Liability of the Economic Unit – A General Principle of EU Law?

Marc-Philippe Weller; Victor Habrich; Laura Korn; Anton Zimmermann

doi:10.1515/ecfr-2023-0035

Article Open Access

Liability of the Economic Unit – A General Principle of EU Law?

Marc-Philippe Weller , Victor Habrich , Laura Korn and Anton Zimmermann

Published/Copyright: February 26, 2024

Published by

Become an author with De Gruyter Brill

Author Information Explore this Subject

From the journal European Company and Financial Law Review Volume 20 Issue 5-6

I. Introduction

Designating a subject of liability is one of the most pressing matters in EU law today. In competition law, based on the provisions of Articles 101 et seq. TFEU, the European Court of Justice (ECJ) holds that the subject of liability is not the individual legal entity, but an entire undertaking which is to be determined from an economic perspective. This means that different legal entities can form a single undertaking under EU competition law which can lead to larger fines and a liability of parent companies for infringements caused by subsidiaries. Whether this concept of corporate liability of the undertaking in the sense of an economic unit is a general principle of EU law or its scope is limited to competition law is still largely unclear. Recently, the Guidelines 04/2022 on the calculation of administrative fines under the General Data Protection Regulation (GDPR) of the European Data Protection Board (EDPB) Version 2.0 adopted on 24 May 2023 claimed that “corporate liability” is not only a principle attributing liability for acts or omissions of a natural person to a company, i. e. the legal person to which it is related (e. g. by way of employment). It went further to allege that “corporate liability” encompasses group liability of the entire economic unit, and that this concept was a general principle of EU law. Regarding fines imposed for violations of GDPR provisions, the guidelines state:^[1]

“In line with the SEU doctrine, Article 83(4)-(6) GDPR follow the principle of direct corporate liability, which entails that all acts performed or neglected by natural persons authorized to act on behalf of undertakings are attributable to the latter and are considered as an act and infringement directly committed by the undertaking itself. [...] This European Union law principle and scope of corporate liability takes precedence and must not be undermined by limiting it to the acts of certain functionaries (like principal managers) by contradicting national law. It is not relevant which natural person acted on behalf of which of the entities. The supervisory authority and national courts therefore must not be required to determine or identify a natural person in the investigations or the fining decision.”

A similar issue was already raised and discussed in the Deutsche Wohnen case,^[2] where the ECJ, albeit without clearly distinguishing between the upper limit of 761the fines for infringement of the GDPR discussed in Article 83(4)-(6) GDPR and the quantification of the fine discussed in Article 83(2) GDPR, held that “it is apparent from Article 83(4) to (6) of the GDPR, which concerns the calculation of administrative fines in respect of the infringements listed in those paragraphs, that, where the addressee of the administrative fine is or forms part of an undertaking, within the meaning of Articles 101 and 102 TFEU, the maximum amount of the administrative fine is calculated on the basis of a percentage of the total worldwide annual turnover in the preceding business year of the undertaking concerned.”.^[3]

The relevance of the topic has been underlined by the recent request for a preliminary ruling lodged in June 2023 by the Danish Vestre Landsret, as to whether the term ‘undertaking’ in Article 83(4)-(6) GDPR must be understood as an undertaking within the meaning of Articles 101 and 102 TFEU, in conjunction with recital 150 of that regulation, irrespective of its legal status.^[4]

In this article we argue that a general legal principle of corporate liability as asserted by the EDPB, according to which liability is generally attributed to the entire economic unit does not exist. Instead, there is a general legal principle under EU law according to which the addressee of both the primary obligations as well as the liability for violations thereof is solely the individual legal entity. Our core argument is that the EDPB’s position neglects the methodological rules of inductive generalization according to which general principles of EU law must be determined.

II. General Legal Principles in EU Law

General principles of law are recognized as a source of law in the case law of the European Court of Justice (ECJ).^[5] They have constitutional status under EU law.^[6] Legal consequences can be derived directly from them and EU law 762provisions can be interpreted in their light.^[7] Their existence is expressly stated in Article 340(2) TFEU for the law of damages, but case law outside this area has long relied on general principles of EU law as well.^[8] Such general principles may reflect abstract values, but may also have more concrete contents.^[9]

General principles of law must be derived from and supported by legal provisions of EU law at least to some extent.^[10] However, it is in their nature that they are usually not fully codified. Instead, they are derived from individual legal provisions by way of inductive generalization.^[11] Albeit this inductive process inevitably entails some vagueness, general principles of law remain valid even if a few provisions are not in line with them.^[12]

There are various sources for general principles of law, two of which are relevant in EU law:^[13]763

First, there is internal inductive generalization, whereby a general principle is derived from individual provisions of the same legal order – in the case of the EU, the acquis communautaire – by means of analogy.^[14] Provisions of both primary and secondary law form the basis for this generalization.^[15]
Second, there is external inductive generalization, whereby a general principle is derived from other legal orders. In EU law, this is done primarily by comparing the legal systems of the member states.^[16] In a first step, the legal systems of the member states are compared and then, in a second step, the compatibility of this result with the objectives of the Union is examined.^[17] The comparative law process is evaluative in that it is not necessary for all legal systems of the Union to affirm the principle in question.^[18] Furthermore, rules of public international law can be part of the basis of an external inductive generalization.^[19]

The two types of general legal principles of EU law can – but tend not to – occur separately. Usually, general legal principles will take on a hybrid form,^[20] i. e. be based on both the acquis and the legal systems of the member states. For an inductive generalization, as a first step, the internal (under III.) and external 764(under IV.) basis must be determined by compiling existing regulations in a non-evaluative manner.^[21]

The second step is an act of evaluative generalization. Besides the internal and external basis, the process of inductive generalization must comply with certain framework conditions of EU law. Those framework conditions include the fundamental freedoms and the EU Charter of fundamental rights.^[22] Within this framework, the rules that form the basis for induction must be examined more closely. It needs to be determined if they can only be explained by a general legal principle – and therefore allow an inductive generalization towards this general principle. If they, on the other hand, merely reflect idiosyncratic interests of a certain area of EU law, they are unfit to serve as the basis of a general legal principle and cannot be generalized^[23] (under V.).

III. Internal Basis for Inductive Generalization:acquis communautaire

In EU law, corporate liability is regulated by primary law in the field of competition law (see under 1.). It is also addressed in secondary law such as data protection law (GDPR), the recently introduced Digital Markets Act (DMA) and the Digital Services Act (DSA) (see under 2.).

1. Primary Law

In primary law, corporate liability plays a key role in competition law. However, the phenomenon of corporate liability is not addressed uniformly in primary law as a comparison with liability in EU state aid law demonstrates.

a) Liability of the Economic Unit Under EU Competition Law (Artt. 101 et seq. TFEU)

European competition law as governed by Artt. 101, 102 TFEU links liability to the “undertaking”. According to case law of the ECJ, an “undertaking” subject of Articles 101(1), (3) and 102(1) TFEU encompasses “any entity engaged in an economic activity, regardless of its legal status and the way in 765which it is financed.”^[24] Consequently, the addressee of the prohibitory rules of competition law is the economic unit, i. e. an organization of personal, tangible and intangible elements, which pursues an economic aim on a long-term basis.^[25] An economic unit can consist of several natural persons or legal entities,^[26] as long as they do not act independently.^[27] In case of dependence, joint or separate fines can be imposed on parent companies and their subsidiaries.^[28]

b) Legal Entity Principle in the Recovery of Aid (Artt. 107, 108 TFEU)

The treaties refer to the concept of undertaking in the definition of aid (Art. 107 TFEU). However, case-law and secondary law take a different position when it comes to the recovery of state aid granted in violation of EU law. The party liable to repay is the recipient of the aid (Art. 14(1) of the State Aid Procedural Regulation).^[29] In the case of a company, the debtor for repayment is the legal entity^[30], not the economic unit.^[31] This rule has a few exceptions, which 766revolve around constellations of company acquisitions.^[32] Those exceptions are only in place to prevent an otherwise possible circumvention of repayment obligations.^[33] However, there are no indications that companies belonging to the same group are generally liable for repayment of state aids granted to a different group member. The limited relevance of the technical concept of undertaking in a domain that is part of the competition rules of the TFEU is noteworthy.

2. Secondary Law

Corporate liability is addressed in several acts of secondary law. The most prominent acts include the General Data Protection Regulation (GDPR), the Digital Services Act (DSA) and Digital Markets Act (DMA), the Insolvency Regulation and the Unfair Commercial Practices Directive. All of those must be considered as potential elements of the internal basis for inductive generalization.^[34]

a) General Data Protection Regulation: Legal Entity Principle

The GDPR treats different legal entities separately when it comes to corporate liability. Primary obligations stipulated in the regulation bind only the respec767tive legal or natural person. Fines are imposed only on the legal entity that has breached the rules of the GDPR. In our opinion, this principle of separation also applies to the calculation of fines under Art. 83(4), (5) GDPR.

aa) Primary Obligor and Party Liable to Pay a Fine: Legal Entity Principle

Rules of the GDPR primarily address controllers (Art. 24 GDPR) and – if applicable – processors (Art. 28 GDPR). Both are explicitly defined (Art. 4 no. 7 and no. 8 GDPR). The definitions refer to a “natural or legal person, public authority, agency or other body”. Accordingly, in the case of legal persons, the entity responsible under data protection law is the legal entity, not the entire economic unit.^[35]

The addressee of fines is also the controller or, where applicable, the processor (Art. 83(3) GDPR) and therefore a legal person, not an economic unit.

A transfer of the rules of competition law would violate the wording of the regulation and, with the exception of Recital 150 which is discussed in Section 2. A) bb) below, is also not indicated by the recitals of the GDPR.^[36] Accordingly, the legal entity principle is central to the regulatory framework of the GDPR, also regarding the liability for fines.^[37]

bb) Benchmark for Assessing Liability: Undertaking (Art. 83 (4), (5) GDPR)

Some take the view that the assessment of the amount of fines imposed under the GDPR diverges from the legal entity principle.^[38] We think this assumption is not convincing for several reasons. It is true that Art. 83(4), (5) GDPR limits the amount of fines to a certain percentage of the annual turnover of the “un768dertaking”, and does not refer to the turnover of the “controller”. However, this does not necessitate a departure from the legal entity principle. This follows e contrario from EU directives and regulations that ecplicitly refer to the word turnover of the parent to determine the upper limit of a fine if the subsidiary has been found guilty of an infringement (see for example Art. 111(3), (5) subpara. 1 (j), subpara. 2 MiCA Regulation).

The term “enterprise” is defined in Art. 4 no. 18 GDPR as a legal entity.^[39] This definition of enterprises given in Art. 4 no. 18 GDPR is also applicable to the “undertaking” for the purposes of Art. 83 GDPR.^[40] At first glance, one might object that Art. 4 no. 18 GDPR and Art. 83 (4), (5) GDPR use different terms (enterprise vs. undertaking). It is true that the two provisions use different terms in the English version of the GDPR.^[41] However, most language versions of the GDPR use the same term in Art. 4 no. 18 GDPR and Art. 83 GDPR. Examples include the German (“Unternehmen”), French (“entreprise”), Dutch (“onderneming”), Italian (“impresa”), Portuguese (“empresa”) and Spanish (“empresa”) versions. As practically all language versions except for English use an identical term, it would hardly be compatible with the principle of equivalence of the language versions^[42] to rely solely on the English version when it comes to the interpretation of Art. 83 (4), (5) GDPR. This is underlined by the fact that a differentiation between enterprise and undertaking would lead to frictions even within the English language version. Art. 4 no. 19 GDPR defines a “group of undertakings” which is to consist of various undertakings linked by certain dependencies.^[43] Even the English language version therefore uses the term “group of undertakings” when addressing economic units. In turn, undertakings within the GDPR must be understood as individual legal entities.

The most common objection to our position lies in Recital 150 3^rd sentence of the GDPR^[44]. According to this recital, when determining the maximum amount of 769fines, the term “undertaking” should to be understood as in Art. 101 TFEU. Some authors therefore argue that the term “undertaking” in the sense of Art. 83(4) and (5) GDPR does not refer to a legal entity but, rather, to an economic unit.^[45] However, there are several reasons to reject this argument. First and foremost, there is a hierarchical relationship between the binding provisions of the GDPR and the recitals.^[46] The ECJ considers the recitals to be relevant for the interpretation of legal norms within a regulation, but views them as being of secondary importance.^[47] And even if Recital 150 is considered relevant, it is “relevant only” for determining the upper limit of an administrative fine (see ECJ in Deutsche Wohnen SE, para. 54, 57) and not for the question of who is liable for the fine. In addition, specifically in the case of Art. 83 GDPR, an extensive interpretation in line with the abovementioned recital would possibly violate the principle of legal certainty which applies to punitive provisions under EU law such as Art. 83 GDPR (cf. Art. 49 (1) 1^st sentence EU Charter of Fundamental Rights).^[48]

b) Digital Services Act

The DSA^[49] does not expressly determine whether it addresses the individual legal entity or the economic unit. This applies to both the DSA’s primary obligations and the liability for breaches of these obligations. However, there are indications in favor of a reference to individual legal entities.

aa) Primary Responsibility: Provider of Intermediary Services

The DSA imposes duties of care on “providers of intermediary services” and regulates their liability.^[50] Unlike Art. 2 lit. b of the E-Commerce Directive,^[51]770for example, neither the provisions nor the recitals of the DSA expressly define the term service provider.

However, both the provision on the DSA’s scope of application (Art. 2 DSA) and the recitals indicate that the subject of liability is the specific legal entity and not the economic unit. The act uses the terms “place of establishment” (Art. 2(1) and Recital 7 of the DSA), “establishment” (Recital 8 of the DSA) and “location” (Recital 7 of the DSA) of the provider of intermediary services. These terms clearly relate to a specific legal entity, since EU law does not recognize a group branch or group headquarters. Moreover, Art. 44 of the DSA also suggests that the subject of liability under the DSA is the specific legal entity. It mentions the possibility that “a provider of intermediary services appoints a subsidiary undertaking of the same group as the provider, or its parent undertaking [as legal representative, cf. Art. 13 DSA]”, which only makes sense if the entire group is not automatically qualified as a service provider.

bb) Liability for Fines: Providers of Intermediary Services

Art. 52(1) of the DSA stipulates that the provider of intermediary services is also liable for fines. According to Art. 52(3) of the DSA, the relevant annual turnover for the assessment of the maximum amount of fines also is that of the provider of intermediary services. Accordingly, both provisions follow the legal entity principle. Under the DSA, there is no recital like Recital No. 150 of the GDPR which could possibly suggest an introduction of the concept of an undertaking in the sense of EU competition law.^[52] Consequently, the benchmark for the maximum amount of fines under the DSA is the turnover of the individual legal entity and not the turnover of the entire economic unit.^[53]

c) Digital Markets Act (DMA) and Foreign Subsidies Regulation (FSR)

The Digital Markets Act (DMA)^[54] addresses so-called gatekeepers, which are subject to a number of prohibitions and obligations pursuant to Artt. 5 et seqq. DMA as well as the addressees of the sanctions set forth in Artt. 30 et seqq. DMA.

According to Art. 2 no. 1, 3(1) DMA, gatekeepers constitute a type of undertaking which reach certain quantitative thresholds. According to Art. 2 no. 27 771DMA, an undertaking is “an entity engaged in an economic activity, regardless of its legal status and the way in which it is financed, including all linked enterprises or connected undertakings that form a group through the direct or indirect control of an enterprise or undertaking by another”. The DMA thereby explicitly references the definition of the economic unit in the sense of EU competition law.^[55] Under the DMA, the subject of the obligations and liability is, thus, the economic unit.

The recently introduced Foreign Subsidies Regulation (FSR)^[56] seeks to implement a “State aid control system [which; added by the authors] prevents Member States from granting State aid that unduly distorts competition in the internal market.” (Recital 1). For the purposes of the FSR, the term “undertaking” “means ‘economic operator’ as defined in Article 1, point (14) of Directive 2009/81/EC” (Art. 2 para. 1 FSR). Hence, in accordance with Art. 1 point 14 and 13 of this directive, it is to be understood as “any natural or legal person or public entity or consortium of such persons and/or bodies which offers on the market to execute works, supply products and provide services, respectively”. Fines under the FSR can be imposed on “undertaking or an association of undertakings” (Art. 17 para. 1 FSR) and their maximum extent is limited by the turnover of “undertaking or an association of undertakings” (Art. 17 para. 2 and 3 FSR).

d) EU Insolvency Regulation

The EU Insolvency Regulation, which deals, among other things, with the liability of insolvent legal entities, differentiates between different legal entities. In groups of companies, separate insolvency proceedings are to be conducted for each individual company.^[57] The existence of group coordination proceedings^[58] does not contradict this principle. The autonomy of the individual proceedings is maintained and there is no substantive (liability) consolidation. 772Thus, in the case of groups of companies, the principles of separation of assets and limited liability are maintained for matters relating to insolvency.^[59]

e) Unfair Commercial Practices Directive

The prohibition and sanction rules of the EU Unfair Commercial Practices Directive^[60] also address the legal entity and not the economic unit. The addressee of obligations under the directive is the “trader”. Traders are also the decisive points of reference for the amount of fines, cf. Art. 13(3) of the Directive. According to Art. 2 lit. b of the Directive, the trader and thus the subject of the obligation and liability is the respective legal entity, not the economic unit.

IV. External Basis for Inductive Generalization: Legal Systems of the Member States

The legal systems of the Member States and international law, which together constitute the external basis for inductive generalization, consistently rely on the principle of separation between legal entities (principle of separation). Even in public international law this principle applies.

1. Germany

Under German corporate law, specifically the German Stock Corporation Act (AktG), liability is attached only to the company, which is defined as a legal entity. According to Sec. 15 AktG, even affiliated companies are “legally independent companies” and according to Sec. 16(1) 1^st sentence AktG, groups of companies are formed by “individual [...] group companies”. The company as subject of liability under German law therefore does not refer to groups and affiliated companies.^[61]

773This focus on the company as one legal entity is, for the purpose of liability, reflected and expressed in the principle of separation.^[62] According to this principle, even when a group of companies is managed in a uniform way, the companies remain legally independent and each bears its individual rights and obligations.^[63] In the so-called de facto group^[64], liabilities of individual subsidiaries extend only to corporate assets of the respective subsidiary and not to those of the parent company as their shareholder (cf. Sec. 1(1) 2^nd sentence AktG; Sec. 13(2) of the German Act on Limited Liability Companies (GmbHG)).^[65] The legislator thereby offers a way to compartmentalize liability as an alternative to a unitary company.^[66]

Jurisprudence and doctrine only allow the piercing of this corporate veil under very restrictive conditions.^[67] The few exceptions and the extensive justifications they require show that the principle of separation is a core principle of German corporate law.^[68]

The principle of separation is also applicable to the liability for fines under German law. When it comes to the imposition of fines there is no room for a liability of entire economic units, since the wording of Sec. 30 of the German Administrative Offences Act (OWiG) clearly states otherwise.^[69]

774Consequently, German company law is wholly based on the legal entity principle, which attaches liability to specific legal entities and not to entire economic units.^[70]

2. Austria

The principle of the separation of legal entities also applies under Austrian company law. This is exemplified^[71] by Sec. 1 of the Austrian Stock Corporation Act (öAktG), according to which shareholders of a stock corporation participate in the company through capital contributions “without being personally liable” for the company’s obligations.^[72] Similar to German law, the piercing of the corporate veil is a rare exception.^[73]

The Austrian Associations Responsibility Act (VbVG)^[74], which regulates the conditions under which associations are responsible for criminal offenses and how they are sanctioned (cf. Sec. 1(1) VbVG), is also based on the legal entity principle. This follows from Sec. 1(2) VbVG, according to which associations – against which fines are to be imposed if they are responsible for criminal offenses (Sec. 4(1) VbVG) – are “legal persons as well as partnerships and European economic interest groups.” In this respect, “each company in the group [...] [must] be regarded as an association in its own right”^[75].

Regarding the imposition of fines specifically under the Austrian Data Protection Act (DSG),^[76] the relevant Sec. 30 DSG is comparable to the German Sec. 30 OWiG.^[77] Accordingly, fines are to be imposed “against a legal person”, cf. Sec. 30(1) DSG.775

3. France

The principle of separation also applies in French law.^[78] This is exemplified by the law governing the société à responsabilité limité: “[Elle] est instituée par une ou plusieurs personnes qui ne supportent les pertes qu’à concurrence de leurs apports.”^[79]

French law assumes strict legal independence of legal entities.^[80] This separation shields a company’s shareholders against the piercing of the corporate veil, which is only allowed in exceptional cases.^[81] This view is also held in French Jurisprudence. For example, the Cour de Cassation in 2012 explicitly decided that a group affiliation alone does not justify a liability of parent companies for liabilities of their subsidiaries.^[82]

4. Italy

Under Italian law, the principle of separation also is a basic principle of corporate law.^[83] This is illustrated, for example, by Art. 2325 or Art. 2462 of the Codice Civile (CC), according to which a stock corporation (Art. 2325 CC) or a limited liability company (Art. 2462 CC) is liable for obligations only with its corporate assets and its shareholders are, in principle, only liable to the extent of their capital contributions.

The principle of separation is reflected in the provisions on corporate groups (società collegate), cf. in particular Artt. 2497–2497-septies CC and Art. 2359 CC. Accordingly, each group member company (società controllate) has its 776own legal personality and is an independent bearer of rights and obligations.^[84] Creditors are not entitled to assert claims against other companies of the group.^[85] This principle of separation of liability was affirmed and extended by two reforms of the Italian corporate law in 1993 and 2003.^[86]

Parent companies are liable towards creditors of its subsidiaries only in the exceptional cases stipulated in Artt. 2497 et seq. CC. These provisions which govern a specific case of tort liability^[87] only impose a liability on the parent company if it does not exercise its duty to manage and coordinate (direzione e coordinamento di societa) in line with the principles of proper corporate and entrepreneurial management.

5. Spain

In Spanish corporate law, the principle of separation applies as well.^[88] For example, according to Art. 1(2) and (3) of the Spanish Law on Corporations (Ley de Sociedades de Capital, hereinafter LSC), shareholders of limited liability companies (para. 2) and stock corporations (para. 3) are not personally liable for the company’s obligations.^[89]

Although Art. 18 of the LSC defines groups (grupos de sociedades), the provision does not stipulate a consolidation of liabilities within a group. In Spanish Case law it is held that groups are “structurally formed by a variable number of production units, each of which nevertheless retains its legal personality”.^[90] The respective companies are considered legally independent, which also means that liability only relates to the separate legal entities, not to entire eco777nomic units. It is consistent with the case law of the Spanish Supreme Court that piercing the corporate veil is only possible in exceptional cases.^[91]

6. Netherlands

The principle of separation also applies under Dutch company law. The liability of a Dutch joint stock company (cf. Art. 2:64 of the Dutch Civil Code) or a limited liability company (cf. Art. 2:175) is limited to the company’s assets. Its shareholders are liable only to the extent of their capital contributions vis-à-vis the company.^[92] The principle of separation is reflected in the rules governing company groups. The companies of a group (groep) are independent legal entities. The parent company can only be held liable in exceptional cases, particularly in certain (not all) cases of tort.^[93]

7. Poland

In principle, only the company itself in the sense of a legal entity is liable to creditors for the debts of a Polish company.^[94] This principle of separation of assets and liabilities is a fundamental principle of Polish law.^[95] Even if companies form a group, they retain their separate legal personalities.^[96] Each company continues to be an independent legal entity, acts independently in legal transactions vis-à-vis third parties, and is solely liable for its obligations.^[97]778

8. Belgium

The liability of the shareholders of a Belgian company is generally limited to their share in the company’s capital.^[98] Only in narrowly defined exceptions, for example if the shareholders misuse the company for personal gain and thereby deliberately harm third parties (cf. Art. 1382 BW/CC), the corporate veil can be pierced.^[99] Thus, the principle of separation applies in Belgium as well.

9. Romania

Romania’s corporate law also follows the principle of separation.^[100] Liability of shareholders for company obligations is a rare exception.^[101] For example, such a liability may arise if the shareholders do themselves not observe the principle of separation and abuse the company and its assets as an “instrument for their own interests”.^[102]

10. Denmark

Under Danish law, shareholders are not liable for company obligations.^[103] There is a strict separation between the company’s assets and the shareholders’ assets.^[104] A parent company is a shareholder like any other and is in principle not liable for the liabilities of its subsidiary.^[105]779

11. Ireland

The principle of separation is fundamental in Irish company law. The separation of rights and obligations of a registered company and rights and obligations of shareholders is referred to as the “defining characteristic of corporate ownership”.^[106] The principle of separation in Irish company law was first decided upon by the House of Lords of the United Kingdom in the case of Salomon v Salomon & Co. Ltd^[107]. The court expressly stated that the rights and liabilities of the company are separate from those of the shareholders, and that exceptions to this rule need to be expressly regulated:

“When the memorandum is duly signed and registered, [...] the subscribers are a body corporate ‘capable forthwith [...] of exercising all the functions of an incorporated company.’ Those are strong words. The company attains maturity on its birth [...]. I cannot understand how a body corporate thus made ‘capable’ by statute can lose its individuality by issuing the bulk of its capital to one person [...]. The company is at law a different person altogether from [its shareholders]; and [...] the company is not in law the agent of the [shareholders] or trustees for them. Nor are the [shareholders] as members liable, in any shape or form, except to the extent and in the manner provided by the [Companies] Act.” ^[108]

Accordingly, Sec. 17 of the Companies Act 2014 limits the personal liability of shareholders to capital contributions they have not yet made in respect of the shares they hold.^[109] According to case law of Irish courts, shareholder liability can only be considered in exceptional cases,^[110] such as the misappropriation of a private limited company for fraudulent or other illicit purposes.^[111] These rules also apply (mutatis mutandis) to groups of companies.^[112] Companies within the same group are only liable for liabilities of other group companies if a separation would create unreasonable hardship for a third party who has conducted business with the group.^[113]780

12. Slovak Republic

Under Slovakian company law, shareholders of a limited liability company (spoločnosť s ručením obmedzeným) are normally not liable for company obligations. They are only liable for unpaid capital contributions as recorded in the commercial register.^[114] The shareholders of a joint-stock company (akciová společnost) are also generally not liable for company liabilities.^[115]

13. Czech Republic

Company law in the Czech Republic follows the principle of separation, too. Shareholders of a Czech limited liability company (společnost s ručením omezeným) are liable for the company’s obligations only to the extent of their unpaid capital contributions as recorded in the Commercial Register.^[116] The shareholders of joint-stock companies (akciová společnost) or general partnerships (veřejná obchodní společnost) are also generally not liable for the company’s debts.^[117]

14. Hungary

Hungarian company law also strictly distinguishes company assets and shareholders’ assets. Shareholders of a limited liability company (korlátolt felelősségű társaság) are in principle only liable to the extent of their shares.^[118] Only in exceptional cases, Hungarian law pierces the corporate veil.^[119] The same applies to shareholders of a joint stock company (nyílt és zárt részvénytársaság).^[120] The principle of separation is also reflected in the Hungarian law on groups of 781companies. In principle, a parent company is not liable for the obligations of its subsidiaries.^[121]

15. Public International Law

Finally, public international law also recognizes the distinction between individual legal entities. For example, the International Court of Justice (ICJ) has ruled in Barcelona Traction that only the state in which a legal entity has its seat can assert the entity’s protection under international law against another state.^[122] This excludes the exercise of rights by states in which shareholders have their seat. Protection under public international law is thus also intricately linked to the company as a separate legal entity, which is to be differentiated from other legal entities of an economic unit.

This principle of separation also applies to questions of liability. In Public International law the question has been raised whether states can be held liable for obligations incurred by International Organizations of which they are a part. The prevailing opinion in public international law holds that this is not the case.^[123] This is justified with the International Organizations separate legal personality, a piercing of this corporate veil is only considered viable in exceptional circumstances.^[124]

V. Inductive Generalization

On the above basis, an inductive conclusion can be drawn as to whether corporate liability (of the undertaking) in EU law follows a general principle and, if so, what the content of this principle is. In drawing this conclusion, the framework of fundamental freedoms, specifically the freedom of establishment as well as the fundamental right to entrepreneurial freedom under the EU Charter of Fundamental Rights (see under 1.), must be taken into account.^[125] Subsequently, the individual elements of the internal (see under 2.) and the external 782(see under 3.) basis will be examined as to whether they permit the assumption of a general legal principle and whether they allow conclusions as to the content of such a principle. In accordance with the standards set out at the beginning of this paper (supra, I.), an inference from EU law provisions to a general principle is only permissible if the specific rules that form the basis of induction cannot be explained without the existence of a particular underlying general principle.^[126]

1. Freedom of Establishment and Entrepreneurial Freedom

Artt. 49 and 54 TFEU guarantee the freedom of establishment for nationals of a Member State^[127] and companies formed in accordance with the laws of a Member State.^[128] Particularly, this fundamental freedom guarantees the freedom to form groups (conglomeration), which requires liability segmentation. It addresses the specific legal entity, cf. Art. 54(2) TFEU,^[129] thereby adhering to the principle of separation. When subsidiaries are established, for example, the parent company is the beneficiary of the freedom of establishment.^[130] The same must therefore apply with regard to group management in the sense of Art. 49(2) TFEU. Developing general principles for corporate liability based on economic units instead of the individual legal entities would, in our opinion, be incompatible with this freedom.

If one were to universally base corporate liability on economic units, parent companies would be forced to manage groups like a uniform company (management unit) to ensure compliance with EU obligations and they would be liable for the liabilities of their subsidiaries (liability unit). This would create severe frictions in company law: an EU-wide management of a group as a single entity is impossible in many cases, as the member state’s company statutes differ. A management decision permitted in one member state might violate the provisions of another member state and obligations of the subsidiaries’ man783agements in one member state might not exist in the next.^[131] In practice, basing corporate liability on economic units would largely rule out the group as a form of corporate organization, and would considerably impair activities of companies abroad.^[132] This would run counter to the freedom of establishment, which guarantees cross-border activity via subsidiaries with limited liability (Art. 49(1) 2^nd sentence TFEU)^[133] as well as cross-border company management (Art. 49(2) TFEU).^[134] Both of these guarantees of the freedom of establishment^[135] would be undermined if liability was based on the economic unit instead of the individual companies.^[136]

Moreover, such an approach would circumvent the limited liability of parent companies for their foreign subsidiaries. This would expunge the key difference between legally independent subsidiaries and legally dependent agencies or branches, even though Art. 49(1) TFEU expressly distinguishes between the two; consequently, “the freedom of choice and organization presupposed in Europe” would dwindle.^[137]

The separation of liability within groups is, to some extent, also guaranteed by the EU Charter of Fundamental Rights (“Charter”).^[138] The formation of limited liability companies as an act of organization of the company falls within the scope of protection of entrepreneurial freedom (Art. 16 of the Charter).^[139]784Restrictions of this freedom are possible but require justification. In particular, the principle of proportionality must be observed (Art. 52(1) 1^st sentence of the Charter).^[140] If one were to acknowledge a general principle attaching liability to economic units, irrespective of individual legal entities, this could disproportionately restrict entrepreneurial freedom and, thus, violate Artt. 16, 52 of the Charter.

The freedom of establishment, in particular the freedom to form a group, and Art. 16 of the Charter are basic conditions for general principles of EU law. They indicate that corporate liability may be linked to the economic unit only where the particular interests and legal provisions involved justify it, but not as a general principle.

2. Internal Induction Basis

a) Competition Law as a Non-Generalizable Exception

The principles of European competition law do, in our opinion, not constitute a suitable basis to assume existence of a general principle of liability under EU law.^[141] To support a general principle, the rationale behind the liability provisions of EU competition law would have to be capable of being generalized.^[142] This is not the case.^[143]

Attaching liability to an economic unit under EU competition law is based on competition-specific considerations.^[144] German scholarly literature has even 785coined a special term for an economic unit’s ability to be the subject to obligations and liability specifically under competition law (“Kartellrechtsfähigkeit”, competition law capacity).^[145]

aa) Purpose of Competition Law

The liability of an economic unit can only be justified by the special purpose of EU competition law: the protection of competition as such in the interest of a functioning internal market^[146].^[147] This purpose is best accommodated by addressing legal duties not just at a legal entity, but at a functional economic unit.^[148] This is shown, for example, by the prohibition of the abuse of dominant market positions (Art. 102 TFEU). A decisive factor for this prohibition is the dominant market position. Whether an undertaking holds a dominant position is primarily determined by the undertaking’s market share.^[149] Integrating the entire economic unit in one undertaking^[150] cumulates the market shares of several legal entities. This in turn subjects undertakings to Art. 102 TFEU, even if the separate legal entities would lack a sufficient market share. As a result, a larger proportion of market behavior is subject to Art. 102 TFEU. This is justified, because dependent companies within an economic unit typically influence competition like a uniform entity.^[151] Since the formation of economic units can result in a reduction of competition, it is appropri786ate in competition law to attribute infringements to the economic unit and to assess the fine on the basis of the turnover of the entire group.^[152]

However, this reasoning cannot be generalized. For example, the rationale of data protection law differs significantly from that of competition law. Data protection law aims to protect personal data by regulating controllers that make decisions on the means and purposes of processing data as well as entities which process personal data on behalf of controllers. Unlike in competition law, the fact that a controller is part of a larger economic unit does not per se increase data protection risks. The market share of an economic unit is per se not an additional risk for data protection, largely because of the autonomy of controllers and because there is no group privilege regarding data.^[153] Economic units may increase regulatory risk where regulation seeks to prevent the misuse of market power. This purpose, however, is specific to competition law and cannot be generalized.

bb) Compensation for Hardships Specific to Antitrust Law

The extensive understanding of corporate liability in competition law also creates hardships which can be mitigated by mechanisms specific to competition law. A generalization of the competition law concept of corporate liability would lead to unjustified hardships in other areas where they cannot be mitigated. Specifically, the mitigation tools of competition law include the so-called group privilege (1) and a restriction of the assessment of fines to activities relevant to antitrust law (2).

(1) Group Privilege

The group privilege is the counterpart to the mutual attribution of competition violations within the economic unit.^[154] Accordingly, the prohibition of anticompetitive agreements does not apply within an economic unit, i. e. between companies belonging to the same group.^[155] This exception is justified, because companies in an economic unit do not determine their market behavior autonomously. Consequently, within a group of companies, individual legal entities 787do not require or merit protection against anti-competitive agreements.^[156] Within the system of competition law, the attribution of infringements and the uniform sanctioning of an economic unit therefore go hand in hand with a privilege for intra-group agreements.

This concept of a group privilege is not transferable to other areas of law.^[157] In data protection law, for example, it would mean that data could be passed on freely within the companies of the same economic unit. However, the European legislator has decided against such a group privilege in data protection law.^[158] In terms of its purpose, the group privilege can only apply to competition law, because there is no need for sanctions when competition within groups is impaired. This thought is not transferable to other areas of law. Violations of data protection provisions can merit sanctions even when they are committed by transferring data within the same group. This is because data protection law strives to protect the interest of a data subject for whom even data transfers to other group companies can be problematic.

(2) Restriction to Products Relevant to Antitrust

One major factor in the determination of fines is turnover. If liability for fines is based on the entire economic unit, this turnover includes that of divisions bearing no significant relation to the anti-competitive conduct in question. Because of its focus on safeguarding effective competition, competition law can prevent such unreasonable results. Under antitrust law, fines are calculated by referring “to the value of the goods or services [...] as a basis”^[159] in the market where the anticompetitive conduct occurred. Accordingly, only the portion of the group’s revenue tied to the product affected by anti-competitive behavior is 788taken into account.^[160] Sales made by the group relating to other products that were not subject of anti-competitive agreements cannot be taken into account when it comes to the imposition of fines.^[161]

Outside of antitrust law, the establishment of such a mechanism is usually not feasible. This can be exemplified by looking at data protection infringements, in relation to which the GDPR does not distinguish between different product or market segments but rather focusses on the infringement-specific factors listed in Art. 83(2) GDPR.

cc) Partial Generalization: Identity of Addressee of Prohibition and Subject of Liability

One principle in EU antitrust law can, however, be generalized: The addressee of a prohibition provision, the subject of liability for infringements and the entity whose turnover is relevant to the amount of fines must be identical. In competition law the primary breach of duty (by virtue of attribution), the liability (by virtue of joint and several liability) and, finally, the assessment of fines (Art. 23 of Regulation (EC) 2003/1) are linked to the economic unit.^[162] Taking into account the turnover generated by the entire economic unit for the calculation of the fines in the sense of a group liability under competition law is only appropriate, because the economic unit is also the addressee of the primary legal obligations and prohibitions.^[163]

This idea is not specific to competition law but a general principle of legal ethics: no one should be sanctioned without a breach of duty attributed to them.^[164] In this – and only this – respect competition law can be generalized.

dd) Principle of Separation as a Prerequisite of Competition Law Jurisprudence

Finally, even case law of the ECJ in the field of competition law explicitly references the principle of the separation of legal entities.^[165] The ECJ has repeat789edly recognized the legal subjectivity of individual companies within a group,^[166] and has confirmed this view in recent decisions.^[167] The ECJ holds that a separation of legal entities does not prevent them from forming a single undertaking for the purposes of competition law. However, precisely this line of argumentation shows that the ECJ still views the principle of separation as the general rule. Otherwise, there would be no need to justify the extension of liability to the economic unit in competition law in the first place. This need for justification exists because economic units can themselves not commit competition violations as they lack legal capacity.^[168] Therefore, in order to establish an economic unit’s liability, an action of individual legal entities has to be attributed to the unit.^[169] However, the legal entities remain the actual perpetrators.^[170] Attribution always requires justification. In the case of competition law, it is justified by the influence which the parent company exerts over its subsidiaries^[171] in conjunction with their uniform appearance on the market.^[172] In conclusion, the attribution of anti-competitive behavior does not negate the principle of separation between legal entities, but presupposes it as a starting point, even though it may depart from it.

790With regard to enforcement, EU competition law also relies on the legal entity principle.^[173] Pursuant to Art. 299 TFEU, fines are enforced according to the law of the member states which adhere to the legal entity principle, not least because economic units themselves cannot hold assets.^[174] It is therefore an established practice of the Commission^[175] and case law of the ECJ^[176] that penalty notices and orders are addressed to specific legal entities and that the economic unit mainly plays a role when it comes to a liability as joint and several debtors.

ee) Conclusions

In conclusion, the principles of corporate liability (of the undertaking) in competition law cannot be generalized. They are special rules justified solely by the specifics of competition law. Thus, EU competition law is no suitable basis for a general principle of corporate liability. Only the notion that the subject of primary obligations must also be the subject of liability as well as the entity whose turnover is relevant for the amount of fines can be generalized.

b) General Data Protection Regulation

As described above, the GDPR refers to the specific legal entity, i. e. the controller or processor. This clearly applies to the addressee of the primary obligations as well as to the subject of liability,^[177] but also, in our opinion, to the calculation of maximum fines (Art. 83 (4) to (6) GDPR).^[178] This focus on separate legal entities is not specific to the regulatory framework, principles or provisions of data protection law and can, thus, serve as the basis for inductive generalization.791

c) Digital Services Act

Since the DSA does not define the provider of an intermediary service, it does not permit a clear conclusion in favor or against a certain principle of corporate liability. There are, however, some indications that the legal entity principle would be a more fitting explanation for certain provisions of the DSA. It is clear that the addressee of the primary obligations, the subject of liability, and the entity relevant for the calculation of the fines are all identical under the DSA. In that respect, the DSA confirms the generalizable aspect of the principles of corporate liability. Regarding further questions of corporate liability, the DSA is a regulation which provides a rather weak basis for generalization.

d) Insolvency Regulation and Unfair Commercial Practices Directive

The obligations under the EU Insolvency Regulation, in principle, only apply to individual legal entities. This approach is not based on specifics of insolvency law but allows generalization. Similar considerations apply to the Unfair Commercial Practices Directive.

e) Digital Markets Act and Foreign Subsidies Regulation

Of the secondary acts examined, the DMA refers to the economic unit instead of the individual legal entities. This is not rooted in a general principle of law, but in the DMA’s nature as a branch of competition law.^[179] The objective of the DMA is to reduce systemic risks to competition.^[180] The DMA is modeled on the basis of Artt. 101, 102 TFEU in other respects, too.^[181] Most duties of conduct which undertakings and gatekeepers in the sense of the DMA are subjected to, are modeled on competition proceedings relating to Artt. 101, 102 TFEU;^[182] in addition, there are overlaps in substantive law between the DMA and general EU competition law.^[183]

Thus, the DMA attaches liability to economic units because it is a subtype of competition law, not because it expresses a general principle of EU law. The 792DMA is not a suitable basis for the determination of a general legal principle of corporate liability in EU law.^[184] Even the EU legislator deemed it necessary to justify the functional understanding of the term “undertaking” within the DMA by referencing EU competition law. This shows that it does not consider the attachment of liability to the economic unit as the rule but as the exception. Thus, the DMA – like general EU competition law – must be excluded from the basis for inductive generalization.

The same line of argument holds true for the FSR. The regulation does, besides the undertaking, also address associations of undertakings as the subjects of fines and it declares the turnover of such associations relevant for the maximum amount of fines in certain cases. However, this is not rooted in a general principle of EU law, but in the regulations proximity to competition law. While it regulates the subject of state aid, it first and foremost sees this as a means to ensure fair competition within the EU (cf. Recital 1 and Art. 1 FSR). Therefore, it can be considered a supplement to classic competition law. The reference to the association of undertakings can therefore not be generalized outside competition law. The FSR – like the DMA – must, hence, be excluded from the basis for inductive generalization.

3. External Induction Basis

The external basis for inductive generalization, i. e. the legal systems of the member states as well as public international law, provides a clear picture. All the abovementioned legal systems apply the principle of the separation that results in a limitation of liability to one legal entity. The national legal systems even have elevated the principle of separation to the rank of a general principle of national law, often expressly designating it as such. It has already been recognized in Roman law doctrine, that, as a matter of principle, only one’s own fault leads to liability for damages.^[185] As Roman law is the root of numerous legal systems of the Member States, it can be taken into account for the formation of general legal principles in EU law as part of the member states legal traditions.^[186]793Finally, Public International Law is also guided by the legal entity principle, allowing for a limitation of liability.

4. Conclusions

As a result, there are no rules in the basis for inductive generalization that justify a general legal principle of corporate liability based on the economic unit. Consequently, such a general legal principle of corporate liability (of the undertaking) does not exist. There is no principle of general liability for breaches of obligations by third parties. However, there clearly is a general principle that the subject of primary duty and liability as well as the relevant entity for the calculation of fines must be identical.

It remains to be decided whether there is a general principle of corporate liability which is based on the specific legal entity or whether there is no general principle of corporate liability at all and, instead, an individual decision must be made for each respective legal act. The better arguments, in our opinion, speak in favor of a general legal principle based on the specific legal entity. It is in line with the legal tradition of the member states, with public international law and is in conformity with the freedom of establishing groups of companies required by the freedom of establishment as well as entrepreneurial freedom. It also matches with the relevant provisions of the internal basis of inductive generalization, i. e. EU law. The variety of areas of law that follow the legal entity principle (state aid law, unfair competition law, data protection law, insolvency law) shows that basing primary obligations as well as liability and the calculation of fines on specific legal entities is a general legal principle.

VI. Result

EU law does not recognize a general legal principle of corporate liability based on the economic unit. Instead, an inductive generalization based on the acquis communautaire, the legal systems of the Member States and Public International Law shows that, in principle, only the specific legal entity is subject of primary obligations as well as liability for breaches of rules. Moreover, the legal entity, in principle, is the reference point for the calculation of fines under EU law.

Note

759This article is based on a legal opinion written by the authors at the request of a corporation with an economic interest in the subject. In Zimmermann et al., ZGR 2023, 399 et seqq., the authors have previously published on a related topic.760

Published Online: 2024-02-26

Published in Print: 2024-02-06

This work is licensed under the Creative Commons Attribution 4.0 International License.

Articles in the same Issue

https://doi.org/10.1515/ecfr-2023-0035

Creative Commons

BY 4.0