Greenwashing

Explanation

Greenwashing refers to the phenomenon of presenting a company or its products to the public as more environmentally friendly and sustainable than is actually the case through misleading, environmentally related (advertising) statements (so-called green claims).

Compliance risk areas - Exemplary characteristics

Misleading consumers about “green” product or company characteristics by

incorrect, unspecific, unverifiable or abbreviated (advertising) statements on environmental, climate and sustainability aspects
Implicit green claims, e.g. resulting from images, logos or brand names
Use of non-transparent, untrustworthy environmental or sustainability labels
Reference to unsuitable or ineffective compensation measures to offset own climate-damaging activities
Inaccurate green claims in corporate publications (e.g. annual reports, investor presentations, prospectuses) that mislead investors

Possible legal consequences of violations

Removal and injunction, usually by injunction, if necessary immediate sales stop; greenwashing lawsuits
Claims for damages by consumers or competitors
Skimming of profits, fines (in case of violation of Union law) and exclusion from public contracts and financial aid
Imprisonment or fine for false, deliberately misleading advertising to a larger group of people

Reputational damage

Financial impact, e.g. due to non-conclusion, termination or non-renewal
of contracts or loans due to breach of compliance obligations
Product recalls if unlawful green claims are made, e.g. on the product or its packaging

Key laws (selection)

UWG
Draft EU directive on environmental claims (“Green Claims Directive”)

Sustainability reporting obligation

Explanation

Obligation for certain companies to prepare and publish a sustainability report using recognized, uniform and legally prescribed standards. Focus: The impact of the company’s activities on people and the environment as well as the financial risks and opportunities of sustainability aspects on the company (double materiality). Sustainability aspects are environmental, social and human rights factors as well as Governance-factors. This is associated with reporting in accordance with the EU Taxonomy Regulation whether an economic activity is to be classified as environmentally sustainable. In this respect, the share of revenue generated by these activities and the share of investment and operating expenses associated with these activities must be disclosed.

Compliance risk areas - Exemplary characteristics

Non-implementation of the requirements of the CSRD Directive Implementation Act
No / untimely publication of a sustainability report despite existing obligation
Insufficient disclosure of the requested information in accordance with the European Sustainability Reporting Standards (ESRS), which substantiate the CSRD
Insufficient disclosure of the requested information in accordance with the EU Taxonomy Regulation
Incorrect or misleading information in the sustainability report
Materiality analysis not performed or not performed in accordance with ESRS
Unrealistic setting of thresholds to identify less material ESG issues
No audit of the sustainability report by an auditor
Error in the report format (e.g. ESEF tagging)

Possible legal consequences of violations

Fines and administrative penalties for the company, the Executive Board and the Supervisory Board
Civil liability of the management and the Supervisory Board (personal liability)
Criminal liability of the management and the supervisory board, e.g. in the event of a false balance sheet oath or incorrect presentation
Restriction or refusal of the audit opinion

General damage

Reputational damage due to negative press reports and/or social media campaigns and subsequent loss of sales
Financial impact, e.g. due to non-conclusion, termination or non-renewal of contracts or loans due to breach of compliance obligations
Product recalls if unlawful green claims are made, e.g. on the product or its packaging

Key laws (selection)

CSRD Directive Implementation Act based on the CSRD
Implementation for corporations and commercial partnerships with limited liability in
§§ 289b ff. HGB; for cooperative companies in the Cooperatives Act
with reference to the regulations in the HGB
European Sustainability Reporting Standards (ESRS) (specify the content of the CSRD)
EU Taxonomy Regulation – Regulation (EU) 2020/852

Environmental law

Explanation

All legal norms that provide for measures to protect the environment and rules on the use of equipment and objects with a potential impact on the environment.

Compliance risk areas - Exemplary characteristics

Violation of environmental liability/ plant liability
Incorrect waste and wastewater disposal, contaminated site management
Incorrect air pollution control, in particular immissions/emissions
Violation of soil and water protection
Violation of nature conservation, landscape conservation and plant protection
Incorrect handling of hazardous substances
Violation of take-back obligations for electrical and electronic appliances
Other environmentally relevant risk areas can be found in the honeycomb Product conformity

Violation of laws and regulations that serve to protect the environment. Possible legal consequences

Removal orders (costs)
high fines
Operating bans / decommissioning orders

Key laws (selection)

§§ 324 ff. StGB
Environmental Damage Act, Environmental Liability Act
ElektroG
KrWG (Closed Substance Cycle Waste Management Act)
BImSchG and ordinances (in conjunction with TA-Luft and TA-Lärm),
LuftverkehrsG, FluglärmschutzG, BenzinbleiG,
ChemikalienG, GefahrstoffVO
WHG, Detergents and Cleaning Agents Act
BNatSchG, Plant Protection Act
InfektionsschG, TierseuchenG
Genetic Engineering Act
BBodenSchG
EEG
State laws on environmental protection

Human rights incl. supply chain

Explanation

Companies may be obliged to consider human rights risks in their own business operations and in their supply chain. Companies that are subject to the Supply Chain Due Diligence Act ( LkSG) – from 2023 companies with at least 3000 employees in Germany (from 2024 companies with at least 1000 employees in Germany) are subject to human rights due diligence obligations from the LkSG to fulfill. Smaller companies may also be affected because they are exposed to new human rights expectations from their customers.

Compliance risk areas - Exemplary characteristics

Prohibition of child labor (e.g. employment of children under the minimum age)
Prohibition of forced labor and all forms of slavery
Disregard for occupational health and safety and work-related health hazards (e.g. no or inadequate information and instruction of employees about hazards and how to avoid them)
Disregard of freedom of assembly, freedom of association, freedom of association and the right to collective action (e.g. prohibition or prevention of the formation of a trade union)
Violation of the prohibition of unequal treatment in employment (e.g. withholding of special benefits not granted to employees on the basis of affiliation [e.g. special leave for wedding is not granted for same-sex marriages])
Prohibition of withholding an appropriate wage (e.g. wage is below the minimum subsistence level)
Destruction of the natural basis of life through environmental pollution (e.g. contamination of drinking water and groundwater by the company)
Commissioning or use of private/public security forces (e.g. commissioning of untrained security forces)
Violation of due diligence obligations in accordance with the LkSG:

Establishment of risk management

Performance of risk analysis (for own company in Germany and abroad)

Risk-based implementation of preventive and corrective measures

Establishment of a complaints procedure

Fulfillment of documentation and reporting obligations

Possible legal consequences of violation

Fines of up to 2% of global annual turnover (LkSG)
Possible exclusion from the award of public contracts (up to three years) (LkSG)
Trade unions and NGOs can sue on behalf of the injured parties (LkSG)
Reputational damage
Lower competitiveness

Key laws and standards (selection)

Supply Chain Due Diligence Act (LkSG)
In future: Corporate Sustainability Due Diligence Directive (CSDDD)
International frameworks: e.g. UN Guiding Principles on Business and Human Rights (UNGP), OECD Guidelines for multinational Enterprises, UN Global Compact, Universal Declaration of Human Rights, International Covenant on Civil and Political Rights, International Covenant on Economic, Social and Cultural Rights, ILO core labor standards (e.g. ILO-IOE Child Labour Guidance Tool for Business)

Self-imposed, external standards

Explanation

Joining or implementing external standards to which the company has committed itself.

Compliance risk areas - Exemplary characteristics

Violation of requirements due to adherence to external reporting standards, participation in certification procedures or ratings, memberships in associations relating to ESG and sustainability criteria, e.g:

Achievement of certain emission values (including a certain carbon footprint)
Achievement of specific targets in relation to the consumption of resources (water, electricity) or waste avoidance
Compliance with human rights
Compliance with diversity requirements
Introduction of certain governance structures

Possible consequences of violations

Loss of labeling rights
Poor performance in ESG ratings
Refusal of certifications; termination of memberships
Worse conditions for lending
Consequences under employment law at employee level in the event of breaches, claims for damages under company law against the management if there is a breach of duty of care.
Reputational damage
Injunctive relief from competitors

Significant self-regulated ESG/ Corporate/ Governance standards (selection)

External certification such as SA8000 standard, EMAS (EU), DIN EN ISO 14001, DIN EN ISO 45001
Voluntary product standards (e.g. FSC – wood industry standard, MSC – fishing standard, Blue Angel – German Ecolabel, Green Dot, Fair Trade seal)
ESG ratings e.g. CDP ranking
UN Global Compact
Stewardship Initiative
Global Reporting Initiative (GRI), German Sustainability Code (DNK), International Sustainability Standards Board (ISSB), Task Force on Climate-related Financial Disclosures (TCFD)

Corruption

Explanation

Bribery and corruptibility as well as granting and accepting benefits under German criminal law and under other laws relevant to German natural or legal persons, insofar as these criminalize bribery abroad by German natural or legal persons, e.g. UK Bribery Act or US Foreign Corrupt Practices Act

Compliance risk areas - Exemplary characteristics

Granting of advantages in the course of business when purchasing goods or services (1) to gain unfair advantage in domestic or foreign competition or (2) to carry out or refrain from actions contrary to the company’s obligations (breach of internal compliance regulations)
Granting an advantage to a member of a medical profession for unfair advantage in domestic or foreign competition
Granting advantages to voters (voter bribery)
Granting an advantage to a mandate holder Performing or omitting an act by the mandate holder (bribery of members of parliament)
Granting benefits to public officials to expedite official acts that are permissible (facilitation payments, in particular in connection with permits, licenses, concessions, approvals) or contrary to duty
Granting of inappropriate benefits of any kind, such as gifts and benefits in kind, invitations, in particular to hospitality and (professional) events, travel and vacations, donations and sponsoring, lobbying, other marketing measures, discounts, commissions and special conditions
Granting of inappropriate benefits in connection with tenders, purchasing or award processes
Granting inappropriate benefits by concealing them via consultancy or support contracts, possibly as sham contracts or via third parties (agents or other intermediaries / sales intermediaries)
Mirroring the granting of advantages, the acceptance of advantages for the aforementioned purposes is also inadmissible; is particularly relevant in business dealings e.g. the acceptance of bribes for the awarding of contracts or kick-back payments. e.g. accepting bribes for the award of contracts or kick-back payments

Possible legal consequences of violations

Imprisonment and fines for individuals involved in accordance with the StGB
Fines for the company according to OWiG
Profit skimming from the company according to OWiG
Additional tax payments for the company (e.g. non-deductible operating expenses)
Exclusion from public procurement via entry in the blacklist or corruption register
Reputational damage
Balance sheet effects (e.g. invalidity of annual financial statements)
Financial impact (e.g. by not concluding, terminating or not renewing contracts or loans
due to breach of compliance obligations)
Claims for damages under civil law
Compliance monitorship under US law

Key laws (selection)

§§ Sections 299 – 301 StGB
§§ Sections 331 – 337 StGB
§ 108 b,e StGB
corresponding foreign regulations, e.g. UKBA, FCPA

Offenses against third parties or the company

Explanation

Criminal acts committed with the intention of benefiting the company (also known as “exculpatory crime”), but which are committed at the expense of third parties.Self-interested acts by employees to the detriment of the company and for personal gain (also known as “exculpatory crime”).

Compliance risk areas - Exemplary characteristics

Fraud at the expense of third parties, e.g. (submission) fraud or at the expense of the company, e.g. travel and expense fraud
Unfaithfulness at the expense of third parties, e.g. at the expense of the public sector or at the expense of the company, e.g. by keeping black coffers, taking bribes from
Theft, embezzlement
Anti-competitive agreements with contractual partners
Forgery of documents and criminal misrepresentation to the detriment of third parties
other criminal offenses that are listed separately in this risk catalog, e.g. tax evasion or embezzlement of social security contributions

Possible legal consequences of violations

Imprisonment and fines for individuals involved in accordance with the StGB
Fines for the company according to OWiG
Profit skimming from the company according to OWiG
Tax back payments for the company
(e.g. non-deductible operating expenses),
Exclusion from public procurement via entry
in the blacklist or corruption register,
Reputational damage
Accounting effects
(e.g. invalidity of annual financial statements)
Financial impact, e.g. by not concluding, terminating or not renewing contracts or loans due to violation of compliance obligations
Claims for damages under civil law.

Key laws (selection)

§ 242 StGB
§ 246 StGB
§ 263 StGB
§ 266 StGB
§ 267 StGB
§ 298 StGB

Money laundering law

Explanation

Money laundering law serves to prevent and repress money laundering and terrorist financing. Anyone who falls within the scope of the AMLA (in particular credit or financial services institutions, companies that trade in goods (goods dealers) such as jewelry, watch or car dealers, as well as real estate agents, certain insurance brokers, service providers for companies and trust assets and trustees) is subject to increased prevention requirements. This includes proper risk management, including compliance risk analysis, internal security measures, money laundering officers, record-keeping and retention obligations. In addition, increased due diligence obligations apply to these companies. Money laundering law also includes the obligation to check and, if necessary, report the beneficial owner of a company to the transparency register.

Compliance risk areas - Exemplary characteristics

Uncontrolled cash transactions (threshold value of EUR 10,000.00); transactions with high-value goods such as precious metals
Smurfing: Fragmentation of deposits or scattered distribution of deposits to a large number of accounts, so that anomalies can only be detected by a targeted analysis of the deposit behavior with knowledge of the division of labor between different depositors
Uncontrolled acquisition of business interests, investments on the stock market, the purchase of high-value real estate
Uncontrolled foreign transactions, especially to third countries with high risk and using offshore banks, dummy companies or straw men
Uncontrolled transactions with politically exposed persons (PEP)
Missing notification of the beneficial owner to the transparency register

Possible legal consequences in the event of a breach of existing due diligence obligations, such as the identification of the contractual partner and the identification of the beneficial owner or a breach of the obligation to report suspicions:

Fines
Criminal liability of the obligor
Regulatory measures: Order to create internal security measures, order and conduct audits to ensure compliance with legal requirements, business prohibition, submission of suspicious activity reports by the supervisory authority or the announcement of final measures.

Key laws (selection)

MLA
KWG
§ Section 89c, 129a, 129b, 257, 261 StGB

Foreign trade law

Explanation

All legal norms subject to fines or penalties which, in connection with the movement of goods, services, capital, payments and other economic transactions with foreign countries, aim to protect certain economic sectors, macroeconomic interests, security, foreign relations and the peaceful coexistence of peoples.

Compliance risk areas - Exemplary characteristics

Violation of regulations regarding customs clearance (incl. AEO-E53 product declaration)
Violation of export control regulations and recipient verification regulations (EU anti-terrorism regulations; lists of persons of the EU country embargoes;59:65US sanctions lists)
Violation of customs / tax regulations in destination countries
Violation of reporting/instruction and authorization obligations
Violation of the obligation to control goods, countries and use
Missing audit of Conflict Minerals
Lack of review of sanctions and embargo lists
Inadequate data collection for goods-related controls

Possible legal consequences in the event of infringement of cross-border deliveries of goods by the company and the resulting infringement of German, international laws or laws of third countries:

Fines
Criminal liability
Revocation / withdrawal of customs simplifications with regard to AEO status / authorizations if unreliability is established

Key laws (selection)

AWG
AWV
Customs Act
US/EU sanctions (sanctions and embargo lists)
US/EU Export Controls

Antitrust law

Explanation

All legal norms that serve to ensure free competition. For example, agreements or concerted practices between companies that hinder, distort or restrict competition are generally prohibited. This may include agreements or concerted practices on final prices between competitors as well as on the allocation of markets or customers. In principle, exclusivity agreements (exclusive supply, non-competition clauses) are also restrictive of competition, which result in suppliers/manufacturers
only having supply relationships with one buyer/customer and thus excluding other suppliers or buyers from the sale or purchase of the goods concerned. Finally, a dominant market position or relative strength compared to smaller competitors may not be exploited to discriminate.

Compliance risk areas - Exemplary characteristics

Restrictive agreements or practices
Exchange of information with competitors, e.g. as part of an association activity or participation in data collections for market overviews, standardization, etc.
Violation of merger control regulations (e.g. execution before clearance, “gun jumping”)
Abuse of a dominant market position through exploitation, obstruction (undercutting with the intention of crowding out; selling below cost price; tying, etc.) or discrimination
Vertical contracts (i.e. with suppliers, sales intermediaries, wholesalers and retailers, customers), e.g. exclusivity agreements, tying arrangements, restrictions on use, minimum price requirements, non-compete clauses

Possible legal consequences of agreements that restrict competition or abuse a dominant market position to the detriment of customers, suppliers or competitors:

Fines Germany and EU of up to 10% of the total turnover of the group of companies (including all natural or legal persons operating as a single economic entity) in the financial year preceding the decision imposing the fine
Claims for damages (follow-on claims by third parties), injunctive relief and injunctive relief
Compliance monitorship under US law
Civil law invalidity of the underlying contracts
Prohibition of the execution of transactions

Key laws (selection)

ARC
Art. 101, 102 TFEU
FKVO
Cartel Regulation
Further EU regulations

Fair trading law

Explanation

Unfair competition law comprises all legal norms that aim to protect competitors, consumers and other market participants from unfair business practices in the interests of undistorted competition. Unfair business acts are, for example, if they are misleading or deliberately hinder competitors.

Compliance risk areas - Exemplary characteristics

Inducing future employees to pass on business or trade secrets of their future employer
Unfair comparative advertising
Misleading advertising
Disparagement of a competitor
Unfair design of advertising measures or advertising brochures
Incorrect price labeling
Unfair advertising with price reductions
Inadmissible bait offers to consumers

Possible legal consequences of violations

Civil law claims for removal, injunctive relief, disclosure and damages by third parties.
Claims for damages and profit absorption that can be asserted by competitors, consumer protection and industry associations
Imprisonment for up to five years or deliberately misleading advertising to a larger group of people
Fine

Key laws (selection)

UWG
“passing off” in the Anglo-Saxon legal system
Appendix to Section 3 (3) UWG
(Incitement or aiding and abetting) § 17 UWG; § 266 StGB

Public procurement law

Explanation

All rules and regulations that prescribe the procedure for the public sector when purchasing goods and services.

Compliance risk areas - Exemplary characteristics

Violation of procurement regulations

Possible legal consequences of violations

Nullity / ineffectiveness of contracts
Contestability of contracts, surcharges
Frustrated expenses in the event of exclusion from proceedings for formal reasons

Key laws (selection)

Directive 2014/24/EU on public procurement
§ Section 97 GWB et seq.
Public procurement and contract regulations VOL/A, VOB/A and VOF

Tax law

Explanation

All legal norms relating to the assessment and collection of taxes and duties.

Compliance risk areas - Exemplary characteristics

Violations of the tax code, e.g. in relation to

Tax returns and tax registrations
Documentation / and archiving obligations, recording / reporting obligations
Tax arrangements (e.g. claiming tax benefits, restructuring)

Violations of VAT, e.g. if an incorrect VAT identification number is used.

Violations of wage tax, e.g. in relation to company events: Although taxable company events are held, they are not taxed.

Violations of income tax, e.g.

as an accompanying offense in cases of interference with company assets and corruption
(e.g. prohibition of tax deductions for bribe payments) and violations of accounting rules (accounting fraud).
in relation to donations and sponsoring.

Violations of transfer pricing regulations, e.g. in relation to.

CbCR control:
There is no regular control of the turnover figure relevant for the preparation of a CbCR.
Permanent establishment: It was not recognized / investigated that a permanent establishment exists or it was not taken into account for tax purposes.
Transfer pricing documentation: Missing transfer pricing documentation.

Possible legal consequences of violations

Imprisonment and fine
Fines for the company and managers
Personal liability of the managing directors
Unilateral assessment of the tax in the absence of or inadequate cooperation (“hate assessment”)
Late payment surcharges
Interest

Key laws (selection)

EStG Income Tax Act
GewStG Trade Tax Act
UStG Value Added Tax Act
KStG Corporation Tax Act
GrStG Property Tax Act
EnergieStG Energy Tax Act
GrEStG Real Estate Transfer Tax Act
EU Customs Code
AO + ancillary laws (UStG, ZollV, transfer prices, etc.)
SGB III, IV, V, X
OECD Model Tax Code

Corporate Governance

Explanation

Good corporate governance is one of the most important components of a compliance management system. It is about internationally and nationally recognized standards of good and responsible corporate governance. These are reflected in various laws. These include compliance with the management’s duty of care and business ethics. Judgement Rule. For listed companies, the German Corporate Governance Code (GCGC) sets the standards for the management and supervision of German listed companies. The GCGC is not a directly applicable law, but rather a best practicecode on the basis of “comply or explain” . The GCGC is implemented by law via the mandatory Declaration of conformity of the Management Board in accordance with Section 161 AktG. However, the GCGC provides a regulatory framework for good corporate governance not only for stock corporations, but also for all other companies.

Compliance risk areas - Exemplary characteristics

Exceeding the entrepreneurial scope for decision-making within the scope of the duty of care by the company management
Incorrect submission of the Declaration of Conformity pursuant to Section 161 AktG
Conflicts of interest
Unethical or discriminatory behavior
Disregarding the requirements for the composition of the Management Board and Supervisory Board (quota of women)
Lack of compliance management system, including whistleblower/whistleblowing system
Non-observance or non-implementation of compliance requirements of business partners
Incorrect final audit

Possible legal consequences of violations

Claims for damages against the Executive Board or management
Fine against company
Contestation of a discharge resolution on the basis of a declaration of compliance in violation of Section 161 AktG
Violation of general duties of care, insofar as the provisions of the GCGC have become the general standard of conduct
Exclusion of orders

Key laws (selection)

DCGK
§ 30 OWiG
One-Third Participation Act/Co-determination Act
§ Section 43 (1) GmbHG
§ Section 93 (1) sentence 2 AktG
Whistleblower Protection Act (HinSchG)

Company law

Explanation

All legal norms relating to the formation, life and termination of associations of persons under company law. This includes in particular

The rights and duties of the executive bodies
(usually the shareholders’ meeting and management and, if applicable, a supervisory board)
Financial constitution: Who has to pay for the company’s debts and when? Who is entitled to the dividends and when and under what conditions can they be distributed?
Liability of the executive bodies, in particular management (and secondarily) supervisory board

Compliance risk areas - Exemplary characteristics

Violations of requirements for the formation, conversion and liquidation of (subsidiary) companies
Violations of requirements relating to board duties, financing, reporting, auditing, etc.
Failure to fulfill shareholder obligations
Violations of requirements for capital increases
Violations of requirements for shareholder loans
Unlawful dealings with the company’s partners/shareholders (e.g. minority shareholders) – return of capital contributions, concealed profit distribution, reaching into the company’s coffers to destroy its existence

Possible legal consequences in the event of a breach of company law provisions

Ineffective corporate law measures resulting in uncertainties regarding the corporate structure
Ineffective capital measures with resulting uncertainty regarding the financing of the company
Personal liability of the executive bodies (managing directors, supervisory board members)

Key laws (selection)

HGB
German Stock Corporation Act
GmbHG
SEAG
Transformation Act

Financial reporting

Explanation

The law on accounting and balance sheets encompasses all legal norms which, in the interests of creditors, company owners and the state, impose requirements for an orderly, accurate, complete and comprehensible record of a company’s business transactions and annual financial statements that meet these requirements.

Compliance risk areas - Exemplary characteristics

Violation of financial reporting and accounting regulations derived therefrom
Incomplete and/or non-transparent accounting
Violation of documentation and archiving obligations

Possible legal consequences in the event of a breach of company law provisions

Invalidity of the financial statements
Fines and administrative penalties for the company, the management and the Supervisory Board
Criminal liability, e.g. in the event of a false balance sheet oath or incorrect presentation
Personal liability of the management and the Supervisory Board

Key laws (selection)

HGB
GoB
WpHG
German Stock Corporation Act
IAS / IFRS

Logistics law

Explanation

All legal standards relating to the storage, handling and transportation of goods
that are intended to ensure the safety of persons employed in the provision of such services, road traffic and
the public. The standards are partly aimed at the clients of such services, partly
at the logistics providers (insbs. freight forwarders).

Compliance risk areas - Exemplary characteristics

Failure to check the forwarding company to be commissioned as to whether it has a permit or authorization to carry out road haulage business and whether properly employed personnel are used.
Violation of driving and rest periods for truck drivers
Failure to verify payment of the minimum wage and payment of social security contributions for employees, including those of the service provider’s subcontractors
Lack of due diligence when securing the freight
Lack of safety measures for the transportation of dangerous goods

Possible legal consequences of violations

Fines
General contractor liability
Subcontractor liability (new Parcel Carrier Protection Act)

Key laws (selection)

GüKG
Art. 6 to Art. 8 EEC Regulation, No. 561/2006
EC Regulation No. 1072/2009
Driving Personnel Ordinance
GGVSEB
GGBefG
StVG, StVO and StVZO
MiLoG, Parcel Courier Protection Act

Product conformity

Explanation

All legal standards that set out general or specific requirements for the product development process and the properties of products, as well as their manufacture, approval, monitoring, storage, declaration or placing on the market and distribution. On the one hand, the aim is to protect consumers from the disadvantages of unsafe products (product liability). On the other hand, sustainability aspects based on the European Green Deal are also playing an increasingly important role. These are often highly industry or sector-specific .

Compliance risk areas - Exemplary characteristics

Incorrect implementation of legal requirements for products, in particular:

Information on the characteristics of a product (composition, packaging, instructions for assembly, installation, maintenance, service life) at the time of sale;
Product-related information
(presentation, labeling, warnings, instructions for use and operation, information on disposal); in particular CE marking on sale

Provision of incorrect information in product approval / homologation

Incorrect implementation of traffic / product safety obligations

Failure to recall defective products

Violation of special due diligence and documentation obligations in connection with the placing on the market of certain products due to legal regulations for the implementation of the European Green Deal, e.g.
Obligation to ensure deforestation-free supply chains for the provision and export from the Union market of cattle, cocoa, coffee, oil palms, soy and timber and their products.
Registration obligation, take-back and disposal obligation as well as information obligations when placing electrical or electronic equipment on the market.
Obligation to comply with special sustainability and safety requirements, labeling and information obligations when manufacturing and placing batteries on the market.
Obligation of companies that import tin, tantalum, tungsten, their ores and gold in certain quantities into the EU to implement a functional risk management system as well as due diligence, documentation and testing obligations for imported products with regard to human rights violations in mining areas and through trade

Possible legal consequences of violations

official orders (prohibition of marketing / further distribution; product recalls)
Fines for manufacturers, importers and other norm addressees
Criminal consequences (fines and imprisonment)
Claims for damages
Consequences under competition law
Import bans
EU-wide notification of the product via RAPEX and other publication obligations

Key laws (selection)

Product Safety Act (ProdSG)
Product Liability Act (ProdHaftG)
Electromagnetic Compatibility Act (EMVG)
Food and Feed Code (LFGB)
Consumer protection laws; including
Consumer Information Act (VIG)
Electrical and Electronic Equipment Act (ElektroG)
Industry-specific laws, e.g. AMGKostV (Ordinance on Costs for the Authorization
and Registration of Medicinal Products)
EU Deforestation Regulation (Regulation (EU) 2023/1115 (EUDR))
EU Battery Regulation
EU Conflict Minerals Regulation (Regulation (EU) 2017/821)

Real estate & property law

Explanation

All legal norms, which include civil law, as well as public law regulations in connection
with land or buildings. These include, for example, standards in connection with the construction, acquisition, ownership, sale and required properties of real estate.

Compliance risk areas - Exemplary characteristics

Premature use of an erected building
Missing building permit and approved use (permits for changes of use, fulfillment of conditions)
Violation of immission control law

Possible legal consequences of violating real estate regulations when acquiring, using and renting real estate and land

Entry in the central trade register
Fines and administrative penalties
Financial losses

Key laws (selection)

BauGB
Land register order
State building regulations
BauNVO
GERMAN CIVIL CODE

Protection of intellectual property

Explanation

Intellectual property law encompasses all regulations relating to the protection of intangible rights,
such as copyrights or trademark rights.

Compliance risk areas - Exemplary characteristics

Infringement of third-party industrial property rights and related regulatory requirements
Loss of ownership due to inadequate patent and trademark management

Possible legal consequences of violating intellectual property and copyright regulations

Fines
Fine or prison sentence
Injunctive relief, rights to information, damages and other civil law claims, e.g. for destruction, recall, correction, etc. of the owner of an industrial property right
Civil liability claims, e.g. claims for injunctive relief, disclosure and damages from third parties
Import bans

Key laws (selection)

PatG
UWG
Copyright Act
Trademark law

Data protection law

Explanation

All legal norms that protect the right to informational self-determination of every natural person against impairments caused by unauthorized collection, processing and use of personal data. of personal data (individual details about personal or factual circumstances of an identified or identifiable natural person).

Compliance risk areas - Exemplary characteristics

Unauthorized collection, use, processing of personal data (e.g. employees, customers, suppliers)
Data transfer within the Group without an agreement on commissioned processing or further requirements for the transfer of functions
Data transfer to service providers who process personal data in accordance with instructions without an agreement on commissioned processing or joint responsibility
Lack of security breach notification in the event of unlawful access to data by third parties (data breaches)
Failure to report data breaches to the competent data protection supervisory authority by the deadline or failure to notify the data subject if the relevant requirements are met
Lack of prior checks for automated data processing, e.g. in the case of particularly sensitive personal data and, if necessary, the implementation of required data protection impact assessments
Unauthorized video surveillance
Violation of telecommunications secrets
Access to employees’ emails with private content as part of internal company investigations
Violation of regulations regarding data transmission abroad
Failure to implement the erasure of personal data
New products / IT applications / systems: Integration of data protection to ensure privacy by design / by default and the implementation of all other data protection requirements
No compliance with information obligations and data subject rights
Failure to take risk-oriented technical and organizational measures to protect personal data

Possible legal consequences if data protection laws are violated when handling personal data

Fines
Requirements, orders from authorities
Legal uncertainty regarding the permitted or tolerated private use of e-mail and the Internet by employees combined with the risk of criminal liability for the employer
Claims for damages by affected parties
Reputational damage

Key laws (selection)

GDPR
BDSG
§ 88 ff. (91ff.) TKG
§ 11 ff. TMG
§ Section 4 I BDSG in conjunction with. (examples) § 28a SGB IV or § 99 SGB III

Digitalization law

Explanation

Advancing digitalization offers opportunities for new innovations and the development of new markets. This is accompanied by numerous new legislative proposals to promote and regulate digitalization. As a cross-sectional legal matter, the new “digital law” touches on many sub-disciplines, such as competition, data protection and antitrust law. In addition, there are new forms, such as data access claims under the Data Act, as well as numerous new market regulation provisions, such as the Digital Market Act and Digital Services Act. Keeping pace with all these new legal requirements is an ever-increasing challenge for companies.

Compliance risk areas - Exemplary characteristics

Failure to take the measures necessary to exempt providers of pure conduit, caching or hosting services from liability in relation to illegal content (e.g. not acting swiftly to remove illegal content as soon as they become aware of it [“notice and takedown”])
Failure or inadequate content moderation in relation to illegal content, including a harmonized reporting and action mechanism, internal and external redress possibilities, fast processing of necessary measures
Failure to remove terrorist online content within one hour of receiving a removal order from the authority or lack of protective measures
Non-compliance with various information and transparency obligations
Violation of seller verification obligations for B2C online marketplaces and app stores (“know your business customer” – KYBC)
Breach of obligations regarding quality criteria for AI training, validation and test data for high-risk AI systems
Failure to comply with record-keeping obligations that enable traceability of the operation of the AI system
Failure to implement an AI quality management system, including for data management, including data collection, analysis, labeling, storage, etc.
Breach of obligations for providers of high-risk AI systems with regard to the maintenance of automatically generated logs
Failure to comply with the obligation to protect personal data against unlawful transfer to a third country outside the EU
Breach of the obligation to design products and services in such a way that the data generated by their use is easily, securely and directly accessible to the user by default
Failure to provide the generated data to the user upon request without undue delay or cost
Failure to provide the generated data to third parties at the request of a user
Not providing data to a data recipient on fair, reasonable and non-discriminatory terms
Non-immediate provision of data to public authorities in the EU if there is an exceptional need for the requested data
Non-availability of the offer to easily switch cloud customers to another cloud provider

Possible legal consequences of violations

Removal and injunction, usually by interim injunction, if necessary immediate distribution/sales stop
Claims for damages by consumers or competitors
Skimming of profits, fines and exclusion from public contracts and financial aid
Imprisonment or fine

General damage

Reputational damage
Financial impact, e.g. through non-conclusion, termination or non-renewal of contracts or loans due to violation of compliance obligations

Key laws (selection)

Digital Services Act (DSA) [EU]
Digital Markets Act (DMA) [EU]
Data Governance Act (DGA) [EU]
Regulation on the operational resilience of digital systems in the financial sector (DORA) [EU]
Directive on rules for the protection of network and information security in “critical sectors” (NIS2) [EU]
Directive on the resilience of critical facilities (KRITIS) [EU]
Data law [EU]
Artificial Intelligence Act (AIA) [EU]
Directive on AI liability [EU] (draft)
ePrivacy Regulation [EU] (draft)
Network Enforcement Act (NetzDG)
Telecommunications Telemedia Data Protection Act (TTDSG)
ARC Digitization Act

IT security

Explanation

All legal norms that place special legal requirements on the use of information technology. This includes, for example, ensuring the availability and security of electronically stored data or protecting the rights of users of information technology systems.

Compliance risk areas - Exemplary characteristics

Lack of protection of the company against espionage and misuse
Lack of network protection against hacker or other attacks
Lack of implementation and maintenance of security measures, to protect IT networks from cyber attacks, which can lead to data blocking / loss and possibly business interruption
Insecure electronic signature

Protection from

Attacks on IT systems
Computer crime
Data loss (information security / confidentiality)

Key laws (selection)

IT basic protection catalogs of the BSI
ISO 27001 / ISO 20000 / ISO 17799
IT Security Act

Protection of trade secrets

Explanation

All legal norms subject to fines or penalties that are intended to protect facts, circumstances and processes relating to the company that are not in the public domain but only accessible to a limited group of people and which the company has a legitimate interest in not disclosing.

Legal standards relating to communication in business dealings include minimum requirements
for transparency in the company’s written communication.

Compliance risk areas - Exemplary characteristics

Disclosure of trade secrets
Private Internet networks
Incorrect management of contractual confidentiality obligations
Incorrect design of business letters and emails (without observing the minimum information required by law)
Incorrect indication of power of representation (e.g. procuration)
Incorrect imprint on the website

Possible legal consequences

Criminal liability
Operative damage
Fines if various minimum disclosures must be complied with on business documents and on the website
Claims for removal and injunctive relief

Key laws (selection)

SEAG
GmbHG
TMG (Telemedia Act)
HGB
UWG
GeschGehG

Insurance law

Explanation

All legal norms that govern the relationship between insurance companies and their customers, the regulation
of the insurance market and the need for compulsory insurance for certain risky activities.

Special topic: Distribution of so-called Extended warrantiesExtended warranties, i.e. extended warranty and service promises, together with self-manufactured or distributed products can be regulated insurance business.

There is a risk that an insurance business requiring a license exists, which the insurance supervisory authority (BaFin) can prohibit due to a lack of a license and punish with a fine.

Compliance risk areas - Exemplary characteristics

Breach of general public liability requirements
Violation of the requirements of transport and forwarding insurance law, property insurance law

Possible legal consequences of not taking out compulsory insurance or breaching insurance conditions

Loss of insurance cover in the event of a breach of statutory or contractual obligations (e.g. in the event of an increase in risk) and contractual obligations
Statutory provisions (e.g. §§ 23 ff. VVG, possibly in conjunction with § 210 VVG) and contractual agreements

Key laws (selection)

Insurance Contract Act (VVG)
Insurance Supervision Act (VAG)

Supervisory & payment services law

Explanation

Supervisory law comprises all supervisory regulations that – in the interests of a properly functioning financial system and to ensure the functionality of payment transactions – regulate the activities of credit and financial services institutions with regard to their establishment, licensing and business activities. The payment services law deals not only with traditional payment services, such as deposit and withdrawal transactions or direct debits and credit transfers, but also with e-money transactions.

Compliance risk areas - Exemplary characteristics

The business activities of banks and other financial service providers are so tightly regulated that it would be futile to provide even an overview here. For companies outside the financial industry, typical risks include

Supplier financing through advance payment without reference to specific goods delivery
Inadequate sales financing
Violation of requirements for e-money products (prepaid credit card, Paysafecard)
Violation of regulations on innovative internet payment products such as BitCoins
Violation of requirements for financial transfer and acquisition transactions in accordance with ZAG

Possible legal consequences of violations

Obligation to obtain a license pursuant to Section 32 (1) sentence 1 KWG; ongoing BaFin supervision pursuant to KWG and application of GwG; in case of violation, OWi and criminal offences, Sections 54 et seq. KWG
Obligation to obtain a license pursuant to section 10 (1) sentence 1 ZAG, ongoing supervision pursuant to ZAG and applicability of GwG; in the event of a violation, criminal offences and penalties, sections 63, 64 ZAG

Key laws (selection)

KWG
ZAG
KAGB
VermAnlG
§ 675c ff. BGB
WpHG

State aid & subsidy law

Explanation

All standards subject to fines or penalties that set out the conditions for the awarding of subsidies by the public sector and behavioral requirements for the recipient of subsidies.

Subsidies are government grants that the state awards, at least in part, without market consideration in order to achieve certain political and economic objectives. Behavioral requirements include, for example, obligations to provide truthful information on facts relevant to the grant and compliance with restrictions on use.

Compliance risk areas - Exemplary characteristics

Violations of requirements for the receipt of public subsidies
Violations of requirements for the receipt of (possibly non-notified) aid
Non-compliance with grant conditions
Financing of permanently loss-making companies
Lack of distinction between permissible financing of research and development and impermissible aid
False statements to tax authorities

Possible legal consequences of violations

Reclaiming subsidies granted
Criminal liability
Nullity / ineffectiveness of contracts

Key laws (selection)

Art 106 et seq. TFEU
EU State Aid Procedural Regulation
§ 264 StGB
Public procurement and contract regulations VOL/A, VOB/A and VOF

Insolvency law

Explanation

Insolvency law regulates in particular the requirements and procedural rules of (provisional) insolvency proceedings. The mandatory grounds for filing for insolvency include insolvency (Section 17 InsO) and over-indebtedness (Section 19 InsO). If there is only a threat of insolvency (Section 18 InsO), an application for insolvency can be filed, but – unlike in the case of insolvency or over-indebtedness – there is no obligation to file for insolvency. obligation to apply of the management (or in the case of non-management: of the shareholder(s)). The Insolvency Code and the corresponding company law standards stipulate, in particular, monitoring duties of the managing directors with regard to the existence of mandatory grounds for filing for insolvency and link the breach of these duties to consequences under liability and criminal law (delay in filing for insolvency, personal liability of the managing director, possibly liability for fraudulent inducement). Insolvency criminal law (Sections 283 et seq. of the German Criminal Code (StGB)) also sanctions, in particular, asset transfers during a company’s economic crisis and, for example, breaches of accounting obligations. Furthermore, substantive insolvency law also contains provisions that primarily serve to take account of the principle of equal treatment of creditors. These include the law on avoidance in insolvency (Sections 129 et seq. InsO), but also the prohibitions on offsetting under insolvency law (Sections 95, 96 InsO), which are aimed in particular at reversing creditor-disadvantageous shifts in assets in the interests of the creditor community.

Compliance risk areas - Exemplary characteristics

Lack of (ongoing) audit of the company’s economic situation (the audit obligations intensify the more signs of an economic crisis there are); implementation of an early warning system
Failure to check insolvency filing obligations Is there insolvency? Is there over-indebtedness? Is there a positive going concern prognosis?)
Lack of documentation of the audit procedures (documentation of the reasons why there is no insolvency and no over-indebtedness)
Asset transfers in the economic crisis stage (examination of avoidance risks/examination of liability risks)
Deception of contractual partners in the event of insolvency
Participation in a cash pool if there are signs of an economic crisis
Failure to review and, if necessary, adjust processes if the company wishes to maintain business relations with a business partner in crisis (protection against insolvency risks of the contractual partner)

Possible insolvency law risks and legal consequences

Personal liability of the managing director and – in the case of unmanaged companies – the shareholders
Criminal liability

Key laws (selection)

InsO (in particular § 15a,b InsO)
§ 9 GmbHG, § 30, 31 GmbHG
§ 93, 92 para. 1
§ Section 130a, 177 HGB
§ 283 ff. StGB
§ Section 263 StGB (fraudulent inducement)
Act on the Stabilization and Restructuring Framework for Companies (StaRUG)

Capital market law

Explanation

All legal norms that regulate the issuance and trading of tradable investment instruments and aim to protect both the individual investor and the functioning of the capital market and the economy.

Compliance risk areas - Exemplary characteristics

Violation of notification obligations under capital market law: e.g. ad hoc publicity, transactions by executives, voting rights notifications in the event of a change in the total number of voting rights and if thresholds are reached
Market manipulation
Insider trading and unlawful disclosure of inside information
Obligation to maintain insider lists and to instruct the persons included
Violation of regulations on capital and payment transactions (cross-border payments, foreign exchange restrictions)

Possible legal consequences in the event of a breach of capital market regulations due to the company's (in)activity

Fines or imprisonment for individuals
Fines for companies

Key laws (selection)

Stock Exchange Act
WpHG
German Stock Corporation Act
Market Abuse Regulation

Collective labor law

Explanation

All legal norms and regulations concerning the employer’s relationship with trade unions
and employee representatives.

Compliance risk areas - Exemplary characteristics

Violation of collective agreement regulations (e.g. working hours, remuneration)
Violation of corporate co-determination standards
Violation of standards under works constitution law
Violation of minimum wage agreements
Non-compliance with company agreements

Possible legal consequences of non-compliance / violation of existing collective bargaining law or co-determination regulations

Invalidity of internal measures (e.g. regulations or dismissals)
Obligations to refrain
Compensation for damages

Key laws (selection)

Collective Bargaining Act (TVG)
BetrVG
Codetermination Act
DrittelbG
Staff representation law (public companies)

Social security law

Explanation

Social security contribution and administrative obligations from unemployment, health, long-term care, pension and accident insurance.

Compliance risk areas - Exemplary characteristics

Violation of social security contributions, reporting/recording obligations
Undeclared work
Violation of regulations on temporary employment (temporary and agency work, contracts for work and services)
Bogus self-employment (permanent temporary staff, including well-paid IT freelancers)
Incorrect payroll tax matters (e.g. liability for correct withholding and payment, record-keeping obligations)

Possible legal consequences in the event of a breach of social security obligations

Employer’s liability for social security contributions on a net basis plus late payment penalties and 30-year limitation period
Back wage tax payments
Official requirements / orders
Fines
Imprisonment or fine.
Exclusion from public contracts

Key laws (selection)

AÜG
SchwarzArbG
SGB
StGB (inter alia § 266a StGB)
Minimum Wage Act – § 13 MiLoG

Individual labor law

Explanation

All legal norms relating to gainful employment. This includes regulations governing the specific relationship between employer and employee.

Compliance risk areas - Exemplary characteristics

Violation of regulations on the posting of employees
Violation of requirements regarding foreign employees (work permit/residence permit/authorization from the Federal Employment Agency)
Violation of general equal treatment, “discrimination”, “bullying”, “sexual harassment”
Violation of partial retirement requirements
Violation of working time laws
Pseudo self-employment
Violation of the general statutory minimum wage
Violation of employment protection rights, maternity protection/parental leave law, homeworkers/severely disabled and youth employment protection
Lack of whistleblowing system

Possible legal consequences in the event of a breach of employee rights

Imprisonment or fine
Fines against management and / or company
Damages (or compensation)
Exemption from costs
Invalidity of agreements

Key laws (selection)

ATG
BBiG
AGG
AEntG
ArbZG
Residence Act, Freedom of Movement Act / EU, Asylum Procedure Act
KSchG
MuSchG
JuArbSchG
Minimum Wage Act – MiLoG
Whistleblower Protection Act (HinSchG)

Occupational safety & protection

Explanation

All legal standards that provide for measures to prevent accidents at work and to avoid work-related health hazards.

Compliance risk areas - Exemplary characteristics

Violation of working time laws
Insufficient compliance with the requirements for workplaces
Violation of maternity / severely disabled / youth employment protection
Breach of the employer’s duty of care (incl. pandemic, personal and plant protection, including abroad)
Insufficient measures to protect the health and safety of employees at work
Violation of accident prevention regulations of the employers’ liability insurance associations
Violation of regulations regarding the safety of construction sites
Failure to fulfill client obligations / supervision
Lack of protection of the company against external physical disasters

Violation of occupational health and safety laws. Possible legal consequences

Compensation for damages
Compensation
Decommissioning of installations or subsequent orders/conditions
Prohibition of the implementation of planned technical measures such as the commissioning of a machine
Criminal liability for negligent bodily injury or negligent homicide of the persons responsible for the inspection involved
Exclusion from public tenders
Imprisonment or fines for violation of occupational safety laws by management or delegation recipients
Fines against management, delegation recipient and / or company

Key laws (selection)

ArbSchG
ASiG
ArbZG
ArbStättV
Code of Conduct
BetrSichV
Construction Site Ordinance
Home Work Act
GewO
Federal Mining Act, Chemicals Act,
Explosives Act