Addressing System Deficiencies in the Protection of the Financial Interests of the EU: Preventing Harm and Incentivizing Change

Abstract

The article looks at how “systemic” irregularities or breaches of law imputable to EU Member States are defined in key legal documents relating to the protection of the EU budget – notably with regards to Agricultural, Structural and Recovery funds, and with regards to the Conditionality Regulation. It is argued that “system deficiencies” arise where the financial interests of the European Union are damaged or put at risk because the systems meant to protect these interests in a Member State are considered deficient themselves. The scope of these systems varies with documents: some systems are defined in sectoral legislation and only have relevance for specific funding programmes; other systems have a more constitutional character and are linked to the protection of the rule of law in EU member states. Moreover, the severity of system deficiencies can be graded on a scale. This has implications regarding the extent of the financial consequences which can be imposed on Member States for the protection of the EU budget – how much EU funding should be withheld from them. It is also argued that the rationales underlying the imposition of financial consequences – putting the EU budget out of harm’s way or incentivizing change to reduce risk? – have implications pertaining to the legal and constitutional relationship established between the EU and its Member States.

A. Introduction

Unlike in some other fields, EU budgetary law does provide for a relatively clear definition of the systemic criterion.¹ In a nutshell, “systemic” irregularities or breaches of law arise where the financial interests of the European Union are damaged or put at risk because the systems meant to protect these interests in a Member State are considered deficient themselves. Deficiencies affecting such systems—or “system deficiencies” for the purposes of this special issue—increase the likelihood that breaches of law will occur, which would negatively affect the EU’s financial interests. As will be seen, this approach to the systemic criterion can be found in slightly different forms in key documents of relevance to EU budgetary law, be it in sectoral legislation on Agricultural funds² or Structural funds,³ in legislation applicable to the newer and considerable Recovery funds,⁴ or in generally applicable legislation on the protection of the EU budget in cases of breaches of the principles of the rule of law.⁵

What is more controversial is the issue of determining which consequences should flow from the finding that a system deficiency exists in a Member State. Should EU funding be withheld from that Member State? If so, what funding, and to what extent? In proportion to what should the calculation be made? Should such financial consequences take the form of a suspension or of a definitive cancellation of financial commitments? In appearance technical in nature, such questions help shedding light on the deeper features of the systemic criterion in EU budgetary law. As will be seen, system deficiencies can be graded on a scale of seriousness, from the least to the most severe. In turn, acknowledging different levels of system deficiencies can be used as a proxy for the calculation of the different levels of risk they create for the EU budget. Financial consequences (in a nutshell—how much money is to be withheld from Member States) can be calculated on that basis.

However, in some cases, it appears that avoiding risk is not the only rationale at play in the calculation of financial consequences. The imposition of financial consequences can also appear as a means to incentivize change in a Member State, in order to remedy system deficiencies and therefore address the roots of the risk created to the EU budget. This is where a technical issue of calculation takes a constitutional dimension, raising the question of knowing in which circumstances and to what extent limitations of access to funding for the protection of the EU budget may be used as a means to induce the compliance of Member States with certain requirements.

The article addresses the systemic criterion in EU budgetary law in three parts. First, it shows how a similar approach to the systemic criterion is present in major legislative provisions for the protection of the EU budget in relation to sectoral funds in shared management, to funds under the Recovery and Resilience Facility and for the protection of the EU budget in cases of breaches of the principles of the rule of law under the Conditionality Regulation. Second, it reviews in greater detail the features of the systemic criterion in EU budgetary law by looking into the gradation in system deficiencies and to which extent financial consequences are—or not—themselves calculated in proportion to the level of seriousness of these deficiencies. Finally, the article analyses the sometimes-overlapping rationales at play in the calculation of the financial consequences imposed as a response to system deficiencies, and argues that it should be explicitly accepted that such financial consequences may partly be calculated on the basis of the level of compliance by Member States with requirements for the protection of the EU budget.

B. The Systemic Criterion in EU Budgetary Law: Addressing Weaknesses in the “Systems” Meant to Protect the EU Budget

A similar understanding of the systemic criterion applies to several key legal instruments and case-law of relevance to the protection of the EU budget. As this article argues, the criterion tends to be used to address weaknesses or deficiencies in the systems set in place at national level to manage or prevent risks to the financial interests of the European Union. This can be observed notably in (I) EU legislation applicable to the “shared management” of funds between EU institutions and national authorities; (II) in the horizontally applicable Regulation 2020/2092 providing a general regime of conditionality for the protection of the Union budget (Conditionality Regulation); and (III) in the conditions provided for in the Regulation establishing a Recovery and Resilience Facility.

I. Shared Management: Protecting Funds from Deficiencies in Management and Control Systems

Article 317(1) of the Treaty on the Functioning of the European Union assigns to the European Commission the responsibility to “implement the budget,” “in cooperation” with the Member States. This responsibility is to be exercised in accordance with regulations adopted under article 322(1) TFEU. Prominent amongst them, the Financial Regulation⁶ distinguishes between different “methods of implementation” of the EU budget.⁷ In a nutshell, these methods entrust budget implementation tasks to the Commission directly (direct management),⁸ allow for the sharing of these tasks with Member States (shared management),⁹ or to entrust them to other persons or entities (indirect management).¹⁰ However funds are managed, EU law provides for measures to be taken for the protection of the financial interests of the European Union. For instance, article 325 TFEU is the legal basis for the adoption of measures to “counter fraud and any other illegal activities affecting the financial interests of the Union,” those measures being “such as to afford effective protection in the Member States, and in all the Union’s institutions, bodies, offices and agencies.”¹¹ Yet, it is arguably with regards to EU funds in shared management that the systemic criterion is the most explicitly¹² defined in relation to the protection of the financial interests of the Union.

The Common Provisions Regulation¹³ provides for common legal provisions on eight funds in shared management, including 392 billion euros of funding for Cohesion policy over the 2021-2027 period.¹⁴ The document makes explicit references to the systemic criterion in relation to “systemic irregularities” affecting these funds. For clarity’s sake, it is worth explaining first how particular “irregularities” are defined in wider EU budgetary law, before looking at their systemic variant.

“Irregularities” refer to “any breach of applicable law, resulting from an act or omission by an economic operator, which has, or would have, the effect of prejudicing the budget of the Union.”¹⁵

The prejudice inflicted on the budget may derive from a reduction or loss of “revenue accruing from own resources collected directly on behalf of the [Union],”¹⁶ or by charging an “unjustified item of expenditure” to that budget.¹⁷ As confirmed by the Court, the concept of irregularity in this context is thus composed of three cumulative elements. In the first place, the existence of an infringement of EU law, which covers “not only breaches of a provision of EU law as such,” but which may also cover breaches of the “provisions of national law which are applicable to operations supported by” an EU Fund, for instance in relation to Structural Funds.¹⁸ In the second place, the breach of law must be the result of “an act or omission by an economic operator.” While this encompasses the actions or omissions of “any natural or legal person, or other entity involved in the implementation of the Funds,” it is specified that Member States themselves are not considered as economic operators when they are exercising their “prerogatives as a public authority.”¹⁹ In the third place, the breach of applicable law by an economic operator constitutes an irregularity for our purposes where it has, “or would have,” the “effect of prejudicing the budget of the Union.” The Court has interpreted this provision as meaning that it is not necessary to establish “the existence of a specific financial impact” it is “sufficient that the possibility of an impact on the budget of the funds concerned is not excluded.”²⁰ The notions of risk or of “probability of occurrence” are therefore built in the way EU law construes the concept of irregularity in relation to EU funds.

Given the definition above, it might appear somewhat surprising that “systemic irregularities” are not presented as a simple derivation of particular irregularities—such as an amped up, more frequent, persistent, wide ranging or more serious variant of irregularities. Instead, the conceptual construction of systemic irregularities really changes the focus from looking at the conduct of economic operators, to assessing how well Member States have set up “management and control systems” to detect, prevent and remedy particular irregularities in relation to EU funds. In the vocabulary of the Common Provisions Regulation, a “systemic irregularity” means “any irregularity, which may be of a recurring nature, with a high probability of occurrence in similar types of operations, which results from a serious deficiency [ … ].”²¹

Thus, irregularities are not systemic in themselves, but in that they are the symptoms of a problem—a “serious deficiency.” A serious deficiency arises where Member States fail to guarantee sufficiently “the effective functioning of the management and control system of a [funding] programme” and where “significant improvements in the management and control systems are required” in line with applicable EU legislation.²² It is not essentially²³ because irregularities are recurrent that they are systemic; rather, irregularities become systemic when the management and control systems which are supposed to prevent them are flawed to the point where irregularities have a “high probability of occurrence” in similar situations.²⁴

A similar approach characterizes the protection of funds for the Common Agricultural policy, totalizing 373.8 bn euros for the 2021-2027 period—99.1% of which is implemented under the principle of shared management with Member States.²⁵ Regulation 2021/2116 on the financing, management and monitoring of the common agricultural policy²⁶ provides that Member States “shall adopt all laws, regulations and administrative provisions and take any other measures necessary to ensure effective protection of the financial interests of the Union.”²⁷ To that end, Member States, “shall set up efficient management and control systems in order to ensure compliance with the Union legislation governing Union interventions. Member States shall take the actions necessary to ensure the proper functioning of their management and control systems and the legality and regularity of expenditure declared to the Commission.”²⁸

The national bodies constituting these management and control systems form part of the “governance systems” set up in Member States to manage agricultural funds. The applicable legislation defines “serious deficiencies in the proper functioning of the governance systems” as amounting to “the existence of a systemic weakness, taking into account its recurrence, gravity and compromising effect on the correct declaration of expenditure, the reporting on performance, or the respect of Union law.”²⁹ Thus, following a similar approach to that taken in the Common Provisions Regulation, the systemic criterion refers in the context of the Common Agricultural Policy to weaknesses in the (control and management or governance) systems set up for the protection of the financial interests of the EU. As will be seen, this approach is also dominant in other major documents laying down protections for the EU budget.

II. The Conditionality Regulation: the Rule of Law as an Overarching Control System

As its full name makes clear, the Conditionality Regulation is meant “for the protection of the EU budget” by the setting up of “a general regime of conditionality.”³⁰ It applies to the whole EU budget, including Recovery Funds,³¹ which in legal terms exist alongside the traditional seven year budget laid down in the EU Multi-annual Financial Framework.³² Remarkably, the name previously given to this Regulation employed a vocabulary revolving around the systemic criterion. In the legislative proposal submitted by the European Commission two years and a half before its final adoption (“the legislative proposal”), the document had a different title: Regulation “on the protection of the Union’s budget in case of generalized deficiencies as regards the rule of law in the Member States.”³³ In its designation as well as in the rest of the document, mentions of “generalized deficiencies as regards the rule of law” have been erased and replaced by the more particular reference to “breaches of the principles of the rule of law.”³⁴

Such changes hint that one important issue in the heated³⁵ negotiations of the Conditionality Regulation concerned the extent to which the document would employ terms associated with the systemic criterion and its lexical register. This translated in a back-and-forth in the document itself. For instance, a concession to drop the reference to “generalized deficiencies” in favor of “breaches of the principles of the rule of law” only led to more detailed periphrases to keep the original idea, if not the formulation, in the Regulation. The Preamble to the Regulation now provides that, while “individual breaches of the principles of the rule of law” can “seriously harm the financial interests of the Union,” such is “even more” the case “for breaches that are widespread or due to recurrent practices or omissions by public authorities, or to general measures adopted by such authorities.”³⁶ At the same time, it is only in the Preamble that such terms are employed, not in the articles of the Regulation themselves. If “systemic” vocabulary remains present in the document, it is so in a legally convoluted way.

Equally contentious stances over the systemic criterion have been taken at the point of application of the Conditionality Regulation by the Commission to Hungary. In the Fall of 2022, the Commission issued a proposal for a Council Implementing Decision “on measures for the protection of the Union budget against breaches of the principles of the rule of law in Hungary.”³⁷ The proposed measures provide for the suspension of a substantial amount of Cohesion funds and for a prohibition from entering into legal commitments—leading to the benefit of EU funds—with specific types of actors in Hungary,³⁸ notably preventing a number of its universities from benefitting from Horizon Europe or ERASUMS+ funding.³⁹ The Implementing Decision was adopted by the Council on December 15, 2022. Remarkably, the systemic criterion constitutes a key component of the dispute between Hungary and the Commission over how the Conditionality Regulation is to be interpreted and applied. Indeed, the Commission placed the systemic criterion at the very heart of its case against Hungary, “In light of all the foregoing, the Commission considers that the issues identified [ … ] constitute systemic breaches of the principles of the rule of law within the meaning of Article 2(a) of the Conditionality Regulation [ … ].”⁴⁰ It is worth noting that article 2(a) of the Conditionality Regulation does not define by itself what a “systemic” breach of the rule of law is. Contesting the Commission’s findings, took the line that “the weaknesses in public procurement” noted by the Commission “were not of a systemic nature.”⁴¹

Whereas the above suggests that the systemic criterion is both important and contentious with regards to the negotiation, adoption and application of the Conditionality Regulation, the precise meaning of this criterion is not immediately obvious. Contrary to what was seen with structural and agricultural funds, there is no clear and explicit legislative definition of that criterion. At first sight, the vocabulary employed in both the first and final versions of the Conditionality Regulation suggests a meaning of this criterion along the lines of “generalized” or “general and persistent” breaches of EU law, rather than one falling within the conceptual category of “system deficiencies” found in sectoral funds.⁴² As has been noted, the initial title of the Regulation mentioned “generalized deficiencies,” whereas Paragraph 15 of its Preamble in the adopted text makes clear that the mechanism shall also target “widespread” breaches of law, “recurrent practices or omissions” and “general measures.” However, it is argued in the present article that both the object and rationale of the Regulation clearly point towards a use of the systemic criterion in the sense of system deficiencies.

Indeed, the object of the Conditionality Regulation is not simply to protect the EU budget, but to do so in situations where that budget is put at risk due to the breach of the legal principles of the rule of law in a Member State. The underlying rationale is that without proper respect for the rule of law, there is a risk that “cases of fraud, including tax fraud, tax evasion, corruption, conflict of interest or other breaches of the law” will not be “effectively pursued by investigative and prosecution services,” whereas “arbitrary or unlawful decisions of public authorities, including law-enforcement authorities” may escape judicial review if courts lack independence.⁴³ The Conditionality Regulation is about protecting the EU budget in cases where the structures and practices of the State itself would put it at risk. It is implied that such structures and practices, if well–functioning and abiding by the rule of law, contribute to protecting the budget in a way akin to an overarching control system.

Thus, the Conditionality Regulation obeys a rationale which is similar to that of sectoral funds in that it relies on an understanding of systemic breaches as meaning deficiencies in the system creating risks for the financial interests of the European Union. One may even advance that management and control systems for the protection of sectoral funds are really particular systems, compared to the higher order nature of the rule of law requirements for the protection of the EU Budget under the Conditionality Regulation, which target the institutional structures and functioning of the State itself.

Indeed, even though the Member States themselves are responsible for the well-functioning of management and control systems in relation to sectoral funds⁴⁴, these systems exist specifically in relation to EU funding programmes. The Financial Regulation provides that it is “[i]n accordance with the criteria and procedures laid down in sector-specific rules” that “Member States shall, at the appropriate level, designate bodies to be responsible for the management and control of Union funds.”⁴⁵ These bodies are referred to as “programme authorities” in the Common Provisions Regulation—a management authority and a control authority.⁴⁶ If Member States are free to make these authorities responsible for more than one programme,⁴⁷ the institutional make-up of the management and control systems remains functionally attached to the implementation needs of EU funding programmes specifically.

By contrast, the Conditionality Regulation does not specifically target programme–specific authorities but whole branches of government such as “executive powers”⁴⁸ or “the judiciary,”⁴⁹ also referring to “law-enforcement authorities”⁵⁰, “public authorities”⁵¹ or “government entit[ies].”⁵² The Conditionality Regulation targets the very functioning of the State in situations in which the financial interests of the EU are at stake. In that sense, it arguably presents a stronger “systemic” quality than any other piece of budgetary legislation, even without mentioning the term itself in its preamble or articles. It gives a more fundamental constitutional and administrative legal dimensions to the concerns of the protection of the EU budget. In comparison, the management and control systems linked to funding programmes appear akin to sub–systems, themselves dependent on the correct observance of the principles of the rule of law as legal requirements bearing on the overarching system of the State architecture and practice wherever the protection of the EU budget is concerned.

III. The Recovery and Resilience Facility: Effective Control Systems as a Condition for Funding

The Recovery and Resilience Facility (RRF) provides for 672.5 billions of euros in grants and loans (in 2018 prices)⁵³ with the original purpose of “tackl[ing] the adverse effects and consequences of the COVID-19 crisis in the Union.”⁵⁴ Later amendments under the RePOWER EU initiative allowed for the use of RRF funding to also tackle the energy crisis which accompanied Russia’s war against Ukraine.⁵⁵ The RRF Regulation lays down a legal obligation on Member States being granted or borrowing RRF funds to “take all the appropriate measures to protect the financial interests of the Union.“⁵⁶ Member states are to “ensure that the use of funds in relation to measures supported by the Facility complies with the applicable Union and national law, in particular regarding the prevention, detection and correction of fraud, corruption and conflicts of interests.”⁵⁷ Mirroring the approach taken for the protection of Agricultural or Cohesion funds, the RRF Regulation foresees that, “[t]o this effect, Member States shall provide an effective and efficient internal control system and the recovery of amounts wrongly paid or incorrectly used.”⁵⁸ In so doing, “Member States may rely on their regular national budget management systems.”

In addition, and importantly, the RRF Regulation introduces conditionality provisions⁵⁹ allowing EU institutions to wield a strong influence on the features and functioning of the national institutions and procedures meant to deal with and protect the financial interests of the Union—including higher order protections related to the rule of law.

This is made possible by making access to RRF funds conditional upon the adoption and implementation of reforms for the purpose of that protection. In order to benefit from RRF funding, Member States must submit national Recovery & Resilience Plans to the Commission for assessment.⁶⁰ Through these Plans, Member States commit to adopting reforms and making investments, with related targets and milestones, in line with the conditions and objectives of the RRF Regulation.⁶¹ When the Commission makes a positive assessment of a Plan, it issues a recommendation to the Council for it to adopt the Plan through an Implementing Decision,⁶² paving the way for the disbursement of funding in step with the fulfillment of the conditions listed in the Plan.⁶³

The assessment made by the Commission shall take into account criteria listed under article 19 of the RRF Regulation, notably covering issues relating to arrangements for the protection of the financial interests of the EU. A criterion of “effectiveness” obliges the Commission to make sure inter alia that “arrangements proposed by the Member States concerned are expected to ensure an effective monitoring and implementation of the recovery and resilience plan, including the envisaged timetable, milestones and targets, and the related indicators.” Under the criterion concerning “efficiency,” the Commission shall assess whether the arrangements proposed by the Member State concerned are expected to prevent, detect and correct corruption, fraud and conflicts of interests when using the funds provided under the Facility, including the arrangements that aim to avoid double funding from the Facility and other Union programmes.⁶⁴

These criteria are to be applied in accordance with Annex V to the RRF Regulation.⁶⁵ Point 2.10 of that annex specifies key requirements for the appropriateness of the arrangements provided for by Member States. These requirements are cumulative, as indicated by the repeated use of the coordinative conjunction “and”:

[ … ] the internal control system described in the recovery and resilience plan is based on robustprocesses and structures, and identifies clear actors (bodies/entities) and their roles and responsibilities for the performance of the internal control tasks; it notably ensures appropriate segregation of relevant functions; and

— the control system and other relevant arrangements, including for the collection and making available of data on final recipients described in the recovery and resilience plan, in particular to prevent, detect and correct corruption, fraud and conflicts of interests when using the funds provided under the Facility are adequate; and

— the arrangements described in the recovery and resilience plan to avoid double funding from the Facility and other Union programmes are adequate; and

— the actors (bodies/entities) responsible for controls have the legal empowerment and administrative capacity to exercise their foreseen roles and tasks.⁶⁶

These requirements help us understand what constitute adequate control systems under the RRF Regulation. However, they are not very precisely defined: For instance, it is not specified exactly what makes an arrangement “adequate” or what counts as “robust” processes and structures. Nevertheless, these concepts can be clarified by looking at other instruments and case–law pertaining to the protection of EU funds, including the Conditionality Regulation.⁶⁷ Moreover, once the Council has endorsed a National Recovery Plan through an Implementing Decision, the Commission and the Member State shall flesh out latter’s precise obligations in dedicated agreements.⁶⁸

This short overview shows that all of the budgetary instruments included in the present analysis foresee that certain systems must be in place to ensure the protection of the financial interests of the EU. The precise definition of these systems may vary: “[M]anagement and control systems” (or equivalent) defined in sectoral legislation; principles of the rule of law of relevance for the protection of the financial interests of the EU; key features of control systems defined in pre–agreed Plans, the fulfillment of which is set as a condition for access to funding.

Moreover, it should be underlined that the imposition of conditions is not specific to the RRF. Indeed, Article 15 of the Common Provisions Regulation, read together with its Annexes III and IV, provides for “enabling conditions” concerning in particular the “effective monitoring mechanisms of the public procurement market” and the “effective application and implementation of the Charter of Fundamental Rights.” In case these conditions are not fulfilled, the Commission is to refuse reimbursement of the related expenditure declared by the Member State.

The scope of these conditions is itself narrower than that of conditions relating to the respect for the principles of the rule of law under the Conditionality Regulation—which concerns the overarching system of the State. They do not allow for preventive “suspension of approval of one or more programmes, as well as the suspension of commitments under shared management”⁶⁹—nor for suspension of funding on the scale of the RRF. Yet, as will be seen, even more important differences between these instruments concern the ways in which such suspensions and other financial consequences are calculated—or not—on the basis of different levels of seriousness of system deficiencies in the protection of the EU budget.

C. Different Levels of System Deficiencies and Their Implications Regarding the Access of Member States to EU Funds

Systems ensuring the protection of the EU Budget may be deficient—but how deficient? Far from construing system deficiencies in a binary way, EU budgetary law tends to understand these deficiencies as presenting different levels of seriousness, themselves connected to the amount of risk created for the financial interests of the EU. This gradual approach to deficiencies is usually mirrored in the progressive nature of the financial consequences imposed on Member States as a response to that risk, with due regard to the principle of proportionality. However, an apparent break with that logic arises with the all–or–nothing approach developed in the application of the RRF Regulation, allowing for all funding to be withheld until specified conditions are met.

I. Sectoral Instruments: a Gradation of Deficiencies Linked to Different Levels of Financial Corrections

It has long been accepted in EU budgetary law that systemic deficiencies can be graded on a scale—they do not constitute a simple, qualitative–only category. Building on pre–existing practice, a “Commission interdepartmental working party”⁷⁰ issued in 1993 a Report⁷¹ (the Belle Group Report), which was endorsed by the Commission and which addressed the issue of which “financial consequences” should derive from (inter alia) “investigations identifying deficiencies in the control processes of a Member State”⁷² in relation to what was then the European Agricultural Guidance and Guarantee Fund (EAGGF).⁷³ In cases in which it would prove too difficult to arrive at a straightforward calculation of the costs incurred to the EU budget proves in relation to deficiencies, the Report developed criteria to determine different flat rates of financial correction⁷⁴ to be imposed, in relation to the level of risk that deficiencies cause to the EU budget:

A. 2% of expenditure - where the deficiency is limited to parts of the control system of lesser importance, or to the operation of controls which are not essential to the assurance of the regularity of the expenditure, such that it can reasonably be concluded that the risk of loss to the EAGGF was minor;

B. 5% of expenditure - where the deficiency relates to important elements of the control system or to the operation of controls which play an important part in the assurance of the regularity of the expenditure, such that it can reasonably be concluded that the risk of loss to the EAGGF was significant;

C. 10% of expenditure - where the deficiency relates to the whole of or fundamental elements of the control system or to the operation of controls essential to assuring the regularity of the expenditure, such that it can reasonably be concluded that there was a high risk of widespread loss to the EAGGF.⁷⁵

As noted by Advocate General Léger, “the report also states that it is possible to refuse the whole of the expenditure and that, therefore, a higher rate of correction may be held appropriate in exceptional circumstances” ⁷⁶—adding a higher possible rate of correction to the first three.

This approach has generally survived since then in relation to agricultural funds, although with new specifications.⁷⁷ For our purposes, this approach makes clear that deficiencies can be graded on a scale (“limited to parts of the control system of lesser importance;” “relates to important elements of the control system;” “relates to the whole or fundamental elements of the control system”…). This gradation is used to calculate the level of financial correction to be imposed on the Member States concerned – how much of the funds will have to be withheld from them in relation to unlawful expenditure. In this regard, full withdrawal from a funding programme is now reserved for the most extreme situations⁷⁸—although a lower threshold was accepted in the past for full withdrawal.⁷⁹

A similar approach has been followed regarding funds governed by the Common Provisions Regulation, which also distinguishes between several levels of seriousness to qualify systemic deficiencies. Just like for agricultural funds, these different levels of seriousness reflect a graded level of estimated risk for the EU budget. The risk to the “legality and regularity” of expenditure is highest where a “serious deficiency(ies) is so fundamental, frequent or widespread that it represents a complete failure of the system.” The next three levels of failure, in decreasing order, represent respectively an “extremely serious failure of the system;” a “system not fully functioning” or doing so “poorly” and “infrequently” in light of EU legal requirements; and a “system not functioning consistently.”⁸⁰ Like for agricultural funds, the severity of the deficiency is assessed in relation to the level of risk it poses—itself graded on a scale—to the expenditure concerned in a given system. Thus, “the legality and regularity of all of expenditure concerned” is put at risk where the serious deficiency is “complete,” whereas a “very high,” “high and “significant” proportions of the expenditure are respectively put at risk by the next three levels of severity of the deficiency.⁸¹ The Common Provisions Regulation provides for a gradation system in its Annex XXV to identify the proportion of EU funding to be withheld in relation to the levels of severity of deficiencies in the management and control systems for a specific funding programme. Thus, flat-rate corrections of 100%, 25%, 10% and 5% are respectively attached to levels of deficiency evaluated as “complete,” “very high,” “high and “significant.”⁸²

II. Different Levels of Risks Attached to Systemic Breaches of the Principles of the Rule of Law

Now turning to risks for the EU budget related to rule of law concerns, it is noticeable that, in its proposal for a Council Implementing Decision for the application of the Conditionality Regulation against Hungary, the Commission appears to approach the application of that Regulation with a similar perspective as that which is followed in sectoral instruments. The Commission evaluates as “very significant” the “potential impact” of the breaches of the principles of the rule of law “on the sound financial management of the Union budget and on the financial interests of the Union.” Looking at public procurement in particular, the Commission states that “in principle, some public procurement procedures may not be affected by those systemic breaches.”⁸³ As a consequence, the Commission notably proposed to the Council that 65%⁸⁴—not 100%⁸⁵—of EU funding be suspended for “cohesion policy programmes 2021-2027 that are expected to be implemented mainly through public procurement.” The Council lowered that amount to 55%, to take into account “the number and significance of remedial measures that have been satisfactorily implemented by Hungary to address the identified breaches of the principles of the rule of law.”⁸⁶

Thus, the breaches of the rule of law at stake have not given rise to a “complete”—or equivalent—failure of the Member State to guarantee the sound financial management of the Union budget and the protection of the financial interests of the Union. This suggests that, for the Commission, system deficiencies in Hungary still stand in a category below the highest possible level of severity in putting the EU budget at risk.

Furthermore, these deficiencies may slide further down the scale of severity if the Member State adopts and implements appropriate measures to remedy these breaches—as Hungary has promised to do.⁸⁷ Indeed, article 7 of the Conditionality lays down a path for the gradual lifting of measures restricting Member States’ access to EU funding, accompanying progress in remedying deficiencies.⁸⁸

It should be noted, however, that such a gradation system has not been formalized in the Conditionality Regulation as clearly as in sectoral instruments. No set thresholds or flat rates have been set for suspensions of budgetary commitments in Member States engaging in systemic breaches of the principles of the rule of law. In fact, it would appear more difficult to do so for such breaches than in relation to deficiencies in the management and control systems in place for sectoral EU funding programmes. Whereas the latter can be assessed on the basis of a relatively smaller number of criteria and parameters, breaches to the principles of the rule of law concern incomparably more elaborate and wide-ranging national institutional systems.

Moreover, breaches of the principles of the rule of law may affect “the Union budget as a whole,” which also means that they may have differentiated impacts in different areas of involvement of the EU budget. For instance, the Commission has so far mainly put the focus on risks concerning public procurement, as well as the role of specific public actors, as being particularly prominent in relation to the breaches of the rule of law observed in Hungary.

Virtually, different proportions of EU funds may have to be withheld in different programmes, for the same breaches of the principles of the rule of law.

Also, as will become apparent in the next subsection (III), the mechanism for the gradual lifting of financial consequences in the Conditionality Regulation should be contrasted with the conditionality mechanism at play in the RRF Regulation, even though the remedial measures promised by Hungary under the Conditionality Regulation are explicitly⁸⁹ put in parallel with the milestones which have to be fulfilled by the same Member State under the RRF Regulation with regards to the protection of the financial interests of the EU.

III. Conditionality and the Potential for the Gradation of System Deficiencies Under the RRF

In principle, the general construction of the Recovery and Resilience Facility would allow for gradation in assessing different levels of system deficiencies concerning the protection of the EU Budget, giving rise to a similarly staged approach to financial consequences. However, it is noteworthy that this route has not been made as available by the RRF Regulation as extensively it could have, and not used as much as was available. As a result, the RRF has set up a powerful conditionality mechanism allowing in some cases for all funding to be withheld until requirements related to the protection of the EU budget are met.

Section B(III) of the present article has already described how Member States must be awarded a positive assessment of their Plans by the Commission in order to be entitled to receive funding under the RRF, while annex V of the RRF Regulation provides guidelines on the criteria to be used for that assessment. The level of satisfaction of these criteria can in most cases be graded on scale, such as: “[T]o a large extent,” “to a medium extent” or “to a small extent”—or equivalent formulations.⁹⁰ However, and remarkably, gradation is not made available with regards to the arrangements set up by Member States to set up efficient control systems for the protection of RRF funds: The only two possible answers to choose from are “adequate arrangements” or “insufficient arrangements.”⁹¹ Should the latter apply, the Commission would have to draw the conclusion that “the recovery and resilience plan does not comply satisfactorily with the criteria set out in Article 19(3)” of the Regulation, meaning that “no financial contribution shall be allocated to the Member State concerned.”⁹²

Therefore, RRF funding should not be unlocked at all in situations in which such the systems provided for in the Plans would be inadequate. By design, no place is left for gradation in the levels of seriousness of the deficiency of these systems. This is relatively unsurprising, given that what is at stake are the objectives laid out in National Recovery Plans regarding protection systems, and not only their actual state in Member States.

Where these Plans fulfill the necessary criteria and are assessed positively, other safeguards gear into place, allowing for the Commission to reduce and recover funding under the RRF should the systems in place for the protection of the financial interests of the Union be lacking.

For this purpose, the proposal made by the Commission for a Council Implementing Decision under the RRF Regulation shall notably lay down “the arrangements and timetable for monitoring and implementation of the recovery and resilience plan including, where relevant, measures necessary for complying with Article 22”⁹³ on the protection of the financial interests of the Union. Agreements concluded with the Commission integrate these obligations and find their bite in the link make with (continued) access to RRF funding. Indeed, under article 22(5), the agreements

shall also provide for the right of the Commission to reduce proportionately the support under the Facility and recover any amount due to the Union budget or to ask for early repayment of the loan, in cases of fraud, corruption, and conflicts of interests affecting the financial interests of the Union that have not been corrected by the Member State, or a serious breach of an obligation resulting from such agreements.

In addition, the milestones and targets agreed between Member States and EU institutions as a condition for continued access to RRF funding may themselves include provisions relating to the protection of the financial interests of the EU. In principle, a conditionality mechanism could allow for the fulfillment of milestones and target in stages, over time—which could have led to remedying system deficiencies over time. However, a more radical approach has been chosen in the implementation of the RRF Regulation. Most prominently, the Council Implementing Decision endorsing Hungary’s National Recovery Plan makes clear that access to RRF funding will be conditional upon the fulfilment of milestones meant to “ensure the protection of the financial interests of the Union and the establishment of an adequate control system, before any payment under the Facility is authorized by the Commission.”⁹⁴ In the case of the Polish National Recovery Plan, the Council Implementing Decision endorsing it provides that no funding under the RRF will be unlocked until milestones are fulfilled to guarantee an effective judicial protection in Poland, “[t]aking into account that effective judicial protection is a prerequisite for the functioning of an internal control system.”⁹⁵

Thus, the RRF provides for a mix of all–or–nothing and gradual approaches to the financial consequences attached to system deficiencies. At the assessment stage, all RRF funding may be denied to Member States if their Plans do not respect requirements relating to the protection of the EU budget. After that, it is again possible to suspend access to all RRF funding until specific milestones or targets are reached relating to the improvement of the systems in place for protection of the EU Budget—although a more gradual approach to such milestones could arguably have been designed as well. Finally, continued system deficiencies may lead the Commission to engage in a proportionate reduction of support under the RRF, to recover amounts due to the EU budget or ask for an early repayment of loans. This mix of approaches followed in the implementation of the RRF Regulation raises question, especially when compared to the approaches followed in the Conditionality Regulation and in relation to sectoral funds. When—and why—is it justified to withhold funding from Member States in proportion to a graduated level of risk, or to do so in relative disconnection to an estimated level of risk?

D. Keeping the Budget Away from Deficient Systems or Pushing for the Improvement of These Systems: The Two Faces of Financial Consequences

Two different rationales—albeit overlapping ones—appear to govern the legal provisions for the protection of the EU budget in cases of system deficiencies. On the one hand, such provisions may aim to keep the budget out of harm’s way, by denying funding in part or in whole to operations or programmes where the systems in place for the protection of the EU budget are inadequate. On the other hand, some of the same and other legal provisions aim to create incitement mechanisms for the improvement of such systems, in order to lower the negative impact or amount of risk to which the EU budget would be subjected once made available. While the first rationale has been embraced explicitly by EU institutions, acknowledging the second appears less evident. However, the present article argues that doing so, at least to an extent, would improve the legal discussion on the types and amounts of financial consequences which can be attached to system deficiencies for the protection of the EU budget.

I. Keeping the EU Budget Out of Harm’s Way by Reducing its Exposure to Risk

Looking more precisely at how and in proportion of what financial consequences are calculated in cases of system deficiencies can give precious indications as to which rationale applies to them. In relation to sectoral funds, we have seen that financial corrections can be imposed on Member States when deficient management and control systems put at risk the financial interests of the EU. Different means of calculation are made available under EU law to determine the amount of a financial correction. In some cases, where the irregularities are known and quantifiable, it is possible to track down what part of the expenditure is irregular and to calculate the correction accordingly. However, this may prove too difficult to do in certain instances, either because of the nature of the irregularity or simply because the administrative and investigative powers of the Commission are too limited.⁹⁶ To ensure the protection of the EU budget, the Commission may thus analyze a smaller sample of Member State practices in relation to sectoral funding and extrapolate the probable amount of overall funding in the area affected by irregularities.⁹⁷ In such cases, a clear link exists between the amount of funding affected by irregularities and the amount of the financial correction.

However, where the control systems supposed to catch irregularities are deficient, it may appear impossible to determine how much funding corresponds to irregular expenditure and, therefore, how important the financial correction should be. In such cases, EU law and practice have produced an approach whereby the financial correction is linked to the level of risk posed to the EU budget,⁹⁸ rather than on the amount of expenditure found to be irregular. That level of risk is in turn associated with a level of seriousness of the system deficiency from which it emanates—allowing for a calculation of the financial correction with regards to the level of seriousness of the system deficiency,⁹⁹ and not directly to an (unknown) number of expanses likely to have been spent irregularly. As we know, each level of seriousness is supposed to acts as a proxy to different amount of risk caused by the deficiency to the EU budget, leading to different levels of financial correction.¹⁰⁰

Thus, the above suggests that reducing the exposure of the EU budget to risk is a clear rationale for withholding funding from Member States in relation to sectoral instruments where system deficiencies are spotted. Importantly, the review of the proportionality of financial corrections will normally be conducted in relation to that risk: It would be disproportionate to impose a financial correction of a magnitude exceeding that which corresponds to the applicable level of seriousness of a system deficiency¹⁰¹—itself signaling a different level of risk posed to the EU budget.

A similar rationale appears to be at play with the Conditionality Regulation. Article 4(1) of that Regulation provides that a negative impact or “risk” posed to the financial interests of the Union may justify triggering measures for the protection of the EU budget.¹⁰² As stated in Article 5(3), the proportionality of measures adopted under the Conditionality Regulation is to be determined, notably, “in light of the actual or potential impact of the breaches of the principles of the rule of law on the sound financial management of the Union budget or the financial interests of the Union.” Moreover, the calculation of the proportion of funding to be suspended in Hungary under the Conditionality Regulation is clearly tied to the risk for the budget created by deficiencies in (inter alia) public procurement procedures.¹⁰³

A connection is thus made between the importance of the financial consequence and the level of risk to the EU budget, the former increasing or decreasing in line with the variations of the latter. In the case of Hungary, in accordance with Article 7 of the Conditionality Regulation, the amount of funding to be suspended will likely be adapted in line with the number and importance of remedial measures adopted in Hungary. Indeed, Council seems to have endorsed this approach when it lowered to 55% the initial estimation by the Commission of 65% of risk for funding engaged in the programmes concerned in Hungary, for the reason that a number of remedial measures had already been adopted by that Member State. Note that it is not automatic in EU budgetary law that the formal adoption of remedial measures should necessarily entail an automatic lowering of risk, at least until such measures are implemented and have produced an “impact.”¹⁰⁴

II. Inducing Compliance with EU Requirements to Correct System Deficiencies

The second rationale at play has to do with inducing compliance rather than just avoiding risk. Indeed, financial consequences can also be seen as a means to an end: That of inciting Member States to improve deficient systems for the protection of the EU budget. The ultimate aim remains the same: Protecting the EU budget, this time by making sure that deficient systems are improved before EU funds are exposed to them. Yet, the legal construction and calculation of financial consequences follows a different path, whereby the amounts of EU funding which can be withheld are not solely connected to the level of risk to which they are or would be actually exposed, but also to the level of compliance of Member States with requirements to lower risk.

This rationale can be observed most clearly in the way conditionality mechanisms function under the RRF Regulation. When milestones are agreed upon to improve protection systems and, ultimately, to protect the EU budget from risk, these milestones certainly are formulated with a view to being fulfilled. They establish an incentive structure whereby requirements must be met for RRF funding to become available.

The compliance pull of such a conditionality mechanism is all the greater where all RRF funding is withheld from Member States such as Hungary or Poland for as long as milestones relating to the protection of the EU budget are not met. Such situations of maximum “leverage”¹⁰⁵ show in stark terms that the financial consequences for Member States of having deficient systems are really calculated in relation to their compliance with the conditions imposed, and not necessarily only in proportion with a level of risk posed to the EU budget by their system deficiencies. The difference with the first rationale is made more evident on this point when it appears that the fulfillment of overlapping “remedial measures” under the Conditionality Regulation can lead to the downward recalculation of financial consequences. Compliance with the requirement to fulfill all the relevant milestones under the RRF is the condition made for the lifting of financial consequences, whereas the lowering of risk through the adoption of remedial measures under the Conditionality Regulation appears in itself sufficient to lower risk and, connectedly, the amount of equivalent financial consequences.

Such a difference in the approach to the calculation of financial consequences is made possible by the legal construction of milestones under the RRF. Their rationale is not the same as that of financial corrections: It consists in meeting pre-agreed conditions to accessing RRF funding. As long as these conditions are not met—and in so far as these conditions are compatible with EU law—no part of the RRF funding may be made available.

Conditionality provisions have not been designed to function in the same way as financial corrections with regards to decisions on the financial consequences flowing from the existence of system deficiencies or irregularities in a Member State. It is telling in this regard that it is only with regards to decisions “on the amount of the recovery and reduction, or the amount to be repaid early” of RRF funding that the application of the principle of proportionality is explicitly mentioned in the RRF Regulation¹⁰⁶—not with regards to the withholding of funding for as long as pre-established conditions are not met.

Conditionality is arguably not the only mechanism through which this second rationale manifests itself. Under the Common Provisions Regulation, the Commission “may suspend all or part of payments, except for pre-financing,” notably where Member States have “failed to take the necessary action to remedy”¹⁰⁷ a situation in which “there is evidence to suggest a serious deficiency [of management and control systems] for which corrective measures have not been taken.”¹⁰⁸ In the calculation of flat-rates for financial corrections (5%, 10%, 25%, 100%) in relation to the level of risk posed by serious deficiencies, the same Regulation provides that:

Where, due to a failure of the responsible authorities to take corrective measures following the application of a financial correction in an accounting year, the same serious deficiency (-ies) is identified in a subsequent accounting year, the rate of correction may, due to the persistence of the serious deficiency(-ies) be increased to a level not exceeding that of the next higher category.¹⁰⁹

Normally, the mention in this excerpt of the “same serious deficiency” would suggest that the level of risk it entails for the EU budget is equivalent from one accounting year to the next. It is at least not clear from the formulation above why the “persistence” of a serious deficiency would have an immediate impact on such a level of risk. However, this provision enables the Commission to increase the level of the flat–rate correction in case of persisting non–compliance with the obligation to correct system deficiencies. What is created is therefore a strong incentive structure for Member States to make changes to their management and control systems in order to avoid the imposition of the higher rate of financial correction and fully benefit from EU funds. However, can and should such an incentive mechanism be explicitly acknowledged as such in EU legal discourse? The first rationale is rooted in a simple and convincing calculation of financial consequences in proportion to risk; can the second rationale benefit from an equally strong justification?

III. Incentives or Sanctions-like Mechanisms? On the Legal Importance of Keeping the Protection of the EU Budget as Central Focus for Financial Consequences

The second rationale outlined in the previous subsection presents financial consequences as a means to induce compliance with requirements to lower the risk created for the EU budget because of system deficiencies. The incentivization for change through financial consequences is however not framed in terms of sanctions or penalties.¹¹⁰ In the case of the Conditionality Regulation in particular, the aim of financial consequences is not and cannot be to set up a sanctions mechanism for the protection of the rule of law as such—because that Regulation is founded on a budgetary legal basis, rather than one which would be dedicated to the protection of the rule of law.¹¹¹ More generally, it is not fully clear whether legal provisions relating to the protection of the EU budget can be explicitly used as a means to inducing the compliance of Member States with requirements relating to that protection. At the same time, there would be drawbacks to not acknowledging that second rationale. Indeed, sticking to an official position which would only link financial consequences to the first rationale would put in legal jeopardy decisions imposing financial consequences which would not be strictly calculated in proportion to varying levels of risk.

One possible reason for the uneasiness in acknowledging fully the second rationale is that it arguably increases the resemblance between financial consequences and sanctions or penalties—which we have seen would cause legal difficulties at least in the case of the Conditionality Regulation. Certain provisions of EU budgetary law for the protection of the financial interests of the EU do appear to scout the demarcation line. For instance, the Financial Regulation foresees the exclusion of persons or entities identified as putting the budget at risk “from participating in award procedures governed by [that] Regulation or from being selected for implementing Union funds.”¹¹² Such exclusions, as well as the possible imposition of “financial penalties,” are explicitly designed to produce a “deterrent effect” on the persons or entities targeted.¹¹³ Such a mention of a deterrent effect is however not incompatible with the ultimate aim of the measures to protect the financial interests of the Union.¹¹⁴

In some cases, incentives or deterrents based on limiting access to EU funding may serve other purposes than the protection of the EU budget. For instance, under the Common Provisions Regulation, Member States themselves may face the suspension of all or part of the commitments or payments foreseen for one or more of the programmes from which they benefit, “where the Council decides,” following a proposal from the Commission and in accordance with Article 126(8) or (11) TFEU, “that a Member State has not taken effective action to correct its excessive deficit.”¹¹⁵ Here, the limitation of access to funding is used as a means to induce compliance with requirements under article 126 TFEU, which itself constitutes a clear sanction mechanism under the Economic and Monetary Union.

Yet, where the aim is to reduce system deficiencies for the protection of the EU budget, it is important to ascertain whether our second rationale for financial consequences can be sufficiently justified. The ultimate aim of the withholding of EU funding is not simply to obtain compliance with requirements, such as respecting the principles of the rule of law, but to do so in order to reduce to an acceptable level the risks to which the EU budget would otherwise be exposed in a Member State. It would be difficult to deny that withholding funding for as long as system deficiencies exist is in any case producing an incentive mechanism for remedying the deficiencies. What is at stake is really to know whether the calculation of the financial consequences can be lawfully done in such a way as to give added weight to that incentive mechanism, by increasing the amounts withheld from Member States presenting system deficiencies, rather than relying on a strict equation of proportionality between risk and financial consequence. If the answer were negative, the examples given in the previous subsection regarding the RRF and sectoral funds could become subject to difficult legal challenges.

One way to come to a positive answer on this question could be by underlying that the budget is part of what allows the EU to “attain its objectives and carry through its policies.”¹¹⁶ Whereas the protection of the EU budget may warrant withholding funding from a Member State, engagement between EU institutions and Member States should be fostered,¹¹⁷ in line with the principle of sincere cooperation, to make sure that such limitations can be ultimately overcome for EU funding to continue to serve its purpose. Where systemic deficiencies put the EU budget at risk, acknowledging the second rationale would mean that financial consequences may therefore be calculated in a way which would not only correspond to the exact level of risk posed to the budget, but also with a view to inducing compliance in Member States with requirements which would allow for a correction of the system deficiencies—and as a result, lower levels of risk to the EU budget.

A safer, hybrid justification—between our first and second rationale—can be formulated in favor of adding weight to financial consequences as an incentive for system improvements in Member States. Where system deficiencies have been notified to Member States and too little improvements have been made, and/or these deficiencies remain widespread, it could be argued that the persistent lack of compliance with requirements relating to the protection of the EU budget are in effect raising alarm as to the commitment of the Member State to that protection—and as to whether they can be “trust[ed]”¹¹⁸ to ensure it. This would justify raising to higher levels the assessment of risk posed to the EU budget in relation to a system deficiency in that Member State. Thus, considerations relating to the general and persistent nature of system deficiencies could be used as a means to assess the level of risk they pose. Such a hybrid approach could be read into the Conditionality Regulation. Indeed, the vocabulary used in the Regulation concerning the “widespread” nature of breaches, “recurrent” practices or “general measures” actually do not define the systemic criterion in this context. Instead, they act as parameters for the evaluation of the seriousness of the system deficiency, which functions as a proxy for the level of risk it creates for the EU budget. According to such a reading, the importance financial consequences can be calculated in proportion to the level of risk, with the caveat that the level of compliance of the Member State with requirements on the protection of the EU budget—and the trust which can be placed in that Member State—becomes one important criterion in the risk assessment.

E. Conclusion

This article has offered an analysis of the uses and implications of the systemic criterion in relation in the law governing the protection of the EU budget, focusing on major EU funds such as sectoral funds and the RRF funds, as well as on instruments applying to the whole EU budget such as the Conditionality Regulation. Clear commonalities have been found between these instruments: the systemic criterion predominantly applies to deficiencies in the systems mandated under EU law for the protection of the EU budget. The features of these systems may present differences. They can be more (sectoral instruments) or less (Conditionality Regulation) exactly defined. They may also function in relatively circumscribed areas (sectoral instruments) or be understood as the overarching system of the State governed by the principles of the rule of law (Conditionality Regulation). It is understood that where these systems are deficient, damage may be done to the EU budget, increasing the level of risk to the financial interests of the EU. A notable characteristic of the systemic criterion in this context is that system deficiencies can be graded on a scale of seriousness. That scale in turn can function as a proxy for the level of risk posed to the financial interests of the EU. Risk (or, when it is known, the amount of damage) to these financial interests tends to be recognized as being that in proportion to which financial consequences for Member States are calculated upon detection of system deficiencies. At the same time, incentive mechanisms can be set in place to withhold access to EU funding in part or in full as long as requirements for the improvement of system deficiencies are not met (RRF, sectoral instruments, Conditionality Regulation). Thus, two related but distinct rationales appear to apply to the justification of financial consequences in cases of system deficiencies. A first rationale justifies financial consequences by a calculation in proportion to the level of risk posed by a system deficiency to the EU budget. A second rationale appears to justify imposing financial consequences as a means to incentivize the compliance of Member States with requirements to improve deficient systems. Apparently in line with that second rationale, certain legal provisions allow for the imposition of financial consequences which seem to be out of proportion with a given level of risk for the Budget in a Member State—or, at least, to depart from modes of calculation which rely more strictly on that level of risk. Should that second rationale fail to be recognized explicitly in EU law, certain mechanisms for the protection of the EU budget would appear vulnerable to legal challenge (certain conditionality provisions under the RRF; provisions for an increased level of financial consequences in cases of persistent systemic deficiencies under sectoral instruments). It is however possible to integrate considerations on the compliance of Member States with requirements relating to the protection of the EU budget within the assessment of risk to the EU budget, in line with the well–established first rationale.