Group of people around a table in a board room

Section 250 of the Crime and Policing Act 2026 represents a significant expansion of corporate criminal liability across the whole of the UK.

From 29 June 2026, the law shifts in a way property managers cannot afford to ignore: organisations will face criminal liability if a senior manager commits any criminal offence while acting within the actual or apparent scope of their authority.

This change sweeps away the much narrower senior manager test previously set out in the Economic Crime and Corporate Transparency Act 2023 (ECCTA). In its place, it introduces a far broader basis for corporate liability, capturing any criminal offence committed by a senior manager, except offences that, by their nature, cannot be committed by a corporate entity, such as murder.

Safety Critical Decision Making

Although ECCTA focuses on fraud and economic crime, its expansion via the Crime and Policing Act 2026 (CPA), notably regarding the “identification doctrine,” fundamentally alters how organisations can be held criminally liable. The Act widens the definition of “senior management” to include individuals with significant operational or decision‑making authority, not just board‑level executives.

Under the CPA, an organisation may be guilty of committing an offence where a senior manager commits a criminal offence and the individual was acting within the actual or apparent scope of their authority.

The requirement that the individual acts within “actual or apparent authority” does not mean the conduct itself must have been explicitly authorised. It is sufficient that the conduct was of a type the individual was authorised to undertake and would ordinarily fall within the activities of someone in that role.

This change significantly increases the likelihood that any apparent wrongdoing will be attributed to the organisation.

This shift has major consequences for safety‑critical sectors because:

  • many safety decisions are made by operational leaders, facilities managers, building safety managers, and project directors.
  • these individuals now fall squarely within the scope of corporate criminal attribution.
  • failures in oversight, resourcing, or risk management can more easily be linked to the organisation itself.

In short, if a senior manager’s decisions (or omissions) contribute to unsafe conditions, the organisation is now more exposed to criminal liability than ever before.

Defences under s250 are extremely limited. An organisation, for example, cannot escape liability by arguing that it had reasonable procedures in place, or that it took all reasonably practicable steps to prevent wrongdoing, or that it exercised appropriate due diligence.

In practice, this reform exposes organisations to liability for senior managers’ actions across a much broader spectrum of criminal offences, significantly widening the risk landscape for property businesses.

As a result, the likelihood of organisations being found criminally liable for offences committed by senior managers is expected to rise. At the same time, regulators and enforcement bodies are likely to apply greater scrutiny to organisational culture, leadership behaviours, and governance frameworks.

Implications for Health & Safety Management

Health and safety decisions, such as what action to take following a risk assessment or a survey, what maintenance plans are put into place, contractor oversight, and resource allocation are now more likely to be examined through a criminal lens if an incident occurs. Boards and owners must ensure that:

  • Decisions are documented and evidence‑based
  • Risk assessments, surveys and plans are current and acted upon
  • Safety concerns raised internally are escalated and addressed

Individuals with control over safety related work activities, budgets, or safety systems may now be treated as “senior managers” for the purpose of attributing criminal liability to the organisation. This increases the importance of clear delegation, competence and training as well as transparent reporting lines

Regulators will expect organisations to demonstrate that they took reasonable steps to prevent foreseeable harm. This aligns with existing duties under the Health and Safety at Work etc. Act 1974 but raises the bar for evidencing compliance.

Implications for Fire Safety Management

Under the Fire Safety Order in England and Wales, as well as the Fire Safety Scotland Regulations, responsible persons and duty holders already face criminal liability for failures. These changes add organisational liability where senior managers’ decisions contribute to inadequate fire precautions. This means that fire risk assessments and fire strategies must be comprehensive and up to date, remedial actions must be prioritised and funded, and decisions to defer works must be justified and documented

Additionally, third‑party oversight becomes more critical.  If fire safety work is outsourced, organisations must ensure:

  • Competent contractors
  • Clear scopes of work
  • Evidence of completion and quality assurance
  • Poor oversight of contractors can now more easily be attributed to the organisation.
Implications for Building Safety Management (Higher Risk Buildings)

The Building Safety Act 2022 (and the Building Safety (Wales) Act 2026) already introduces stringent duties for accountable persons and others. The CPA 2026 and the changes to the ECCTA reinforces these duties by making it easier to prosecute organisations where senior managers:

  • Ignore safety information,
  • Fail to act on known defects,
  • Underfund safety‑critical works, or
  • Fail to maintain the golden thread of information

Boards must ensure that building safety risks are regularly reviewed, properly resourced and escalated through formal governance channels.

Additionally, documentation becomes a critical defence. If an incident occurs, regulators will examine your decision‑making records, your safety case reports, your resident engagement logs, your maintenance and inspection data and what actions you have taken.  A lack of documentation will be interpreted as a lack of control.

What Senior Leaders Should Do Now

Here are 8 things senior managers and board should do:

  1. Review governance structures to ensure clear accountability for safety decisions
  2. Conduct a full safety risk review or gap analysis covering health, fire, and building safety
  3. Strengthen reporting and escalation pathways so concerns reach senior decision‑makers
  4. Enhance documentation and audit trails for all safety‑critical decisions, including fire risk, health and safety and building safety risks
  5. Ensure that technology is supporting the organisation by highlighting areas of concern
  6. Review competence and training for those now captured by the expanded definition of “senior management”
  7. Reassess contractor and supply‑chain oversight to ensure safety responsibilities are clearly managed
  8. Integrate safety into enterprise risk management with regular board‑level reporting

The expansion of corporate criminal liability is not just a legal development it is a cultural one. It signals a continuing shift toward greater accountability, transparency, and scrutiny of organisational decision‑making.

For health and safety, fire safety, and building safety, this means, stronger governance, better evidence of compliance, more rigorous oversight of operational leaders, and a renewed focus on proactive risk management

Organisations that act now will not only reduce legal exposure but also strengthen trust, resilience, and safety performance.

The law has changed. Has your approach?

Speak to our team today to find out how we can help you strengthen your safety governance, close compliance gaps, and manage risk under the new rules.

Contact us