Greenwashing

Explanation

Greenwashing refers to the phenomenon of presenting a company or its products to the public as more environmentally friendly and sustainable than is actually the case through misleading, environmentally related (advertising) statements (so-called green claims).

Compliance risk areas - Exemplary characteristics

Misleading consumers about “green” product or company characteristics by
  • incorrect, unspecific, unverifiable or abbreviated (advertising) statements on environmental, climate and sustainability aspects
  • Implicit green claims, e.g. resulting from images, logos or brand names
  • Use of non-transparent, untrustworthy environmental or sustainability labels
  • Reference to unsuitable or ineffective compensation measures to offset own climate-damaging activities
  • Inaccurate green claims in corporate publications (e.g. annual reports, investor presentations, prospectuses) that mislead investors

Possible legal consequences of violations

  • Removal and injunction, usually by injunction, if necessary immediate sales stop; greenwashing lawsuits
  • Claims for damages by consumers or competitors
  • Skimming of profits, fines (in case of violation of Union law) and exclusion from public contracts and financial aid
  • Imprisonment or fine for false, deliberately misleading advertising to a larger group of people

Reputational damage

  • Financial impact, e.g. due to non-conclusion, termination or non-renewal
    of contracts or loans due to breach of compliance obligations
  • Product recalls if unlawful green claims are made, e.g. on the product or its packaging

Key laws (selection)

  • UWG
  • Draft EU directive on environmental claims (“Green Claims Directive”)

Sustainability reporting obligation

Explanation

Obligation for certain companies to prepare and publish a sustainability report using recognized, uniform and legally prescribed standards. Focus: The impact of the company’s activities on people and the environment as well as the financial risks and opportunities of sustainability aspects on the company (double materiality). Sustainability aspects are environmental, social and human rights factors as well as Governance-factors. This is associated with reporting in accordance with the EU Taxonomy Regulation whether an economic activity is to be classified as environmentally sustainable. In this respect, the share of revenue generated by these activities and the share of investment and operating expenses associated with these activities must be disclosed.

Compliance risk areas - Exemplary characteristics

  • Non-implementation of the requirements of the CSRD Directive Implementation Act
  • No / untimely publication of a sustainability report despite existing obligation
  • Insufficient disclosure of the requested information in accordance with the European Sustainability Reporting Standards (ESRS), which substantiate the CSRD
  • Insufficient disclosure of the requested information in accordance with the EU Taxonomy Regulation
  • Incorrect or misleading information in the sustainability report
  • Materiality analysis not performed or not performed in accordance with ESRS
  • Unrealistic setting of thresholds to identify less material ESG issues
  • No audit of the sustainability report by an auditor
  • Error in the report format (e.g. ESEF tagging)

Possible legal consequences of violations

  • Fines and administrative penalties for the company, the Executive Board and the Supervisory Board
  • Civil liability of the management and the Supervisory Board (personal liability)
  • Criminal liability of the management and the supervisory board, e.g. in the event of a false balance sheet oath or incorrect presentation
  • Restriction or refusal of the audit opinion

General damage

  • Reputational damage due to negative press reports and/or social media campaigns and subsequent loss of sales
  • Financial impact, e.g. due to non-conclusion, termination or non-renewal of contracts or loans due to breach of compliance obligations
  • Product recalls if unlawful green claims are made, e.g. on the product or its packaging

Key laws (selection)

  • CSRD Directive Implementation Act based on the CSRD
  • Implementation for corporations and commercial partnerships with limited liability in
    §§ 289b ff. HGB; for cooperative companies in the Cooperatives Act
    with reference to the regulations in the HGB
  • European Sustainability Reporting Standards (ESRS) (specify the content of the CSRD)
  • EU Taxonomy Regulation – Regulation (EU) 2020/852

Environmental law

Explanation

All legal norms that provide for measures to protect the environment and rules on the use of equipment and objects with a potential impact on the environment.

Compliance risk areas - Exemplary characteristics

  • Violation of environmental liability/ plant liability
  • Incorrect waste and wastewater disposal, contaminated site management
  • Incorrect air pollution control, in particular immissions/emissions
  • Violation of soil and water protection
  • Violation of nature conservation, landscape conservation and plant protection
  • Incorrect handling of hazardous substances
  • Violation of take-back obligations for electrical and electronic appliances
  • Other environmentally relevant risk areas can be found in the honeycomb Product conformity

Violation of laws and regulations that serve to protect the environment. Possible legal consequences

  • Removal orders (costs)
  • high fines
  • Operating bans / decommissioning orders

Key laws (selection)

  • §§ 324 ff. StGB
  • Environmental Damage Act, Environmental Liability Act
  • ElektroG
  • KrWG (Closed Substance Cycle Waste Management Act)
  • BImSchG and ordinances (in conjunction with TA-Luft and TA-Lärm),
    LuftverkehrsG, FluglärmschutzG, BenzinbleiG,
    ChemikalienG, GefahrstoffVO
  • WHG, Detergents and Cleaning Agents Act
  • BNatSchG, Plant Protection Act
  • InfektionsschG, TierseuchenG
  • Genetic Engineering Act
  • BBodenSchG
  • EEG
  • State laws on environmental protection

Human rights incl. supply chain

Explanation

Companies may be obliged to consider human rights risks in their own business operations and in their supply chain. Companies that are subject to the Supply Chain Due Diligence Act ( LkSG) – from 2023 companies with at least 3000 employees in Germany (from 2024 companies with at least 1000 employees in Germany) are subject to human rights due diligence obligations from the LkSG to fulfill. Smaller companies may also be affected because they are exposed to new human rights expectations from their customers.

Compliance risk areas - Exemplary characteristics

  • Prohibition of child labor (e.g. employment of children under the minimum age)
  • Prohibition of forced labor and all forms of slavery
  • Disregard for occupational health and safety and work-related health hazards (e.g. no or inadequate information and instruction of employees about hazards and how to avoid them)
  • Disregard of freedom of assembly, freedom of association, freedom of association and the right to collective action (e.g. prohibition or prevention of the formation of a trade union)
  • Violation of the prohibition of unequal treatment in employment (e.g. withholding of special benefits not granted to employees on the basis of affiliation [e.g. special leave for wedding is not granted for same-sex marriages])
  • Prohibition of withholding an appropriate wage (e.g. wage is below the minimum subsistence level)
  • Destruction of the natural basis of life through environmental pollution (e.g. contamination of drinking water and groundwater by the company)
  • Commissioning or use of private/public security forces (e.g. commissioning of untrained security forces)
  • Violation of due diligence obligations in accordance with the LkSG:

    Establishment of risk management

    Performance of risk analysis (for own company in Germany and abroad)

    Risk-based implementation of preventive and corrective measures

    Establishment of a complaints procedure

    Fulfillment of documentation and reporting obligations

Possible legal consequences of violation

  • Fines of up to 2% of global annual turnover (LkSG)
  • Possible exclusion from the award of public contracts (up to three years) (LkSG)
  • Trade unions and NGOs can sue on behalf of the injured parties (LkSG)
  • Reputational damage
  • Lower competitiveness

Key laws and standards (selection)

  • Supply Chain Due Diligence Act (LkSG)
  • In future: Corporate Sustainability Due Diligence Directive (CSDDD)
  • International frameworks: e.g. UN Guiding Principles on Business and Human Rights (UNGP), OECD Guidelines for multinational Enterprises, UN Global Compact, Universal Declaration of Human Rights, International Covenant on Civil and Political Rights, International Covenant on Economic, Social and Cultural Rights, ILO core labor standards (e.g. ILO-IOE Child Labour Guidance Tool for Business)

Self-imposed, external standards

Explanation

Joining or implementing external standards to which the company has committed itself.

Compliance risk areas - Exemplary characteristics

Violation of requirements due to adherence to external reporting standards, participation in certification procedures or ratings, memberships in associations relating to ESG and sustainability criteria, e.g:

  • Achievement of certain emission values (including a certain carbon footprint)
  • Achievement of specific targets in relation to the consumption of resources (water, electricity) or waste avoidance
  • Compliance with human rights
  • Compliance with diversity requirements
  • Introduction of certain governance structures

Possible consequences of violations

  • Loss of labeling rights
  • Poor performance in ESG ratings
  • Refusal of certifications; termination of memberships
  • Worse conditions for lending
  • Consequences under employment law at employee level in the event of breaches, claims for damages under company law against the management if there is a breach of duty of care.
  • Reputational damage
  • Injunctive relief from competitors

Significant self-regulated ESG/ Corporate/ Governance standards (selection)

  • External certification such as SA8000 standard, EMAS (EU), DIN EN ISO 14001, DIN EN ISO 45001
  • Voluntary product standards (e.g. FSC – wood industry standard, MSC – fishing standard, Blue Angel – German Ecolabel, Green Dot, Fair Trade seal)
  • ESG ratings e.g. CDP ranking
  • UN Global Compact
  • Stewardship Initiative
    Global Reporting Initiative (GRI), German Sustainability Code (DNK), International Sustainability Standards Board (ISSB), Task Force on Climate-related Financial Disclosures (TCFD)

Corruption

Explanation

Bribery and corruptibility as well as granting and accepting benefits under German criminal law and under other laws relevant to German natural or legal persons, insofar as these criminalize bribery abroad by German natural or legal persons, e.g. UK Bribery Act or US Foreign Corrupt Practices Act

Compliance risk areas - Exemplary characteristics

  • Granting of advantages in the course of business when purchasing goods or services (1) to gain unfair advantage in domestic or foreign competition or (2) to carry out or refrain from actions contrary to the company’s obligations (breach of internal compliance regulations)
  • Granting an advantage to a member of a medical profession for unfair advantage in domestic or foreign competition
  • Granting advantages to voters (voter bribery)
  • Granting an advantage to a mandate holder Performing or omitting an act by the mandate holder (bribery of members of parliament)
  • Granting benefits to public officials to expedite official acts that are permissible (facilitation payments, in particular in connection with permits, licenses, concessions, approvals) or contrary to duty
  • Granting of inappropriate benefits of any kind, such as gifts and benefits in kind, invitations, in particular to hospitality and (professional) events, travel and vacations, donations and sponsoring, lobbying, other marketing measures, discounts, commissions and special conditions  
  • Granting of inappropriate benefits in connection with tenders, purchasing or award processes  
  • Granting inappropriate benefits by concealing them via consultancy or support contracts, possibly as sham contracts or via third parties (agents or other intermediaries / sales intermediaries)  
  • Mirroring the granting of advantages, the acceptance of advantages for the aforementioned purposes is also inadmissible; is particularly relevant in business dealings e.g. the acceptance of bribes for the awarding of contracts or kick-back payments. e.g. accepting bribes for the award of contracts or kick-back payments

Possible legal consequences of violations

  • Imprisonment and fines for individuals involved in accordance with the StGB
  • Fines for the company according to OWiG
  • Profit skimming from the company according to OWiG
  • Additional tax payments for the company (e.g. non-deductible operating expenses)
  • Exclusion from public procurement via entry in the blacklist or corruption register
  • Reputational damage
  • Balance sheet effects (e.g. invalidity of annual financial statements)
  • Financial impact (e.g. by not concluding, terminating or not renewing contracts or loans
    due to breach of compliance obligations)
  • Claims for damages under civil law
  • Compliance monitorship under US law

Key laws (selection)

  • §§ Sections 299 – 301 StGB
  • §§ Sections 331 – 337 StGB
  • § 108 b,e StGB
  • corresponding foreign regulations, e.g. UKBA, FCPA

Offenses against third parties or the company

Explanation

Criminal acts committed with the intention of benefiting the company (also known as “exculpatory crime”), but which are committed at the expense of third parties.Self-interested acts by employees to the detriment of the company and for personal gain (also known as “exculpatory crime”).

Compliance risk areas - Exemplary characteristics

  • Fraud at the expense of third parties, e.g. (submission) fraud or at the expense of the company, e.g. travel and expense fraud
  • Unfaithfulness at the expense of third parties, e.g. at the expense of the public sector or at the expense of the company, e.g. by keeping black coffers, taking bribes from
  • Theft, embezzlement
  • Anti-competitive agreements with contractual partners
  • Forgery of documents and criminal misrepresentation to the detriment of third parties
  • other criminal offenses that are listed separately in this risk catalog, e.g. tax evasion or embezzlement of social security contributions

Possible legal consequences of violations

  • Imprisonment and fines for individuals involved in accordance with the StGB
  • Fines for the company according to OWiG
  • Profit skimming from the company according to OWiG
  • Tax back payments for the company
    (e.g. non-deductible operating expenses),
  • Exclusion from public procurement via entry
    in the blacklist or corruption register,
  • Reputational damage
  • Accounting effects
    (e.g. invalidity of annual financial statements)
  • Financial impact, e.g. by not concluding, terminating or not renewing contracts or loans due to violation of compliance obligations
  • Claims for damages under civil law.

Key laws (selection)

  • § 242 StGB
  • § 246 StGB
  • § 263 StGB
  • § 266 StGB
  • § 267 StGB
  • § 298 StGB

Money laundering law

Explanation

Money laundering law serves to prevent and repress money laundering and terrorist financing. Anyone who falls within the scope of the AMLA (in particular credit or financial services institutions, companies that trade in goods (goods dealers) such as jewelry, watch or car dealers, as well as real estate agents, certain insurance brokers, service providers for companies and trust assets and trustees) is subject to increased prevention requirements. This includes proper risk management, including compliance risk analysis, internal security measures, money laundering officers, record-keeping and retention obligations. In addition, increased due diligence obligations apply to these companies. Money laundering law also includes the obligation to check and, if necessary, report the beneficial owner of a company to the transparency register.

Compliance risk areas - Exemplary characteristics

  • Uncontrolled cash transactions (threshold value of EUR 10,000.00); transactions with high-value goods such as precious metals
  • Smurfing: Fragmentation of deposits or scattered distribution of deposits to a large number of accounts, so that anomalies can only be detected by a targeted analysis of the deposit behavior with knowledge of the division of labor between different depositors
  • Uncontrolled acquisition of business interests, investments on the stock market, the purchase of high-value real estate
  • Uncontrolled foreign transactions, especially to third countries with high risk and using offshore banks, dummy companies or straw men
  • Uncontrolled transactions with politically exposed persons (PEP)
  • Missing notification of the beneficial owner to the transparency register

Possible legal consequences in the event of a breach of existing due diligence obligations, such as the identification of the contractual partner and the identification of the beneficial owner or a breach of the obligation to report suspicions:

  • Fines
  • Criminal liability of the obligor
  • Regulatory measures: Order to create internal security measures, order and conduct audits to ensure compliance with legal requirements, business prohibition, submission of suspicious activity reports by the supervisory authority or the announcement of final measures.

Key laws (selection)

  • MLA
  • KWG
  • § Section 89c, 129a, 129b, 257, 261 StGB

Foreign trade law

Explanation

All legal norms subject to fines or penalties which, in connection with the movement of goods, services, capital, payments and other economic transactions with foreign countries, aim to protect certain economic sectors, macroeconomic interests, security, foreign relations and the peaceful coexistence of peoples.

Compliance risk areas - Exemplary characteristics

  • Violation of regulations regarding customs clearance (incl. AEO-E53 product declaration)
  • Violation of export control regulations and recipient verification regulations (EU anti-terrorism regulations; lists of persons of the EU country embargoes;59:65US sanctions lists)
  • Violation of customs / tax regulations in destination countries
  • Violation of reporting/instruction and authorization obligations
  • Violation of the obligation to control goods, countries and use  
  • Missing audit of Conflict Minerals  
  • Lack of review of sanctions and embargo lists  
  • Inadequate data collection for goods-related controls

Possible legal consequences in the event of infringement of cross-border deliveries of goods by the company and the resulting infringement of German, international laws or laws of third countries:

  • Fines
  • Criminal liability
  • Revocation / withdrawal of customs simplifications with regard to AEO status / authorizations if unreliability is established

Key laws (selection)

  • AWG
  • AWV
  • Customs Act
  • US/EU sanctions (sanctions and embargo lists)
  • US/EU Export Controls

Antitrust law

Explanation

All legal norms that serve to ensure free competition. For example, agreements or concerted practices between companies that hinder, distort or restrict competition are generally prohibited. This may include agreements or concerted practices on final prices between competitors as well as on the allocation of markets or customers. In principle, exclusivity agreements (exclusive supply, non-competition clauses) are also restrictive of competition, which result in suppliers/manufacturers
only having supply relationships with one buyer/customer and thus excluding other suppliers or buyers from the sale or purchase of the goods concerned. Finally, a dominant market position or relative strength compared to smaller competitors may not be exploited to discriminate.

Compliance risk areas - Exemplary characteristics

  • Restrictive agreements or practices
  • Exchange of information with competitors, e.g. as part of an association activity or participation in data collections for market overviews, standardization, etc.
  • Violation of merger control regulations (e.g. execution before clearance, “gun jumping”)
  • Abuse of a dominant market position through exploitation, obstruction (undercutting with the intention of crowding out; selling below cost price; tying, etc.) or discrimination
  • Vertical contracts (i.e. with suppliers, sales intermediaries, wholesalers and retailers, customers), e.g. exclusivity agreements, tying arrangements, restrictions on use, minimum price requirements, non-compete clauses

Possible legal consequences of agreements that restrict competition or abuse a dominant market position to the detriment of customers, suppliers or competitors:

  • Fines Germany and EU of up to 10% of the total turnover of the group of companies (including all natural or legal persons operating as a single economic entity) in the financial year preceding the decision imposing the fine
  • Claims for damages (follow-on claims by third parties), injunctive relief and injunctive relief
  • Compliance monitorship under US law
  • Civil law invalidity of the underlying contracts
  • Prohibition of the execution of transactions

Key laws (selection)

  • ARC
  • Art. 101, 102 TFEU
  • FKVO
  • Cartel Regulation  
  • Further EU regulations

Fair trading law

Explanation

Unfair competition law comprises all legal norms that aim to protect competitors, consumers and other market participants from unfair business practices in the interests of undistorted competition. Unfair business acts are, for example, if they are misleading or deliberately hinder competitors.

Compliance risk areas - Exemplary characteristics

  • Inducing future employees to pass on business or trade secrets of their future employer
  • Unfair comparative advertising
  • Misleading advertising
  • Disparagement of a competitor
  • Unfair design of advertising measures or advertising brochures
  • Incorrect price labeling
  • Unfair advertising with price reductions  
  • Inadmissible bait offers to consumers

Possible legal consequences of violations

  • Civil law claims for removal, injunctive relief, disclosure and damages by third parties.
  • Claims for damages and profit absorption that can be asserted by competitors, consumer protection and industry associations  
  • Imprisonment for up to five years or deliberately misleading advertising to a larger group of people  
  • Fine

Key laws (selection)

  • UWG
  • “passing off” in the Anglo-Saxon legal system
  • Appendix to Section 3 (3) UWG
  • (Incitement or aiding and abetting) § 17 UWG; § 266 StGB

Public procurement law

Explanation

All rules and regulations that prescribe the procedure for the public sector when purchasing goods and services.

Compliance risk areas - Exemplary characteristics

  • Violation of procurement regulations

Possible legal consequences of violations

  • Nullity / ineffectiveness of contracts
  • Contestability of contracts, surcharges
  • Frustrated expenses in the event of exclusion from proceedings for formal reasons

Key laws (selection)

  • Directive 2014/24/EU on public procurement
  • § Section 97 GWB et seq.
  • Public procurement and contract regulations VOL/A, VOB/A and VOF

Tax law

Explanation

All legal norms relating to the assessment and collection of taxes and duties.

Compliance risk areas - Exemplary characteristics

Violations of the tax code, e.g. in relation to

  • Tax returns and tax registrations
  • Documentation / and archiving obligations, recording / reporting obligations
  • Tax arrangements (e.g. claiming tax benefits, restructuring)

Violations of VAT, e.g. if an incorrect VAT identification number is used.

Violations of wage tax, e.g. in relation to company events: Although taxable company events are held, they are not taxed.

Violations of income tax, e.g.

  • as an accompanying offense in cases of interference with company assets and corruption
    (e.g. prohibition of tax deductions for bribe payments) and violations of accounting rules (accounting fraud).
  • in relation to donations and sponsoring.

Violations of transfer pricing regulations, e.g. in relation to.

  • CbCR control:
    There is no regular control of the turnover figure relevant for the preparation of a CbCR.
  • Permanent establishment: It was not recognized / investigated that a permanent establishment exists or it was not taken into account for tax purposes.
  • Transfer pricing documentation: Missing transfer pricing documentation.

Possible legal consequences of violations

  • Imprisonment and fine
  • Fines for the company and managers
  • Personal liability of the managing directors
  • Unilateral assessment of the tax in the absence of or inadequate cooperation (“hate assessment”)  
  • Late payment surcharges  
  • Interest

Key laws (selection)

  • EStG Income Tax Act
  • GewStG Trade Tax Act
  • UStG Value Added Tax Act
  • KStG Corporation Tax Act  
  • GrStG Property Tax Act  
  • EnergieStG Energy Tax Act
  • GrEStG Real Estate Transfer Tax Act
  • EU Customs Code
  • AO + ancillary laws (UStG, ZollV, transfer prices, etc.)  
  • SGB III, IV, V, X  
  • OECD Model Tax Code

Corporate Governance

Explanation

Good corporate governance is one of the most important components of a compliance management system. It is about internationally and nationally recognized standards of good and responsible corporate governance. These are reflected in various laws. These include compliance with the management’s duty of care and business ethics. Judgement Rule. For listed companies, the German Corporate Governance Code (GCGC) sets the standards for the management and supervision of German listed companies. The GCGC is not a directly applicable law, but rather a best practicecode on the basis of “comply or explain” . The GCGC is implemented by law via the mandatory Declaration of conformity of the Management Board in accordance with Section 161 AktG. However, the GCGC provides a regulatory framework for good corporate governance not only for stock corporations, but also for all other companies.

Compliance risk areas - Exemplary characteristics

  • Exceeding the entrepreneurial scope for decision-making within the scope of the duty of care by the company management
  • Incorrect submission of the Declaration of Conformity pursuant to Section 161 AktG
  • Conflicts of interest
  • Unethical or discriminatory behavior
  • Disregarding the requirements for the composition of the Management Board and Supervisory Board (quota of women)
  • Lack of compliance management system, including whistleblower/whistleblowing system
  • Non-observance or non-implementation of compliance requirements of business partners
  • Incorrect final audit

Possible legal consequences of violations

  • Claims for damages against the Executive Board or management
  • Fine against company
  • Contestation of a discharge resolution on the basis of a declaration of compliance in violation of Section 161 AktG  
  • Violation of general duties of care, insofar as the provisions of the GCGC have become the general standard of conduct
  • Exclusion of orders

Key laws (selection)

  • DCGK
  • § 30 OWiG
  • One-Third Participation Act/Co-determination Act
  • § Section 43 (1) GmbHG
  • § Section 93 (1) sentence 2 AktG
  • Whistleblower Protection Act (HinSchG)

Company law

Explanation

All legal norms relating to the formation, life and termination of associations of persons under company law. This includes in particular

  • The rights and duties of the executive bodies
    (usually the shareholders’ meeting and management and, if applicable, a supervisory board)
  • Financial constitution: Who has to pay for the company’s debts and when? Who is entitled to the dividends and when and under what conditions can they be distributed?
  • Liability of the executive bodies, in particular management (and secondarily) supervisory board

Compliance risk areas - Exemplary characteristics

  • Violations of requirements for the formation, conversion and liquidation of (subsidiary) companies
  • Violations of requirements relating to board duties, financing, reporting, auditing, etc.  
  • Failure to fulfill shareholder obligations  
  • Violations of requirements for capital increases  
  • Violations of requirements for shareholder loans  
  • Unlawful dealings with the company’s partners/shareholders (e.g. minority shareholders) – return of capital contributions, concealed profit distribution, reaching into the company’s coffers to destroy its existence

Possible legal consequences in the event of a breach of company law provisions

  • Ineffective corporate law measures resulting in uncertainties regarding the corporate structure
  • Ineffective capital measures with resulting uncertainty regarding the financing of the company
  • Personal liability of the executive bodies (managing directors, supervisory board members)

Key laws (selection)

  • HGB
  • German Stock Corporation Act
  • GmbHG
  • SEAG
  • Transformation Act

Financial reporting

Explanation

The law on accounting and balance sheets encompasses all legal norms which, in the interests of creditors, company owners and the state, impose requirements for an orderly, accurate, complete and comprehensible record of a company’s business transactions and annual financial statements that meet these requirements.

Compliance risk areas - Exemplary characteristics

  • Violation of financial reporting and accounting regulations derived therefrom
  • Incomplete and/or non-transparent accounting
  • Violation of documentation and archiving obligations

Possible legal consequences in the event of a breach of company law provisions

  • Invalidity of the financial statements
  • Fines and administrative penalties for the company, the management and the Supervisory Board
  • Criminal liability, e.g. in the event of a false balance sheet oath or incorrect presentation
  • Personal liability of the management and the Supervisory Board

Key laws (selection)

  • HGB
  • GoB
  • WpHG
  • German Stock Corporation Act
  • IAS / IFRS

Logistics law

Explanation

All legal standards relating to the storage, handling and transportation of goods
that are intended to ensure the safety of persons employed in the provision of such services, road traffic and
the public. The standards are partly aimed at the clients of such services, partly
at the logistics providers (
insbs. freight forwarders).

Compliance risk areas - Exemplary characteristics

  • Failure to check the forwarding company to be commissioned as to whether it has a permit or authorization to carry out road haulage business and whether properly employed personnel are used.
  • Violation of driving and rest periods for truck drivers  
  • Failure to verify payment of the minimum wage and payment of social security contributions for employees, including those of the service provider’s subcontractors  
  • Lack of due diligence when securing the freight  
  • Lack of safety measures for the transportation of dangerous goods

Possible legal consequences of violations

  • Fines
  • General contractor liability
  • Subcontractor liability (new Parcel Carrier Protection Act)

Key laws (selection)

  • GüKG
  • Art. 6 to Art. 8 EEC Regulation, No. 561/2006  
  • EC Regulation No. 1072/2009  
  • Driving Personnel Ordinance  
  • GGVSEB  
  • GGBefG  
  • StVG, StVO and StVZO  
  • MiLoG, Parcel Courier Protection Act

Product conformity

Explanation

All legal standards that set out general or specific requirements for the product development process and the properties of products, as well as their manufacture, approval, monitoring, storage, declaration or placing on the market and distribution. On the one hand, the aim is to protect consumers from the disadvantages of unsafe products (product liability). On the other hand, sustainability aspects based on the European Green Deal are also playing an increasingly important role. These are often highly industry or sector-specific .

Compliance risk areas - Exemplary characteristics

Incorrect implementation of legal requirements for products, in particular:

  • Information on the characteristics of a product (composition, packaging, instructions for assembly, installation, maintenance, service life) at the time of sale;
  • Product-related information
    (presentation, labeling, warnings, instructions for use and operation, information on disposal); in particular CE marking on sale

    Provision of incorrect information in product approval / homologation

    Incorrect implementation of traffic / product safety obligations

    Failure to recall defective products

    Violation of special due diligence and documentation obligations in connection with the placing on the market of certain products due to legal regulations for the implementation of the European Green Deal, e.g.

  • Obligation to ensure deforestation-free supply chains for the provision and export from the Union market of cattle, cocoa, coffee, oil palms, soy and timber and their products.
  • Registration obligation, take-back and disposal obligation as well as information obligations when placing electrical or electronic equipment on the market.
  • Obligation to comply with special sustainability and safety requirements, labeling and information obligations when manufacturing and placing batteries on the market.
  • Obligation of companies that import tin, tantalum, tungsten, their ores and gold in certain quantities into the EU to implement a functional risk management system as well as due diligence, documentation and testing obligations for imported products with regard to human rights violations in mining areas and through trade

Possible legal consequences of violations

  • official orders (prohibition of marketing / further distribution; product recalls)
  • Fines for manufacturers, importers and other norm addressees
  • Criminal consequences (fines and imprisonment)  
  • Claims for damages  
  • Consequences under competition law  
  • Import bans
  • EU-wide notification of the product via RAPEX and other publication obligations

Key laws (selection)

  • Product Safety Act (ProdSG)
  • Product Liability Act (ProdHaftG)
  • Electromagnetic Compatibility Act (EMVG)
  • Food and Feed Code (LFGB)
  • Consumer protection laws; including
    Consumer Information Act (VIG)
  • Electrical and Electronic Equipment Act (ElektroG)
  • Industry-specific laws, e.g. AMGKostV (Ordinance on Costs for the Authorization
    and Registration of Medicinal Products)
  • EU Deforestation Regulation (Regulation (EU) 2023/1115 (EUDR))
  • EU Battery Regulation
  • EU Conflict Minerals Regulation (Regulation (EU) 2017/821)

Real estate & property law

Explanation

All legal norms, which include civil law, as well as public law regulations in connection
with land or buildings. These include, for example, standards in connection with the construction, acquisition, ownership, sale and required properties of real estate.

Compliance risk areas - Exemplary characteristics

  • Premature use of an erected building
  • Missing building permit and approved use (permits for changes of use, fulfillment of conditions)
  • Violation of immission control law

Possible legal consequences of violating real estate regulations when acquiring, using and renting real estate and land

  • Entry in the central trade register  
  • Fines and administrative penalties
  • Financial losses

Key laws (selection)

  • BauGB
  • Land register order
  • State building regulations  
  • BauNVO  
  • GERMAN CIVIL CODE

Protection of intellectual property

Explanation

Intellectual property law encompasses all regulations relating to the protection of intangible rights,
such as copyrights or trademark rights.

Compliance risk areas - Exemplary characteristics

  • Infringement of third-party industrial property rights and related regulatory requirements  
  • Loss of ownership due to inadequate patent and trademark management

Possible legal consequences of violating intellectual property and copyright regulations

  • Fines
  • Fine or prison sentence
  • Injunctive relief, rights to information, damages and other civil law claims, e.g. for destruction, recall, correction, etc. of the owner of an industrial property right
  • Civil liability claims, e.g. claims for injunctive relief, disclosure and damages from third parties
  • Import bans

Key laws (selection)

  • PatG  
  • UWG  
  • Copyright Act  
  • Trademark law

Data protection law

Explanation

All legal norms that protect the right to informational self-determination of every natural person against impairments caused by unauthorized collection, processing and use of personal data. of personal data (individual details about personal or factual circumstances of an identified or identifiable natural person).

Compliance risk areas - Exemplary characteristics

  • Unauthorized collection, use, processing of personal data (e.g. employees, customers, suppliers)
  • Data transfer within the Group without an agreement on commissioned processing or further requirements for the transfer of functions
  • Data transfer to service providers who process personal data in accordance with instructions without an agreement on commissioned processing or joint responsibility    
  • Lack of security breach notification in the event of unlawful access to data by third parties (data breaches)  
  • Failure to report data breaches to the competent data protection supervisory authority by the deadline or failure to notify the data subject if the relevant requirements are met  
  • Lack of prior checks for automated data processing, e.g. in the case of particularly sensitive personal data and, if necessary, the implementation of required data protection impact assessments
  • Unauthorized video surveillance 
  • Violation of telecommunications secrets  
  • Access to employees’ emails with private content as part of internal company investigations  
  • Violation of regulations regarding data transmission abroad  
  • Failure to implement the erasure of personal data  
  • New products / IT applications / systems: Integration of data protection to ensure privacy by design / by default and the implementation of all other data protection requirements  
  • No compliance with information obligations and data subject rights  
  • Failure to take risk-oriented technical and organizational measures to protect personal data

Possible legal consequences if data protection laws are violated when handling personal data

  • Fines  
  • Requirements, orders from authorities
  • Legal uncertainty regarding the permitted or tolerated private use of e-mail and the Internet by employees combined with the risk of criminal liability for the employer  
  • Claims for damages by affected parties
  • Reputational damage

Key laws (selection)

  • GDPR  
  • BDSG  
  • § 88 ff. (91ff.) TKG  
  • § 11 ff. TMG  
  • § Section 4 I BDSG in conjunction with. (examples) § 28a SGB IV or § 99 SGB III

Digitalization law

Explanation

Advancing digitalization offers opportunities for new innovations and the development of new markets. This is accompanied by numerous new legislative proposals to promote and regulate digitalization. As a cross-sectional legal matter, the new “digital law” touches on many sub-disciplines, such as competition, data protection and antitrust law. In addition, there are new forms, such as data access claims under the Data Act, as well as numerous new market regulation provisions, such as the Digital Market Act and Digital Services Act. Keeping pace with all these new legal requirements is an ever-increasing challenge for companies.

Compliance risk areas - Exemplary characteristics

  • Failure to take the measures necessary to exempt providers of pure conduit, caching or hosting services from liability in relation to illegal content (e.g. not acting swiftly to remove illegal content as soon as they become aware of it [“notice and takedown”])
  • Failure or inadequate content moderation in relation to illegal content, including a harmonized reporting and action mechanism, internal and external redress possibilities, fast processing of necessary measures
  • Failure to remove terrorist online content within one hour of receiving a removal order from the authority or lack of protective measures
  • Non-compliance with various information and transparency obligations
  • Violation of seller verification obligations for B2C online marketplaces and app stores (“know your business customer” – KYBC)
  • Breach of obligations regarding quality criteria for AI training, validation and test data for high-risk AI systems
  • Failure to comply with record-keeping obligations that enable traceability of the operation of the AI system
  • Failure to implement an AI quality management system, including for data management, including data collection, analysis, labeling, storage, etc.
  • Breach of obligations for providers of high-risk AI systems with regard to the maintenance of automatically generated logs
  • Failure to comply with the obligation to protect personal data against unlawful transfer to a third country outside the EU
  • Breach of the obligation to design products and services in such a way that the data generated by their use is easily, securely and directly accessible to the user by default
  • Failure to provide the generated data to the user upon request without undue delay or cost
  • Failure to provide the generated data to third parties at the request of a user
  • Not providing data to a data recipient on fair, reasonable and non-discriminatory terms
  • Non-immediate provision of data to public authorities in the EU if there is an exceptional need for the requested data
  • Non-availability of the offer to easily switch cloud customers to another cloud provider

Possible legal consequences of violations

  • Removal and injunction, usually by interim injunction, if necessary immediate distribution/sales stop  
  • Claims for damages by consumers or competitors  
  • Skimming of profits, fines and exclusion from public contracts and financial aid  
  • Imprisonment or fine

General damage

  • Reputational damage
  • Financial impact, e.g. through non-conclusion, termination or non-renewal of contracts or loans due to violation of compliance obligations

Key laws (selection)

  • Digital Services Act (DSA) [EU]
  • Digital Markets Act (DMA) [EU]
  • Data Governance Act (DGA) [EU]
  • Regulation on the operational resilience of digital systems in the financial sector (DORA) [EU]
  • Directive on rules for the protection of network and information security in “critical sectors” (NIS2) [EU]
  • Directive on the resilience of critical facilities (KRITIS) [EU]
  • Data law [EU]
  • Artificial Intelligence Act (AIA) [EU]
  • Directive on AI liability [EU] (draft)
  • ePrivacy Regulation [EU] (draft)
  • Network Enforcement Act (NetzDG)
  • Telecommunications Telemedia Data Protection Act (TTDSG)
  • ARC Digitization Act

IT security

Explanation

All legal norms that place special legal requirements on the use of information technology. This includes, for example, ensuring the availability and security of electronically stored data or protecting the rights of users of information technology systems.

Compliance risk areas - Exemplary characteristics

  • Lack of protection of the company against espionage and misuse
  • Lack of network protection against hacker or other attacks
  • Lack of implementation and maintenance of security measures, to protect IT networks from cyber attacks, which can lead to data blocking / loss and possibly business interruption  
  • Insecure electronic signature

Protection from

  • Attacks on IT systems  
  • Computer crime  
  • Data loss (information security / confidentiality)

Key laws (selection)

  • IT basic protection catalogs of the BSI
  • ISO 27001 / ISO 20000 / ISO 17799
  • IT Security Act

Protection of trade secrets

Explanation

All legal norms subject to fines or penalties that are intended to protect facts, circumstances and processes relating to the company that are not in the public domain but only accessible to a limited group of people and which the company has a legitimate interest in not disclosing.

Legal standards relating to communication in business dealings include minimum requirements
for transparency in the company’s written communication.

Compliance risk areas - Exemplary characteristics

  • Disclosure of trade secrets  
  • Private Internet networks  
  • Incorrect management of contractual confidentiality obligations
  • Incorrect design of business letters and emails (without observing the minimum information required by law) 
  • Incorrect indication of power of representation (e.g. procuration)  
  • Incorrect imprint on the website

Possible legal consequences

  • Criminal liability  
  • Operative damage  
  • Fines if various minimum disclosures must be complied with on business documents and on the website  
  • Claims for removal and injunctive relief

Key laws (selection)

  • SEAG  
  • GmbHG  
  • TMG (Telemedia Act)  
  • HGB  
  • UWG  
  • GeschGehG

Insurance law

Explanation

All legal norms that govern the relationship between insurance companies and their customers, the regulation
of the insurance market and the need for compulsory insurance for certain risky activities.

Special topic: Distribution of so-called Extended warrantiesExtended warranties, i.e. extended warranty and service promises, together with self-manufactured or distributed products can be regulated insurance business.

There is a risk that an insurance business requiring a license exists, which the insurance supervisory authority (BaFin) can prohibit due to a lack of a license and punish with a fine.

Compliance risk areas - Exemplary characteristics

  • Breach of general public liability requirements
  • Violation of the requirements of transport and forwarding insurance law, property insurance law

Possible legal consequences of not taking out compulsory insurance or breaching insurance conditions

  • Loss of insurance cover in the event of a breach of statutory or contractual obligations (e.g. in the event of an increase in risk) and contractual obligations
  • Statutory provisions (e.g. §§ 23 ff. VVG, possibly in conjunction with § 210 VVG) and contractual agreements  

Key laws (selection)

  • Insurance Contract Act (VVG)
  • Insurance Supervision Act (VAG)

Supervisory & payment services law

Explanation

Supervisory law comprises all supervisory regulations that – in the interests of a properly functioning financial system and to ensure the functionality of payment transactions – regulate the activities of credit and financial services institutions with regard to their establishment, licensing and business activities. The payment services law deals not only with traditional payment services, such as deposit and withdrawal transactions or direct debits and credit transfers, but also with e-money transactions.

Compliance risk areas - Exemplary characteristics

The business activities of banks and other financial service providers are so tightly regulated that it would be futile to provide even an overview here. For companies outside the financial industry, typical risks include
  • Supplier financing through advance payment without reference to specific goods delivery
  • Inadequate sales financing
  • Violation of requirements for e-money products (prepaid credit card, Paysafecard)  
  • Violation of regulations on innovative internet payment products such as BitCoins  
  • Violation of requirements for financial transfer and acquisition transactions in accordance with ZAG
 

Possible legal consequences of violations

  • Obligation to obtain a license pursuant to Section 32 (1) sentence 1 KWG; ongoing BaFin supervision pursuant to KWG and application of GwG; in case of violation, OWi and criminal offences, Sections 54 et seq. KWG  
  • Obligation to obtain a license pursuant to section 10 (1) sentence 1 ZAG, ongoing supervision pursuant to ZAG and applicability of GwG; in the event of a violation, criminal offences and penalties, sections 63, 64 ZAG

Key laws (selection)

  • KWG  
  • ZAG  
  • KAGB  
  • VermAnlG  
  • § 675c ff. BGB  
  • WpHG

State aid & subsidy law

Explanation

All standards subject to fines or penalties that set out the conditions for the awarding of subsidies by the public sector and behavioral requirements for the recipient of subsidies.

Subsidies are government grants that the state awards, at least in part, without market consideration in order to achieve certain political and economic objectives. Behavioral requirements include, for example, obligations to provide truthful information on facts relevant to the grant and compliance with restrictions on use.

Compliance risk areas - Exemplary characteristics

  • Violations of requirements for the receipt of public subsidies
  • Violations of requirements for the receipt of (possibly non-notified) aid
  • Non-compliance with grant conditions
  • Financing of permanently loss-making companies
  • Lack of distinction between permissible financing of research and development and impermissible aid
  • False statements to tax authorities

Possible legal consequences of violations

  • Reclaiming subsidies granted  
  • Criminal liability  
  • Nullity / ineffectiveness of contracts

Key laws (selection)

  • Art 106 et seq. TFEU
  • EU State Aid Procedural Regulation
  • § 264 StGB
  • Public procurement and contract regulations VOL/A, VOB/A and VOF

Insolvency law

Explanation

Insolvency law regulates in particular the requirements and procedural rules of (provisional) insolvency proceedings. The mandatory grounds for filing for insolvency include insolvency (Section 17 InsO) and over-indebtedness (Section 19 InsO). If there is only a threat of insolvency (Section 18 InsO), an application for insolvency can be filed, but – unlike in the case of insolvency or over-indebtedness – there is no obligation to file for insolvency. obligation to apply of the management (or in the case of non-management: of the shareholder(s)). The Insolvency Code and the corresponding company law standards stipulate, in particular, monitoring duties of the managing directors with regard to the existence of mandatory grounds for filing for insolvency and link the breach of these duties to consequences under liability and criminal law (delay in filing for insolvency, personal liability of the managing director, possibly liability for fraudulent inducement). Insolvency criminal law (Sections 283 et seq. of the German Criminal Code (StGB)) also sanctions, in particular, asset transfers during a company’s economic crisis and, for example, breaches of accounting obligations. Furthermore, substantive insolvency law also contains provisions that primarily serve to take account of the principle of equal treatment of creditors. These include the law on avoidance in insolvency (Sections 129 et seq. InsO), but also the prohibitions on offsetting under insolvency law (Sections 95, 96 InsO), which are aimed in particular at reversing creditor-disadvantageous shifts in assets in the interests of the creditor community.

Compliance risk areas - Exemplary characteristics

  • Lack of (ongoing) audit of the company’s economic situation (the audit obligations intensify the more signs of an economic crisis there are); implementation of an early warning system  
  • Failure to check insolvency filing obligations Is there insolvency? Is there over-indebtedness? Is there a positive going concern prognosis?)  
  • Lack of documentation of the audit procedures (documentation of the reasons why there is no insolvency and no over-indebtedness)  
  • Asset transfers in the economic crisis stage (examination of avoidance risks/examination of liability risks)  
  • Deception of contractual partners in the event of insolvency  
  • Participation in a cash pool if there are signs of an economic crisis
  • Failure to review and, if necessary, adjust processes if the company wishes to maintain business relations with a business partner in crisis (protection against insolvency risks of the contractual partner)

Possible insolvency law risks and legal consequences

  • Personal liability of the managing director and – in the case of unmanaged companies – the shareholders  
  • Criminal liability

Key laws (selection)

  • InsO (in particular § 15a,b InsO)
  • § 9 GmbHG, § 30, 31 GmbHG
  • § 93, 92 para. 1
  • § Section 130a, 177 HGB
  • § 283 ff. StGB
  • § Section 263 StGB (fraudulent inducement)
  • Act on the Stabilization and Restructuring Framework for Companies (StaRUG)

Capital market law

Explanation

All legal norms that regulate the issuance and trading of tradable investment instruments and aim to protect both the individual investor and the functioning of the capital market and the economy.

Compliance risk areas - Exemplary characteristics

  • Violation of notification obligations under capital market law: e.g. ad hoc publicity, transactions by executives, voting rights notifications in the event of a change in the total number of voting rights and if thresholds are reached  
  • Market manipulation  
  • Insider trading and unlawful disclosure of inside information  
  • Obligation to maintain insider lists and to instruct the persons included  
  • Violation of regulations on capital and payment transactions (cross-border payments, foreign exchange restrictions)

Possible legal consequences in the event of a breach of capital market regulations due to the company's (in)activity

  • Fines or imprisonment for individuals  
  • Fines for companies

Key laws (selection)

  • Stock Exchange Act  
  • WpHG  
  • German Stock Corporation Act  
  • Market Abuse Regulation

Collective labor law

Explanation

All legal norms and regulations concerning the employer’s relationship with trade unions
and employee representatives.

Compliance risk areas - Exemplary characteristics

  • Violation of collective agreement regulations (e.g. working hours, remuneration)  
  • Violation of corporate co-determination standards  
  • Violation of standards under works constitution law  
  • Violation of minimum wage agreements  
  • Non-compliance with company agreements

Possible legal consequences of non-compliance / violation of existing collective bargaining law or co-determination regulations

  • Invalidity of internal measures (e.g. regulations or dismissals)  
  • Obligations to refrain  
  • Compensation for damages

Key laws (selection)

  • Collective Bargaining Act (TVG)  
  • BetrVG  
  • Codetermination Act  
  • DrittelbG  
  • Staff representation law (public companies)

Social security law

Explanation

Social security contribution and administrative obligations from unemployment, health, long-term care, pension and accident insurance.

Compliance risk areas - Exemplary characteristics

  • Violation of social security contributions, reporting/recording obligations  
  • Undeclared work  
  • Violation of regulations on temporary employment (temporary and agency work, contracts for work and services)
  • Bogus self-employment (permanent temporary staff, including well-paid IT freelancers)  
  • Incorrect payroll tax matters (e.g. liability for correct withholding and payment, record-keeping obligations)

Possible legal consequences in the event of a breach of social security obligations

  • Employer’s liability for social security contributions on a net basis plus late payment penalties and 30-year limitation period  
  • Back wage tax payments  
  • Official requirements / orders  
  • Fines  
  • Imprisonment or fine.  
  • Exclusion from public contracts

Key laws (selection)

  • AÜG  
  • SchwarzArbG  
  • SGB  
  • StGB (inter alia § 266a StGB)  
  • Minimum Wage Act – § 13 MiLoG

Individual labor law

Explanation

All legal norms relating to gainful employment. This includes regulations governing the specific relationship between employer and employee.

Compliance risk areas - Exemplary characteristics

  • Violation of regulations on the posting of employees
  • Violation of requirements regarding foreign employees (work permit/residence permit/authorization from the Federal Employment Agency)
  • Violation of general equal treatment, “discrimination”, “bullying”, “sexual harassment”
  • Violation of partial retirement requirements
  • Violation of working time laws
  • Pseudo self-employment
  • Violation of the general statutory minimum wage
  • Violation of employment protection rights, maternity protection/parental leave law, homeworkers/severely disabled and youth employment protection
  • Lack of whistleblowing system

Possible legal consequences in the event of a breach of employee rights

  • Imprisonment or fine  
  • Fines against management and / or company  
  • Damages (or compensation)  
  • Exemption from costs  
  • Invalidity of agreements

Key laws (selection)

  • ATG  
  • BBiG  
  • AGG  
  • AEntG  
  • ArbZG  
  • Residence Act, Freedom of Movement Act / EU, Asylum Procedure Act
  • KSchG 
  • MuSchG  
  • JuArbSchG  
  • Minimum Wage Act – MiLoG  
  • Whistleblower Protection Act (HinSchG)

Occupational safety & protection

Explanation

All legal standards that provide for measures to prevent accidents at work and to avoid work-related health hazards.

Compliance risk areas - Exemplary characteristics

  • Violation of working time laws  
  • Insufficient compliance with the requirements for workplaces
  • Violation of maternity / severely disabled / youth employment protection  
  • Breach of the employer’s duty of care (incl. pandemic, personal and plant protection, including abroad)  
  • Insufficient measures to protect the health and safety of employees at work  
  • Violation of accident prevention regulations of the employers’ liability insurance associations  
  • Violation of regulations regarding the safety of construction sites  
  • Failure to fulfill client obligations / supervision  
  • Lack of protection of the company against external physical disasters

Violation of occupational health and safety laws. Possible legal consequences

  • Compensation for damages  
  • Compensation  
  • Decommissioning of installations or subsequent orders/conditions  
  • Prohibition of the implementation of planned technical measures such as the commissioning of a machine  
  • Criminal liability for negligent bodily injury or negligent homicide of the persons responsible for the inspection involved  
  • Exclusion from public tenders  
  • Imprisonment or fines for violation of occupational safety laws by management or delegation recipients  
  • Fines against management, delegation recipient and / or company

Key laws (selection)

  • ArbSchG  
  • ASiG  
  • ArbZG  
  • ArbStättV  
  • Code of Conduct  
  • BetrSichV  
  • Construction Site Ordinance  
  • Home Work Act  
  • GewO  
  • Federal Mining Act, Chemicals Act,  
  • Explosives Act