Criminal liability of legal entities in Romania: when the company is liable and when only the directors are

Romanian law treats the legal entity (company, association, foundation, etc.) as a full criminal law subject, with its own set of offences and penalties, regulated in Title VI of the Romanian Criminal Code (Law no. 286/2009), Articles 135–151.

At the same time, the Criminal Code clearly states that the criminal liability of the legal entity does not exclude the liability of the individual decision-makers. In practice, prosecutors very often indict both the company and the managers, accountants or other people involved.

1. Why this matters for entrepreneurs and managers

From a business perspective, criminal law risk no longer means only prison sentences or criminal fines for individuals. For a company, the real danger is often the combination of a high criminal fine and heavy complementary penalties:

• large criminal fine (up to 3,000,000 RON as a general maximum for legal entities);
• suspension of the company’s activity;
• closure of business units or work points;
• ban on participating in public procurement procedures;
• judicial supervision;
• publication of the conviction decision, with direct reputational impact.

These sanctions are regulated in Article 136 of the Criminal Code and can be devastating for a business: loss of contracts, damaged reputation, inability to operate or to access key markets (especially public tenders).

At the same time, the legal entity’s liability is “added” on top of individual liability. Article 135(3) of the Criminal Code expressly provides that the criminal liability of the legal person does not exclude the criminal liability of individuals who contributed to the same act.

2. Short background: how corporate criminal liability appeared in Romanian law

For a long time, the traditional view in Romanian criminal law was that “only individuals commit crimes, not companies”. The pre-2000 Criminal Code accepted certain security measures (e.g. closure of a premises) but not full criminal liability of legal entities as we know it today.

This changed gradually under the pressure of European and international instruments on corruption, economic crime and environmental offences. Law no. 278/2006 amended the 1968 Criminal Code and introduced, for the first time in a coherent manner, criminal liability for legal entities, in line with models from countries such as France, Belgium or the Netherlands.

The current Criminal Code (Law no. 286/2009), in force since 1 February 2014, consolidated the institution in Title VI, Articles 135–151, and adopted a model of direct liability of the legal entity: the company is directly liable for offences committed in its interest, not only for acts of its statutory bodies.

3. Legal basis: the key articles of the Romanian Criminal Code

The essential legal framework is found in Articles 135–137 and 151 of the Criminal Code, which regulate:​

• Article 135 – Conditions for criminal liability of the legal entity (who can be liable and in what circumstances).
• Article 136 – Types of penalties applicable to legal entities (main and complementary penalties).
• Article 137 – System of calculating criminal fines for legal entities (days-fine system and limits).
• Article 151 – Effects of mergers, demergers and other reorganisations on criminal liability.

An official English translation of the Criminal Code (including Articles 135–151) is available in the collections of international organisations such as the OSCE/ODIHR and the Venice Commission.

4. Which entities can be criminally liable?

As a rule, any legal entity can be criminally liable, except for the State and public authorities, which are expressly excluded. Public institutions can, however, be liable when they act in the private law sphere (for example, commercial activities).

In practice, this includes:

• limited liability companies (SRL) and joint-stock companies (SA);
• partnerships, cooperatives, agricultural companies;
• associations and foundations (NGOs);
• professional organisations, employer associations;
• other entities with legal personality under special laws.

By contrast, some business forms do not have legal personality and therefore cannot be criminally liable under Article 135. A key example is the individual enterprise</strong (întreprindere individuală). In 2016, the High Court of Cassation and Justice held in Decision no. 1/2016 that an individual enterprise, as an entity without legal personality, cannot be a legal person within the meaning of Article 135, and therefore cannot be held criminally liable as such.

In those cases, it is the individual owner who can be prosecuted and convicted, just like any other natural person.

5. Conditions for company liability (Article 135 Criminal Code)

Article 135 of the Criminal Code sets three main conditions for the criminal liability of a legal entity:​

1. The act must be an offence provided by criminal law.
2. The offence must be committed in the course of the legal entity’s activities, in its interest or on its behalf.
3. The offence is committed by bodies or representatives of the legal entity (or, according to case law and doctrine, by persons acting de facto for it – e.g. de facto directors, shadow managers).

The idea is that the offence must, in some way, be an expression of the company’s “will” as an organisation – through its decision-makers, its policies, or its structural failures.

5.1. Offences committed “in the course of the legal entity’s activities”

This condition covers offences closely linked to the company’s normal business operations. Examples include:​

• a transport company that systematically manipulates tachographs to exceed driving time limits;
• a construction company that systematically ignores occupational safety rules on site;
• a trading company that “routinely” manipulates stock and accounting documents to hide revenue.

Courts and scholars require a functional link between the offence and the purpose for which the legal entity was created. It is not enough that some employee committed an offence at the workplace; the act must be part of how the company carries out its business (lawfully or not).

5.2. Offences committed “in the interest” of the company

Here, the focus is on the benefit (actual or intended) for the company, regardless of whether the act fits neatly within its business object. A typical example is corruption:

• a director offers a bribe to a public official so that the company will win a public contract;
• a manager manipulates an inspection report to avoid environmental penalties for the company.

Even though bribery is not part of the company’s business object, the offence is clearly committed to obtain an advantage (contract, licence, avoided fine) for the legal entity. In such cases, both the company and the individual can be prosecuted.

5.3. Offences committed “on behalf of” the company

This phrase typically refers to situations where someone acts in a representative capacity (director, authorised representative, etc.), even if no actual benefit ends up reaching the company. The key point is that, externally, the act is attributed to the company because the person presents and acts as its representative (signs contracts, issues documents, negotiates in the company’s name).

5.4. Subjective (fault-based) liability, not “objective” liability

The Constitutional Court and legal scholarship underline that criminal liability of a company is still fault-based, not purely objective. The company is not punished merely because “something bad happened”. Instead, the offence must be imputable to it – either through deliberate decisions (policies, instructions, tolerated practices) or through serious organisational failures (lack of controls, absence of procedures, structural tolerance for breaches).

In other words, the company “acts” through its organs, representatives and internal systems. If these are so defective that offences become predictable, the legal entity can be held liable.

6. Company liability does not replace managers’ liability (Article 135(3))

Article 135(3) states very clearly that the criminal liability of the legal entity does not exclude the criminal liability of the individual(s) who contributed to the same act.

In practice, this has two important consequences:

• the company is indicted alongside the director, CFO, accountant, project manager, etc.;
• the court analyses both organisational failures (for the company) and personal fault (for the individuals).

Romanian case law and doctrine explicitly emphasise that the legislator chose a model of cumulative liability, not “vicarious liability” where only one of the two (company or manager) can be punished.

7. Typical scenarios where both company and directors are liable

7.1. “Company-level” tax evasion

Imagine an SRL where the management decides to systematically underreport revenue or use fictitious invoices to reduce VAT or profit tax. The administrator approves the strategy, the accountant implements it, and the company benefits from lower taxes.

In such a situation, if the elements of tax evasion are met, prosecutors are likely to indict:

• the company as a legal entity, for the offence committed in the course of its activity and in its interest; and
• the administrator, accountant and any other involved individuals as natural persons.

Case law and commentary confirm that tax offences (e.g. under Law no. 241/2005) are among the most common grounds for corporate indictments in Romania.

7.2. Serious workplace accident due to structural safety failures

Consider a construction company that fails to implement mandatory occupational safety measures: no protective equipment, no training, no supervision, repeated complaints ignored. If a fatal or severe workplace accident occurs in this context, criminal investigations can target:

• the company, for offences such as manslaughter or bodily injury by negligence committed in the course of its activity; and
• the administrator, site managers or safety officers, for their individual negligence or recklessness (culpa).

The more the investigation reveals a systemic pattern (chronic lack of safety investments, pressure on employees to ignore rules), the stronger the case for corporate criminal liability.

7.3. Corruption and fraud in dealings with the State

In public procurement and regulated sectors, a very common scenario is that a director or manager pays bribes or gives undue advantages to public officials in order to secure contracts, licences or favourable inspections.

If the bribe is given in the company’s name and for its benefit (for instance, to win a tender for the company), prosecutors may charge both:​

• the company, as a legal entity, for corruption offences (e.g. active bribery, buying influence); and
• the individuals directly involved – director, intermediary, other employees.

7.4. Environmental and regulatory offences

Industrial plants, waste management companies or recycling businesses can face corporate indictments when they systematically breach environmental rules – illegal dumping of waste, exceeding pollutant limits, ignoring environmental permits.

Courts look at whether these are isolated breaches by a rogue employee or the result of a deliberate business model (“cheaper not to invest in filters, just pay occasional fines”). When the latter is true, it is natural to hold the company itself criminally liable alongside the decision-makers.

8. When only directors (and other individuals) are liable, not the company

8.1. Acts committed purely in personal interest

There are situations where the director uses the company merely as a tool for personal schemes, without any genuine benefit for the company. For example:​

• the director channels money from his private criminal activities through the company’s accounts, without any corporate benefit;
• the director uses the company to purchase luxury goods strictly for personal use, with no connection to the business;
• the director uses the company stamp and accounts to guarantee personal debts or illegal transactions that do not benefit the company.

In such cases, doctrine and case law tend to treat the company as a victim or a neutral vehicle, not as an offender. The individuals bear the criminal liability, and the company may even be recognised as an injured party if its assets are misused.

8.2. Acts completely outside the company’s business and interests

Imagine a director who takes the company car without approval and, while on a purely personal trip, drives under the influence of alcohol. Even though a company asset is involved, the offence (drunk driving) has nothing to do with the company’s activity or its interest, and the company does not benefit in any way.

In such scenarios, the offence is attributable solely to the individual. The legal entity has no role other than being the owner of the vehicle.

8.3. Stealing from the company (embezzlement, breach of trust)

When employees or directors steal from the company – embezzling funds, misappropriating stock, abusing their position – the typical picture is that the company is the victim. The individuals can be charged with embezzlement, breach of trust or similar offences; the company can claim damages as a civil party.

Here, the offence is committed against the legal entity’s assets, not in its interest. As a rule, this does not engage corporate criminal liability, only individual liability.

8.4. How a genuine “zero-tolerance” compliance culture can help

Legal scholarship and international practice emphasise that an effective compliance programme can be a significant argument against corporate liability, particularly in cases of isolated misconduct by a rogue employee acting against clear company policies.

If the company can show that:

• it has clear written policies (anti-bribery, gifts, conflicts of interest, tax integrity);
• it provides regular training on these policies;
• it operates internal controls (four-eyes principle, segregation of duties, approval workflows);
• it reacts immediately to red flags (investigations, disciplinary sanctions, reporting to authorities where appropriate);

then courts may be more inclined to view a particular offence as the act of an individual against the company’s will, rather than an expression of its organisational culture.

9. Which offences can a company commit – and which not?

Romanian law does not define a closed list of “corporate offences”. As a starting point, a legal entity can, in principle, be liable for any offence, except those which clearly require a human individual as the perpetrator (e.g. certain offences against the person or family, purely personal-status crimes).

For many offences, however, the legal entity can be liable as instigator or accomplice (for instance, by encouraging or organising individuals to commit the act) even if it cannot be the direct author because the offence presupposes a natural person.

In practice, the most common areas for corporate criminal liability in Romania are:​

• economic and financial crime (tax evasion, fraud, money laundering);
• corruption and offences relating to public procurement;
• environmental offences (illegal waste, pollution);
• occupational safety and workplace accidents;
• data protection and cybercrime-related offences (in some contexts).

10. Penalties for legal entities: how far can the impact go?

10.1. Criminal fine – the days-fine system

Under Article 137 of the Criminal Code, the criminal fine for a legal entity is calculated using a “days-fine” system:​

• the amount per day is between 100 RON and 5,000 RON;
• the number of days is between 30 and 600 days;
• the general maximum of the fine for a legal entity is 3,000,000 RON (around 670,000 EUR).

The court decides separately:

• how many days-fine to impose, based on the seriousness of the offence and the danger posed by the company’s conduct; and
• how much each day-fine is worth, based on the company’s financial situation.

The total fine is simply the product of these two factors. For example, if the court sets 200 days at 2,000 RON per day, the total fine will be:

200 days × 2,000 RON/day = 400,000 RON.

Thus, even for a medium-sized company, the financial impact of a criminal conviction can be very significant.

10.2. Complementary penalties (Article 136)

In addition to the fine, Article 136 allows courts to impose one or more complementary penalties on the legal entity, such as:​

• dissolution of the legal entity;
• suspension of all or part of the entity’s activities for a period between 3 months and 3 years;
• closure of one or more business units for 3 months to 3 years;
• ban on participating in public procurement procedures for 1 to 3 years;
• judicial supervision of the legal entity;
• publication of the conviction decision.

From an entrepreneur’s perspective, these sanctions can be more damaging than the fine itself, as they may destroy the company’s ability to operate or to compete in key markets.

11. What happens to criminal liability in mergers, demergers or other reorganisations? (Article 151)

Many entrepreneurs assume that they can “escape” criminal liability by dissolving, merging or restructuring the company. Article 151 of the Criminal Code is designed precisely to prevent this.

If the legal entity ceases to exist through merger, absorption or demerger after the offence has been committed, the criminal liability and its consequences are transferred to the entity or entities that take over its assets. In particular:

• the new company created by a merger assumes the criminal liability of the former entities;
• the absorbing company inherits the criminal liabilities of the absorbed entity;
• the entities created by a demerger or those receiving parts of the divided company’s assets may share its liability, depending on how the assets and activities are allocated.

Legal literature notes that the purpose of these rules is to ensure the effectiveness of corporate criminal liability and to prevent strategic restructurings from being used as a shield against prosecution.

In practice, this means that before any M&A transaction (merger, acquisition of a target company, carve-out), buyers must conduct a serious criminal and compliance due diligence to identify potential investigations, past offences or compliance weaknesses that could translate into criminal liability after the transaction.

12. Who actually “exposes” the company: de jure directors, de facto directors and shadow managers

Corporate criminal liability is triggered by the conduct of real people. The Criminal Code refers to “bodies or representatives” of the legal entity, but both doctrine and case law interpret this broadly, in line with modern corporate reality.

In practice, this includes:

• de jure directors – formally appointed and registered in the Trade Register;
• senior managers with decision-making powers (e.g. CEOs, CFOs, heads of business units);
• members of boards or supervisory bodies in companies that use such structures;
• authorised representatives acting under powers of attorney;
• de facto directors and shadow managers who, without formal title, effectively control the company’s decisions.

Romanian courts have increasingly recognised that individuals who effectively manage a company, even without formal appointment, can be treated as “persons performing a service assignment” or as de facto representatives, capable of engaging both their own liability and that of the company.

13. Prevention strategy: what a responsible entrepreneur should do

Beyond knowing the law, entrepreneurs and managers can significantly reduce the risk of criminal liability (for both the company and themselves) through a proactive compliance strategy. Best practice – reflected in legal doctrine and comparative corporate criminal law – includes at least the following elements:

• Risk mapping: identify areas where your business model intersects with criminal law risk (tax, customs, environment, occupational safety, public procurement, data protection, competition law, etc.).
• Code of conduct and clear internal policies: anti-corruption policy, gifts and hospitality rules, interactions with public officials, use of company assets, conflicts of interest, whistleblowing policy.
• Robust internal controls: segregation of duties, approval workflows for payments and contracts, limit authorisations, regular internal audits.
• Training and communication: regular, practical training sessions for managers and staff, with examples and Q&A, not just “paper policies”.
• Incident response procedures: internal investigations, preserving evidence, external legal advice, corrective measures, cooperation with authorities where appropriate.
• Documentation: keep record of compliance efforts, training attendance, internal investigations and remedial actions – this can be crucial in criminal proceedings.

Courts in Romania and abroad do take into account whether a company was reasonably organised to prevent offences. An effective compliance programme cannot guarantee immunity, but it can influence whether the legal entity is indicted at all and, if so, the level of the penalty.

14. Practical examples: when the company is liable and when only individuals are

• Issuing fictitious invoices to reduce VAT: the company directly benefits from the scheme. Prosecutors are likely to indict the company (as legal entity) together with the administrator and accountant. The offence is committed in the course of business and in the company’s interest.
• Director uses the company card for purely personal luxury spending (holidays, personal high-value goods) with no connection to the company’s activity: this typically qualifies as embezzlement or breach of trust. The company is the victim; only the director is prosecuted. The company can claim civil damages.
• Transport company manipulates tachographs as an informal business policy to increase the number of trips: both the company and its fleet managers/directors may be prosecuted for offences relating to road safety and labour regulations.
• Isolated employee accepts a bribe from a supplier to favour that supplier in tenders, contrary to a clear corporate anti-bribery policy and without corporate benefit: depending on the facts, only the individual may be liable if the company can prove it had robust controls and did not benefit from the act.
• Merger with a company under criminal investigation for environmental offences: the new or absorbing company may inherit the criminal exposure under Article 151. A thorough pre-transaction due diligence is essential.

15. FAQ – Frequently asked questions about criminal liability of legal entities