to possible legislative changes, the Commission is also considering short-term actions to improve the internal monitoring of OLAF recommendations and the follow-up to the EPPO’s notifications 50 , with a view to bring about improvements in practice.

The protection of the EU’s financial interests would not be complete without necessary complementarity between (i) the efficient investigation and prosecution of offences against the EU’s financial interests; and (ii) recovery and administrative/precautionary measures, taken at both the EU and national level (e.g. exclusion from future EU funding and compensation for the damage which has been caused to the EU budget through a civil action). This complementarity is required by the Treaties and the Financial Regulation 51 .

Effective deterrence is not possible without a combination of swift criminal investigations, final convictions, administrative measures adopted by the AODs, including precautionary measures, sanctions imposed by courts or administrative authorities and efficient recoveries.

3.5 Improving the governance of the anti-fraud architecture

In its CONT Report, the European Parliament’s Committee on Budgetary Control has called for a more measurable and result-oriented AFA governance; a more effective deployment of adequate resources and their more efficient use; a more holistic approach in reporting through the PIF report; and more coordination and cooperation between AFA actors 52 .

The AFA review will take into account the results of relevant ongoing evaluations and build on the work of all AFA actors. On that basis, the review will consider their mandates as well as their complementarity and coordination and ensure a better integrated AFA.

With the current legal framework, AFA actors have their own set of obligations to report on their anti-fraud activities. This has led to differences in the individual approaches to cooperation and reporting. The lack of a consistent approach hampers a clear overall picture of how the protection of the EU’s financial interests is ensured by the different actions throughout the AFA.

4.Conclusions: way forward

The present White Paper puts forward some avenues to be explored for the review of the AFA and its areas of focus. The Commission invites the traditional stakeholders (the European Parliament, Council and ECA) as well as all the AFA actors to contribute to the reflection based on the above-mentioned orientations and questions. This will make it possible to take these views into account together with the results of the ongoing evaluations of the legal frameworks applicable to certain actors relevant to the AFA (e.g. Eurojust, Europol, the EPPO and OLAF) and the PIF Directive reports.

The outcome of the AFA review will be presented in a Commission communication in 2026. It may be accompanied, as appropriate, by possible legislative proposals related to the OLAF, EPPO, Eurojust, Europol or Eurofisc Regulations and the PIF Directive. This could be a unique opportunity to ensure a more coherent AFA with simplified and operational answers in reply to the issues mentioned in this white paper and attuned to the new MFF. Some of these issues require further analysis to be conducted in the context of the ongoing evaluations. The Commission therefore proposes to take the debate on the future of the EU AFA forward in this context.

(1)

 Articles 310(6) and 325 TFEU.

(2)

 Article 317 TFEU.

(3)

COM/2023/234 final

(4)

Regulation (EU, Euratom) 2020/2092 of the European Parliament and of the Council of 16 December 2020 on a general regime of conditionality for the protection of the Union budget, OJ L 433I, 22.12.2020, p. 1–10.

(5)

 Report on the protection of the EU’s financial interests – combating fraud – annual report 2023, 1 April 2025, European Parliament, Committee on Budgetary Control, reporting member: Gilles Boyer.

(6)

 See also ‘EU anti-fraud architecture – the role of EU-level players, how they cooperate and the challenges they face’, a study requested by the European Parliament’s Committee on Budgetary Control, Policy Department for Budgetary Affairs Directorate-General for Internal Policies, PE 763.761, by Centre for Strategy and Evaluation Services (CSES), August 2024.

(7)

 For example, Special Report 7/2024 of the European Court of Auditors on the Commission’s systems for recovering irregular EU expenditure.

(8)

 For example, on the Recovery and Resilience Fund (RRF) and Member States’ control systems, and on the Commission anti-fraud strategy (CAFS).

(9)

 Publication is scheduled for September 2025. The reporting member is J. Gregor.

(10)

 Regulation (EU) 2021/241 of the European Parliament and of the Council of 12 February 2021 establishing the Recovery and Resilience Facility, OJ L 57, 18.2.2021, p. 17–75.

(11)

 Publication is scheduled for December 2025. The reporting member is I. Maletíc.

(12)

 Publication is scheduled for September 2026. The reporting member is still to be decided.

(13)

Commission Anti-Fraud Strategy Action Plan – 2023 revision, COM(2023) 405 final.

(14)

Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions of 1 April 2025, ‘ProtectEU: a European Internal Security Strategy’, COM (2025)148.

(15)

 Council Regulation (EC, Euratom) No 2988/95 of 18 December 1995 on the protection of the European Communities financial interests, OJ L 312, 23.12.1995, p. 1–4.

(16)

 Directive (EU) 2017/1371 of the European Parliament and of the Council of 5 July 2017 on the fight against fraud to the Union’s financial interests by means of criminal law, OJ L 198, 28.7.2017, p. 29.

(17)

 The UCLAF was a taskforce created as part of the Secretariat-General of the European Commission. It led to OLAF’s creation in 1999. See Commission Decision 1999/352/EC of 28 April 1999 establishing the European Anti-fraud Office (OLAF), OJ L 136, 31,5,1999, p.20.

(18)

Regulation (EU, Euratom) 2024/2509 of the European Parliament and of the Council of 23 September 2024 on the financial rules applicable to the general budget of the Union (recast), OJ L, 2024/2509, 26.09.2024.

(19)

Regulation (EU) 2021/241 of the European Parliament and of the Council of 12 February 2021 establishing the Recovery and Resilience Facility, OJ L 57, 18.2.2021, p. 17–75.

(20)

 These regulations are:

·Regulation No 883/2013 of the European Parliament and of the Council of 11 September 2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) (‘OLAF Regulation’);

·Regulation No 2016/2030 of the European Parliament and of the Council of 26 October 2016 amending Regulation No 883/2013, as regards the secretariat of the Supervisory Committee of the European Anti-Fraud Office (OLAF);

·Regulation No 2020/2223 of the European Parliament and of the Council of 23 December 2020 amending Regulation No 883/2013, as regards cooperation with the European Public Prosecutor’s Office and the effectiveness of the European Anti-Fraud Office investigations;

·Council Regulation No 2185/96 of 11 November 1996 concerning on-the-spot checks and inspections carried out by the Commission in order to protect the European Communities’ financial interests against fraud and other irregularities;

·Council Regulation No 2988/95 of 18 December 1995 on the protection of the European Communities’ financial interests; and

·Council Regulation No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters.

(21)

Governance in the European Commission’, Communication to the Commission of 24.6.2020, C(2020) 4240 final, p. 16.

(22)

 Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office (the EPPO Regulation), OJ L 283, 31.10.2017, p. 1.

(23)

 All Member States currently participate in the EPPO, except Denmark, Ireland and Hungary.

(24)

 Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA, PE/37/2018/REV/1, OJ L 295, 21.11.2018, p. 138.

(25)

 Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol), OJ L 121, 15.5.2009, p. 37.

(26)

 See, in particular, the proposal for a regulation of the European Parliament and of the Council establishing the Union Customs Code and the European Union Customs Authority, and repealing Regulation (EU) No 952/2013, COM/2023/258 final. The proposal is with the co-legislators.

(27)

 Council Regulation (EU) No 904/2010 of 7 October 2010 on administrative cooperation and combating fraud in the field of value added tax (recast), OJ L 268, 12.10.2010, p. 1.

(28)

 Europol, Eurojust and Eurofisc are still characterised by the ‘intergovernmental third pillar spirit’ in that they depend on the final decision taken by national authorities, which they are not intended to replace.

(29)

 Article 16 of Regulation No 883/2013 of the European Parliament and of the Council of 11 September 2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) and repealing Regulation (EC) No 1073/1999 of the European Parliament and of the Council and Council Regulation (Euratom) No 1074/1999, OJ L 248, p. 1.

(30)

 Regulation 2024/2509 of the European Parliament and of the Council of 23 September 2024 on the financial rules applicable to the general budget of the Union (recast), OJ L, 2024/2509, 26.9.2024, ELI: http://data.europa.eu/eli/reg/2024/2509/oj.

(31)

 These improvements include an expedited procedure, a legal presumption of notification, the possibility of excluding beneficial owners, and a few new cases of grave professional misconduct that can lead to exclusion.

(32)

 The EDES was set up in 2016 as one of the instruments to protect the EU’s financial interests.

(33)

 Council Regulation No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters, OJ L 82, 22.3.1997, p. 1.

(34)

 The Irregularity Management System (IMS) is a dedicated electronic system for reporting irregularities. It has been developed and put at the disposal of Member States and beneficiary countries. The IMS is operated under the Anti-Fraud Information System (AFIS) and is used by 35 countries.

(35)

 The Commission has developed the own resources database (OWNRES) as an electronic system to facilitate the reporting and monitoring of cases of fraud and irregularities that affect entitlements to traditional own resources.

(36)

Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law, OJ L 305, 26.11.2019, p. 17–56.

(37)

See Article 24 of the EPPO Regulation.

(38)

 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions of 1 April 2025, ‘ProtectEU: a European Internal Security Strategy’, COM (2025)148.

(39)

See the Proposal for a Regulation of the European Parliament and of the Council establishing the Union Customs Code and the European Union Customs Authority, and repealing Regulation (EU) No 952/2013, COM/2023/258 final.

(40)

 See Article 101(3) of the EPPO Regulation: ‘In the course of an investigation by the EPPO, the EPPO may request OLAF, in accordance with OLAF’s mandate, to support or complement the EPPO’s activity in particular by: (a) providing information, analyses (including forensic analyses), expertise and operational support; (b) facilitating coordination of specific actions of the competent national administrative authorities and EU bodies; (c) conducting administrative investigations’. See also Article 12e of the OLAF Regulation (‘The Office’s support to the EPPO’) which states: ‘1. In the course of an investigation by the EPPO, and at the request of the EPPO in accordance with Article 101(3) of Regulation (EU) 2017/1939, the Office shall, in accordance with its mandate, support or complement the EPPO’s activity, in particular by: a. providing information, analyses (including forensic analyses), expertise and operational support; b. facilitating coordination of specific actions of the competent national administrative authorities and EU bodies; c. conducting administrative investigations.’

(41)

 Point 6.2 of the Working Arrangement between the European Anti-Fraud Office and the European Public Prosecutor’s Office, 5 July 2021:

https://www.eppo.europa.eu/sites/default/files/2021-07/Working_arrangement_EPPO_OLAF.pdf .

(42)

 See comparison between the complementary investigations and the overall investigative activity of the two offices: after 3.5 years of operational cooperation, OLAF and EPPO have worked together on some 136 investigations (the EPPO had carried out 1 927 active investigations by 31 December 2023).

(43)

 This is not always the case. During the negotiations for the 2024 FR revision, the Council refused to extend to the Commission the right to use the mutual assistance mechanism that the Member States have applied among themselves to recover national debts for many years. This delays the recovery process because it obliges the Commission to find for itself the key information that it needs (e.g. on the debtor’s identity, solvency, address or assets) in order to recover funds.

(44)

Judgments of 26 September 2024 in joint cases C-160 and 161/22P, Commission v HB; of 4 October 2024 in case C-721/22P, Commission v PB and of 29 February 2024 in case C-437/22, Eesti Vabariik.

(45)

 Council Regulation (EC, Euratom) No 2988/95 of 18 December 1995 on the protection of the European Communities financial interests, OJ L 312, 23.12.1995, p. 1–4.

(46)

 Special Report 7/2024 of the European Court of Auditors on the Commission’s systems for recovering irregular EU expenditure.

(47)

See, to that effect, judgment in Åkerberg Fransson, C‑617/10, EU:C:2013:105, paragraph 34 and the case-law cited.

(48)

 The authorising officer of the service that receives the OLAF recommendation (in customs matters the authorities of the Member State concerned) may reject the OLAF recommendation in whole or in part. The amount established to be recovered is therefore the final amount that the recipient of the recommendation will claim for recovery or, in the case of shared management, will claim to exclude from EU financing.

(49)

 Revised templates are annexed to the Agreement establishing the modalities of cooperation between the Commission and the EPPO of 2 June 2021. They have applied since November 2024.

(50)

 Such actions could include designating a Commission service to be in charge of supporting the AODs in taking early precautionary measures and timely recovery steps; and enhancing cooperation among relevant services and reporting tools.

(51)

See Articles 325 TFEU, 129 FR and 138 FR.

(52)

 Report on the protection of the EU’s financial interests – combating fraud – annual report 2023, 1 April 2025, European Parliament, Committee on Budgetary Control, reporting member: Gilles Boyer, paragraphs 3, 4, 6 and 7.