Payments from the European Union’s €650 billion Covid-19 recovery fund will end by this year, but the fund continues to show multiple weaknesses in fraud detection, reporting and correction, according to a new report published last week by the European Court of Auditors (ECA).
The Recovery and Resilience Facility (RRF) was established in February 2021 as a temporary programme to help EU countries recover from the pandemic and build resilient economies. Unlike the other programmes, funding under the RRF is not based on actual costs incurred but on progress toward milestones and targets.
From the very start, ECA raised the issue of an assurance gap in the RRF, from opinion reports before its launch to special audit reports during its implementation. ECA warned that the RRF funding model leads to a higher risk of errors, irregularities and fraud, but the European Commission largely disagreed with the EU’s financial watchdog.
According to ECA, the shortcomings reflected the design of RRF, where the satisfactory fulfilment of milestones and targets is the main condition for payment.
In its annual report last year on the 2024 EU accounts, ECA issued an "adverse" opinion on EU expenditure because of the overall error rate and a ‘qualified’ opinion on the RRF.
In a previous audit report in October 2024, ECA warned about the risk of double funding. In another report in March 2025, the report concluded that the Commission could not be certain that EU Member States have effective systems to ensure that RRF complies with public procurement and state aid rules.
In an audit last December, ECA found that the exchange of information and cooperation between the EU’s main anti-fraud bodies, the European Public Prosecutor’s Office (EPPO) and the European Anti-Fraud Office (OLAF), was inefficient and affected by mistrust.
The Commission and Member States are jointly responsible for tackling fraud against the EU’s financial interests. National authorities must provide the EU’s executive with guarantees on the effectiveness of fraud prevention, detection and correction systems.
The new audit examined the effectiveness of RRF anti-fraud systems at the Commission and in four countries that were examined in detail: Denmark, Spain, Italy and Romania. It also included a questionnaire for the national RRF authorities in all Member States (24 countries replied).
“The EU and its countries should have set up more effective anti-fraud systems given the size of the recovery fund, its novel financing mechanism, and the reputational damage of fraud,” said Katarína Kaszasová, the Slovakian ECA Member leading the audit. “Fraud with EU money directly harms the EU budget. And perceptions of fraud can make citizens lose trust in the EU.”
According to ECA, the RRF legislation was developed in a rush during the Covid-19 crisis. This affected the Commission’s ability to assess the anti-fraud systems before payments to the Member States started. To manage the RRF, member states were free to set up their own systems.
The auditors found that the EU’s specifications for Member States’ anti-fraud systems were not sufficiently detailed and did not fully cover the responsibilities of all national RRF authorities.
In 10 countries, the Commission did not complete its checks until after the first round of payments, when it still had insufficient evidence that the national anti-fraud systems were effective. Although EU countries did take measures to prevent fraud in RRF funding, these were often delayed.
Fraud detection Achilles heel
The situation was compounded by weaknesses in fraud detection. 65 % of the implementing and audit bodies in the Member States were using a data mining tool (Arachne) that the Commission had developed to detect fraud. The auditors did not find any example that whistleblowing had been used for reporting allegations of RRF fraud cases despite the rules that protect whistleblowers.
There were no standardised criteria for reporting suspected fraud cases. Member states applied different criteria for determining what constitutes fraud and when to report. Only Italy made full use of Arachne and accounted for the vast majority of the over 300 cases of fraud reported to EPPO. According to ECA, they concerned a tangle of cases linked to one action.
In terms of potential corrections, Member States are not required to withdraw projects or suspend payments, and they are not automatically required to return money recovered from fraud to the EU budget.
The current mechanism for reporting on suspected fraud and recoveries will come to an end this year. The final deadline for Member States to complete all project milestones and targets is 31 August. The payment request deadline is 30 September. The Commission has until 31 December 2026 to make final payments.
The spending model for the RRF will also be applied in the new Multiannual Financial Framework (MFF) for 2028-2034. “Our concerns about the RRF are real. We do not consider it to be a performance-based system,” ECA President Tony Murphy said at a hearing last year in the European Parliament's Committee on Budgetary Control.
In its reply to ECA, the Commission highlighted the positive findings in the audit report and deflected the criticism against the shortcomings onto the Member States that bear “primary responsibility of protecting the financial interests of the Union and … for recovering amounts that have been wrongly paid or incorrectly used.”
Contrary to ECA’s views, the Commission’s assessment is that the national systems of the four audited Member States are generally adequately designed to detect fraudulent cases. If the milestones and targets have been satisfactorily satisfied, the Commission has no legal basis to recover funds because they are not considered to have caused any harm to the EU budget.
The Commission fully accepted ECA’s recommendations to improve member state reporting of suspected fraud in the RRF and to issue guidance on their recoveries. The Commission will also establish how member states should report suspected fraud cases after the end of the RRF implementation period in December 2026.
What next?
That said, the Commission commented that projects affected by fraud that are not put forward by the authorities to count towards the satisfactory fulfilment of the respective milestone or target cannot affect the financial interests of the Union. It reiterated “the performance-based nature of the RRF, which pays for a result and not a specific underlying item”.
Did ECA’s limited access to the Commission’s data affect the accuracy of the audit findings? “Due to the strict confidentiality surrounding the data, it’s likely that the amount of information that could be made publicly available in our report would have been limited in any case,” the audit team replied.
The team told The Brussels Times that EU’s financial interests would be better protected if member states reported all fraud cases affecting projects planned to be funded by the RRF irrespective of whether the project was finally included in the payment request as evidence for the fulfilment of milestones or targets.
However, the audit team is hopeful that the Commissions’ acceptance of the recommendations will address the main shortcomings identified in the audit and lead to recoveries at least in confirmed fraud cases.
“The Commission accepted our recommendations and we’ll follow-up whether it has done so by the target dates this year,” the team said. “Whether the main shortcomings identified by the audit will be addressed will depend on member state authorities fully implementing the Commission guidance.”
The bottom-line is that neither the Commission nor ECA has an overall overview of the scale of potential fraud in the RRF. ECA says that it is challenging to estimate the figure but that fraud, irrespective of size, is always worrying and damages EU's reputation.
The auditors referred to EPPO’s annual report for 2024. At the end of the year, EPPO was handling 307 RRF-cases with an estimated damage to the EU’s financial interests amounting to €2.8 billion or 30% of the overall estimated damage for subsidy fraud. The number is expected to increase in the context of the accelerated implementation of RRF funding.
According to EPPO, the prevailing modus operandi in RRF fraud remains the submission of false, incomplete, or misleading information to secure funds unlawfully. Forgery and manipulation of invoices and contracts have been common tactics.
Bribery of public officials and bid rigging have been instrumental to ensure the awarding of contracts with inflated prices to specific companies. Some of the investigations revealed the participation of high-ranking public officials, suspected of illegal behaviour in favour of private beneficiaries, or in situations of conflict of interests.
