The 2025 Edition of ISO 37001 – What has changed? Quick answer… Not much
.jpg)
ISO 37001, the international standard for Anti-Bribery Management Systems (ABMS), has been revised in 2025.
But before anyone panics about rewriting policies, re-thinking controls or overhauling systems, let’s set the tone: the changes are not big.
If your organization is already certified to ISO 37001:2016 and using it effectively, you're well positioned for the transition. The 2025 edition clarifies and strengthens certain areas, but it builds on the same foundation.
So, what has actually changed?
ISO 37001:2025 keeps the same structure, intent, and main requirements as the 2016 edition. The standard still provides a framework for organizations to prevent, detect, and respond to bribery through controls, policies and leadership commitment. What’s new in the 2025 version is more about refinement and alignment than reinvention.
Let’s look at the key updates
1. Stronger Emphasis on Anti-Bribery Culture
One of the visible enhancements is the focus on building and sustaining an anti-bribery culture. While this concept existed in the 2016 version, it now receives more attention.
The 2025 edition requires leadership to develop, maintain and promote an anti-bribery culture at all levels within the organization. The standard includes a subclause on the anti-bribery culture and top management is expected to encourage behavior that supports the anti-bribery policy and the ABMS, while not tolerating behavior that compromises anti-bribery.
2. Clearer Role for the Anti-Bribery Function
The “anti bribery compliance function” is now the “anti-bribery function”, reflecting a more precise role in implementing and maintaining the ABMS. The new edition of the standard clarifies the function’s responsibilities and independence, ensuring it has resources and direct access to top management or the governing body.
3. Enhanced Focus on Conflicts of Interest
While conflicts of interest were implied in the previous edition, ISO 37001:2025 now includes explicit guidance on how organizations should identify, assess, and manage potential or actual conflicts. This includes encouraging disclosure mechanisms and clear decision-making processes to reduce bribery risks tied to personal or financial interests.
4. More Rigorous Due Diligence on Third Parties
Third-party risk remains one of the biggest challenges in anti-bribery compliance. The 2025 revision strengthens the standard’s requirements for third-party due diligence, especially in high-risk contexts like intermediaries, joint ventures and M&A (mergers and acquisitions). Ongoing monitoring, not just initial screening, is another critical aspect.
5. Integration with Enterprise Risk and Modern Tools
ISO 37001:2025 encourages organizations to align anti-bribery risk assessments with broader enterprise risk management frameworks. This is particularly relevant as bribery risks increasingly intersect with cybersecurity and digital transactions. The use of data analytics and performance metrics is also encouraged to monitor effectiveness and support continual improvement.
6. Whistleblower Protections and Reporting Channels
Organizations are expected to go further in ensuring that reporting channels are accessible, confidential, and secure. The new edition reinforces the need to protect individuals from retaliation when they raise bribery concerns. This aligns ISO 37001 more closely with global trends on whistleblower protection and transparency. ISO 37001 references to another standard in this series – ISO 37002 – that provides guidelines whistleblowing management systems
7. Harmonization with Other ISO Standards
ISO 37001:2025 adopts consistent terminology and structure with other key standards like ISO 37301 (compliance management system), ISO/IEC 27001 (information security management system). For organizations implementing integrated management systems, this makes ISO 37001 easier to align with existing processes.
So… What Hasn’t Changed?
Quite a lot.
The core principles and key requirements of ISO 37001 remain unchanged.
If an organization has already built a functioning anti-bribery management system based on the 2016 version, only modest adjustments are needed to comply with the 2025 revision.
Final Thoughts
The 2025 update to ISO 37001 is a refinement, not a reinvention. It brings the standard in line with today’s ethical, legal, and operational expectations while keeping its core intact. For those already committed to preventing bribery, the message is clear: keep going—and evolve where needed.
