As you may well have read this month, the European Commission is currently drawing up new European Union legislation that aims to do for us what the Sarbanes-Oxley (Sox) Act did for the Americans. The new proposed regulations on corporate financial responsibility will seek to prevent the kind of legerdemain that allowed fraud to flourish at companies like Enron in the US and Parmalat in the EU.

Analysts and lawyers are already forecasting that the new European legislation will be even tougher than Sox, at least in terms of the stipulations and requirements imposed on boardroom officers and their squads of bean inspectors. All of whom will, in turn, demand that the IT department assemble great piles of information to support their book balancing.

But there is a key difference between the US and the EU that could have a huge impact on the way that EuroSox, if I can call it that, will work in practice.

As politicians are fond or reminding us, we don't yet live in a federal Europe. Although there are European laws, they apply to nation states and not to individuals or corporations. Decrees from Brussels are enacted as directives, which only begin to apply to people and businesses when they trigger the creation of new national laws.

As a consequence, while the US Sarbanes-Oxley Act is able to spell out sphincter-loosening penalties for fat cats caught pocketing wads of cash - 20 years in a room with a rather poor view, for example - EuroSox must make do with less certain deterrents. As the proposal puts it, "Member States shall provide effective, proportionate and dissuasive civil, administrative or criminal penalties."

Dissuasive is an unusual word at the best of times, and is certainly open to interpretation by national lawmakers. What seems clear is that, if EuroSox leads to real laws, the European Union will have created a somewhat lumpy playing field.

What will happen is what always happens in such circumstances - those states that want to attract investment will make their laws lax. That's the way it works with taxation. It's no coincidence that the Fortune 500 list is top-heavy with firms that are legally run from Delaware, even if most have their actual base of operations in California or New York. Delaware corporations get to keep more of their profits, a factor that attracts businesses much as a bone attracts scavenging dogs.

And just as a US chief executive may see it as a fiduciary duty to reincorporate in Delaware, so a European directeur general may see it as a duty to his own skin to reincorporate in Ireland, if the Irish happen to have the softest sentences and the most comfortable prisons, should the worst happen. It's common-sense risk reduction, after all.

The situation is made doubly unpredictable by the imminent enlargement of the EU. New and less well off member states could easily see EuroSox as a ticket to tax euros.

For IT, the implications are awkward. Not only may the corporate IT manager soon be asked to offer impossible guarantees that the accounting package is free of bugs, he or she may also struggle to set up a secure, high-bandwidth, failsafe connection to the new head office in Latvia.