Corpenza
Get Started
Independent Audit and Compliance8 min

What Triggers a Mandatory Audit in the EU?

A practical 2026 guide to the EU rules that usually trigger a mandatory audit, and why the final answer still depends on national law.

Berk Tüzel
Berk Tüzel
June 19, 2026
mandatory audit eueu audit thresholdspublic-interest entity
What Triggers a Mandatory Audit in the EU?

A mandatory audit in the EU is usually triggered by status, size, or both. Public-interest entities sit inside the statutory audit framework from the start. Other companies are tested against national rules built on the Accounting Directive, so the real 2026 question is simple: which bucket does your company fall into where it is registered?

That sounds technical. It is. It also affects lenders, acquirers, board reporting, and how much cleanup work lands on finance teams in the final quarter. Corpenza usually sees the pressure first in the handoff between audit and compliance, tax structuring, and company formation and accounting. If those files do not agree, the audit question gets harder very quickly.

What usually triggers a mandatory audit in the EU?

At EU level, the audit question usually starts when a company is a public-interest entity or when its size moves it out of the light regime for micro and small undertakings. The European Commission’s audit overview and financial reporting page show that audit and reporting duties sit inside one legislative framework, but the final obligation is applied through national law after transposition.

So there is no single magic turnover number that answers the question for every company in every Member State. Legal form matters. Group structure matters. Headcount matters. Regulated status matters too. That is why a founder who only watches revenue often spots the issue too late.

Which size thresholds matter in 2026?

The Commission’s guidance on the Accounting Directive sets out the current size thresholds used to classify undertakings. For 2026 work, the most useful three buckets are micro, small, and medium-sized. They are measured by balance sheet total, net turnover, and average number of employees during the financial year.

CategoryBalance sheet totalNet turnoverAverage employees
Micro≤ €450,000≤ €900,000≤ 10
Small≤ €7,500,000≤ €15,000,000≤ 50
Medium-sized≤ €25,000,000≤ €50,000,000≤ 250

That table is useful because it stops the most common mistake. People talk about revenue only. The EU framework does not. If the balance sheet has grown, inventory has piled up, receivables are heavy, or payroll has expanded, the audit conversation can move even when revenue alone looks manageable.

The same Commission material says the thresholds were updated by delegated act in 2023. On the Commission’s monitoring page for Delegated Directive 2023/2775, the transposition deadline is shown as 24 December 2024. The page accessed on 19 June 2026 also shows full transposition measures communicated by 26 Member States, with Spain still listed under non-communication.

Are listed companies, banks, and insurers automatically in scope?

In practice, yes, they sit in the higher-scrutiny category. The Commission’s 31 May 2016 Q&A on the EU statutory audit framework says entities are public-interest entities when they meet the criteria of a listed company, a credit institution, or an insurance undertaking under EU law. Member States may also designate other entities as public-interest entities when they have significant public relevance.

That matters even for private groups. A business can stay founder-owned and still drift into a heavier control environment because it enters regulated activity, adds a licensed finance piece, or prepares for a listing. When that happens, the audit question stops being theoretical.

Why is there no single EU-wide revenue trigger?

Because the directives create the framework and Member States apply it through their own law. The Commission’s financial reporting page states that the Accounting Directive was transposed by all EU Member States into national law. That means the structure is European, but the legal filing and audit duty still has to be checked in the country where the company sits.

This is where cross-border groups get caught. A founder sees one threshold table, assumes the answer is uniform, and forgets to check local company law, auditor appointment mechanics, or group-level rules. The European layer gives direction. The local layer decides the filing path.

What should founders check before year-end?

Check the latest approved accounts, the current run rate, employee growth, receivables, stock, fixed assets, debt covenants, and whether any entity is becoming regulated or preparing for a capital-markets event. Then test the group, not only the flagship company. That review is much cheaper in October than in the final week before filing.

It also helps to line up signatories, accounting support, and working papers early. If the business may need a statutory audit, the cleanest path is to prepare the evidence pack before the auditor asks for it. Corpenza usually tells founders to pair compliance review with a planning call while there is still time to fix small gaps.

Where do companies get this wrong?

The most common error is reducing the issue to turnover. The second is ignoring the group. The third is assuming a bank review and a legal audit trigger are the same thing. They overlap, but they do not test the same risk in the same way.

Another problem is waiting for the year-end close to ask the question. By then, missing support for related-party balances, unclear ownership files, or weak reconciliations are no longer small admin issues. They become delays. And delays are expensive.

FAQ

Is there one EU threshold that automatically answers the audit question?

No. The EU framework gives the size criteria and the public-interest entity concept, but the final legal obligation is checked in national law after transposition.

Do small companies always avoid a statutory audit?

Not always. Small status helps, but regulated activity, group structure, or local law can still change the answer.

Why did the 2023 delegated directive matter for 2026?

Because it updated the size criteria used in the Accounting Directive. Any 2026 analysis that still relies on older monetary thresholds is already stale.

What is a public-interest entity in this context?

Under the Commission’s Q&A, listed companies, credit institutions, and insurance undertakings are the core EU categories. Member States may designate others.

What should a founder prepare first if the company may cross the line?

Start with clean financial statements, ownership support, related-party records, and a group map. Then confirm the local legal test before the filing season gets crowded.

This is general information, not legal or tax advice; rules change and depend on your situation.

If you want to check whether your group is moving into audit territory, talk to Corpenza before the year-end rush.

Related Posts

Audit, Compliance and AML for International Companies in 2026
Independent Audit and Compliance

Audit, Compliance and AML for International Companies in 2026

A practical 2026 guide to cross-border audit readiness, beneficial ownership discipline, and AML controls that actually survive banking and diligence.

Annual Reporting and Audit Requirements for Estonian Companies in 2026
Independent Audit and Compliance

Annual Reporting and Audit Requirements for Estonian Companies in 2026

A practical 2026 guide to Estonia annual report deadlines, filing steps, audit triggers and the mistakes that delay founders.

Estonia Startup Visa: Who Qualifies and How to Apply
Residence Permit

Estonia Startup Visa: Who Qualifies and How to Apply

A practical 2026 guide to Estonia startup visa eligibility, the founder route, committee review, and the steps to file cleanly.

Start Your Global Growth Today

Let's reach your business goals together with 50+ expert consultants and partner networks in 9+ countries. First consultation is free.

Get Started
Explore All Services