ESG compliance (Environmental Social Governance) is increasingly a focus in M&A transactions in Germany. A buyer must deal with the question which liability risks under civil and regulatory offences law it is buying into on the basis of newly enacted (ESG) laws when a target company is not ESG-compliant. In particular, the buyer should check the scope of these liability risks and whether, in the event that they materialise, recourse can be taken against a third party as well as the seller as the contractual partner.

In Germany, the Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz – LkSG) was recently passed in the area of ESG. In addition to this German law, the EU Commission is also planning a European supply chain regulation with strict requirements. One of the questions currently being debated in this context is whether the violation of ESG obligations should be sanctioned not just by an official fine but also by civil liability on the part of the responsible companies.

Civil liability of the target company

On the initiative of the CDU/CSU parliamentary group, the Supply Chain Due Diligence Act was clarified in the last few stages of the legislative process with regard to civil liability. Section 3 (3) LkSG now reads: “A breach of the obligations under this Act shall not give rise to civil liability. Any civil liability established independently of this Act shall remain unaffected”. According to the will of the legislator, the LkSG does not create any new, independent civil liability risks for companies compared to the current legal situation. Instead, it assumes that the new due diligence obligations established for the purpose of improving the human rights situation and reducing environmental risks in supply chains will be sufficiently sanctioned under the existing legislation on regulatory offences.

However, the LkSG also clearly states that civil liability of German companies is not excluded on the basis of the existing legal situation. A civil (external) liability of companies in relation to third parties is therefore possible according to the general principles of the law of torts. Within the framework of Section 823 (1) German Civil Code, obligations to pay damages due to the German company’s own acts of infringement can be considered, but also obligations to pay compensation for damage caused by foreign suppliers or subsidiaries, e.g. if the German (parent) company has violated commercial and organisational obligations.

Liability of the target company under regulatory offences law

In addition to civil liability, an administrative fine may also be imposed when the target company has breached ESG obligations. The LkSG provides that violations of the new ESG due diligence obligations constitute an administrative offence, giving rise to a fine of up to two percent of the global annual turnover. This applies at least to companies with an annual turnover of more than EUR 400 million. For companies with a turnover below this threshold, however, fines of up to EUR 800,000 are still possible. In addition to external liability under civil law, companies with inadequate ESG compliance are therefore subject to a strict framework of sanctions..

Robust due diligence to identify the risks

The two liability scenarios above are also relevant for M&A transactions. As the example of the new LkSG shows, the buyer of a company exposed to ESG compliance risks is confronted with considerable financial liability risks. Therefore, the buyer must protect itself by taking appropriate measures.

As a first step, the buyer should conduct an independent review of ESG compliance as part of its due diligence of the target company. The scope of such due diligence on ESG risks should correspond with the risk profile of the target company. In general, however, it can be said that the ESG risks of tech companies from western industrialised countries increase to the extent that the company is integrated into global supply chains, e.g. in the case of the supply of semiconductors and other components as well as their raw materials, especially rare earth elements. Insofar as a breach of ESG obligations, for example under the LkSG, is possible in such a supplier relationship, it is imperative that the buyer also carries out an ESG review as part of the due diligence process.

Indemnity clause in sale and purchase agreement

After conducting due diligence and identifying any ESG risks, the buyer should try to push for protective measures when negotiating the sale and purchase agreement. First, it should try to agree in the sale and purchase agreement with the seller on an indemnity for all damages arising from ESG breaches of duty of care by the target company that originate in the period up to the signing. To the extent that the liability risks described above materialise within the target company after the transaction in the form of quantifiable damages, the seller would then have to defend or settle the claims for fines or the claims of external creditors under civil law instead of the buyer.

Internal recourse claim against the responsible managing directors

In addition, in the event of actual damage, the buyer may also have a claim for internal recourse on a statutory basis. Here, the well-known rules on directors’ and officers’ liability are particularly relevant (Section 43 Limited Liability Company Act, Section 93 Stock Corporate Act), on the basis of which the members of the management are liable for damages in the internal relationship in case of a breach of duty towards their company. These rules also remain applicable in the case of breaches of ESG duties of care. In principle, the managing director of a company may be personally liable to its company for compensation of the resulting damage in the event of culpable breach of the ESG obligations under the LkSG. Therefore, where liability of the target company from an ESG risk materialises after a transaction, the buyer as the new owner of the target company should definitely check whether it can claim compensation for this damage to the company from the current or former management, which bears responsibility.

The possible scope of such internal recourse has not yet been fully clarified. As outlined above, in connection with ESG laws there is a particular threat of tortious claims by third parties and administrative fines. In particular, it is disputed whether companies can claim compensation for administrative fines from their management by means of internal recourse. The arguments for and against the possibility of such a recourse to fines have been controversially debated in recent years in different areas of law, such as for cartel fines, without a consistent approach being developed. The possibility of internal recourse to fines for the responsible natural persons can be applauded for its considerable steering effect on the actions of the responsible persons and their commitment to fulfilling the due diligence obligations under the LkSG and other ESG laws.

Contingent liability clause in sale and purchase agreement

A third protective measure of the buyer against ESG risks, besides indemnification by the seller and an internal recourse against the management, is a contingent liability on the part of the seller. The internal recourse claim against the management described above is associated with a number of uncertain factors. These include, among others, the solvency of the manager responsible for the breach of duty, or the willingness of any D&O insurer to pay out. In the negotiations on the sale and purchase agreement, the buyer can agree with the seller on a contingent liability in such a way that the seller satisfies an internal recourse claim of the target company against the managing director to the extent that this claim cannot be enforced against the managing director himself. Especially if the buyer has a rather weak negotiating position, this protective measure can be of particular interest to the buyer, as the seller will presumably agree to such an arrangement on contingent liability more readily than to the far-reaching indemnification for damages of the buyer resulting from ESG breaches of duty of care of the target company described above.

Lessons learned

Strict liability risks for companies with insufficient ESG compliance can also follow from an ESG law with a supposed civil liability exclusion. In the context of an M&A transaction, the buyer should ask itself whether it is buying into such risks with the target company. The buyer should therefore carry out an independent ESG assessment as part of its due diligence. In addition, the buyer should also take suitable protective measures in the sale and purchase agreement against financial damages resulting from the breach of ESG obligations. In particular, indemnification by the seller or a contingent indemnity against default by the seller in the event that the internal recourse claims against the primarily responsible managers cannot be enforced may be considered.