The Special Report 06/2026 by the European Court of Auditors (ECA), published on 11 February 2026, indicates that the Recovery and Resilience Facility (RRF) continues to suffer from weaknesses in the detection, reporting and correction of fraud cases.

The ECA's audit assessed the effectiveness of systems established by the Commission and in four EU Member States (Denmark, Spain, Italy and Romania) for the RRF to safeguard the EU’s financial interests from fraud. The ECA's criticism focuses on three main issues:

• The Commission's limited verification work;
• Remaining weaknesses in Member States regarding fraud detection;
• Undermined protection of the EU's financial interests due to incomplete RRF fraud data and gaps in recovery rules.

In detail, the ECA found, for instance, that Regulation (EU) 2021/241 establishing the RRF set high-level requirements for the Member States' anti-fraud systems, but did not sufficiently detail them. Although the Commission attempted to rectify the situation by introducing stricter requirements in the financing agreements, the requirements for national controls remained unclear. The ECA acknowledged that the Commission's audits contributed to improved anti-fraud systems of the assessed Member States. However, these audits have still weaknesses, such as insufficient coverage of the audit body and the anti-fraud responsibilities of the coordinating body. Another shortcoming is that, in some Member States, the Commission’s audits were only concluded after the first payment request, leading to payments without sufficient evidence about the effectiveness of the Member State anti-fraud control system.

Looking at anti-fraud prevention measures in the Member States, the ECA found that all selected states had established anti-fraud policies, but these were often delayed. In addition, key fraud detection measures, such as desk and on-the-spot checks, and whistleblowing channels, have shortcomings. In particular, many countries underused the potential of data mining and analytics.

With regard to procedures, the ECA found that there is no standard to report fraud cases to the Commission and Member States apply different criteria on what constitutes RRF fraud. As a consequence, it is difficult for the Commission to properly target its own anti-fraud action and to accurately estimate the extent of RRF fraud.

Ultimately, the ECA points out that Member States are only required to take legal action to recover funds while other EU funds use a wider range of corrective actions, such as the withdrawal of projects or the suspension of payments. Contrary to other EU funds, Member States are, in principle, also not required to return recovered funds to the EU budget. As many fraud cases may emerge after the end of the RRF, the appropriate recovery remains uncertain as reporting and anti-fraud mechanisms come to an end as well.

The ECA makes several recommendations to the Commission and the Member States, including:

• Further strengthening of Commission checks of national RRF anti-fraud systems;
• Improving the reporting of suspected fraud in the RRF;
• Increasing the impact of corrective measures;
• Defining minimum anti-fraud requirements for EU countries.

These recommendations are designed to be adopted in future RRF-type programmes, in which payments are not linked to actual costs.