Directors’ Liability in Germany

In Germany, directors of companies-whether Geschäftsführer of a GmbH or Vorstandsmitglieder of an AG-are subject to a comprehensive system of duties under corporate, civil, and criminal law. Breaches of these duties can result in both civil and criminal liability.

On the civil side, directors are primarily liable to the company itself if they breach their statutory obligations or act contrary to the company’s interests. Such liability is codified in particular in § 43 GmbHG for GmbHs and § 93 AktG for AGs. It covers negligent or intentional violations of the duty of care, improper business decisions, breaches of the articles of association, and failure to implement adequate risk management or compliance structures. In insolvency scenarios, liability risks are particularly heightened: managing directors of a GmbH may be held personally liable under § 64 GmbHG (now largely replaced by § 15b InsO) for payments made after insolvency grounds have arisen.

In certain situations, directors can also be held liable to third parties, for instance under tort law (§ 823 BGB) or in cases of delayed insolvency filing, where creditors suffer damage as a result. Moreover, legal representatives are personally liable for failure to pay withheld payroll taxes and social security contributions.

On the criminal law side, managing directors and board members may be prosecuted for a wide range of offences if committed in connection with their role. This includes fraud, breach of trust (Untreue, § 266 StGB), insolvency-related offences (e.g. delay in filing for insolvency, bankruptcy crimes under §§ 283 ff. StGB), tax evasion, environmental violations, or accounting fraud. German law also recognizes liability for omissions, such as failure to prevent crimes within the company due to lack of supervision or compliance.

Thus, while the corporate form limits shareholders’ liability, directors themselves remain personally exposed-particularly when acting without due diligence, in conflict of interest, or contrary to mandatory legal requirements.

In Germany, the primary claimant in civil liability actions against directors is the company itself. In a GmbH, claims are typically pursued by the shareholders through a resolution (§ 46 Nr. 8 GmbHG), and in an AG, the Supervisory Board is responsible for asserting claims against Management Board members (§ 112 AktG). Shareholders of an AG cannot themselves directly bring a liability action unless specific statutory exceptions apply (e.g. shareholder action under § 148 AktG after prior request to the company has been denied).

However, creditors may initiate claims under certain conditions-especially in insolvency. Once insolvency proceedings are opened, the insolvency administrator assumes the right to pursue all claims the company has against its directors, including those for delayed insolvency filing or wrongful payments (§ 15b InsO, vormals § 64 GmbHG).

In addition, third parties, such as business partners or creditors, may sue directors personally based on general tort law (§ 823 BGB), but German courts apply a restrictive approach to such direct liability. Personal liability to third parties usually requires the breach of a legal duty specifically aimed at protecting the claimant-a so-called Schutzgesetz.

Finally, public authorities (e.g. tax or social security agencies) may initiate proceedings for unpaid obligations where directors are held personally liable under public law provisions. This applies particularly in cases of non-payment of withheld employee taxes or contributions, where the managing director may be liable for damages to the public purse.

Company directors in Germany-whether of a GmbH or AG-face a broad range of criminal liability risks, particularly where they fail to comply with legal obligations in their managerial role. Both formale und faktische Geschäftsführer (i.e. de jure and de facto directors) can be held accountable under German criminal law.

A key provision is § 266 StGB (breach of trust / Untreue), which penalizes directors who abuse their authority to the detriment of the company or its assets. Other common criminal offences relevant to directors include:

• Delayed filing for insolvency (§ 15a InsO),
• Bankruptcy offences (§§ 283 ff. StGB),
• Tax evasion (§ 370 AO),
• Non-payment of social security contributions (§ 266a StGB),
• Environmental or safety violations (e.g. under the BImSchG, ChemG or ProdSG),
• Fraud, embezzlement, and market manipulation offences in listed companies.

Liability may also arise from compliance failures: if directors neglect their duty to supervise internal processes and prevent illegal conduct, they may be criminally liable based on Organisationsverschulden.

Importantly, criminal liability in Germany generally requires intent or gross negligence. Mere carelessness will often not suffice. Nonetheless, even if criminal liability thresholds are not met, directors can still face administrative sanctions under the law on regulatory offences (Ordnungswidrigkeiten). These are governed by the Gesetz über Ordnungswidrigkeiten (OWiG) and apply, for example, in cases of:

• Minor breaches of reporting obligations,
• Violations of product safety or competition rules,
• Certain labour or tax compliance failures.

While regulatory offences do not carry imprisonment, they can result in substantial administrative fines, sometimes reaching millions of euros-especially in cases involving corporate benefit under § 30 OWiG. Furthermore, reputational damage and disqualification from managing companies may also follow.

Therefore, while the line between criminal offences and regulatory breaches is doctrinally significant, directors should not underestimate the practical and legal consequences of both.

In Germany, criminal proceedings against company directors are initiated by the public prosecutor’s office (Staatsanwaltschaft), which is legally obligated to investigate any initial suspicion (Anfangsverdacht) of a criminal offence. This principle-known as the Legalitätsprinzip-means that prosecutors must pursue all prosecutable offences ex officio and are not permitted to exercise discretion to the extent seen in some other jurisdictions.

The public prosecutor may act on the basis of:

• Information from regulatory authorities, such as tax offices, financial supervisors (BaFin), or trade supervisory authorities;
• Criminal complaints (Strafanzeigen) filed by private individuals, companies, employees, shareholders, or competitors;
• Findings from insolvency administrators, who are obligated to report indications of criminal conduct in the course of managing insolvency estates;
• Whistleblowers, compliance reports, or audits uncovering internal misconduct.

In some cases-particularly with regard to regulatory offences (Ordnungswidrigkeiten)-the competent administrative authority (e.g. a district government or a specialized agency) can initiate proceedings, impose fines, or refer the matter to the prosecution if criminal conduct is suspected.

Although only the prosecution can formally initiate criminal proceedings, injured parties (e.g. shareholders or creditors) can join proceedings as private accessory prosecutors (Nebenkläger) or assert claims through the adhesion procedure (Adhäsionsverfahren) to seek compensation within the criminal trial.

In Germany, the statutes of limitations applicable to directors’ liability depend on the legal nature of the claim, the type of company involved, and whether the alleged breach is considered an isolated event or a continuing violation. The distinction between GmbH and AG is of particular relevance in this regard.

For managing directors of a GmbH, civil liability claims-especially under § 43 GmbHG-are generally subject to the standard limitation regime under the German Civil Code (BGB). The regular limitation period is three years, starting at the end of the year in which the company obtained, or should reasonably have obtained, knowledge of both the breach and the person responsible. However, this relative period is capped by an absolute limitation period of ten years from the date on which the breach occurred, regardless of any knowledge. This rule covers typical breaches of duty such as negligent business decisions or failure to prevent damages.

In contrast, members of the management board of a stock corporation (AG) are subject to a special rule: under § 93(6) AktG, liability claims against board members become time-barred five years after the breach. Unlike the BGB regime, this period runs independently of the company’s or shareholders’ awareness and is intended to provide legal certainty in large, complex organisations. However, this five-year period does not necessarily begin with the first act of misconduct. In the case of so-called continuing breaches-such as failure to establish or maintain a compliance system, persistent supervisory omissions, or prolonged unlawful corporate strategies-the statute of limitations does not start until the breach has objectively ceased. According to prevailing academic opinion and case law, this often means that the limitation period begins only upon the director’s resignation or removal from office, since only then can the continuing violation be considered concluded.

This doctrine of dauerhafte Pflichtverletzung (ongoing breach of duty) is of particular relevance in internal investigations or when asserting claims after changes in management. It effectively extends the actionable period far beyond what directors might expect if they were to assume a purely formal five-year limitation window.

In the realm of criminal law, the statute of limitations is governed by § 78 of the German Criminal Code (StGB) and varies according to the maximum statutory penalty for the offence in question. Most white-collar crimes relevant to company directors-such as breach of trust (§ 266 StGB), delayed insolvency filing, or tax evasion-are subject to a five-year limitation period. For particularly serious offences, such as large-scale or gang-related fraud, the limitation period may extend to ten years. As in civil law, the period does not begin until the offence is completed; in the case of continuous or repeated criminal conduct, the clock starts only once the unlawful behaviour ends. Procedural acts such as the initiation of formal investigation or the filing of charges interrupt and reset the limitation period.

Finally, administrative offences (regulatory breaches under the OWiG) are subject to typically shorter limitation periods-often three years-but can also extend to five years depending on the underlying conduct and applicable sector-specific law. Even though these are not criminal in nature, they can result in severe fines under § 30 OWiG if the offence is attributable to the company through its directors. The reputational and economic impact of such proceedings should not be underestimated.

In summary, limitation periods in Germany are nuanced and highly context-dependent. Especially in cases involving continued violations of oversight or compliance obligations, directors may find themselves exposed to liability long after leaving office.

Directors in Germany often rely on Directors and Officers Liability Insurance (D&O insurance) as a formal safeguard against personal liability risks. However, the practical value of D&O insurance in Germany is often overestimated, especially by those unfamiliar with its structural limitations under German law and insurance practice.

While D&O policies are commonly in place-particularly in medium and large corporations-they rarely result in actual payouts in major claims. This is primarily due to a combination of narrow coverage terms, strict exclusions, and a legal framework that imposes high personal responsibility standards on directors. The most critical and litigated clause in practice is the "wissentliche Pflichtverletzung" exclusion: if the director knowingly breaches their duties, the insurer is released from liability. This exclusion is not merely theoretical. German courts-and insurers-apply it stringently, often using internal documents, board minutes, or audit reports to argue that the director had awareness of the risk and proceeded regardless.

Even if the insurance technically covers negligent breaches, coverage is frequently denied or litigated, particularly in large-scale corporate governance cases. In high-profile actions, such as those involving Siemens, VW, or Wirecard, D&O insurance played a limited or contested role, and any contribution by the insurer was often part of a settlement rather than straightforward indemnification.

Moreover, while the policies generally cover internal claims (e.g. by the company or its insolvency administrator) and external claims (e.g. by creditors), they typically exclude fines, penalties, and criminal sanctions, which are particularly relevant in regulatory and insolvency-related proceedings.

That said, D&O insurance still serves practical functions. It provides legal defence coverage, ensures access to experienced counsel, and can reduce financial exposure in borderline or disputed cases. In AGs, maintaining D&O insurance is often seen as part of good governance and risk management. The policyholder is usually the company, which insures its current and former directors and officers (Versicherung für fremde Rechnung). Deductibles-especially the mandatory 10% retention under § 93(2) sentence 3 AktG for AG board members-may reduce personal exposure but also reflect the legislature’s intent to anchor responsibility in the individual.

In sum, while D&O insurance is widespread in form, its real-world reliability is limited by doctrinal exclusions, insurer practice, and the high threshold for liability indemnification. Directors in Germany are well advised not to place undue reliance on coverage and to treat D&O as a partial buffer, not a shield.

German corporate law does not use the terminology of “executive” and “non-executive” directors in the same manner as common law systems. However, a functional distinction can still be drawn between those actively involved in management (executive directors) and those responsible for oversight (non-executive directors), particularly in stock corporations (AGs). A further subcategory-independent directors-is increasingly relevant in listed companies due to governance codes and capital markets regulation, though not defined by statute.

In the GmbH, the corporate governance structure is relatively simple and one-tiered. The managing directors (Geschäftsführer) are both legally and operationally responsible for the management of the company. There is no supervisory board unless the company exceeds certain thresholds (e.g. 500 employees, triggering co-determination requirements under the Drittelbeteiligungsgesetz). All Geschäftsführer-regardless of how active or passive they are-share full responsibility and are subject to the same duties of care, loyalty, and legality. There is no legal differentiation between “executive” and “non-executive” roles in this context. Delegation of tasks within the management team may limit internal responsibility but does not reduce external liability.

In the AG, a two-tier structure is mandatory. The management board (Vorstand) is collectively responsible for managing the company, while the supervisory board (Aufsichtsrat) is charged with monitoring the management board, appointing and dismissing its members, and approving certain key decisions. Members of the management board are clearly executive directors, bearing personal liability under § 93 AktG for any breach of duty, including failures in risk control, compliance, and crisis response. This liability is joint and several, and the law imposes a high standard of diligence akin to that of a prudent businessperson.

Supervisory board members functionally correspond to non-executive directors. While they are not involved in day-to-day business, their liability under § 116 AktG (which refers back to § 93 AktG) is significant. They must adequately supervise the management board, particularly in areas involving compliance, financial integrity, and strategic risk. Courts have confirmed that mere formality or passivity in the supervisory role does not shield a member from liability; failure to investigate red flags or to act upon serious irregularities may result in personal accountability. This is especially true when audit committee roles or specific professional competencies (e.g. finance) are involved.

The concept of an independent director, while not anchored in statutory law, is recognized in the German Corporate Governance Code (DCGK) for listed companies. Independence is assessed based on objective distance from the management board and controlling shareholders. While independence does not directly affect the standard of liability, it may impact expectations and scrutiny. For example, independent members of audit or risk committees may be expected to exercise enhanced vigilance. However, under German law, all supervisory board members-independent or not-are held to the same objective standard of care.

In summary, German law imposes uniform standards of liability based on the legal role and function of the director, not on internal titles or perceptions of passivity. The critical distinction is not between executive and non-executive, but between management authority and supervisory responsibility, both of which carry substantial personal exposure when exercised negligently.

German company law is firmly rooted in the principle of separate legal personality: each company, whether a parent or a subsidiary, is treated as an independent legal entity. Accordingly, a holding company is not automatically liable for the conduct or obligations of its subsidiaries, even where it exercises control over the composition of their boards. This separation forms part of the broader concept of Trennungsprinzip, a foundational doctrine of German corporate and group law (Konzernrecht).

However, liability of the parent company may arise under exceptional circumstances, particularly where it exerts direct influence over the subsidiary’s management in a way that disregards the legal autonomy of the entity. German courts have developed this under the doctrine of factual group liability (faktischer Konzern) and, more rarely, under the doctrine of piercing the corporate veil (Durchgriffshaftung).

In the context of director appointments, mere involvement in selecting or nominating managers does not in itself give rise to liability. Nevertheless, if the parent company issues binding instructions to directors of the subsidiary that result in the breach of their statutory duties-especially duties to the subsidiary itself or its creditors-the parent may become jointly liable for resulting damages under § 826 BGB (intentional damage in a manner contrary to public policy) or, in insolvency settings, under §§ 15a, 130a InsO and related provisions.

This is particularly relevant where the subsidiary is financially dependent and the parent imposes group-wide strategies that conflict with the best interests of the subsidiary. For example, if a parent enforces loss-making transactions solely to benefit the group, or delays an insolvency filing, courts may qualify such conduct as a destructive influence, triggering liability. These situations are exceptional and fact-specific but have gained prominence in recent restructuring and compliance litigation.

Additionally, liability may arise indirectly through appointment and delegation chains: if the parent installs loyal representatives as directors in the subsidiary, and those directors breach their duties under group instruction, both the individual and potentially the appointing entity may face liability. However, the threshold is high-liability typically requires intentional wrongdoing or at least grossly negligent disregard of the subsidiary’s interests.

Importantly, these principles also interact with corporate governance duties in multinational group structures. German courts and literature stress that directors appointed by a parent must serve the subsidiary's interests independently and may not justify unlawful conduct by reference to group strategy or shareholder expectations.