Germany Archives

The coalition agreement includes noteworthy planned changes in the area of white collar and international trade law that identify trends that will shape the near-term future of businesses operating in Germany and the EU.

On May 6, Friedrich Merz was elected Germany’s new Chancellor, marking the start of the new legislative period. The incoming government – formed by a coalition of the center left and right parties CDU, CSU, and SPD – recently published its coalition agreement.[1]

The coalition agreement outlines the common legislative goals of the German Government for the next four years.

Enforcement proceedings in money laundering cases shall become more efficient

In the area of financial crime, federal-level competencies will be consolidated. Cooperation and information exchange between the federal and state governments, as well as with national and international organizations, the EU, and the European Anti-Money Laundering Authority (AMLA), are to be improved.[2]
Improvements in anti-money laundering efforts are planned, particularly in light of the upcoming evaluation by the Financial Action Task Force (FATF).[3] These plans are not entirely new initiatives, as they had already been put forward by the previous government in light of Germany’s poor FATF assessment.
Gaps in the German Transparency Register, which is a central database that records information on the beneficial owners of legal entities, are to be closed.[4]
Legal transactions by legal entities exceeding a net amount of EUR 10,000 may not be carried out by parties subject to anti-money laundering obligations if one or more beneficial owners cannot be identified.[5]

Lowering the thresholds for asset seizures shall help fighting organized crime

An administrative procedure for asset investigation is to be introduced, with the aim of securing suspicious high-value assets where a legal origin cannot be clearly demonstrated.[6]
Existing asset seizure instruments are to be further developed and supplemented by a procedure for confiscating assets of unclear origin.[7]
The fight against organized crime is to be intensified by fully reversing the burden of proof in the confiscation of assets of unclear origin.[8]

EU-Directives on Corporate Crimes shall be implemented, but initiatives to reform German law relating to Corporate Crimes will not be pursued

Unlike the previous coalition agreements[9], the new agreement includes neither plans to regulate internal investigations nor to introduce any legal framework for corporate criminal law. However, it is likely that the EU Anti-Corruption Directive will have to be implemented during this legislative period, which may result in relevant changes in these two areas.

Supply Chain Due Diligence Requirements shall be brought in line with updated EU-Directives and the German Supply Chain Due Diligence Act will be repealed

The German Supply Chain Due Diligence Act (LkSG) is to be repealed. It is planned to replace it with a new “International Corporate Responsibility Act” designed to implement the European Corporate Sustainability Due Diligence Directive (CSDDD) in a low-bureaucracy and enforcement-friendly manner.[10]
The reporting obligations under the LkSG are to be abolished immediately and permanently.[11]
It is planned that existing due diligence obligations will not be sanctioned, except for severe human rights violations, until the new law comes into force.[12]

FDI and Export Control topics will remain high on the agenda, while making processes more efficient

The German Foreign Trade Act is to be revised. Screening and licensing procedures are to be made faster, simpler, and more practical. Foreign investments that conflict with national interests – particularly in critical infrastructure and strategic sectors – are to be effectively blocked.[13]
The effective national implementation of sanctions due to Russia’s war of aggression is to continue to be ensured. The EU’s plans to impose tariffs on fertilizer imports from Russia and Belarus are to be endorsed.[14]
Export licensing procedures are to be simplified and accelerated, with the aim of a paradigm shift in German international trade law. Comprehensive checks are to be replaced by targeted checks on a random basis, supported by heavy penalties for violations. Within the scope of this system, prior export authorizations would no longer be required.[15]
Germany’s China Strategy is to be revised in accordance with the principle of “de-risking”.[16]

To what extent these plans will be implemented in detail remains to be seen in the next few months.

[1] Coalition Agreement of the 21st legislative period, can be found on the websites of the three parties CDU: here; CSU: here; SPD: here; and the German Bundestag: here.

[2] Coalition Agreement of the 21st legislative period, para. 1548 et. seq.

[3] Ibid., para. 1545 et. seq.

[4] Ibid., para. 1550.

[5] Ibid., para. 1550 et seq.

[6] Ibid., para. 1553 et seq.

[7] Ibid., para. 1556 et seq.

[8] Ibid., para. 2261 et seq.

[9] Coalition Agreement of the 19th legislative period, p. 126; Coalition Agreement of the 20th legislative period, p. 111.

[10] Coalition Agreement of the 21st legislative period, para. 1909 et. seq.

[11] Ibid., para. 1911 et seq.

[12] Ibid., para. 1913 et seq.

[13] Ibid., para. 275 et seq.

[14] Ibid., para. 287 et seq.

[15] Ibid., para. 290 et seq.

[16] Ibid., para. 297 et seq.

The following Gibson Dunn lawyers prepared this update: Benno Schwarz, Katharina Humphrey, Nikita Malevanny, Karla Böltz, and Annabel Dornauer*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of Gibson Dunn’s White Collar Defense & Investigations or International Trade Advisory & Enforcement practice groups, or the authors in Munich:

Benno Schwarz (+49 89 189 33 210, bschwarz@gibsondunn.com)

Katharina Humphrey (+49 89 189 33 217, khumphrey@gibsondunn.com)

Nikita Malevanny (+49 89 189 33 224, nmalevanny@gibsondunn.com)

Karla Böltz (+49 89 189 33 219, kboeltz@gibsondunn.com)

Annabel Dornauer* (+49 89 189 33 463, adornauer@gibsondunn.com)

*Annabel Dornauer is a trainee attorney in Munich and is not admitted to practice law.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.

An overview of certain recent developments and legislative changes that may affect the M&A market and the transaction business in Germany, originally published in M&A Review, 36, Volume 1-2/2025.

Gibson Dunn partner Sonja Ruttmann, of counsel Silke Beiter, and associates Maximilian Schniewind and Yannick Oberacker from our Munich office co-authored In the Play of Regulations: Outlook on Relevant Legislative Changes for the M&A Practice in 2025, originally published in M&A Review on February 13, 2025. The article gives an overview of certain recent developments and legislative changes that may going forward affect the M&A market and the transaction business in Germany.

Please click HERE to view, download or print this article in English language.

Sonja Ruttmann, Silke Beiter, Maximilian Schniewind und Yannick Oberacker aus Gibson Dunns Münchner Büro fassen in ihrem Artikel Im Spiel der Verordnungen: Ein Ausblick auf relevante Gesetzesänderungen für die M&A-Praxis 2025, der am 13. Februar 2025 in der M&A Review erschien, ausgewählte aktuelle Entwicklungen und Gesetzesänderungen mit Blick auf den M&A-Markt und das Transaktionsgeschäft in Deutschland zusammen.

Zum Beitrag in deutscher Sprache (im PDF-Format) gelangen Sie HIER.

The following Gibson Dunn lawyers prepared this article: Sonja Ruttmann, Silke Beiter, Maximilian Schniewind, and Yannick Oberacker.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. For further information, please contact the Gibson Dunn lawyer with whom you usually work, any leader or member of the firm’s Mergers and Acquisitions or Private Equity practice groups, or the authors in Munich:

Sonja Ruttmann (+49 89 189 33 256, sruttmann@gibsondunn.com)
Silke Beiter (+49 89 189 33 271, sbeiter@gibsondunn.com)
Maximilian Schniewind (+49 89 189 33 274, mschniewind@gibsondunn.com)
Yannick Oberacker (+49 89 189 33 282, yoberacker@gibsondunn.com)

This update examines why Germany does not require anti-(anti) suit injunctions and how EU entities with a nexus to Germany can counter Russian avoidance tactics in German courts, particularly in light of Russian anti-arbitration injunctions based on Article 248.1 of the Russian Arbitration Procedure Code. It highlights the existing tools within the German legal system available to affected parties, illustrating why Germany need not adopt Anglo-American-inspired anti-suit injunctions.

I. Introduction

Over the past months, there has been quite a number of cases in which Russian entities have resorted to local courts, asking the court to claim exclusive jurisdiction over a dispute with EU-domiciled opponents and applying for an anti-arbitration injunction on the basis of Article 248.1 of the Russian Arbitration Procedure Code – despite an obviously valid arbitration agreement. It may well be said that, unsurprisingly, in almost all of these cases, this led to a detrimental judgment for the involved EU party,[1] including the issuance of extremely high fines in case of non‑compliance with the injunction. It is needless to say that these state court proceedings do not adhere to the rule of law. This approach exposes EU‑parties to a high economic risk, especially when judgments are to be enforced in countries where the EU entity has assets, though enforcement within EU member states remains unlikely.

This article analyzes how EU entities with nexus to Germany may tackle these avoidance tactics of Russian parties before German courts. In particular, the article examines which tools the German legal system already provides for affected parties and whether there is an actual need for the German jurisprudence to introduce the concept of anti‑suit injunctions, as inspired by Anglo‑American legal systems. Perhaps surprisingly, the German legal system already seems to provide sufficient instruments parties can resort to in order to protect themselves and finally bring their case to arbitration.

II. Background

1. Articles 248.1, 248.2 Russian Arbitration Procedure Code

In response to EU sanctions, Russia introduced amendments to its Arbitration Procedure Code to protect “the rights of individuals and legal entities in connection with restrictive measures introduced by a foreign state (…) or state association” in 2020.[2] This legislation gives Russian state courts the power to claim exclusive competence over disputes involving “sanctioned” parties even if the parties have explicitly agreed to submit their disputes to arbitration (Article 248.1). The only requirement is that arbitration outside of Russia is “not feasible” due to the application of restrictive measures against one party by a foreign state, which must create an “obstacle to access to justice” for that party (Art. 284.1(4)). The Russian courts interpret this requirement very broadly, as recent decisions have shown. Accordingly, obstacles to access to justice are assumed if a party is subject to “sanctions” imposed by the state in which arbitral proceedings are meant to take place. Further, parties may apply for an anti‑arbitration injunction before Russian courts in these situations (Art. 248.2).

Thus, the Russian Arbitration Procedure Code not only gives Russian entities the possibility to avoid arbitration agreements and go to state court instead, but also to effectively fend off upcoming or pending arbitral proceedings. Considering that Russian courts, when issuing anti‑suit injunctions, have often imposed additional fines in case of non-compliance, those new instruments may have serious consequences for EU parties wanting to enforce a claim or an arbitral award in Russia.

The number of anti-arbitration injunctions based on Art. 248 issued by Russian courts has significantly risen in the past two years.[3] When rendering those injunctions, Russian courts frequently invoke allegedly sweeping restrictions of Russian entities even if the company in question is not directly sanctioned under EU law. In particular, Russian courts have been arguing that Russian parties would not obtain sufficient legal representation in the EU, resorting to the ban on providing legal advice to Russian companies under Article 5n(2) of Regulation (EU) No. 833/2014 (EU-Sanctions Regulation). It has been definitively confirmed, however, that these arguments lack any foundation, as demonstrated by the General Court of the European Union: In three very recent decisions, the General Court confirmed that the general prohibition on providing legal advice to the Russian entities or bodies established in Russia under the EU‑Sanctions Regulation does not extend to services provided in connection judicial, administrative, or arbitration proceedings, as laid down in the respective exception of Article 5n(5) of EU-Sanctions Regulation.[4]

2. The EU’s 14th Sanctions Package of June 2024

The EU responded to these developments in June 2024 by introducing provisions within a new sanctions package (Regulation (EU) 2024/1745 of 24 June 2024) setting out amendments to the EU Sanctions Regulation.[5] The sanctions package introduces a transaction ban prohibiting any direct and indirect transactions with persons and entities who have initiated claims before Russian courts based on Art. 248.1 Russian Arbitration Procedure Code, after these persons have been listed in Annex XLIII of the Regulation (Article 5ab). Further, the regulation provides EU entities with a new damage compensation mechanism in case arbitration agreements are undermined by sanctioned parties. Specifically, EU persons are entitled to damages against Russian persons or entities if (i) they initiated proceedings outside of the EU (ii) in connection with contracts or transactions affected, directly or indirectly, by EU sanctions and (iii) if no effective access to justice was provided to the EU person (Article 11a). Given that the regulation provides that entities are entitled to “any damages, including legal costs incurred by that person in a consequence of (these) claims”, damages may well include fines imposed by Russian state courts alongside with anti-arbitration injunctions. Thus, Article 11a of the EU‑Sanctions Regulation intends to provide an instrument for EU entities affected seeking to enforce damage claims within the EU. However, it is unclear how national courts of the different Member States will apply Article 11a. The regulation merely sets out the scope of the compensation, however, it does not contain any further provisions. In this regard, each Member State will apply its own civil code governing damage claims between private parties, which might lead to differences in enforcement in the relevant states.

III. German Law: Providing a powerful Toolkit

German law already provides a powerful toolkit, based both on substantive law in the German Civil Code (BGB) and on procedural law in the German Civil Procedure Code (ZPO). Essentially, a party affected by the above-described avoidance tactics has three options before a German court: (1) applying for injunctive relief under Sec. 826, 1004(1) Sentence 2 BGB analog, (2) seeking declaratory relief under Sec. 1032(2) ZPO, and (3) seeking damages. In view of the authors, these tools are sufficient to effectively protect affected parties in these scenarios, rendering the introduction of anti-(anti-) suit injunctions in the German legal system unnecessary.

1. Injunctive Relief under Sec. 826, 1004(1) Sentence 2 BGB analog

a) Background

First, it is important to note that the German legal system, whether in substantive or procedural law, generally does not recognize the technical term of anti-(anti-) suit injunctions or anti‑enforcement injunctions.[6] There is a general reluctance of German courts to issue such injunctions, irrespective of the exact legal basis on which such injunction may be based.[7] The reason for this is that under German law, there is no “right not be sued abroad”, i.e. in a non-competent forum or court outside of Germany. Further, the jurisdiction of the German courts is clearly defined and limited; German judges do not possess the power to issue discretionary decisions based on fairness (Ermessensentscheidungen nach Billigkeit).[8] However, in view of the authors, anti-(anti-) suit injunctions or anti‑enforcement injunctions issued by a German court inspired by the Anglo-American model are not necessary for a party to effectively defend itself against unjust proceedings or judgments outside of Germany. Instead, affected parties can apply for injunctive relief under Sec. 826, 1004(1) Sentence 2 BGB.

b) Substantive Basis: Sec. 826, 1004(1) Sentence 2 BGB analog

Sec. 826 BGB can form the substantive basis for injunctive relief against a Russian (“sanctioned”) party which initiated proceedings based on Art. 248.1 Russian Arbitration Procedure Code or which has already obtained a judgment from such proceedings. In fact, the injunctive relief comes somewhat close to what is considered an anti-suit injunction in Anglo‑American legal systems.

In general, Sec. 826 BGB provides relief by way of a tort claim in case there is an intentional damage inflicted in a manner offending common decency (vorsätzliche sittenwidrige Schädigung).[9] Although the intended relief provided in the wording of Sec. 826 BGB is compensation for damages in accordance with Sec. 249 et seq. BGB, it is widely acknowledged a person threatened by intentional damage may also file for injunctive relief in accordance with Sec. 826, 1004(1) Sentence 2 BGB analog.[10]

The requirements for a tort claim under Sec. 826 BGB are rather high. First, the opponent must inflict a damage, which is any adverse effect on the financial position of the other party or the impairment of a recognized interest.[11] Second, the act inflicting the damage must be immoral (i.e. offending common decency, (sittenwidrig)). According to the long‑standing definition established by the German Reichsgericht, a conduct is immoral when it goes against the of decency among all fair and just thinkers.[12] In addition, the 4th Senate of the German Federal Court of Justice requires a particular reprehensibility (Verwerflichkeit) of the conduct, which must be present in relation to the specific injured party. Reprehensibility may result from the objective pursued, the means used, the attitude revealed, or the consequences incurred.[13] Third, the party must act intentionally regarding the fact that the act causes harm to another person. It is required that intent refers to the facts giving rise to immorality, but not to immorality itself.[14]

What is crucial for the sanctions‑context is that Sec. 826 BGB also applies to damages inflicted based on procedural (immoral) conduct. In this regard, Sec. 826 BGB has played out already before the sanctions-context in different scenarios, for example in case of the immoral obtaining of a judgment (sittenwidrige Titelerschleichung). This is the case when a party has brought about either the decision itself or at least the entry into force of the decision in a manner offending common decency, for example by fraud or coercion.[15] In this case, the aggrieved party may apply to a state court to refrain from enforcing the decision under Sec. 826 BGB.[16] The same is true when a party tries to enforce a judgment that has not been obtained fraudulently but recognized as untenable and there are special circumstances making the exploitation of such a judgment appear immoral.[17] In all these cases, the legal validity of the judgment (Rechtskraft) may be exceptionally set aside. In this context, Sec. 826 BGB does not function as a damage claim but as a claim for injunctive relief.

Lastly, in case the initiating of a claim outside of Germany fulfills the requirements of Sec. 826 BGB, it has been recognized that a party may seek injunctive relief by way of an analogous application of Sec. 826, 1004(1) Sentence 2 BGB.[18] Thus, by way of invoking Sec. 826, 1004(1) Sentence 2 BGB, a party can defend itself against an unlawful act of a party who exploits a judicial measure in his favor, in an unlawful immoral manner of damage so that the party suffers damage by the other party obtaining an unlawful judgment or conducting an unlawful procedure.

Here, the damage inflicting conduct offending common decency would be applying for an anti‑arbitration injunction under Art. 248.2 Russian Arbitration Procedure Code before a Russian state court, knowing that the procedure before the state court will not be in accordance with the rule of law and will be detrimental for the opposing party (not the ignorance and violation of the arbitration agreement). Thus, the immoral conduct is using a supposed legal protection that has nothing to do with the rule of law.

It follows from the above analysis that what Anglo-American legal systems understand as anti-suit and anti-enforcement injunction is possible in German law by means of Sec. 826, 1004(1) Sentence 2 BGB on the substantive law level. The application to be submitted by a party in front of the German Court could be:

“To order the respondent to refrain from pursuing the state court proceedings in Russia and, in case there is already a rendered judgment, to refrain from enforcing this judgment against the claimant.”

Further, it is advisable to apply for a corresponding warning in accordance with Sec. 890(2) ZPO, namely that in case of a violation of the stipulated obligation, the court will impose on the defendant for each count of the violation, upon the creditor filing a corresponding petition, a coercive fine and, for the case that such payment cannot be obtained, to coercive detention or coercive detention of up to six (6) months, Sec. 890(1) ZPO.

c) Procedural Enforcement

In general, there are two ways to procedurally enforce the injunctive relief: by way of main proceedings (Hauptsacheverfahren) or via preliminary injunction under Sec. 935 ZPO.[19] With regards to the main proceedings, it would be an action for performance in the sense of a preliminary injunction (allgemeine Leistungsklage). However, these proceedings tend to be lengthy. A faster way would be applying for a preliminary injunction under Sec. 935 ZPO (injunction regarding the subject matter of the litigation). An advantage here is that the facts giving rise to a tort claim under Sec. 826 BGB only need to be demonstrated to the satisfaction of the court (Glaubhaftmachung), Sec 935, 936, 920(2), 294 ZPO, which is a lower burden compared to the general standard of proof during the main proceedings. In particular, for the sake of introducing evidence, it is also permitted to make a statutory declaration in lieu of an oath (eidestattliche Versicherung). Additionally, the court may grant an injunction on an ex parte basis.

d) Analysis

In sum, the German legal system does not need anti-suit injunctions as it already provides a useful toolkit in this context, injunctive relief by way of Sec. 826, 1004(1) Sentence 2 BGB analog. An important difference to anti-suit injunctions would be that a tort claim under Sec. 826 BGB is initiated to bind another party, whereas injunctions are intended to bind other courts or tribunals.

All in all, the BGB provides a practical and well-defined framework, outlining a clear path for navigating such legal matters in Germany: The authors believe that, despite the high legal threshold, there is a credible argument that a Russian party initiating proceedings under Article 248.1 of the Russian Arbitration Procedure Code – and thereby seeking legal protection through biased means that do not adhere to the rule of law, constitutes an intentional immoral conduct. This especially applies to abusive practices where a Russian party not designated on any EU sanctions list initiates proceedings under Article 248.1 of the Russian Arbitration Procedure Code under the pretext of being subject to restrictions of Article 5n of EU-Sanctions Regulation on the provision of legal advisory services allegedly restricting its access to legal remedies within the EU, which is clearly not the case. As such, it is not unlikely that German courts will find that such behavior fulfills the requirements of Sec. 826 BGB and issue injunctive relief on that basis.

2. Declaratory Relief under Sec. 1032(2) ZPO

a) Background

Another tool provided for in the German Civil Procedural Code is the declaratory relief under Sec. 1032(2) ZPO.[20] This provision is an addition to the UNCITRAL Model Law and serves as a unique mechanism within the German legal system, setting it apart from other jurisdictions.[21] According to the intent of the German legislator, the declaratory relief should precede the arbitration proceedings, safeguarding a due clarification of the question whether arbitration is admissible between the parties at an early stage of the dispute.[22] Under the provision, parties may apply for the determination of the (in‑)admissibility of arbitral proceedings until the arbitral tribunal is constituted. Upon application, the court will examine two questions: whether the arbitration agreement is valid and whether the dispute at hand is subject to it.[23]

b) Requirements

Relief under Sec. 1032(2) ZPO is extraterritorial, meaning that declaratory relief can be sought even if the arbitral seat is outside of Germany. This can be derived from Sec. 1025(2) ZPO.[24] From its mere wording, it may seem that Sec. 1025(2) in conjunction with Sec. 1032(2) ZPO stipulates a “worldwide and universal jurisdiction”. However, most scholars and courts agree that the international jurisdiction must be limited, requiring at least some nexus of the applying party to Germany to establish jurisdiction.[25] In that sense, it can be sufficient that the party is domiciled in Germany and that its financial situation and assets in its registered seat in Germany are affected by the Russian state court proceedings.[26] On the contrary, an application will be denied when the applicant has no assets in Germany and there is no indication that this circumstance will change in the future.[27] In that regard, future cases will show which circumstances are sufficient to establish international jurisdiction over an applicant.

Application for declaratory relief must be directly filed with a German higher regional court (Oberlandesgericht). In case the arbitral seat is in Germany, the court in the district of the seat of the arbitration will be competent, Sec. 1025(1), 1026, 1062(1) No. 2 ZPO. In case the arbitration is seated outside of Germany, it will be the Higher Regional Court in the district of which the party opposing the application has their seat or place of abode, or in which assets of the party opposing the application are located or in which the object being laid claim to by the request for arbitral proceedings or affected by the measure is located; or, by way of alternative jurisdiction (hilfsweise Zuständigkeit), the Higher Regional Court of Berlin (Kammergericht), Sec. 1025(2), 1026, 1062(2) ZPO.

In general, all parties who may be affected by the arbitration proceedings have the right to file an application.[28] A special interest in a declaratory judgment is not required (Feststellungsinteresse). The applicant only needs a general legal interest worthy of protection in determining the admissibility of arbitral proceedings (allgemeines Rechtsschutzinteresse). In particular, the application is already admissible prior to the formal initiation of the arbitral proceedings.[29]

Yet, the timeframe in which application can be filed is limited. Relief under Sec. 1032(2) ZPO can be sought only until the constitution of the arbitral tribunal. A later challenge or change of arbitrators is irrelevant.[30] The deciding point in time is the day the application of the party seeking relief arrives at the court. Until this day, the arbitral tribunal must not have been constituted.[31]

In sum, due to its extraterritoriality, Sec. 1032(2) ZPO is particularly relevant for parties lacking sufficient nexus to seek a common law anti-suit injunction, offering them an alternative route through the German legal system. Additionally, it complements the tools available for the cases at hand.

c) Recent Decisions of the Higher Regional Court Berlin (Kammergericht)

In fact, the Higher Regional Court Berlin (Kammergericht) granted declaratory relief in accordance with Sec. 1032(2) ZPO to EU entities facing anti-arbitration injunctions issued by Russian state courts on the basis of Art. 248.1, 248.2 Russian Arbitration Procedure Code in two recent cases.[32] In the 2023 decision, the court clarified that arbitration may be initiated even though the defendant is sanctioned under EU law, stating that Russian entities cannot unilaterally withdraw from arbitration agreements by referring to Russian national law. Instead, even despite sanctions, it must be ensured that a party which concluded an arbitration agreement with a Russian entity retains access to arbitral proceedings. During the proceedings, the Higher Regional Court had faced difficulties to serve the Russian party with process in accordance with Hague Convention. Several attempts to serve process were denied both by the Russian court as well as by the Russian Ministry of Justice. The Higher Regional Court Berlin finally conducted service of process via public service under Sec. 185 No. 3, 188 ZPO (öffentliche Zustellung). The public service was effected by posting a notice on the court’s notice board for one month, Sec. 186(2), 188 Sentence 1 ZPO.

The decisions show the current trend that EU member states increasingly defend themselves against unlawful behavior of other states.

d) Analysis: Determination of Admissibility of Arbitral Proceedings (and then what?)

These cases and the current situation raise one fundamental question: What practical effect does a declaratory judgment under Sec. 1032(2) ZPO have? Does it have a purely factual effect or does it have any more far-reaching legal effects? Can it affect the enforcement of a judgment obtained in Russia under unlawful conditions within the EU?

One can easily conclude that the original purpose of Sec. 1032(2) ZPO is not actually tailored to these cases. What is certain, however, is that the declaratory relief is binding for other German courts. As an example, it has prejudicial effect for annulment proceedings before German courts. Further, it facilitates the arbitration defense under Sec. 1032(1) ZPO when case a party initiates litigation before another German court.[33]

In view of the authors, a declaratory judgment under Sec. 1032(2) ZPO could serve as a sword against the enforcement of the Russian state court judgment in another state. The court at the place of enforcement might deny enforcement due to the opposing judgment of the German court determining that arbitral proceedings are admissible. At a minimum, the German court’s decision, particularly as issued by a higher regional court, could have a factual impact. Since decisions under Sec. 1032(2) ZPO are a fairly new phenomenon, in this regard, it remains to be seen how courts outside Germany respond to those declaratory judgments by German courts.

In light of its limited legal effect and the fact that it can only be invoked until the arbitral tribunal has been constituted, declaratory relief is a less useful tool compared to injunctive relief under Sec. 826, 1004(1) Sentence 2 BGB analog.

3. Damage Claims

Lastly, an EU-party may seek damages before a German court, either under Art. 11a EU‑Sanctions Regulation or, provided that the arbitration agreement is subject to German law, under Sec. 280(1) BGB.

Article 11a EU‑Sanctions Regulation refers to the fact that a sanctioned party initiates proceedings before a Russian national court knowing that the court proceeding does not adhere to the rule of law and does not provide effective access to justice to the EU party. In accordance with Article 11a of the Regulation, a party may recover any damages, including legal costs, incurred by the court proceedings outside the EU. This might well include inappropriately high fines issued in conjunction with anti-arbitration injunctions by a Russian court.

A damage claim under Sec. 280(1) BGB, on the other hand, can be based on the fact that the Russian party violates the arbitration agreement.[34] An action brought before a state court in disregard of a valid arbitration agreement covering the dispute arbitration agreement will be generally considered unlawful.[35] In this regard, a declaratory judgment under Sec. 1032(2) ZPO could also have prejudicial effects with regards to the question of whether there is a valid arbitration agreement between the parties. Damages may, in accordance with Sec. 249 et seq. BGB, include all costs incurred by the unlawful foreign proceeding, including the imposed fines. Continuing this thought, it might even be possible under German law that when the state court litigation is still pending, the party seeking to initiate arbitration might force the other party to withdraw its claim under Sec. 280(1), 249(1) BGB, which constitutes the principle of restoration of the status quo ante (Naturalrestitution), which, with regards to its effect, would come close to an anti‑suit injunction.

IV. Conclusion

The foregoing analysis shows that the German legal system as such, with its comprehensive array of procedural and substantive legal tools, does not require anti-(anti)-suit or anti-enforcement injunctions to effectively protect entities’ rights in sanctions-related disputes. Instead, it offers robust mechanisms that German courts can utilize to uphold these rights without resorting to such injunctions. Instead, the German legal system provides sufficient instruments courts may resort to in order to safeguard entities’ rights in sanction related disputes.

While declaratory relief under Sec. 1032(2) ZPO might be a unique tool to determine admissibility of arbitral proceedings, it is limited by its applicability only up until the constitution of the arbitral tribunal. Moreover, it remains less effective than injunctive relief due to its restricted flexibility and limited legal reach. In contrast, injunctive relief grounded in tort claims under Sec. 826 and Sec. 1004(1) Sentence 2 BGB provides a more powerful and adaptable tool for countering avoidance tactics by Russian parties, offering German courts a stronger and more comprehensive means of addressing such challenges.

[1] Similar considerations apply for non-EU entities where jurisdiction can be established in Germany.

[2] See Federal Law of 08.06.2020 No. 171-ФЗ “On Introducing Changes to the Arbitration Procedure Code of the Russian Federation (Protected) for the Protection of Rights of Individual and Legal Personalities State (Interstate) Institution of Foreign State or State Association and (or) Union”, See https://www.acerislaw.com/wp-content/uploads/2020/07/Anti-Russian-Sanctions-Law-English.pdf.

[3] See UniCredit Bank GmbH v RusChemAlliance LLC (RCA), judgment of 5 August 2023; Siemens Mobility v JSC Russian Railways, judgment of 18 October 2023 (Case No. 305-ES23-19401); Gazprom v JSC Naftogaz, judgment of 22 January 2024 (Case No. A56-124094/2023); Gazprom v Net4Gas, judgment of 6 March 2024 (Case No. A56-9516/2024); Deutsche Bank AG v. RusChemAlliance (RCA), judgment of 16 October 2024 (Case No. A56-90971/2024).

[4] General Court of the European Union Case Nos. T-797/22; T-798/22; T-828/22, Press Release of the General Court of 2 October 2024.

[5] Council Regulation (EU) 2024/1745 of 24 June 2024 amending Regulation (EU) No 833/2014 concerning restrictive measures in view of Russia’s actions destabilizing the situation in Ukraine, See https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202401745.

[6] Higher Regional Court München (Oberlandesgericht), Judgment of 12 December 2019 – 6 U 5042/19, GRUR 2020, 379 para. 54; Ehlgen in GRUR 2022, 537.

[7] M. Stürner in RabelsZ Bd. 71(2007), p. 601.

[8] R. Geminer in NJW 1991, 3072, 3074; Higher Regional Court Düsseldorf (Oberlandesgericht), Judgment of 17 June 2024 – 26 W 7/24 –, juris para. 34.

[9] Section 826 BGB reads: „A person who, in a manner offending common decency, intentionally inflicts damage on another person is liable to the other person to provide compensation for the damage. “

[10] Higher Regional Court of Saarbrücken (Saarländisches Oberlandesgericht), Judgment of 7 January 1987 – 1 U 165/84 –, juris. Section 1004(1) BGB reads: „If the ownership is interfered with by means other than removal or retention of possession, the owner may demand that the disturber remove the interference. If there is the concern that further interferences will ensue, the owner may seek a prohibitory injunction.”

[11] German Federal Court of Justice (Bundesgerichtshof), Judgment of 19 July 2004 – II ZR 402/02 –, juris.

[12] „Anstandsgefühl aller billig und gerecht Denkenden”, Reichsgericht, Judgment of 11 April 1901, RGZ 48, 114 (124).

[13] German Federal Court of Justice (Bundesgerichtshof), Judgment of 28 June 2016 – VI ZR 536/15 –, juris.

[14] German Federal Court of Justice (Bundesgerichtshof), Judgment of 21 April 2009 – VI ZR 304/07 –, juris.

[15] Braun/Heiß in Münchener Kommentar zur ZPO, 6th edition 2020, preliminary remarks on Sec. 578 ZPO, para. 12.

[16] German Federal Court of Justice (Bundesgerichtshof), Judgment of 25 May 1959 – II ZR 231/58 –, juris.

[17] German Federal Court of Justice (Bundesgerichtshof), Judgment of 21 June 1951 – III ZR 210/50 –, juris.

[18] Reichsgericht, Judgment of 3 March 1938, RGZ 157, 136, 140. M. Stürner in RabelsZ Bd. 71(2007), p. 602; Schack in: Internationales Zivilverfahrensrecht, 7th edition 2019, p. 323, Higher Regional Court Düsseldorf (Oberlandesgericht), Judgment of 17 June 2024 – 26 W 7/24 –, juris; Higher Regional Court Düsseldorf (Oberlandesgericht), Judgment of 18 Juli 1997 – 22 U 271/96, NJW-RR 1998, 283, 284.

[19] Section 935 ZPO reads: „Injunctions regarding the subject matter of the litigation are an available remedy given the concern that a change of the status quo might frustrate the realisation of the right enjoyed by a party, or might make its realisation significantly more difficult.”

[20] Sec. 1032(2) ZPO reads: „Until the arbitral tribunal has been formed, a request may be filed with the court to have it determine the admissibility or inadmissibility of arbitral proceedings.”

[21] See BT Drs 13/5274, p. 38.

[22] German Federal Court of Justice (Bundesgerichtshof), Decision of 27 July 2023 – I ZB 43/22 –, juris para. 77; Münch in: Münchener Kommentar zur ZPO, 6th edition 2022, Sec. 1032 para. 1.

[23] German Federal Court of Justice (Bundesgerichtshof), Decision of 19 July 2012 – III ZB 66/11, SchiedsVZ 2012, 281.

[24] Sec 1025(2) ZPO reads: „The provisions of sections 1032, 1033 and 1050 are to be applied also in those cases in which the place of arbitration is located abroad or has not yet been determined.”

[25] Münch in: Münchener Kommentar zur ZPO, 6th edition 2022, Sec. 1025 para. 21; Gerl in: SchiedsVZ 2024, 218, 222; Berlin (Kammergericht), Decision of 10 August 2006, 20 Sch 7/04 –, juris para. 97.

[26] Berlin (Kammergericht), Decision of 1 June 2023, 12 SchH 5/22 –, juris para. 22.

[27] Berlin (Kammergericht), Decision of 10 August 2006, 20 Sch 7/04 –, juris para. 96.

[28] Higher Regional Court Saarbrücken (Oberlandesgericht), Decision of 29 May 2008, Sch 2/08, SchiedsVZ 2008, 313, 315.

[29] Higher Regional Court Frankfurt am Main (Oberlandesgericht), Decision of 10 June 2014, SchiedsVZ 2015, 47.

[30] Voit in: Musielak/Voit ZPO, 21st ed. 2024, Sec. 1032 para. 10; Münch in: Münchener Kommentar zur ZPO, 6th edition 2022, Sec. 1032 para. 30.

[31] Voit in: Musielak/Voit ZPO, 21st ed. 2024, Sec. 1032 para. 10.

[32] Higher Regional Court Berlin (Kammergericht), Decision of 1 June 2023, 12 SchH 5/22 –, juris. The second decision dated 3 September 2024 decision is still unpublished.

[33] Voit in: Musielak/Voit ZPO, 21st ed. 2024, Sec. 1032 para. 13.

[34] That the violation of an arbitration agreement may lead to a claim under Sec. 280(1) BGB is recognized by most scholars, although the German Federal Court of Justice has not yet ruled on the issue. See however German Federal Court of Justice (Bundesgerichtshof), Judgment of 17 October 2019 – III ZR 42/19 – juris granting damages under Sec. 280(1) BGB regarding agreements as to the choice of venue (Sec. 38 ZPO), which, in the view of most scholars, can be applied to arbitration agreements. See for example: E. Peiffer and M. Weiler in: RIW 2020, 641, 648 et seq; J. Antomo in: EuZW 2020, 143, 150; M. Oehm and C. Jung-Arras in: BakerMcKenzie Kompass, Blogpost dated 11 November 2019, available at: https://www.bakermckenzie-kompass.de/2019/11/11/gerichtsstandsvereinbarung-schadensersatz-verlangen-wenn-am-falschen-gerichtsstand-geklagt-wird/.

[35] E. Peiffer and M. Weiler in: RIW 2020, 641, 648 et seq.

The following Gibson Dunn lawyers prepared this update: Dr. Finn Zeidler, Dr. Annekathrin Schmoll, Dr. Nikita Malevanny, and Charlotte Popp*.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. For additional information about how we may assist you, please contact the Gibson Dunn lawyer with whom you usually work, the leaders or members of the firm’s Judgment and Arbitral Award Enforcement, International Arbitration, or International Trade practice groups, or the authors in Germany:

Frankfurt:
Dr. Finn Zeidler (+49 69 247 411 530, fzeidler@gibsondunn.com)
Dr. Annekathrin Schmoll (+49 69 247 411 533, aschmoll@gibsondunn.com)

Munich:
Dr. Nikita Malevanny (+49 89 189 33 224, nmalevanny@gibsondunn.com)

*Charlotte Popp, a law clerk in the Frankfurt office, is not yet admitted to practice law.

Gibson, Dunn & Crutcher LLP is pleased to announce with Global Legal Group the release of the International Comparative Legal Guide to Sanctions 2025 – Germany Chapter. Gibson Dunn partner Benno Schwarz and associate Nikita Malevanny are co-authors of the publication which provides an overview of the EU sanctions regime as applied by Germany and covers relevant government agencies, applicable guidance, sanctions jurisdiction, export controls, criminal and civil enforcement, recent developments, and other topics. The chapter was co-authored with Veit Bütterlin-Goldberg and Svea Ottenstein from AlixPartners.

You can view this informative and comprehensive chapter via the link below:

CLICK HERE to view Sanctions 2025 – Germany Chapter.

For further information, please feel free to contact the authors, the Gibson Dunn lawyer with whom you usually work, or any leader or member of the firm’s International Trade practice group.

About Gibson Dunn’s International Trade Practice Group:

Gibson Dunn’s International Trade practice includes some of the most experienced practitioners in the field. Our global experience is unparalleled – the practice’s lawyers have worked extensively across Asia, Europe, the Gulf, and the Americas and many have served in senior government and enforcement roles as principal architects of key sanctions and export controls regimes and relief, including with respect to U.N. sanctions, and U.S. measures against Iran, Russia, Cuba, and Myanmar.

Please visit our International Trade practice page or contact Benno Schwarz (+49 89 189 33-210, bschwarz@gibsondunn.com) or Nikita Malevanny (+49 89 189 33-224, nmalevanny@gibsondunn.com) in Munich.

About the Authors:

Benno Schwarz is a partner in the Munich office of Gibson, Dunn & Crutcher and co-chair of the firm’s Anti-Corruption & FCPA Practice Group. He focuses on white collar defense and compliance investigations in a wide array of criminal regulatory matters. For more than 30 years, he has handled sensitive cases and investigations concerning all kinds of compliance issues, especially in an international context, advising and representing companies and their executive bodies. He coordinates the German International Trade Practice Group of Gibson Dunn and assists clients in navigating the complexities of sanctions and counter-sanctions compliance. He is regularly recognized as a leading lawyer in Germany in the areas of white-collar crime, corporate advice, compliance and investigations.

Nikita Malevanny is an associate in the Munich office of Gibson, Dunn & Crutcher, and a member of the firm’s International Trade, White Collar Defense and Investigations, and Litigation Practice Groups. He focuses on international trade compliance, including EU sanctions, embargoes and export controls. He also carries out internal and regulatory investigations in the areas of corporate anti-corruption, anti-money laundering and technical compliance. Handelsblatt / The Best LawyersTM in Germany 2024/2025 have recognized him in their list “Ones to Watch” for litigation and intellectual property law. The Legal 500 Deutschland 2024 and The Legal 500 EMEA 2024 have recommended him for Foreign Trade Law. He holds both German and Russian law degrees and speaks German, English, Russian and Ukrainian. He is a regular member of Gibson Dunn’s cross-border teams supporting and advising clients on global sanctions and export control aspects.

Personal Data | Cybersecurity | Data Innovation

Europe

03/14/2023 – European Union Agency for Cybersecurity | Report | Cybersecurity of AI and Standardisation

On 14 March 2023, the European Union Agency for Cybersecurity published a report on Cybersecurity of AI and Standardisation.

The objective of the report is to provide an overview of standards (existing, being drafted, under consideration and planned) related to cybersecurity of artificial intelligence, assess their scope and identify gaps in standardisation.

For further information: ENISA Website

03/14/2023 – European Parliament | Regulation | Data Act

On 14 March 2023, the European Parliament adopted the draft Data Act.

The Data Act aims to boost innovation by removing barriers obstructing access by consumers and businesses to data.

For further information: European Parliament Website

02/28/2023 – European Data Protection Board | Opinion | EU-US Data Privacy Framework

On 28 February 2023, the European Data Protection Board adopted its opinion on the draft adequacy decision regarding the EU-US Data Privacy Framework.

The European Data Protection Board welcomes substantial improvements such as the introduction of requirements embodying the principles of necessity and proportionality for US intelligence gathering of data and the new redress mechanism for EU data subjects. At the same time, it expresses concerns and requests clarifications on several points.

For further information: EDPB Website

02/24/2023 – European Data Protection Board | Guidelines | Transfers, Certification and Dark Patterns

On 24 February 2023, the European Data Protection Board published final version of three guidelines.

Following public consultation, the European Data Protection Board has adopted three sets of guidelines in their final version: the Guidelines on the interplay between the application of Article 3 and the provisions on international transfers as per Chapter V GDPR; the Guidelines on certification as a tool for transfers; and the Guidelines on deceptive design patterns in social media platform interfaces.

For further information: EDPB Website

02/15/2023 – European Commission | Decision | Whistleblowing

On 15 February 2023, the European Commission announced its decision to refer eight Member States to the Court of Justice of the European Union for failing to transpose the Directive (EU) 2019/1937 on the Protection of Persons who Report Breaches of Union Law before 17 December 2021.

The relevant Members States include the Czech Republic, Germany, Estonia, Spain, Italy, Luxembourg, Hungary, and Poland.

For further information: European Commission Website

01/18/2023 – European Data Protection Board | Report | Cookie Banner Taskforce

On 18 January 2023, the European Data Protection Board adopted its final report of the cookie banner task force.

The French Supervisory Authority and its European counterparts adopted the report summarizing the conclusions of the task force in charge of coordinating the answers to the questions on cookie banners raised by the complaints of the None Of Your Business Association. The main points of attention that were discussed concern the modalities of acceptance and refusal to the storage of cookies and the design of banners.

For further information: EDPB Website

01/16/2023 – European Union | Regulation | Digital Operational Resilience Act

The Digital Operational Resilience Act (“DORA”) entered into force on 16 January 2023.

The DORA aims to ensure that financial-sector information and communication technology (“ICT”) systems can withstand security threats and that third-party ICT providers are monitored.

For further information: Official Journal Website

01/12/2023 – Court of Justice of the European Union | Decision | Right of access

On 12 January 2023, the Court of Justice of the European Union ruled that everyone has the right to know to whom their personal data has been disclosed.

The data subject’s right of access to personal data under the GDPR entails, where those data have been or will be disclosed to recipients, an obligation on the part of the controller to provide the data subject with the actual identity of those recipients, unless it is impossible to identify those recipients or the controller demonstrates that the data subject’s requests for access are manifestly unfounded or excessive within the meaning of the GDPR, in which cases the controller may indicate to the data subject only the categories of recipient in question.

For further information: Press Release

Austria

02/01/2023 – Austrian Parliament | National Council | Whistleblowing

On February 1st 2023, the Directive (EU) 2019/1937 on the protection of persons who report breaches of union law (“the Whistleblowing Directive”) was implemented by the Austrian National Council.

For further information: Austrian Parliament Website

Belgium

02/15/2023 – House of Representatives | Legislation | Whistleblowing

On 15 February 2023, the Whistleblowing law for the private sector which partially transposes the Whistleblowing Directive entered into force.

For further information: Whistleblowing Law

Bulgaria

01/27/2023 – Bulgarian National Assembly | Legislation | Whistleblowing

On 27 January 2023, the Bulgarian National Assembly (“CPDP”) adopted the Whistleblower Protection and Public Disclosure Act (“PWIPDA”) transposing the Whistleblowing Directive.

For further information: CPDP Website [BG]

Czech Republic

03/07/2023 – Czech Supervisory Authority | FAQ | Cookies

On 7 March 2023, the Czech Supervisory Authority (“UOOU”) published a FAQ on cookie banners and consent.

For further information: UOOU Website [CZ]

Denmark

02/20/2023 – Danish Supervisory Authority | Decision | Cookie Walls

The Danish Supervisory Authority issued two decisions regarding the use of cookie walls on websites and published general guidelines for the use of such consent solutions.

The Danish Supervisory Authority generally found that a method whereby the website visitor can access the content of a website in exchange for either giving consent to the processing of his personal data or paying an access fee, meets the requirements of the data protection rules for a valid consent.

For further information: Danish DPA Website [DK]

01/20/2023 – Danish Supervisory Authority | Guidelines | Storage and Consent

On 20 January 2023, the Danish Supervisory Authority has prepared guidance dealing with the storage of personal data with the aim of being able to demonstrate compliance with data protection rules on consent.

For further information: Danish DPA Website [DK]

Finland

02/17/2023 – Finnish Supervisory Authority | Sanction | GDPR Violation

On 17 February 2023, the Finnish Supervisory Authority issued an administrative fine of €440,000 against a company for failing to comply with the authority’s order to rectify its practices.

In particular, the authority stated that the company failed to erase inaccurate payment default entries saved into the credit information register due to inadequate practices. The authority stresses that the processing of payment default information has a significant impact on the rights and freedoms of individuals.

For further information: Finnish DPA Website

France

03/28/2023 – French Supervisory Authority | Sanction | Geolocation Data

On 28 March 2023, the French Supervisory Authority (“CNIL”) announced that it imposed a fine of €125,000 on a company of rental scooters because it geolocated its customers almost permanently.

The CNIL noted a failure to comply with several obligations, namely to ensure data minimization, to comply with the obligation to provide a contractual framework for the processing operations carried out by a processor, to inform the user and obtain his or her consent before writing and reading information on his or her personal device.

For further information: CNIL Website

03/15/2023 – French Supervisory Authority | Investigation | Smart Cameras

On 15 March 2023, the French Supervisory Authority (“CNIL”) announced setting “smart” cameras, mobile apps, bank and medical records as priority topics for investigations in 2023.

The CNIL carries out investigations on the basis of complaints received, current events, but also annual priority topics. In 2023, it will focus on the use of “smart” cameras by public actors, the use of the file on personal credit repayment incident, the management of health files and mobile apps.

For further information: CNIL Website

02/09/2023 – French Supervisory Authority | Guidance | Data Governance Act

On 9 February 2023, the French Supervisory Authority (“CNIL”) published a guidance on the economic challenges of implementing the Data Governance Act.

For further information: CNIL Website

01/26/2023 – French Supervisory Authority | Statement | Artificial Intelligence

On 26 January 2023, the French Supervisory Authority (“CNIL”) announced creating an Artificial Intelligence (“AI”) Department and starting to work on learning databases.

The CNIL is creating an AI Department to strengthen its expertise on these systems and its understanding of the risks to privacy while preparing for the implementation of the European regulation on AI. In addition, the CNIL has announced that it will propose initial recommendations on machine learning databases.

For further information: CNIL Website

01/24/2023 – Ministry of Home Affairs | Legislation | Cyberattack Risk Insurance

On 24 January 2023, the French Parliament adopted the LOPMI Act that authorizes the insurability of “cyber-ransoms” paid by victims, subject to the prompt filing of a complaint.

For further information: LOPMI

01/04/2023 – French Supervisory Authority | Sanction | Consent

On 4 January 2023, the French Supervisory Authority (“CNIL”) imposed an administrative €8 million fine on a technology company because it did not collect the consent of French users before depositing and/or writing identifiers used for advertising purposes on their terminals.

The CNIL found that the advertising targeting settings were pre-checked by default. Moreover, the user had to perform a large number of actions in order to deactivate this setting.

The CNIL explained the amount of the fine by the scope of the processing, the number of people concerned in France, the profits the company made from advertising revenues indirectly generated from data collected by these identifiers and the fact that since then, the company has reached compliance.

For further information: CNIL Website

01/17/2023 – French Supervisory Authority | Sanction | Consent

On 17 January 2023, the French Supervisory Authority (“CNIL”) imposed a €3 million fine on a company which publishes video games for smartphones.

The company was using an essentially technical identifier for advertising purposes without the user’s consent.

For further information: CNIL Website

Germany

03/22/2023 – Supervisory Authorities| Opinion | “Pure Subscription Models”

The Conference of the Independent Data Protection Authorities of Germany (DSK) adopted an opinion on so-called “pure subscription models” on websites.

The opinion assesses pure (no-tracking) subscription models and alternative free consent-based tracking models and provides criteria to assess these alternative access instruments on websites.

For further information: DSK Website [DE]

03/15/2023 – Supervisory Authorities| BfDI | Activity Report

The Federal Commissioner for Data Protection and Freedom of Information (BfDI), Ulrich Kelber, has presented the BfDI’s Activity Report for 2022.

For further information: BfDI [DE]

03/15/2023 – Supervisory Authorities| Activity Reports

The Commissioners for Data Protection and Freedom of Information of Baden-Württemberg, Hamburg and Schleswig Holstein have presented their activity reports on the year 2022.

The activity reports cover various data protection and information freedom topics. For example in Schleswig-Holstein data breaches remained frequent while the number of complaints dropped, with video surveillance being the main cause of complaints. The reports emphasize the need to proactively address risks such as artificial intelligence and data sharing.

For further information: ULD Website [DE] and LfDI-BW Website [DE] and HmbBfDI Website [DE]

03/01/2023 – Supervisory Authorities| Opinion | EU-US Privacy Framework

The Hamburg Supervisory Authority (on 1 March 2023) and the German Supervisory Authority (on 28 February 2023) both issued an opinion on the draft adequacy decision on the EU-US Data Privacy.

For further information: Bundestag Website [DE] and BfDI [DE]

02/13/2023 – German Competition Authority | Decision | US Data Transfers

On 13 February 2023 the German Competition Authority (“BKartA”) issued a ruling on data transfers under the GDPR.

In particular, the authority ruled that a company relying on a German subsidiary of a US parent company as a data processor cannot be excluded from a contract bid due to possible violations of the GDPR.

For further information: BKartA Website [DE]

02/09/2023 – ArbG Oldenburg | Decision | Claim for Damages

On 9 February 2023, the Oldenburg Labor Court has ordered a company to pay a former employee damages in the amount of 10,000 euros under Article 82 of the GDPR for failing to comply with an information request under Article 15 (1) of the GDPR without establishing any additional (immaterial) harm.

In the opinion of the court the violation of the GDPR itself already resulted in immaterial harm to be compensated; according to the court, no additional proof of harm was required.

Italy

03/30/2023 – Italian Supervisory Authority | Temporary limitation | AI Chatbot

The Italian Supervisory Authority (“Garante”) imposed an immediate temporary limitation on the processing of Italian users’ data by an US-based company developing and managing an AI chatbot.

The Garante opened a probe over a suspected breach of GDPR. The authority alleged “the absence of any legal basis that justifies the massive collection and storage of personal data in order to ‘train’ the algorithms underlying the operation of the platform”. The authority also accused the company of failing to check the age of its users.

For further information: Garante Website [IT]

03/09/2023 – Council of Ministers | Legislation | Whistleblowing

On 9 March 2023, the Italian Council of Ministers approved the whistleblowing legislative decree.

The Council of Ministers announced, on 9 March 2023, the approval, after final review, of the legislative decree to transpose into Italian law the Whistleblowing Directive.

For further information: Governo Italiano Website [IT]

02/21/2023 – Italian Supervisory Authority | Sanction | Marketing Practices

The Italian Supervisory Authority (“Garante”) announced, on 21 February 2023, that it issued, on 15 December 2022, a €4.9 million fine against an energy company for various non-compliances with the GDPR, including unlawful marketing practices.

For further information: Garante Website [IT]

02/03/2023 – Italian Supervisory Authority | Temporary limitation | AI Chatbot

The Italian Supervisory Authority (“Garante”) issued an order on an AI chatbot noting that tests performed identified risks for minors and vulnerable individuals.

The US-based developer was ordered to terminate processing of data relating to Italian users and to inform the Garante within 20 days on any measures taken to implement its orders.

For further information: Garante Website

Ireland

02/27/2023 – Irish Supervisory Authority | Sanction | Security

On 27 February 2023, the Irish Supervisory Authority (“DPC”) imposed a fine of €750,000 on a banking company for inadequate data security measures.

The inquiry was initiated after the notification to the DPC of a series of 10 data breaches. In this context, the DPC found that the technical and organizational measures in place at the time were not sufficient to ensure the security of the personal data processed.

For further information: #DPC Website

02/23/2023 – Irish Supervisory Authority | Sanction | Security

On 23 February 2023, the Irish Supervisory Authority (“DPC”) imposed a €460,000 fine against a health care provider.

The DPC initiated an enquiry after receiving a personal data breach notification related to a ransomware attack affecting patient data (70,000 people). The DPC considered that the health care provider failed to ensure that the personal data were processed in a manner that ensured appropriate security.

For further information: DPC Website

01/16/2023 – Irish Supervisory Authority | Sanction | CCTV

On 16 January 2023, the Irish Supervisory Authority (“DPC”) imposed a €50,000 fine and a temporary ban on the processing of personal data with CCTV cameras on a company for violations of the GDPR.

For further information: DPC Website

Netherlands

02/22/2023 – Dutch Supervisory Authority | Statement | Camera Settings

The Dutch Supervisory Authority (“AP”) published a statement on changes made by a car manufacturer in the settings of the built-in security cameras of its cars, following an investigation of these cameras by the AP.

For instance, the car may still take camera images, but only when the user activates that function.

For further information: AP Website [NL]

02/18/2023 – House for Whistleblowers | Legislation | Whistleblowing

On 18 February 2023, the House for Whistleblowers announced the entry into force of the Whistleblower Protection Act.

For further information: AP Website [NL]

Norway

03/01/2023 – Norwegian Supervisory Authority | Preliminary conclusion | Analytics Tool

On 1st March 2023, the Norwegian Supervisory Authority (“Datatilsynet”) published its preliminary conclusion on a case related to the use of the analytics tool of a US-based company considering that the use of this tool is not in line with the GDPR.

For further information: Datatilsynet Website [NO]

02/06/2023 – Norwegian Supervisory Authority | Sanction | GDPR Violation

On 6 February 2023, the Norwegian Supervisory Authority (“Datatilsynet”) fined a company operating fitness centers NOK 10 million (approximately €912,940) for various GDPR violations (e.g., lawfulness of processing, transparency and data subjects rights).

For further information: Datatilsynet Website [NO]

Portugal

01/27/2023 – Portuguese Supervisory Authority | Guidelines | Security Measures

The Portuguese Supervisory Authority (“CNPD”) published guidelines on security measures in order to minimize consequences in case of attacks on information systems.

These guidelines aim to inform controllers and processors about their legal obligations, with the increase of cyberattacks on information systems, listing organizational and technical measures that must be considered by organizations.

For further information: Press release [PT]

Romania

03/28/2023 – President of Romania | Legislation | Whistleblowing

The Law No. 67/2023 which amends article 6 (2) of the Law no. 361/2022 on the protection of whistleblowers in the public interest, was published in the Official Gazette on 28 March 2023 and entered into force on 31 March 2023.

For further information: CDEP Website [RO]

Spain

03/16/2023 – Spanish Supervisory Authority | Sanction | Data Minimization

The Spanish Supervisory Authority (“AEPD”) published, on 16 March 2023, its decision in which it imposed a fine of €100,000 on a telecommunications company for violation of the data minimization principle.

For further information: AEPD Website [ES]

03/15/2023 – Spanish Supervisory Authority | Sanction | GDPR Violation

The Spanish Supervisory Authority (“AEPD”) fined a bank €100,000 for violation of the GDPR.

In particular, the bank used the information provided by the claimant and her child to open several accounts in the name of the child without consent and while it was not necessary for the services requested.

For further information: AEPD Website [ES]

03/15/2023 – Spanish Supervisory Authority | Sanction | Data Portability

The Spanish Supervisory Authority (“AEPD”) published, on 15 March 2023, a decision in which it imposed a fine of €136,000 on a telecommunications company for completing a data portability request without ensuring the security of the personal data of the client.

For further information: AEPD Website [ES]

03/13/2023 – Spanish Senate | Legislation | Whistleblowing

The Spanish Law 2/2023 implementing the EU Whistleblower Directive was published in the Official Gazette on 20 February 2023 and entered into force on 13 March 2023.

For further information: BOE Website [ES]

United Kingdom

03/28/2023 – UK Supervisory Authority | Guidance | Direct Marketing

On 28 March 2023, the UK Supervisory Authority (“ICO”) issued guidance to businesses operating in regulated private sectors (e.g., finance, communications or utilities) on direct marketing and regulatory communications.

The guidance aims to help businesses identify when a regulatory communication message might count as direct marketing. If the message is direct marketing, it also covers what businesses need to do to comply with data protection and ePrivacy law.

For further information: ICO Website

03/16/2023 – UK Supervisory Authority | Sanction | GDPR Violations

The UK Supervisory Authority (“ICO”) reached an agreement with a retailer to reduce the monetary penalty notice issued for breaching the GDPR from £1,350,000 to £250,000.

The ICO found that the company was making assumptions about customers’ medical conditions, based on their purchase history, to sell them further health related products. The processing involved special category data and the ICO concluded that the processing had been conducted without a lawful basis. The retailer appealed the decision which led to an agreement to reduce the monetary penalty notice, taking into account that the retailer has stopped the unlawful processing.

For further information: ICO Website

03/15/2023 – UK Supervisory Authority | Guidelines | AI and Data Protection

The UK Supervisory Authority (“ICO”) announced on 15 March 2023 that it had updated its guidance on artificial intelligence (“AI”) and data protection.

The ICO indicates that the changes respond to requests from UK industry to clarify requirements for fairness in AI.

For further information: ICO Website

03/13/2023 – UK Supervisory Authority | Guidance | Data Protection by Default

The UK Supervisory Authority (“ICO”) has produced new guidance to help user experience designers, product managers and software engineers embed data protection into their products and services by default.

The guidance looks at key privacy considerations for each stage of product design, from kick-off to post-launch. It includes both examples of good practice and practical steps that organisations can take to comply with data protection law when designing websites, apps or other technology products and services.

For further information: ICO Website

03/08/2023 – UK Government | Legislation | Cookies

The government re-introduced new laws on 8 March 2023 aiming to cut down paperwork for businesses and reduce unnecessary cookie pops-up.

The Data Protection and Digital Information Bill was first introduced last summer and paused in September 2022 so ministers could engage in a co-design process with business leaders and data experts. According to the government, this was to ensure that the new regime built on the UK’s high standards for data protection and privacy, and seeks to ensure data adequacy while moving away from the “one-size-fits-all” approach of the European Union’s GDPR.

For further information: UK Government Website

02/16/2023 – UK Supervisory Authority | Guidance | Protection of Children

The UK Supervisory Authority (“ICO”) issued a series of recommendations to game developers to ensure the protection of children and compliance with data protection laws.

For further information: ICO Website

This newsletter has been prepared by the EU Privacy team of Gibson Dunn. For further information, you may contact us by email:

Ahmed Baladi – Partner, Partner, Co-Chair, PCCP Practice, Paris (abaladi@gibsondunn.com)
Vera Lukic – Partner, Paris (vlukic@gibsondunn.com)
Kai Gesing – Partner, Munich (kgesing@gibsondunn.com)
Joel Harrison – Partner, London (jharrison@gibsondunn.com)
Alison Beal – Partner, London (abeal@gibsondunn.com)
Thomas Baculard – Associate, Paris (tbaculard@gibsondunn.com)
Roxane Chrétien – Associate, Paris (rchretie@gibsondunn.com)
Christoph Jacob – Associate, Munich (cjacob@gibsondunn.com)
Yannick Oberacker – Associate, Munich (yoberacker@gibsondunn.com)
Clémence Pugnet – Associate, Paris (cpugnet@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice. Please note, prior results do not guarantee a similar outcome.

The Council of Europe Has Adopted the First International Treaty on Artificial Intelligence.

Executive Summary

On May 17, 2024, the Council of Europe adopted the first ever international legally binding treaty on artificial intelligence, human rights, democracy, and the rule of law (Convention)[1]. In contrast to the forthcoming EU AI Act[2], which will apply only in EU member states, the Convention is an international, potentially global treaty with contributions from various stakeholders, including the US. The ultimate goal of the Convention is to establish a global minimum standard for protecting human rights from risks posed by artificial intelligence (AI). The underlying core principles and key obligations are very similar to the EU AI Act, including a risk-based approach and obligations considering the entire life cycle of an AI system. However, while the EU AI Act encompasses comprehensive regulations on the development, deployment, and use of AI systems within the EU internal market, the AI Convention primarily focuses on the protection of universal human rights of people affected by AI systems. It is important to note that the Convention, as an international treaty, does not impose immediate compliance requirements; instead, it serves as a policy framework that signals the direction of future regulations and aims to align procedures at an international level.

Background and Core Principles

The Convention was drawn up by the Committee on Artificial Intelligence (CAI), an intergovernmental body bringing together the 46 member states of the Council of Europe, the European Union, and 11 non-member states (namely Argentina, Australia, Canada, Costa Rica, the Holy See, Israel, Japan, Mexico, Peru, the United States of America, and Uruguay) as well as representatives of the private sector, civil society, and academia. Such multi-stakeholder participation has been shown to promote acceptance of similar regulatory efforts. The main focus lies on the protection of human rights, democracy, and the rule of law, the core guiding principles of the Council of Europe, by establishing common minimum standards for AI systems at the global level.

Scope of Application

The Convention is in line with the updated OECD definition of AI, which provides for a broad definition of an “artificial intelligence system” as “a machine-based system that for explicit or implicit objectives infers from the input it receives how to generate outputs such as predictions, content, recommendations, or decisions that may influence physical or virtual environments.” The EU AI Act, OECD updated definition, and US Executive Order (US EO) 14110 definitions of AI systems are generally aligned as they all emphasize machine-based systems capable of making predictions, recommendations, or decisions that impact physical or virtual environments, with varying levels of autonomy and adaptiveness. However, the EU and OECD definitions highlight post-deployment adaptiveness, while the US EO focuses more on the process of perceiving environments, abstracting perceptions into models, and using inference for decision-making.

Noteworthy is the emphasis on the entire life cycle of AI systems (similar to the EU AI Act). The Convention is primarily intended to regulate the activities of public authorities – including companies acting on their behalf. However, parties to the Convention must also address risks arising from the use of AI systems by private companies, either by applying the same principles or through “other appropriate measures,” which are not specified. The Convention also contains exceptions, similar to those laid down by the EU AI Act. Its scope excludes:

activities within the lifecycle of AI systems relating to the protection of national security interests, regardless of the type of entities carrying out the corresponding activities;
all research and development activities regarding AI systems not yet made available for use; and
matters relating to national defense.

Obligations and Principles

The Convention is principles-based and therefore by its nature formulated in high level commitments and open-ended terms. It contains several principles and obligations on the parties to take measures to ensure the protection of human rights, the integrity of democratic processes, and respect for the rule of law. These core obligations are familiar as they also form the basis of the EU AI Act. The core obligations include:

measures to protect the individual’s ability to freely form opinions;
measures ensuring adequate transparency and oversight requirements, in particular regarding the identification of content generated by AI systems;
measures ensuring accountability and responsibility for adverse impacts;
measures to foster equality and non-discrimination in the use of AI systems, including gender equality;
the protection of privacy rights of individuals and their personal data;
to foster innovation, the parties are also obliged to enable the establishment of controlled environments for the development and testing of AI systems.

Two other key elements of the Convention are that each party must have the ability to prohibit certain AI systems that are incompatible with the Convention’s core principles and to provide accessible and effective remedies for human rights violations. The examples given in the Convention underline that current issues have been included, e.g., election interference seems to be one of the risks discussed.

Criticism and Reactions

The Convention has been criticized by civil society organizations[3] and the European Data Protection Supervisor[4]. The main points of criticism include:

Broad Exceptions: The Convention includes exceptions for national security, research and development, and national defense. Critics argue that these loopholes could undermine essential safeguards and lead to unchecked AI experimentation and use in military applications without oversight. Similar criticism has been levelled at the EU AI Act.
Vague Provisions and Private Sector Regulation: The Convention’s principles and obligations are seen as too general, lacking specific criteria for enforcement. Critics highlight the absence of explicit bans on high-risk AI applications, such as autonomous weapons and mass surveillance. Additionally, the Convention requires addressing risks from private companies but does not specify the measures, leading to concerns about inconsistent regulation.
Enforcement and Accountability: The Convention mandates compliance reporting but lacks a robust enforcement mechanism. Critics argue that without stringent enforcement and accountability, the Convention’s impact will be limited. There are also concerns about the adequacy of remedies for human rights violations by AI systems, due to vague implementation guidelines.

Implementation and Entry into Force

The parties to the Convention need to take measures for sufficient implementation. In order to take account of different legal systems, each party may opt to be directly bound by the relevant Convention provision or take measures to comply with the Convention’s provisions. Overall, the Convention provides only for a common minimum standard of protection; parties are free to adopt more extensive regulations. To ensure compliance with the Convention, each party must report to the Conference of the Parties within two years of becoming a party and periodically thereafter on the activities it has undertaken.

Next Steps and Takeaways

The next step is for States to sign the declaration of accession. The Convention will be opened for signature on September 5, 2024. It is expected, although not certain, that the CoE Member States and the other 11 States (including the US) that contributed to the draft convention will become parties.

In the EU, the Convention will complement the EU AI Act sharing the risk based approach and similar core principles. Given the very general wording of the Convention’s provisions and the broad exceptions to its scope, it seems that the EU AI Act, adopted on May 21, remains the most comprehensive and prescriptive set of standards in the field of AI at least in the EU. However, as the Convention will form the bedrock of AI regulation in the Council of Europe, it is to be expected that the European Court of Human Rights (ECtHR) will in the future draw inspiration from the Convention when interpreting the European Convention on Human Rights (ECHR).This may have significant cross-fertilisation effects for EU fundamental rights law, including in the implementation of the EU AI Act, as the ECHR forms the minimum standard of protection under Article 52(3) of the Charter of Fundamental Rights of the European Union (Charter). Both States and private companies will therefore have to be cognisant of the potential overlapping effects of the Convention and the EU AI Act.

__________

[1] See Press release here. See the full text of the Convention here.

[2] On May 21, 2024, the Council of the European Union finally adopted the AI Regulation (AI Act). For details on the EU AI Act, please also see: https://www.gibsondunn.com/artificial-intelligence-review-and-outlook-2024/.

[3] See https://ecnl.org/sites/default/files/2024-03/CSOs_CoE_Calls_2501.docx.pdf.

[4] See https://www.edps.europa.eu/press-publications/press-news/press-releases/2024/edps-statement-view-10th-and-last-plenary-meeting-committee-artificial-intelligence-cai-council-europe-drafting-framework-convention-artificial_en#_ftnref2.

The following Gibson Dunn lawyers assisted in preparing this update: Robert Spano, Joel Harrison, Christoph Jacob, and Yannick Oberacker.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any leader or member of the firm’s Artificial Intelligence, Privacy, Cybersecurity & Data Innovation or Environmental, Social and Governance (ESG) practice groups:

Artificial Intelligence:
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650.849.5203, cgaedt-sheckter@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650.849.5345, vmohan@gibsondunn.com)
Robert Spano – London/Paris (+44 20 7071 4902, rspano@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213.229.7186, evandevelde@gibsondunn.com)

Privacy, Cybersecurity and Data Innovation:
Ahmed Baladi – Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
S. Ashlie Beringer – Palo Alto (+1 650.849.5327, aberinger@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33 180, kgesing@gibsondunn.com)
Joel Harrison – London (+44 20 7071 4289, jharrison@gibsondunn.com)
Jane C. Horvath – Washington, D.C. (+1 202.955.8505, jhorvath@gibsondunn.com)
Rosemarie T. Ring – San Francisco (+1 415.393.8247, rring@gibsondunn.com)

Environmental, Social and Governance (ESG):
Susy Bullock – London (+44 20 7071 4283, sbullock@gibsondunn.com)
Elizabeth Ising – Washington, D.C. (+1 202.955.8287, eising@gibsondunn.com)
Perlette M. Jura – Los Angeles (+1 213.229.7121, pjura@gibsondunn.com)
Ronald Kirk – Dallas (+1 214.698.3295, rkirk@gibsondunn.com)
Michael K. Murphy – Washington, D.C. (+1 202.955.8238, mmurphy@gibsondunn.com)
Selina S. Sagayam – London (+44 20 7071 4263, ssagayam@gibsondunn.com)

The Directive extends the list of criminal offenses to the environment on EU level. EU Member States have two years to transpose the directive into national law after the its entry into force on May 20, 2024.

On April 30, 2024, the European Union (the “EU”) published directive 2024/1203 on the protection of the environment through criminal law (the “Directive”) in its official journal.[1] The Directive was adopted by the European Parliament (the “Parliament”) on February 27, 2024[2] and by the European Council (the “Council”) on March 26, 2024[3].

The goal of the Directive is to combat environmental offenses more effectively. To this end, it introduces (i) new environment-related criminal offenses, (ii) detailed requirements regarding sanctioning levels for both natural and legal persons and (iii) a variety of measures that Member States must take in order to either prevent or effectively prosecute offenses.

The Directive will come into force on May 20, 2024[4], after which the Member States (with the exception of Ireland and Denmark[5]) will have 24 months to transpose it into national law.[6] Importantly, the Directive by its nature only establishes minimum requirements. Member States may choose to go beyond those minimum requirements and adopt stricter criminal laws when implementing the Directive.

Key Takeaways

The Directive provides for 20 environment-related criminal offenses.
The Directive introduces “qualified offenses” with more severe punishment in cases of “ecocide” consisting of “(a) the destruction of, or widespread and systematic damage, which is either irreversible or long-lasting to, an ecosystem of considerable size or environmental value or a habitat within a protected site, or (b) widespread and substantial damage which is either irreversible or long lasting to the quality of air, soil, or water”.
Conduct shall be deemed unlawful even if it is carried out under an authorization issued by a competent authority of a Member State if such authorization was obtained fraudulently or by corruption, extortion or coercion, or if such authorization is in manifest breach of relevant substantive legal requirements.
The Directive stipulates severe penalties, including maximum terms of imprisonment of not less than ten years for individuals and maximum fines for legal entities of not less than 5 % of the worldwide turnover or EUR 40 million.
Member States have jurisdiction if the damage is one of the constituent elements of the offense and occurs on their territory. In cases where the damage occurs in a Member State other than the Member State in which the act causing the damage occurred, this may lead to prosecution in more than one EU Member States and in return to a further enhancement of the cooperation between enforcement authorities in different states.
The Directive stipulates a variety of measures that Member States must take in order to either prevent or effectively prosecute offenses. These include, among others, the provision of dedicated investigative tools, awareness-raising campaigns and education programs, the provision of training, and the implementation of a national strategy on combating environmental criminal offenses.

A. Background

In its founding treaties, the EU has committed itself to ensuring a high level of protection of the environment.[7] To this end, in 2008, the EU adopted the Directive on the protection of the environment through criminal law, obligating Member States to criminalize certain environmentally harmful activities. A subsequent evaluation of the effectiveness of the Directive identified considerable enforcement gaps in all Member States. Further, it concluded that the number of cross-border investigations and convictions in the EU for environmental crime had not grown substantially as expected.[8] Since environmental crime is growing at annual rates of 5% to 7% globally[9], creating lasting damage for habitats, species, people’s health, and the revenues of governments and businesses, the European Commission concluded the current directive to be insufficient and proposed a new directive.

The Directive should be seen in the context of other recent EU regulations that have already been passed or are still in the legislative process, which aim at protecting the environment in the context of the EU’s transition to a climate-neutral and green economy (“Green Deal”[10]). For example, the Corporate Sustainability Reporting Directive (CSRD), which has come into force on January 5, 2023, requires certain companies to report on impacts as well as risk and opportunities related to sustainability matters.[11] On April 24, 2024, after lengthy negotiations and several postponements, the Corporate Sustainability Due Diligence Directive (CSDDD) which sets out due diligence obligations for companies regarding actual and potential adverse impacts on the environment and human rights in their value chains was finally passed by the Parliament.[12]

B. Environmental Crime Defined

The Directive provides for 20 basic criminal offenses addressing various ways of conduct.[13] Conduct in this respect relates, for example, to

the harmful discharge, emission or introduction of materials or substances, energy (such as heat, sources of energy and noise)[14] or ionising radiation into air, soil or water.[15]
the placing on the market of a product that is potentially harmful when used on a large scale, in breach of a prohibition or another requirement aimed at protecting the environment.[16]
the manufacturing, placing or making available on the market, export or use of certain harmful substances.[17]
the harmful collection, transport, recovery or disposal of waste, the supervision of such operations and the after-care of disposal sites, including action taken as a dealer or a broker.[18]
trade with timber in violation of the EU Regulation[19] on Deforestation-free products.[20]

Unlawful Conduct – Conduct in Breach of the Union’s Policy on the Environment

The offenses defined by the Directive require unlawful conduct, i.e. either (1) a breach of Union law contributing to the pursuit of at least one of the objectives of the Union’s policy on the environment or (2) a law, regulation or administrative provision of a Member State or a decision taken by a competent authority of a Member State that gives effect to such Union law.[21] Pursuant to Article 191 (1) of the Treaty on the Functioning of the European Union (“TFEU”), Union policy on the environment shall contribute to pursuit of the following objectives:

preserving, protecting and improving the quality of the environment,
protecting human health,
prudent and rational utilization of natural resources,
promoting measures at international level to deal with regional or worldwide environmental problems, and in particular combating climate change.

Importantly, the Directive makes clear that conduct shall be deemed unlawful even when it is carried out under an authorization if such authorization was obtained fraudulently or by corruption, extortion or coercion, or is in manifest breach of relevant substantive requirements.[22] The recitals suggest that ‘in manifest breach of relevant substantive legal requirements’ should be interpreted as referring to an obvious and substantial breach of relevant substantive legal requirements, and is not intended to include breaches of procedural requirements or minor elements of the authorization.[23]

Common constituent element

The majority of the offenses described by the Directive require that the conduct “causes or is likely to cause the death of, or serious injury to, any person or substantial damage to the quality of air, soil or water, or substantial damage to an ecosystem, animals or plants”[24]. While the Directive provides for elements that should be taken into account when assessing whether the damage to the quality of air, soil or water, or to an ecosystem or to animals or plants is “substantial”[25], the recitals stipulate that this qualitative threshold as well as the term “ecosystem” should be generally understood in a broad sense suggesting a possibly wide scope of application.[26]

“Qualified Offenses”

The Directive introduces “qualified offenses” with more severe penalties consisting of (a) the destruction of, or widespread and systematic damage, which is either irreversible or long-lasting to, an ecosystem of considerable size or environmental value or a habitat within a protected site, or (b) widespread and substantial damage which is either irreversible or long lasting to the quality of air, soil, or water”.[27] In its recitals, the EU describes such offenses as “comparable to Ecocide”.[28] The term “ecocide” was originally coined in the 1970s during the Vietnam war and was eventually recognized as a war crime under the Rome Statute[29].[30] The language of the Directive further resembles the definition of crimes against humanity.[31]

Intentional or Serious Negligence Required

As a general rule, the offenses set out by the Directive require that the conduct is intentional.[32] For 18 modalities, Member States must ensure that the respective conduct constitutes a criminal offense where that conduct is carried out with at least serious negligence.[33]

Complicity and Inchoate Offending

Pursuant to the Directive, Member States must ensure that inciting, and aiding and abetting the commission of an intentionally committed offense are punishable.[34] For 16 modalities of conduct, the Directive instructs that attempts be a crime.[35]

Penalties

Criminal penalties for individuals must be effective, proportionate and dissuasive.[36] The Directive stipulates that these must include maximum terms of imprisonment of at least ten, eight, five, or three years depending on the specific offense.[37] Accessory criminal or non-criminal penalties or measures may include the (a) obligation to restore the environment or pay compensation for the damage to the environment; (b) fines; (c) exclusion from access to public funding; (d) disqualification from holding, within a legal person, a leading position of the same type used for committing the offense; (e) withdrawal of permits and authorizations; (f) temporary bans on running for public office; (g) where there is a public interest, following a case-by-case assessment, publication of all or part of the judicial decision that relates to the criminal offense committed and the sanctions or measures imposed.[38]

C. Corporate Liability

The Directive not only addresses individual misconduct, but also criminal offending on behalf of legal persons. In this respect, Member States must ensure that legal persons can be held liable for offenses conducted by any person who has a leading position within the legal person concerned, either based on a power of representation, an authority to take decisions, or an authority to exercise control within the legal person.[39] Liability must also include the lack of supervision or control by a person who has a leading position when it has made possible the commission of an offense for the benefit of the legal person by a person under its authority.[40]

In terms of sanctions, Member States must ensure that liable legal person can be punished by effective, proportionate and dissuasive criminal or non-criminal[41] penalties or measures.[42] This is supposed to include fines which shall be proportionate to the seriousness of the conduct and to the “individual, financial and other circumstances of the legal person concerned”.[43] Member States are to ensure that the maximum level of fines is, depending on the specific type of offending, not less than

5 % of the worldwide turnover[44] or EUR 40 million;[45] or
3 % of the worldwide turnover or EUR 24 million.[46]

Beyond that, the Directive obliges Member States to take the necessary measures to ensure that legal persons held liable for “ecocide” are punishable by more severe penalties or measures.[47]

Further measures or sanctions with respect to legal persons may include (a) the obligation to restore the environment or pay compensation for the damage to the environment; (b) exclusion from entitlement to public benefits or aid; (c) exclusion from access to public funding, including tender procedures, grants, concessions and licenses; (d) temporary or permanent disqualification from the practice of business activities; (e) withdrawal of permits and authorizations to pursue activities that resulted in the relevant criminal offense; (f) placing under judicial supervision; (g) judicial winding-up; (h) closure of establishments used for committing the offense; (i) an obligation to establish due diligence schemes for enhancing compliance with environmental standards; and (j) where there is a public interest, publication of all or part of the judicial decision relating to the criminal offense committed and the penalties or measures imposed, without prejudice to rules on privacy and the protection of personal data.[48]

D. Jurisdiction

Member States have jurisdiction over an offense, (a) if the offense was committed either in part or in whole within its territory, (b) on board a ship or an aircraft registered in the Member State concerned or flying its flag, (c) the damage which is one of the constituent elements of the offense occurred on its territory or (d) the offender is one of its nationals.[49]

In particular the establishment of jurisdiction when the damage that is one of the constituent elements of the offense occurred on the territory of a EU Member State, may lead to a wide applicability of the Directive and may even lead to multiple prosecution and in return to a further enhancement of the cooperation between enforcement authorities in different states.[50] By way of example, if a national of a non-EU Member State disposed waste illegally in a river that runs through both a non-EU Member State and one or more EU Member States and the waste killed a substantial part of the fish population, the Member State’s jurisdiction could be triggered.

In addition, a Member State may exercise jurisdiction if (a) the offender is a habitual resident in its territory, (b) the offense is committed for the benefit of a legal person established in its territory, (c) the offense is committed against one of its nationals or its habitual residents or (d) the offense has created a severe risk for the environment on its territory.[51]

Where an offense falls in the jurisdiction of more than one Member State, those Member States are required to cooperate to determine which Member State shall conduct the criminal proceedings.[52]

E. Preventive and Other Measures

The Directive stipulates a variety of measures that Member States must take in order to either prevent or effectively prosecute offenses.

Freezing and Confiscation: Member States shall take the necessary measures to enable the tracing, identifying, freezing and confiscation of instrumentalities and proceeds from the criminal offenses.[53]
Investigative Tools: Member States shall take the necessary measures to ensure that effective and proportionate investigative tools are available for investigating or prosecuting offenses.[54]
Campaigns and Education Programs: Member States shall take appropriate measures, such as information and awareness-raising campaigns targeting relevant stakeholders from the public and private sector as well as research and education programs, which aim to reduce environmental criminal offenses and the risk of environmental crime.[55]
Sufficient Resources: Member States shall ensure that national authorities which detect, investigate, prosecute or adjudicate environmental criminal offenses have a sufficient number of qualified staff and sufficient financial, technical and technological resources for the effective performance of their functions related to the implementation of the Directive.[56]
Training: Member States shall take necessary measures to ensure that specialized regular training is provided to judges, prosecutors, police and judicial staff and to competent authorities’ staff involved in criminal proceedings and investigations with regard to the objectives of the Directive.[57]
Coordination and Cooperation: The Directive stipulates that Member States take the necessary measures to establish appropriate mechanisms for coordination and cooperation between competent authorities within a Member State and between Member States and the Commission, and Union bodies, offices or agencies.[58]
National Strategy: Member States shall establish, publish, implement and regularly[59] review a national strategy on combatting environmental criminal offenses.[60]
Data Collection and Statistics: Member States shall ensure that a system is in place for the recording, production and provision of anonymized statistical data in order to monitor the effectiveness of their measures to combat environmental criminal offenses.[61]

[1] See EU Official Journal April 30, 2024 and the legislative text.

[2] See Press Release of the Parliament (February 27, 2024).

[3] See Press Release of the Council (March 26, 2024).

[4] Pursuant to Article 29 the Directive will come into force on the twentieth day following that of its publication in the Official Journal of the European Union.

[5] Recitals 69, 70.

[6] Article 28 of the Directive.

[7] Art. 3 (3) of the Treaty on European Union and Art. 191 TFEU.

[8] See the European Commission’s Proposal for the Directive (COM (2021) 851 final), p. 1.

[9] See https://ec.europa.eu/commission/presscorner/detail/en/ip_23_5817.

[10] See Communication from the Commission on the European Green Deal, COM/2019/640 final.

[11] See European Union’s Corporate Sustainability Reporting Directive — What Non-EU Companies with Operations in the EU Need to Know and European Corporate Sustainability Reporting Directive (CSRD): Key Takeaways from Adoption of the European Sustainability Reporting Standards.

[12] See the Letter of the Chair of the JURI Committee of the European Parliament of March 15, 2024..

[13] Article 3(2) of the Directive.

[14] Recital 15.

[15] Article 3(2)(a) of the Directive.

[16] Article 3(2)(b) of the Directive.

[17] Article 3(2)(c) of the Directive.

[18] Article 3(2)(f) of the Directive.

[19] Regulation (EU) 2023/1115.

[20] Article 3(2)(p) of the Directive.

[21] Article 3(1) of the Directive.

[22] Article 3(1) of the Directive.

[23] Recital 10.

[24] See e.g. Article 3(2)(a) of the Directive.

[25] Article 3(6) of the Directive.

[26] Recital 13.

[27] Article 3(3) of the Directive.

[28] Recital 21.

[29] Rome Statute, article 8(2)(b)(iv);

[30] European Law Institute – Ecocide.

[31] Rome Statute, article 7(1).

[32] Article 3(2) of the Directive.

[33] Article 3(4) of the Directive.

[34] Article 4(1) of the Directive.

[35] Article 4(2) of the Directive.

[36] Article 5(1) of the Directive.

[37] Article 5(2) of the Directive.

[38] Article 5(3) of the Directive.

[39] Article 6(1) of the Directive.

[40] Article 6(2) of the Directive.

[41] Depending on whether the Member States’ national law provides for the criminal liability of legal persons; see recital 33.

[42] Article 7(1) of the Directive.

[43] Article 7(2), (3) of the Directive.

[44] Either in the business year preceding that in which the offense was committed, or in the business year preceding that of the decision to impose the fine.

[45] Article 7(3)(a) of the Directive.

[46] Article 7(3)(b) of the Directive.

[47] Article 7(4) of the Directive.

[48] Article 7(2) of the Directive.

[49] Article 12(1) of the Directive.

[50] Regarding the application of the double jeopardy-/ne bis in idem-principle between multiple jurisdictions, see also Extraterritorial Impact of New UK Corporate Criminal Liability Laws.

[51] Article 12(2) of the Directive.

[52] Article 12(2) of the Directive.

[53] Article 10 of the Directive.

[54] Article 13 of the Directive.

[55] Article 16 of the Directive.

[56] Article 17 of the Directive.

[57] Article 18 of the Directive.

[58] Articles 19, 20 of the Directive.

[59] The intervals should be no longer than 5 years.

[60] Article 21 of the Directive.

[61] Article 22 of the Directive.

The following Gibson Dunn lawyers prepared this client alert: Benno Schwarz, Katharina Humphrey, Andreas Dürr, and Julian Reichert.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work, any member of Gibson Dunn’s White Collar Defense and Investigations practice group, or the following authors in Munich.

Benno Schwarz (+49 89 189 33-110, bschwarz@gibsondunn.com)
Katharina Humphrey (+49 89 189 33-155, khumphrey@gibsondunn.com)
Andreas Dürr (+49 89 189 33-219, aduerr@gibsondunn.com)
Julian Reichert (+49 89 189 33-229, jreichert@gibsondunn.com)

The obligations apply with respect to a company’s own operations and those of its subsidiaries — but also to those carried out by a company’s “business partners” in the company’s “chain of activities”.

On 24 April 2024, the Corporate Sustainability Due Diligence Directive[1] (“CSDDD” or “Directive”) was finally passed by the European Parliament (“Parliament”), marking the end of the key stages of the legislative process, after four years. The CSDDD establishes far-reaching mandatory human rights and environmental obligations on both European Union (“EU”) and non-EU companies meeting certain turnover thresholds, starting from 2027. Those obligations apply with respect to a company’s own operations and those of its subsidiaries—but also to those carried out by a company’s “business partners” in the company’s “chain of activities”.[2] Generally, the CSDDD, one of the most debated pieces of European legislation of recent times, establishes an obligation on in-scope companies to:

identify and assess (due diligence) adverse human rights and environmental impacts;
prevent, mitigate and bring to an end / minimise such adverse impacts; and
adopt and put into effect a transition plan for climate change mitigation which aims to ensure—through best efforts—compatibility of the company’s business model and strategy with limiting global warming to 1.5 °C in line with the Paris Agreement.

The CSDDD also sets out minimum requirements (including the ability for claims to be made by trade unions or civil society organisations) of a liability regime to be implemented by EU Member States for violation of the obligation to prevent, mitigate and bring to an end / minimise adverse impacts.

Key Takeaways

In-scope companies under the Directive include:
- EU companies (on a standalone or consolidated basis) with more than 1,000 employees on average and a net worldwide turnover of more than EUR 450 million; and
- non-EU companies (on a standalone or consolidated basis) generating a net turnover of more than EUR 450 million within the EU.
The human rights and environmental obligations include: (a) integrating due diligence into policies and management systems; (b) identifying and assessing actual and potential adverse human rights and environmental impacts; (c) implementing measures to prevent, cease or minimise such impacts; (d) monitoring and assessing the effectiveness of measures; and (e) providing remediation to those affected by actual adverse impacts.
Obligations are not limited to the company’s own operations and those of their subsidiaries—they extend to a company’s upstream and downstream business partners throughout the company’s “chain of activities”.
Member States are required to impose penalties on companies in breach of the Directive, including pecuniary penalties with a maximum limit of not less than 5% of the in-scope company’s worldwide net turnover.
A breach of certain CSDDD obligations may result in civil liability for damages. However, a company cannot be held liable for any damage caused by its business partners in its chain of activities.
The CSDDD establishes an obligation on companies to adopt a climate change mitigation transition plan to ensure that their business model and strategy are compatible with limiting global warming to 1.5 °C in line with the Paris Agreement.
The Directive will be implemented gradually, applying to larger companies first. From 2027, the Directive will apply to: (a) EU companies with more than 5,000 employees and EUR 1,500 million net worldwide turnover; and (b) non-EU companies with more than EUR 1,500 million net turnover generated in the EU.

1. Legislative History

As reported in our earlier article,[3] in April 2020, the European Commission (“Commission”) proposed the adoption of a directive requiring companies to undertake mandatory human rights and environmental due diligence across their value chains, and a proposal followed in February 2022.[4] At that time, some Member States had already adopted national due diligence laws,[5] and the Commission considered it important to ensure a level playing field for companies operating within the internal market. The Directive was further intended to contribute to the EU’s transition towards a sustainable economy and sustainable development through the prevention and mitigation of adverse human rights and environmental impacts in companies’ supply chains.

After multiple rounds of negotiations and material amendments submitted by all EU institutions, as well as extensive negotiations between Member States, the Permanent Representative Committee of the Council of the European Union (“Council”) endorsed the draft Directive on 15 March 2024, with the Parliament voting in favour on 24 April 2024.[6]

Notably, the CSDDD crystallises into hard law at the EU level certain voluntary international standards on responsible business conduct, such as the UN Guiding Principles on Business and Human Rights (“UNGPs”), the OECD Guidelines for Multinational Enterprises, the OECD Guidance on Responsible Business Conduct, and sectoral direction. Prior to the CSDDD coming into force, these voluntary instruments will continue to offer valuable “best practice” guidance to in-scope companies.

2. Scope of Application and Timing

The Directive will apply to EU companies (i.e., companies formed in accordance with the legislation of a Member State) where a company meets the following thresholds (in each instance measured in the last financial year for which annual financial statements have been or should have been adopted):

has more than 1,000 employees on average (including in certain circumstances, temporary agency workers) and a net worldwide turnover of more than EUR 450 million;[7] or
is the ultimate parent company of a group that collectively reaches the thresholds in (a); or
has entered into or is the ultimate parent company of a group that entered into franchising or licensing agreements in the EU in return for royalties where these royalties amount to more than EUR 22.5 million and provided that the company had or is the ultimate parent company of a group that had a net worldwide turnover of more than EUR 80 million.

The Directive has extra-territorial effect since it also applies to non-EU companies (i.e., companies formed in accordance with the legislation of a non-EU country), if that company:

has generated a net turnover in the EU of more than EUR 450 million; or
is the ultimate parent company of a group that collectively reaches the thresholds under (a); or
has entered into or is the ultimate parent company of a group that entered into franchising or licensing agreements in the EU in return for royalties where these royalties amount to more than EUR 22.5 million in the EU and provided that the company had or is the ultimate parent company of a group that had a net turnover of more than EUR 80 million in the EU.

For the Directive to apply, for both EU and non-EU companies, the threshold conditions must have been satisfied for at least two consecutive financial years. Smaller companies operating in the “chain of activities” of in-scope companies will also be indirectly affected because of contractual requirements imposed on them by companies within the scope of the Directive (discussed further below).

It is notable that the scope of application of the CSDDD is more limited than that of the Corporate Sustainability Reporting Directive (“CSRD”),[8] which (save with respect to franchisors or licensors) applies both lower employee and turnover thresholds. Whilst the CSDDD is expected to apply to around 5,500 companies, the CSRD covers approximately 50,000 companies.

3. Obligations on In-scope Companies

(a) Adopt Human Rights and Environmental Due Diligence

The Directive introduces so-called human rights and environmental “due diligence obligations”. These apply to a company’s own operations, those of its subsidiaries, and those of its direct and indirect business partners throughout their “chain of activities”. The Directive defines “chain of activities” as activities of a company’s:

upstream business partners,[9] relating to the production of goods or the provision of services by the company, including the design, extraction, sourcing, manufacture, transport, storage and supply of raw materials, products or parts of the products and development of the product or the service; and
downstream business partners, relating to the distribution, transport and storage of the product, where the business partners carry out those activities for the company or on behalf of the company.[10]

Companies will be required to:

develop a due diligence policy[11] that ensures risk-based due diligence, and integrate due diligence into their relevant policies and risk management systems;
identify and assess actual or potential adverse human rights and environmental impacts (which are defined by reference to obligations or rights enshrined in international instruments),[12] including mapping operations to identify general areas where adverse impacts are most likely to occur and to be most severe; and
prevent and mitigate potential adverse impacts and bring to an end / minimise the extent of actual adverse impacts. Where it is not feasible to prevent, mitigate, bring to an end or minimise all identified adverse impacts at the same time to their full extent, companies must prioritise the steps they take based on the severity and likelihood of the adverse impacts.

In each instance, companies will be required to take “appropriate measures”; that is, measures that “effectively addres[s] adverse impacts in a manner commensurate to the degree of severity and the likelihood of the adverse impact”.[13] Such measures must take into account the circumstances of the specific case, including the nature and extent of the adverse impact and relevant risk factors.

With regards to the prevention of potential adverse impacts, companies are required (amongst other obligations) to:

develop and implement a prevention action plan, with reasonable and clearly defined timelines for the implementation of appropriate measures and qualitative and quantitative indicators for measuring improvement;
seek contractual assurances from a direct business partner that it will ensure compliance with the company’s code of conduct / prevention action plan, including by establishing corresponding contractual assurances from its partners if their activities are part of the company’s chain of activities;
make necessary financial or non-financial investments, adjustments or upgrades, such as into facilities, production or other operational processes and infrastructures; and
provide targeted and proportionate support for an SME[14] which is a business partner of the company.

Similar obligations are imposed in the context of bringing actual adverse impacts to an end.

Notably, regarding (b), companies must verify compliance. To do so, the CSDDD states that companies “may refer to” independent third-party verification, including through industry or multi-stakeholder initiatives.[15]

The financial sector has more limited obligations. “Regulated financial undertakings” are only subject to due diligence obligations for their own operations, those of their subsidiaries and the upstream part of their chain of activities. Such undertakings are expected to consider adverse impacts and use their “leverage” to influence companies, including through the exercise of shareholders’ rights.

(b) Adopt / Put into Effect a Climate Transition Plan

Companies will also be required to adopt and put into effect a climate change mitigation transition plan (“CTP”), to be updated annually, which aims to ensure that a company’s business model and strategy are compatible with limiting global warming to 1.5°C in line with the Paris Agreement and the objective of achieving climate neutrality, including intermediate and 2050 climate neutrality targets. The CTP should also address, where relevant, the exposure of the company to coal-, oil- and gas-related activities.

The CTP must contain: (a) time-bound targets in five-year steps from 2030 to 2050 including, where appropriate, absolute greenhouse gas emission reduction targets for scope 1, 2 and 3 emissions; (b) description of decarbonisation levers and key actions planned to reach the targets identified in (a); (c) details of the investments and funding supporting the implementation of the CTP; and (d) a description of the role of the administrative, management and supervisory bodies with regard to the CTP.[16]

Companies which report a CTP in accordance with the CSRD or are included in the CTP of their parent undertaking are deemed to have complied with the CSDDD’s CTP obligation. Regulated financial undertakings will also have to adopt a CTP ensuring their business model complies with the Paris Agreement.

(c) Provide Remediation

Consistent with the right to a remedy under the UNGPs, Member States must ensure that where a company has caused or jointly caused an actual adverse impact, it will provide “remediation”.[17] This is defined in the Directive as “restoration of the affected person or persons, communities or environment to a situation equivalent or as close as possible to the situation they would be in had an actual adverse impact not occurred”.[18] Such remediation should be proportionate to the company’s implication in the adverse impact, including financial or non-financial compensation to those affected and, where applicable, reimbursement of any costs incurred by public authorities for necessary remedial measures.

(d) Meaningfully[19] engage with Stakeholders

Companies are required to effectively engage with stakeholders. This includes carrying out consultations at various stages of the due diligence process, during which companies must provide comprehensive information.

(e) Establish a Notification Mechanism and Complaints Procedure

Member States must ensure that companies provide the possibility for persons or organisations with legitimate concerns regarding any adverse impacts to submit complaints.[20] There should then be a fair, publicly available, accessible, predictable and transparent procedure for dealing with complaints, of which relevant workers, trade unions and other workers’ representatives should be informed. Companies should take reasonably available measures to avoid any retaliation.

Notification mechanisms must also be established through which persons and organisations can submit information about adverse impacts.

Companies will be allowed to fulfil these obligations through collaborative complaints procedures and notification mechanisms, including those established jointly by companies, through industry associations, multi-stakeholder initiatives or global framework agreements.

(f) Monitor and Assess Effectiveness

Member States shall ensure that companies carry out periodic assessments of their own operations and measures, those of their subsidiaries and, where related to the chain of activities of the company, those of their business partners. These will assess implementation and monitor the adequacy and effectiveness of the identification, prevention, mitigation, bringing to an end and minimisation of the extent of adverse impacts.

Where appropriate, assessments are to be based on qualitative and quantitative indicators and carried out without undue delay after a significant change occurs, but at least every 12 months and whenever there are reasonable grounds to believe that new risks of the occurrence of those adverse impacts may arise.[21]

(g) Communicate Compliance

Companies will be required to report on CSDDD-matters by publishing an annual statement on their website within 12 months of the end of their financial year, unless they are subject to sustainability reporting obligations under the CSRD. The CSDDD does not introduce any new reporting obligations in addition to those under the CSRD.[22]

The contents of the annual statement will be defined by the Commission through a subsequent implementing act.

4. Enforcement and Sanctions

The Directive requires Member States to designate independent “supervisory authorities” to supervise compliance (“Supervisory Authority”).[23] A Supervisory Authority must have adequate powers and resources, including the power to require companies to provide information and carry out investigations. Investigations may be initiated by the Supervisory Authorities’ own motion or as a result of substantiated concerns raised by third parties.

Supervisory Authorities are to be empowered to “at least”: (a) order the cessation of infringements, the abstention from any repetition of the relevant conduct and the taking of remedial measures; (b) impose penalties; and (c) adopt interim measures in case of imminent risk of severe and irreparable harm.

Sanctions regimes adopted by Member States must be effective, proportionate and dissuasive. This includes pecuniary penalties with a maximum limit of not less than 5% of the in-scope company’s worldwide net turnover.[24] Additionally, the Directive stipulates that any decision of a Supervisory Authority containing penalties is: (a) published, (b) publicly available for at least five years; and (c) sent to the “European Network of Supervisory Authorities” (“naming and shaming”).[25]

Besides these sanctions, compliance with the CSDDD’s obligations can be used as part of the award criteria for public and concession contracts.

5. Civil Liability of Companies

Member States must establish a civil liability regime for companies which intentionally or negligently fail to comply with the CSDDD’s obligations and where damage has been caused to a person’s legal interest (as protected under national law) as a result of that failure.[26] However, a company cannot be held liable if the damage was caused only by its business partners in its chain of activities.

Member States must provide for “reasonable conditions” under which any alleged injured party may authorize a trade union, non-governmental human rights or environmental organization or other NGO or national human rights institution, to bring actions to enforce the rights of the alleged injured party.[27]

The Directive requires a limitation period for bringing actions for damages of at least five years and, in any case, not shorter than the limitation period laid down under general civil liability regimes of Member States.

Regarding compensation, Member States are required to lay down rules that fully compensate victims for the damage they have suffered as a direct result of the company’s failure to comply with the Directive. However, the Directive states that deterrence through damages (i.e., punitive damages) or any other form of overcompensation should be prohibited.

6. Next Steps / Implementation

The Directive must now be formally adopted by the Council and will subsequently come into force on the 20th day following that of its publication in the Official Journal of the EU, which is expected to occur in the first half of 2024. Once the Directive enters into force, Member States will need to transpose it into national law within two years, i.e., by mid-2026.

Depending on their size, companies will have between three to five years from the Directive entering into force to implement its requirements (i.e., likely until between 2027 and 2029):

three years (i.e., likely in 2027) for (a) EU companies with more than 5,000 employees and EUR 1,500 million net worldwide turnover, and (b) non-EU companies with more than EUR 1,500 million net turnover generated in the EU.
four years (i.e., likely in 2028) for: (a) companies with more than 3,000 employees and EUR 900 million net worldwide turnover and (b) non-EU companies with more than EUR 900 million net turnover generated in the EU; and
five years (i.e., likely in 2029) for companies with more than 1,000 employees and EUR 450 million turnover.

7. Relationship between the CSDDD and other EU Laws Protecting Human Rights and the Environment

The Directive is part of a series of EU regulations which aim to protect human rights and the environment through both reporting and due diligence obligations. Such regulations include the CSRD and the Sustainable Finance Disclosure Regulation, which impose mandatory reporting obligations, as well as the Regulation on Deforestation-free Products, the Conflicts Minerals Regulation, the Batteries Regulation and the Forced Labour Ban Regulation (which, coincidentally, was also approved by the European Parliament on 24 April 2024),[28] which impose due diligence requirements on companies in certain sectors / circumstances.

In this context, the CSDDD will become the “default” EU due diligence regime. The Directive expressly provides that its obligations are without prejudice to other, more specific EU regimes, meaning that if a provision of the CSDDD conflicts with another EU regime providing for more extensive or specific obligations, then the latter will prevail.

8. Practical Considerations for In-Scope Companies

Given the significance of expectations and liabilities in the CSDDD, in-scope companies would be well advised to commence preparation now, notwithstanding the implementation timeframe. Indeed, the types of measures that the CSDDD requires to be implemented will take time to operationalise. Functions and entities across multinationals will need to be engaged in that implementation, and it is prudent to involve key internal stakeholders (including legal and compliance functions) in that process from the outset.

The types of next steps in-scope companies should be considering now include:

First, mapping current and potentially future upstream and downstream business relationships to understand where any human rights and environmental risks exist. Any gaps or concerns should be addressed. Additionally, effective systems should be implemented to continually monitor risks within the chain of activities.

Second, putting in place a risk-based due diligence policy containing a description of the company’s approach, as well as supplier codes of conduct, which describe the rules and principles to be followed throughout the company and its subsidiaries. Codes of conduct should apply to all relevant corporate functions and operations, including procurement, employment and purchasing decisions.

Third, considering whether it is appropriate to involve lawyers in the development of internal due diligence systems in order to seek to apply privilege to relevant communications and documentation. This is particularly important given the: (a) matrix of legal regulation which applies in this space; and (b) envisaged regulatory and civil liability regimes.

Fourth, inserting appropriate contractual language into business partner contracts. The CSDDD requires the Commission, in consultation with Member States and stakeholders, to adopt guidance in this regard. However, the Commission has 30 months from the entry into force of the CSDDD to adopt such guidance.

Fifth, training employees—and being cognisant that training should not be limited just to those persons directly involved with sustainability compliance and reporting. Employees should understand how to spot adverse human rights and environmental impacts and understand the actions to be taken when they do.

Sixth, establishing operational level grievance mechanisms for rights holders, their representatives and civil society organisations. Such mechanisms act not only as a tool to remedy and redress but can be harnessed preventively as an early warning system for the identification and analysis of adverse impacts.

Seventh, meaningfully engaging with stakeholders will require identification of who relevant stakeholders are and require companies to design effective engagement processes.

Last, given the overlapping nature of some of the EU directives and regulations in this space (as well as laws at the Member State level), mapping all relevant obligations to ensure consistent compliance and drive efficiencies where practicable. It is notable that the Directive explicitly states that it does not prevent Member States from imposing further, more stringent obligations on companies—so companies will want to keep this under review.

__________

[1] European Parliament legislative resolution of 24 April 2024 on the proposal for a directive of the European Parliament and of the Council on Corporate Sustainability Due Diligence and amending Directive (EU) 2019/1937.

[2] Art. 1(a) of the Directive.

[3] See our previous client alert addressing Mandatory Corporate Human Rights Due Diligence.

[4] See our previous client alert addressing the European Commission’s draft directive on “Corporate Sustainability Due Diligence”.

[5] See for example, France’s “Loi de Vigilance” enacted in 2017, which inserted provisions into the French Commercial Code imposing substantive requirements on companies in relation to human rights and environmental due diligence. Specifically, companies with more than 5,000 employees in France (or 10,000 employees in France or abroad) are required to establish, implement and publish a “vigilance plan” to address risks within their supply chains or which arise from the activities of direct or indirect subsidiaries or subcontractors. Such plans should also include action plans to mitigate those risks and prevent damage, as well as a monitoring system to ensure that the plan is effectively implemented. (See our previous client alert addressing global legislative developments and proposals in the bourgeoning field of mandatory corporate human rights due diligence). Meanwhile in Germany, the Supply Chain Due Diligence Act 2023 (the “SCCDA”) was enacted, imposing due diligence obligations on companies with a statutory seat in Germany and more than 1,000 employees, regardless of revenue. In many instances, the CSDDD and the SCDDA obligations overlap, although there are some differences. For example, whilst the CSDDD extends obligations to the company’s “chain of activities”, the SCDDA focuses primarily on direct suppliers. An in-scope company may also be required to conduct due diligence on its indirect suppliers if the company has substantiated knowledge of grievances or violations of the law. The German legislator is expected to align the obligations under the CSDDD and the SCDDA, as it did in relation to CSRD.

[6] Press Release of the European Parliament, 24 April 2024, “Due diligence: MEPs adopt rules for firms on human rights and environment”.

[7] Turnover of branches of the relevant entity are also to be taken into account when calculating whether a threshold has been reached.

[8] See our previous client alert addressing the CSRD.

[9] See Art. 3(1)(f) of the Directive, which defines “business partner” as “an entity (i) with which the company has a commercial agreement related to the operations, products or services of the company or to which the company provides services pursuant to point (g) (‘direct business partner’), or (ii) which is not a direct business partner but which performs business operations related to the operations, products or services of the company (‘indirect business partner’)”.

[10] See Art. 3(1)(g) of the Directive.

[11] See Art. 5 of the Directive. The company’s risk-based due diligence policy should be developed in consultation with its employees and their representatives and be updated after a significant change or at least every 24 months (Art. 7(3) of the Directive). It shall contain all of the following: (a) a description of the company’s approach, including in the long term, to due diligence; (b) a code of conduct describing rules and principles to be followed throughout the company and its subsidiaries, and the company’s direct or indirect business partners; and (c) a description of the processes put in place to integrate due diligence into the relevant policies and to implement due diligence, including the measures taken to verify compliance with the code of conduct and to extend its application to business partners.

[12] See Art. 3(1)(b) and (c). Adverse environmental impacts are defined as an adverse impact on the environment resulting from the breach of the prohibitions and obligations listed in Part I, Section 1, points 15 and 16 (the prohibition of causing any measurable environmental degradation and the right of individuals, groupings and communities to lands and resources and the right not to be deprived of means of subsistence), and Part II of the Annex to the Directive, which includes, for example, the obligation to avoid or minimise adverse impacts on biological diversity, interpreted in line with the 1992 Convention on Biological Diversity and applicable law in the relevant jurisdiction. Adverse human rights impacts are defined as an adverse impact on one of the human rights listed in Part I, Section 1, of the Annex to the Directive, as those human rights are enshrined in the international instruments listed in Part I, Section 2, of the Annex to the Directive, for example, The Convention on the Rights of the Child and The International Covenant on Civil and Political Rights.

[13] See Art. 3(1)(o) of the Directive.

[14] This is defined in Art. 3(1)(i) of the Directive as “a micro, small or a medium-sized undertaking, irrespective of its legal form, that is not part of a large group…”.

[15] Art. 10(5) of the Directive.

[16] Art. 22 of the Directive.

[17] Art. 12 of the Directive.

[18] Art. 3(1)(t) of the Directive.

[19] Whilst the text of Art. 13(1) of the Directive refers to “effective” engagement with stakeholders, the title of provision refers to “meaningful” engagement, which is also found in the Recitals.

[20] Art. 14 of the Directive.

[21] Ar. 15 of the Directive.

[22] Art. 16 of the Directive.

[23] Art. 24(1) of the Directive. For France and Germany, we expect the “Supervisory Authority” to be the same authority as is currently overseeing compliance with their analogous due diligence regimes.

[24] Art. 27(4) of the Directive.

[25] Art. 27(5) of the Directive.

[26] Art. 29 of the Directive.

[27] Art. 29(3)(d) of the Directive.

[28] See Press Release of the European Parliament on 23 April 2024, “Products made with forced labour to be banned from EU single market”.

The following Gibson Dunn lawyers prepared this update: Selina Sagayam, Susy Bullock, Stephanie Collins, Alexa Romanelli, and Harriet Codd in London; Robert Spano in Paris; and Ferdinand Fromholzer, Markus Rieder, Katharina Humphrey, Julian von Imhoff, Carla Baum, Melina Kronester, Julian Reichert, and Marc Kanzler in Munich.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work, any member of Gibson Dunn’s Environmental, Social and Governance (ESG) practice group, or the following authors in London, Paris and Munich:

London:
Selina S. Sagayam – London (+44 20 7071 4263, ssagayam@gibsondunn.com)
Susy Bullock – London (+44 20 7071 4283, sbullock@gibsondunn.com)
Stephanie Collins – London (+44 20 7071 4216, scollins@gibsondunn.com)
Alexa Romanelli – London (+44 20 7071 4269, aromanelli@gibsondunn.com)
Harriet Codd (+44 20 7071 4057, hcodd@gibsondunn.com)

Paris:
Robert Spano – Paris/London (+33 1 56 43 14 07, rspano@gibsondunn.com)

Munich:
Ferdinand Fromholzer (+49 89 189 33-270, ffromholzer@gibsondunn.com)
Markus Rieder (+49 89 189 33-260, mrieder@gibsondunn.com)
Katharina Humphrey (+49 89 189 33-217, khumphrey@gibsondunn.com)
Julian von Imhoff (+49 89 189 33-264, jvonimhoff@gibsondunn.com)
Carla Baum (+49 89 189 33-263, cbaum@gibsondunn.com)
Melina Kronester (+49 89 189 33-225, mkronester@gibsondunn.com)
Julian Reichert (+49 89 189 33-229, jreichert@gibsondunn.com)
Marc Kanzler (+49 89 189 33-269, mkanzler@gibsondunn.com)

A summary of recent developments and upcoming legislative changes in German corporate law that will impact the M&A market this year, originally published in M&A Review, M&A Media Services GmbH, 35. Volume 1-2/2024.

Gibson Dunn partner Sonja Ruttmann and of counsels Silke Beiter and Birgit Friedl from our Munich office co-authored M&A in 2024 – Relevant Legal Changes, An Outlook, originally published in M&A Review on February 10, 2024. The article summarizes some of the most recent developments and upcoming legislative changes in German corporate law that will impact the M&A market this year.

Please click HERE to view, download or print this article in English language.

Sonja Ruttmann, Silke Beiter und Dr. Birgit Friedl aus Gibson Dunns Münchner Büro geben in ihrem Artikel M&A im Jahr 2024 – Relevante Gesetzesänderungen, ein Ausblick, der am 10. Februar 2024 in der M&A Review erschien, einen Überblick über die wichtigsten aktuellen Entwicklungen und Gesetzesänderungen im deutschen Gesellschaftsrecht, die für den M&A-Markt in diesem Jahr von Bedeutung sein dürften.

Zum Beitrag in deutscher Sprache (im PDF-Format) gelangen Sie HIER.

The following Gibson Dunn lawyers prepared this article: Sonja Ruttman, Silke Beiter, and Birgit Friedl.

Sonja Ruttmann (+49 89 189 33 256, sruttmann@gibsondunn.com)
Silke Beiter (+49 89 189 33 271, sbeiter@gibsondunn.com)
Birgit Friedl (+49 89 189 33 251, bfriedl@gibsondunn.com)

2023 was another extraordinarily active year in the world of trade controls, including sweeping new trade restrictions on Russia and China, aggressive enforcement of sanctions and export controls, and extensive collaboration among sister agencies and partner countries.

In 2023, the United States, the European Union, and the United Kingdom continued to push the limits of economic statecraft by imposing new trade restrictions on major economies such as Russia and China, and aggressively enforcing existing measures. Throughout his tenure, President Biden has imposed sanctions at an unprecedented rate by adding nearly 5,500 names to restricted party lists maintained by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”)—a yearly average nearly double that of the Trump administration and triple the pace under President Obama. Approximately one-third of all parties presently on U.S. sanctions lists were placed there by President Biden. That sharp upswing continued in 2023 as the United States added a near-record number of individuals and entities to OFAC sanctions lists:

In addition to the sheer number of new sanctions designations, the past year was noteworthy for the scale and scope of enforcement actions targeting sanctions and export control violations. OFAC and the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) each issued record-breaking civil monetary penalties measured in the hundreds of millions of dollars and closely coordinated with the U.S. Department of Justice to mount criminal prosecutions—marking a historically aggressive approach to enforcing trade controls.

Indeed, a high degree of collaboration among sister agencies and partner countries was one of the signal developments of the past year as policymakers in Washington, London, and other allied capitals magnified the impact of sanctions, export controls, import restrictions, and foreign investment reviews by frequently issuing joint guidance and tightly aligning their controls to make trade restrictions more challenging for Moscow, Beijing, and other targets to evade.

As roughly half the world’s population prepares to head to the polls over the next twelve months—including in major elections in the United States, the European Union, and the United Kingdom—policymakers have little incentive to slow their use of economic coercive measures before facing their electorates. Very few politicians would be criticized for demonstrating strength against adversaries and competitors via enhanced sanctions or export controls. All the more so because tools like sanctions and export controls can be promulgated with little perceived risk and even more limited perceived cost to the governments imposing them. As a consequence, the heavy use of trade controls as a primary instrument of foreign policy appears poised to continue its growth regardless who occupies the White House, Downing Street, or any of the other halls of power up for grabs in 2024.

I. Global Trade Controls on Russia

A. Blocking Sanctions
B. Services Prohibitions
C. Price Cap on Crude Oil and Petroleum Products
D. Export Controls
E. Countering Evasion
F. Secondary Sanctions
G. Import Prohibitions
H. Possible Further Trade Controls on Russia

II. U.S. Trade Controls on China

A. Export Controls
B. Uyghur Forced Labor Prevention Act
C. Industrial Policy
D. Investment Restrictions
E. Possible Further Trade Controls on China

III. U.S. Sanctions

A. Venezuela
B. Iran
C. Myanmar
D. Sudan
E. Counter-Terrorism
F. Other Major Sanctions Programs
G. Crypto/Virtual Currencies
H. OFAC Enforcement Trends and Compliance Lessons

IV. U.S. Export Controls

A. Multilateral Coordination
B. Commerce Department

V. Committee on Foreign Investment in the United States (CFIUS)

A. CFIUS Annual Report
B. Expanded Jurisdiction
C. State Law Investment Restrictions
D. Geographic Focus

VI. U.S. Outbound Investment Restrictions

A. Proposed Rulemaking
B. Public Comments and Unresolved Issues

VII. European Union

A. Trade Controls on China
B. Sanctions Developments
C. Export Controls Developments
D. Foreign Direct Investment Developments

VIII. United Kingdom

A. Trade Controls on China
B. Sanctions Developments
C. Export Controls Developments
D. Foreign Direct Investment Developments

I. Global Trade Controls on Russia

Following the Kremlin’s full-scale invasion of Ukraine in early 2022, a coalition of leading democracies—including the United States, the European Union, the United Kingdom, Canada, Australia, and Japan—unleashed a historic barrage of trade restrictions on Russia. As the war in Ukraine stretched on into 2023, the United States and its allies shifted from rapidly introducing new and often novel trade controls to incrementally expanding existing measures such as blocking sanctions, services bans, export controls, and import bans. To further pressure Moscow, the United States authorized secondary sanctions on foreign financial institutions that, knowingly or unknowingly, facilitate significant transactions involving Russia’s military-industrial base, and partnered with allied countries to crack down on sanctions and export control evasion. Such seemingly disparate measures were each calculated to deny Russia the capital and materiel needed to wage war in Ukraine. The European Union and the United Kingdom—each departing from their historic practice—increasingly imposed extraterritorial measures, including asset freezes on third-country entities that support Russia’s war in Ukraine or that facilitate the contravention of relevant prohibitions.

These restrictions have generally been effective at “pouring sand into the gears” of Russia’s war machine as the Kremlin has experienced shortages of key components such as semiconductors, employed elaborate transshipment schemes, and turned to suppliers of last resort like North Korea and Iran to restock its arsenal. Such trade restrictions also appear to be exacting a toll on Russia’s broader economy as soaring defense spending has led to rising inflation, widening budget deficits, and forgone investment in priorities such as education and healthcare that threaten to sap Russia’s long-term growth prospects. By imposing countermeasures that restrict companies’ ability to depart Russia, including an “exit tax” and outright asset seizures, Moscow risks further chilling foreign investment. Meanwhile, the coalition continues to hold a handful of policy options in reserve. Depending upon events on the ground and political dynamics at home, U.S. and allied officials could in coming months escalate economic pressure on Russia by designating additional sanctions and export control evaders, further restricting exports of sensitive components, or severing from the U.S. financial system one or more foreign banks for enabling Russia’s ongoing military campaign. They could even go after various third rails in Russia—further restricting gas flows and potentially seizing Russian state assets (including central bank assets) held abroad.

A. Blocking Sanctions

Since February 2022, the United States, the European Union, and the United Kingdom, in an extraordinary burst of activity, have each added thousands of new Russia-related individuals and entities to their respective consolidated lists of sanctioned persons. While the lists do not entirely overlap, which has increased the compliance burden on multinational firms, the level of coordination among the allies has magnified the impact of sanctions by making them more challenging to evade. Underscoring the breadth of new sanctions designations, the United States on seven occasions this past year alone added 100 or more new Russia-related targets to OFAC’s Specially Designated Nationals and Blocked Persons (“SDN”) List—an astonishing pace considering that around 10,000 parties had been added to the SDN List over the preceding twenty years combined. The European Union also designated more than 100 individuals and entities as part of its Russia sanctions program on three separate occasions, and the United Kingdom reached similar heights on two occasions, in 2023. This pace of change, combined with the breadth and depth of such changes, has made it increasingly difficult for the private sector to keep up.

Blocking sanctions are arguably the most potent tool in a country’s sanctions arsenal, especially for countries such as the United States with an outsized role in the global financial system. Upon becoming designated an SDN (or other type of blocked person), the targeted individual or entity’s property and interests in property that come within U.S. jurisdiction are blocked (i.e., frozen) and U.S. persons are, except as authorized by OFAC, generally prohibited from engaging in transactions involving the blocked person. The same applies to persons designated by the European Union or the United Kingdom. The SDN List, and its EU and UK equivalents, therefore function as the principal sanctions-related restricted party lists. Moreover, the effects of blocking sanctions often reach beyond the parties identified by name on these lists. By operation of OFAC’s Fifty Percent Rule (or, in the EU and the UK, the even broader ownership and control tests), restrictions generally also extend to entities owned 50 percent or more in the aggregate by one or more blocked persons (or, in the EU and the UK, entities that are majority-owned or controlled by blocked persons), whether or not the entity itself has been explicitly identified.

During 2023, the allies repeatedly used their targeting authorities to block Russian political and business elites, as well as substantial enterprises operating in sectors such as banking, energy, and technology seen as critical to financing and sustaining the Kremlin’s war effort. Notable designations included:

Government officials, including Russian cabinet ministers and regional governors;
Russian oligarchs such as Petr Aven, Mikhail Fridman, German Khan, and Alexey Kuzmichev—many of whom were already targeted by the European Union and the United Kingdom—plus wealthy associates of Belarus’s President Alyaksandr Lukashenka;
Financial institutions, including Credit Bank of Moscow and Tinkoff Bank, as a result of which over 80 percent of Russia’s banking sector by assets is now sanctioned;
Energy firms such as Arctic Transshipment LLC and LLC Arctic LNG 2, which were targeted to limit Russia’s current energy revenues and future extractive capabilities;
Military-industrial firms, including hundreds of companies operating in the technology, defense and related materiel, construction, aerospace, and manufacturing sectors of Russia’s economy, dealings with which (as discussed further below) can now place foreign financial institutions at risk of being cut off from the U.S. financial system; and
Third-country facilitators of sanctions and export control evasion, including shipping companies and vessels alleged to have violated the price cap on Russian crude oil and petroleum products, plus dozens of parties located in major transshipment hubs such as Turkey, the United Arab Emirates, and China.

Many of the parties described above were designated pursuant to Executive Order (“E.O.”) 14024, which authorizes blocking sanctions against persons determined to operate or have operated in certain sectors of the Russian Federation economy identified by the U.S. Secretary of the Treasury.

In addition to naming more than 1,000 new Russia-related individuals, entities, vessels, and aircraft to their respective sanctions lists, the United States and the European Union this past year continued to expand the potential bases upon which parties can become designated for engaging with Russia. The European Union introduced a new criteria for designation whereby persons who benefit from the forced transfer of ownership or control over Russian subsidiaries of EU companies can become subject to asset freeze measures. Meanwhile, building upon the ten sectors that had been identified in prior years, the Biden administration during 2023 authorized the imposition of blocking sanctions on parties that operate in Russia’s metals and mining, architecture, engineering, construction, manufacturing, and transportation sectors—which appear to have been selected for their potential to generate hard currency or to, directly or indirectly, contribute to Russia’s wartime production capabilities. Crucially, OFAC has indicated that parties operating in those sectors are not automatically sanctioned, but rather risk becoming sanctioned if they are determined by the Secretary of the Treasury to have engaged in targeted activities. That said, after initially treading lightly around Russian oil, gas, and metals producers to avoid roiling global markets, the Biden administration in recent months has shown a growing willingness to impose blocking sanctions on participants in Russia’s extractive industries, as well as on third-country sanctions and export control evaders. These trends appear poised to continue during the year ahead.

B. Services Prohibitions

Since the opening months of the war in Ukraine, the United States, the European Union, and the United Kingdom have supplemented their use of blocking sanctions by banning the exportation to Russia of certain professional, technical, and financial services—especially including services used to bring Russian energy to market.

Executive Order 14071 prohibits the exportation from the United States, or by a U.S. person, of any category of services as may be determined by the Secretary of the Treasury, to any person located in the Russian Federation. Acting pursuant to that broad and flexible legal authority, the United States during the first year of the war barred U.S. exports to Russia of ten categories of services that, if misused, could enable sanctions evasion, bolster the Russian military, and/or contribute to Russian energy revenues. In May 2023, the United States expanded upon those earlier prohibitions by barring the exportation to Russia of architecture and engineering services in a seeming effort to prevent U.S. technical expertise from being used to enhance Russia’s energy and military infrastructure.

The European Union and the United Kingdom have similarly prohibited the provision of a range of professional services to entities in Russia, subject to limited exceptions. During the past year, the European Union tweaked the range of available derogations and exceptions and expanded the scope of its professional services restrictions to include the provision of software for the management of enterprises and software for industrial design and manufacture. The United Kingdom implemented a new, strictly framed ban on the provision of legal advisory services—which temporarily froze the ability of lawyers in the country to advise on a wide scope of even Russia-related issues. Fortunately, this situation was eased by the issuance of a general license shortly thereafter.

Those incremental adjustments aside, over the past year the allies chiefly focused on implementing and enforcing a novel form of services ban designed to cap the price of seaborne Russian crude oil and petroleum products.

C. Price Cap on Crude Oil and Petroleum Products

Effective December 5, 2022, the United States, Canada, France, Germany, Italy, Japan, and the United Kingdom, alongside the European Union and Australia (collectively, the “Price Cap Coalition”), prohibited the provision of certain services that support the maritime transport of Russian-origin crude oil from Russia to third countries, or from a third country to other third countries, unless the oil has been purchased at or below a specified price. A separate price cap with respect to Russian-origin petroleum products became effective on February 5, 2023. The types of services that are potentially restricted varies modestly among the Price Cap Coalition countries, but generally includes activities such as brokering, financing, and insurance. A detailed analysis of the price cap, and how it is being implemented by key members of the Price Cap Coalition, can be found in a previous client alert.

From a policy perspective, the price cap is intended to curtail Russia’s ability to generate revenue from the sale of its energy resources, while still maintaining a stable supply of these products on the global market. The measure is also designed to avoid imposing a blanket ban on the provision of all services relating to the transport of Russian oil and petroleum products, which could have far-reaching and unintended consequences for global energy prices. Accordingly, the price cap functions as an exception to an otherwise broad services ban. Best-in-class maritime service providers, which are overwhelmingly based in Price Cap Coalition countries, are permitted to continue supporting the maritime transport of Russian-origin oil and petroleum products, but only if such oil or petroleum products are sold at or below a certain price.

After spending much of the prior year designing the price cap mechanism, the coalition during 2023 shifted to implementing and enforcing this new and untested policy instrument—and were quickly met with Russian efforts at circumvention. For example, tankers carrying Russian crude oil sold above the price cap have reportedly used deceptive practices such as falsifying location data and transaction documents to continue availing themselves of coalition services. Such activities prompted OFAC in April 2023 to publish an alert warning that shipments from Russia’s Pacific coast, including especially the port of Kozmino where a substantial oil pipeline terminates, may present elevated risks of price cap evasion.

As the year progressed, Russia-related parties heavily invested in building a so-called “shadow fleet” that, instead of illicitly using Price Cap Coalition service providers, seeks to avoid coalition services altogether. Broadly speaking, the shadow fleet (also known as the “ghost fleet”) involves an alternative ecosystem of hundreds of aging and questionably seaworthy oil tankers, backed by sub-standard insurers, that operate outside the jurisdiction of Price Cap Coalition countries. By virtue of their age, opaque ownership, and questionable financial backing, such oil tankers are at high risk of accidents and unlikely to bear the cost of damage to other vessels or the environment. As a consequence, many ports refuse calls by these vessels. Nevertheless, as these vessels offer oil above the price cap and below the market price, for some jurisdictions, the economics of this oil has proven too attractive to turn down. As a result, the shadow fleet has contributed to Russian oil being sold at an increasingly narrow discount to global prices. Over the long term, this could further undercut the price cap’s efficacy. Coalition policymakers meanwhile cite the shadow fleet as evidence that the price cap is at least partially succeeding in diverting resources from the war in Ukraine. In short, said one U.S. official, “buying tankers makes it harder for the Kremlin to buy tanks.”

Amid questions about the price cap’s continuing effectiveness, the coalition during the final months of the year pivoted to a second phase of implementation that has so far involved imposing blocking sanctions on a small, but growing, number of maritime industry participants and issuing updated guidance to compliance-minded companies.

Notably, OFAC in October, November, and December 2023, and continuing in January 2024, added a total of 39 shipping companies, vessels, and oil traders to the SDN List for their alleged involvement in using Price Cap Coalition service providers to transport Russian-origin crude oil priced above $60 per barrel after the price cap policy became effective. Such limited designations appear to have been calibrated as a series of warning shots—reflecting the delicate balance that policymakers face in deterring market participants from facilitating the transport of high-priced Russian oil without clamping down so aggressively as to spook financial institutions, shippers, and oil traders away from lawful dealings in Russian oil, which could reduce supply and drive up global energy prices. Moreover, policymakers are being careful to balance broader geopolitical interests to avoid seeing the rest of the BRICS, for example, more aggressively support Moscow’s revanchism. Even so price cap-related designations appear highly likely during the months ahead.

Concurrent with the initial round of designations described above, the Price Cap Coalition in October 2023 published an advisory describing for maritime oil industry participants, including governmental and private sector actors, suggested best practices to minimize the risk of enabling a prohibited transaction involving Russian oil. Although many of the advisory’s suggestions hew closely to the U.S. Government’s 2020 Global Maritime Sanctions Advisory, such as monitoring for signs that a vessel has improperly disabled its location-tracking Automatic Identification System and/or engaged in ship-to-ship transfers, the coalition also offers a number of price cap-specific recommendations. Among other measures, industry participants are encouraged to require oil tankers to carry legitimate and properly capitalized insurance; be certified as seaworthy by a reputable classification society; and furnish itemized invoices that separately list all ancillary costs (e.g., shipping, insurance, freight) so that the price at which the underlying Russian oil was sold can be readily determined.

To steer clear of a potential enforcement action, service providers from Price Cap Coalition countries that deal in seaborne Russian crude oil or petroleum products need to be able to provide certain evidence that the price cap was not breached in respect of the shipment that they are servicing. For example, the United States, the European Union, and the United Kingdom have each set forth a detailed recordkeeping and attestation process by which maritime transportation industry actors can benefit from a “safe harbor” from prosecution arising out of violations by third parties. In December 2023, the Price Cap Coalition released more stringent guidance requiring service providers based in Price Cap Coalition countries to collect attestations with greater frequency and to gather more granular pricing information. To benefit from the safe harbor, covered service providers now must receive attestations each time they lift or load Russian-origin oil or petroleum products, and must also retain, provide, or receive an itemized list of ancillary costs such as shipping, insurance, and freight, which additional information is designed to prevent transaction parties from obscuring the price at which Russian oil was sold.

In parallel, the European Union in December 2023 moved to bolster the price cap by requiring EU operators to obtain authorization from a national competent authority prior to selling or transferring ownership of an oil tanker to a Russian individual or entity, or for use in Russia. EU operators must also notify a national competent authority of each sale or transfer of a tanker to parties based in third countries (i.e., other than the European Union or Russia). These EU measures are calculated to stunt the growth of Russia’s shadow fleet.

D. Export Controls

During 2023, the United States, the European Union, and the United Kingdom continued to find ways to expand their already unprecedented range of export controls targeting Russia and Belarus. Many of these changes either build upon novel controls introduced in 2022, or seek to align each jurisdiction’s existing controls with those implemented by allies and partners.

In conjunction with the first anniversary of Russia’s further invasion of Ukraine, the U.S. Department of Commerce’s Bureau of Industry and Security in February 2023 announced significant expansions of the Russian and Belarusian Industry Sector Sanctions, including the addition of over 500 items, identified by Harmonized Tariff Schedule (“HTS”) codes, to lists of commercial, industrial, and luxury items that now require an export license for Russia or Belarus. The agency’s use of HTS codes—which are widely used around the globe for classifying goods—appears to have been driven by a policy interest in expanding the reach of U.S. export controls beyond the items identified on BIS’s Commerce Control List. Rather, BIS is now increasingly relying on a common tool (the HTS codes) that will allow for greater coordination and interoperability with restrictions put in place by allied and partner countries, while also enabling BIS to control exports of commercial items that, under U.S. regulations, are designated EAR99. After Iranian unmanned aerial vehicles (“UAVs”) appeared on the battlefield in Ukraine, in some cases with U.S.-branded parts and components, BIS also announced new controls on commercial items that are used in the production of UAVs when destined for Iran, Russia, Crimea, or Belarus. Notably, the new UAV-related controls reach foreign-made products when such items rely upon certain U.S.-origin software or technology through the application of a new Iran-related Foreign Direct Product Rule.

From May 2023 to January 2024, BIS added over 1,300 items to the list of electronics, industrial items, manufacturing equipment, and materials that require an export license to Russia or Belarus. As a result, under U.S. law, four entire chapters of the Harmonized Tariff Schedule are now subject to an export licensing requirement when goods identified in those chapters—including nuclear items (Chapter 84); electrical machinery and equipment (Chapter 85); aircraft, spacecraft, and parts thereof (Chapter 88); and optical, photographic, precision, medical, or surgical instruments (Chapter 90)—are destined for Russia or Belarus. These and other updates brought U.S. controls on commercial items into closer harmony with controls imposed by the European Union and the United Kingdom, which have generally imposed controls based on their equivalents to the HTS codes used by the United States. BIS also updated the list of jurisdictions that have implemented substantially similar export controls targeting Russia and Belarus to include Taiwan alongside 37 previously identified countries. This list exempts these partner jurisdictions from U.S. controls on commercial items.

New measures implemented by the European Union and the United Kingdom track the trends discussed above. For instance, the European Union’s twelfth Russia sanctions package imposed new export restrictions on dual-use items, advanced technology, and industrial goods worth €2.3 billion per year. The European Union also expanded the scope of existing export restrictions to include a prohibition on the sale, license, or transfer of intellectual property rights and trade secrets relating to several categories of goods or technology, and bolstered transit restrictions—a novel kind of export control which the United States has yet to impose. Over the course of 2023, the United Kingdom also broadened the range of goods subject to trade sanctions through various amendments to primary legislation.

In light of these expanded controls targeting Russia, divestiture transactions continue to raise thorny issues. Companies headquartered virtually anywhere in the world that desire to divest their Russian operations must now consider whether such divestment would result in the transfer of U.S.-controlled items to end users in Russia. Increasingly, such transfers trigger an export licensing requirement, including for dual-use and commercial items. Accordingly, in furtherance of the U.S. Government’s policy of enabling companies to exit the Russian and Belarusian markets, BIS announced a case-by-case license review policy for license applications submitted by companies that are curtailing or closing all operations in Russia or Belarus and are headquartered outside of Country Groups D:1, D:5, E:1, or E:2 (i.e., certain jurisdictions that present heightened national security concerns, are subject to a United Nations (“UN”) or U.S. arms embargo, and/or are subject to a U.S. trade embargo). The European Union has introduced similar new grounds on which national competent authorities may authorize the sale, supply, or transfer of listed goods and technology, along with associated intellectual property, in the context of transactions that are strictly necessary for divestment from Russia or the wind-down of business activities in Russia. Parallel provisions have been implemented by the United Kingdom and fleshed out in published guidance.

In addition to these regulatory changes, BIS maintained a heavy focus on Russia-related enforcement. As discussed in more detail below, in 2023 the agency’s Office of Export Enforcement had a banner year, including the launch of the Disruptive Technology Strike Force in partnership with the U.S. Department of Justice (“DOJ”) to bring criminal enforcement actions against individuals and entities that circumvent export controls on Russia, China, and Iran. In some cases, criminal enforcement actions by DOJ were accompanied by the addition of Russia-related parties to the Entity List. In 2023, BIS added well over 100 new entities to the Entity List under the destination of Russia alone, as well as many other entities located around the world, including in allied and partner countries, for allegedly supplying Russia’s defense sector with U.S.-origin goods, including semiconductors, electronics, and aviation equipment.

E. Countering Evasion

In addition to imposing new sanctions and export controls, the United States and its allies devoted considerable resources to shoring up existing trade restrictions on Russia by working to limit opportunities for evasion. Such efforts involved a high degree of interagency and international coordination, including the provision of substantial external guidance designed to better equip the private sector to detect, prevent, and report on Russian attempts to circumvent U.S. and allied trade controls. These multi-jurisdictional, joint guidance documents often emphasized practical sets of “red flags” to help identify evasion efforts and articulated heightened due diligence and compliance expectations by U.S. and allied regulators, especially when transactions involve certain high-priority items with potential military applications. Taken together, these joint notices, which were once rare, suggest that coalition sanctions and export controls authorities remain hyper-vigilant for potential Russia-related trade controls violations, and Russian circumvention and evasion will likely remain a top global priority for enforcement actions going forward.

1. Interagency Collaboration

Within the United States, a constellation of federal agencies sought to undercut Russian sanctions and export control evasion by issuing a series of joint guidance documents. Like the multi-jurisdictional notices discussed above, these multi-agency releases were also historically rare, often undercut by bureaucratic challenges which appear to have subsided. In 2023, these joint agency advisories included:

BIS, OFAC, and DOJ (March 2023): Three U.S. Government agencies in March 2023 issued a joint compliance note detailing common ways in which malign actors have sought to circumvent U.S. sanctions and export controls, identifying key indicators a transaction party may be seeking to evade U.S. trade controls, and highlighting recent civil and criminal enforcement actions.
BIS and FinCEN (May 2023): Building on a first-of-its-kind joint alert published the prior year by BIS and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”), those same two agencies in May 2023 issued a supplemental export control evasion alert that established a new Suspicious Activity Report (“SAR”) key term for financial institutions to use when reporting possible attempts to evade U.S. export controls on Russia (“FIN-2022-RUSSIABIS”) and describes evasion typologies and “red flags.” The introduction of a dedicated key term is designed to allow U.S. authorities to, within the enormous volume of SARs that FinCEN receives each year, quickly identify possible instances of Russia-related evasion.
BIS and FinCEN (November 2023): BIS and FinCEN in November 2023 issued a further joint notice that expands upon the two agencies’ Russia-related export control guidance to target export control evasion worldwide. The November joint notice announced the creation of a second new Suspicious Activity Report key term (“FIN-2023-GLOBALEXPORT”) that financial institutions can use to report transactions that potentially involve evasion of U.S. export controls globally (excluding Russia which, as noted above, has its own unique key term), and provides an expansive list of “red flag” indicators of potential evasion.
BIS, OFAC, DOJ, State, and Homeland Security (December 2023): In the broadest yet example of multi-agency guidance, in December 2023 five U.S. Government agencies issued a public advisory concerning sanctions and export control evasion in the maritime transportation industry. In that document, U.S. authorities indicate that maritime actors are expected to “know your cargo,” highlight tactics employed by bad actors to facilitate the illegal transfer of cargo, and note maritime industry-specific “red flags” such as ship-to-ship transfers and unusual shipping routes.

While the U.S. agencies described above have closely collaborated since the outbreak of the war in Ukraine, the volume of joint guidance and the extent of cooperation between sister agencies this past year were unprecedented and suggest that going forward the United States is likely to further break down silos between international trade disciplines in favor of a whole-of-government approach to countering sanctions and export control evasion. Although enhanced enforcement will impose even greater risks on the private sector, the collaboration between agencies will hopefully portend a more unified approach which could make compliance more straightforward.

2. International Collaboration

Beyond collaborations within the U.S. Government, the United States and its allies and partners joined together over the past year to limit Russian sanctions and export control evasion. Notable multilateral guidance focused on Russian circumvention included:

REPO Task Force (March 2023): Established within days of the Kremlin’s full-scale invasion of Ukraine, the Russian Elites, Proxies, and Oligarchs (“REPO”) Task Force is an information-sharing partnership of allied finance and justice ministries designed to promote joint action on sanctions, asset freezing, asset seizure, and criminal prosecution. In March 2023, the REPO Task Force issued a global advisory that identifies Russian sanctions evasion typologies, including conducting dealings through family members and close associates, using real estate to conceal ill-gotten gains, and accessing the international financial system through enablers such as lawyers, accountants, and trust service providers.
Five Eyes (September 2023): The longstanding intelligence-sharing partnership known as the Five Eyes—comprising Australia, Canada, New Zealand, the United Kingdom, and the United States—in June 2023 committed to extend their cooperation to include coordinating on export control enforcement. In September 2023, the Five Eyes followed through on that commitment by publishing joint guidance for industry and academia identifying certain high-priority items such as integrated circuits and other electronic components, organized by Harmonized System (“HS”) code, that present heightened risk of being diverted to Russia for use on the battlefield in Ukraine.
United States, European Union, United Kingdom, and Japan (May to October 2023): In parallel with efforts by the Five Eyes, the United States, the European Union, the United Kingdom, and Japan published and periodically updated a common list of high-priority items that, as of this writing, identifies by HS code 45 items deemed especially high risk for diversion due to their potential use in Russian weapons systems. By widely disseminating a uniform list of items, coalition members sought to align controls across jurisdictions and concentrate finite compliance resources on a subset of items considered crucial to the Russian war effort.

3. Key Red Flags

The joint notices, alerts, and guidance described above each offer practical guidance to the private sector on detecting potential Russian evasion and circumvention, including identifying techniques commonly used to conceal the end user, final destination, or funding source for a transaction. Although those documents are designed for different audiences and each contain a subtly different set of recommendations, several common “red flags” for Russian sanctions and export control evasion recur across nearly all the multiagency and multilateral guidance issued in 2023 and include:

Use of complex or opaque corporate structures to obscure ownership, source of funds, or countries involved;
Reluctance by parties to provide requested information, including the names of transaction counterparties, beneficial ownership details, or written end-user certifications; and
Transaction-level inconsistencies such as publicly available information regarding the counterparty (e.g., address, website, phone number, line of business) that appears at odds with an item’s purported use or destination. In part, this guidance seeks to address the ever-growing challenge of transshipment and diversion in which legal exports to a third country wind up being reexported to Russia or other jurisdictions of concern.

A further recurring theme of guidance issued over the past year is the importance of private sector cooperation to the success of U.S. and allied trade controls on Russia, and heightened expectations on the part of U.S. and allied regulators concerning private sector compliance. Many of these notices reiterate the expectation that private actors adopt risk-based compliance measures, including management commitment, risk assessments, internal controls, testing and auditing, training, empowering staff to report potential violations, and seeking written compliance certifications for higher-risk exports.

F. Secondary Sanctions

As part of a broader effort to limit sanctions and export control evasion, the United States in an unprecedented escalation of pressure on Moscow authorized secondary sanctions on foreign financial institutions that, knowingly or unknowingly, facilitate significant transactions involving Russia’s military-industrial base. These new restrictive measures are noteworthy not simply because they create new secondary sanctions risks for foreign banks and other financial institutions, but also because they expose these financial institutions to such risks based on the facilitation of trade in certain enumerated goods, and do so under a standard of strict liability (i.e., without requiring any culpable mental state such as knowledge). In short, these restrictions do what many had long thought to be coming—place broader export control compliance obligations on financial institutions.

Under certain U.S. sanctions programs—namely, those targeting Iran, North Korea, Russia, Syria, and Hong Kong—persons outside of U.S. jurisdiction that engage in enumerated transactions with certain targeted persons or sectors, including transactions with no ostensible U.S. nexus, risk becoming subject to U.S. secondary sanctions. Such measures target certain significant transactions involving, for example, Iranian port operators, shipping, and shipbuilding. In practice, secondary sanctions are highly discretionary in nature and principally designed to prevent non-U.S. persons from engaging in certain specified transactions that are prohibited to U.S. persons. If OFAC determines that a non-U.S. person has engaged in such transactions, the agency may impose punitive measures on the non-U.S. person which vary from the relatively innocuous (e.g., blocking use of the U.S. Export-Import Bank) to the severe (e.g., blocking use of the U.S. financial system or blocking all property interests). Until December 2023, non-U.S. persons only potentially risked secondary sanctions exposure, under the small handful of sanctions programs that include such measures, for knowingly engaging in certain significant transactions.

As we discuss in a prior client alert, the Biden administration on December 22, 2023 issued Executive Order 14114 and related guidance authorizing OFAC to impose secondary sanctions on foreign financial institutions that are deemed to have:

Conducted or facilitated a significant transaction involving any person designated an SDN for operating in Russia’s technology, defense and related materiel, construction, aerospace, or manufacturing sectors, or any other sector that may subsequently be determined by the U.S. Secretary of the Treasury (such persons, “Covered Persons“); or
Conducted or facilitated a significant transaction, or provided any service, involving Russia’s military-industrial base, including the direct or indirect sale, supply, or transfer to Russia of specified items such as certain machine tools, semiconductor manufacturing equipment, electronic test equipment, propellants and their precursors, lubricants and lubricant additives, bearings, advanced optical systems, and navigation instruments (such items, “Covered Items“).

Upon a determination by the Secretary of the Treasury that a foreign financial institution has engaged in one or more of the sanctionable transactions described above, OFAC can (1) impose full blocking measures on the institution or (2) prohibit the opening of, or prohibit or impose strict conditions on the maintenance of, correspondent accounts or payable-through accounts in the United States. Such measures are a potentially powerful deterrent to engaging in dealings involving Covered Persons or Covered Items as the potential consequence of such a transaction (i.e., imposition of blocking sanctions or loss of access to the U.S. financial system) is tantamount to a death sentence for a globally connected bank.

Critically, these new Russia-related secondary sanctions do not require that a foreign financial institution knowingly engage in such a transaction. This departs from the language that OFAC has historically used when crafting thresholds needed for the imposition of secondary sanctions. Provided that OFAC’s traditional multi-factor test for whether a transaction is “significant” is met, the prospect of strict liability secondary sanctions risk—which is entirely new in U.S. sanctions—will undoubtedly alter the diligence and risk calculus for financial institutions that may still be dealing in legally permitted Russia-related trade.

Compounding the potential compliance challenges for foreign financial institutions, E.O. 14114 appears to create an extraterritorial U.S. export control-like regime in the guise of secondary sanctions. Financial institutions, including foreign financial institutions, are already subject to a certain degree of compliance obligations under U.S. export control laws when it comes to knowingly facilitating prohibited trade in items that are subject to U.S. export controls. However, with the issuance of E.O. 14114, these entities now risk losing access to the U.S. financial system for even inadvertently engaging in a transaction involving Covered Items—regardless whether such items are subject to a U.S. export licensing requirement—destined for Russia.

E.O. 14114 will likely cause many foreign financial institutions to reexamine their risk appetite and related controls when it comes to trade-related activity involving Russia. As a practical matter, many foreign banks, confronted with the prospect of U.S. secondary sanctions exposure and the considerable due diligence challenge of assessing whether a particular transaction might implicate Russia’s military-industrial base, may end up erring on the side of overcompliance by declining to engage in otherwise lawful dealings involving Russia.

G. Import Prohibitions

Consistent with a whole-of-government approach to limiting Russian revenue, the United States, the European Union, and the United Kingdom expanded prohibitions on the importation into their respective territories of certain Russian-origin goods—principally consisting of items closely associated with Russia or that otherwise have the potential to generate hard currency for the Kremlin.

During the initial year of the war in Ukraine, the Biden administration used this particular policy tool to bar imports into the United States of certain energy products of Russian Federation origin, namely crude oil, petroleum, petroleum fuels, oils, and products of their distillation, liquified natural gas, coal, and coal products; followed by fish, seafood, alcoholic beverages, non-industrial diamonds; and eventually gold. As with other Russia-related sanctions authorities, the Secretary of the Treasury has broad discretion under Executive Order 14068 to, at some later date, extend the U.S. import ban to additional Russian-origin goods.

The United States initially excluded from its import bans Russian-origin goods that have been incorporated or substantially transformed (i.e., fundamentally changed in form, appearance, nature, or character) into another product in a third country. However, in December 2023, in tandem with the new Russia-related secondary sanctions described above, President Biden amended Executive Order 14068 to authorize the Secretary of the Treasury to prohibit the importation into the United States of certain products that have been mined, extracted, produced, or manufactured wholly or in part in the Russian Federation, or harvested in waters under the jurisdiction of the Russian Federation or by Russia-flagged vessels, regardless whether such specified products have been incorporated or substantially transformed into other products outside of Russia. Acting pursuant to this authority, OFAC issued a determination barring the importation into the United States of foreign-made goods that contain any amount of Russian-origin salmon, cod, pollock, or crab, and indicated that a similar prohibition on importing certain Russian diamonds processed in third countries is expected to follow soon. Similarly, the European Union and the United Kingdom adopted an import ban on iron and steel products processed in a third country using Russian iron or steel products. Such enhanced import prohibitions on a narrow subset of products (i.e., certain fish, certain diamonds, iron and steel products) will likely present considerable practical challenges—similar to the Uyghur Forced Labor Prevention Act with respect to goods linked to China’s Xinjiang Uyghur Autonomous Region—for importers who may now be required to demonstrate that their supply chains do not, directly or indirectly, trace back to Russia.

The European Union and the United Kingdom during 2023 also expanded the range of Russian goods subject to more traditional import prohibitions. Notable additions include diamonds and various metals, delivering a further blow to the Kremlin’s ability to finance its war in Ukraine and other destabilizing activities globally.

H. Possible Further Trade Controls on Russia

Leading democracies in 2023 continued to expand the dizzying array of trade restrictions imposed on Russia. While the coalition has not yet exhausted its policy toolkit, barring dramatic developments on the ground, the coming year appears likely to be defined by a further tightening of restrictions on Moscow.

Policymakers in Washington, London, and other allied capitals appear poised to continue aggressively blacklisting third-country sanctions and export controls evaders. To stanch the flow of sensitive components to the Russian military, the coalition may further expand its common list of high-priority items to subject additional goods to heightened scrutiny. The United States could also leverage its new Executive Order 14114 to secondarily sanction one or more foreign financial institutions—severing their access to mainstream finance—as a warning to other banks considering engaging with Russia’s military-industrial base.

More severe measures—such as blocking sanctions on the Government of the Russian Federation or conceivably a complete embargo on Russia like the U.S. measures that presently apply to Cuba, Iran, North Korea, Syria, and certain Russian-occupied regions of Ukraine—also remain available. However, in light of wavering political support for Kiev in some allied capitals, a seeming stalemate on the battlefield, and the imperative of maintaining stable energy prices, such restrictions appear unlikely to be imposed in the near term absent a complete breakdown in relations with Moscow.

II. U.S. Trade Controls on China

Despite the continuing challenge posed by Russia, the year in trade was largely defined by the deepening economic, technological, and security rivalry between the United States and China. Following a year marked by high tensions over Taiwan and a near-total breakdown in communications, relations between Washington and Beijing gradually stabilized in 2023, culminating in a long-awaited summit at which President Biden and China’s President Xi Jinping pledged to responsibly manage competition between the two superpowers.

That brief moment notwithstanding, U.S. officials from across the political spectrum continue to view China—with its rapidly advancing military and technological capabilities, state-led economy, and troubling human rights record—as the “pacing challenge” for U.S. national security. To meet that perceived threat, the United States during 2023 again pushed the limits of economic statecraft by expanding export controls on semiconductors and supercomputers, vigorously enforcing import prohibitions on goods linked to forced labor, heavily subsidizing domestic manufacturing, scrutinizing inbound Chinese investments, and for the first time ever putting into place a system that will restrict outbound investments into certain sensitive technologies. With U.S. elections in November 2024 and bipartisan consensus on the perceived strategic threat that China poses to the United States and its allies, the pace of new trade controls on China seems unlikely to slow any time soon. One of the only questions is whether Congress or the Executive will take the lead.

A. Export Controls

Despite a mild thawing in U.S.-China relations following the November 2023 summit between Presidents Biden and Xi, controlling the manufacture and supply of certain advanced technologies remained a core feature of U.S. trade policy toward Beijing. During 2023, the United States aggressively employed a range of export control measures to slow China’s technological development, including further restricting exports of certain advanced semiconductors and supercomputers, adding over 100 Chinese organizations to BIS’s Entity List, and using the threat of further additions to the Entity List to incentivize Chinese firms (and the Chinese government) to permit timely end-use checks on authorized exports.

1. Expanded Controls on Semiconductors and Supercomputers

On October 17, 2023, the U.S. Department of Commerce’s Bureau of Industry and Security announced two new interim final rules updating and expanding certain export controls targeting advanced computing integrated circuits (“Advanced ICs”), computer commodities that contain such Advanced ICs, and certain semiconductor manufacturing equipment (“SME”). These two interim final rules build upon the groundbreaking and extensive unilateral controls implemented by the United States in October 2022. Detailed descriptions of the original and expanded controls can be found in our client alerts published in October 2022, February 2023, and October 2023.

The October 2023 interim final rules are designed to strengthen, expand, and reinforce the original October 2022 rules, which curtailed China’s ability to purchase and manufacture Advanced ICs for use in advanced weapon systems and other military applications of artificial intelligence (“AI”), products that enable mass surveillance, and other technologies used in the abuse of human rights. Broadly speaking, the new interim final rules impose controls on additional types of SME, refine the restrictions on U.S. persons to ensure U.S. companies cannot provide support to advanced SME in China, expand license requirements for the export of SME to apply to additional countries, adjust the licensing requirement criteria for Advanced ICs, and impose new measures to address risks of circumvention of the controls by expanding them to additional destinations.

Perhaps the most significant development in the new interim final rules is the expansion of certain controls to destinations beyond China (including the Hong Kong special administrative region) and the Macau special administrative region. Namely, the interim final rule on advanced computing items and supercomputer and semiconductor end uses expands the previous controls to 21 other destinations for which the United States maintains an arms embargo (i.e., so-called Country Group D:5 countries) and revises a previously imposed foreign direct product rule targeting non-U.S.-origin products used in advanced computing and supercomputers to apply to these same Country Group D:5 destinations. Similarly, the interim final rule on SME items expands the relevant controls to an additional 44 destinations (i.e., all destinations specified in Country Groups D:1, D:4, and D:5, excluding Cyprus and Israel). The expanded destination scope of these rules is intended to account for the possibility that counterparties located in these jurisdictions might try to obtain these highly controlled items for end users in other destinations and to apply the prohibitions to the longer list of countries that the United Nations and the United States have identified as posing heightened risks.

Apart from expanding the territorial application of the previous rules, the two interim final rules similarly refine the item-specific Export Control Classification Numbers (“ECCNs”) subject to the heightened controls. BIS abandoned the previous ECCN 3B090 introduced in the October 2022 version of the regulations and instead determined that identifying specific SME for control in ECCNs 3B001 and 3B002 represents a more manageable arrangement. BIS also refined the Advanced ICs captured under existing controls by adding a new “performance density” parameter to prevent users from purchasing and combining a large number of smaller datacenter AI chips to equal the computing power of more powerful chips already restricted under the previous controls. And BIS added new “.z” paragraphs to ECCNs 3A001, 4A003, 4A004, 4A005, 5A002, 5A004, 5A992, 5D002, and 5D992 to enable exporters to more easily identify products that incorporate Advanced ICs and items used for supercomputers and semiconductor manufacturing that meet or exceed the newly refined performance parameters.

Some of the most far-reaching restrictions contained in the October 2022 controls are the restrictions BIS placed on U.S. person support for the development and production of Advanced ICs and SME in specified jurisdictions, even when such activities did not involve items subject to the U.S. Export Administration Regulations (“EAR”). In the interim final rules, BIS both clarified and expanded these prohibitions, while codifying some of the guidance previously provided in the agency’s October 2022 Frequently Asked Questions. Specifically, BIS broadened these controls to extend to U.S. person support for development or production of Advanced ICs and SME at any facility of an entity headquartered in, or whose ultimate parent company is headquartered in, either Macau or a country subject to a U.S. arms embargo where the production of Advanced ICs occurs (i.e., Country Group D:5 countries). At the same time, BIS clarified that its facility-focused support prohibition is intended to include facilities engaged in all phases of production, including where important late-stage product engineering or early-stage manufacturing steps, among others, may occur. However, BIS narrowed its facility-based prohibition in one important respect, by limiting the scope of the restrictions to exclude “back-end” production steps such as assembly, testing, or packaging steps that do not alter the technology level of an Advanced IC. Importantly, BIS also added an exclusion to the new restrictions for U.S. persons employed or working on behalf of a company headquartered in the United States or a closely allied country (i.e., destinations specified in Country Group A:5 or A:6) and not majority owned by an entity that is headquartered in Macau or a destination specified in Country Group D:5.

In conjunction with BIS’s expanded destination and item-based licensing requirements, BIS issued two new temporary general licenses, valid through the end of 2025, that authorize companies headquartered in the United States and closely allied countries to continue shipping less sensitive items to certain facilities in Country Group D:1, D:4, and D:5 locations. These authorizations appear to be driven by a U.S. policy interest in enabling such companies to continue using facilities located in a restricted destination to perform more limited manufacturing tasks such as assembly, inspection, testing, quality assurance, and distribution in order to allow additional time for Advanced IC and SME producers located in the United States and closely allied countries to identify alternative supply chains outside of these more-restricted destinations.

BIS also created a new license exception—Notified Advanced Computing (“NAC”)—that authorizes exports of certain less-powerful Advanced ICs and associated items to Country Group D:1, D:4, and D:5 destinations. For items ultimately intended for Macau or a destination specified in Country Group D:5, advanced notice and approval from BIS is required, a process that enables BIS to monitor and track which end users are seeking these Advanced ICs and for what purpose. In particular, at least 25 days prior to any export or reexport to Macau or a destination specified in Country Group D:5, an application must be submitted via BIS’s Simplified Network Application Process Redesign (“SNAP-R”) system. BIS will review any such applications and render a decision within the allotted 25 days as to whether the use of License Exception NAC is permitted. The export must also be made pursuant to a written purchase order, unless the export is for commercial samples, and cannot involve any prohibited end users or end uses (including “military end users” or “military end uses,” as defined in the EAR). Exporters are also required to report their use of License Exception NAC in their export clearance filings (i.e., electronic export information, or EEI, filings).

Although the two new interim final rules provide much-needed guidance, they also make it evident that BIS has high expectations for the private sector to be at the forefront of handling complex due diligence. Given the need to review multiple information sources, even including a counterparty’s aspirational development or production of technology, this type of screening is especially difficult to automate, and companies with relevant products will need to expend more compliance resources to fully address BIS’s heightened diligence expectations.

In December 2023, BIS released limited guidance concerning the application of these new interim final rules, including the process for calculating “performance density” used to determine the threshold for Advanced ICs, the information needed for the use of License Exception NAC, the scope of the new temporary general licenses, and clarifications on the new exclusions from prohibited U.S. person activities. However, based upon the number and variety of requests for public comment included in the two interim final rules, further refinements and possible future expansions of these controls appear likely. BIS specifically requested public comments on a number of issues implicated by the interim final rules, including the impact of potential controls on datacenter infrastructure-as-a-service offerings for AI training and suggestions for further refining technical parameters to distinguish Advanced ICs and computers commonly used for small- or medium-scale training of AI foundational models from those used for large AI foundational models with different capabilities of concern.

Apart from the imposition of new unilateral controls, the Biden administration continues to engage in extensive diplomatic efforts to encourage closely allied countries to adopt similar controls on chip-making equipment. In advance of any nascent multilateral regimes, the new export controls imposed by the United States reflect an effort to minimize some of the known collateral impacts that current unilateral controls could have on international trade flows, especially on the Advanced IC and SME supply chains of U.S. and allied country companies, and to encourage a collective “friend-shoring” of U.S. and allied country supply chains for critical technologies. To what extent such efforts will hinder or help the development of additional multilateral controls remains to be seen, though recent actions by the Japanese and Dutch governments to implement limited though still meaningful controls on Advanced ICs and SME supply chains indicate some initial success in the United States’ efforts to expand the new controls across multiple jurisdictions.

2. China-Related Entity List and Military End-User List Designations and Removals

In addition to novel measures such as stringent controls on semiconductors and supercomputers, the Biden administration over the last several years has used traditional export controls such as the Entity List to target China-based organizations. As noted in our 2022 Year-End Sanctions and Export Controls Update, the expanding size, scope, and profile of the Entity List now rivals OFAC’s SDN List as a tool of first resort when U.S. policymakers seek to exert strategic pressure, especially against significant economic actors in major economies. 2023 saw a solidification of this trend. The United States made extensive use of the Entity List throughout the past year, designating over 150 Chinese entities—more than double the number of Chinese entities added to the same list in 2022.

Entities can be designated to the Entity List upon a determination by the interagency End-User Review Committee (“ERC”)—which is composed of representatives of the U.S. Departments of Commerce, State, Defense, Energy and, where appropriate, the Treasury—that the entities pose a significant risk of involvement in activities contrary to the national security or foreign policy interests of the United States. Much like being added to the SDN List, the level of evidence needed to be included on the Entity List is minimal and far less than the “beyond a reasonable doubt” standard that U.S. courts use when assessing guilt or innocence. Despite this, the impact of being included on the Entity List can be catastrophic. Through Entity List designations, BIS prohibits the export of specified U.S.-origin items to designated entities without BIS licensing. With respect to potential licensing for Entity List exports, BIS will typically announce either a policy of denial or ad hoc evaluation of license requests. The practical impact of any Entity List designation varies in part on the scope of items BIS defines as subject to the new export licensing requirement, which could include all or only some items that are subject to the EAR. Those exporting to parties on the Entity List are also precluded from making use of any BIS license exceptions. However, because the Entity List prohibition applies only to exports of items that are “subject to the EAR,” even U.S. persons are still free to provide many kinds of services and to otherwise continue dealing with those designated in transactions that occur wholly outside of the United States and without items subject to the EAR. (This is one of the key ways in which the Entity List differs from the SDN List.)

The ERC has over the past several years steadily expanded the bases upon which companies and other organizations may be designated to the Entity List. In many cases over the past year, BIS turned to conventional reasons for designating Chinese entities such as their providing support for China’s military modernization efforts, attempting to divert or reexport goods to restricted parties, or enabling cybersecurity activities deemed threatening to U.S. national security. Other designations, however, relied on more specific justifications, often in response to current events, such as the designation of six Chinese entities in February 2023 for supporting the People’s Liberation Army’s “aerospace programs including airships and balloons and related materials and components” following public outcry over Chinese high-altitude balloons flying over North American airspace. More in line with designations from the past several years, the ERC in March 2023 added several entities to the Entity List for their alleged involvement in human rights violations such as high-tech surveillance of minority groups in China’s Xinjiang Uyghur Autonomous Region. Other Chinese entities were designated in June 2023 for providing “cloud-based supercomputing capabilities” in support of hypersonics research conducted by China’s military, while an additional 13 entities were designated in October 2023 for their involvement with the development of Advanced ICs.

Notably, during 2023 no new Chinese entities were added to BIS’s non-exhaustive Military End-User (“MEU”) List, which was developed to help exporters determine which organizations in Belarus, Burma, Cambodia, China, Russia, or Venezuela are considered “military end users” for which an export license may be required. However, one previously designated entity, China-based Zhejiang Perfect New Material Co., Ltd, was removed from the MEU List in September 2023 following a request for removal submitted to BIS—suggesting that, although the process can be long and cumbersome for the targeted entity, BIS is still actively considering petitions for removal, even when such entities are located in sensitive jurisdictions.

3. China-Related Unverified List Designations and Removals

As in previous years, BIS made use of the Unverified List throughout the year to incentivize named entities to comply with robust end-use checks. A foreign person may be added to the Unverified List when BIS (or U.S. Government officials acting on BIS’s behalf) cannot verify that foreign person’s bona fides (i.e., legitimacy and reliability relating to the end use and end user of items subject to the EAR) in the context of a transaction involving items subject to the EAR. This situation may occur when BIS cannot satisfactorily complete an end-use check, such as a pre-license check or a post-shipment verification, for reasons outside of the U.S. Government’s control. Any exports, reexports, or in-country transfers to parties named on the Unverified List require the use of an Unverified List statement, and Unverified List parties are not eligible for license exceptions under the EAR that would otherwise be available to those parties but-for their designation to the list.

Notably, BIS in October 2022 implemented a new two-step process whereby companies that do not complete requested end-use checks within 60 days will be added to the Unverified List. If companies are added to the Unverified List due to the host country’s interference, after a subsequent 60 days of the end-use check not being completed, such companies will be moved from the Unverified List to the more restrictive Entity List. That process is designed to further incentivize targeted entities—and, at least in the case of China, their home governments—to permit BIS end-use checks to proceed in a timely manner as cooperative entities can be rewarded with removal from the Unverified List and uncooperative entities risk becoming subject to even more stringent controls.

This seemingly subtle policy change appeared to pay dividends during 2023 as a total of 32 entities from China were removed from the Unverified List in August and December 2023, and continuing in January 2024, after BIS was able to verify their bona fides through an end-use check—suggesting a willingness on the part of Chinese authorities to change their behavior to retain access to U.S.-origin items.

B. Uyghur Forced Labor Prevention Act

2023 marked the first full year of enforcement of the Uyghur Forced Labor Prevention Act (“UFLPA”). As we describe in a prior client alert, that groundbreaking law, which took effect in June 2022, establishes a rebuttable presumption that all goods mined, produced, or manufactured even partially within China’s Xinjiang Uyghur Autonomous Region (“Xinjiang”), or by entities identified on the UFLPA Entity List, are the product of forced labor and are therefore barred from entry into the United States. After a year of active enforcement by U.S. Customs and Border Protection (“CBP”), recent calls from Congress to further strengthen and expand enforcement signal a continued focus on the UFLPA in the year ahead.

Despite criticisms that progress has been too slow, in 2023 the U.S. Government made notable additions both to CBP’s list of high-risk commodities for priority UFLPA enforcement, as well as to the UFLPA Entity List maintained by the U.S. Department of Homeland Security (“DHS”). CBP’s release of a document attached to UFLPA detention notices confirmed an expansion of scrutiny from products previously identified as high-risk (i.e., tomatoes, cotton, polysilicon, polyvinyl chloride, and aluminum) to now include batteries, tires, and steel products. These newly added targets, which appear to have stemmed from private sector research published in late 2022 on possible links to Xinjiang in automotive supply chains, highlight continuing close coordination between DHS and the non-governmental and academic communities in identifying risks and specific parties of concern. Throughout 2023, the interagency Forced Labor Enforcement Task Force, led by DHS, also added 10 entities (and some of their subsidiaries) to the UFLPA Entity List. One of these entities, Ninestar Corporation, has since challenged its designation before the U.S. Court of International Trade, citing a lack of information provided by DHS regarding the reasons for its listing. The outcome of that case could have broader implications for the type and extent of information that agencies are required to provide to individuals and entities that are added to U.S. Government restricted party lists.

Notably, CBP sought to increase transparency regarding UFLPA enforcement, and published additional guidance to importers concerning the law’s broad standards and high bar for challenging potential detentions at U.S. ports. The launch of the UFLPA Statistics Dashboard on CBP’s website in March 2023 has provided key insights into the number, value, and type of shipments detained under the UFLPA to date. As of November 2023, over 6,000 shipments had been detained under the UFLPA, valued at more than $2.2 billion. Despite the UFLPA’s focus on and close association with China, the majority of goods detained to date have somewhat surprisingly originated from countries other than China, including Malaysia, Vietnam, and Thailand. This serves as an important reminder both of transshipment risk given today’s global supply chains and the critical role of Chinese materials in supply chains of companies throughout the world and especially in Southeast Asia.

CBP statistics further reveal that slightly more than half of all shipments detained to date under the UFLPA have ultimately been released into the United States. In light of the lack of reporting to Congress of any granted “exceptions” to the UFLPA’s rebuttable presumption, as required by the statute, these releases appear to all be the result of successful “applicability reviews.” CBP published guidance in February 2023 on the applicability review process, in which importers submit evidence that a given shipment is outside of the scope of the UFLPA altogether, and thus the rebuttable presumption does not apply (i.e., the goods are not mined, produced, or manufactured wholly or in part in Xinjiang or by an entity on the UFLPA Entity List). That guidance, which indicates importers must be able to submit evidence tracing their supply chains back to the raw materials, highlights the need for robust supply chain due diligence programs and the development of novel recordkeeping and contracting tools that enable buyers of goods to extend their supply chain tracing well beyond the first tier of suppliers. Although the UFLPA has its roots in Great Depression-era legislation that first restricted the importation into the United States of goods linked to forced labor, the UFLPA remains a relatively new human rights policy tool that appears ripe for further guidance and vigorous enforcement during the year ahead.

C. Industrial Policy

In a sea change from longstanding U.S. aversion to state industrial policy, the United States continued to embrace a protectionist-leaning “modern industrial and innovation strategy” to counteract China’s influence on the world stage. After the U.S. Congress adopted two massive legislative packages—the CHIPS and Science Act of 2022 (the “CHIPS Act”) and the Inflation Reduction Act of 2022 (the “IRA”)—that direct billions of dollars toward boosting domestic manufacturing, in 2023 the Biden administration began implementing these laws by issuing multiple sets of regulations defining which parties are (and are not) potentially eligible to receive U.S. subsidies, in each case with an eye toward preventing taxpayer dollars from flowing to China.

The CHIPS Act provides over $50 billion in incentives for semiconductor manufacturers to invest in production capacity in the United States. Notably, those incentives can be clawed back if manufacturers violate so-called guardrails, mandated by Congress, barring certain investments in “countries of concern,” namely China, Russia, Iran, and North Korea. In September 2023, the U.S. Department of Commerce issued a final rule implementing the CHIPS Act national security guardrails. Among other things, the rule bars recipients of CHIPS Act funding, for 10 years from the date of award, from expanding production facilities in countries of concern by 10 percent or more for legacy chips, and by 5 percent or more for chips that are advanced or critical to U.S. national security. The rule also defines the categories of joint research and technology licensing that are prohibited under the CHIPS Act to include most activities involving entities owned or controlled by a country of concern, as well as entities identified on BIS’s Entity List and OFAC’s Non-SDN Chinese Military-Industrial Complex Companies (“NS-CMIC”) List. From a policy perspective, the CHIPS Act guardrails are designed to prevent taxpayer-funded incentives from accruing to the benefit of China’s semiconductor industry and, over time, shift the geography of semiconductor manufacturing activities away from China and toward the United States and other friendly jurisdictions.

In a parallel effort to relocate electric-vehicle (“EV”) supply chains from China to the United States, the Inflation Reduction Act includes billions of dollars in subsidies for EVs assembled in North America—a move that has rankled close U.S. allies in Europe who have criticized the measure as protectionist and discriminatory against European goods. Among other limitations, the IRA stipulates that, to be eligible for an up to $7,500 tax credit, an EV must undergo final assembly in North America, a certain percentage of the critical minerals in the vehicle’s battery must be extracted or processed in the United States or in a country with which the United States has a free trade agreement, and the vehicle’s battery cannot contain any components manufactured in certain countries of concern such as China. To assuage allied concerns regarding the IRA, the United States in March 2023 entered into a critical minerals agreement with Japan, and is presently negotiating similar agreements with the European Union and the United Kingdom, which could enable companies based in those jurisdictions to benefit from U.S. electric-vehicle subsidies. Meanwhile, the U.S. Department of the Treasury in December 2023 issued a notice of proposed rulemaking further defining which EVs are potentially ineligible for U.S. subsidies by virtue of their ties to China. These developments, taken together, suggest a willingness on the part of the Biden administration to implement and interpret the IRA in a manner that simultaneously advantages core U.S. allies and withholds benefits from Beijing.

D. Investment Restrictions

In conjunction with export controls, the Biden administration, acting through the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”), continued to closely scrutinize acquisitions of, and investments in, U.S. businesses by Chinese investors. As discussed more fully in Section V.A, below, CFIUS appears to be especially focused on identifying non-notified transactions involving Chinese acquirors (i.e., transactions that have already been completed and which were not brought to CFIUS’s attention), including through use of the Committee’s increased monitoring and enforcement capabilities.

During calendar year 2022, the most recent period for which data is available, Chinese investors once again eschewed the CFIUS short-form declaration process, filing only 5 declarations and 36 notices. Those figures are generally consistent with the period from 2020 to 2022. This apparent preference of Chinese investors to forgo the short-form declaration in favor of the prima facie lengthier notice process may indicate a calculus that, amid U.S.-China geopolitical tensions, the likelihood of the Committee clearing a transaction involving a Chinese investor through the scaled-down declaration process is quite low.

In addition to the Committee’s purview over inbound investments, the Biden administration in August 2023 issued a long-awaited Executive Order and Advance Notice of Proposed Rulemaking (“ANPRM”) outlining proposed restrictions on outbound investment by U.S. persons in certain mainland China, Hong Kong, and Macau entities. As discussed in Section VI, below, while there remains significant uncertainty surrounding the timing and contours of an eventual final rule, the Biden administration proposal in its current form would significantly restrict U.S. investments in certain sectors of China’s economy deemed critical to U.S. national security, including artificial intelligence, semiconductor manufacturing, and quantum information technologies. Such restrictions are highly novel and a significant departure from historical practice.

E. Possible Further Trade Controls on China

The Executive branch was not alone in pushing for stringent new trade controls on China. The U.S. Congress throughout 2023 continued to churn out legislation and policy proposals to govern the U.S.-China economic relationship—some of which enjoy strong bipartisan support. At the start of the year, the U.S. House of Representatives created the Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party (the “Select Committee”) to “investigate and submit policy recommendations on the status of the Chinese Communist Party’s economic, technological, and security progress and its competition with the United States.” The Select Committee’s top Republican and Democratic members have tackled issues relating to China in a notably bipartisan manner compared to the rest of the House, including in December 2023 issuing a report with almost 150 policy recommendations to “fundamentally reset the United States’ economic and technological competition with the People’s Republic of China.” The committee’s recommendations include, among others:

Preventing reliance on China for advanced technology and reducing China’s access to the U.S. market by authorizing the President to ban certain Chinese-produced technology products; banning Chinese-owned social media; and funding “rip-and-replace” efforts to remove products from Chinese-owned telecommunications vendors from U.S. networks;
Restricting U.S. outbound investment in more sectors than are presently covered by President Biden’s August 2023 Executive Order and limiting market access for companies from foreign adversary countries by requiring them to make human rights certifications;
Strengthening export controls by providing BIS increased resources and extending export licensing requirements to entities that are majority owned by one or more parties identified on BIS’s Entity List—similar to OFAC’s Fifty Percent Rule; and
Empowering CFIUS to review greenfield investments and joint ventures involving foreign adversary entities, streamlining the Committee’s review of transactions from allied countries, and allowing the Committee to re-open mitigated transactions.

Although it is challenging for a closely divided and highly partisan Congress to negotiate and pass legislation—and there is little time left before members’ attention turns to the November 2024 election—the Select Committee’s bipartisan imprimatur could give these recommendations traction in the Republican-led House, but probably not in the Democratically controlled Senate. Even if not enacted this year, the Select Committee’s recommendations offer hints as to the future direction of U.S. policy toward Beijing, especially if the Senate flips to Republican control after the next election. Accordingly, before further engaging with China, multinational enterprises may wish to consider the potential impact of these proposals on their business should Congress or the Executive branch decide to act on them in the coming months.

III. U.S. Sanctions

Although Russia and China dominated U.S. trade policy for much of the past year, OFAC remained extraordinarily active on other fronts—including modulating U.S. sanctions on Venezuela, Iran, Myanmar, and Sudan; leveraging U.S. counter-terrorism sanctions authorities in response to the Hamas attack on Israel in October and follow-on violence perpetrated by various Iranian proxies; heavily focusing on the virtual currency sector; and bringing record-setting enforcement actions.

A. Venezuela

Following the signing of an electoral roadmap between Venezuela’s opposition and the regime of President Nicolás Maduro, the Biden administration in October 2023 announced a significant relaxation of U.S. sanctions on Venezuela. That easing of restrictions on Caracas, however, did not last long as the United States soon reversed course and partially revoked sanctions relief in January 2024 following democratic backsliding by Maduro.

As we describe in a prior client alert, the broad package of measures unveiled in October 2023—which eased restrictions on Venezuela’s oil and gas sector, gold sector, and secondary trading in certain Government of Venezuela securities—marked a seismic shift from the “maximum pressure” campaign that since 2019 has prohibited virtually all U.S. nexus dealings involving key sectors of Venezuela’s energy-driven economy. From a policy perspective, such incremental, and in some cases time-limited, sanctions relief was calculated to incentivize the Maduro regime to take concrete steps toward the restoration of Venezuelan democracy with an eye toward holding a free and fair presidential election in late 2024.

Among the measures announced in October 2023, the most impactful was Venezuela General License 44 which authorizes U.S. persons, until April 18, 2024, to engage in all transactions related to oil or gas sector operations in Venezuela, including transactions involving state-owned oil giant Petróleos de Venezuela, S.A. (“PdVSA”), subject to certain conditions. Crucially, that general license sets forth a non-exhaustive list of authorized activities that includes: (1) the production, lifting, sale, and exportation of oil or gas from Venezuela, and the provision of related goods and services; (2) payment of invoices for goods or services related to oil or gas sector operations in Venezuela; (3) new investment in oil or gas sector operations in Venezuela; and (4) delivery of oil and gas from Venezuela to creditors of the Government of Venezuela, including creditors of PdVSA entities, for the purpose of debt repayment.

In addition to easing sanctions on Venezuelan oil and gas, the Biden administration further broadened the Maduro regime’s access to potential sources of hard currency by easing sanctions on Venezuela’s gold sector. In particular, OFAC issued—and, again, later revoked—a general license authorizing most U.S. nexus transactions involving Venezuela’s state-owned gold mining company, CVG Compania General de Mineria de Venezuela CA (“Minerven”), and its majority-owned entities. In a key development for investors and financial institutions, OFAC also amended a pair of general licenses to authorize U.S. persons to both sell and purchase certain specified Venezuelan sovereign bonds and specified PdVSA debt and equity, thereby permitting secondary trading in previously restricted Government of Venezuela securities.

The easing of U.S. sanctions on Venezuela was noteworthy both for its breadth and for the fact that much of the relief extended to Caracas rested on a promise by the Maduro regime to take further steps toward the restoration of Venezuelan democracy. When the regime failed to uphold its end of the bargain, including by refusing to lift a ban on a leading presidential candidate holding public office, the U.S. Government quickly revoked the general license that had authorized dealings involving the gold mining company Minerven—and indicated that, absent a change in behavior by the Maduro regime, the more economically consequential general license authorizing U.S. nexus dealings involving the country’s oil or gas sector could soon meet a similar fate. As of this writing, the U.S. sanctions relief extended to Venezuela just months ago appears highly tenuous and could be revoked in its entirety in coming months—potentially causing whiplash for investors that had begun to explore collecting on old debts, and launching new energy ventures, involving Venezuela.

B. Iran

Relations between the United States and Iran took a sharp downward turn during 2023. After starting the year engaged in indirect talks over a possible return to the Joint Comprehensive Plan of Action (“JCPOA”)—the 2015 Iran nuclear agreement that the Trump administration renounced and exited in 2018—tensions between Washington and Tehran spiked following the October 2023 attack by the Iranian-supported Hamas terrorist group that claimed 1,200 civilian lives and spurred an Israeli ground invasion of the Gaza Strip. As a Middle East-wide network of Iran-backed militias dubbed the “axis of resistance,” including Hamas, Hezbollah, and the Houthis, continued to mount attacks across the region—including at least one lethal assault on U.S. troops—debate quickly turned to whether the United States and Iran might come to blows. As these developments unfolded, the Biden administration announced new sanctions designations targeting Iran’s UAV and ballistic missile program, petroleum and petrochemicals trade, hostage taking, and domestic repression; revoked Iranian access to funds that had been set aside for humanitarian trade; and prepared to levy further sanctions following a wave of deadly attacks by Iranian proxies.

Throughout 2023, OFAC continued to aggressively use its targeting authorities to add individuals and entities complicit in Iran’s destabilizing activities to the SDN List. Frequent targets of Iran-related sanctions designations included parties allegedly involved in:

The development, and exportation to Russia, of Iranian unmanned aerial vehicles, as well as support for Iranian ballistic missile procurement, in connection with which the U.S. Government published multiple rounds of guidance on the sanctions and export controls risks of engaging with Iran’s UAV and ballistic missile programs;
The Iranian petroleum and petrochemicals trade, including buyers and shippers based in the United Arab Emirates and China;
The wrongful detention of U.S. nationals, including intelligence officials and Iran’s former president Mahmoud Ahmadinejad; and
The repression of dissent, including Iranian military, intelligence, and law enforcement entities and officials implicated in suppressing protests and restricting internet access.

Although the United States continued to modestly increase sanctions pressure on Iran even as the two sides negotiated over the JCPOA, including completing a September 2023 prisoner swap, relations between Washington and Tehran deteriorated following Hamas’s attack on Israel. The Biden administration quickly suspended a humanitarian trade channel that would have granted Iran limited access to $6 billion held in a restricted account in Qatar. OFAC also stepped up the pace of new sanctions designations, with a particular emphasis on targeting individuals and entities associated with Iran–backed militant groups. As the Biden administration began to militarily respond to the January 2024 attack by an Iran-aligned group that left three U.S. soldiers dead, and continued leading multinational efforts against the Houthis’ attacks on Red Sea shipping, the security situation in the Middle East remains highly fluid. In coming weeks and months, the United States appears highly likely to further accelerate the pace of Iran-related designations and could, in an effort to constrict Tehran’s sources of funding and support, begin imposing secondary sanctions on non-U.S. parties that knowingly engage in significant transactions involving Iran.

C. Myanmar

Since seizing power in a February 2021 coup, the military junta in Myanmar (also called “Burma”) has wreaked havoc on the country’s civilian population through a brutal campaign of repression, including airstrikes. As the humanitarian situation continued to deteriorate, the United States in 2023 moved to restrict the flow of materiel and funding to the Myanmar military (known as the “Tatmadaw”), including by targeting dealings involving jet fuel and imposing limited sanctions on Myanmar’s state-owned energy company.

Over the past several years, U.S. sanctions on Myanmar have increasingly focused on restricting transactions that could enable the Tatmadaw’s human rights abuses. Continuing this trend, OFAC in March 2023 added to the SDN List numerous individuals and entities involved in the “importation, storage, and distribution of jet fuel to Burma’s military” and concurrently published guidance emphasizing that providing jet fuel to the Tatmadaw could be sanctionable under one or more of the provisions of Executive Order 14014. These efforts culminated in August 2023 with OFAC’s issuance of a determination authorizing blocking sanctions on persons determined to operate in the jet fuel sector of the Burmese economy, coupled with the designation of two individuals and three entities for their alleged involvement in procuring and distributing jet fuel to Myanmar’s military regime. OFAC also continued to target the junta itself by imposing blocking sanctions on Myanmar’s Ministry of Defense, as well as on various military and regime officials.

In addition to targeting jet fuel, OFAC sought to limit the junta’s key sources of revenue. Consistent with sanctions in prior years targeting state-owned enterprises, a round of Burma sanctions in January 2023 included the designation of two state-owned mining companies. In June 2023, OFAC designated two state-owned financial institutions, Myanma Foreign Trade Bank and Myanma Investment and Commercial Bank, to deprive the regime of access to foreign exchange. In January 2024, in connection with the third anniversary of the military’s seizure of power, OFAC also added to the SDN List several individuals and entities that have financially enabled the regime, including by purchasing foreign currency on the junta’s behalf.

A recurring focus of speculation since the coup, however, has revolved around whether OFAC might target the state-owned energy company Myanma Oil and Gas Enterprise (“MOGE”), which represents the largest single source of revenue for the military regime and is a critical supplier of energy for Myanmar’s civilian sector as well as the economies of several states in Southeast Asia. After designating two MOGE directors earlier in the year, OFAC broke new ground in October 2023 by promulgating Directive 1 under E.O. 14014, which prohibits U.S. persons from providing broadly defined “financial services” to or for the benefit of MOGE. By imposing limited, sectoral sanctions—under which U.S. persons (and non-U.S. persons when engaging in a transaction with a U.S. touchpoint) are prohibited from engaging in only certain narrow types of activities with designated entities—rather than full blocking sanctions, OFAC appears to have been seeking to minimize collateral consequences for the people of Myanmar and its neighbors that would result from targeting an enterprise as large and interconnected as MOGE. Myanmar now joins a very small group of OFAC sanctions programs—presently Russia, Venezuela, and China—that feature sectoral restrictions. Following the model of those sanctions programs, it is conceivable that OFAC could in the future further restrict dealings involving Myanmar’s oil and gas sector, as the Trump administration did by escalating from sectoral to full blocking sanctions on Venezuela’s state-owned oil company.

D. Sudan

Since April 2023, two rival military factions in Sudan—the Sudan Armed Forces and the Rapid Support Forces—have waged a brutal civil war that has led to thousands of casualties and displaced millions of people both inside Sudan and outside the country. Following the outbreak of fighting, President Biden in May 2023 issued Executive Order 14098, which authorizes OFAC to impose blocking sanctions on individuals and entities deemed responsible for undermining Sudan’s democratic transition or exacerbating the country’s instability. OFAC to date has announced five rounds of sanctions designations pursuant to this new authority, targeting parties on both sides of the conflict, including high-ranking military and government officials for allegedly fueling the conflict in Sudan or perpetrating human rights abuses.

Crucially, despite the new Executive Order and recent additions to the SDN List, the United States has not re-imposed comprehensive sanctions on Sudan. Those original measures were lifted in October 2017 in response to apparent moves toward democracy. As such, the few U.S. sanctions on Sudan that remain in place principally restrict U.S. nexus dealings involving a small, but growing, number of Sudanese individuals and entities identified on the SDN List, plus such parties’ majority-owned entities. That said, in light of the politically uncertain climate and potential for further sanctions designations, businesses considering engaging with Sudan may wish to proceed with caution if such activities will involve parties closely associated with Sudan’s military, intelligence, or security services.

E. Counter-Terrorism

Following the October 7, 2023 attack by Hamas terrorists on Israeli civilians, the United States has expansively used its counter-terrorism sanctions authorities to target Iran-backed militant groups.

The Biden administration has on multiple occasions imposed blocking sanctions on individuals and entities associated with Hamas. Although dealings involving Hamas itself have long been restricted by virtue of that group’s designation as both a Foreign Terrorist Organization (“FTO”) and a Specially Designated Global Terrorist (“SDGT”), recent actions by OFAC—often in coordination with the United Kingdom and other allied states—have chiefly targeted the organization’s alleged financial facilitators. To minimize the potential collateral consequences of such designations, including the possibility that global banks could de-risk from even lawful transactions involving the Gaza Strip, OFAC in November 2023 published guidance reiterating that numerous general licenses remain available to authorize legitimate humanitarian trade in support of the Palestinian people.

Elsewhere around the region, Ansarallah (commonly known as the “Houthis”)—the Iran-aligned rebel movement that exercises de facto control over northern Yemen—has conducted escalating drone and missile strikes targeting shipping in and around the Red Sea, ostensibly in response to Israel’s ground invasion of Gaza. In addition to launching a series of coordinated airstrikes with British forces against Houthi targets in Yemen, the United States on January 17, 2024 re-named Ansarallah a Specially Designated Global Terrorist. The designation, which appears calibrated to impose tangible consequences on an armed group disrupting global shipping without exacerbating the humanitarian situation inside Yemen, is unusual and noteworthy in several key respects:

The Houthis had recently been de-listed. Shortly after President Biden assumed office, the U.S. Department of State in February 2021 announced the lifting of the Houthis’ designation as both a Foreign Terrorist Organization and a Specially Designated Global Terrorist. The Houthis were initially designated during the waning days of the Trump administration, triggering bipartisan concern about deepening the already significant practical challenges of delivering aid to the Yemeni people.
In re-designating the Houthis in January 2024, the Biden administration deliberately named the group an SDGT—which subjects the Houthis to full blocking sanctions—without also applying the Foreign Terrorist Organization label. An FTO designation carries far more onerous restrictions, including possible criminal liability for parties that provide “material support” to such a group, that could have deterred humanitarian organizations from providing aid to Yemen.
The Houthis’ designation came with a 30-day delay, with restrictions set to take effect on February 16, 2024. U.S. blocking sanctions typically take effect immediately to minimize the risk of asset flight. The delayed effective date appears calculated to give the Houthis an opportunity and an incentive to halt their attacks on Red Sea shipping.
OFAC issued multiple general licenses and published guidance affirming that Yemen is not now, and will not on February 16, 2024 become, subject to comprehensive sanctions—an apparent effort to provide non-governmental organizations comfort to continue providing lawful humanitarian assistance to the Yemeni people.

Whether, and for how long, the Houthis remain a designated terrorist organization will depend on the rapidly shifting security situation in Yemen as the Biden administration has, for now, left the door open to lifting sanctions on the group in the event that their attacks cease.

F. Other Major Sanctions Programs

Although Cuba, North Korea, and Syria remain subject to comprehensive U.S. sanctions—as a result of which U.S. persons are, except as authorized by OFAC, generally prohibited from engaging in transactions with a nexus to those jurisdictions—each of those sanctions programs was comparatively quiet during 2023. As of this writing, the Biden administration has not announced any new Cuba-related designations or regulatory changes in over a year. The chief sanctions development out of Syria consisted of the issuance of a since-expired general license and related guidance designed to facilitate the flow of humanitarian aid to the Syrian people following a devastating series of earthquakes in February 2023. OFAC also continued to, from time to time, designate additional parties for engaging in North Korea-related activities, including generating revenue for Pyongyang, supporting the Kim regime’s weapons programs, and facilitating arms transfers from North Korea to Russia. However, any one of those three programs could quickly become more active during the coming year—including, for example, if North Korea were to conduct a nuclear test or continue to threaten an assault on South Korea.

G. Crypto/Virtual Currencies

In 2023, OFAC amplified its focus on illicit finance in the virtual currency sector through a mix of new designations to the SDN List and aggressive enforcement actions. These actions, which build on or otherwise supplement prior designations, suggest OFAC’s continued willingness to target malicious cyber-actors, often in coordination with other U.S. Government agencies and increasingly agencies in allied jurisdictions.

In April 2023, OFAC designated Genesis Market, one of the largest illicit marketplaces for stolen credentials and sensitive data, including email addresses, usernames and passwords, and mobile device identifiers. In parallel, the U.S. Department of Justice and counterparts abroad announced criminal enforcement actions against Genesis Market users and seized associated domain names to effectively shut down the marketplace. While Genesis Market was operational, tens of millions of dollars’ worth of virtual currency was reportedly exchanged on the platform. These U.S. Government actions echo the earlier designation and takedown of Hydra Market, which we describe in our 2022 Year-End Sanctions and Export Controls Update.

In August 2023, OFAC designated one of the co-founders of the virtual currency mixer Tornado Cash—a platform allegedly used by the Lazarus Group, a North Korea state-sponsored hacking group, to launder hundreds of millions of dollars of stolen virtual currency. The designation was made pursuant to both cyber-related and North Korea-related sanctions authorities on the basis of providing “material support” to the already-sanctioned Tornado Cash and the Lazarus Group. In coordination, DOJ unsealed an indictment against two Tornado Cash co-founders alleging conspiracy to commit sanctions and anti-money laundering violations.

The Biden administration followed up on those actions in November 2023 by designating Sinbad.io (“Sinbad”), another virtual currency mixer known to be a “key money-laundering tool” of the Lazarus Group used for laundering millions of dollars of ill-gotten virtual currency. In particular, Sinbad was allegedly used to launder a significant portion of the $100 million in virtual currency stolen in June 2023 in a heist linked to the Lazarus Group.

These designations together suggest that OFAC continues to focus not just on financial criminals, but also the platforms, tools, software, and even algorithms used in those crimes and the creators of such technologies. Although hacking threats are dispersed throughout the globe, the North Korea-based Lazarus Group has been a recurring feature of OFAC’s cyber-related designations. It would not be unsurprising if, in coming months, OFAC were to announce additional sanctions designations aimed at further denying the Lazarus Group resources to carry out its malicious activities.

H. OFAC Enforcement Trends and Compliance Lessons

2023 was a historic year for OFAC enforcement as the agency, for the first time ever, imposed a combined $1.5 billion in civil monetary penalties. Although the number of OFAC enforcement actions resulting in monetary penalties was unexceptional—17 cases is roughly in line with the agency’s long-term average—the size of those penalties was striking. In just the past year, OFAC levied two of the six largest civil penalties in its history, including a $508 million settlement with a global tobacco company and a record-breaking $968 million settlement with a leading cryptocurrency exchange.

Within OFAC’s enforcement actions for 2023, a few notable trends stand out. More than half of the agency’s published cases were brought against providers of financial services (6 of 17) or virtual currency services (4 of 17), both of which are likely to remain enforcement priorities during the year ahead. Moreover, multiple cases—including the two largest penalties imposed by OFAC this past year—involved parallel resolutions with DOJ (and other agencies), suggesting an increased appetite on the part of the U.S. Government for civil and criminal enforcement of U.S. sanctions.

We highlight below the most noteworthy compliance lessons from OFAC’s 2023 enforcement actions, some of which are thematically consistent with prior years and others of which are relatively new. Many of these takeaways were explicitly communicated by OFAC, which includes a “compliance considerations” section in the web notice for each of its enforcement actions:

Non-U.S. companies should ensure that their activities do not “cause” U.S. persons to violate U.S. sanctions restrictions: Per OFAC, non-U.S. companies are on notice of this obligation when they avail themselves of U.S. customers, goods, technology, or services. Four non-U.S. companies were penalized this past year for “causing” violations, with most alleged to have utilized the U.S. financial system in transactions otherwise involving non-U.S. parties—a common fact pattern in recent years. Despite criticisms of the arguably extraterritorial reach of actions like these, OFAC has not been shy about bringing them.
U.S. parent companies should take steps to ensure that their non-U.S. subsidiaries comply with applicable sanctions restrictions: OFAC has repeatedly recommended that multinational enterprises assess the sanctions risks of their foreign subsidiaries, particularly those operating in high-risk jurisdictions. The agency has cautioned against pursuing new business overseas without setting up proper compliance controls such as policies for U.S. person directors, officers, and employees to recuse themselves from prohibited activities and whistleblower programs to identify prohibited conduct.
Restricted party screening protocols should utilize all available relevant information: In at least six enforcement actions in 2023, across economic sectors, OFAC highlighted the importance of reviewing counterparties’ identifying information both at the outset of the business relationship and on a recurring basis thereafter. If available, location-related information and documentation—such as Internet Protocol (“IP”) addresses, top-level domains, passports, and customer-provided addresses—is key to effective restricted party screening.
Virtual currency companies should incorporate risk-based sanctions compliance at an early stage: OFAC has said that it expects compliance from “day one,” even where a company may still be establishing itself and developing its product offerings. Moreover, companies are responsible for ensuring the sanctions compliance of the technologies, software, and platforms that they employ, even if those technologies are “autonomous.” This has ramifications not only for virtual currency companies, but also startups working with artificial intelligence and other emerging technologies. OFAC clearly showed in 2023 how active it can be in policing the sanctions compliance of virtual currency companies, and so it may surprise some observers that the agency has asked Congress to significantly expand and clarify its enforcement authority in the virtual currency space.
Companies should remain vigilant for efforts by persons in Russia and Russian-occupied regions of Ukraine to evade sanctions: Almost half of OFAC’s published cases in 2023 alleged violations of its Ukraine- and Russia-related sanctions (7 of 17)—a much higher percentage than in the years preceding Russia’s full-scale invasion of Ukraine. As the war persists, we expect to see many more Russia-related enforcement actions.

In sum, OFAC has adopted an extraordinarily aggressive posture in a number of areas that could portend a return to the nine–figure penalties that defined sanctions enforcement for much of the last decade.

IV. U.S. Export Controls

As made evident through U.S. policy toward Russia and China, in 2023 export controls continued their rise as indispensable and central tools to further broader U.S. national security interests. A key part of this strategy involved coordinating controls with close allies and partners.

A. Multilateral Coordination

1. Export Controls and Human Rights

In March 2023, the United States and partner countries released the Code of Conduct for the Export Controls and Human Rights Initiative, which was founded during the Summit for Democracy in 2021 to create a framework for coordinated export controls to advance human rights. As we describe in an earlier client alert, the Code of Conduct calls for subscribing states to consider human rights as a crucial part of the effective application of export controls, consult with regulated parties, and cooperate with other subscribing states on this front.

Together with the announcement of the Code of Conduct, the U.S. Department of Commerce published a final rule explicitly confirming that human rights abuses worldwide can be a basis for adding parties to the Entity List. Concurrently therewith, BIS added to the Entity List 11 entities based in Myanmar, China, Nicaragua, and Russia for their alleged involvement in human rights abuses such as suppressing peaceful protests with surveillance technology or conducting aerial attacks on civilians.

While the Export Controls and Human Rights Initiative was initially founded by the United States, Australia, Denmark, and Norway, 21 more countries joined to endorse the voluntary Code of Conduct upon its release—Albania, Bulgaria, Canada, Costa Rica, Croatia, Czechia, Ecuador, Estonia, Finland, France, Germany, Japan, Kosovo, Latvia, the Netherlands, New Zealand, North Macedonia, the Republic of Korea, Slovakia, Spain, and the United Kingdom. Many of these countries were already closely coordinating regarding trade controls resulting from the war in Ukraine.

These 25 subscribing states gathered in Washington, D.C. again in September 2023 for the inaugural plenary hosted by the U.S. Department of State. While highlighting the various trade controls tools that the United States is already employing to counter human rights violations and abuses, senior U.S. officials acknowledged that “the United States cannot confront the issue of dual-use tech being used to commit [human rights] abuses alone.” With the collaborative momentum and experience gained from developing and implementing Russia-related sanctions and export controls, we are likely to see increasing global cooperation on human rights-related controls, including on surveillance technologies or other items used for arbitrary arrest, detention, and/or suppression of peaceful protests.

2. Allies, Partners, and Incentives

Cooperation on human rights is just one example of the growing importance of multilateralism as a core tenet of U.S. trade controls policy. Another example can be found in the June 2023 formal agreement among the Five Eyes partners—Australia, Canada, New Zealand, the United Kingdom, and the United States—to coordinate on export control enforcement.

To further strengthen these global ties and partnerships, BIS on December 8, 2023, issued three separate rules amending the EAR to liberalize export licensing requirements to certain countries that are allies of the United States or members of multilateral export control regimes.

In the first final rule, BIS made two changes to eliminate licensing requirements for exports to certain friendly countries. First, BIS removed Proliferation of Chemical and Biological Weapons (“CB”) controls on specified pathogens and toxins that are destined for the 43 Australia Group member countries—a forum that is potentially ripe for further export controls coordination as Russia is not a member. Items affected by this change are now controlled under CB Column 2, which does not require a license for exports to Australia Group member countries, instead of CB Column 1. Second, BIS removed Crime Control and Detection (“CC”) controls on certain items that are destined for Austria, Finland, Ireland, Liechtenstein, South Korea, Sweden, and Switzerland. Items affected by this change are controlled under CC Column 1 and Column 3, which no longer result in license requirements for these seven allied countries.

In the second final rule, BIS expanded license exception eligibility for Missile Technology (“MT”) controlled items to resolve certain domestic inefficiencies and harmonize controls with other Missile Technology Control Regime member countries. With this change, exporters may rely on license exceptions Temporary Imports, Exports, Reexports, and Transfers (“TMP”), Governments (“GOV”), and Technology and Software – Unrestricted (“TSU”) for MT-controlled items subject to the specific terms and conditions specified in the relevant regulations, and may rely on license exception Aircraft, Vessels, and Spacecraft (“AVS”) for additional ECCNs.

In a third proposed rule, BIS proposed changes to license exception Strategic Trade Authorization (“STA”) to encourage its use by allied and partner countries. As part of the proposed rule, BIS raised several questions for public comment, including “[w]hat additional changes could be made to License Exception STA to further facilitate exports, reexports, and transfers (in-country) between and among destinations identified in both Country Group A:5 in supplement no. 1 to part 740 and supplement no. 3 to part 746.” BIS received comments on the proposed rule through February 6, 2024, and will likely issue a final rule based on public feedback.

In all three rules, BIS emphasized the importance of multilateral and plurilateral export controls, which the agency described as “the most effective path toward accomplishing our national security and foreign policy objectives.” These changes demonstrate continuing efforts by the U.S. Government at fostering global coalitions around export controls implementation and enforcement and creating incentives for more countries to join the alliance.

B. Commerce Department

1. Disruptive Technology Strike Force

Under the Biden administration, BIS has prioritized regulations that restrict the flow of advanced technology to U.S. adversaries. In a continuation of this regulatory priority, the Department of Justice’s National Security Division and the Department of Commerce’s BIS in February 2023 launched the Disruptive Technology Strike Force to protect certain advanced U.S. technologies from being illegally acquired and used by nation-state adversaries such as Russia, China, and Iran. The Disruptive Technology Strike Force includes experts throughout government—including the Federal Bureau of Investigation, Homeland Security Investigations, and more than a dozen U.S. Attorneys’ Offices.

According to U.S. Deputy Attorney General Lisa O. Monaco, the Strike Force’s mandate is to restrict adversaries’ abilities to acquire, use, and/or abuse innovative U.S. technology to “enhance their military capabilities, support mass surveillance programs that enable human rights abuses and all together undermine our values.” The Strike Force specifically targets technology related to supercomputing and exascale computing, artificial intelligence, advanced manufacturing equipment and materials, quantum computing, and biosciences—which technologies can be used to improve calculations in weapons design and testing; improve the speed and accuracy of military or intelligence decision-making; and break or develop unbreakable encryption algorithms that protect sensitive communications and classified information.

Within its first year, the Strike Force’s efforts have already led to five indictments in connection with efforts to provide materials, trade secrets, and items for military capabilities in Russia, China, and Iran; three temporary denial orders (“TDOs”); and 42 new Entity Listings.

The establishment of the Disruptive Technology Strike Force suggests an ongoing commitment to maintaining the United States’ technological edge over its adversaries and reflects a bipartisan trend of aggressively utilizing export controls to pursue policy and national security goals. The Strike Force’s ability to investigate violations and impose criminal and administrative penalties increases the potential risk of non-compliance. As such, companies involved in the design, production, or export of “disruptive” technologies subject to U.S. jurisdiction should closely monitor their end users and end uses.

2. Updated Voluntary Self-Disclosure Policy

Throughout 2023 and early 2024, BIS continued to refine and calibrate its approach to voluntary self-disclosures of possible violations of the Export Administration Regulations.

BIS implemented a transformative policy shift in a June 2022 memorandum that introduced a 60-day “fast track” review for voluntary self-disclosures of minor or technical infractions, while reserving a more comprehensive review for significant possible violations of the EAR. In April 2023, BIS further clarified its stance in a new agency memorandum (the “2023 EAR Enforcement Memo”) allowing parties to bundle multiple voluntary self-disclosures for minor or technical infractions into one overarching submission. As discussed below, BIS subsequently clarified that bundled self-disclosures for minor or technical infractions may be submitted quarterly.

BIS also announced in the 2023 EAR Enforcement Memo that a failure to disclose significant violations will now be treated as an aggravating factor, thereby heightening the incentives for entities to voluntarily disclose and emphasizing the importance of an effective compliance program. This is a significant departure from past practice. Previously, BIS treated voluntary self-disclosures of possible violations as a mitigating factor in assessing penalties, but a failure to submit was treated in a neutral manner. Under the new policy, when an export control violation reflects potential national security harms, it will be treated as an aggravating factor under the agency’s enforcement guidelines. This is in part because BIS considers a failure to disclose as indicative of the inadequacy of a corporate compliance program, which is itself a factor under BIS’s settlement guidelines. In another major departure, the 2023 EAR Enforcement Memo also incentivizes parties to disclose possible export control violations by other parties by clarifying that a track record of cooperation, including as part of a third-party disclosure, could be considered a mitigating factor should the disclosing party be investigated for a future, even unrelated, enforcement action. Together, the clarified policy of the 2023 EAR Enforcement Memo is intended to encourage parties to voluntarily disclose possible violations.

Since implementing the above-described changes, BIS reports that it received 80 percent more voluntary self-disclosures containing potentially serious violations during fiscal year 2023 than in the prior fiscal year. Moreover, the agency reports reduced processing time for minor or technical disclosures and 33 percent more tips from third parties.

In a separate memorandum released on January 16, 2024, BIS announced four new enhancements to the agency’s voluntary self-disclosure program intended to further streamline the preparation and review of voluntary self-disclosures. First, as previewed above, the new enhancements clarified BIS’s allowance of bundled disclosures of minor or technical infractions to allow parties to submit this bundle quarterly. Second, the agency decreased submitting parties’ diligence burden in two ways: (1) BIS now requests that parties submit abbreviated narrative accounts of the violation in lieu of the more onerous supporting documentation listed in Section 764.5(c)(4) of the EAR, unless specifically requested by BIS’s Office of Export Enforcement (“OEE”); and (2) BIS no longer requires the five-year lookback period recommended in Section 764.5(c)(3) of the EAR. Third, BIS strongly encourages submission of voluntary self-disclosures via email. Last, BIS and OEE will expedite requests for corrective action that would otherwise be prohibited by Section 764.5(f) of the EAR, and specifically invites parties to request permission to engage in such corrective action even if they are not submitting a voluntary self-disclosure. These enhancements are designed to help BIS and regulated parties prioritize their compliance resources on significant violations and to take quick corrective action where appropriate.

3. BIS Enforcement Trends

OFAC was not alone in bringing record-breaking enforcement actions during 2023. BIS in April 2023 announced a $300 million civil penalty against two affiliates of a global technology company for allegedly selling hard disk drives to Huawei Technologies Co. Ltd. (“Huawei”) in violation of U.S. export controls. This enforcement action is not only the largest standalone administrative penalty in the agency’s history, but also the first action targeting an alleged violation of the Huawei-specific Foreign Direct Product Rule—a notoriously complex regulatory provision that expands the scope of U.S. export controls to certain foreign-produced items that are derivative of specified U.S. software and technology.

Moreover, BIS enforcement activity was not limited to one major case. The agency over the course of 2023 secured an all-time number of convictions, temporary denial orders, and post-conviction denial orders. In a sign of the aggressiveness of BIS enforcement, the agency in early 2024, in an unprecedented move, announced a $15 million bounty on an Iranian national accused of violating U.S. export controls by procuring for Iran’s Islamic Revolutionary Guard Corps goods and technology used in attack UAVs that were subsequently sold to Russia.

In light of increasing U.S. export enforcement risks, even companies outside of the United States should carefully analyze the potential applicability of U.S. export controls with the broad jurisdictional reach of provisions like the Foreign Direct Product Rule in mind.

4. Extended Renewal Period of Temporary Denial Orders

When BIS determines that an individual or entity presents an imminent risk of violating the EAR or has been convicted of violating certain U.S. laws and regulations—including U.S. sanctions and export control laws and regulations—BIS may issue an order denying that person export privileges. The effect of a denial order is that the targeted person is typically prohibited from participating in any way in any transaction involving items subject to the EAR, including both exporting from the United States and receiving or benefiting from any export, reexport, or transfer of any item subject to the EAR.

Depending upon the circumstances, BIS may issue one of two types of denial orders. BIS may issue a temporary denial order, which historically has been renewable for multiple periods of up to 180 days, upon a determination that such an order is necessary to prevent an imminent violation of the EAR. Alternatively, upon a determination that any person has been convicted of violating certain specified U.S. statutes or any regulations issued pursuant thereto (including the EAR or OFAC’s sanctions regulations), BIS may issue a denial order for a period of up to ten years from the date of conviction. As noted above, a denial order—which results in the target being added to the Denied Persons List—is an especially powerful tool as it completely severs a non-U.S. person’s access to the U.S. supply chain.

In August 2023, BIS amended Section 766.24(d)(1) of the EAR, creating an additional ability to renew an existing temporary denial order for one year under certain conditions. While maintaining BIS’s ability to renew an existing TDO for 180 days if “the denial order is necessary in the public interest to prevent an imminent violation,” the amendment adds the ability to specify an extended renewal period of one year upon a showing that the party subject to the TDO has engaged in a pattern of repeated, ongoing, and/or continuous apparent violations of the EAR, and that the extended renewal is appropriate to address such continued apparent violations.

In its final rule, BIS offered three examples of circumstances under which an extended renewal would be appropriate. Namely, if the respondent has:

Acted in apparent blatant disregard of the EAR;
Attempted to circumvent or otherwise appeared to violate the restrictions of a TDO or the EAR; or
Otherwise acted in a manner demonstrating a pattern of apparent noncompliance with the requirements of the EAR.

BIS specifically identified repeat offenders of Russia-related controls as the type of cases in which extended renewals would serve as an enhanced deterrent to potential offenders and enhanced notice to companies and individuals wishing to do business with the subjects of the TDO.

5. Antiboycott Enforcement Policy

In our 2022 Year-End Sanctions and Export Controls Update, we highlighted BIS’s intensified enforcement approach toward U.S. antiboycott regulations, marked by significant adjustments to violation categories. This past year, BIS continued to enhance its enforcement posture with respect to the antiboycott regulations, especially concerning the Arab League Boycott of Israel. In 2023, BIS imposed over $425,000 in penalties on companies for alleged violations of the antiboycott regulations.

In an agency memorandum issued in July 2023, BIS announced that the agency has amended its Boycott Request Reporting Form to require the filer to specify the party who made the boycott-related request and published an Antiboycott Policy Statement on the Department of Commerce’s Office of Acquisition Management website for government contractors. In light of the enhanced regulations and enforcement priorities, U.S. firms with potential foreign boycott exposure should consider implementing robust policies to ensure antiboycott compliance.

V. Committee on Foreign Investment in the United States (CFIUS)

In addition to sanctions and export controls, the Committee on Foreign Investment in the United States—the interagency committee tasked with reviewing the national security risks associated with foreign investments in U.S. companies—remained active during 2023 as the Committee reviewed a record number of filings and continued to closely scrutinize China-related deals. Over the past year, CFIUS also expanded its jurisdiction to include additional military installations, competed with state-level restrictions on foreign investment, increased scrutiny of deals involving Japanese and Middle Eastern investors, and prepared to operate alongside a brand new outbound investment review mechanism unveiled by the United States.

A. CFIUS Annual Report

In July 2023, CFIUS published its annual report to Congress detailing the Committee’s activity during calendar year 2022 (the “CFIUS Annual Report”). As noted in a prior client alert, our key takeaways from the CFIUS Annual Report include:

While the total number of filings before CFIUS largely stayed on pace with 2021, with the Committee reviewing a total of 440 filings (compared to 436 filings in 2021), the CFIUS Annual Report data may suggest a significant proportional increase in CFIUS filings in light of significantly slower mergers and acquisitions activity and decreased foreign direct investment in 2022;
Declaration filings jumped 30 percent from 2020 to 2021, but decreased by approximately 6 percent in 2022, possibly suggesting a growing hesitation in the market to use the Committee’s short-form declaration process;
More than 50 percent of all non-real estate notices reviewed by the Committee were transactions in the finance, information, and services sector, signaling that transactions wherein sensitive personal data is very likely to be at issue continue to account for a large portion of the Committee’s caseload (and will likely continue to do so going forward); and
A 67 percent increase from 2021 in instances where the Committee adopted mitigation measures and conditions to mitigate the national security risks associated with a transaction, combined with an uptick in withdrawn notices, may suggest that the Committee is taking a more aggressive stance on imposing conditions on its approvals.

B. Expanded Jurisdiction

In May 2023, the Committee published two new frequently asked questions (“FAQs”) that have had substantial impacts on parties notifying the Committee of a transaction. The first FAQ clarified CFIUS’s interpretation of the “completion date” for a transaction, effectively negating the use of “springing rights” for mandatory filings. The second FAQ confirms that CFIUS can request certain information from passive investors, including limited partners in an investment fund.

Under 31 C.F.R. § 800.206, the term “completion date,” with respect to a transaction, is the earliest date upon which any ownership interest, including a contingent equity interest, is conveyed, assigned, delivered, or otherwise transferred to a person, or a change in rights that could result in a covered control transaction or covered investment occurs. In the first FAQ, the Committee explained that, in a transaction where the ownership interest is conveyed before the foreign person receives the corresponding rights, the “completion date” is the earliest date upon which the foreign person acquired any of the equity interest. For example, if Company A acquired a 25 percent ownership interest in Company B on July 1, but its right to control Company B was deferred until after CFIUS reviews the transaction, the “completion date” for the transaction is July 1. Using this example, the Committee indicated that if the transaction is subject to the mandatory declaration requirement pursuant to 31 C.F.R. § 800.401, the latest date that the parties can file the transaction with CFIUS is June 1.

In practice, the first FAQ means that parties can no longer use a springing rights strategy to delay the onset of a mandatory CFIUS filing because CFIUS no longer distinguishes between initial passive equity investments and future CFIUS triggering rights. In other words, parties may not delay submitting a mandatory filing by deferring acquisition of control, governance, or information access rights, while otherwise closing the investment. Parties have frequently utilized this strategy as a means to ensure the quick exchange of capital for equity interests that transfer upon execution of the transaction documents. Now, this strategy is no longer workable, as parties must submit a mandatory filing no later than 30 days prior to the transfer of the initial passive equity interest, even if the parties have negotiated a different structure.

The practical effect of the second FAQ is that the Committee may request information on all foreign investors involved, directly or indirectly, in a transaction, including limited partners that have passively invested in an investment fund at any level, regardless of any confidentiality provisions or contract arrangements between the limited partners and the foreign investor. Parties before the Committee have typically disclosed limited partners with five percent or more ownership and/or non-customary rights. However, this FAQ may change that approach. Going forward, on a case-by-case basis, we expect the Committee to consider the nationality, identity, and capabilities of limited partners. In particular, the FAQ explains that CFIUS may request identifying information for indirect foreign person investors, their jurisdiction(s) of organization, and information with respect to any governance rights and other contractual rights that investors collectively or individually may have in an indirect or direct acquirer or the U.S. business to facilitate the Committee’s review regarding jurisdictional or national security risk-related considerations.

Proximity to sensitive U.S. military installations and properties is an important element of the Committee’s review over certain covered real estate transactions. Specifically, the Committee has jurisdiction to review certain purchases or leases by, or concessions to, a foreign person of real estate in close proximity (the area that extends outward one mile from the boundary of the military installation or facility) to, or the extended range of (within a 100-mile radius), specific military installations and properties listed at Parts 1 and 2 of Appendix A to Part 802 of the Committee’s regulations (“Appendix A”).

In August 2023, the Committee released a final rule adding eight new military installations to Part 2 of Appendix A, which became effective September 22, 2023. The eight additional military installations include:

Air Force Plant 42, located in Palmdale, California;
Dyess Air Force Base, located in Abilene, Texas;
Ellsworth Air Force Base, located in Box Elder, South Dakota;
Grand Forks Air Force Base, located in Grand Forks, North Dakota;
Iowa National Guard Joint Force Headquarters, located in Des Moines, Iowa;
Lackland Air Force Base, located in San Antonio, Texas;
Laughlin Air Force Base, located in Del Rio, Texas; and
Luke Air Force Base, located in Glendale, Arizona.

Importantly, many military installations have been renamed, and CFIUS’s Geographic Reference Tool is not always updated. Thus, parties should carefully cross-reference the names of military installations when conducting any proximity analysis.

The new rule followed shortly after the Committee determined that it did not have jurisdiction over the proposed purchase by Fufeng Group Limited (“Fufeng”), a Chinese company, of a 370-acre site in North Dakota located approximately 12 miles from Grand Forks Air Force Base. That proposed purchase faced significant political backlash and was ultimately terminated by local officials. We expect CFIUS will continue to expand the list of sensitive facilities going forward, so transaction parties should closely watch for future additions to Appendix A.

C. State Law Investment Restrictions

Following the Fufeng controversy, U.S. states have quickly begun passing their own laws impacting real estate transactions within their borders. For example, in May 2023, Florida passed a law barring foreign principals from “countries of concern” (including China, Russia, Iran, North Korea, Venezuela, and Syria) from acquiring an interest in agricultural property or property near sensitive military sites. More than 20 states have adopted legislation restricting foreign ownership of U.S. land, and actions to amend or enact such legislation are pending in many other states.

As we discuss in a prior client alert, state laws vary in their approaches to address the potential national security and economic implications of foreign ownership of U.S. land. Some states mandate disclosure of foreign ownership of U.S. land, while other states directly prohibit certain transactions and may require divestiture of foreign-owned land. Additionally, laws differ as to who is subject to the restrictions, with some legislation seeking to regulate real property transactions with individuals and entities from a list of named countries, and other legislation seeking to govern purchases by all non-U.S. citizens.

The constitutionality of these laws remains uncertain. A group of Chinese citizens and lawful residents of Florida and a Florida corporation challenged Florida’s new law under several federal statutes, including the Fair Housing Act. The U.S. Department of Justice has filed a statement of interest in the case supporting the plaintiffs’ motion for a preliminary injunction and arguing that the Fair Housing Act preempts Florida’s law.

More than a dozen bills have been introduced in the U.S. Congress to address concerns about foreign acquisitions of U.S. real estate. Some bills would expand federal reporting requirements in connection with foreign investments in agricultural land and increase penalties for nondisclosure. Other bills would expand CFIUS jurisdiction to encompass more categories of land, such as certain foreign investments in agricultural land and in U.S. businesses engaged in agriculture or biotechnology related to agriculture.

The state measures described above add another complex layer to the various U.S. restrictions at the federal level targeting trade and financial flows with China (and, in some cases, several other challenging jurisdictions). International investors and multinational businesses now must consider not only federal law when undertaking transactions in the United States, but must also factor in state-specific restrictions that may play an increasingly important role in managing their commercial engagements and exposure in the country.

D. Geographic Focus

In 2024, parties should expect the Committee to heavily scrutinize investments by foreign investors with ties to China. This is perhaps not surprising amid increased geopolitical tensions between Washington and Beijing.

Notably, CFIUS has increased its scrutiny of transactions involving Middle Eastern investors, especially under circumstances in which such investors have close business ties to China. Close examinations of Japanese investors’ relationships with Chinese shareholders have also contributed to lengthier investigation timelines.

Due to the Committee’s focus on third-party risk from China, parties should carefully consider the structure of investments. For example, there is an exception to mandatory filing requirements for investment funds managed exclusively by general partners that are not foreign persons, so long as the foreign limited partners are sufficiently passive. At bottom, companies with extensive links to China, including companies with a large Chinese customer base, should expect a thorough and rigorous review by the Committee.

VI. U.S. Outbound Investment Restrictions

While CFIUS review of inbound investments into the United States has been a feature of U.S. trade controls for decades, the Biden administration during 2023 laid the foundation for unprecedented outbound restrictions on how U.S. persons deploy capital abroad. Momentum for such a regime appears to have been driven in part by concerns among U.S. officials at the prospect of U.S. investors financing or otherwise enabling efforts by strategic competitors such as China to develop critical technologies within their own borders. Although the regulations are still under development as officials review public comments and debate how to tailor any such regime to avoid unduly restricting investments that present little risk to U.S. national security, developments over the past few months suggest that the United States could soon stand up an entirely new outbound investment review mechanism.

A. Proposed Rulemaking

On August 9, 2023, President Biden issued Executive Order 14105 authorizing restrictions on certain forms of outbound investment in semiconductors and microelectronics, quantum information technologies, and artificial intelligence systems. While the Executive Order did not immediately impose new legal obligations on outbound investments, it was accompanied by an Advance Notice of Proposed Rulemaking issued by the U.S. Department of the Treasury, the agency tasked with primary implementation authority for the Executive Order. The ANPRM provides further details about the contours of the planned requirements and restrictions. In terms of timing, the ANPRM formally began the rulemaking process by seeking significant public input to assist Treasury in crafting the final text of the regulations.

The proposed new restrictions largely track reports that the Biden administration would focus on a narrow set of high-technology sectors, imposing an outright ban on a small set of transactions and requiring notification to the U.S. Government on a broader set of others. Specifically, E.O. 14105 focuses on direct and indirect investments by “U.S. persons” in a “covered foreign person,” which those measures define to consist of Chinese, Hong Kong, and Macau entities engaged in the business of targeted “national security technologies and products,” which terms are still in the process of being defined.

Importantly, the proposed outbound investment regime is not a “catch and release” program, and in contrast to the mandatory filing requirements under CFIUS, the Treasury Department has clearly stated in the ANPRM that it is “not considering a case-by-case determination on an individual transaction basis as to whether the transaction is prohibited, must be notified, or is not subject to the program.” It will not be a “reverse CFIUS.” Rather, the onus will be on the parties to a given transaction to determine whether the prohibitions or notification requirements apply.

While unique, the proposed outbound rules draw on existing regulatory regimes such as export controls on software and technology, sanctions programs restricting transactions with specific parties or geographies, and inbound foreign direct investment controls under CFIUS. A novel feature of the proposed outbound regime, however, is its specific targeting of U.S. capital and intangible benefits—identified in the ANPRM as “managerial assistance, access to investment and talent networks, market access, and enhanced access to additional financing”—that often accompany investments in high-technology sectors of the Chinese economy, and which are perceived as threats to U.S. national security.

While E.O. 14105 envisions both civil and criminal penalties for violations of the proposed regulations, the ANPRM focuses on civil penalties, as is standard, with potential criminal conduct being referred to the U.S. Department of Justice. The ANPRM proposes imposing civil penalties up to the maximum allowed under the International Emergency Economic Powers Act, currently over $350,000 per violation.

B. Public Comments and Unresolved Issues

It will likely be some time before the final U.S. outbound investment rules take shape. Although the ANPRM provides useful insight into the likely scope and scale of the final regulations, it also requested comments from the public on 83 specific questions—the answers to which remain unsettled. Treasury’s public comment period for the ANPRM closed on September 28, 2023.

The comment period generated significant interest from industries that will be affected by the potential outbound investment regime, with input from major actors in the investment community; manufacturers; semiconductor, microelectronics, and quantum companies; financial institutions; and trade associations. As we discuss in more detail in a separate client alert, commenters from across industries emphasized the need for more clarity, narrower coverage to prevent chilling investment and spillover into non-targeted industries, and wider exemptions.

Specifically, many commenters noted that the contemplated definitions are vague with respect to which U.S. actors or investors, foreign partners, and types of investments and transactions are subject to the restrictions. Commenters also overwhelmingly requested clear steps and extensive guidance to make it easier for investors to comply, in addition to requests for other details on how compliance standards will be applied. Finally, commenters sought to clarify the Treasury Department’s proposed covered transactions and expand exemptions to prevent overbroad coverage. In particular, commenters sought to ensure that passive investments by both limited partners and non-limited partners, venture capital and private equity investments, and other transactions are not covered by the regulations. Major financial institutions and investment commenters urged the Treasury Department to clarify that coverage does not indiscriminately restrict services provided by financial institutions to their customers with respect to covered transactions.

In addition to the public comments described above, the proposed outbound investment regime has drawn opposition from prominent members of Congress. Critics of the proposal in its current form include the influential chairman of the House Financial Services Committee who, in a letter to Treasury Secretary Janet Yellen, questioned the Biden administration’s policy of decreasing U.S.-driven investment in China, arguing that public policy should instead be to increase private U.S. investment and control of Chinese entities. The chairman further questioned whether the program should be administered by OFAC, rather than through the CFIUS regime. These criticisms are significant because they may identify grounds for parties to challenge the final regulations and because they highlight a sharp disagreement in the top levels of government regarding the role of U.S. investment in China.

The Biden administration appears to have expended considerable effort engaging with U.S. allies concerning the scope of the proposed restrictions, with the result that new outbound investment regimes appear to be gaining traction in jurisdictions such as the European Union. Ahead of the eventual publication of final regulations in the United States, the Biden administration is expected to continue engaging with Congressional leadership and global allies on these issues, as well as assessing the public comments it has received from business industry leaders and practitioners. Although an exact timeline for publication of a final rule has not been set, it is possible that a new U.S. outbound investment regime could take effect in the coming year.

VII. European Union

A. Trade Controls on China

Departing from the trend in recent years of skirting around China policy, a March 2023 speech by European Commission President Ursula von der Leyen assertively set the tone for EU-China relations going forward. Amid a ballooning EU-China trade deficit, von der Leyen called out China’s calculated attempt at subverting the international order through the deliberate creation of economic dependencies and the extortive use of economic leverage, as well as China’s positioning as a global peace-breaker—supporting Tehran and Moscow, ramping up its military posture, and spreading disinformation. Von der Leyen further noted that China has clearly moved on from an era of “reform and opening” toward a new era of “security and control” no longer governed by the logic of free markets and open trade. Despite these remarks, von der Leyen noted the interconnectedness between the European and Chinese economies and, in a nod to U.S. nomenclature on the subject, concluded that the European Union should focus on de-risking from China, rather than de-coupling.

Tangible action followed throughout the year. In response to surging, government-assisted Chinese electric vehicles exports, the European Union launched an ex officio anti-subsidy investigation into the import of Chinese-manufactured EVs. As the European Commission, the bloc’s executive branch, has already found evidence of support by state actors at preferential terms, the imposition of tariffs, along with corresponding Chinese retaliatory measures, appears to be a distinct possibility as a result of the investigation. The European Union has historically been more comfortable deploying trade defense measures such as tariffs and anti-dumping or countervailing duties on China, as opposed to trade or financial sanctions measures. However, while the European Union has yet to implement any particularly impactful sanctions measures as it continues to lack a China-related sanctions program, this year it reportedly considered blacklisting eight Chinese companies it had found to be assisting Russia’s military operations in Ukraine. While the measures ultimately failed to rally the support of all EU Member States (which is required for such measures), the Commission’s bold move to put these listings on the European Council’s agenda is noteworthy. Following these developments, European Council chief Charles Michel during a year-end visit presented China’s President Xi Jinping with a list of Chinese companies that may soon become subject to EU sanctions unless exports of dual-use items to Russia are addressed. As global tensions rise, appetite for EU-wide sanctions measures targeting China-based bad actors is likely to increase.

In terms of legislative initiatives, the European Union in September 2023 implemented its own Chips Act, which is designed to leverage private-public partnerships in order to onshore semiconductor manufacturing. In November 2023, the European Council and Parliament reached provisional agreement on the proposed Critical Raw Materials Act, which was first unveiled in March 2023 and aims to ensure that not more than 65 percent of EU consumption of identified strategic raw materials comes from a single third country. The European Union also continued to develop EU-wide forced labor legislation. As the post-UFLPA Chinese redirection of solar panels and related products into the European Union intensifies, Europe’s prospects for a UFLPA-like “rebuttable presumption” that goods are made with slave labor have improved. In October 2023, the Internal Market and International Trade committees amended the Commission’s proposed draft of the EU Forced Labor Import Ban and tasked the Commission with creating a list of geographic areas and economic sectors at high risk of using forced labor, in relation to which the burden of proof would shift to companies—rather than enforcing authorities—to demonstrate that items have not been produced with forced labor. Finally, the Anti-Coercion Instrument—a regulation enabling the Commission to take proportionate countermeasures to induce the cessation of economic coercion levied at the European Union or one of its Member States—entered into force in December 2023. While none of these initiatives explicitly mentions China, all form part of Europe’s China strategy and indeed many were implemented in direct response to certain Chinese actions.

The most comprehensive expression of the Commission’s vision for a more resilient Europe came with the publication, together with the EU High Representative for Foreign Affairs and Security Policy, of a communication to the European Parliament, the European Council, and the Council on a new European Economic Security Strategy. This communication laid the groundwork for a discussion among EU Member States and various EU institutions with a view to creating a common framework designed to minimize risks stemming from increased geopolitical tensions and accelerated technological shifts, while preserving maximum levels of economic openness. While the communication—in keeping with European tradition—also does not mention China, it echoes von der Leyen’s speech earlier in the year and points to economic security risks related to the resilience of supply chains, physical and cyber security of critical infrastructure, technology security and technology leakage, and the weaponization of economic dependencies and economic coercion. The strategy is multi-pronged and notably includes proposals to bolster the European Union’s foreign investment screening tools, enhance cooperation among Member States in relation to dual-use export controls—including in relation to research security with respect to the development of technologies with dual-use potentials—and examine whether to adopt outbound investment controls akin to the proposed regime announced by the United States. As China-EU trade tensions are poised to continue into 2024, the European Union is likely to maintain an assertive economic security posture. Further details on the European Economic Security Strategy are expected in early 2024.

B. Sanctions Developments

1. Institutional and Procedural Developments within the European Union

The European Union and its Member States continued to make unprecedented progress toward harmonizing European sanctions enforcement. Such harmonization is long overdue and without it effective sanctions enforcement will continue to be lacking. At present, not all EU Member States even criminalize the violation of EU sanctions and, even among those Member States that do, criminal laws on evidentiary requirements, burden of proof standards, and penalties vary substantially. The inconsistent enforcement of restrictive measures not only undermines the effectiveness of EU sanctions, but also existing legal loopholes and lack of harmonization facilitates violations and encourages the practice of forum shopping. To address these issues, European authorities took several notable steps in the direction of centralized sanctions enforcement. Crucially, in December 2023, the European Parliament and the European Council reached a provisional political agreement on the Commission’s December 2022 proposal for a Directive aimed at harmonizing criminal offenses and penalties for the violation of EU restrictive measures. Once adopted, the new rules will include a list of criminal offenses related to the violation and circumvention of EU sanctions such as failing to freeze assets, providing prohibited or restricted services, or providing false information to conceal funds that should be frozen. The new rules will also establish common basic standards for penalties for both individuals and entities, including imprisonment for at least five years for certain offenses and enhanced rules on freezing of assets subject to EU sanctions. To move the proposal forward, the European Parliament and the Council will now have to formally adopt the political agreement, after which the Directive will enter into force following its publication in the Official Journal of the European Union.

As proposals for the establishment of an EU-wide sanctions enforcement authority or for an enhanced role for the European Public Prosecutor’s Office have yet to gain enough momentum to translate into a Commission initiative, individual EU Member States are ramping up their domestic efforts. In Germany, the Federal Government has approved a draft Financial Crime Prevention Act (Finanzkriminalitätsbekämpfungsgesetz) (“FKBG”), which, if adopted by the Bundestag and the Bundesrat, will set up a new Federal Office for Fighting Financial Crime (Bundesamt zur Bekämpfung von Finanzkriminalität) (“BBF”). The BBF is expected to become the new agency hosting the Central Office for Sanctions Enforcement (Zentralstelle für Sanktionsdurchsetzung) (“ZfS”) as of June 2025 in order to achieve synergies between sanctions and anti-money laundering enforcement and to improve cooperation between investigative enforcement and criminal prosecution. The ZfS has been particularly active since its creation in early 2023, with reports of more than 150 cases currently under investigation and spectacular raids in pursuit of cases. Similarly, the Latvian State Revenue Service has started more than 250 criminal proceedings for violations of EU sanctions, and Dutch authorities have imposed fines for breaches of the EU Russia sanctions regime. While the European Union has yet to establish centralized sanctions agencies akin to OFAC in the United States or the United Kingdom’s Office of Financial Sanctions Implementation (“OFSI”), Eurojust and Europol are not standing idle, having recently supported a coordinated action of the Dutch, German, Latvian, Lithuanian, and Canadian authorities against the alleged violation of sanctions on Russia.

2. Focus on Circumvention and Evasion

Having implemented a wide range of financial and trade sanctions against Russia over the last two years, the European Union is now struggling to secure Member States’ support for further substantive measures. For instance, despite having significantly reduced its reliance on Russian energy imports, the European Union has not yet fully weaned itself off of Russian energy, which has frozen the bloc’s potential sanctions on liquified natural gas. Facing these political and economic realities that are unlikely to resolve in the near term, European authorities are instead focusing on more attainable and politically neutral goals such as enhancing tools against sanctions circumvention and evasion. With the introduction of new powers to combat sanctions circumvention as part of its eleventh Russia sanctions package, the European Union can now restrict the sale, supply, transfer, or export of specified sanctioned goods and technology to certain third countries considered to be at high risk of being used for circumvention. While this power has not yet been used and European Commission representatives have made it clear that it is a measure of last resort (i.e., to be used only following engagement with the third countries in question), it marks a significant step in the direction of more aggressive European sanctions implementation. Measures introduced to achieve similar objectives include, among others, the introduction of a provision compelling EU exporters to contractually prohibit the re-exportation to or for use in Russia of a number of goods and technologies, a full ban on trucks with Russian trailers and semi-trailers from transporting goods to the European Union, and the simplification of crucial annexes to EU trade sanctions regulations to reduce circumvention of sanctions by misclassification of goods.

Relatedly, the European Commission published extensive guidance on the topics of circumvention and evasion to help European economic operators identify, assess, and understand possible risks. That guidance—a first on the topic—outlines due diligence best practices and includes an extensive list of circumvention red flags, which the Commission expects European economic operators to be aware of and incorporate into their risk assessments. The Commission guidance has been followed by separate guidelines at the Member State level, with Germany’s Federal Ministry for Economic Affairs and Climate Action (Bundesministerium für Wirtschaft und Klimaschutz) (“BMWK”) issuing further guidance for companies to tackle circumvention and evasion of trade sanctions. As discussed more fully above, the European Union together with its international partners published a List of Common High Priority Items intended to support compliance by exporters, and also targeted anti-circumvention actions by customs and enforcement agencies of partner countries to prevent their territories from being abused for circumvention of EU sanctions.

3. Iran Sanctions and Policy

The European Union has yet to develop a coherent and uniform stance in relation to Iran. Historically, in addition to implementing UN sanctions, the European Union imposed a wide range of autonomous economic and financial sanctions on Iran. The European Council recently decided to refrain from lifting these restrictive measures on Transition Day (i.e., October 18, 2023), as originally envisaged under the Joint Comprehensive Plan of Action.

The European Union has also reacted to Iran’s support for Russia’s invasion of Ukraine. In July 2023, the Council established a new framework for restrictive measures in view of Iran’s provision of military support to Syria and Russia. This new regime prohibits the export from the European Union to Iran of components used in the construction and production of unmanned aerial vehicles. It also provides for travel restrictions and asset freeze measures that could be imposed against persons responsible for, supporting, or involved in Iran’s UAV program. The Council made use of its designation powers to add several Iranian individuals and entities to its asset freeze target list for undermining or threatening the territorial integrity, sovereignty, and independence of Ukraine.

Despite these actions, discontent looms among European politicians and bureaucrats, some of whom view the European Union’s policy on Iran as weak. Members of the European Parliament recently criticized EU High Representative Josep Borrell’s Iran policy, claiming it had failed and that it is purely symbolic. Borrell, however, suggested that the political will among all 27 EU Member States to dramatically alter the European Union’s policy on Iran is currently lacking. The debate is likely to continue in coming months, as the European Union is also weighing whether to punish Iran for its support of Hamas. Germany, France, and Italy are reportedly in the process of introducing unilateral measures such as a ban on the export of components used in the production of missiles. This situation will likely continue to evolve as tensions in the Middle East rise in the wake of attacks by various Iran-backed militias, including Hamas, Hezbollah, and the Houthis.

C. Export Controls Developments

The need for coordinated action at the Union level in the area of export controls has become pressing. Authorities in EU Member States have already started taking matters into their own hands which could threaten to further splinter any pan-European approach. For example, in 2023 the U.S. Government spearheaded a significant effort to persuade the Netherlands and Japan—two countries with advanced semiconductor manufacturing equipment capabilities—to establish controls similar to the U.S. restrictions described in Section II.A.1, above. In June 2023, as part of this trilateral agreement, the Netherlands imposed export controls on advanced semiconductor production equipment bound for China. Italy, too, used its so-called “golden power” to restrict the flow of information and know-how relating to proprietary technologies to China-based Sinochem, Pirelli’s largest shareholder and, to crack down on circumvention of EU trade sanctions on Russia, implemented national legislation imposing a prior authorization requirement for exports of certain dual-use goods for use in aviation to Armenia, Iran, Kazakhstan, and Kyrgyzstan. Spain adopted a national control list imposing new export controls on quantum computing, additive manufacturing, and other emerging technologies for reasons of national security. As the uncoordinated proliferation of national controls by EU Member States risks creating loopholes, jeopardizing the integrity of the single market, and weakening the bloc’s economic security, the European Commission is pressing for the centralized implementation of a wider set of export controls.

In light of the above and as a function of its de-risking strategy, 2023 saw the European Union take decisive steps toward bloc-wide export controls for a broad set of sensitive technologies. The Commission issued a recommendation—as a part of the European Economic Security Strategy—to conduct a risk assessment exercise aimed at identifying vulnerabilities in connection with advanced semiconductors, artificial intelligence, and quantum and bio-technologies (i.e., technology areas considered highly likely to present the most sensitive and immediate risks to technology security and leakage). Potential controls restricting the export of these four types of technologies may follow in early 2024. The wider European Economic Security Strategy also promises to address gaps in the current dual-use regulation, with a view to introducing uniform controls on a wider range of items. In the meantime, for the first time, the Commission compiled all unilaterally implemented lists.

D. Foreign Direct Investment Developments

With the publication of the European Economic Security Strategy, the Commission announced plans to revise the 2020 Foreign Direct Investment (“FDI”) Screening Regulation that sets minimum requirements for Member States’ FDI screening, including an expanded list of sectors and activities that will trigger a screening requirement and implementing measures to harmonize processes across Member States’ regimes. Earlier in the year, the European Court of Auditors had published a special report that found “significant divergences” in Member States’ screening mechanisms. 22 of 27 Member States presently have screening mechanisms in place, and EU members have significantly increase d their screening of foreign investments, formally screening more than half of all investment authorization requests. Despite the recent heightened focus on FDI screening, the EU regime, which seeks to balance the free movement of capital against national security concerns, remains less aggressive than companion regimes in the United States and the United Kingdom. EU Member States authorize the overwhelming majority of transactions without conditions and, in July 2023, the European Court of Justice conservatively interpreted the EU regime’s reach, holding that screening cannot be used as a protectionist tool, as foreign investments cannot be restricted on the basis of purely economic considerations.

However, there have been recent examples of certain EU Member States taking a harder line. In October 2023, a U.S. company was forced to abandon its global takeover of a Canadian target after the French government vetoed the acquisition of two French subsidiaries under France’s FDI regime. While the rationale for this decision is not public, it appears that Paris’s concerns stemmed from the transaction’s potential to cause the two subsidiaries—which supply parts for nuclear submarines and reactors—to become subject to U.S. export control rules, thereby threatening supply to the French market. The parties have indicated that, although a package of remedies and undertakings was offered to French authorities, such measures were not sufficient to resolve the government’s concerns.

VIII. United Kingdom

A. Trade Controls on China

Although the United Kingdom continues to refine its approach to China’s increasingly assertive stance in global affairs, 2023 did not see any decisive turning points. In March 2023, the UK Government released the much-anticipated “Integrated Review Refresh 2023: Responding to a More Contested and Volatile World” (the “2023 Review”), the United Kingdom’s expression of its national security and foreign policy. While it had been expected that the United Kingdom would label China a “threat,” the words “epoch-defining challenge” were ultimately chosen to replace the optically weaker “systemic challenge” label chosen for the previous iteration of the review. Beyond semantics, steering clear of describing China as a threat amply demonstrates the United Kingdom’s continued ambivalence toward Beijing, despite being under significant pressure from core allies to revise (and strengthen) its stance. Nevertheless, the 2023 Review highlighted UK concerns with the Chinese Communist Party’s conduct, specifically calling out China’s strengthening of its relationship with Russia, its disregard for human rights and international commitments in Tibet, Xinjiang, and Hong Kong, the militarization of disputes in the South China Sea, China’s refusal to renounce the use of force in Taiwan, the country’s ruthless use of its economic power to coerce unaligned countries, and the sanctioning of British parliamentarians in an effort to undermine free speech critical of China.

While practical takeaways specifically relating to China mainly consisted of increased multilateral cooperation with core allies and enhanced investment in diplomatic efforts, the 2023 Review mentioned other tangible initiatives. The UK Government expressed a commitment to bolster the United Kingdom’s economic security and pledged to publish a new strategy on supply chains and imports of technologies of strategic importance to the United Kingdom and its allies, as well as a refresh of the Critical Minerals Strategy and the creation of a new semiconductor strategy aimed at improving the resilience of semiconductor supply chains. Similar initiatives are being pursued by the United Kingdom’s core allies, as described in Sections II and VII.A, above.

Despite the commitments made in the 2023 Review, the UK Parliament’s Intelligence and Security Committee in July 2023 published a detailed report calling out the lack of a clear, forward-looking China strategy and the failure to deploy a whole-of-government approach when countering threats posed by China. The report highlighted the inadequacy of UK protections against Chinese interference and Beijing’s deliberate attempt at creating economic dependencies it could (and often has chosen to) weaponize. In particular, the report exposes the multifaceted nature of the intelligence threat posed by China and calls out the economic dependency risks stemming from China’s deliberate use of investment activities as a platform, as evidenced by the political influence China gains from its very significant investment in the UK civil nuclear sector. Furthermore, the report found that China has increased espionage efforts in the United Kingdom, “prolifically and aggressively” collecting human intelligence, gathering information through social media, and routinely targeting current and former civil servants.

The government’s response to the report was mostly defensive and stopped short of making any new commitments. Rather, it focused on the protective (though not protectionist) measures implemented so far. Among them, the National Security Act 2023 stands out. In force since December 2023, the Act is the most significant overhaul of UK national security law in over a century and directly responds to threats of espionage, foreign interference in the political process, disinformation, and cyber-attacks. Notably, the Act creates new criminal offenses of obtaining or disclosing protected information, obtaining and disclosing trade secrets, and assisting a foreign intelligence service, and also expands the scope of existing investigative powers. The offense of obtaining or disclosing trade secrets is particularly novel as it criminalizes espionage in relation to information that has existing or potential commercial, economic, or industrial value, such as a new technology developed in the United Kingdom. In a similar vein, the government also devised the new Foreign Influence Registration scheme, which will require registration of arrangements to carry out political influence activities in the United Kingdom at the direction of a foreign power. This is similar to the United States’ Foreign Agents Registration Act (“FARA”).

Overall, the United Kingdom continued to pursue an indirect approach to China policy, generally refraining from frontally addressing challenges. That trend is likely to continue in 2024. Examples of this quiet approach include the rejection of most license applications for companies seeking to export semiconductor technology to China, the continued use of anti-dumping measures on imports of raw materials from China, and the UK Government’s £1 billion investment in the semiconductor sector which is clearly designed to compete with Beijing.

B. Sanctions Developments

1. Ownership and Control Tests

The “ownership and control” tests employed in the UK financial sanctions context were the focus of significant attention by both practitioners and the judiciary in 2023. The UK Court of Appeal’s obiter comments in the Boris Mints & Ors v. PJSC National Bank Trust & Anor case generated significant confusion regarding the breadth of the concept of “control,” particularly in relation to the potential influence exercised by public officials over Russian companies by virtue of their role. The decision suggested a very broad interpretation of “control” that could theoretically have included almost all Russian government ministries, state-owned enterprises, and functions. Immediately following publication of the Mints judgment, the Foreign, Commonwealth & Development Office (“FCDO”) issued a statement noting that the FCDO—in charge of UK sanctions policy and designations—will customarily designate a public body by name when it considers that a designated official has control over such body, and further noted that there is “no presumption on the part of the Government that a private entity based in or incorporated . . . in any jurisdiction in which a public official is designated is in itself sufficient evidence to demonstrate that the relevant official exercises control over that entity.” OFSI also unequivocally departed from the Court of Appeal’s comments with its new guidance on public officials, published jointly with the FCDO. Indeed, a subsequent High Court judgment (Litasco SA v. Der Mond Oil and Gas Africa) departed from the Court of Appeal’s obiter comments and noted that the UK control test is concerned with “an existing influence of a designated person over a relevant affair of the company . . . not a state of affairs which a designated person is in a position to bring about.” Such interpretations by the FCDO and the High Court, which align with longstanding practice, provided a welcome dose of regulatory clarity for parties seeking to comply with UK sanctions.

2. Focus on Circumvention and Evasion

Alongside its core allies, the United Kingdom during 2023 identified countering circumvention and evasion as key priorities going forward. In this regard, the most noteworthy development is the United Kingdom’s increasingly frequent designation of foreign, non-Russian companies that actively participate in sanctions evasion schemes, aid Russia’s war effort, and/or otherwise contribute to the destabilization of Ukraine. Some examples include the imposition of UK sanctions on United Arab Emirates-based entities using opaque corporate structures and deceptive shipping practices to facilitate trade in Russian oil above the price cap; Iranian individuals and entities involved in providing UAVs for use by the Russian military; and prominent entities such as Sun Ship Management for supporting Russian efforts to circumvent or undermine the effects of UK and allied sanctions. This trend toward designating third-country entities, which departs from the United Kingdom’s historic practice, seems certain to continue and intensify during the year ahead.

3. Cross-Agency Cooperation and Multilateralism

Again following the example of its U.S. partners, 2023 also witnessed an unprecedented level of cooperation among UK government agencies in relation to the effective implementation of UK sanctions. Several departments of government are engaging in information sharing and have issued guidance and compliance notes, often jointly. Examples of pluri-seal publications include several “Red Alerts” published by the UK National Crime Agency (“NCA”), each of which was prepared in cooperation with one or more UK government agencies. For instance, a December 2023 Red Alert on Exporting High Risk Goods and a November 2023 Red Alert on Gold-Based Financial and Trade Sanctions Circumvention were issued by National Economic Crime Centre (i.e., a multi-agency unit in the NCA), OFSI, and the FCDO, working in conjunction with law enforcement and financial sector partners as part of the Joint Money Laundering Intelligence Taskforce. Recent compound settlement notices published by HM Revenue & Customs (“HMRC”) in relation to breaches of UK trade sanctions on Russia have also underscored the extent of enforcement cooperation among HMRC, OFSI, the FCDO, and the NCA.

Similarly, the UK Financial Conduct Authority (“FCA”) is cooperating with OFSI in relation to compliance by regulated firms, with a particular focus on systems and controls designed to mitigate the risk of breaching sanctions and facilitating evasion. Indeed, in 2023, the FCA invested significant resources to assess the sanctions compliance programs of more than 90 financial services firms and identified several areas for improvement. The FCA now expects to be notified of any self-disclosures to OFSI, and may take independent action concerning sanctions issues when it deems necessary.

UK government agencies also extensively coordinated with their counterparts in closely allied jurisdictions. Relations with OFAC remain particularly close following the 2022 launch of the OFSI-OFAC partnership (the first anniversary of which was celebrated with a joint publication reiterating the effectiveness of that collaboration), numerous joint designations (e.g., in relation to the Russia-based cybercrime gang Trickbot), publication of a joint fact sheet on Russia-related humanitarian authorizations, and frequent participation in joint engagements. The United Kingdom also continues to make use of its wider network by engaging with Group of Seven (“G7”) allies to coordinate new sanctions on Russia, working with its Five Eyes partners to issue joint guidance identifying critical items used in Russian weapons systems, and signing a new accord with South Korea in relation to the joint enforcement of sanctions against North Korea. The United Kingdom’s multilateral approach to sanctions implementation is expected to intensify further in 2024.

4. Enforcement Update

OFSI made use of its new enforcement disclosure power for the first time in August 2023. Pursuant to Section 149(3) of the Policing and Crime Act 2017, OFSI is now authorized to publish details of financial sanctions breaches—including details on the identity of the person committing the breach—even under circumstances in which OFSI determines that the breaches are not serious enough to justify a civil monetary penalty. OFSI’s first published disclosure underscores the importance of effective sanctions policies and procedures and adequate resourcing in the field of sanctions compliance, and importantly reiterates that approaching OFSI on a voluntary basis will be treated as a mitigating factor in determining what consequence, if any, to impose.

Similar concepts were threaded throughout OFSI’s guidance on enforcement and monetary penalties for breaches of financial sanctions, last updated in December 2023, which articulates the agency’s due diligence expectations. While noting that there is no one-size-fits-all approach to sanctions compliance, OFSI indicated that it will consider the degree and quality of a company’s due diligence if the agency ever investigates a potential violation of financial sanctions. OFSI expects to see evidence of a reasonable risk-based decision-making process, carried out in good faith. The guidance also clarifies the range of options available to OFSI, depending upon the severity of the breach. For instance, minor sanctions breaches are likely to be dealt with via a private warning letter, provided that there are no significant aggravating factors and the breach does not form part of a wider pattern. Moderate breaches are likely to be dealt with via a public disclosure without monetary penalty, and serious breaches are likely to attract monetary penalties or, in the most egregious cases, will be referred to UK law enforcement agencies for criminal investigation and potential prosecution. OFSI also reiterated that the standard of proof for civil investigations is the “balance of probabilities,” meaning that a breach is more likely than not to have occurred, rather than the “beyond reasonable doubt” standard that applies in the criminal context. Finally, OFSI shed light on some non-determinative factors that the agency can consider as aggravating, including: the circumvention of any prohibitions or the facilitation of the contravention of any prohibitions; a high financial value associated with a breach; the breach’s ability to harm the regime’s objectives; and a regulated person’s failure to meet regulatory standards.

5. Iran Sanctions and Policy Update

The United Kingdom’s stance toward Iran is being reshaped as geopolitical tensions rise and Iran continues to act as a global destabilizing force. Indeed, the UK Government’s 2023 Review, discussed above, included a commitment to counter, in cooperation with allies, the threat to regional and international security posed by the Iranian regime.

Ahead of Joint Comprehensive Plan of Action Transition Day (i.e., October 18, 2023), the UK Government, together with the governments of France and Germany, issued a joint statement committing to maintaining nuclear proliferation-related measures on Iran, as well as arms and missile embargoes. The statement explicitly called out Iran’s refusal to return to the JCPOA and Tehran’s continued expansion of its nuclear program and its stockpile of enriched uranium without any credible civilian justification.

On Transition Day, the UK Government followed up by translating former UN sanctions into UK law and, alongside 46 other countries that have endorsed the Proliferation Security Initiative, issued a joint statement affirming a commitment to implement effective measures to interdict the transfer to and from Iran of missile-related materials, including those related to UAVs; adopt streamlined procedures for the rapid exchange of relevant information concerning Iran’s proliferation activities; work to strengthen relevant national legal authorities to address Iranian missile- and UAV-related issues; and take specific actions in support of interdiction efforts related to Iran’s missile and UAV programs.

The United Kingdom in July 2023 announced a new Iran sanctions regime developed to respond to unprecedented threats from the Government of Iran and Iranian-backed armed groups, including efforts to undermine peace and security across the Middle East and plots to kill individuals on UK soil. This new instrument, which took effect in December 2023, replaces the existing Iran Human Rights sanctions regulations, and enables the alignment of Iran-related sanctions regulations as far as possible. Among several designations and restrictive measures imposed, the new regime notably includes export restrictions on drone components, as well as new powers to impose transport sanctions on ships involved in contravening existing sanctions or owned or controlled by sanctioned individuals.

These developments follow the previous broadening of sanctions on Iran in relation to human rights violations and the designation of Iranian companies under the Russia sanctions regime, and aim to bring most Iran-related restrictive measures under one heading. As hostilities in the Middle East continue to escalate, the implementation of new UK restrictive measures targeting Iran in 2024 cannot be ruled out.

C. Export Controls Developments

1. Multilateral Cooperation

The United Kingdom has taken an increasingly multilateral approach to export controls in response to Russia’s full-scale invasion of Ukraine and growing geopolitical challenges. In March 2023, the UK Government issued a joint statement with 10 other countries on the need for domestic and international controls of commercial spyware technology. Noting the threat to civil liberties and national security that the misuse of such technologies poses, the United Kingdom pledged to work with other democracies to share information and to prevent the export of software, equipment, and technology to end users who are likely to use them for malicious cyber activity. As discussed under Sections I.E and IV.A, above, the UK Government and its Five Eye partners also announced a joint effort in June 2023 to enforce export controls, and on multiple occasions this past year the United States, the European Union, the United Kingdom, and Japan issued and updated their common list of high-priority items deemed critical to Russia’s war effort—which items may present elevated risks of export control evasion and will likely be a top enforcement priority going forward.

2. Enforcement Update

As part of its efforts to combat circumvention and evasion, the United Kingdom in December 2023 announced that it is launching a new Office of Trade Sanctions Implementation (“OTSI”), which will allocate implementation and enforcement of UK trade sanctions to a dedicated agency.

OTSI will be responsible for civil enforcement of trade sanctions, including those against Russia which have become incredibly complex and warrant the assembly of a specialist team on the government’s side. The agency will operate in parallel with OFSI, which will continue to exclusively deal with financial sanctions. OTSI will issue guidance, act as a point of contact, investigate potential breaches, issue civil penalties, and refer cases to HMRC for criminal enforcement where needed.

OTSI is designed to fill a gap in UK sanctions implementation and enforcement. In light of the growing overlap between sanctions and export controls brought about by the United Kingdom’s sweeping Russia-related trade restrictions, HMRC is pursuing civil enforcement of trade sanctions breaches. However, HMRC is also tasked with export control enforcement, and its resources risk being strained in the long run. Over the past year, however, this has not stopped HMRC from pursuing several civil and criminal enforcement actions. For example, in August 2023, HMRC fined a UK company £1 million for trading unlicensed goods in violation of Russia sanctions—the largest penalty for violations of Russia sanctions to date.

UK enforcement actions were not, however, limited to violations of Russia sanctions. HMRC announced a fine of nearly £1 million for the unlicensed export of dual-use goods in May 2023, as well as several smaller settlements throughout the year for the unlicensed export of dual-use and military goods. In addition to imposing civil penalties, HMRC brought criminal enforcement actions against corporate entities. In May 2023, the agency announced that a criminal investigation into the suspected deliberate evasion of UK export controls had led to a guilty plea for an unlicensed shipment of controlled chemicals, a dual-use good.

Despite having increased the issuance of substantial fines, HMRC continues to abide by its longstanding practice not to disclose details of persons found in violation of UK export controls and trade sanctions.

D. Foreign Direct Investment Developments

Following a sustained downward trend in inbound foreign direct investment flows, the United Kingdom adopted a more permissive approach to FDI screening in 2023. The past year saw no orders blocking or unwinding transactions, and only six final orders imposing conditions on acquisitions. While China was the clear focus of most prohibitions and conditional orders in 2022, only one of the six final orders announced in 2023 involved investors linked to China. Instead, the United Kingdom in 2023 focused on issuing orders protecting military and defense assets such as transmission systems, satellite services, and naval propulsion systems regardless of the acquirer’s nationality. Four of the six final orders involved acquirers from countries that have traditionally been friends or close allies of the United Kingdom, including the United States, Canada, and France, suggesting that the United Kingdom is prepared to exercise its FDI screening powers without regard to where the acquirer is based when it believes that UK national security is at stake.

As the third anniversary of the regime approaches, the UK Government called on stakeholders both inside and outside of the United Kingdom to complete an in-depth survey on UK FDI screening with an eye toward making the regime as business friendly as possible.

* * *

In short, 2023 was another extraordinarily active year in the world of trade controls. Between Russia’s ongoing war in Ukraine, continuing frosty relations between Washington and Beijing, instability in the Middle East and parts of Africa and Latin America, and a rapidly approaching U.S. presidential election (as well as elections in dozens of countries around the world), we expect further seismic shifts to keep multinational enterprises occupied throughout the months ahead.

The following Gibson Dunn lawyers prepared this update: Scott Toussaint, Irene Polieri, Adam M. Smith, Stephenie Gosnell Handler, Christopher Timura, Michelle Kirschner, Benno Schwarz, Attila Borsos, Roscoe Jones, David Wolber, Amanda Neely, Dharak Bhavsar, Felicia Chen, Justin duRivage, Justin Fishman, Konstantinos Flogaitis*, Mason Gauch, Erika Suh Holmberg, Zach Kosbie, Hayley Lawrence, Allison Lewis, Nikita Malevanny, Jacob McGee, Chris Mullen, Sarah Pongrace, Nick Rawlinson, Anna Searcey, Samantha Sewall, Alana Sheppard*, Dominic Solari, Elsie Stone, Audi Syarief, Alana Tinkler, Lauren Trujillo, Gerti Wilson, Claire Yi, and Zach Young.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. For additional information about how we may assist you, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or the following leaders and members of the firm’s International Trade practice group:

United States
Ronald Kirk – Co-Chair, Dallas (+1 214.698.3295, rkirk@gibsondunn.com)
Adam M. Smith – Co-Chair, Washington, D.C. (+1 202.887.3547, asmith@gibsondunn.com)
Stephenie Gosnell Handler – Washington, D.C. (+1 202.955.8510, shandler@gibsondunn.com)
Christopher T. Timura – Washington, D.C. (+1 202.887.3690, ctimura@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202.887.3786, dburns@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213.229.7269, nhanna@gibsondunn.com)
Courtney M. Brown – Washington, D.C. (+1 202.955.8685, cmbrown@gibsondunn.com)
Chris R. Mullen – Washington, D.C. (+1 202.955.8250, cmullen@gibsondunn.com)
Sarah L. Pongrace – New York (+1 212.351.3972, spongrace@gibsondunn.com)
Anna Searcey – Washington, D.C. (+1 202.887.3655, asearcey@gibsondunn.com)
Samantha Sewall – Washington, D.C. (+1 202.887.3509, ssewall@gibsondunn.com)
Audi K. Syarief – Washington, D.C. (+1 202.955.8266, asyarief@gibsondunn.com)
Scott R. Toussaint – Washington, D.C. (+1 202.887.3588, stoussaint@gibsondunn.com)
Claire Yi – New York (+1 212.351.2603, cyi@gibsondunn.com)
Shuo (Josh) Zhang – Washington, D.C. (+1 202.955.8270, szhang@gibsondunn.com)

Asia
Kelly Austin – Hong Kong/Denver (+1 303.298.5980, kaustin@gibsondunn.com)
David A. Wolber – Hong Kong (+852 2214 3764, dwolber@gibsondunn.com)
Fang Xue – Beijing (+86 10 6502 8687, fxue@gibsondunn.com)
Qi Yue – Beijing (+86 10 6502 8534, qyue@gibsondunn.com)
Dharak Bhavsar – Hong Kong (+852 2214 3755, dbhavsar@gibsondunn.com)
Felicia Chen – Hong Kong (+852 2214 3728, fchen@gibsondunn.com)
Arnold Pun – Hong Kong (+852 2214 3838, apun@gibsondunn.com)

Europe
Attila Borsos – Brussels (+32 2 554 72 10, aborsos@gibsondunn.com)
Susy Bullock – London (+44 20 7071 4283, sbullock@gibsondunn.com)
Patrick Doris – London (+44 207 071 4276, pdoris@gibsondunn.com)
Sacha Harber-Kelly – London (+44 20 7071 4205, sharber-kelly@gibsondunn.com)
Michelle M. Kirschner – London (+44 20 7071 4212, mkirschner@gibsondunn.com)
Penny Madden KC – London (+44 20 7071 4226, pmadden@gibsondunn.com)
Irene Polieri – London (+44 20 7071 4199, ipolieri@gibsondunn.com)
Benno Schwarz – Munich (+49 89 189 33 110, bschwarz@gibsondunn.com)
Nikita Malevanny – Munich (+49 89 189 33 160, nmalevanny@gibsondunn.com)

*Konstantinos Flogaitis, a trainee solicitor in the London office, is not admitted to practice law.

*Alana Sheppard, an associate in the New York office, is practicing under supervision of members of the New York bar.

As of 13 October 2023, Germany has adopted a new type of class action. The new law is an incremental step towards more collective redress in Germany. The new regime maintains the existing restriction that requires qualified consumer protection organizations to bring the action. However, these entities may now seek damages from defendants directly on behalf of the class. Together with the several coinciding factors detailed below, the new class action might lead to a more fundamental change in the German litigation landscape.

The previous collective redress regime only allowed for declaratory judgments. After obtaining a judgment, plaintiffs had to file individual lawsuits to get the desired relief, i.e. payment of damages. This two-tier mechanism was one of several factors that evoked substantial criticism in Germany. It also made the so called “Declaratory Model Action” (“DMA”) unpopular with plaintiffs. In the five years since its inception in 2018, only roughly 35 DMAs were filed. The German legislator estimated in 2018 that 450 DMAs would be filed per year.

The new class action aims to address the deficiencies of the existing regime. It is based on the EU Directive 2020/1828 on Representative Actions (which we discussed in a prior client alert). The EU Directive requires all EU member states to implement new class action regimes by 2023 while allowing them considerable leeway to implement the directive’s broad requirements into their national legal systems. The Netherlands, for example, have created a plaintiff-friendly class action system with an opt-out mechanism.

Germany, on the other hand, has opted for a cautious evolution of its collective redress provisions. The hallmarks of the new German regime and our predictions for its future relevance are set forth below:

Qualified Entities as Plaintiffs

Just like under the previous regime, the new class action can only be brought by qualified consumer protection organizations under German law as well as qualified entities from other EU member states (so-called qualified entities – QEs). This requirement is meant to prevent frivolous class actions.

The consumer protection organizations are required to inform consumers on their homepages about all representative actions they are planning to or have already filed, as well as the status of all pending actions. Potential defendants may be able to use this as an early-warning system for new class actions against them.

Permissible Relief

Qualified entities can now directly sue defendants for damages or other forms of relief on behalf of the consumers concerned. After a favorable verdict for the class, the court will request the parties to devise a settlement on how to distribute the funds. If no settlement is reached, the court will appoint a claims administrator to distribute the funds. Funds which are not claimed by consumers or cannot be distributed to class members are transferred back to the defendant. There is no potential for a cy-pres award like in the U.S.

Broad Scope

Under the EU Directive, the member states are only obliged to allow class actions with regard to an exhaustive list of EU provisions on consumer protection. Germany has not restricted the scope of collective redress. All matters that could be litigated in an individual civil lawsuit in Germany can be litigated in the new class action. This includes classic subject matters for collective redress such as product safety and mass torts as well as the emerging litigation issues around ESG, data privacy, and private enforcement of new EU legislation (i.e. the EU Digital Markets Act or its proposed AI Regulation).

Class Definition

Unlike many class actions in the U.S., consumers have to opt-in to join a German class action and there is no requirement for class certification. However, the qualified entity acting as plaintiff will have to show in its statement of claim that at least 50 consumers are affected by the class action and that the consumers’ claims present substantially similar questions of law or fact. These two prongs are reminiscent of the numerosity and commonality requirements in U.S. class actions under Rule 23 (a) FRCP.

Consumers will have a longer period for considering an opt-in than before. They can opt into the class until three weeks after the conclusion of the oral hearing. This allows consumers to react to positive developments late in the proceedings.

Limitations on Third-Party Funding

The new law allows third-party funding for class actions, but imposes fairly strict requirements. If the requirements are not met, the class action will be dismissed. Any third party funding a class action may not be a competitor of the defendant or in any way (economically) dependent on the defendant. More importantly, the third-party funder must not be promised more than ten percent of the proceeds from the class action. If a class action is funded by a third-party, the plaintiff is obliged to disclose its arrangements with the funder.

These prerequisites will likely deter many third-party funders from entering the German class action litigation market.

No Additional Discovery Provisions

Germany has not made use of the leeway under the EU Directive to allow for more discovery in consumer class actions. While courts can order a party to produce certain documents clearly defined by the other party, there will be no U.S.-style discovery in German class actions.

However, courts may now repeatedly fine parties up to EUR 250,000 if they fail to comply with a court order to produce the requested document or item.

Parallel Individual Actions

Consumers who have not opted into the class action will be able to sue the same defendant individually for the same claims as in the class action. Defendants will, therefore, have to prepare to defend numerous individual lawsuits in parallel to the new class action.

Cost Recovery

As is customary in Germany and the EU, the losing party will be required to bear the costs of the class action. This again is meant to discourage frivolous lawsuits. In theory, this also includes the opposing party’s legal fees. However, the recoverable amount is limited by statute and depends on the amount in dispute. The new German law caps the amount in dispute at EUR 300,000. This equals a maximum amount for recoverable legal fees in the range of EUR 10,000.

Tolling of Statutes of Limitations

Opting into a class action suspends the statute of limitations for consumers – even for consumers who later opt out again.

Therefore, consumers can toll the statute of limitations by opting into a class action as a mere precaution. They are free to opt out at a later stage and pursue individual claims against the defendant, as long as they opt out before the cut-off point three weeks after the first oral hearing on the merits.

Settlements

Similar to U.S. class actions, all settlements in German class actions must be scrutinized by the court. The court will reject the settlement if it is not “fair”. Settlements are final and binding for the parties as well as the consumers who have opted into the class action. However, consumers may opt out of a settlement within a month after the settlement was published in the class action register.

Outlook

The new law has been met with both approval and criticism from stakeholders and interested parties. For the time being, the new class action regime as such will certainly not turn Germany into a class action hot spot. However, in combination with ever increasing regulatory activity by national and European rule makers, an increasing focus on private enforcement of regulations, and a German judiciary that is generally willing to create consumer-friendly law, such as in the context of the diesel emissions cases, this may provide to be just the perfect mix for a more fundamental change of the German litigation landscape in the long run. Companies are certainly well advised to monitor closely whether they may be the target of class actions under the new German regime, and to prepare accordingly.

The following Gibson Dunn lawyers prepared this client alert: Alexander Horn, Markus Rieder, Friedrich Wagner, and Annekathrin Schmoll.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Class Actions, Litigation, or Appellate and Constitutional Law practice groups, the authors, or any of the following leaders and members of the Class Actions Group:

Frankfurt:
Alexander Horn (+49 69 247 411 537, ahorn@gibsondunn.com)

Munich:
Markus Rieder (+49 89 189 33 162, mrieder@gibsondunn.com)
Friedrich A. Wagner (+49 89 189 33-262, fwagner@gibsondunn.com)

Brussels:
Christian Riis-Madsen (+32 2 554 72 05, criis@gibsondunn.com)

Paris:
Eric Bouffard (+33 (0) 1 56 43 13 00), ebouffard@gibsondunn.com)
Jean-Pierre Farges (+33 (0) 1 56 43 13 00, jpfarges@gibsondunn.com)
Pierre-Emmanuel Fender (+33 (0) 1 56 43 13 00, pefender@gibsondunn.com)

London:
Susy Bullock (+44 20 7071 4283, sbullock@gibsondunn.com)
Patrick Doris (+44 20 7071 4276, pdoris@gibsondunn.com)
Osma Hudda (+44 20 7071 4247, ohudda@gibsondunn.com)
Ali Nikpay (+44 20 7071 4273, anikpay@gibsondunn.com)
Philip Rocher (+44 20 7071 4202, procher@gibsondunn.com)
Deirdre Taylor (+44 20 7071 4274, dtaylor2@gibsondunn.com)
Doug Watson (+44 20 7071 4217, dwatson@gibsondunn.com)

United States:
Theodore J. Boutrous, Jr. – Los Angeles (+1 213-229-7000, tboutrous@gibsondunn.com)
Christopher Chorba – Co-Chair, Class Actions Group – Los Angeles (+1 213-229-7396, cchorba@gibsondunn.com)
Theane Evangelis – Co-Chair, Litigation Group, Los Angeles (+1 213-229-7726, tevangelis@gibsondunn.com)
Lauren R. Goldman – New York (+1 212-351-2375, lgoldman@gibsondunn.com)
Kahn A. Scolnick – Co-Chair, Class Actions Group – Los Angeles (+1 213-229-7656, kscolnick@gibsondunn.com)
Bradley J. Hamburger – Los Angeles (+1 213-229-7658, bhamburger@gibsondunn.com)
Lauren M. Blas – Los Angeles (+1 213-229-7503, lblas@gibsondunn.com)

Gibson, Dunn & Crutcher LLP is pleased to announce with Global Legal Group the release of the International Comparative Legal Guide to Sanctions 2024 – Germany Chapter. Gibson Dunn partner Benno Schwarz and associate Nikita Malevanny are co-authors of the publication which provides an overview of the EU sanctions regime as applied by Germany and covers relevant government agencies, applicable guidance, sanctions jurisdiction, export controls, criminal and civil enforcement, recent developments, and other topics. The chapter was co-authored with Veit Bütterlin and Svea Ottenstein from AlixPartners.

You can view this informative and comprehensive chapter via the link below:

CLICK HERE to view Sanctions 2024 – Germany Chapter.

About Gibson Dunn’s International Trade Practice:

Gibson Dunn’s International Trade Practice includes some of the most experienced practitioners in the field. Our global experience is unparalleled – the practice’s lawyers have worked extensively across Asia, Europe, the Gulf, and the Americas and many have served in senior government and enforcement roles as principal architects of key sanctions and export controls regimes and relief, including with respect to U.N. sanctions, and U.S. measures against Iran, Russia, Cuba, and Myanmar. For further information, please visit our practice page and feel free to contact Benno Schwarz (+49 89 189 33-210, bschwarz@gibsondunn.com), Nikita Malevanny (+49 89 189 33-224, nmalevanny@gibsondunn.com) or the Gibson Dunn lawyer with whom you usually work.

About the Authors:

Benno Schwarz is a partner in the Munich office of Gibson Dunn and co-chair of the firm’s Anti-Corruption & FCPA Practice Group. He focuses on white collar defense and compliance investigations in a wide array of criminal regulatory matters. For more than 30 years, he has handled sensitive cases and investigations concerning all kinds of compliance issues, especially in an international context, advising and representing companies and their executive bodies. He coordinates the German International Trade Practice Group of Gibson Dunn and assists clients in navigating the complexities of sanctions and counter-sanctions compliance. He is regularly recognized as a leading lawyer in Germany in the areas of white-collar crime, corporate advice, compliance and investigations.

Nikita Malevanny is an associate in the Munich office of Gibson Dunn and a member of the firm’s White Collar Defense and Investigations, Litigation, and International Trade Practice Groups. He focuses on international trade compliance, including EU sanctions, embargoes and export controls. He also carries out internal and regulatory investigations in the areas of corporate anti-corruption, anti-money laundering and technical compliance. Handelsblatt / The Best Lawyers^TM in Germany 2023/2024 have recognized him in their list “Ones to Watch” for litigation and intellectual property law. He holds both German and Russian law degrees and speaks German, English, Russian and Ukrainian. He is a regular member of Gibson Dunn’s cross-border teams supporting and advising clients on global sanctions and export control aspects.

On July 28, 2023, a new EU regulation regarding the cross-border access to electronic evidence in criminal proceedings was announced in the Official Journal of the European Union (the “Regulation”).[1] The Regulation, which will apply as of August 18, 2026, contains rules under which an authority of a EU Member State may issue a European Production Order or a European Preservation Order to request a service provider in another Member State to produce or to preserve electronic evidence regardless of the location of the data.[2] Failing to comply with such orders may involve severe sanctions for such service providers.

The Regulation is a considerable step forward for cross-border government investigations in the European Union. Currently, to obtain electronic evidence, EU Member State authorities must rely either on lengthy judicial cooperation procedures with the risk that data are moved or deleted or on the voluntary cooperation of service providers, a process which, according to the EU Commission, lacks reliability, transparency, accountability, and legal certainty.[3]

1. European Production Orders

Pursuant to the Regulation, a judicial authority of a Member State will be entitled to issue a European Production Order to request electronic evidence directly from a service provider located in another Member State. In the case of requesting traffic data[4] or content data,[5] a judge, a court or an investigating judge will be a proper issuing authority. If a Member State wanted to obtain subscriber data[6] or data for the sole purpose of identifying the user, a public prosecutor would also be entitled to issue a European Production Order. The Member States may define further competent issuing authorities, but in these case the Regulation requires a validation process.[7]

A European Production Order for obtaining traffic data or content data may be issued if these data are necessary and proportionate to the purpose of criminal proceedings relating to offenses punishable in the issuing State by a custodial sentence of a maximum of at least three years or to specific offenses[8] referenced in the Regulation. Further, a European Production Order requires that a similar order could have been issued under the same conditions in a domestic case. These data may also be requested for the execution of a custodial sentence or a detention order of at least four months, following criminal proceedings and imposed by a decision that was not rendered in absentia in cases where the person convicted absconded from justice.[9]

In the case of subscriber data or of data requested for the sole purpose of identifying the user, the same conditions apply, but in these cases European Production Orders may be issued for all offenses subject to a criminal investigation.[10]

A European Production Order will be addressed directly to the service provider,[11] but in certain cases of requesting traffic or content data the issuing authority must notify an enforcing authority based in the Member State where the service provider resides.[12] The enforcing authority will assess the case as soon as possible, but no later than ten days following the receipt of the notification, and decide whether it wants to invoke a ground for refusal, such as the protection of fundamental rights or of immunities and privileges.[13]

Upon receipt of a European Production Order, a service provider must expeditiously preserve the requested data and transmit them at the latest within ten days directly to the issuing authority or to the law enforcement authority designated on the order.[14]In cases of emergency, the service provider must transmit the data without undue delay and at the latest within eight hours following the receipt of the order.[15]

2. European Preservation Orders

By way of a European Preservation Order, a judge, a court, an investigating judge, a public prosecutor or – upon validation – another designated authority may order that a service provider located in another Member State preserve electronic evidence for the purposes of a subsequent request for production.[16]

Such an order may be issued for all criminal offenses if necessary for and proportionate to the purpose of preventing the removal, deletion or alteration of data with a view to issuing a subsequent request for production of those data and if it could have been issued under the same conditions in a similar domestic case. These orders may also serve for the execution of a custodial sentence or a detention order of at least four months, following criminal proceedings, imposed by a decision that was not rendered in absentia, in cases where the person convicted absconded from justice.[17]

In the case of a European Preservation Order, the service provider must preserve the requested data without undue delay. The obligation to preserve the data will cease after 60 days, unless the issuing authority confirms that a subsequent request for production has been issued. During that 60-day period, the issuing authority may extend the duration of the obligation to preserve the data by an additional 30-day period if necessary to allow for the issuing of a subsequent request for production.[18]

3. Notion of a Service Provider Offering Services in the Union

The Regulation applies to service providers which offer services in the European Union.[19] The Regulation defines a “service provider” as any natural or legal person that provides one or more of the following categories of services:

Electronic communications services;[20]
Internet domain name and IP numbering services, such as IP address assignment, domain name registry, domain name registrar and domain name-related privacy and proxy services;
Other information society services[21] that enable their users to communicate with each other; or make it possible to store or otherwise process data on behalf of the users to whom the service is rendered, provided that the storage of data is a defining component of the service provided to the user.[22]

Financial services such as such as banking, credit, insurance and re-insurance, occupational or personal pensions, securities, investment funds, payment and investment advice are not covered by the Regulation.[23]

A service provider in that sense offers services within the European Union if it enables natural or legal persons in a Member State to use the services listed above and if it has a substantial connection, based on specific factual criteria, to that Member State.[24] Such a substantial connection is considered to exist where the service provider has an establishment in a Member State, where there is a significant number of users in one or more Member States or where the service provider targets its activities towards one or more Member States.[25]

Pursuant to a EU Directive announced on the same day as the Regulation in the Official Journal of the European Union (the “Directive”), Member States will have to ensure that all service providers offering services in the European Union designate a legal representative or a designated establishment to receive, comply with, and enforce requests to gather electronic evidence.[26]

4. Sanctions, Enforcement, Conflict of Laws

The Regulation sets forth that Member States must enact rules on pecuniary penalties for infringements of the execution of European Production Orders or European Preservation Orders. These pecuniary penalties must be effective, proportionate and dissuasive. In that respect, Member States must ensure that pecuniary penalties of up to 2% of the total worldwide annual turnover of the service provider’s preceding financial year can be imposed.[27] Pursuant to the Directive, Member States will have to ensure that that both the designated establishment or the legal representative and the service provider can be held jointly and severally liable for non-compliance so that each of them may be subject to penalties.[28]

Apart from pecuniary penalties, the Regulation contains detailed rules on the enforcement by the enforcing state.[29] However, a service provider must inform the issuing authority and the enforcing authority if it considered that the execution of a European Production Order or of a European Preservation Order could interfere with immunities or privileges, or with rules on the determination or limitation of criminal liability that relate to freedom of the press or freedom of expression in other media, under the law of the enforcing State. In such cases, the issuing authority decides whether to withdraw, adapt or maintain the respective order. In addition, in the case of a European Production Order, the enforcing authority may raise a ground for refusal.[30]

A special review procedure applies, if a service provider invoked that complying with a European Production Order would conflict with an obligation under the law of a third country. Then, the service provider would have to file a “reasoned objection” within ten days after receipt of the European Production Order. If the issuing authority decided to uphold the order, a competent court of the issuing state would have to review the case. Importantly, if this court found that the law of the third country prohibits disclosure of the data concerned, the court would not automatically lift the European Production Order but rather balance relevant factors (some of which are set out in more detail in the Regulation[31]) to decide whether to uphold or lift the order.

______________________

[1] Eur-Lex, Regulation (EU) 2023/1543 of the European Parliament and of the Council of 12 July 2023 on European Production Orders and European Preservation Orders for electronic evidence in criminal proceedings and for the execution of custodial sentences following criminal proceedings, available under https://eur-lex.europa.eu/eli/reg/2023/1543/oj (last visited [July 31, 2023]).

[2] Article 1(1) of the Regulation.

[3] EU Commission, press release of November 29, 2022, https://ec.europa.eu/commission/presscorner/detail/es/ip_22_7246 (last visited [July 31, 2023]).

[4] Article 3 no. 11 of the Regulation.

[5] Article 3 no. 12 of the Regulation.

[6] Article 3 no. 9 of the Regulation.

[7] Article 4(1) and (2) of the Regulation.

[8] Article 5(4) of the Regulation.

[9] Article 5(2) and (4) of the Regulation.

[10] Article 5(2) and (3) of the Regulation.

[11] Article 7 of the Regulation.

[12] Article 3 no. 16, 17 and Article 8 of the Regulation. No notification is necessary where the offense has been committed, is being committed or is likely to be committed in the issuing State and the person whose data are requested resides in the issuing State.

[13] Article 12 of the Regulation.

[14] Article 10 of the Regulation.

[15] Article 10(4) of the Regulation.

[16] Article 5(3) of the Regulation.

[17] Article 6(2) and (3) of the Regulation.

[18] Article 11(1) of the Regulation.

[19] Article 2(1) of the Regulation.

[20] Article 2 no. 4 of Directive (EU) 2018/1972 establishing the European Electronic Communications Code.

[21] As referred to in Article 1(1) (b) of Directive (EU) 2015/1535 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services.

[22] Article 3 no. 3 of the Regulation.

[23] Article 3 no. 3 of the Regulation, see also Article 2(2) lit. b of the Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market.

[24] Article 3 no. 4 of the Regulation.

[25] Article 3 no. 4 of the Regulation.

[26] Eur-Lex, Directive (EU) 2023/1544 of the European Parliament and of the Council of 12 July 2023 laying down harmonised rules on the designation of designated establishments and the appointment of legal representatives for the purpose of gathering electronic evidence in criminal proceedings, available under https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32006L0123 (last visited [July 31, 2023]).

[27] Article 15 of the Regulation.

[28] Article 3(5) of the Directive.

[29] Article 16 of the Regulation.

[30] Articles 10(5) and 11(4) of the Regulation.

[31] According to Article 17(6) of the Regulation, the assessment shall in particular be based on the following factors, while giving particular weight to the factors referred to in points (a) and (b): (a) the interest protected by the relevant law of the third country, including fundamental rights as well as other fundamental interests preventing disclosure of the data, in particular national security interests of the third country; (b) the degree of connection between the criminal case for which the European Production Order was issued and either of the two jurisdictions, as indicated inter alia by: (i) the location, nationality and place of residence of the person whose data are being requested or of the victim or victims of the criminal offense in question; (ii) the place where the criminal offense in question was committed; (c) the degree of connection between the service provider and the third country in question; in this context, the data storage location alone shall not suffice for the purpose of establishing a substantial degree of connection; (d) the interests of the investigating State in obtaining the evidence concerned, based on the seriousness of the offence and the importance of obtaining evidence in an expeditious manner; (e) the possible consequences for the addressee or for the service provider of complying with the European Production Order, including the potential penalties.

The following Gibson Dunn attorneys assisted in preparing this update: Andreas Dürr, Kai Gesing, Katharina Humphrey, and Benno Schwarz.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following members of Gibson Dunn’s White Collar Defense and Investigations or Anti-Corruption and FCPA practice groups in Germany:

Corporate Compliance / White Collar Matters
Andreas Dürr (+49 89 189 33 219, aduerr@gibsondunn.com)
Ferdinand Fromholzer (+49 89 189 33 270, ffromholzer@gibsondunn.com)
Kai Gesing (+49 89 189 33 285, kgesing@gibsondunn.com)
Katharina Humphrey (+49 89 189 33 217, khumphrey@gibsondunn.com)
Markus Nauheim (+49 89 189 33 222, mnauheim@gibsondunn.com)
Markus Rieder (+49 89 189 33 260, mrieder@gibsondunn.com)
Benno Schwarz (+49 89 189 33 210, bschwarz@gibsondunn.com)
Finn Zeidler (+49 69 247 411 530, fzeidler@gibsondunn.com)
Mark Zimmer (+49 89 189 33 230, mzimmer@gibsondunn.com)

Since the European Commission first published its highly anticipated proposal for an AI regulation in April 2021,[1] EU institutions and lawmakers have been making significant strides towards passing what would be the first comprehensive legislative framework for AI, the EU Artificial Intelligence Act (“AI Act”). The AI Act seeks to deliver on EU institutions’ promises to put forward a coordinated European regulatory approach on the human and ethical implications of AI, and once in force would be binding on all 27 EU Member States.[2]

Following on the heels of the European Commission’s 2021 proposal, the Council of the European Union adopted its common position (“general approach”) on the AI Act in December 2022.[3] Most notably, in its general approach the Council narrowed the definition of ‘AI system’ covered by the AI Act to focus on a measure of autonomy i.e., to ensure that simpler software systems were not inadvertently captured.

On June 14, 2023, the European Parliament voted to adopt its own negotiating position on the AI Act,[4] triggering discussions between the three branches of the European Union—the European Commission, the Council and the Parliament—to reconcile the three different versions of the AI Act, the so-called “trilogue” procedure. The Parliament’s position expands the scope and reach of the AI Act in a number of ways, and press reports suggest contentious reconciliation meetings and further revisions to the draft AI Act lay ahead. In this client alert, we offer some key takeaways from the Parliament’s negotiating position.

The AI Act Resonates Beyond the EU’s Borders

The current draft regulation provides that businesses placing AI systems on the market or putting them into service in the EU will be subject to the AI Act, irrespective of whether those providers are established within the EU or in a third country. Given its status as the first comprehensive attempt to regulate AI systems and its extraterritorial effect, the AI Act has the potential to become the key international benchmark for regulating the fast-evolving AI space, much like the General Data Protection Regulation (“GDPR”) in the realm of data privacy.

The regulation is intended to strike a much-debated balance between regulation and safety, citizens’ rights, economic interests, and innovation. Reflecting concerns that an overly restrictive law would stifle AI innovation in the EU market, the Parliament has proposed exemptions for research activities and open-source AI components and promoted the use of so-called “regulatory sandboxes,” or controlled environments, created by public authorities to test AI before its deployment.[5] Establishing harmonized standards for the implementation of the AI Act’s provisions will be critical to ensure companies can prepare for the new regulatory requirements by, for example, building appropriate guardrails and governance processes into product development and deployment early in the design lifecycle.

The Definition of AI Is Aligned with OECD and NIST

The AI Act’s definition of AI has consistently been a key threshold issue in defining the scope of the draft regulation and has undergone numerous changes over the past several years. Initially, the European Commission defined AI based on a series of techniques listed in the annex to the regulation, so that it could be updated as the technology developed. In the face of concerns that a broader definition could sweep in traditional computational processes or software, the EU Council and Parliament opted to move the definition to the body of the text and narrowed the language to focus on machine-learning capabilities, in alignment with the definition of the Organisation for Economic Co-operation and Development (OECD) and the U.S. National Institute of Standards and Technology (“NIST”):[6]

“a machine-based system that is designed to operate with varying levels of autonomy and that can, for explicit or implicit objectives, generate outputs such as predictions, recommendations, or decisions that influence physical or virtual environments.”

In doing so, the Parliament is seeking to balance the need for uniformity and legal certainty against the “rapid technological developments in this field.”[7] The draft text also indicates that AI systems “can be used as stand-alone software system, integrated into a physical product (embedded), used to serve the functionality of a physical product without being integrated therein (non-embedded) or used as an AI component of a larger system,” in which case the entire larger system should be considered as one single AI system if it would not function without the AI component in question.[8]

The AI Act Generally Classifies Use Cases, Not Models or Tools

Like the Commission and Council, the Parliament has adopted a risk-based approach rather than a blanket technology ban. The AI Act classifies AI use by risk level (unacceptable, high, limited, and minimal or no risk) and imposes documentation, auditing, and process requirements on providers (a developer of an AI system with a view to placing it on the market or putting it into service) and deployers (a user of an AI system “under its authority,” except where such use is in a “personal non-professional activity”)[9] of AI systems.

The AI Act prohibits certain “unacceptable” AI use cases and contains some very onerous provisions targeting high-risk AI systems, which are subject to compliance requirements throughout their lifecycle, including pre-deployment conformity assessments, technical and auditing requirements, and monitoring requirements. Limited risk systems include those use cases where humans may interact directly with an AI system (such as chatbots), or that generate deepfakes, which trigger transparency and disclosure obligations.[10] Most other use cases will fall into the “minimal or no risk” category: companies must keep an inventory of such use cases, but these are not subject to any restrictions under the AI Act. Companies developing or deploying AI systems will therefore need to document and review use cases to identify the appropriate risk classification.

The AI Act Prohibits “Unacceptable” Risk AI Systems, Including Facial Recognition in Public Spaces, with Very Limited Exceptions

Under the AI Act, AI systems that carry “unacceptable risk” are per se prohibited. The Parliament’s compromise text bans certain use cases entirely, notably real-time remote biometric identification in publicly accessible spaces, which is intended to include facial recognition tools and biometric categorization systems using sensitive characteristics, such as gender or ethnicity; predictive policing systems; AI systems that deploy subliminal techniques impacting individual or group decisions; emotion recognition systems in law enforcement, border management, the workplace and educational institutions; and scraping biometric data from CCTV footage or social media to create facial recognition databases. There is a limited exception for the use of “post” remote biometric identification systems (where identification occurs via pre-recorded footage after a significant delay) by law enforcement and subject to court approval.

Parliament’s negotiating position on real-time biometric identification is likely to be a point of contention in forthcoming talks with member states in the Council of the EU, many of which want to allow law enforcement use of real-time facial recognition, as did the European Commission in its original legislative proposal.

The Scope of High-Risk AI Systems Subject to Onerous Pre-Deployment and Ongoing Compliance Requirements Is Expanded

High risk AI systems are subject to the most stringent compliance requirements under the AI Act and the designation of high risk systems has been extensively debated during Parliamentary debates. Under the Commission’s proposal, an AI system is considered high risk if it falls within an enumerated critical area or use listed in Annex III to the AI Act. AI systems listed in Annex III include those used for biometrics; management of critical infrastructure; educational and vocational training; employment, workers management and access to self-employment tools; access to essential public and private services (such as life and health insurance); law enforcement; migration, asylum and border control management tools; and the administration of justice and democratic processes.

The Parliament’s proposal clarifies the scope of high-risk systems by adding a requirement that an AI system listed in Annex III shall be considered high-risk if it poses a “significant risk” to an individual’s health, safety, or fundamental rights. The Parliament also proposed additional AI systems to the high risk category, including AI systems intended to be used for influencing elections, and recommendation engines of social media platforms that have been designated as Very Large Online Platforms (VLOPs), as defined by the Digital Services Act (“DSA”).

High-risk AI systems would be subject to pre-deployment conformity assessments, informed by guidance to be prepared by the Commission with a view to certifying that the AI system is premised on an adequate risk assessment, proper guardrails and mitigation processes, and high-quality datasets. Conformity assessment would also be required to confirm the availability of appropriate compliance documentation, traceability of results, transparency, human oversight, accuracy and security.

A key challenge companies should anticipate when implementing the underlying governance structures for high risk AI systems is accounting for and tracking model changes that may necessitate a re-evaluation of risk, particularly for unsupervised or partially unsupervised models. In certain cases, independent third-party assessments may be necessary to obtain a certification that verifies the AI system’s compliance with regulatory standards.

The Parliament’s proposal also includes redress mechanisms to ensure harms are resolved promptly and adequately, and adds a new requirement for conducting “Fundamental Rights Impact Assessments” for high-risk systems to consider the potential negative impacts of an AI system on marginalized groups and the environment.

“General Purpose AI” and Generative AI Will Be Regulated

Due to the increasing availability of large language models (LLMs) and generative AI tools, recent discussions in Parliament focused on whether the AI Act should include specific rules for GPAI, foundation models, and generative AI.

The regulation of GPAI—an AI system that is adaptable to a wide range of applications for which it was not intentionally and specifically designed—posed a fundamental issue for EU lawmakers because of the prior focus on AI systems developed and deployed for specific use cases. As such, the Council’s approach had contemplated excluding GPAI from the scope of the AI Act, subject to a public consultation and impact assessment and future regulations proposed by the European Commission. Under the Parliament’s approach, GPAI systems are outside the AI Act’s classification methodology, but will be subject to certain separate testing and transparency requirements, with most of the obligations falling on any deployer that substantially modifies a GPAI system for a specific use case.

Parliament also proposed a regime for regulating foundation models, consisting of models that “are trained on broad data at scale, are designed for generality of output, and can be adapted to a wide range of distinctive tasks,” such as GPT-4.[11] The regime governing foundation models is similar to the one for high-risk AI applications and directs providers to integrate design, testing, data governance, cybersecurity, performance, and risk mitigation safeguards in their products before placing them on the market, mitigating foreseeable risks to health, safety, human rights, and democracy, and registering their applications in a database, which will be managed by the European Commission.

Even stricter transparency obligations are proposed for generative AI, a subcategory of foundation models, requiring that providers of such systems inform users when content is AI-generated, deploy adequate training and design safeguards, ensure that synthetic content generated is lawful, and publicly disclose a “sufficiently detailed summary” of copyrighted data used to train their models.[12]

The AI Act Has Teeth

The Parliament’s proposal increases the potential penalties for violating the AI Act. Breaching a prohibited practice would be subject to penalties of up to €40 million, or 7% of a company’s annual global revenue, whichever is higher, up from €30 million, or 6% of global annual revenue. This considerably exceeds the GDPR’s fining range of up to 4% of a company’s global revenue. Penalties for foundation model providers who breach the AI Act could amount to €‎10 million or 2% annual revenue, whichever is higher.

What Happens Next?

Spain will take over the rotating presidency of the Council in July 2023 and has given every indication that finalizing the AI Act is a priority. Nonetheless, it remains unclear when the AI Act will come into force, given anticipated debate over a number of contentious issues, including biometrics and foundation models. If an agreement can be reached in the trilogues later this year on a consensus version to pass into law—likely buoyed by political momentum and seemingly omnipresent concerns about AI risks—the AI Act will be subject to a two-year implementation period during which its governance structures, e.g., the European Artificial Intelligence Office, would be set up before ultimately becoming applicable to all AI providers and deployers in late 2025, at the earliest.

In the meantime, other EU regulatory efforts could hold the fort until the AI Act comes into force. One example is the DSA, which comes fully into effect on February 17, 2024 and regulates content on online platforms, establishing specific obligations for platforms that have been designated as VLOPs and Very Large Online Search Engines (VLOSEs). Underscoring EU lawmakers’ intent to establish a multi-pronged governance regime for generative models, the Commission also included generative AI in its recent draft rules on auditing algorithms under the DSA.[13] In particular, the draft rules reference a need to audit algorithmic systems’ methodologies, including by mandating pre-deployment assessments, disclosure requirements, and comprehensive risk assessments.

Separately, Margrethe Vestager, Executive Vice-President of the European Commission for a Europe fit for the Digital Age, at the recent meeting of the US-EU Trade and Technology Council (TTC) promoted a voluntary “Code of Conduct” for generative AI products and raised expectations that such a code could be drafted “within weeks.”[14]

We are closely monitoring the ongoing negotiations and developments regarding the AI Act and the fast-evolving EU legal regulatory regime for AI systems, and stand ready to assist our clients in their compliance efforts. As drafted, the proposed law is complex and promises to be challenging for companies deploying or operating AI tools, products and services in the EU to navigate—particularly alongside parallel legal obligations under the GDPR and the DSA.”

_________________________

[1] EC, Proposal for a Regulation of the European Parliament and of the Council laying down Harmonised Rules on Artificial Intelligence and amending certain Union Legislative Acts (Artificial Intelligence Act), COM(2021) 206 (April 21, 2021), available at https://digital-strategy.ec.europa.eu/en/library/proposal-regulation-european-approach-artificial-intelligence. For more details, please see Gibson Dunn, Artificial Intelligence and Automated Systems Legal Update (1Q21), https://www.gibsondunn.com/artificial-intelligence-and-automated-systems-legal-update-1q21/#_EC_Publishes_Draft.

[2] If an agreement can be reached in the trilogues, the AI Act will be subject to a two-year implementation period before becoming applicable to companies. The AI Act would establish a distinct EU agency independent of the European Commission called the “European Artificial Intelligence Office.” Moreover, while the AI Act requires each member state to have a single overarching supervisory authority for the AI Act, there is no limit on the number of national authorities that could be involved in certifying AI systems.

[3] For more details, please see Gibson Dunn, Artificial Intelligence and Automated Systems 2022 Legal Review, https://www.gibsondunn.com/artificial-intelligence-and-automated-systems-2022-legal-review/

[4] European Parliament, Draft European Parliament Legislative Resolution on the Proposal For a Regulation of the European Parliament and of the Council on Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts (COM(2021)0206 – C9‑0146/2021 – 2021/0106(COD)) (June 14, 2023), https://www.europarl.europa.eu/doceo/document/A-9-2023-0188_EN.html#_section1; see also the DRAFT Compromise Amendments on the Draft Report Proposal for a regulation of the European Parliament and of the Council on harmonised rules on Artificial Intelligence (Artificial Intelligence Act) and amending certain Union Legislative Acts (COM(2021)0206 – C9 0146/2021 – 2021/0106(COD)) (May 9, 2023), https://www.europarl.europa.eu/news/en/press-room/20230505IPR84904/ai-act-a-step-closer-to-the-first-rules-on-artificial-intelligence („Draft Compromise Agreement”).

[5] See, e.g., Open Loop, Open Loop Report “Artificial Intelligence Act: A Policy Prototyping Experiment” EU AI Regulatory Sandboxes (April 2023), https://openloop.org/programs/open-loop-eu-ai-act-program/.

[6] See NIST, AI Risk Management Framework 1.0 (Jan. 2023), https://www.nist.gov/itl/ai-risk-management-framework (defining an AI system as “an engineered or machine-based system that can, for a given set of objectives, generate outputs such as predictions, recommendations, or decisions influencing real or virtual environments [and that] are designed to operate with varying levels of autonomy”). For more details, please see our client alert NIST Releases First Version of AI Risk Management Framework (Jan. 27, 2023), https://www.gibsondunn.com/nist-releases-first-version-of-ai-risk-management-framework/.

[7] Draft Compromise Agreement, https://www.europarl.europa.eu/news/en/press-room/20230505IPR84904/ai-act-a-step-closer-to-the-first-rules-on-artificial-intelligence, Art. 3(1)(6)-(6b).

[8] Id., Art. 3(1)(6(b).

[9] Id., Art 3(2)-(4).

[10] Id., Art. 52.

[11] Id., Art. 3(1c), Art. 28(b).

[12] Id., Art. 28(b)(4)(c).

[13] European Commission, Digital Services Act – conducting independent audits, Commission Delegated Regulation supplementing Regulation (EU) 2022/2065 (May 6, 2023), https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13626-Digital-Services-Act-conducting-independent-audits_en.

[14] Philip Blenkinsop, EU tech chief sees draft voluntary AI code within weeks, Reuters (May 31, 2023), https://www.reuters.com/technology/eu-tech-chief-calls-voluntary-ai-code-conduct-within-months-2023-05-31/.

Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any member or leader of the firm’s Artificial Intelligence practice group, or the following authors:

Kai Gesing – Munich (+49 89 189 33 180, kgesing@gibsondunn.com)
Joel Harrison – London (+44 (0) 20 7071 4289, jharrison@gibsondunn.com)
Vivek Mohan – Palo Alto (+1 650-849-5345, vmohan@gibsondunn.com)
Robert Spano – London (+44 (0) 20 7071 4902, rspano@gibsondunn.com)
Frances A. Waldmann – Los Angeles (+1 213-229-7914, fwaldmann@gibsondunn.com)
Christoph Jacob – Munich (+49 89 1893 3281, cjacob@gibsondunn.com)
Yannick Oberacker – Munich (+49 89 189 33-282, yoberacker@gibsondunn.com)
Hayley Smith – London (+852 2214 3734, hsmith@gibsondunn.com)

Artificial Intelligence Group:
Cassandra L. Gaedt-Sheckter – Co-Chair, Palo Alto (+1 650-849-5203, cgaedt-sheckter@gibsondunn.com)
Vivek Mohan – Co-Chair, Palo Alto (+1 650-849-5345, vmohan@gibsondunn.com)
Eric D. Vandevelde – Co-Chair, Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com)

On May 12, 2023, the German lawmaker passed a law protecting those who report violations around the workplace (the “Whistleblower Protection Act”, or “Act”). As an essential part of the Act, companies with 50 employees or more in Germany must establish internal reporting channels for this purpose.

I. Background

The new law implements the EU Whistleblower Directive 2019/1937 (“Directive”), which was due to be transformed into national law by December 17, 2021. Like most other EU member states, Germany was late in implementing the law.[1]

With regard to the scope, the German lawmaker goes far beyond the Directive in that almost all kinds of violations can be subject to protected whistleblowing. This even includes actions that are not illegal, but deemed to be an “abuse”, because they are directed against the “purpose” of legal provisions.

II. Main Obligations

Under the Act, there are three kinds of whistleblowing: (i) internal reporting within an organization, (ii) external reporting to a special government agency, and (iii) public disclosure. The latter is only permissible if external reporting has not proven successful or in several other cases, i.e., if there is an urgent threat to public interests. Unfortunately, as mandated by the Directive, the Act does not stipulate a priority of internal over external reporting. However, employees are explicitly enhanced to do so, and employers are supposed to promote internal over external reporting.

Companies with 50 or more employees in Germany have to offer internal reporting lines for whistleblowers and set up properly (yet not necessarily full-time) staffed functions to deal with such reports. The company can outsource such tasks to an external partner or – as will often be the case – defer to its centralized group reporting scheme as long as the local entity remains responsible for remediation measures.[2] There is a transition rule for companies between 50 and 249 employees: Their obligation to set up internal reporting lines is deferred until December 17, 2023.

Neither internal nor external reporting lines have to provide for anonymous reports, but should handle them nevertheless.

III. Identity Protection, Non-Retaliation

The internal reporting cell has to protect (i.e. not disclose) the identity of good-faith whistleblowers, not even to the company’s management, unless the whistleblower consents or a public authority asks for it. The person being subject to the report enjoys a similar, yet weaker disclosure protection.

Whistleblowers acting in good faith must not be retaliated against in any way because of their report. Such retaliation could consist in, e.g., dismissal, pay cut, relocation, or other disadvantages by the employer.

If there has been a retaliation against the whistleblower, they can claim damages from the parties responsible for the retaliation (typically the employer).

In order to help the whistleblower procedurally, the Act presumes that any disadvantage after the report is presumed to be retaliation. This presumption can be rebutted, and employers should carefully document their personnel measures against whistleblowers in order to be able to prove that the measure is based on other reasons than the whistleblowing.[3]

Finally, good-faith whistleblowers shall not be legally liable for retrieving the information they report, unless the access or use of said information was a criminal act in itself. Even trade secrets may be disclosed, if it is necessary to lance the report.

IV. Companies’ Responses and Next Steps

Any company with 50 employees or more in Germany now has to check whether they have adequate reporting lines in place and properly staffed functions to handle whistleblower reports. Companies with 50 to 249 employees do not have to install the reporting lines until December 17, 2023.

Other than the Directive, the German lawmaker expressly acknowledges centralized reporting lines to be in line with the Act. This is good news for multinational organizations, after the EU Commission fervently contested that such centralized systems were in line with the Directive. It remains to be seen whether the EU Commission accepts those local laws that allow centralized reporting lines.

Multinational organizations operating companies with more than 50 entities in multiple EU member states are well advised to assess the requirements of the respective local implementation laws. In light of the leeway granted to the EU member states in implementing the Directive, individual provisions may vary significantly across the EU member states.

HR departments should carefully prepare and document any measure against employees that might be perceived as retaliation in case the employees have launched a whistleblower report. If the employers can provide sound reasons for their decision, they should be able to rebut the statutory presumption contained in the Act.

Violations of the obligations contained in the Act carry a fine of up to € 50,000.

__________________________

[1] See https://www.whistleblowingmonitor.eu/ for an overview of the implementation status across the EU members states.

[2] See https://www.gibsondunn.com/wp-content/uploads/2022/02/Zimmer-Humphrey-Petzen-Ja-bitte-Meldesysteme-nach-der-Whistleblower-Richtlinie-der-EU-Betriebs-Berater-02-2022.pdf.

[3] See https://www.gibsondunn.com/hilfe-fur-hinweisgeber-beweislastumkehr-nach-%c2%a7-36-ii-hinschg-rege/.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work, any member of Gibson Dunn’s Labor and Employment or White Collar Defense and Investigations teams in Germany, or the following authors in Munich:

Katharina Humphrey (+49 89 189 33 217, khumphrey@gibsondunn.com)
Mark Zimmer (+49 89 189 33 230, mzimmer@gibsondunn.com)

Corporate Compliance / White Collar Matters
Ferdinand Fromholzer (+49 89 189 33 270, ffromholzer@gibsondunn.com)
Kai Gesing (+49 89 189 33 285, kgesing@gibsondunn.com)
Markus Nauheim (+49 89 189 33 222, mnauheim@gibsondunn.com)
Markus Rieder (+49 89 189 33 260, mrieder@gibsondunn.com)
Benno Schwarz (+49 89 189 33 210, bschwarz@gibsondunn.com)
Finn Zeidler (+49 69 247 411 530, fzeidler@gibsondunn.com)

On May 3, 2023, the European Commission (the “Commission”) proposed a new directive[1] in the area of criminal law with the goal to harmonize corruption offenses, sanctions, related prevention and enforcement (the “Proposed Directive”). If adopted by the European Parliament and Council, the directive would significantly contribute to unifying and tightening rules across Europe. EU Member States would have to transpose that framework into national law within 18 months.[2] Since the Commission proposes “minimum rules concerning the definition of criminal offences and sanctions in the area of corruption, as well as measures to better prevent and fight corruption”[3], the Member States may go beyond the standards set out in the Proposed Directive and adopt even stricter rules in the area of corruption.

1. Key Takeaways

The Commission suggests minimum standards to harmonize the definitions and sanctions for active and passive bribery both in the private and public sectors, as well as of related offenses such as “misappropriation”, “trading in influence”, “abuse of functions”, “obstruction of justice”, and “enrichment from corruption offences”.
The Proposed Directive is based on a broad notion of public officials, not only covering EU officials, but also – across branches – functionaries of Member States, third country and international organizations and courts.
The proposal reflects that certain elements of gifts and hospitality are socially more accepted in the area of private enterprise compared with interactions with state functionaries.
If committed by a leading person, a legal person can be held liable for corruption offenses committed for its benefit.
The Commission resorts to its usual terminology by requiring Member States to adopt “effective, proportionate and dissuasive” sanctions, both for natural persons and legal entities. Penalties for human beings may include imprisonment, the sanctions for legal entities may entail fines of no less than 5% of the total worldwide turnover. Further consequences include debarment or disqualification from commercial activities.
Effective internal controls, ethics awareness, and compliance programs to prevent corruption are considered a mitigating factor, as well as the rapid and voluntary disclosure to the competent authorities.
Jurisdiction attaches, (1) if the offense is committed in whole or in part in the territory of a Member State; (2) if the offender is a national of or has his or her habitual residence in a Member State; or (3) if the offense is committed for the benefit of a legal person established in the territory of a Member State.

2. Individual Criminal Liability

At its core, the Proposed Directive provides definitions of bribery in the public sector and the private sector; both in the active and passive alternative.

a) Bribery in the Public Sector

Section 7 of the Proposed Directive defines bribery in the public sector as such:

Member States shall take the necessary measures to ensure that the following conduct is punishable as a criminal offense, when committed intentionally:

(a) the promise, offer or giving, directly or through an intermediary, of an advantage of any kind to a public official for that official or for a third party in order for the public official to act or refrain from acting in accordance with his duty or in the exercise of that official’s functions (active bribery);

(b) the request or receipt by a public official, directly or through an intermediary, of an advantage of any kind or the promise of such an advantage for that official or for a third party, in order for the public official to act or to refrain from acting in accordance with his duty or in the exercise of that official’s functions (passive bribery).

The Proposed Directive is based on a broad notion of public officials, including not only (European) “Union officials,” but also national officials of Member States and of third countries, as well as any other person assigned and exercising a public service function in Member States or third countries, for an international organization or for an international court.[4] The definition of national officials is said to not only include persons holding executive, administrative or judicial offices, but also legislative office[5] (an area in which some countries such as Germany may have had some deficiencies in terms of combatting corruption[6]).

However, the Proposed Directive also contains elements that may, if interpreted broadly, limit the scope of the offense considerably. By way of example, the “advantage” to the public official or third party needs a connection with some performance of the public official in return, given that it must be “in order for the public to act or refrain from acting in accordance with his duty or in the exercise of that official’s functions”. This is arguably more restrictive than some current national laws that criminalize the granting or accepting of benefits without a specific compensation in return.[7]

b) Bribery in the Private Sector

The EU Commission also seeks to introduce an concept of bribery in the private sector

Member States shall take the necessary measures to ensure that the following conduct shall be punishable as a criminal offense, when committed intentionally and in the course of economic, financial, business or commercial activities:

(a) the promise, offer or giving, directly or through an intermediary, an undue advantage of any kind to a person who in any capacity directs or works for a private-sector entity, for that person or for a third party, in order for that person to act or to refrain from acting, in breach of that person’s duties (active bribery);

(b) the request or receipt by a person, directly or through an intermediary, of an undue advantage of any kind or the promise of such an advantage, for that person or for a third party, while in any capacity directing or working for a private-sector entity, to act or to refrain from acting, in breach of that person’s duties (passive bribery).[8]

In principle, this offense appears to be similarly conceptualized as bribery in the public sector. However, a remarkable feature is that this offense requires an “undue advantage” as opposed to a mere “advantage”. By suggesting this qualification, the Commission seems to reflect that certain elements of gifts and hospitality are socially more accepted in the area of private enterprise compared with interactions with state functionaries. Interestingly, the Proposed Directive does not contain a definition of “advantage”, let alone of an “undue advantage”, which may open the door for a broad interpretation of that element.

c) Further Offenses and Substantive Stipulations

The Proposed Directive would also impact national criminal laws, in that its Articles 9 to 13 require Members States to introduce or refine further offenses which form part of the fight against corruption, i.e. “misappropriation”, “trading in influence”, “abuse of functions”, “obstruction of justice”, and “enrichment from corruption offences”.

Member States are also requested to ensure that they can punish these offenses in cases of incitement, as well as aiding and abetting.[9] The Proposed Directive does not require Member States to criminalize “attempts” of bribery and passive bribery,[10] but this is an area where Member States may go beyond the Proposed Directive.[11]

3. Sanctions

With respect to punishment, the Commission resorts to its usual terminology by requiring Member States to adopt “effective, proportionate and dissuasive” criminal penalties, but also provides rather detailed specifications for the ranges of punishment.[12] Pursuant to the Proposed Directive, bribery in the public sector, as well as obstruction of justice, need to be punishable by a maximum term of at least six years. Bribery in the private sector is apparently deemed less grave, as the Commission foresees a maximum term of at least five years. Further legal consequences envisioned by the Proposed Directive entail, among others, fines, removal and disqualification from public office or the exercise of commercial activities in the context of which the offense was committed, and exclusions from access to public funding.[13]

4. Jurisdiction

In essence, the Proposed Directive foresees jurisdiction of the Member States over corruption offenses if one of three conditions apply:

The offense is committed in whole or in part in the territory of a Member State;
The offender is a national of or has his or her habitual residence in a Member State; or
The offense is committed for the benefit of a legal person established in the territory of a Member State.[14]

This is arguably a similar framework to the version set out by the U.S. Foreign Corrupt Practices Act.[15] Practical enforcement would need to show whether extraterritorial enforcement of anti-corruption law by EU Member States or the European Public Prosecutor’s Office would gain a more significant role than in the past.

5. Corporate Liability / Relevancy of Compliance Programs and Internal Control Systems

The Proposed Directive prescribes that the Member States take necessary measures to ensure that legal entities can be “held liable” for any of such crimes.[16] This language is supposedly due to the fact that European legal orders vary significantly when it comes to “corporate crime”. Presumably against this background, the Proposed Directive takes a narrow approach, in that it requires that the offense be committed:

for the benefit of a legal person;
by a natural person within the legal person, acting either individually or as part of an organ of the legal person; and
by having a leading position within the legal person, based on at least one of the following: A power of representation of the legal person; the authority to take decisions on behalf of the legal person; or the authority to exercise control within the legal person.

If a more subordinate employee committed a relevant offense, legal persons must be held liable if the lack of supervision or control by a leading person has made possible the commission of a crime by a person under his or her authority.[17]

In terms of sanctions for legal persons, the Proposed Directive stipulates that they need to include criminal or non-criminal fines of a maximum limit of no less than 5% of the total worldwide turnover of the legal person, including related entities, in the business year preceding the decision imposing the fine.[18] Further sanctions include the exclusion from entitlement to public benefits or aid; the temporary or permanent exclusion from public procurement procedures; temporary or permanent disqualification of that legal person from the exercise of commercial activities; the withdrawal of permits or authorizations to pursue activities in the context of which the offense was committed; the possibility for public authorities to annul or rescind a contract with the legal entity in the context of which the offense was committed; the placing of that legal person under judicial supervision; the judicial winding-up of that legal person; or the temporary or permanent closure of establishments which have been used for committing the offense.[19]

Article 18 of the Proposed Directive includes examples of aggravating and mitigating circumstances. A very relevant mitigating circumstance applies to a legal entity if it has implemented effective internal controls, ethics awareness, and compliance programs to prevent corruption prior to or after the commission of the offense.[20] The Proposed Directive is not more detailed on the specific requirement in this regard. A legal person can benefit from a further, arguably controversial, mitigating factor if it rapidly and voluntarily discloses the offense to the competent authorities and takes remedial measures.[21] This incentive forms part of a general international trend to encourage legal entities to inform prosecuting authorities of criminal offenses committed in its corporate environment.[22]

6. Prevention, Enforcement and Monitoring

The Commission goes considerably beyond merely harmonizing the substantive law, but aims through a variety of means to lay the ground for a comprehensive fight against corruption. For instance, the Proposed Directive sets out several Member State obligations to prevent corruption (such as raising public awareness).[23] It also introduces “specialized bodies”, both in the prevention and repression of corruption, to be established by the Member States,[24] and makes further provisions for resources, training, and investigative tools,[25] as well as cooperation between Member States and EU institutions[26].

_________________________

[1] Eur-Lex, Proposal for a Directive of the European Parliament and of the Council on combating corruption, replacing Council Framework Decision 2003/568/JHA and the Convention on the fight against corruption involving officials of the European Communities or officials of Member States of the European Union and amending Directive (EU) 2017/1371 of the European Parliament and of the Council, dated May 3, 2023, available under https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2023%3A234%3AFIN (last visited May 15, 2023).

[2] Article 29(1) of the Proposed Directive.

[3] Article 1 of the Proposed Directive (emphasis added).

[4] Article 2 no. 3 of the Proposed Directive.

[5] Article 2 no. 5 of the Proposed Directive.

[6] See 2022 Mid-Year FCPA Update / Covid-19 Mask Scandal.

[7] See, e.g. sections 331 and 333 of the German Criminal Code.

[8] Article 8 of the Proposed Directive.

[9] Articles 14(1) and (2) of the Proposed Directive.

[10] Article 14(3) of the Proposed Directive.

[11] By way of example, see sections 331(2), 332(1), and 334(2) of the German Criminal Code.

[12] Articles 15(1) and (2) of the Proposed Directive.

[13] Article 15(4) of the Proposed Directive.

[14] Article 20(1) of the Proposed Directive.

[15] 15 U.S. Code §§ 78dd-1 et seq.

[16] Article 16(1) of the Proposed Directive.

[17] Article 16(2) of the Proposed Directive.

[18] Article 17(2)(a) of the Proposed Directive.

[19] Article 17(2) of the Proposed Directive.

[20] Article 17(2)(b) of the Proposed Directive.

[21] Article 17(2)(c) of the Proposed Directive.

[22] See, e.g., Lisa Monaco, Memorandum of the U.S. Deputy Attorney General, September 15, 2022, p. 3.

[23] Article 3(1) of the Proposed Directive.

[24] Article 4 of the Proposed Directive.

[25] Articles 5, 6, and 23 of the Proposed Directive.

[26] Articles 20(2) and 24 of the Proposed Directive.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the Gibson Dunn lawyer with whom you usually work, any member of Gibson Dunn’s White Collar Defense and Investigations or Anti-Corruption and FCPA practice groups in Germany, or the following authors in Munich:

Katharina Humphrey (+49 89 189 33 217, khumphrey@gibsondunn.com)
Andreas Dürr (+49 89 189 33-219, aduerr@gibsondunn.com)

In no small part owing to the recent momentous economic and political challenges facing Germany, Europe and the world, the past years have seen several ambitious legislative projects come to fruition in Germany that will shape German corporate law and the M&A transactional landscape in 2023 and beyond.

Several of these reforms, but also the jurisprudence of the German courts and decisions of governmental agencies, have repercussions beyond the borders of Germany and are of great interest for international investors and the world-wide M&A community. This is certainly true for the changing regulatory landscape in Germany, where (i) the ongoing drive to re-define and calibrate the German rules on foreign direct investment law (FDI) and (ii) the new directly applicable EU Regulation on foreign subsidies distorting the internal market (Foreign Subsidies Regulation), which will introduce yet another transaction-relevant pre-clearance procedure besides traditional merger clearance proceedings and the existing FDI procedures, will require up-to-date, cutting edge German legal know-how for any investors looking at German inbound investment.

In much the same vein, the details of the traditionally very strict mandatory reason for filing for insolvency in Germany on account of over-indebtedness continues to be tweaked periodically by the law-makers with a view to softening the economic blows to German companies faced with macro-economic volatilities and crises not of their own making.

Finally, both Parliament and the German courts also feel the need to deal more flexibly with the pressing needs of digitalization and globalization of German corporate formalities, in particular as far as the incorporation of new entities or the certification of signatures of parties located outside of Germany or via video conferencing tools is concerned.

Our Munich office (Birgit Friedl, Marcus Geiss, Sonja Ruttmann and Lutz Englisch) have published a German-language article in the “M&A Review” in February 2023, an English translation of which is now available for our international colleagues and client base.

Originally published in the German language by the M&A Review on February 11, 2023, © M&A Media Services GmbH: “Deutsches Gesellschaftsrecht 2023: Ein turbulentes Jahr”

________________________

Table of Contents

Foreign Direct Investment Law in the Focus of Protectionism and Geopolitics
A New Transactional Clearance Requirement – the EU Regulation on Foreign Subsidies distorting the Internal Market
The German Notarial System Caught between Tradition and Digitization
Temporary Adjustments of German Insolvency Law in Response to the Energy Crisis

________________________

1. Foreign Direct Investment Law in the Focus of Protectionism and Geopolitics

The constant changes and steady expansion of the scope of application of foreign direct investment control under the German Foreign Trade and Payments Act (Außenwirtschaftsgesetz, AWG) and the German Foreign Trade and Payments Ordinance (Außenwirtschaftsverordnung, AWV) remain utterly significant for M&A practice. AWV filings have increasingly become an almost regular feature of most cross-border M&A transactions in Germany.

This trend is evidenced by the figures released by the Federal Ministry of Economics and Climate Protection (Bundesministeriums für Wirtschaft und Klimaschutz, BMWK) for the year 2022: Compared to 2020, the number of review cases has increased from 160 to 306.[1] If the cases with purely EU notifications[2] are factored in, the increase is even more marked from 189 to 570 cases. In purely statistical terms, this underlines the considerable importance of EU-wide investment screening, in the main based on the Screening Regulation (EU) 2019/452, which entered into force in 2020. However, measures restricting a proposed acquisition, such as prohibitions, ancillary provisions or public-law contracts and orders, were issued or concluded in only seven[3] of the 306 screened cases under the AWV.[4] Amongst those seven cases are the three recent cases described below in which the BMWK did not grant an unrestricted clearance following a decision by the Federal government (Bundeskabinett):

Initially, the participation of the Chinese (state-owned) group Cosco in the Port of Hamburg’s Tollerort container terminal was only approved in the range of 24.9% of the voting rights, and thus below the 25% of the voting rights considered to be the relevant limit for a blocking minority, instead of the 35% originally sought by Cosco, after intense discussions between the Chancellor’s Office and the BMWK, which were also reflected in public discourse.[5] In addition, the proposed right of Cosco to appoint a member of the management board was prohibited, contrary to the original agreement with the selling terminal operator Hamburger Hafen und Logistik AG (HHLA).

In another case, the acquisition of the wafer production of the semiconductor manufacturer Elmos Semiconductor SE by Silex AB from Sweden, which in turn is held by the Chinese (state-owned) group SAI Micro-Electronics, was even completely prohibited by the Federal government (Bundeskabinett). This, too, was met with criticism because this decision was said to be a strategic one rather than a step taken to protect important technologies in Germany as a business location. After all, the technology for sale was an obsolete technology which Elmos itself no longer used for its products.[6]

The second prohibition related to the planned acquisition of ERS electronic GmbH, a company which develops solutions for thermal wafer tests and is therefore also active in the semiconductor industry, by a Chinese investor. Details of this prohibition are not published.

This is in line with decisions already taken in the first half of 2022, such as the prohibition of the acquisition of Heyer Medical AG, a manufacturer of respiratory equipment, by the Chinese company Aeonmed in January 2022 and the failure to approve the public takeover of the wafer manufacturer Siltronic AG by the Taiwanese competitor GlobalWafers in May 2022 within the offer period which thus led to a de facto prohibition.

These decisions and the criticism voiced against them have been recognized by the German government, which has reportedly received the first draft of a “China strategy paper” that is expected to be adopted by the second half of 2023. This draft (in addition to various other changes) also provides for further amendments to the German foreign trade laws. In future, not only the direct or indirect acquisition of shares in existing German companies will be subject to investment control, but potentially also incorporating a company and, if applicable, venture capital financing by non-EU/non-EFTA investors in Germany.

In addition, the introduction of a law is being considered which would allow the German government to examine so-called “outbound investments”, i.e. investments by German companies abroad, at least in certain countries and industries and, if necessary, to prohibit or restrict them – an approach that would be comparable, for example, to the rights of the government of the United States or China.

With regard to China, in particular, the German government is planning to engage in a closer exchange with the other G7 member states in order to gain a clearer global overview of Chinese investments and thus be able to identify any Chinese acquisition strategies at an early stage and coordinate the handling of (direct) Chinese investments in any G7 member state. This is designed to prevent future dependencies or threats relevant for public security. The focus lies on so-called critical infrastructures, such as transport and smart city infrastructure, data networks (including 5G and, in the future, 6G), cloud computing and electronic payments, as well as electricity and water utilities and hospitals.

A further tightening of the legal reasons that can justify a prohibition is also on the agenda: In addition to the question as to whether a proposed investment is likely to impair the public security or order of the Federal Republic of Germany, another member state of the European Union or regarding projects or programs in the European Union’s interest within the meaning of Article 8 of Regulation (EU) 2019/452, (imminent) risks to European sovereignty in future would also justify the prohibition of an acquisition or clearance subject only to specific conditions.

Even though it remains to be seen which of the measures currently under consideration will find their way into an eventual amendment to the AWG and/or the AWV, we believe that the current strategy paper shows the direction in which the government’s thoughts on foreign investment control are heading. The extension of scope and tighter controls introduced in recent years will probably not be eased or scaled back even after the acute COVID-19 crisis is confined to history. On the contrary, the importance of German and European foreign direct investment control laws in cross-border or global transactions by (especially) non-EU/non-EFTA investors is rather likely to increase further. This is in line with comparable international tendencies, especially in the USA and China, to assess in-bound investments by third countries rather restrictively.

Thus, the M&A practice will need to remain vigilant for the time being. Foreign direct investment law will remain a fast-changing area that needs to be dealt with on a routine basis, taking into account constant further developments and mindful of regular reforms.

Back to Top

2. A New Transactional Clearance Requirement – the EU Regulation on Foreign Subsidies distorting the Internal Market

In the future, it will no longer be sufficient for a number of transactions, even outside the sphere of regulated business activities, to assess only merger control and foreign direct investment law notification requirements at local or EU level. The legal landscape has changed because Regulation (EU) 2022/2560 of the European Parliament and of the Council of December 14, 2022, on foreign subsidies distorting the internal market (Foreign Subsidies Regulation, FSR)[7] has entered into force on January 12, 2023.

While state aid granted by EU member states to companies has for a long time been subject to scrutiny by the European Commission, there has been no equivalent state aid control for subsidies received from third countries. This will change in the future with the FSR, which provides for three components: (i) third-country subsidy control in the case of mergers, (ii) a review process for bids in public procurement procedures, and (iii) a right to conduct ad hoc ex officio investigations if foreign subsidies are at issue which potentially distort the internal market.

In the M&A context this new kind of notification requirement applies to proposed mergers whenever at least one of the merging companies, the acquired company or the joint venture is established in the EU, has an aggregate turnover in the EU of at least EUR 500 million in the prior fiscal year, and (i) in the case of an acquisition, the acquirer or the target company, (ii) in the case of a merger, the merging companies, or (iii) in the case of a joint venture, the companies creating the joint venture and the joint venture have received financial subsidies from third countries (i.e. countries that are not member states of the EU) totaling (on an aggregated basis) more than EUR 50 million within the three fiscal years preceding the notification. However, the European Commission may also impose a notification requirement for mergers before the transaction can be completed even if the thresholds are not met.

Comparable to traditional merger control proceedings, transactions subject to notification requirements are subject to a prohibition to close until due clearance is granted (or the expiry of the relevant deadlines). Mergers carried out in contravention of the prohibition to close are void and, under certain conditions, the unwinding of the transaction may be ordered. In addition, a fine of up to 10% of the worldwide group turnover can be imposed on companies involved in a violation of the prohibition to close. The procedure is otherwise based on the EU merger control procedure, with a Phase I (of 25 working days) and possibly a Phase II (of 90 working days) in place.

In principle, the regulation applies from July 12, 2023. Mergers where the relevant agreement was concluded before this date are expressly not covered. However, the notification requirements for M&A transactions do not apply until October 12, 2023, which means they only cover agreements that (i) are entered into after July 12, 2022, but (ii) have not yet been consummated before October 12, 2023. However, since the Commission may also examine third-country subsidies granted in the (as a rule) last three to a maximum of five years before the entry into force of the FSR, the provisions are de facto relevant as of now, at least for planning purposes.

Beyond an actual obligation to notify any given M&A transaction as such, the FSR is furthermore relevant, in particular, in the context of a due diligence review, because third-country financial subsidies must be notified when bidding in public procurement procedures if (i) the estimated total value of the tender amounts to at least EUR 250 million and (ii) the company participating in such a procurement procedure (as well as, where applicable including its economically dependent subsidiaries, its affiliates and, if applicable, its main subcontractors and main suppliers involved in the same tender under the public procurement procedure) has received financial benefits totaling at least EUR 4 million per third country in the three fiscal years preceding the notification. On the one hand, fines may be imposed for violations of this further notification requirement as well, and the European Commission, on the other hand, may take up and review the measure as if a due notification had been made. Irrespective of this, the Commission can always review any competition-distorting effects of third-country subsidies ex officio and in all market situations, including cases otherwise below the thresholds for mergers and public tenders.

In addition to these formal and procedural requirements to be observed in the future, significant complexity and corresponding uncertainties associated with the FSR are currently caused primarily by the definition of the type of financial contributions that are to be considered relevant third country subsidies and in the assessment of a distortion of competition. In this regard, the text of the FSR itself still leaves some questions unanswered. Corresponding guidelines by the European Commission are to be published by January 12, 2026, at the latest.

In the future, it will be relevant for all three components of the FSR that all financial subsidies received by a group of companies (and received in the last three to five years) are documented comprehensively and in sufficient detail. In the context of structuring due diligence reviews, it will also become important going forward to assess the target’s compliance with FSR requirements, potentially critical subsidies received by the target and whether the seller has in the past acquired the target company in compliance with the FSR’s notification requirement and has thus validly acquired title in the shares or assets, at all.

In addition, the new clearance procedure for mergers must also be duly factored into any proposed timelines, because concrete information on third-country subsidies received will often not be available in the required level of detail on an ad hoc basis, at least during the initial period of application of the FSR. The draft FSR Implementing Regulation including the proposed notification forms suggest that the burden on the parties will be enormous as a vast amount of specific data and numerous documents will have to submitted.

Last but not least, future transaction documents should include appropriate procedural provisions, including a closing condition of due clearance of the transaction (or the expiry of the relevant waiting periods), and specific indemnities or guarantees to safeguard against any past violations should also be considered. In critical cases, the precautionary lodging of clearance proceedings may also be considered if a third-country subsidy granted in the past could be viewed as potentially distorting competition.

Back to Top

3. The German Notarial System Caught between Tradition and Digitization

Especially in an international context, German corporate law and its relatively strict formalities are often perceived as unwieldy and unduly formalistic in M&A circles. In the context of company acquisitions, foreign parties almost inevitably come into contact with German notaries, be it because a notarial recording is a formal requirement of the actual GmbH share purchase and assignment agreement under German law, or because notarial signature certifications are required regarding certain powers of attorney but also for German register applications, for example when appointing foreign managing directors.

3.1 News on the Suitability of Foreign Notarial Certifications for Use in Germany

The notarial certification of signatures executed abroad always requires a certain lead time and careful preparation with the foreign signatories and their local legal advisors. Otherwise, the overall process runs a certain risk of unpredictable adversity with the registry courts and possible interim orders and, therefore, avoidable delays.

In this regard, notarizations under German law concern both (i) the actual identity of the actual signatory and (ii) the authenticity of a signatory’s signature on the document in question. In cross-border cases involving international signatories, these foreign signatories routinely have their signatures notarized by a foreign notary in their home country in order to save them a potentially arduous and expensive trip to Germany or to a German foreign embassy or consulate in their home country that is deemed equivalent to a German notary.

Such foreign notarial certification of signatures for use in Germany is accepted by the German courts and authorities if the foreign notaries – in addition to certifying the signature as such – also confirm their own public authority to act by means of an apostille or a legalization stamp.

In an important decision in 2022, which is also of great interest to foreign investors and their local notaries and advisors, the Berlin Appellate Court (decision of March 3, 2022, case no. 22 W 92/21) further specified the necessary scope and content of the actual certification language used by non-German notaries in this context:

In particular, the court clarified that foreign certification language and procedures – even if they are typical for and legally effective under the local laws of the originating state – are not automatically sufficient, equivalent and acceptable to German register courts or other public authorities under German law, but must be closely aligned with the specifics of German law. The concrete certification language used by the foreign notary must, as a minimum, convey that (i) the signature was issued in the personal presence of the notary public and (ii) that the notary public verified the identity of the signing person.

As a consequence, various typical foreign law short form signature certifications like “vue par legalization” in French-speaking countries or “sworn to before me” in Anglo-Saxon jurisdictions will face a real risk of rejection by German register courts or other authorities as not adequately covering both of the above components which are required for the full equivalence of a foreign notary’s certification language.

Similarly, common practices in some of the Benelux countries where the notary public certifies new signatures provided by the signatory ad hoc by simply comparing them to pre-collected signature samples maintained on the notary’s files are also at risk of being rejected due to the fact that the notary public does not personally witness the actual signature process in person.

This decision of the Berlin Appellate Court is not automatically binding for the whole of Germany, but it is a key precedent that should always guide German lawyers and their foreign clients when preparing signature procedures abroad that require the form of notarial certification. The exact scope of the German formalities should be clearly communicated ahead of signature and a suitable text for the notarial certification language should be drafted and agreed with the foreign notary in advance. Otherwise the client faces the risk of onerous delays and, in a worst case scenario, having to repeat the signature procedure if a certified and apostilled or legalized document ends up being rejected by the German authorities.

Practical experience with German register courts has always shown a certain unpredictability. In this respect, it is unclear how judicial practice will deal with those foreign notaries who are required under local law to use exactly prescribed template texts when certifying documents or signatures. In any event, the decision clearly highlights that the sword of German formalities remains remarkably sharp even in times of increased globalization. The meticulous preparation of documents and precise communication of potential risks involved in the procedure, thus, are and remain indispensable puzzle pieces in the toolkit of the German M&A lawyer who successfully operates in the international arena.

3.2 Digitization of Formalities as Possible Hope for the Future?

However, the clarification of the details and substantive requirements of the existing German formal requirements by court-made case law and in legal practice is not the only area that has recently seen increased movement. The trend towards increased digitization also tends to reach corporate law and its formalities, and has in the past years called the German legislature into action.

Both the Notarization Act (Beurkundungsgesetz) itself and the German Commercial Code (HGB) were fundamentally reformed in 2022 as part of the national implementation of the EU’s Digitalization Directive[8] into German law. With this reform, the possibility of notarial recordings and notarial signature certifications via special notarial video conferencing systems was introduced selectively into the German notarial system and the commercial register procedures, even though the technical requirements for the necessary qualified electronic signatures and proof of identity and the use of such notarial video conferencing systems at present are naturally still in their infancy in practice.

As a general rule, it is currently fair to say that notarial recordings or signature certifications via video conferencing are not generally permissible, but only if they are specifically permitted by law in an individual case. Moreover, access to and use of such online services provided by German notarial offices is not open to everyone without restriction, even if they are permitted by law, but are tied to certain expressly stipulated legal requirements.

On the one hand, the question will arise in the future as to whether the incorporation in cash of new GmbHs in Germany, which is now also theoretically possible online, can develop in the medium term into a practical alternative to the acquisition of inactive shelf companies as a transaction vehicle, which has been the common go-to practice for years.

On the other hand, it will be interesting to see to what extent and for whom the now partially permissible online signature certifications can or will replace the physical visit to the notary, e.g. for filing applications to the commercial register.

Even at first glance, however, the new German law appears to contain some high technical hurdles. The verification of the identity of the parties, which the German notary is obliged to carry out even in the case of measures conducted via video conference, is performed in a two-step procedure, firstly by reading out certain enumerative permissible electronic identification documents to establish the electronic identity (eID) of a person and secondly by means of an additional passport photo comparison using a special notarial app on the smart phone of the relevant signatory.

At the moment, for German citizens, this regularly means the valid ID card along with its ID PIN as well as the passport for individual photo comparison.

Nationals of other EU or EEA member states may access the new procedure if they either hold a German eID card (a so-called Union citizen card) or their local eID meets the “high” security level according to the eiDAS Regulation.[9] This is currently the case for many, but not yet all, member states. In addition, they need their local passport for the individual photo matching by the notary.

Third-country nationals, such as citizens of the United States or the United Kingdom, require a formal German residence title together with a PIN or a comparable identification document of another EU or EEA state that again corresponds to the “high” security level.

All in all, the regulation has a strong local-European focus and will exclude genuine third-country nationals without deeper or longer-term residence status in the EU from participation in the individual case. One of the typical interest groups in the M&A sector, e.g. the newly appointed foreign national and resident managing director of a freshly acquired German target company designated by an investor in the United States, the United Kingdom or the Middle East, will thus continue to be dependent upon the certification of their signatures in their home country before local notaries and the time-consuming apostille or legalization procedure.

For EU citizens and managing directors, it remains to be seen whether and how the new procedural options via video conferencing procedure will become accepted in practice and, in particular, whether they will make it possible to save time and effort in the case of repeated notarizations by the same notary via online notarization.

For the moment – and one would assume until further notice – the use of foreign notaries to certify signatures required in Germany and the acquisition of shelf entities therefore will remain, in our practical experience, the preferred alternative and the path routinely chosen. However, it is undoubtedly a worthwhile exercise to monitor the new regulation and the continuous digitization of legal transactions in the future with open eyes and not to reject them out of hand as new, unwieldy or unfamiliar.

Back to Top

4. Temporary Adjustments of German Insolvency Law in Response to the Energy Crisis

The German legislator had responded to the COVID-19 pandemic by temporarily relaxing Germany’s traditionally strict insolvency filing requirements pursuant to the COVID-19 Insolvency Suspension Act (COVInsAG) for companies that had fallen into financial distress through no fault of their own due to the effects of the pandemic.

In 2022, the next unexpected macroeconomic crisis followed when the impact of Russia’s attack on Ukraine and the effect of the subsequent sanctions against Russia were beginning to be felt. In addition to problems within international energy supply chains, this also led to sharply rising energy prices and an explosion in production costs for numerous companies, which in many cases could not simply be passed on to customers. Not least because of the resulting planning uncertainties, there is a threat of sudden financial difficulties even for otherwise “healthy” companies which are in the process of working on solutions to switch to less scarce energy resources or otherwise reduce costs.

In response to the energy crisis, on October 20, 2022, the German Bundestag passed, among a bundle of other measures, the Act on a Temporary Adjustment of Restructuring and Insolvency Law Provisions to Mitigate the Consequences of the Crisis (Sanierungs und insolvenzrechtliches Krisenfolgenabmilderungsgesetz – SanInsKG), which came into force on November 9, 2022. Key elements of the new law, which relate exclusively to the insolvency reason of over-indebtedness (Überschuldung) under section 19 of the German Insolvency Code (Insolvenzordnung – InsO), are:

Shortening the period for the continuation prognosis under the Insolvency Code as well as for own-administration proceedings and restructuring plans

The reason for filing for insolvency due to over-indebtedness can be excluded if a positive continuation prognosis exists, irrespective of mathematical over-indebtedness on the basis of an over-indebtedness balance sheet. The rolling forecast period was previously twelve months in accordance with section 19 (2) of the InsO. During this period, there had to be an overriding probability that the company would be able to meet its liabilities as they fall due. Under section 4 (2) sentence 1 of the SanInsKG, this forecast period is now reduced to four months on a transitional basis. Thus, if a company found itself in a financial crisis on December 20, 2022, it previously had to establish a positive cash-flow until December 20, 2023 in order to establish a positive continuation prognosis under the general rules. Now, a positive forecast period until April 20, 2023 is sufficient under the new regulation.

The government draft[10] justified this reduction of the forecast period with current uncertainties in forecasts due to price volatilities and the continuation of such uncertainty for the foreseeable future as to the nature, extent and duration of the crisis, which means that forecasts can often only be based on uncertain assumptions. Considering that personal liability and criminal law risks for managing directors of such companies can often only be safely avoided by filing for insolvency, such insolvency filings would also affect companies whose ability to continue its business would be beyond doubt under normal circumstances (without the current price volatilities and uncertainties).

In parallel, the SanInsKG shortens the planning periods for own-administration proceedings (Eigenverwaltungsverfahren) and restructuring plan proceedings (Restrukturierungsplanverfahren) pursuant to section 270a (1) no. 1 of the InsO and section 50 (5) no. 2 of the StaRUG from six to four months. In view of the current forecast uncertainties, this change is intended to facilitate the planning of potential own-administration proceedings and court stabilization orders in cases where out-of-court restructuring measures are no longer sufficient.

The extension of the maximum time limit for an insolvency filing

As a rule, insolvency filings must be lodged immediately after the reason for filing for insolvency has arisen. However, if at the time an insolvency reason first arose, there is a reasonable prospect that such insolvency reason can be overcome, a maximum grace period of six weeks was previously applied in the case of over-indebtedness under section 15a (1) sentence 2 of the InsO. This maximum period has now been increased from six weeks to eight weeks by the SanInsKG. However, as in the past, this maximum grace period may only be exhausted for as long as there is a real and demonstrable prospect that the reason for over-indebtedness can indeed be overcome in the grace period. If this prospect does not (or no longer) exist, the insolvency filing must be lodged immediately, even under the SanInsKG.

No causality requirement

The application of the new rules does not require that the adverse developments on the energy markets and the uncertainty affecting a forecast actually led to the crisis in the individual case. According to the legislator almost all market participants are, at least indirectly, affected by the current conditions and defining a sufficient degree of impact in the individual case would lead to further uncertainties.

Temporary application

The adjustments under section 4 (2) sentence 1 of the SanInsKG only apply for a temporary period until December 31, 2023. However, if these temporary adjustments are not extended beyond December 31, 2023, or are not extended in good time ahead of their expiry, the actual relevant date for examining whether an insolvency filing should be made is likely to be earlier in 2023, namely as early as the beginning of September 2023. If, on September 1, 2023, the management determines that sufficient cash-flow is secured for four months but not for the planning period of twelve months that will again apply from January 1, 2024 going forward, it cannot be ruled out at present that de facto a planning period of twelve months will have to be applied again (and, if necessary, an insolvency filing must be made) as early as the beginning of September 2023 in order to avoid an allegation of a delayed filing at a later point in time.

The new rules have a direct impact on the managers of affected companies. In times of great uncertainty regarding energy and commodity prices, high inflation and difficulties in supply chains, the shortening of the planning period for the continuation prognosis will reduce the liability risk for managers based on a belated insolvency filing due to over-indebtedness. Nevertheless, in view of the fact that the adjustments may only apply for a short period of time and the continuing obligation to identify financial distress at an early stage in accordance with section 1 (1) of the StaRUG, managers must also keep an eye on longer planning periods in parallel and, if necessary, initiate restructuring measures at an early stage.

Also, measures to monitor and ensure full solvency continue to be relevant, as the obligation to file for insolvency due to illiquidity (Zahlungsunfähigkeit) continues to apply unchanged regardless of the SanInsKG. In addition, the adjustments directly affect only the provisions in the Insolvency Code on over-indebtedness as such and the maximum grace period for filing for insolvency on account of over-indebtedness. Other liability risks and criminal law offences, such as deceiving business partners about the possibility of settling future liabilities, are accordingly not excluded.

Business partners could also benefit from the temporary provisions, as they are generally no longer exposed to accusations of aiding and abetting the offence of delaying insolvency during the period in question when dealing with the debtor. However, the next few months will show whether lenders are also prepared to provide “fresh money” to a company that does not have to file for insolvency for the time being merely because of temporary exemptions from the filing obligation. In any case, the risk that new loans granted during the pre-insolvency crisis may be regarded as damages caused contra mores in the event of a subsequent insolvency cannot be eliminated without a sound formal restructuring opinion. The strict requirements for restructuring opinions, in turn, are likely to remain unaffected by the SanInsKG.

However, the shortened forecast period for over-indebtedness offers an opportunity for the scope of application of the stabilization and restructuring framework under the StaRUG. The number of companies that are subject to impending illiquidity (drohende Zahlungsunfähigkeit) but not yet over-indebted and can take advantage of the StaRUG could increase while the SanInsKG is in force. A company that is not fully financed for a period of twenty-four months is facing impending illiquidity. Previously, however, it was already over-indebted (and therefore subject to an obligation to file for insolvency) if the cash-flow was not secured for twelve months. The relevant time window for the use of the StaRUG was therefore twelve months. With the reduction of the planning period for cash-flow forecasts in the case of over-indebtedness to four months, the time window during which there is “only” impending illiquidity is therefore temporarily increased to twenty months.

Even if the adjustment of the forecast period makes sense for essentially healthy companies under the current crisis situation, in practice, the SanInsKG is likely to affect only a small group of companies. The insolvency reason of over-indebtedness without the parallel existence of illiquidity has historically always been the rare exception among the reasons for filing for insolvency. In the current situation, however, companies are often also experiencing an (acute) liquidity crisis due to rising production costs. As mentioned above, the obligation to file for insolvency in the case of illiquidity remains unchanged despite the SanInsKG. However, companies that are already working on effective solutions to counter the energy crisis in the medium term may benefit from the adjustment in the longer term.

Back to Top

______________________

[1] These figures are taken from the BMWK website: www.bmwk.de/Redaktion/DE/Publikationen/Aussenwirtschaft/investitionsprufung-in-deutschland-zahlen-und-fakten.pdf?blob=publicationFile&v=10.

[2] I.e. cases in which there is no national screening procedure (for example because the target company concerned does not have a subsidiary in Germany), but the BMWK has been notified exclusively by one or more other EU member states as part of the EU-wide screening mechanism.

[3] Status as of January 9, 2023, 39 cases filed in 2022 were still pending at that point in time, so the number may increase.

[4] This does not include cases where the acquirer withdrew the application for clearance prior to a decision by the BMWK and abandoned the proposed transaction.

[5] See, for example, www.sueddeutsche.de/politik/hamburger-hafen-cosco-china-1.5682148.

[6] See for example: www.zeit.de/wirtschaft/unternehmen/2022-11/elmos-bund-untersagt-verkauf-von-chipfabrik-an-chinesischen-investor?utm_referrer=https%3A%2F%2Fwww.google.com%2F.

[7] EU Regulation (EU) 2022/2560 of the European Parliament and of the Council of December 14, 2022 on foreign subsidies distorting the internal market; available in English at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022R2560&qid=1673254237527.

[8] Directive (EU) 2019/1151 of the European Parliament and of the Council of 20 June 2019 amending Directive (EU) 2017/1132 as regards the use of digital tools and processes in company law, OJ 2019 L 186/80.

[9] Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, OJ 2014, L 257/73.

[10] Amendment by the parliamentary groups of the SPD, Bündnis 90/Die Grünen and the FDP to the bill of the Federal Government – printed matter 20/2730, p. 3.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the developments discussed in this article. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s German corporate practice groups as listed below, or the authors:

Lutz Englisch (+49 89 189 33 150, lenglisch@gibsondunn.com)

Birgit Friedl (+49 89 189 33 122, bfriedl@gibsondunn.com)

Marcus Geiss (+49 89 189 33 115, mgeiss@gibsondunn.com)

Sonja Ruttmann (+49 89 189 33 150, sruttmann@gibsondunn.com)

General Corporate, Corporate Transactions and Capital Markets – Germany

Lutz Englisch (+49 89 189 33 150, lenglisch@gibsondunn.com)

Ferdinand Fromholzer (+49 89 189 33 122, ffromholzer@gibsondunn.com)

Markus Nauheim (+49 89 189 33 122, mnauheim@gibsondunn.com)

Dirk Oberbracht (+49 69 247 411 510, doberbracht@gibsondunn.com)

Wilhelm Reinhardt (+49 69 247 411 520, wreinhardt@gibsondunn.com)

Jan Schubert (+49 69 247 411 511, jschubert@gibsondunn.com)

Silke Beiter (+49 89 189 33 170, sbeiter@gibsondunn.com)

Aliresa Fatemi (+49 69 247 411 515, afatemi@gibsondunn.com)

Birgit Friedl (+49 89 189 33 122, bfriedl@gibsondunn.com)

Annekatrin Pelster (+49 69 247 411 521, apelster@gibsondunn.com)

The German Government adopted the draft of the 11th amendment to the Act against Restraints on Competition on 5 April 2023. The initial draft had been published by the German Ministry of Economic Affairs and Climate Action on 26 September 2022 (see our earlier client alert of 30 September 2022 here).

The ministry’s initial draft of the 11th amendment to the German Act against Restraints of Competition (“ARC”) (“initial draft bill”) triggered a broad public debate and has been criticized by various stakeholders, including some of the largest business associations. In particular, it has been criticized that the initial draft bill provided for unbalanced and overreaching additional powers for the German Federal Cartel Office’s (“FCO”), including an ultima ratio power to unbundle undertakings. These concerns have partly been addressed in the revised draft bill (“revised draft bill”). In particular the revised draft bill increases the threshold for the new ultima ratio powers compared to the initial draft bill. Still, the revised draft bill marks a substantial shift towards a new era of antitrust law enforcement, with extensive powers of the FCO to intervene in markets, even without a need to establish antitrust law infringements.

The main aspects of the revised draft bill include: (i) a revision of the sector inquiry tool and related interventional powers of the FCO; (ii) the facilitation of disgorgements of economic benefits; and (iii) the implementation of the DMA in the national framework of public and private enforcement.

New intervention powers of the FCO after completion of a sector inquiry

The FCO can conduct a sector inquiry if it suspects that competition in the market under investigation is restricted or distorted, unrelated to a specific competition law infringement. Such a sector inquiry is generally concluded with a report on the competitive conditions on the market under investigation. As of today, the FCO can only impose remedies if it finds that the restraint of competition is based on an infringement of antitrust law.

The revised draft bill gives power to the FCO to intervene on the market on which it was found that competition has been disrupted, even when there is no infringement of antitrust law. This would be an absolute novelty to German antitrust law.
The interventional powers of the FCO require that there is a “substantial and continuing distortion of competition on at least one market which is at least nationwide, on several individual markets or across markets”. This is supposed to clarify that the distortion of competition must have a certain intensity and cannot be only temporary. It marks one of the changes compared to the initial draft bill where a “significant, persistent or repeated distortion of competition” was required. The revised draft bill includes a non-exhaustive list of factors relevant for the assessment of a distortion of competition on the one hand, as well as the continuance of this distortion of competition (continued in the previous three years and is not expected to end in the upcoming two years) on the other hand.
If the FCO determines that there is a substantial and continuing distortion of competition, it can impose behavioral or structural remedies against one or more undertakings, including:
- Granting access to data, interfaces, networks or other facilities;
- Specifications to the business relationships between companies in the markets under review;
- Establishing transparent, non-discriminatory and open norms and standards;
- Requirements for certain types of contracts or contractual arrangements also with regard to the disclosure of information;
- Prohibition of unilateral disclosure of information that favors parallel behavior by companies;
- The organizational separation of corporate or business units; and
- As a ultima ration, the FCO may impose unbundling remedies on companies with a dominant market position and companies with paramount significance for competition across markets according to (the recently introduced) Sec. 19a ARC. In contrast to the initial draft bill, the revised draft bill does not provide for these remedies if a dominant position or paramount significance for competition across markets cannot be established. However, according to the revised draft bill, assets only have to be sold if the sales price is at least 50% of the price determined by an auditor that has been engaged by the FCO. If the actual sales price is below the price determined by the auditor, an additional payment in the amount of half of the difference between the audited value and the actual sales price has to be paid to the selling company from federal funds.

Additional / extended merger control after completion of a sector inquiry

As already provided for in the initial draft bill, the FCO can impose an obligation on specific undertakings to notify any future concentrations even if they do not meet (i.e. fall below) the regular merger control notification thresholds. This notification requirement can be imposed on companies if there are “objectively verifiable indications that future mergers could significantly impede effective competition in Germany in one or more of the economic sectors” specified in the sector inquiry report. A de minimis exception applies to transactions in which the buyer generated turnover with customers in Germany in its last completed financial year of less than EUR 50 million and/or the target of less than EUR 500,000. This “special notification obligation” expires after three years, but it can be extended.

Simplified disgorgement of economic benefits

Pursuant to the existing Sec. 34 ARC, in cases of an infringement of antitrust law, the FCO can order the disgorgement of profits achieved by a company as a result of an antitrust infringement. However, since the legal requirements for such a disgorgement are rather high, this provision has not been applied much in practice in the past.

The revised draft bill aims at facilitating the use of this instrument by the FCO. It holds that the FCO no longer has to prove an intentional or negligent infringement of antitrust law before making use of the disgorgement mechanism of Sec. 34 ARC. Further, the revised draft bills facilitates the establishment of economic benefits associated with antitrust infringements. If a violation of antitrust law is determined, the revised draft bill includes a presumption that the antitrust law infringement has resulted in an economic benefit for the concerned undertaking. The amount of the economic benefit can be estimated by the FCO, and there is even a legal presumption that at least 1% of the national turnover of the concerned company relating to the products and services affected by the antitrust law infringement are subject to disgorgement. A rebuttal of this presumption requires that neither the legal entity directly involved in the infringement nor its group generated a profit in the respective amount during the relevant period. However, the amount to be paid must not exceed 10% of the total turnover of the undertaking in the fiscal year preceding the decision of the authority.

Regarding the time frame in which the FCO can disgorge economic benefits, the revised draft bill retains the current legal status: The disgorgement of economic benefits may be ordered only within a period of up to seven years after the termination of the infringement and for a maximum period of five years. The initial draft bill provided a time period of ten years after the termination of the infringement with an unlimited disgorgement period.

Enforcement of the EU Digital Markets Act (DMA)

As already included in the initial draft bill, the revised draft bill is intended to establish the legal basis for enforcement of the DMA in Germany. The FCO will be able to conduct investigations with regard to violations of the DMA. However, the FCO can only conduct investigations. The results of the investigations shall be forwarded to the European Commission. The FCO has no powers of its own to sanction non-compliance with the DMA.

In addition, private enforcement of the DMA will be facilitated. The civil law enforcement mechanisms are inspired by the enforcement mechanisms of the EC’s cartel damage claim directive. In particular, final decisions of the European Commission finding a violation of the DMA will have binding effect in damages proceedings before German courts.

The revised draft bill does not include any changes compared to the initial draft bill with regard to the provisions relating to the enforcement of the DMA.

Outlook

The revised draft bill has to take another step in the legislative process by passing the German Parliament [Bundestag] and the German Federal Council [Bundesrat]. There also is still no clarity yet as to when the revised draft bill will enter into force, but it is expected to come into force still this year.

As already mentioned in the previous Client Alert (available here), the competent Ministry is already working on a draft 12th amendment of the German Competition Act with a focus on establishing more legal certainty for sustainability cooperation between companies as well as stronger consumer protection.

The following Gibson Dunn lawyers assisted in preparing this client update: Georg Weidenbach, Kai Gesing, Jan Vollkammer, and Elisa Degner.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders or members of the firm’s Antitrust and Competition practice group:

Kai Gesing – Munich (+49 89 189 33 180, kgesing@gibsondunn.com)
Georg Weidenbach – Frankfurt (+49 69 247 411 550, gweidenbach@gibsondunn.com)
Christian Riis-Madsen – Co-Chair, Brussels (+32 2 554 72 05, criis@gibsondunn.com)
Ali Nikpay – Co-Chair, London (+44 (0) 20 7071 4273, anikpay@gibsondunn.com)
Rachel S. Brass – Co-Chair, San Francisco (+1 415-393-8293, rbrass@gibsondunn.com)
Stephen Weissman – Co-Chair, Washington, D.C. (+1 202-955-8678, sweissman@gibsondunn.com)

Under the United Nations Convention on the Recognition and Enforcement of Foreign Arbitral Awards (“New York Convention”; Art. 5 Art. V (2) lit. b)) and German law (Section 1059 of the German Procedural Code (“ZPO”), corresponding to Article 34 UNCITRAL Model Law), state courts are, in principle, prohibited from fully reviewing an arbitral award on the merits (prohibition of a révision au fond). German state courts can only examine whether the arbitral award violates German public policy (ordre public). The traditional standard applied in this context has been whether the recognition and enforcement was “obviously incompatible with essential principles of German law”.

Overview

While in its decision of September 27, 2022, Case No. KZB 75/21, the Cartel Senate of the German Federal Court of Justice (“BGH”) implicitly reaffirmed the jurisdiction of arbitral tribunals over alleged violations of certain antitrust provisions, it also held that arbitral awards in case of alleged violations of such provisions are subject to a full judicial review on the merits by the state courts, thus in practice diluting the general prohibition of a révision au fond. In other words, while the ruling strengthens arbitration agreements in relation to a potentially anti-competitive behavior, the German courts will review awards like they would with state court decisions to ensure compliance with German public policy. Although the BGH’s decisions was rendered in a setting aside procedure, it is very likely that it would also apply to proceedings on the recognition and enforceability of an arbitral award.

Factual Background

Respondent is the owner of a quarry leased to Claimant. Respondent terminated the lease agreement with Claimant as threatened after Claimant – contrary to Respondent’s “suggestion” – did not merge with another company. Subsequently, the German Federal Cartel Office (“BKArtA”) imposed a fine on Respondent for violating Section 21 (2) No. 1 of the German Act against Restraints of Competition (“GWB”).

Respondent, nonetheless, initiated arbitration proceedings against Claimant for eviction from the property and re-terminated the lease agreement. The arbitral tribunal in its award ruled that Claimant had to vacate the property, because the second termination validly terminated the lease. The tribunal found that the second termination did not violate Section 21 (2) No. 1 GWB.[1]

Claimant then requested before the Frankfurt Higher Regional Court to set aside the arbitral award. The Frankfurt Higher Regional Court, however, dismissed this motion (decision of April 22, 2021 – 26 Sch 12/20). It ruled that, although the provisions of Sections 19, 20, 21 GWB were part of the substantive public policy (ordre public), the arbitral award would not obviously violate antitrust provisions.

The Decision of the German Federal Court of Justice

Upon Claimant’s further appeal, the BGH ruled that an arbitration award relating to antitrust provisions is effectively subject to a full judicial review on the merits by the state courts, with regard to both the factual findings and the interpretation of antitrust law. It put forward the following reasons:

Sections 19, 20 and 21 GWB which allow the cartel authorities to prohibit (and ultimately fine) certain anti-competitive behavior are fundamental rules of the German legal system and protect not only the interests of the parties, but also the public interest of effective competition in markets for goods and services. If such fundamental rules are in question, the prohibition of a révision au fond does not apply. Thus, the recognition and enforcement of arbitral awards is excluded if Sections 19, 20, 21 of the GWB have been applied incorrectly.
Unlike in state court proceedings, in arbitration proceedings the public interest in effective competition is neither sufficiently protected by the cartel authorities and their enforcement proceedings, nor by the European Court of Justice. Only state courts are entitled to refer a matter to the ECJ to obtain its decisions on the binding interpretation of European anti-trust law. Arbitral tribunals, in contrast thereto, are not entitled to make such a referral.
Sections 19, 20, 21 of GWB require a more extensive scrutiny because such matters are regularly characterized by complex factual and legal circumstances.
A full judicial review by state courts is in line with the intention of the legislator: By eliminating the old Section 91 GWB (according to which certain contracts with anti-competitive effect were not arbitrable) in 1997, the German legislator wanted to ensure that arbitral tribunals considered violations of competition law in the same way as state courts, and that subsequently arbitral awards were fully reviewed in terms of their compliance with competition law in recognition and enforcement proceedings.

In the case at hand, this full judicial review concluded that the arbitral award had violated the German ordre public, because the arbitral tribunal had failed to apply antitrust law correctly. The termination of the lease agreement had violated Section 21 (2) GWB.

Relevance of This Ruling for Arbitration in Germany, and Further Perspectives

This ruling is the first ruling of the BGH which allows a full judicial review of arbitral awards in the case of potential violation of fundamental rules of the German legal system. This category is new and had not played any role in the recognition and enforcement of arbitral awards (both under Section 1059 ZPO and Art. 5 Art. V (2) lit. b ) in the past. Also, the BGH seems to have effectively abolished the statutory requirement that such violations have to be obvious.

It is unclear what other provisions are fundamental rules of the German legal system, or whether such rules only originate from the sphere of antitrust law; this remains to be seen in the future. In light of the murky standards the BGH seems to apply in this respect, German courts are in jeopardy to step out of line with the state courts in other jurisdictions when it comes to granting arbitral awards recognition and enforceability. However, it is also well possible that this decision of the Cartel Senate of the BGH is an “outlier”. It is difficult to imagine that the Senate of the BGH, which normally has the BGH-internal jurisdiction over the review of arbitration cases, would go as far as the Cartel Senate and dilute the prohibition of révision au found in a similar way.

_____________________________

[1] Sec. 21 (2) GWB: “Undertakings and associations of undertakings may not threaten or cause disadvantages, or promise or grant advantages, to other undertakings in order to induce them to engage in [anti-competitive] conduct…”

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these issues. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s International Arbitration practice group, or the following authors:

Finn Zeidler – Frankfurt (+49 69 247 411 530, fzeidler@gibsondunn.com)
Annekathrin Schmoll – Frankfurt (+49 69 247 411 533, aschmoll@gibsondunn.com)

Please also feel free to contact the following practice leaders:

International Arbitration Group:
Cyrus Benson – London (+44 (0) 20 7071 4239, cbenson@gibsondunn.com)
Penny Madden KC – London (+44 (0) 20 7071 4226, pmadden@gibsondunn.com)
Jeff Sullivan KC – London (+44 (0) 20 7071 4231, Jeffrey.Sullivan@gibsondunn.com)

Click for PDF

Once more, 2021 demonstrated that constant change should become your friend and ally. After a second year of global uncertainty caused by the formidable challenges of the COVID-pandemic, we all long for a return “back-to-normal.” However, chances are that 2022 will continue to present drastic and unpredictable challenges.

Let us start with the consequences of the pandemic that are already visible: Instead of bringing the world together to fight the global challenge, each country has chosen its own approach, ranging from very restrictive policies with modest vaccination rates such as in China to an approach that strives to push vaccination rates to the maximum in order to stay open for business such as in Israel.

The pandemic has also brought back big government: State-imposed restrictions significantly impact our private lives and the business community. Hundreds of billions of dollars have been disseminated to mitigate the effect of the crisis, all managed through state aid or state subsidies. Further do’s and don’ts are imposed by the national sanctions regimes which have become the new weapon of choice in the battle for economic and military supremacy.

As if this was not enough, at a time when Government budgets have exploded and corporate debt levels are at historic peaks in various countries, inflation – a term forgotten for almost a generation – made a spectacular comeback. While experts still disagree whether this is an episode or a trend, the economy and private consumers are already suffering from rising asset prices, and it would seem only a matter of time until the party of cheap and easy money will be a thing of the past.

You still want more? Add some autocratic and eternal state leaders to the mix (China, Russia, Belarus), a few more instable countries striving to achieve nuclear arms capacities (Iran, North Korea), countries plagued by armed conflict (Afghanistan, Iraq), then raise the world’s temperature levels by two or more degrees through climate change, and you might be heading for the kind of explosive cocktail that could make your nightmares come true.

As lawyers, nonetheless, we truly believe that change is our friend. We consider ourselves agents of change: In our Corporate Transactions and related practices, we help transform the corporate world through acquisitions, mergers and disposals. Our Data Privacy & Technology practices explore the boundaries of new technologies whilst protecting vulnerable data and our Regulatory practices and litigators help shape the legal and regulatory landscape that will become the level playing field for tomorrow’s businesses.

We must resist the sort of short-term fears that others might justifiably feel in light of all the threats around us. We also are well-advised to fight any complacency that comes with decades of peace and prosperity that most of us have enjoyed until now.

We embrace the opportunities of change and seek to influence developments that will make the world a better and fairer place, through good lawyering of positions that we believe are proper and just, by facilitating the transition from one technological era to another, but also through our many pro bono efforts that focus on other important matters that fall outside of the scope of big business or big law, and we fight for cases and causes which could easily be forgotten without pro-bono efforts.

With this in mind, we have again prepared this year’s legal update on German law developments, which are equally reflective of significant changes: The advent of a new coalition government under Chancellor Olaf Scholz inaugurated on December 8, 2021 after sixteen years of Angela Merkel’s tenure, the fundamental change of the German economy to a more climate friendly industry, and the awakening to long forgotten security threats posed by Russia and other aggressive autocracies and kleptocracies.

As one of the largest economies in the world, Germany cannot and should not stay passive and wait for others to shape the future. Therefore, embrace the legal changes we present below as a sign of things to come and as good faith efforts to shape the future in times of great uncertainty. Amidst all the change and the many challenges we face, some things remain as they were, however. We have therefore again focused our topical updates on three questions: What’s new? Why is it relevant? What’s next?

We hope you will find this update helpful in all your dealings with Germany next year and beyond. We are grateful for all the opportunities you gave us in the past year to work with you to solve your most important and sensitive issues. We look forward to continue changing the world together with you in the years to come.

_________________________

Table of Contents

1. Corporate, M&A

2. Tax

3. Financing & Restructuring

4. Labor and Employment

5. Compliance & White Collar

6. Data Privacy & Technology

7. Antitrust & Merger Control

8. Litigation

9. International Trade / Sanctions

_________________________

1. Corporate, M&A

1.1 Recent Reform of the Legal Framework for Civil Law Partnerships and other Commercial Partnerships

On June 25, 2021, the German legislator adopted the Act on the Modernization of the Law on Partnerships (Gesetz zur Modernisierung des Personengesellschaftsrechts – MoPeG). While the new law will only enter into force on January 1, 2024, this reform will result in a number of changes which civil law partnerships (Gesellschaft Bürgerlichen Rechts, GbR – “Civil Partnership”) and their partners, but also other forms of commercial partnerships and their partners, ought to be aware of in order to be prepared for the new legal regime.

Consequently, we highlight below a number of selected changes which we would consider to be of particular interest for general industrial players but also for real estate investors who often choose to operate via partnership structures in Germany:

a) Registration of Civil Partnerships

Under the new law, Civil Partnerships will have the option, and in some cases the need, to seek registration in a newly introduced company register (Gesellschaftsregister) maintained by the local courts (Amtsgerichte). Such registration in the public commercial register (Handelsregister) is already mandatory for both (i) corporations such as the GmbH (private limited liability company) or the AG (stock corporation), as well as (ii) commercial partnerships such as the OHG (commercial open partnership with only personally liable partners) or the KG (limited partnership).

This new company register will be particularly relevant for Civil Partnerships that own real estate because their registration in the new company register will be mandatory after January 1, 2024, the current grace period, as soon as there are any legal changes triggering registration in any of the existing registers (e.g. encumbrances or changes in real estate ownership in the land register (Grundbuch)).

Newly incorporated Civil Partnerships who acquire real estate will always require registration in the new company register after the entry into force of the MoPeG based on the above rationale.

Similarly, the position of a Civil Partnership as a shareholder of a limited liability company or as a named shareholder (Namensaktionär) in a stock corporation will trigger the need for registration in the new company register for the Civil Partnership.

If registered, Civil Partnerships must use the abbreviation “eGbR” (eingetragene Gesellschaft bürgerlichen Rechts – Registered Civil Partnership). The registration in the new company register will also increase the level of information available to the public on such registered Civil Partnerships significantly: The filing for registration will have to contain full personal or corporate details of all partners, the details of their representation powers and a confirmation that the relevant partnership is not yet registered in the commercial register or the partnership register (Partnerschaftsregister).

In particular in real estate transactions, where the use of Civil Partnerships is relatively common, such increased transparency on the particulars of the partners and their representation powers will be welcome.

Finally, the registration of a Civil Partnership in the new company register will also result in the need for its partners to disclose information on the registered Civil Partnership’s ultimate beneficial owners in or to the German transparency register (Transparenzregister).

b) Confirmation of Permanence of the Seat of Partnership

The MoPeG brought another welcome and long overdue clarification: The new law clarifies that all German partnerships have their corporate seat either at the place where their business is actually conducted (Verwaltungssitz) or – in case of both registered Civil Law Partnerships and commercial partnerships – at a contractually fixed place in Germany (Vertragssitz), irrespective of the place where the relevant partnership’s business is actually conducted.

Due to the specifics of German partnership law, there had always been some doubt over whether commercial partnerships, which are registered as such in the existing German commercial register, might lose their status as German commercial partnerships (and thus potentially their liability limitations) if they are managed entirely from abroad because they are deemed to no longer be German-based. This statutory confirmation of the permanence of a partnership’s chosen seat means that this dogmatic discussion is now settled. German corporate law remains applicable to partnerships for as long as their chosen contractual seat remains in Germany, irrespective of the factual place where managerial decisions are taken. Consequently, limited partnerships with foreign partners or managed from abroad no longer have to fear that such foreign management may invalidate or otherwise question their limitation of liability under German law. Going forward, the German partnerships concerned are thus free to operate predominantly or entirely abroad.

c) Qualification under the German Conversion Act (Umwandlungsgesetz, UmwG)

The reform also clarifies that Civil Partnerships can in the future be transformed into other corporate formats or merged into other entities by way of universal legal succession. One requirement for such conversion will, however, be a prior registration of the Civil Partnership in question in the new company register.

d) Key Changes for Commercial Partnerships

The reform also introduces certain changes that apply to commercial open partnerships or limited partnerships in Germany. Chief among them are increased information rights for limited partners, new rules on the determination and distribution of profits to the partners and provisions on the taking of partner resolutions and the consequences of defective partner resolutions.

e) Outlook

Existing Civil Partnerships should familiarize themselves with the reform with a view to (i) identifying any necessary or opportune amendments to their partnership agreements and (ii) potential issues related to a future registration in the respective company register. They should assess whether their business activities are of a nature that makes registration either opportune or legally required.

The changes to the law for commercial partnerships may, at first sight, appear less fundamental or far-reaching. Nevertheless, the interim period until December 31, 2023 should also be used to ascertain to which extent existing partnership agreements may need to be revised to either reflect some or all of these changes or to opt out of the new law that might otherwise apply.

Back to Top

1.2 Did Brexit Spell the End for UK Limited Companies in Germany?

Once the UK opted to leave the European Union, the continued existence and legal qualification of British private limited companies with an administrative seat in Germany became the subject of intense legal speculation and debate: Would German courts continue to afford such UK companies the protection of the EU Company Law Directive (Directive (EU) 2017/1132 – the “Company Law Directive”) and the freedom of establishment (Art. 49, 54 AUEV) or would they default back to the “corporate domicile theory” (Sitztheorie) for UK companies in the way they do for other non-EU companies that are not governed by relevant bilateral treaties?

On February 16, 2021, the German Federal Supreme Court (Bundesgerichtshof, BGH) (no. II ZB 25/17) ruled on the above question for the first time and held that the Company Law Directive and the freedom of establishment (Art. 49, 54 AUEV) will no longer apply to a UK limited company as a result of Brexit. The BGH’s judgment suggests that the court will continue to apply the traditional German corporate domicile theory to non-Member States and that it now considers the United Kingdom a non-Member State. Accordingly, the choice of the applicable company law for companies from a non-Member State depends, from a German law perspective, on the administrative seat of the company. In other words, German law will apply to UK companies with a German administrative seat.

It then follows that UK companies with a German administrative seat would, due to their lack of compliance with the incorporation formalities applicable to German corporations, regularly be reclassified either as a German civil law partnership (GbR) or as a commercial open partnership when operating a commercial enterprise (OHG). The partners in both of these partnerships are generally faced with unlimited personal liability. The resulting risks arising from such a corporate reclassification for the owners of UK limited companies which are active in the German market are obvious.

UK limited companies with elements of their decision making powers or administrative headquarters in Germany are thus well advised to restructure their company to avoid personal liability risks for the limited company’s shareholders. The required measures may include (i) a transfer of the effective administrative seat to the United Kingdom, (ii) the transfer of the business operations of the UK Limited to another new or existing German limited liability company (i.e. GmbH) or a German entrepreneurial company with limited liability (UG haftungsbeschränkt) by way of asset deal or (iii) under certain specific circumstances, a cross-border merger of the relevant UK Limited into a limited liability company of one of the other EU Member States.

Which one of the above options is the most suitable approach for any given company must be thoroughly considered in each case and will also depend on tax considerations and/or the business in which the respective company trades in.

Back to Top

1.3 Further Revision of the German Foreign Direct Investment Law – An Ongoing Exercise?

As already predicted in Section 1.3 of our 2020 German Year-End Alert, 2021 saw another significant expansion of the scope of the German Foreign Trade and Payments Ordinance (Außenwirtschaftsverordnung, AWV) by incorporating 16 new business sectors into the cross-sectoral review that are considered critical. In addition to the sectors already included in the AWV, a mandatory filing is now also required if a German M&A transaction target operates in one of these new sectors and the investor intends to acquire more than 20% (compared to 10% applicable to the “old” sectors) of its voting rights. These newly introduced sectors include satellite systems, artificial intelligence, robots, autonomous driving/unmanned aircrafts, quantum mechanics, and critical materials and broadly reflects the sectors mentioned in the EU Screening Regulation. The total number of “critical sectors” which require a mandatory filing has now increased to 27.

The revision also extended the sector-specific review (in particular with respect to defense-related activities). This is relevant to all non-German investors, even if they are located in the EU/EFTA. The following are now included: (i) all products of Part I Section A of the German Export List including their modification and handling, (ii) military goods/technologies that are based on restricted patents or utility models and (iii) defense-critical facilities.

In addition to expanding the scope of the foreign direct investment (“FDI”) review, the 2021 AWV revisions led to certain procedural changes and clarifications, including the following:

Additional mandatory filings are required, if the investor acquires additional voting rights and exceeds certain thresholds (e.g., 25%, 40%, 50% and 75%, in case of the initial threshold of 20%, or 20%, 25%, 40%, 50% and 75% in case of the initial threshold of 10%).
The application for a certificate of non-objection (Unbedenklichkeitsbescheinigung) is not available if the transaction is subject to mandatory filing requirements.
The German Ministry for Economic Affairs (BMWi) may review transactions falling below the relevant voting rights threshold, if so-called atypical control rights are granted to the investor (e.g. granting the investor an additional board seat or veto rights and/or access to particular information). This, however, does not trigger a mandatory filing requirement but allows the BMWi to investigate the transaction ex officio for five years post-signing.
Individual investors may be considered as acting together in certain acquisition structures involving purchasers from the same country.

Since April 2020, the German FDI regime faced three substantial revisions, which led to a significant increase in case load for the BMWi. Many EU Member States have implemented or amended their FDI regimes in light of the EU Screening Regulation and the EU cooperation mechanism. This has led to a solid information flow between the European Commission and the EU Member States. Investors are therefore well-advised to conduct a multi-jurisdictional FDI analysis as early as possible in the M&A process. The risk of potentially severe legal consequences for gun jumping (including imprisonment) requires a thorough advance assessment.

For further details please refer to our client alert on the topic from May 2021.

Back to Top

1.4 German Transparency Register: Expiry of Transition Periods for Registration of Beneficial Ownership Information

Effective as of August 1, 2021, the German transparency register, which was introduced in 2017 as part of EU measures to combat money laundering and terrorist financing, has finally been upgraded to a genuine public register for information on a beneficial owner. A beneficial owner is an individual (natürliche Person) who directly or indirectly owns or controls more than 25 per cent of the share capital or voting rights in the relevant entity.

Previously it was not a requirement to file beneficial ownership information with the German transparency register if the information was already available in electronic form in other public German registers – for example through shareholder lists retrievable from the commercial register or because the registered managing directors of the German subsidiary were deemed to be beneficial owners absent individuals controlling the parent. Now all legal entities (juristische Personen) and registered partnerships under German private law are required to file beneficial ownership information for registration with the German transparency register. If there is no beneficial owner, the legal representatives, managing shareholders or partners must be registered with the German transparency register as deemed beneficial owners, irrespective of their registration in another German public register.

The (staggered) transition periods for entities that had to file for the first time due to the new rules will expire (i) on March 31, 2022 (for stock corporations (Aktiengesellschaft, AG), European stock corporations (Societas Europaea, SE) and partnerships limited by shares (Kommanditgesellschaft auf Aktien, KGaA)), (ii) June 30, 2022 (for limited liability companies (Gesellschaft mit beschränkter Haftung, GmbH), cooperatives (Genossenschaften), European cooperatives (europäische Genossenschaften) and partnerships (Partnerschaftsgesellschaften)) and (iii) December 31, 2022 (for all other legal entities and registered partnerships). Although there is a further leniency period of one year following the aforementioned filing deadlines, in which no administrative fines shall be imposed on the relevant entities, international groups in particular should confirm with their German operations to ensure a timely filing of the required beneficial ownership information with the transparency register. It is important to bear in mind that the above transition periods do not apply in case the change occurs after August 1, 2021: Accordingly, any new managing directors deemed to be beneficial owners should also be registered immediately in the transparency register to avoid an administrative fine.

Finally, in this context it is also important to note that since August 1, 2021, the obligations of foreign entities and trustees residing or headquartered outside of the EU to file beneficial ownership information for registration in the German transparency register have been significantly expanded. In particular, if German real property is involved in a transaction, the rules now not only capture asset deals but also direct and indirect share deals. These new filing obligations should be taken into due consideration by all companies planning to – directly or indirectly – acquire real property in Germany in 2022 in order to avoid any unexpected delays of the transaction due to missing filings.

For a more detailed analysis we refer to our specific client alert on the topic in June 2021.

Back to Top

1.5 New Requirements for the Corporate Governance and External Audit of Listed German Companies in the Aftermath of the Wirecard Scandal

As a reaction to the seismic shake of public confidence in the effectiveness of the internal and external governance and control systems of German public companies following the spectacular collapse of German Dax listed Wirecard, the German legislature has adopted the Act on Strengthening the Financial Market Integrity (Finanzmarktintegritätsgesetzt – FISG). The FISG entered into force on July 1, 2021. This law establishes a number of new requirements designed to enhance the corporate governance and external audit of listed German companies as well as other public-interest companies which clients would be well advised to familiarize themselves with as some of them may necessitate changes to the constitutional documents of the affected listed German companies and other public-interest companies.

For a more detailed analysis of these changes, please see our client alert on the topic in June 2021 and Section 1.2 in last year’s German Year-End Alert.

Back to Top

1.6 ESG – What’s Next? The Delayed EU Initiative on Sustainable Corporate Governance

Sustainability and social responsibility are continuously attracting awareness and gaining in importance. One encounters these issues in a wide variety of areas, from everyday errands such as grocery shopping to complex processes such as corporate governance. The current legislative initiative on Sustainable Corporate Governance (2020/2137 INI of the European Commission, the “Initiative”) by the European Commission is aimed at ensuring that companies focus on long-term sustainable value creation rather than short-term benefits and would be subject to a broader set of policies under the EU Green Deal.

The Commission was originally set to adopt the Initiative in December 2021. After public consultation was completed in early 2021, and after an initial delay due to the rejection of the underlying impact study by the EU Regulatory Scrutiny Board, pressure has increased on the Commission to act soon. On December 8, 2021, an open letter signed by 47 civil society and trade union organizations was sent to the President of the European Commission, Ursula von der Leyen. Publication of the proposed legislation is now expected for early 2022.

According to the inception impact assessment (a project plan setting out the elements for new legislation) by the Commission, the Initiative is expected to impose a combination of the following corporate and directors’ duties with a view to requiring (i) companies to adhere to the “do no harm” principle and (ii) directors to integrate a wider range of sustainability interests, such as climate, environment and human rights, into their business decisions:

Due diligence duty: The due diligence duty for companies operating in the EU would require them to “take measures to address their adverse sustainability impacts, such as climate change, environmental, human rights […] harm in their own operations and in their value chain by identifying and preventing relevant risks and mitigating negative impacts” to identify and prevent relevant risks for climate, environment and human rights; and
Duty of care: The duty for company directors would oblige them to take into account stakeholders’ interests “which are relevant for the long-term sustainability of the firm or which belong to those affected by it ([such as] employees, environment, other stakeholders affected by the business)”. Companies’ strategies under these requirements would need to be implemented “through proper risk management and impact mitigation procedures”.

It remains to be seen how and to what extent the Commission will implement these plans. Especially the suggested duty of care for management was met with criticism from Nordic countries such as Denmark, Finland, Estonia and others.

In Germany, ESG is – at least, to a certain degree – already part of corporate law: Certain disclosure obligations contained in the German Commercial Code (Handelsgesetzbuch, HGB), which originated from the EU Corporate Social Responsibility Directive, and the new German Act on Corporate Due Diligence in Supply Chains (Lieferkettensorgalfspflichtengesetz, LkSG), which will come into effect in 2023 (regarding the LkSG see below section 5.2), are two such examples. Furthermore, the – non-binding – German Corporate Governance Code (Deutscher Corporate Governance Kodex) covers the issue of sustainability and states that companies have ethical, environmental and social responsibilities for their employees, stakeholders and the community, deviating from the narrow shareholder value towards the broader stakeholder value principle.

The political trends in Germany point towards increased support for an initiative on social corporate governance: the 2021 coalition agreement of the newly elected German government between the Social Democratic Party (SPD), the Green Party (Bündnis 90/Die Grünen) and the Liberal Democratic Party (FDP) has placed strong emphasis on sustainability (the word appears more than 100 times in the 170-page agreement) and the protection of the environment. The document expressly states support for a “Corporate Sustainability Reporting Directive”.

Given the suggested scope of the Initiative, companies should be prepared to take not only economic, but also environmental and social responsibility along the entire value chain seriously and implement respective processes throughout their operations. For example, in order to comply with the proposed due diligence duty and the duty of care, companies would likely be required to adapt newly tailored decision-making processes, taking into account aspects such as sustainable corporate governance, climate protection, resource conservation, data responsibility, human rights, integrity and compliance, supply chain and corporate citizenship.

Back to Top

2. Tax

2.1 Tax Policy Program of the New Coalition

In the coalition agreement presented on November 24, 2021, the incoming government coalition of the Social Democratic Party (SPD), the Green Party (Bündnis 90/Die Grünen) and the Liberal Democratic Party (FDP) presented a tax policy program for the new governmental legislative period.

The program sets out the guidelines and statements of intent for the future tax policy for the next four years, but does not include any detailed or concrete tax law changes. Contrary to what had been announced by the SPD and the Green Party before the election, under the new tax policy program no wealth tax or increase in inheritance tax are anticipated. In addition to minor improvements to the offsetting of losses and to the preferential tax treatment for retained earnings, the coalition announced an obligation to report purely national tax arrangements for companies with sales of more than EUR 10 million. Under current law, a reporting obligation only exists for tax arrangements in cross-border transactions (known as DAC 6 reporting).

Other measures worthy of mention include the addition of an unspecified “interest rate cap” to the interest barrier rule, the expansion of withholding taxation, in particular, through the amendment of double taxation agreements, a renewed legislative amendment of real estate transfer tax in case of share deals, the intensification of the fight against tax evasion, money laundering and tax avoidance, and active support for the introduction of a global minimum taxation under the OECD initiatives.

With the coalition agreement, the coalition made it clear that there is no intention to reduce or increase corporate income tax, the solidarity surcharge or the income tax rate for individuals. Further details are currently unclear and reserved for future legislative initiatives.

Back to Top

2.2 Revision of the Anti-Treaty Shopping Rule

For the third time in recent years, the European Court of Justice (case C-440/17) has ruled that the German Anti-Treaty Shopping provisions are not in compliance with EU law. The Anti Treaty Shopping provisions are relevant for cross boarder payment of, inter alia, dividends, interest and royalties where the parties of such payments rely on reduced withholding tax rates on such payments under an applicable double taxation treaty.

With effect for all open cases the German legislator amended the existing Anti-Treaty Shopping provisions on June 2, 2021 and implemented a two-step approach and the possibility to rebut any presumption of treaty abuse. The two step approach consists of a shareholder and an activity test. Under the shareholder test (look-through approach) treaty abuse would be presumed where the shareholder of a foreign entity that receives the cross-border payments would not be entitled to the same benefits claimed by the foreign entity if the shareholder of that entity received the payments directly. Under the activity test a foreign entity would not be entitled to treaty benefits if the source of its income subject to withholding tax does not have a material link or connection with the foreign entity’s own activity. A simple pass through of income to shareholders or activities that lack physical substance do not qualify as sufficient economic activity. If both tests fail, the presumption of treaty abuse can be rebutted if it can be proven that none of the main reasons for interposing the foreign entity was to obtain a tax advantage.

The new rule results in a significant tightening of the conditions to benefit from a reduced withholding tax rate under an applicable double taxation treaty. The shareholder test to be passed would effectively be limited to shareholders that are resident in the same country as the foreign entity that receives the payment. The preconditions for the activity test are still unclear and require further guidance by the tax authorities. The main purpose exception, under which “none of the main reasons” for the interposition of an entity was to obtain a tax advantage is not limited to withholding tax considerations, or even to German tax considerations, which significantly limits the ability to successfully rely on the rebuttal exception.

Foreign investors with income from German sources should review their structures to determine whether reduced withholding tax rates under an applicable double taxation treaty can still be claimed under the amended rules.

Back to Top

2.3 New German Check-the-Box Rules

In Germany, corporate entities are subject to corporate income tax and local trade tax. The combined tax load typically ranges between 30% and 33%. Partnerships are subject to trade tax in the same way as corporate entities. However, as partnerships are treated as transparent for income tax purposes, profits of a partnership are automatically deemed to be distributed to the partners and are subject to the income tax rate that may be applicable at the level of an individual partner of up to 45%. Profits of a corporation are taxed at shareholder level only upon dividend distribution, which – in contrast to partnerships – has a tax deferral effect at shareholder level until a distribution is made.

To mitigate such unequal tax treatment, the new check-the-box rules allow for an option for partnerships to be taxed as corporate entities. The election would have to be made before the beginning of the fiscal year for which the election becomes valid. For legal purposes, the partnership would still be treated as a partnership. The election to be treated as a corporate entity for income tax purposes would need to be made by the partnership with approval from all partners (unless the partnership agreement provides for a 75% majority). After the election, the relationship between the partners in the partnership would be governed by the rules regarding the relationship between a corporate entity and its shareholders, i.e., the taxation of dividends and deemed dividends (including withholding tax consequences) would need to be considered.

An election needs to be clearly analyzed in order not to trigger other negative tax consequences. An election may lead to a forfeiture of net operating losses at partnership level and may trigger real estate transfer tax for past reorganizations. Non-EU limited partners may suffer capital gains tax upon election and, even if a capital gains tax upon election is avoided, there would be a seven year holding period for shares after the election becomes effective.

Due to the possible negative side effects of such election, it remains to be seen whether the new check-the-box rules will be a successful tax planning alternative for partnerships in the future.

Back to Top

3. Financing & Restructuring

3.1 LIBOR Cessation: Impact on Existing Loan Agreements

In most European financings, when calculating interest rates for floating rate loans or other instruments, the interest rate has historically been made up of (i) a margin element, and (ii) an inter-bank offered rate (IBOR). Most prominent IBORs used in European financings are USD LIBOR and LIBOR for loans denominated in USD and GBP, respectively, and EURIBOR for euro-denominated loans. In the aftermath of the LIBOR scandal that surfaced in the year 2016 and the manipulation of this rate by certain market participants, regulators have decided to discontinue and replace such rates by alternative risk-free rates. While IBOR reference rates are determined on the basis of quotations provided by a small group of market participants of their expected refinancing costs (and therefore are look-forward in nature), risk-free rates are based on active, underlying transactions. The cessation of LIBOR for GBP loans will take place by the end of 2021. For USD loans, only the reference rates for certain limited tenors will cease to be published as at such date, while the majority USD LIBOR rates will continue in effect until June 30, 2023, thus giving the market additional time for transition to alternative interest rates.

In the absence of statutory fallback solutions, upon the cessation of the relevant IBOR, the fallback provisions incorporated into the relevant loan documentation (if any) will apply in the first instance. Given that these themselves usually refer to the same IBOR (but different tenors or determined as of a different point in time), it is not unlikely that the applicable interest rate will eventually be based on the costs of funds of the relevant lenders as ultimate fallback provision for lack of other alternatives. From a borrower’s perspective, calculating the interest rate on the basis of the actual costs of funds provides much less certainty as regards funding costs than a reference-rate-based approach. Borrowers should therefore seek to enter into negotiations with their lender with a view to amending their financing agreements by replacing IBOR-based interest rates with risk-free rates. Regarding the specific risk-free rates to be used, in the UK financing space, the market has settled on SONIA (Sterling Overnight Index Average) compounded daily on a look back basis as the replacement reference rate to GBP LIBOR while in the U.S., the Secured Overnight Financing Rate (SOFR) appears to be the reference rate of choice for most financings.

However, there is still quite a lot of movement and room for development as these risk-free rates evolve, including the development of a look-forward “term SOFR”. Consequently, other or additional rates may yet become customary in the future. Regardless of whether these or other alternative rates are used, amending the interest rate provisions in existing loan agreements generally requires the borrower and the lenders to agree any alternative rate subject to the amendment and waivers provisions applicable to the financing. This will usually require a majority lenders’ decision, thus requiring the consent of two thirds of lenders’ commitments. Prompt action is thus required for borrowers unless specific contractual safeguards sufficiently taking into account the borrower’s interest have already been incorporated.

While discussions have started regarding a discontinuation and replacement of EURIBOR as well, such developments are still in their early stages and no definite timeline for such interest reference rate cessation has been determined. Thus, there currently is no need to specifically address such issue for EURIBOR-based loans at this point in time.

Back to Top

3.2 Avoidance of Transactions Due to Intention to Prejudice Creditors – A Turning Point?

After years of handing down relatively avoidance-friendly rulings, on May 5, 2021, the German Federal Supreme Court (Bundesgerichtshof, BGH) tightened the requirements for an insolvency administrator to attempt avoidance in insolvency (Insolvenzanfechtung) of transactions based on a debtor’s intent to prejudice the insolvent estate’s creditors pursuant to Section 133 of the German Insolvency Code (Insolvenzordnung, InsO) (BGH – IX ZR 72/20).

Prior to the ruling, in general, all an insolvency administrator had to show for a successful challenge was the debtor’s knowledge of its (impending) illiquidity (drohende Zahlungsunfähigkeit), which then led to a presumption of the debtor’s intent to disadvantage other creditors. As far as the counterparty to the contract was concerned, it was sufficient that such party was aware of the (impending) illiquidity. This case law was quite harsh on business partners of a debtor in financial difficulties, as it is possible to contest pre-insolvency performance acts or the completion even of congruent contracts for up to four years. New contracts entered into during a state of imminent illiquidity or incongruent performance actions are even at risk for ten years. The only “safe” way for a business partner to deal with a distressed contract partner under such circumstances was to insist on the submission of a restructuring opinion.

Pursuant to the new BGH ruling, the insolvency administrator will now have to show that the debtor – in addition to the (impending) illiquidity – knew or, at least, tacitly accepted that he would also not be able to meet the claims of all the estate’s creditors in the future. In addition, the intent to disadvantage creditors can no longer simply be inferred from illiquidity but requires additional evidentiary elements such as, for example, payments prior to maturity, or otherwise payment of creditors outside the ordinary course of business.

It will be interesting to see how insolvency administrators and lower instance courts faced with future insolvency avoidance cases interpret these tightened requirements on a case by case basis. Ultimately, insolvency administrators and creditors alike will likely attempt to appeal cases to enable the German Federal Supreme Court to provide for further guidance. In the meantime, at least in restructuring cases involving a party in a state of impending illiquidity, the almost automatic conclusion from knowledge of the financial situation to knowledge of intent to prejudice creditors should no longer apply.

Back to Top

3.3 Pre-Insolvency Restructuring – The First Twelve Months and What Next?

Exactly a year ago, the German Business Stabilization and Restructuring Act (Unternehmensstabilisierungs- und -restrukturierungsgesetz, StaRUG, ‑ the “Restructuring Act”) was introduced with effect as of January 1, 2021 (see last year’s German Year-End Alert in section 3.2). Since restructuring proceedings under the Restructuring Act are in general non-public, official statistics on the number of proceedings applied for or completed are not available. However, publicly available sources suggest that (i) around ten applications were made in the first eight months of the year 2021, (ii) no large multinational company was involved and (iii) most of the companies concerned were local entities rather than international players.

In addition, there already is a somewhat limited body of court orders related to the Restructuring Act. These early cases hint at two critical aspects of any German pre-insolvency restructuring:

Several cases have honed in on the determination of impending illiquidity (drohende Zahlungsunfähigkeit). This key determination works in two ways, namely to prevent premature attempts to make use of the pre-insolvency restructuring regime even though the required liquidity shortfall is not severe enough to meet the legal threshold of impending illiquidity. On the other hand, courts have had to deal with cases at the other end of the spectrum when actual illiquidity (Zahlungsunfähigkeit) either existed (and full insolvency proceedings would have to be applied for under mandatory law) or such actual illiquidity later occurred while proceedings under the Restructuring Act were pending (when the continuation of lawfully commenced pre-insolvency restructuring remains the exception).
A second focal point in the early cases available seems to be the comparative calculation (Vergleichsrechnung) where opposing creditors can show that the restructuring plan disadvantages them when compared to hypothetical alternative scenarios. In this context, the courts are grappling with the question of how to pick the appropriate hypothetical comparator ranging from third-party sale options or other forms of business continuation to full liquidation in formal insolvency proceedings which have to be provided by the debtor in support of an envisaged cross-class cramdown.

It is still too early for a conclusive evaluation of the Restructuring Act, of course, but restructuring professionals have made the following interim observations after one year of experience with the new law:

Financing banks seem concerned about the risk of being overruled in restructuring proceedings and are looking for additional safeguards to protect their interests. At the same time, affected companies urgently need reliable (bank) financing also during pre-insolvency restructuring.
The shift of fiduciary duties of management to primarily safeguard the interests of creditors (rather than shareholders) should already apply when a debtor reaches a state of impending illiquidity to allow for an early restructuring without interference from shareholders.
The last minute deletion in the legislative process of the option to terminate contracts which are obstacles to a successful pre-insolvency restructuring from the toolkit under the Restructuring Act considerably weakens and limits the scope of application of German restructuring proceedings, in particular in the international competition between other EU, UK and US restructuring laws.

All of the above concerns would require certain amendments to the Restructuring Act. The coalition agreement of the newly elected German government between the Social Democratic Party (SPD), the Green Party (Bündnis 90/Die Grünen) and the Liberal Democratic Party (FDP) has not placed particular emphasis on restructuring in its government program and a cross-party consensus may not be easy to achieve. Having said that, the general goal of “modernizing” Germany would, of course, be sufficiently wide to allow for a prompt response through governmental initiatives or parliamentary discussion if serious frictions became apparent in the continued application of the Restructuring Act.

Back to Top

4. Labor & Employment

4.1 Purchaser of Insolvent Assets not Liable for Previous Claims

The German Federal Labor Court (Bundesarbeitsgericht, BAG) has reinforced its existing case law with regard to acquisitions out of insolvency, protecting the buyer of insolvent companies (3 AZR 139/17). The court has ruled that the buyer will not be liable for any employee claims that have arisen prior to the insolvency proceedings. This important clarification particularly affects pension entitlements, which can often impede or complicate a distressed transaction. In this context, a decision by the European Court of Justice in 2020 (C 647/18) had left some loose ends (we had covered this ruling in last year’s German Year-End Alert 2020 in section 4.3). The German precedent has now closed the loop on this issue and thus provides legal certainty for purchasers of insolvent companies in Germany.

Back to Top

4.2 COVID: Employer Entitled to Ask for Vaccination Status

According to a brand-new law which came into force in November 2021 in connection with protective rules designed to combat the pandemic, employers are now within their rights to ask employees for their COVID-19 vaccination status. Consequently, employers can establish a “VRT” regime (vaccinated, recovered, or tested) for their employees. In addition, several large companies have started to devise other creative steps to protect their staff, e.g. by separate cafeteria areas reserved only for vaccinated staff. German employers are also free to decide whether to allow only vaccinated or recovered staff onto their premises. Any employee who can work from home has to be offered the opportunity to do so and has to accept such offer absent any viable counter-indications.

Back to Top

4.3 Strengthening Female Corporate Leadership (FüPoG II)

Germany has continued its efforts in promoting the equal participation of women and men in executive positions by way of the Second Management Position Act (Zweites Führungspositionen-Gesetz, FüPoG II), the draft of which we already discussed in last year’s German Year-End Alert 2020 in section 1.4.

For listed companies subject to the Co-Determination Act (MitbestG), the German legislator has introduced fixed gender quotas for boards with more than three members: Such boards must now contain at least one male and one female member. Currently, this applies to approximately 70 of Germany’s largest companies. In addition, specific quotas apply for companies in which governmental authorities hold a majority and public law corporations (Körperschaften des öffentlichen Rechts).

Another key element of Germany’s efforts to strengthen female corporate leadership is the newly created option for board members to take temporary “time off” during maternity leave, parental leave, illness and/or times spent caring for a relative. This provision was a direct response to events in 2020, when the founder of a major listed German online furniture retailer (Westwing) was forced to resign from her position as member of the board in order to go on maternity leave. Under the previous legal regime, such a resignation had been the only safe way to avoid serious liability risks also for actions taken in the absence of such board member by the remaining board members.

Back to Top

4.4 Works Council Rights Extended

Mainly in response to the enhanced digitalization of the workplace, the German legislator has in 2021 adapted and extended the rights of works councils in German companies (Works Councils Modernization Act) in several respects:

(i) The election processes for works councils have been simplified.

(ii) The works councils now have a co-determination right regarding remote work (e.g. work from home) and the use of AI (Artificial Intelligence) in personnel processes (e.g. Workday or SuccessFactors).

(iii) Furthermore, the employer is now responsible for the data processing by works council members, who in return are subject to control by the company’s data protection officer.

(iv) Finally, the dismissal protection of works council members and candidates has been extended to cover also employees who only undertake preparatory steps to establish a works council.

Back to Top

5. Compliance & White Collar

5.1 White Collar: What to Expect from Germany’s New Coalition Government

Following Angela Merkel’s sixteen-year tenure, Germany will – for the first time in its history – be ruled by a coalition consisting of the Social Democratic Party (SPD), the Green Party (Bündnis 90/Die Grünen) and the Liberal Democratic Party (FDP). While white-collar crime is certainly not the primary cornerstone of their coalition agreement, their joint government program does give an indication of what to expect from the new German government.

Most notably, the coalition agreement does not mention the Corporate Sanctions Act draft bill proposed by the former government (see German Year-End Alert 2020, section 6.1) which ultimately did not pass Parliament. If this draft bill had been enacted, the proposal would have introduced a genuine corporate criminal liability currently unknown by German law. However, the new government wants to revise the existing regime of corporate sanctions, i.e. corporate fines based on the Act on Regulatory Offenses (Ordnungswidrigkeitengesetz, OWiG), including an adjustment of sanction levels and a more precise regulation of internal investigations.

The federal government is also seeking to implement the EU Whistleblower Directive 2019/1937. Importantly, the coalition wants to make use of the opening clause of the Directive, i.e. have breaches of national law covered by the same legal framework as reports of breaches of EU law (for a more detailed analysis see section 5.3 below).

Digitalization may take hold of Germany’s courtrooms as the new government plans to make video recordings of police and criminal court hearings obligatory in order to allow defendants to appeal rulings in a more targeted way. In addition, negotiated agreements in criminal proceedings will be subject to new rules.

Furthermore, the new government aims to strengthen law enforcement inter alia by providing customs authorities, the Federal Financial Supervisory Authority (BaFin) and the Financial Intelligence Unit (FIU) with further adequate resources. Both BaFin and the FIU had to tackle serious problems in 2020/2021. BaFin was accused of having insufficiently exercised its supervisory duties in connection with the possibly fraudulent activities of the Wirecard Group, while the FIU encountered significant problems with processing suspicious activity reports based on the Money Laundering Act (Geldwäschegesetz, GWG). The public prosecutor even opened a criminal investigation against officials of the FIU for the offense of obstructing criminal prosecution in public office.

Together with the contemplated new measures to combat tax evasion and tax avoidance more aggressively and consistently to recover tax losses, which shall also be taken by the coalition (see with regard to tax issues also section 2.1 above), it can thus be assumed that there will be an increase in enforcement activities regarding white-collar crime.

Back to Top

5.2 Germany’s New Supply Chain Due Diligence Act

After lengthy negotiations, the German Parliament adopted the Act on Corporate Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtengesetz – LkSG) on June 21, 2021 (the “Supply Chain Law”).

The Supply Chain Law will come into force on January 1, 2023 for companies that have their central administration, headquarters, registered office or a branch office in Germany if they have more than 3,000 employees in Germany. From January 1, 2024 onwards, the Supply Chain Law will be expanded to also apply to companies in the foregoing categories which have at least 1,000 employees in Germany.

The Supply Chain Law introduces a binding obligation for relevant companies to implement dedicated due diligence procedures to safeguard human rights and the environment in their own operations as well as in their direct supply chain, including inter alia a dedicated risk management system, an internal complaints procedure as well as taking remedial actions in case a violation has occurred or is imminent. In lower, more remote tiers of supply chains, companies are required to take certain actions only in case they obtain “substantiated knowledge” of violation of human rights or environmental standards.

Depending on the severity of the violation, affected companies may be fined under the Supply Chain Law. Large companies with an annual global turnover of more than EUR 400 million (approx. USD 475 million) can be required to pay fines of up to 2% of their annual global turnover. Furthermore, companies that have been fined a minimum of EUR 175,000 can be excluded from public procurement for up to three years.

In parallel, the EU Commission is working on a corresponding proposal for a human rights and environmental due diligence legislation which would introduce a harmonized minimum standard in these areas across all EU Member States. The respective EU legislative initiative has, however, been subject to intense debate and lobbying which has resulted in the respective legislative proposal having been postponed multiple times. It remains to be seen if Germany’s Supply Chain Law will serve as model for the respective EU legislation.

Back to Top

5.3 Whistleblower Protection

The German legislature has missed the deadline for implementing the EU Whistleblower Directive (EU 2019/1937), which lapsed on December 17, 2021. However, the newly elected government has agreed in its coalition contract in December to implement the directive and to also extend it to grave violations against German law. The EU Whistleblower Directive obliges all companies with at least 50 employees to establish internal channels to report violations against certain EU law provisions. Legitimate whistleblowers can report such violations both internally and externally – without giving structural priority to internal reporting as had previously been the case in many jurisdictions. If such reporting is fruitless or in emergency cases, even public disclosure is allowed. In such cases, the whistleblower is protected against any kind of retaliation, including the non-renewal of a fixed term employment contract. If an employee who has reported violations suffers any kind of disadvantage, it shall be presumed that such disadvantages occurred in retaliation to the report, unless the employer succeeds in proving otherwise (reversed burden of proof).

Back to Top

6. Data Privacy & Technology

6.1 (Private) Enforcement Trends, New Data Privacy Laws and Fines

a) Data Privacy Enforcement Trends

As already highlighted in our German 2020 Year-End Alert in section 7, the trend towards greater data privacy enforcement by the German Data Protection Authorities (“DPAs”) continues. In 2021, the German DPAs have especially focused on international data transfers with an increased level of scrutiny. For example, in June 2021 several German DPAs initiated a coordinated investigation into international data transfers of several companies within their respective jurisdictions.

We expect this trend to continue well into the new year, in particular since companies cannot simply rely on the new standard contractual clauses issued by the European Commission in June 2021, but need to implement additional safeguards in order to ensure an adequate level of data protection when transferring personal data to third countries (including the US outside of the EU/EEA.

Further, the Administrative Court (Verwaltungsgericht) of Wiesbaden just decided on December 1, 2021 (case 6 L 738/21.WI) that it is not permissible for a German university to use the “Cookiebot” service to manage the cookie consent process for the purpose of recording consent or its refusal because personal data (i.e. the IP address and the consent/refusal information) are sent to the United States by Cookiebot without a legal basis.

Private enforcement of data privacy provisions has not lost its momentum in 2021, either. German courts are increasingly pushing the boundaries and are willing to expand the reach of data privacy access requests. For example, the German Federal Supreme Court (Bundesgerichtshof, BGH) issued a ruling that extends the scope of such requests, noting that access claims are not limited to “essential biographical information”. The BGH further stated that the data subject can also assert his or her access right even if he or she is already aware of the information requested (e.g., in case of correspondence between the data subject and the controller) and that the access request may also encompass internal notes or internal communications related to the data subject.

b) New Data Privacy Laws

On December 1, 2021, two important new laws came into force: the Data Protection and Privacy in Telecommunications and Telemedia Act (Telekommunikation-Telemedien-Datenschutz-Gesetz, or “TTDSG”) as well as the Telecommunications Modernization Act (Telekommunikationsmodernisierungsgesetz, or “TKMoG”). Both laws aim to modernize German telecommunications law and are intended to create a comprehensive regulation on data privacy in telecommunications and telemedia while implementing the requirements of the European Electronic Communications Code (“EECC”) and the e-Privacy Directive (Directive 2002/58/EC of July 12, 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector) into German law. As a result, so called “over-the-top” (“OTT”) services are brought into the scope of the German data privacy and telecommunications regime. These OTT services are defined in the new laws as “number-independent interpersonal communications services” and may include messenger services, web-based email services and video conferencing services. Notably, as the last EU Member State, Germany finally transposes into national law the consent requirement for cookies as provided for by the e-Privacy Directive. Consent is thus expressly required for so-called non-essential cookies (and irrespective of whether these cookies process personal data). This resolves the uncertainty under the previous Telemedia Act (Telemediengesetz – TMG) and implements corresponding decisions by the European Court of Justice and the German Federal Supreme Court.

c) Update on Fining Activity

In 2021, the German DPAs issued a number of fining decisions, the following of which we would regard as particularly instructive.

In January 2021, the Supervisory Authority of Lower-Saxony imposed a fine of EUR 10.4 million (approx. USD 11.73 million) against a company selling electronic products online for having implemented an excessive and unlawful video surveillance system with regard to its employees and some of its clients without sufficient legal basis. According to the Supervisory Authority, a video surveillance system to detect criminal offences is only lawful if there is a reasonable suspicion towards certain individuals. If this is the case, it may be permissible to monitor these individuals with cameras for a limited period of time. At the company, however, the video surveillance was neither limited to a specific period nor to specific employees.

Back to Top

6.2 New Copyright Law

On August 1, 2021 the new German Copyright Service Provider Act (Urheberrechts-Diensteanbieter-Gesetz, or “UrhDaG”) came into force, which transposes the requirements of Art. 17 of the European Directive (EU) 2019/790 into German law. This new law introduces the principle of direct intermediary liability into German law and effectively requires online platforms to scan public user content uploaded to their platform and block illegal content. Pursuant to the UrhDaG, the online platform may be exempted from liability if the platform fulfils certain requirements, such as acquiring licenses for copyright-protected third-party content that users publish and distribute. The platform may also use “upload filters” if it does not have the necessary license for the uploaded content.

Back to Top

6.3 German Legislation on Autonomous Driving

As previewed in our German Year-End German 2020 in section 8.2, on March 15, 2021, the German legislator has proposed a new law on fully automated driving (SAE level 4). The law aims to establish uniform conditions for testing new technologies, such as driverless cars with SAE level 4, throughout Germany. Pursuant to the law, autonomous vehicles will be permitted to drive in regular operation without a driver being physically present, albeit limited to certain locally defined operating areas, for the time being.

The law came into force on July 28, 2021. According to the former German Minister of Transport, Germany is the first country in the world to permit fully automated vehicles in regular operation (subject to local operating areas to be defined by the respective German state authorities).

Back to Top

7. Antitrust & Merger Control

7.1 Enforcement Overview 2021

The German Federal Cartel Office (Bundeskartellamt, “FCO”), Germany’s main antitrust watchdog, has had another active year.

On the cartel prosecution side, in 2021, the FCO imposed fines totaling approximately EUR 105 million. The fines were imposed on eleven companies and eight individuals for anticompetitive conduct and agreements in the area of specialty steels and steel forging and for vertical price-fixing agreements concerning consumer electrics, music instruments and school bags. However, the total amount of these fines is roughly 70% lower compared to the year 2020 which may reflect both the impact of the COVID-19 pandemic but also the increasing risks associated with private follow-on damage claims that impact on companies’ willingness to cooperate with the FCO under its leniency regime (see the update on private enforcement below in section 7.4 below).

In a similar downward trend, the FCO only conducted two dawn raids in 2021 – but has indicated that it may soon conduct additional dawn raids and that it has received information from nine companies under the FCO’s leniency program. The FCO also continues to focus on the digital economy and opened several investigation against global tech companies under an amendment to Germany’s competition law (see below section 7.2).

In the domain of merger control, the FCO reviewed approximately 1,000 merger control filings in 2021 (which is approximately 16 % down on 2020). As in prior years, approximately 99 % of these filings were concluded during the one-month phase-one review. Fourteen merger filings required an in-depth phase-two examination (which is 50% more than in 2019). Of those, one transaction was prohibited (this concerned the takeover of a newspaper), five filings were withdrawn by the parties, four cases were cleared in phase-two (subject to conditions in one case), and four phase-two proceedings are still pending. For further details, please see the merger control update below in section 7.2.

Also in 2021, the FCO finally launched its public procurement competition register which is accessible to government and other public procurement bodies and enables them to determine whether companies were involved in competition law infringements and/or other serious economic offences that may justify their exclusion from public procurement proceedings.

Back to Top

7.2 More Surveillance of Digital Companies and Less Merger Control – Reallocating Resources

At the start of 2021, the German Act against Restraints of Competition (Gesetz gegen Wettbewerbsbeschränkungen – GWB, or “ARC”) was significantly revised with the aim of creating a more effective regulatory framework for the digital economy.

One of the two key elements of the new regulatory framework is the strengthening of the FCO’s powers, in particular to control digital companies. A newly introduced instrument now allows the FCO ex-ante to prohibit companies with “paramount significance for competition across markets” from engaging in anti-competitive practices by leveraging their market power onto new product markets.

The FCO will assess and reach a formal decision on whether the relevant company has, in fact, “paramount significance for competition across markets”. If this is the case, the FCO can now address alleged anticompetitive practices early on. The FCO has already initiated antitrust proceedings against several global tech companies on this basis. Companies have standing to appeal the FCO’s decision directly to the German Federal Supreme Court (Bundesgerichtshof, BGH) whose decision represents the final word on the matter. The rationale behind this “fast track” proceeding is to enable the FCO to reach and enforce legally binding decisions in an expeditious manner in order to act effectively in fast evolving markets.

In order to free up resources at the FCO, the second key objective of the most recent amendment of the ARC was to reduce the sheer number of merger control proceedings handled by the FCO and to focus on the (likely) more important cases. Compared to other jurisdictions, the number of merger notifications to the FCO has traditionally been very high due to the relatively low turnover thresholds. The turnover thresholds are now set at a significantly higher value. Mergers now have to be notified to the FCO only if one of the involved parties has generated at least EUR 50 million with customers in Germany (formerly: EUR 25 million) and, additionally, another involved party generated at least EUR 17.5 million with customers in Germany (formerly: EUR 5 million). Notably, the alternative transaction value threshold (Euro 400 million) remains unchanged. Pursuant to the FCO’s updated guidelines on the transaction value threshold, however, this threshold will not be triggered regularly if the target company has a domestic turnover of less than EUR 17.5 million which adequately reflects the company’s market position and competitive potential. So far, with approximately 1,000 mergers notified to the FCO in 2021 compared to approximately 1,200 mergers in 2020, the effect of the amendments on the FCO’s workload has been limited. That said, it may be too early to reach conclusions on the effectiveness of the amendments since the number of mergers notified to the FCO had already declined from approx. 1,400 notifications in 2019 to 1,200 in 2020 due to the pandemic.

Back to Top

7.3 The FCO’s Revised Leniency and Fining Guidelines

First established in 2000 as part of general administrative principles and comprehensively set out in the 2006 leniency program, the FCO’s leniency program has received yet another upgrade in 2021: in order to transpose the requirements of the Directive (EU) 2019/1 of the European Parliament and of the Council of December 11, 2018 (ECN+ Directive) into national law, as of 2021, the basic principles of the leniency program are now enshrined in the ARC (Sections 81h – 81n). Against this background, the FCO also published its revised guidelines on the leniency program in October 2021 which, however, left the basic cornerstones of the German leniency program largely untouched.

With its revision of the guidelines on setting cartel fines, the FCO has transferred into writing what had already been the established decision practice for some time: the starting point for calculating a fine within the statutory fine framework continues to be the “duration and gravity of the infringement”. However, the FCO clarified that the primary element of establishing the gravity of the infringement shall be the turnover achieved specifically with the products or services subject to the antitrust infringement during the relevant period. With regard to the subsequent balancing exercise of aggravating and mitigating elements, the guidelines on setting cartel fines now include specific criteria linked to the specific infringement and the infringing company to be taken into account when determining the final fine amount. There are some good news for companies which want to or have already established compliance programs: going forward, the FCO will consider such compliance programs – whether already established before the alleged infringement or only introduced as a consequence of or in response to such infringement – as a mitigating factor taken into account in the fine calculation.

In summary, the amendments increase the authority’s discretion for setting antitrust fines in the individual case. A substantive change in the scope or level of fines is, however, not expected.

Lastly, the revision of the leniency program falls short of addressing the real elephant in the room: the FCO itself concedes that the number of leniency applications has decreased in past years due to the existential threat of follow-on damages claims from direct or indirect customers or other market players. This threat is not addressed by the leniency program. Leniency applications are, however, an important element for the detection and prosecution of cartels. In order to incentivize companies to apply for leniency, further safeguards will have to be considered, especially with respect to follow-on cartel litigation. The FCO has already stated that it will advocate at the EU level for further incentives for leniency applicants.

Back to Top

7.4 Private Enforcement Update

The enforcement of antitrust damage claims continues to be one of the “hottest topics” in the German antitrust law arena. Particularly the Rail Cartel, fined by the FCO in 2013, and the Trucks Cartel, fined by the European Commission in 2016, led to a substantial increase of cases in German courts of lower instance as well as for the Federal Supreme Court (Bundesgerichtshof, BGH), which established a permanent “Cartel Panel” in 2019.

“Follow-on” damage claims benefit from the broad binding effect of (fine) decisions issued by the Commission or national competition authorities. German courts therefore mainly dealt with questions relating to the substantiation and proof of damages. Thus far in these cases, German courts have been reluctant to issue judgments which award a specific amount of damages. This has not fundamentally changed since the BGH encouraged the lower courts to estimate damages by reducing the applicable standard of proof in its Rail Cartel II decision in 2020 (Case KZR 24/17). The following developments are particularly noteworthy:

There seem to be only few recent court decisions in which estimated damages were awarded to customers of a cartel, e.g. the District Court (Landgericht) of Dortmund in another Rail Cartel decision (2020, Case 8 O 115/14), and the Higher District Court (Oberlandesgericht) of Celle in a Chipboard Cartel decision (2021, Case 13 U 120/16).
Interestingly, the Regional Court of Dortmund (2020, Case 8 O 115/14) based its estimate on a contractually agreed penalty for competition law infringements of 15% of the net price which it considered the minimum damage. This approach arguably finds support in the recent judgment of the BGH in Rail Cartel VI, in which the BGH held that a contractual clause which provides for a specific percentage of the value of commerce as damages in case of a competition law infringement is generally valid (2021, Case KZR 63/18).
In its Truck Cartel II decision (2021, Case KZR 19/20), the BGH re-confirmed the high likelihood that a cartel price is higher than a hypothetical price found in competition. Like in its Rail Cartel II decision in 2020 (Case KZR 24/17), the court held that this high likelihood is, however, not sufficient to establish a rebuttable presumption in the sense of prima facie evidence.
In Truck Cartel II (2021, Case KZR 19/20), the BGH also noted that the passing-on defense, i.e. the argument of the defendant that damages have been passed on to the next market level as a damage-reducing factor, can only be successful in exceptional cases. There is no rebuttable presumption to this effect and the defendant must substantiate that the market conditions made a pass-on likely. If the pass-on led to dispersed damages, the pass-on defense can be excluded since claimants with only low-value damages are unlikely to sue (so-called rational apathy). The court also clarified that the suspension of the period of limitations for private plaintiffs begins with the first official measure (e.g. dawn raid) and ends when the time-limit to bring a claim against the authority’s decision has expired.

Besides loss calculation issues, another important development has been the admissibility of certain collective debt collection business models. In the past, German courts regularly dismissed these claims on the basis that the underlying assignments of the damage claims were void due to an infringement of the Legal Services Act (Rechtsdienstleistungsgesetz, RDG). This year, the BGH clarified in its decision AirDeal that this business model does not generally conflict with the Legal Services Act (2021, Case II ZR 84/20).

Recent developments at the EU level will also have a direct impact on private enforcement in Germany. In October 2021, the European Court of Justice (“ECJ”) decided in Sumal (case C-882/19) that a subsidiary can be an addressee of claims for damages resulting from a cartel in which only the ultimate parent entity participated. This judgment expanded the established case law according to which a parent company which exercised decisive influence over its subsidiary could be held liable for competition law infringements of this subsidiary.

Finally, on October 28, 2021 Advocate General Rantos issued an opinion (Truck Cartel Spain, Case C-267/20) in which he reasoned that substantive provisions (including those dealing with the statute of limitations) in the EU Directive could not apply to cases in which the competition law infringements ended prior to the date on which the transposing national provisions came into force. If the ECJ follows the line of Advocate General Rantos, the intertemporal application of several provisions of the German Act against Restraints of Competition (Gesetz gegen Wettbewerbsbeschränkungen – GWB) might have to be interpreted in a different way.

Back to Top

8. Litigation

8.1 A new Role of Courts as Climate Protectors? Latest Developments in German Climate Change Litigation

Climate change litigation is a growing phenomenon around the globe. Since the adoption of the Paris Agreement in 2015, organizations and individuals seeking the implementation of more ambitious climate change measures brought a number of lawsuits against governments and the private sector (for a French landmark decision in 2021, see our client alert prepared by the Paris office of Gibson Dunn). Even though the Huaraz-Case brought in 2015 is still pending in the Higher District Court (Oberlandesgericht) of Hamm, climate change litigation definitely landed on German shores in 2021: The Federal Constitutional Court (Bundesverfassungsgericht) delivered a landmark decision on March 24, 2021 (1 BvR 2656/18; 78/20; 96/20; 288/20), ordering the German legislator to amend the 2019 Federal Climate Protection Act (Bundes-Klimaschutzgesetz – the “Climate Act”). The court held that the Climate Act violated fundamental freedom rights of the complainants because the – at the time – existing and planned climate protection measures were insufficient to prevent future burdens arising from restrictions that will become necessary in case of unmitigated global warming.

While the German legislator quickly complied by passing amendments to the Climate Act, activists are now trying to transfer the rationale of the decision to the private sector: in the fall of 2021, three directors of a German environmental organization announced that they have filed lawsuits against three car manufacturers and a gas and oil producer, demanding the reduction of their respective carbon emissions to zero by 2030. They claim that the companies’ carbon emissions contribute to future restrictions they will have to endure if the world fails to control climate change.

However, it remains to be seen whether German courts will accept this line of argument in the private sector. The claim is based on provisions of general civil law (Sections 1004 para. 1 s. 2, 823 para. 1 of the German Civil Code (BGB)) that technically provide for the protection of property and similar rights. The plaintiffs, thus, would need to show that these provisions are applicable to the facts at hand, and that the relevant companies can be held liable even though they comply with all environmental laws and standards. Moreover, it appears difficult to establish a clear causal link between carbon emissions by a single company and future restrictions arising for individuals.

Having said that, the decision by the District Court of the Hague (Rechtbank Den Haag) in the Netherlands, ordering oil and gas producer Shell to reduce its carbon emissions, indicates that judges may be willing to break new legal ground. Especially companies in market sectors where decarbonization will take longer to achieve are therefore well advised to closely monitor the developments and prepare for potential risks.

Back to Top

8.2 A More Agile and Digital Judiciary

In 2021, an ever increasing case load due to mass consumer litigation exposed the German civil judiciary’s existing Achilles heel: scarce personnel, no or limited equipment for digital hearings, and a traditional dependency on paper files and fax machines. In a number of open letters and workshop proposals, judges from around the country have decried the status quo and called for reform. Academics, too, are proposing to modernize Germany’s procedural system in order to allocate judicial resources more sensibly. As of today, in the mass consumer litigation sagas sweeping the German courts, judges have to decide each case individually while knowing fully well that their judgments, regardless of the outcome, will likely be appealed.

In 2018, the declaratory model action was introduced as a first step to bundle mass consumer claims. However, it has proven to be an inefficient tool so far as plaintiffs take little interest in it, in practice. The German legislator anticipated over 400 declaratory model actions per year. Instead, between 2018 and 2021, fewer than 20 model actions were filed.

Germany’s new government coalition took notice. In its coalition agreement, the government promises to reform collective redress in Germany. Existing forms of redress shall be modernized and new instruments created. Small businesses will get the opportunity to join collective consumer actions, and specialized commercial courts shall adjudicate international commercial disputes in English.

In June 2021, the Federal States’ ministers of justice (JustizministerInnen der Länder) discussed and proposed a new procedure allowing to submit previously unsettled legal questions to the German Federal Supreme Court (Bundesgerichtshof, BGH) in the early stages of mass litigation. We expect such a procedure to feature among the remedies which the new government will ultimately propose.

It remains to be seen, however, whether and how promptly the new government can indeed respond in the required expeditious and efficient manner to address the practical concerns of its over-loaded judiciary. Reforms of the court system in the digital space can, in any event, be expected to rumble on for some time yet, and interested industry circles are well advised to monitor such reforms and their practical implications.

Back to Top

9. International Trade / Sanctions – Moving Human Rights to Center Stage – the EU’s Recast of its EU-Dual-Use Regulation

Already in 2011, the European Union launched a review of EU-wide controls on exports of dual-use items. This review resulted in the “Regulation (EU) 2021/821 of the European Parliament and of the Council of May 20, 2021 setting up a Union regime for the control of exports, brokering, technical assistance, transit and transfer of dual-use items (recast)” (the “New EU Dual-Use Regulation”).

The New EU Dual-Use Regulation forms part of the export control regime which EU Member States apply and, same as its predecessor, concerns dual-use items, i.e. mandates export control restrictions on goods, technologies and software that may be used for both civilian and military purposes. The New EU Dual-Use Regulation is in force since September 9, 2021 and replaced Council Regulation (EC) No. 428/2009 in its entirety.

The New EU Dual-Use Regulation (i) widens the range of export control restrictions on emerging dual-use technologies, specifically by adding cyber-surveillance tools, (ii) specifies new due diligence obligations for exporters, emphasizing their contribution to an effective enforcement of dual-use regulations and (iii) increases coordination between EU Member States and serves as a basis for further global cooperation with third countries.

The New EU Dual-Use Regulation specifically includes a list of certain cyber-surveillance items that are seen as being at risk of misuse for violations of human rights, making such items subject to EU Member State export restrictions. An authorization may be required even for certain unlisted cyber-surveillance items, if the exporter has been informed by the competent authority that the items may be intended for internal repression or violations of human rights. And vice versa, an obligation to inform the competent authority may arise where an exporter is aware that unlisted cyber-surveillance items proposed to be exported may be used for human rights violations.

The New EU Dual-Use Regulation further recognizes as vital the contribution of exporters, brokers, providers of technical assistance or other relevant stakeholders to the overall aim of export controls. In this context, it specifically refers to due diligence obligations to be carried out through transaction-screening measures that must be implemented as part of an Internal Compliance Program (“ICP”). This specifically is relevant for the use of general licenses (e.g. for the use of general license EU007 for the intra-group export of software and technology) as well as in the context of possible human rights concerns more broadly.

Finally, the New EU Dual-Use Regulation also provides a strong basis for the EU and EU Member States to engage with each other, but also with third countries, in order to support a level playing field and enhance international security through more convergent approaches to export controls at the global level. An example is the EU-US Trade and Technology Council, which serves as a forum to coordinate their approaches to key global trade and economic relations.

As early as 2019, the EU voiced what it expects from exporters when setting-up their respective ICP (see our corresponding client alert). With the New EU Dual-Use Regulation now enacted and the clearly stated commitment of the new German government to the protection of human rights, exporters would be well-advised to continuously monitor this space and take 2022 as an opportunity to review their respective ICP, focusing specifically on human rights considerations.

Back to Top

The following Gibson Dunn lawyers assisted in preparing this client update: Birgit Friedl, Marcus Geiss, Benno Schwarz and Caroline Ziser Smith with contributions from Silke Beiter, Elisa Degner, Andreas Dürr, Lutz Englisch, Ferdinand Fromholzer, Kai Gesing, Valentin Held, Alexander Horn, Katharina Humphrey, Alexander Klein, Markus Nauheim, Markus Rieder, Richard Roeder, Sonja Ruttmann, Hans Martin Schmid, Maximilian Schniewind, Sebastian Schoon, Linda Vögele, Jan Vollkammer, Michael Walther, Georg Weidenbach, Finn Zeidler and Mark Zimmer.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the issues discussed in this update. The two German offices of Gibson Dunn in Frankfurt and Munich bring together lawyers with extensive knowledge of corporate and capital markets law, M&A, finance and restructuring, tax and labor law, in the area of antitrust and competition, sanctions and export control, data protection and cybersecurity, technology transactions and IP/IT, as well as extensive experience in compliance matters, white collar defense and investigations and corporate and commercial litigation and arbitration. The German offices are comprised of deeply accomplished lawyers with a breadth of experience who have assisted clients in various industries and in jurisdictions around the world. Our German lawyers work closely with the firm’s practice groups in other jurisdictions to provide cutting-edge legal advice and guidance in the most complex transactions, sensitive investigations and high-stakes litigation. For further information, please contact the Gibson Dunn lawyer with whom you work or any of the following members of the German offices:

General Corporate, Corporate Transactions and Capital Markets
Lutz Englisch (+49 89 189 33 150), lenglisch@gibsondunn.com)
Ferdinand Fromholzer (+49 89 189 33 170, ffromholzer@gibsondunn.com)
Markus Nauheim (+49 89 189 33 112, mnauheim@gibsondunn.com)
Dirk Oberbracht (+49 69 247 411 510, doberbracht@gibsondunn.com)
Wilhelm Reinhardt (+49 69 247 411 520, wreinhardt@gibsondunn.com)
Silke Beiter (+49 89 189 33 170, sbeiter@gibsondunn.com)
Birgit Friedl (+49 89 189 33 115, bfriedl@gibsondunn.com)
Annekatrin Pelster (+49 69 247 411 521, apelster@gibsondunn.com)

Tax
Hans Martin Schmid (+49 89 189 33 110, mschmid@gibsondunn.com)

Finance, Restructuring and Insolvency
Sebastian Schoon (+49 69 247 411 540, sschoon@gibsondunn.com)
Birgit Friedl (+49 89 189 33 115, bfriedl@gibsondunn.com)
Alexander Klein (+49 69 247 411 518, aklein@gibsondunn.com)

Labor and Employment
Mark Zimmer (+49 89 189 33 115, mzimmer@gibsondunn.com)

Corporate Compliance / White Collar Matters
Ferdinand Fromholzer (+49 89 189 33 170, ffromholzer@gibsondunn.com)
Kai Gesing (+49 89 189 33 180, kgesing@gibsondunn.com)
Markus Nauheim (+49 89 189 33 112, mnauheim@gibsondunn.com)
Markus Rieder (+49 89 189 33 162, mrieder@gibsondunn.com)
Benno Schwarz (+49 89 189 33 110, bschwarz@gibsondunn.com)
Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com)
Finn Zeidler (+49 69 247 411 530, fzeidler@gibsondunn.com)
Mark Zimmer (+49 89 189 33 115, mzimmer@gibsondunn.com)

Technology Transactions / Intellectual Property / Data Privacy
Kai Gesing (+49 89 189 33 180, kgesing@gibsondunn.com)
Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com)

Antitrust
Kai Gesing (+49 89 189 33 180, kgesing@gibsondunn.com)
Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com)
Georg Weidenbach (+49 69 247 411 550, gweidenbach@gibsondunn.com)

Litigation
Kai Gesing (+49 89 189 33 180, kgesing@gibsondunn.com)
Markus Rieder (+49 89 189 33 162, mrieder@gibsondunn.com)
Georg Weidenbach (+49 69 247 411 550, gweidenbach@gibsondunn.com)
Finn Zeidler (+49 69 247 411 530, fzeidler@gibsondunn.com)
Mark Zimmer (+49 89 189 33 115, mzimmer@gibsondunn.com)

International Trade, Sanctions and Export Control
Michael Walther (+49 89 189 33 180, mwalther@gibsondunn.com)
Richard Roeder (+49 89 189 33 115, rroeder@gibsondunn.com)

Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.