Europäischer Rechnungshof - European Court of Auditors
Fraud in the EU’s €650 billion COVID fund: protection is patchy
- Bild-Infos
- Download
Press release
Luxembourg, 11 February 2026
Fraud in the EU’s €650 billion COVID fund: protection is patchy
- While the EU’s anti-fraud framework for pandemic recovery funding has improved over time, some systemic weaknesses remain
- Data on suspected fraud cases is incomplete
- EU budget insufficiently protected, and may not recover money fraudulently spent
The EU’s €650 billion COVID recovery fund, the Recovery and Resilience Facility (RRF), continues to show multiple weaknesses in fraud detection, reporting and correction, according to a new report by the European Court of Auditors (ECA). Moreover, while EU countries are required to recover any money that final recipients have used fraudulently, they do not have to return it to the EU budget. As a result, the EU’s finances are less well protected than they could be.
The RRF was established in February 2021 as a one-off temporary programme to help EU countries recover from the pandemic and build resilient economies. The Commission and member states are jointly responsible for tackling fraud against the EU’s financial interests. National authorities must provide the EU’s executive with guarantees on the effectiveness of fraud prevention, detection and correction systems.
“The EU and its countries should have set up more effective anti-fraud systems given the size of the recovery fund, its novel financing mechanism, and the reputational damage of fraud,” said Katarína Kaszasová, the ECA Member leading the audit. “The EU remains exposed to RRF fraud because of gaps in recovery rules, incomplete data on fraud, and reporting issues.”
The auditors found that the EU’s high-level specifications for member states’ anti-fraud systems, as set out in the RRF Regulation, were not sufficiently detailed. The Commission subsequently took steps to strengthen the requirements through bilateral financing agreements, but was still not clear enough regarding the nature of national anti-fraud verifications. Although its checks on national systems can help make improvements, in the case of the RRF the Commission was less than thorough. For instance, it did not fully cover the responsibilities of all national RRF authorities. Moreover, in ten countries the Commission did not complete its checks until after the first round of payments, when it still had insufficient evidence that the national anti-fraud systems were effective.
EU countries did take measures to prevent fraud in RRF funding, but these were often delayed. The situation was compounded by weaknesses in fraud detection. For example, many countries underused the potential of data mining and analytics, which – alongside checks and whistleblowing – are key elements in fraud detection.
Incomplete data on RRF fraud makes it difficult for the Commission to properly target its own anti-fraud action, such as corrective measures, and monitor what is being done by EU countries. There are no standard rules for reporting to the Commission on cases of suspected fraud that may affect the EU’s finances. Because of this, member states apply different criteria for determining what constitutes this kind of fraud, so do not all report in the same way. As a result, the extent of RRF fraud cannot be accurately estimated.
Unlike in other EU programmes, EU countries are not obliged to return to the EU budget any amounts they claw back from fraudsters. The only exception arises when the Commission considers their recoveries insufficient so launches its own. However, the Commission may no longer be able to do this after the RRF is wound up later this year, because the current mechanism for EU countries’ reporting on RRF fraud and recoveries will also come to an end. This is concerning, as the biggest investments in EU countries are scheduled for the final months of the RRF, meaning that most corrections for fraud will only be possible after that date.
Background information
Fraud affecting the EU’s financial interests is defined as any intentional act that results in the misappropriation or wrongful retention of funds from the EU budget, or from budgets managed on behalf of the EU. National authorities and citizens have multiple channels for reporting RRF fraud, including the Commission, the European Anti-Fraud Office (OLAF) and the European Public Prosecutor’s Office (EPPO). In its 2024 annual report, published in March 2025, EPPO reported that, since the start of the RRF, it had investigated 307 RRF fraud cases. In July 2025, the Commission issued a white paper announcing a review of the EU’s anti-fraud architecture.
The auditors examined the effectiveness of RRF anti-fraud systems at the Commission and in four countries – Denmark, Spain, Italy and Romania. They make several recommendations to the Commission; these are relevant to the RRF and any similar future programmes in which payments are not linked to actual costs. They urge the Commission to further strengthen its checks of national RRF anti-fraud systems, improve the reporting of suspected fraud in the RRF, increase the impact of corrective measures, and define minimum anti-fraud requirements for EU countries in future RRF-type programmes.
Special report 06/2026: “Tackling fraud in the RRF: Work in progress” is available on the ECA website, together with a one-page overview of the key facts and findings.
Press contact
ECA press office: press@eca.europa.eu
Damijan Fišer: (+352) 621 552 224