The Corporate Crime Database Act of 2026 directs the Director of the Bureau of Justice Statistics (BJS) to build, publish, and maintain a public database of federal enforcement actions involving corporations and employees acting within their occupational roles. The statute defines ‘‘corporate offense’’ broadly, requires BJS to collect standardized fields (including unique identifiers, statutes, outcomes, and documentation), and compels federal agencies to submit data under guidance the Director will issue.
The bill centralizes enforcement information that today is scattered across agencies and public records. For compliance officers, litigators, researchers, and regulators it promises a single, machine-readable source for tracking corporate enforcement and recidivism; for companies and named individuals it raises new reputational, privacy, and procedural considerations because settlements, declinations, and non-prosecution agreements are within scope and prior actions must be included to the extent available.
At a Glance
What It Does
Requires the BJS Director to collect, aggregate, analyze, and publish a searchable, downloadable online database of federal enforcement actions involving corporations and employees, including past actions where data exist. The Director must issue collection guidance within 180 days and publish the database within 1 year of enactment.
Who It Affects
Affects the Bureau of Justice Statistics (implementation), federal enforcement agencies that must report information under BJS guidance (e.g., DOJ components, SEC, EPA), business entities and their employees who are subjects of federal enforcement actions, and downstream users such as researchers, journalists, investors, and civil litigants.
Why It Matters
Creates a single, public dataset that could change how corporate misconduct is monitored, investigated, and litigated by making enforcement histories and outcome documents easier to find and analyze—raising questions about data accuracy, privacy, and how agencies standardize reporting.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill adds a new Section 305 to Part C of title I of the Omnibus Crime Control and Safe Streets Act of 1968 directing the BJS Director to establish a national Corporate Crime Database. It gives BJS a defined, but flexible, scope: a ‘‘corporate offense’’ covers violations by business entities and by employees within their occupational role, and the Director may add other violations as appropriate.
The statute explicitly includes concluded administrative, civil, and criminal enforcement actions as well as declinations, settlements, deferred prosecution agreements, and non-prosecution agreements.
BJS must develop and publish guidance within 180 days specifying which federal agencies will submit data and how often, and it must launch the public, searchable, downloadable database within one year. The bill requires BJS to collect specific data fields for each enforcement action—names or entities identified, employers, parent companies where relevant, statutes and regulations implicated, the enforcement agency, outcomes and supporting documentation, and unique identifiers for entities and individuals—while allowing the Director to add further fields as needed.The statute requires agencies identified in the Director’s guidance to provide the specified information and directs BJS to include historic enforcement actions to the extent records are available.
BJS must update the online database each time it collects new information. Separately, the Director must deliver an initial report to Congress within a year of publication and then annually: the report must describe the collected data, analyze patterns such as recidivism, estimate impacts on victims and the public, and provide recommendations developed in consultation with the Attorney General.Finally, the bill amends the Chief Data Officer Council’s statutory duties to require the Council to identify ways federal agencies can standardize and improve collection, digitization, sharing, and publication of enforcement information related to corporate offenses.
That change is aimed at smoothing cross-agency data flows and harmonizing formats, but it leaves operational details—metadata standards, redaction policies, and enforcement priorities—to the Director and the Council.
The Five Things You Need to Know
The bill defines ‘‘enforcement action’’ to include concluded administrative, civil, and criminal actions, plus declinations, settlements, deferred prosecution agreements, and non‑prosecution agreements.
BJS must publish a searchable, downloadable database within 1 year of enactment and must issue agency reporting guidance within 180 days.
Required data fields include named business entities and individuals, employers and parent companies where relevant, statutes/regulations, enforcement agency, outcome with documentation, and a unique identifier for each entity or individual.
The database must include enforcement actions that occurred before enactment to the extent records are available, not only future actions.
BJS must submit an initial Congressional report within a year of publication and annual reports thereafter that analyze recidivism, estimate victim/public impact, and propose legislative or administrative reforms developed with the Attorney General.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Who and what counts as a corporate offense
This subsection sets the baseline vocabulary: 'business entity' covers corporations, partnerships, LLCs, and similar forms; 'corporate offense' reaches violations by entities and employees acting within their job roles and permits the Director to expand the definition. The flexible definition gives BJS discretion to capture misconduct that agencies commonly treat as corporate, but it also vests the Director with significant judgment about scope and inclusion criteria.
BJS must collect, aggregate, analyze and publish enforcement data
BJS is required to collect information on enforcement actions, analyze it, and publish a public database. The provision is operational: it moves responsibility for centralizing federal corporate enforcement records to BJS rather than any enforcement agency, obligating BJS to act as the national aggregator and analyst rather than a mere repository.
Minimum data elements and documentation
The statute prescribes specific data elements for each enforcement action—named parties, employers, parent companies where relevant, offense types, statutes or regulations, enforcing agency, outcomes with all relevant documentation, and unique identifiers. This list prioritizes linkability and traceability (unique IDs and parent-company fields) and pushes for inclusion of primary source documents that substantiate outcomes, which will drive decisions about redaction, format, and storage.
Timing, agency reporting obligations, and public access requirements
Within 180 days BJS must publish guidance identifying which federal agencies will submit data and specifying format, timing, and frequency. Agencies named in that guidance must comply. BJS must publish the database online within one year in a searchable, downloadable, accessible format and update it each time new data arrive. Practically, this creates recurring ingestion and QA responsibilities for both agencies and BJS and anchors a public‑facing schedule for data releases.
Annual analysis requirement and policy recommendations
One year after publication—and annually thereafter—BJS must report to Congress on the data collected, including analysis of recidivism, offense patterns, and enforcement responses; an estimate of impacts on victims and the public; and recommendations for legislative or administrative improvements prepared with the Attorney General. These mandated analyses create a feedback loop intended to inform policy changes and resource allocation.
Chief Data Officer Council role in standardization and digitization
The bill adds a new charge for the Chief Data Officer Council to identify how federal agencies can improve collection, digitization, tabulation, sharing, and publication of information on corporate enforcement actions. This seeks to address interoperability and format standardization, but it delegates the technical harmonization work to the Council rather than prescribing specific data standards in statute.
This bill is one of many.
Codify tracks hundreds of bills on Justice across all five countries.
Explore Justice in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Federal regulators and law enforcement: gain a consolidated view of corporate enforcement across agencies, which can improve trend analysis, coordination, and detection of repeat offenders.
- Researchers, academics, and policy analysts: receive standardized, machine‑readable data and outcome documents that lower the cost of empirical study on corporate misconduct and recidivism.
- Journalists and public-interest NGOs: get easier access to enforcement records and primary documents, enabling more consistent public accountability reporting.
- Investors, compliance officers, and corporate due‑diligence teams: can use enforcement histories and linked parent-company identifiers to inform risk assessments, underwriting, and M&A decisions.
- Victims and consumer advocates: benefit from aggregated analysis and public reporting on impact and recidivism that can inform advocacy and restitution policy.
Who Bears the Cost
- Federal agencies required to report: must allocate staff and technical resources to extract, standardize, and transmit records per BJS guidance, creating operational and budgetary burdens.
- Bureau of Justice Statistics: must expand capacity for data ingestion, legal review, redaction policy, public hosting, and ongoing updates—likely requiring new funding and technical investments.
- Named corporations and individuals: face increased reputational exposure and potential commercial harm from consolidated public presentation of enforcement actions, including settlements and declinations.
- Individuals identified in records: may suffer privacy and career harms if allegations (as distinct from convictions) are published and searchable, raising risks for employees named in investigations.
- Defense counsel and compliance teams: will see higher monitoring and litigation-related costs as plaintiffs, regulators, and counterparties use the database for discovery, due diligence, and enforcement strategy.
Key Issues
The Core Tension
The core tension is transparency versus fairness and feasibility: lawmakers want comprehensive, public accountability data to detect patterns and deter corporate misconduct, but publishing broad enforcement records—including allegations, settlements, and declinations—can unfairly harm reputations, complicate ongoing investigations, and impose significant technical and resource burdens on agencies and BJS; the bill delegates many resolution choices to the Director and the Chief Data Officer Council, shifting tough tradeoffs from statute to implementation.
The bill solves a visibility problem but creates hard implementation choices. Publicly listing settled or declined matters alongside convictions risks conflating allegations and outcomes; the statute requires outcome documentation, but it leaves redaction standards, metadata schemas, and how to label disposition status to administrative guidance rather than statute.
That delegation helps BJS adapt but also raises consistency and legal risk questions—especially for actions involving classified material, sealed court records, or ongoing investigations.
Standardizing inputs across diverse agencies (criminal prosecutors, regulatory enforcers, administrative boards) is nontrivial. Agencies currently store records in different formats and with differing confidentiality exemptions; integrating those sources will demand data‑mapping, legal review pipelines, and sustained funding.
The bill also requires BJS to include historic enforcement actions ‘‘to the extent available,’' which will produce uneven historical coverage and potential sampling bias in early analyses. Finally, publishing unique identifiers enhances machine linkability but also increases the risk of automated scraping, reputational amplification, and misuse by commercial actors or litigants, raising questions about privacy safeguards and rectification processes for mistaken or outdated records.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.