Criminal Liability of Management in the Implementation and Operation of Automation in Business

With the development of technology, automation has become increasingly significant in business operations. It is now commonly used in production and logistics processes, document workflows, marketing activities and customer service. As a result, direct human involvement in these areas is being reduced. However, it does occur that irregularities arise in connection with the implementation or operation of automated systems—sometimes of a very serious nature—which may meet the statutory elements of a criminal offence and give rise to criminal liability. This naturally raises the following questions: who bears responsibility for the consequences of the defective operation of a machine, robot or system? Under what circumstances, and for which offences, may persons managing an enterprise be held criminally liable?

Principles of liability

When considering the criminal liability of persons managing an enterprise for offences connected with the use of automation, it should be noted that, in practice, such liability most often concerns unintentional offences resulting from omissions in the area of supervision or control over the use of automated systems within the managed entity. As a rule, such liability—by operation of law—rests primarily with members of the management board of companies, as persons obliged to conduct business activity and to manage the financial and economic affairs of the entity.

Pursuant to the principle expressed in Article 2 of the Polish Criminal Code, criminal liability for a result-based offence (i.e. an offence whose essential element is the occurrence of an objective result affecting legally protected interests—such as bodily injury to another person or damage to a company’s assets) committed by omission may be borne by a person upon whom a specific legal duty to prevent such a result was incumbent. Such a person is traditionally referred to as a “guarantor”.

The guarantor’s duty to prevent a criminal result may arise not only directly from statutory provisions, but also from other legally relevant acts, such as contracts. For example, a member of the management board of a capital company has a legal duty to safeguard the company’s assets and to prevent damage thereto. Similarly, an occupational health and safety specialist appointed by the employer under a contract has a legal duty to ensure employee safety and to prevent exposing employees to a risk to life or health.

The attribution of criminal liability to a person managing an enterprise is also conditional upon demonstrating that the unlawful conduct of that person was culpable. This means that, in the analysed circumstances, it must be possible to allege that the person acted unlawfully despite the fact that, objectively, lawful conduct could have been expected from them in the given situation.

Importantly, Polish criminal law is governed by the principle of individualisation of criminal liability, which excludes collective liability—for example, of the management board of a capital company as a whole. The fulfilment of the prerequisites for liability is assessed separately in relation to each individual member of such a collective body. Consequently, it is possible that some members of a company’s governing body may be found guilty of committing a prohibited act, while others may not.

Criminal liability for offences related to the operation of automation

Criminal liability connected with the operation of automation in enterprises may arise in particular in cases of unjustified failure to perform duties that affect the proper functioning of systems and devices used in the course of business activity. This primarily concerns failures to carry out periodic inspections and tests of equipment in use, failures to update software, or failures to exercise adequate control, monitoring and optimisation of automated processes.

Depending on the type of consequence caused by a malfunction of automated systems, such omissions may expose persons managing an enterprise to severe criminal liability, including, inter alia, for unintentional causing of death or serious bodily injury (Articles 155 and 156 of the Criminal Code), exposing a person to an immediate danger of loss of life or serious harm to health (Articles 160 and 220 of the Criminal Code), causing a generally dangerous event such as a fire, building collapse or explosion (Article 163 of the Criminal Code), or causing a risk of catastrophe (Article 164 of the Criminal Code).

It should be emphasised that the risk of criminal liability does not arise solely where negligence leads to physical harm. Such liability may also materialise in situations where, as a result of such shortcomings, formal violations occur—for example, where the automation of marketing processes results in the unlawful processing of personal data (Article 107 of the Personal Data Protection Act).

Criminal liability related to the process of implementing automation

Persons managing an enterprise may incur criminal liability not only for the consequences of defective operation of automated systems, but also for irregularities occurring during the process of implementing automation within the organisation.

The essence of such irregularities may primarily consist in the infringement of the financial interests of the managed entity, for example by causing a financial loss as a result of incorrect estimation of implementation costs and schedules, purchasing equipment whose specifications are inadequate for the nature of the business, or selecting inappropriate suppliers of technological solutions.

Such conduct may constitute the offence of mismanagement, as regulated in Article 296 of the Criminal Code. As a rule, this offence is committed where a person managing an enterprise—through abuse of the powers granted to them or failure to fulfil their duties—causes significant financial damage to the managed entity (i.e. damage exceeding PLN 200,000) or creates an immediate risk of such damage. Importantly, the Criminal Code also provides for liability for the unintentional commission of this offence. This means that, in extreme cases, a managing person may be exposed to criminal liability for mismanagement even where they had no intention to commit an offence, but caused detriment to the entity’s assets as a result of an erroneous business decision.

A final conviction for the offence of mismanagement may entail exceptionally serious consequences for persons managing business entities. Pursuant to Article 18 § 2 of the Polish Commercial Companies Code, a person convicted by a final judgment, inter alia, of offences against economic turnover and property interests in civil-law transactions (Chapter XXXVI of the Criminal Code), which include the offence of mismanagement, may not serve as a member of the management board, supervisory board or audit committee, nor act as a liquidator or commercial proxy.

Practical measures to mitigate the risk of criminal liability in connection with the implementation and operation of automation in business

The scope of criminal liability related to the implementation and operation of automation in business is broad, and the consequences may be severe. It is therefore advisable to be aware of these risks and to undertake appropriate organisational measures in advance in order to limit the risk of such liability for persons managing an enterprise. Such measures should include, in particular:

a) introducing a precise allocation of competences and areas of responsibility among individual members of the management board in the company’s articles of association or statutes;
b) ensuring that contracts precisely regulate the duties of persons to whom responsibilities for control and supervision of automated processes are delegated;
c) implementing internal procedures governing the use, control and supervision of automated processes applied within the enterprise;
d) enhancing the knowledge of management staff through participation in training courses on the use, control and supervision of automated processes applied in the enterprise.