According to well-established case law (Commercial Division of the Court of Cassation, 20 May 2003, No. 99-17.092), a company director can only be held personally liable toward third parties if he or she has committed a fault separable from his or her duties for which he is personally responsible. Such a fault requires intentional conduct of particular seriousness, incompatible with the normal exercise of managerial functions. Liability is then incurred on the basis of the well-known Article 1240 (formerly Article 1382) of the French Civil Code. This rule is too often overlooked in practice, which can prove formidable for company directors where IT management leaves much to be desired: non-compliance with digital regulations, use of pirated versions of software…
It was precisely this latter situation that gave rise to a judgment delivered on 12 January 2026 by the Judicial Court of Rennes (No. 21/07155).
In this case, a company specializing in the manufacture of tooling and general mechanics was using software without the authorization of its publisher, who had detected the infringement through a monitoring mechanism. As early as 2015, the director of the defendant company had been informed of this and had taken no action. Eventually, in 2021, the publisher initiated an infringement seizure procedure, which confirmed the presence of “cracked” versions of the software on the majority of the company’s computer workstations.
Ruling on the merits, the court had, among other things, to determine whether the director incurred personal liability. The judges answered in the affirmative, noting that he had allowed the use of the infringing software to continue despite having received a warning several years earlier. They characterized his conduct as an “intentional fault of particular seriousness, incompatible with the normal exercise of the functions of a company director,” insofar as it exposed the company to financial penalties likely to jeopardize its continued existence. Consequently, the company and its director were held jointly liable to pay €1,070,000 in compensation for the economic and moral damages resulting from the acts of infringement.
This decision serves as a lesson for all company directors at a time when IT is not always managed rigorously: non-compliance, contractual in this case, but potentially regulatory as well (failure to comply with the GDPR or the AI Regulation) may give rise to significant personal liability for the management team; any warning on the matter must therefore be taken seriously. As the saying goes “He who can prevent and does not, sins” (Loysel, 1607).