FRANCE Law and Practice Contributed by: Jean-Christophe Devouge and Kaïs Boussadia, Aurès
to damages occurring abroad, and finding the parent company at fault for excluding its foreign subsidiaries from its risk mapping and failing to implement ade - quate preventative measures against known risks of trade union repression. This marked the first instance in which a French company has been ordered to com - pensate harm arising from its activities abroad. Together, these decisions illustrate that the duty of care is no longer limited to formal compliance obliga - tions but is increasingly being interpreted as a sub - stantive standard of corporate conduct, capable of giving rise to civil liability for failures in risk identifica - tion, prevention and monitoring across global value chains. Under French law, oversight of artificial intelligence by the board of directors is not governed by any standalone legal regime but falls within the general framework of company law: the board is entrusted with defining the company’s strategic orientations and overseeing their implementation, which necessarily encompasses the governance of AI systems deployed within the company. AI is accordingly characterised as a technical decision-support tool, the use of which cannot entail any transfer of decision-making author - ity away from the board. In practice, AI is increasingly becoming an explicit area of competence for boards of directors within listed companies. This development is reflected in the establishment of dedicated training programmes for board members, covering technological devel - opments in AI. This integration is also reflected in executive remuneration frameworks, where specific targets related to digital transformation and artificial intelligence are taken into account in the determina - tion of variable compensation. Companies are further developing internal governance mechanisms to over - see the deployment of AI technologies, the adoption of internal policies or charters governing the use of technologies such as generative AI. From a risk per - spective, AI-related exposures are often addressed in universal registration documents. These include tech - 8. Artificial Intelligence 8.1 Board Oversight of AI
nological and operational risks linked to system fail - ures, miscalibration or inappropriate use of AI models, which may generate erroneous outputs with financial consequences, as well as legal and regulatory risks, particularly those relating to personal data protection. At the European level, Regulation (EU) 2024/1689 (the AI Act) establishes a risk-based regulatory framework applicable to providers and deployers of AI systems, imposing graduated obligations – notably for high-risk systems – without directly targeting corporate boards as such. 8.2 AI Use-Related Risks Please refer to 8.1 Board Oversight of AI . 8.3 Liability Exposures Arising From AI Use Under French law, the use of artificial intelligence does not give rise to a specific liability regime for boards and corporate officers. Liability exposures instead arise from the application of existing legal frameworks, par - ticularly company law, civil liability, criminal law and sector-specific regulations such as data protection law and Regulation (EU) 2024/1689 (GDPR). Enforce - ment may be initiated by multiple actors depending on the circumstances and the sector, including the company, shareholders, regulatory authorities such as the AMF and CNIL, and, where applicable, criminal prosecutors. 8.4 Key Disclosure Requirements for AI Use Under French law, there is currently no standalone general disclosure requirement specifically dedicated to the use of artificial intelligence. Disclosure obliga - tions instead arise from existing legal frameworks – in particular company law, securities law and sustain - ability reporting – within which AI-related matters may need to be addressed where they are material. In relation to annual reports, companies are required to describe their internal control and risk management procedures. While there is no obligation to refer spe - cifically to artificial intelligence, AI-related risks may need to be disclosed where they are relevant to the company’s operations, compliance or financial report - ing.
240 CHAMBERS.COM
Powered by FlippingBook