The entire Romanian business environment has been anxiously waiting to see which 500 large taxpayers would be unlucky enough to undergo a risk analysis after the National Agency for Fiscal Administration announced, on November 13 2025, the start of a series of large-scale tax inspections at the national level.
The risk analysis is the only procedure, unfortunately non-transparent, based on which the annual or quarterly tax audit plan can be prepared. A similar number of compliance notifications are thus expected, followed by inspection notices for these 500 taxpayers.
It should be noted that the compliance notification was introduced into legislation as a result of Romania’s commitments under the National Recovery and Resilience Plan and consists of allocating a 30-day period for the benefit of the taxpayer before the issuance of an inspection notice. In the case of large taxpayers, this adds another 30 days before the inspection begins.
Compliance notification and procedural guarantees
Considering that 2019 is subject to a statute of limitations, in the tax authority’s view, on December 29 2025, it was obvious that all 500 inspections should have resulted from a risk analysis, which should have been completed at least 60 days before the end of 2025. Given that October 29 2025 has long passed, the last week of November brought a wave of unexpected audits to all those 500 large taxpayers that the tax authority informally selected for inspection.
What is the goal of this unprecedented volume of unexpected audits? Simply put, the compliance notification is only mandatory for substantive tax audits, not for unexpected inspections. Therefore, the 30-day period granted to the taxpayer for clarifying identified tax risks is no longer applicable, even though it is one of the main guarantees provided by the Tax Procedure Code. Moreover, conducting a risk analysis is no longer even necessary. Additionally, identifying any tax risk during an unexpected audit leads to a substantive tax inspection without granting the 30-day grace period.
To summarise, the method implemented by the tax authority leads to the elimination of the risk analysis procedure (a cumbersome process that takes a long time for all 500 taxpayers), as well as to circumventing the mandatory 30-day period within the compliance notification institution and the mandatory grace period of 30 days before conducting a substantive tax audit (when the audit is carried out as a result of a risk analysis, not as a result of an unexpected inspection).
Is such an approach by the tax authority lawful? The author believes it is not. Whenever a legal institution (e.g., an unexpected inspection) is used to circumvent mandatory rules governing other legal institutions (i.e., compliance notification, inspection notice, and risk analysis), we are in a situation of legal fraud that manifests itself within the authority as an abuse of rights. In the absence of prior notification and the real possibility to organise documents or seek specialised support, the taxpayer often finds themselves facing an audit that strays from its specific role and takes on the character of a ‘fishing expedition’.
Scope and limits of unexpected inspections
Unexpected tax audits are regulated as procedures with a limited object, which the tax authority can use in a few precisely enumerated situations by law. Essentially, they can be ordered:
To verify information that raises suspicions regarding violations of tax legislation;
For cross-checks related to other ongoing audits;
To clarify basic elements of taxation; or
To identify a specific tax risk without the possibility of generalisation.
Abuse of rights and fishing expeditions
The systemic use of the unexpected inspection institution to replace the risk analysis institution and to avoid granting a mandatory procedural guarantee by eliminating the 60 days necessary for compliance and preparation for the audit is a dangerous, illegal precedent.
The notion of a fishing expedition is well known in the jurisprudence of the Court of Justice of the European Union, which has analysed it and established that authorities cannot request information speculatively but must demonstrate the foreseeable relevance of the requested information.
The OECD Model Tax Convention on Income and on Capital explains the same idea: the requested state is not obliged to provide information when the request represents a “fishing expedition”, meaning a request lacking a clear connection to a specific investigation. Therefore, in international tax procedures, there is an important filter designed to protect the targeted individual.
