FRANCE: An Introduction to Litigation: Elite

Litigation Trends 

In a constantly changing world, fraught with tension over sovereignty and anxiety about climate emergency, all within a digital landscape increasingly threatened by fraud, the major disputes that companies will face in 2024 will concern fraud and cybercrime, climate litigation, the extraterritoriality of foreign legislation and continued regulatory pressure.

Fraud and Cybercrime 

The rise in remote working coupled with greater technological innovation has undermined the security of information systems. The growth in fraud aimed at gaining unauthorized access to IT systems, networks or corporate data is therefore being fuelled by a more sophisticated exploitation of human vulnerabilities, which remain the leading cause of cybersecurity breaches.

Such threats are wide-ranging, and include ransomware, malware, threats against data, threats against availability, information manipulation and supply chain attacks.

Between July 2022 and June 2023, there was a significant increase in the variety, quantity and sophistication of cyberattacks and their consequences (ENISA Threat Landscape 2023, Blackberry GTI Report 2023). As a result, experts say 2023 was a record year in terms of the number of digital attacks in North America and Europe (The Economist, 31.12.2023).

This is especially due to increasingly sophisticated work on the part of fraudsters, enhanced by artificial intelligence and the resulting processes that make it easier for them to gather and process information about their potential victims, as well as the ability to impersonate others (deep fakes, voice cloning). Attacks are therefore better targeted and more cleverly concealed.

 In the case of the financial sector, which is a key target, the French regulator (AMF) has taken up the issue and has pursued in 2023 the cybersecurity systems inspection campaigns it initiated in 2019, announcing tougher sanctions to include repressive measures should any breaches identified continue. The AMF recommends consulting the DORA regulation, which came into force in 2023 - and will apply to financial players from 2025 - and sheds light in particular on managing the risk linked to IT service providers.

As lawsuits against fraudsters are usually fruitless, the liability of intermediaries (involved to varying degrees) is sometimes sought in order to obtain compensation, which should continue to fuel liability litigation (whether tortious or contractual).

Regulation of AI 

The question of how to regulate artificial intelligence (AI) is an underlying issue.

Increased computing power and access to vast amounts of data have led to innovations across multiple sectors ("self-driving cars", conversational robots, digital assistants, medical diagnostics), with systems adapting their behaviour in the light of previous actions (machine learning).

Enthusiasm for AI technologies led to record fund-raising at the end of 2023 (Aleph Alpha, Mistral AI). After proposing incentivizing tools, regulators are now entering a normative phase with the EU AI Regulation (trialogue agreement of 9.12.23) prohibiting systems featuring unacceptable risks and regulating others, also requiring information to be disclosed on the content used to train AI systems and clarifying intellectual property issues (as illustrated by the New York Times claim of December 2023 against OpenAI and Microsoft). The final version of the Council of Europe's Framework Convention on AI is also expected in 2024, following the second reading draft dated December 2023.

European discussions regarding liability and compensation for damage caused by AI systems are set to continue in 2024. The focus is on the two European Commission legislative proposals of September 2022 to adjust liability regimes for defective products and establish a regulatory framework specific to AI, involving targeted harmonisation of national liability rules with adaptation of the rules of proof and causality via the use of presumptions.

Climate Litigation 

Environmental litigation has reached unprecedented levels and will continue to rise (United Nations Environment Programme report, November 2023).

States sued for climate inaction, such as France (CE, 24.11.23 and 22.12.23), Belgium (CA Brussels, 30.11.23) and Germany (CAA Berlin, 30.11.23 - transport and construction), are being urged to speed up the introduction of new standards (at national, European or international level with COP 28), which are a source of additional constraints for individuals and businesses.

Companies already obliged to submit non-financial performance reports (NFRD) will have to review and harmonise their statements when the obligations arising from the CSRD Directive come into force in 2024, exposing them more visibly to accusations of misleading claims in their communication, with European harmonization expected via the Green Claims Directive expected in 2024.

A parent company's duty of care to identify risks and prevent serious environmental damage resulting from its activities and those of its subcontractors or suppliers has also given rise, particularly in France, to a large number of multi-sector disputes (industrial, energy, distribution, financial). Initial rulings have mainly concerned the conditions for the admissibility of claims, highlighting the as yet unclear nature of the law and the need for prior dialogue. A first decision on the merits (5.12.2023) does not allow us to draw any categorical lessons about an imperfect judicial tool. A number of disputes are due to be settled in 2024, shedding light on the meaning of the legislation which is still under construction. The final version of the European directive on this topic is also expected, with a considerably broader scope of application (companies with over 250 employees, compared with 5,000 under present French law).

Parallel avenues are developing through shareholder activism or lawsuits against directors (ut singuli - derivative action).

The Extraterritoriality of Foreign Law 

Pressure from foreign regulators and prosecuting authorities, particularly in the US, continues to be brought to bear on companies with assets in a given country or which use the currency of the country concerned (17 OFAC sanctions worth USD1.5 billion), and the legislative instruments devised by countries which have suffered such attacks on their sovereignty have shown their limits.

Hence, the European Court of Justice's December 21, 2021 ruling on EU Blocking Regulation 2271/96 highlighted the conflict of duties of companies simultaneously obliged to comply with U.S. embargo laws and a contrario to a requirement to refrain from applying them (CJEU 21/12/21, n°C-124/20), giving nationals of embargoed countries leverage against companies where such regulations were intended to protect the latter.

The companies’ response, in the form of both enhanced compliance measures and restricting their offer in order to avoid possible conflicts, exposes them to claims from their business partners (UN Special Rapporteur, March 2023). Extraterritoriality is also apparent in judicial proceedings, with the short-circuiting of international cooperation tools.

In countries such as France, which are not familiar with the institution of legal privilege, recognition of the latter is necessary to balance the invasive prerogatives of Anglo-Saxon discovery procedures, where French civil procedure only authorises a party to collect documents from its adversary in a targeted, reasoned and restrictive manner. The draft text, which was censured by the French Constitutional Council (November 16, 2023), is due to be voted upon again by Parliament in 2024. In the meantime, the law of evidence and the right to business secrecy should serve as a shield against excessive claims.

Regulatory Pressure 

 In 2024, French regulators, spearheaded by the AMF (the French financial markets regulator) are also likely to maintain regulatory pressure, with ever heavier financial penalties, without offering any greater predictability. The approach taken by the Enforcement Committee is neither systematised nor theorised, at the risk of limiting the instructive approach that is so useful to regulated players.

In 2023, the AMF handed down a total of EUR128 million in fines, compared with EUR61 million in 2021. By way of comparison, the ACPR (the French prudential supervisory and resolution body) issued EUR6.7 million in penalties in 2023.

In 2023, the AMF also widely favoured settlements as an alternative to sanctions, enabling regulated players to remedy their breaches under specific conditions. This confirms a trend towards negotiated justice that has been under way for some years now.

Meanwhile, both the ACPR and the CNIL (the French data protection authority) issued more rulings in 2023 than in 2022.