Personal Liability for company actions

The People’s Republic of China General Principles of Civil Law establishes the principle knows as vicarious liability “a company shall assume civil liability for the business activities of its legal representatives and other employees”.

Liabilities which arise from operational activities shall be generally assumed by the company, and by extension the legal representatives or senior officers of the company.


Following the maturation of the Chinese economy and development of new technologies, the Chinese legislature has been prolific in updating laws and regulations which have imposed a series of new obligations upon companies and by extension their officers. Privacy, cybersecurity, environmental protection, e-commerce regulation and foreign investment are areas which are highly regulated and have introduced new sources of personal liability for corporate officers in recent years.


The forthcoming Personal Information Protection Law (01.11.21) and related implementing regulations is one example: companies must be more self-regulated and are required to self-audit rather than apply for approval before qualified administrative bodies (except for critical infrastructure operators who are directly audited by CAC), which places upon the representatives of the company an obligation to ensure the companies utmost compliance with the regulations.


The Cybersecurity Law of the People’s Republic of China (2017) and related regulations created a special cybersecurity obligation on operator of a critical information infrastructure, which is to establish a security management body and designate a person in charge of data safety in the company.


Both administrative and criminal liabilities have put in place to strongly enforce this framework of data laws, most notably under the PIPL, whereby the Data Protection Officer(DPO) will be held jointly liable along with the firm and its senior officers for any breaches due to negligence on the firm’s behalf.


As is evident from the PIPL and Cybersecurity Laws, personal liability is also stipulated in sector-specific laws which expressly provides liabilities, such as fines, administrative detention, and criminal penalties, as the case may be, to be imposed directly to person in charge or responsible for relevant matters in the company (DPO) as well as the legal representatives and senior officers. This double punishment system (leadership + directly responsible person) stems from corporate criminal liability jurisprudence, although now the scope of double punishment now affects administrative regulations as well as criminal with respect to data protection.


Personal liability can be divided into civil, administrative, and criminal liability.

Civil Liability: The PRC Company Law stipulates that a director or member of “senior management” that fail to fulfil their obligations as established in the articles of association or by law, shall compensate the resulting damages caused to the company.

Administrative Liability: Article 49 of the General Principles of Civil Law stipulates that when a company commits serious wrongdoings, the legal representative may personally be subject to fines, administrative sanctions, and/or criminal sanctions.

Criminal liability: if the company is in breach of the PRC Criminal Law, the “person in charge” and the “person directly responsible” may also be subjected to criminal sentences, as the “Double-Penalty” principle is applied to most of corporate crimes.


Injunctive Measures: During corporate investigations there are several enforcement measures that are likely to be imposed by the authorities depending on the peculiarities of the case on the individuals involved. These entail certain measures such as administrative detention, international travel bans, restrictions on high consumption (flights/fast train), and/or, restrictions on serving as legal representative or management positions.


Liabilities of the legal representative

These liabilities are established by multiple PRC laws and regulations.

The General Principle of Civil Law expressly provides that when the company commits serious wrongdoings, the legal representative may personally be subject to penalties.

The Company Law expressly provides that “where any circumstance, in violation of the provisions of this Law, constitutes a crime, the criminal liability of the legal representative shall be investigated”. Such personal liability is due to the fact that the legal representative is invested with the power of representation of the company towards third parties and allegedly acts on its behalf.


Liabilities of Officers

Directors and board members may also be held liable for the actions of a company. Only in such circumstance, if a director is not the chairman of the board, an executive director and/or they are not recognized as the person in charge, may their liability be limited and it is likely only to be waived following judicial proceedings.


Direcly Responsible Person

Regulations also target the person who is the actual decision maker or the person who could stop the wrongdoings. The person in charge refers to the person who may bear potential liabilities in many sector-specific laws in China, including without limitation the PRC Criminal Law, Personal Information Privacy Law, Food Safety and Environmental Protection Law.

In practice, employees at any strata of the company may be recognised by the authorities as the person in charge as long as said person had a decision-making power in influencing the infringing activity.


Shareholders Liability

Shareholders that do not directly control the day to day operations of a company through serving in a corporate roles may still also be recognized as persons in charge, if the shareholder retains an effective control over the company through contractual arrangements or other indirect but influencing factors.


In summary the scope of the person in charge and attribution of their liability may be applied to any of the following individuals;

  1. Legal Representative;

  2. Shareholders

  3. Chairman/ Executive Director

  4. General Manager; and

  5. Other managers (financial, production, chief accountant, Data Protection Officer, Branch Representative)

Recent articles