French Blocking Statute, a revival

14 February 2023
Frédéric Saffroy and Alice Bastien

1.- What is a Blocking Statute

The French Blocking Statute (“Loi de Blocage”, Statute n° 68-678 of July 26, 1968, modified by the Statute n° 80-538 of July 16, 1980) prohibits the disclosure of sensitive economic, commercial, industrial, financial, or technical information by French natural and legal persons to foreign authorities or its use in foreign judicial or administrative proceedings[1], issued outside the framework of international mutual legal assistance schemes[2].

Initially adopted in reaction to American discovery rules (subpoenas, production orders, disclosure requirements, etc.) on French territory for use in U.S. proceedings, the French Blocking Statute has only been enforced once by the French Supreme Court (“Cour de cassation”), resulting in a EUR 10,000 fine[3]. As a result, foreign authorities – mainly American courts – consider that the statute is not a valid reason to not comply with discovery or pre-discovery requirements[4].

Ten years after this enforcement by the Supreme Court, the French Anti-Corruption Agency (“Agence française anticorruption”, “AFA”) was created by the so-called “Sapin II” Law, reenforcing anti-bribery regulations and empowering the AFA with the monitoring of the Blocking Statute[5]. In the same year, the European General Data Protection Regulation (“GDPR”) was adopted[6]. Article 48 of the GDPR prohibits transfer of personal data to any non-EU court, tribunal or administrative authority which is not based on a valid international agreement, such as a mutual legal assistance treaty.

The French Agency for Strategic Intelligence and Economic Security (“SISSE”), created in 2016 and attached to the Directorate General for Enterprise (department of Economy), oversees France’s economic security policy. It coordinates the protection from foreign threats of technologies and companies. The SISSE works closely with other ministries, agencies (including intelligence agencies) and independent authorities to unify the national response.

Faced with increasing demands, mainly from the U.S. (such as Alstom (2014), Société Générale (2018) or Airbus (2020) cases), French companies were asking for a real “weaponization” of the legislation to protect themselves from extraterritorial procedures.

Since April 1, 2022, the SISSE assists French companies receiving discovery demands or requests from foreign authorities to disclose sensitive and strategic information[7].

2.- From a Neglected Text to an Efficient Application?

To determine whether a foreign laws bars U.S. discovery, American Courts analyze several factors.

The five first factors are: (i) the importance to the litigation of the documents or other information requested, (ii) the degree of specificity of the request, (iii) the country of origin of the information, (iv) the availability of alternative means of securing the information, and (v) the extent to which noncompliance would undermine US or the State of the information’s interests[8].

Two other factors shall be considered: (i) the hardship that compliance would impose on the party or witness from whom discovery is sought and (ii) the good faith of the party resisting discovery[9].

Recently, in Kashef v. BNP Paribas SA[10], the U.S. District Court for the Southern District of New York analyzed the seven above-mentioned factor, as BNP Paribas invoked the French Blocking Statute to rebut plaintiff’s motion to compel several documents.

In this case, victims of the Sudanese genocide alleged that BNP Paribas effectively facilitated the genocide by processing financial transactions on behalf of Sudanese entities, in violation of U.S. sanctions. In 2014, BNP Paribas pled guilty to the violations of sanctions. The civil case was brought in 2016, with plaintiffs seeking recovery for damages.

Several discovery disputes arose between the parties, including the de-pseudonymization of French and Swiss documents. BNP Paribas stated that the pseudonyms were necessary to remain in compliance with French and European laws – French Bank Secrecy law, French Evidence law and the GDPR.

The Court noted in its decision that “the French blocking statute places limits on the taking of foreign discovery in France” and that the GDPR “requires further consideration of necessity”, placing a “further analytical requirement on the production of data that is not contemplated in the U.S. discovery regime”.

Analyzing the seven factors, the Court explained that “Plaintiffs are, in effect, asking the Defendants to break the laws of the countries in which they operate. While both sides concede that prosecutions in this area have been all-but-nonexistent, the laws still exist and Defendants and the producing entities could expose themselves to potential liability, however slight [which] represents a hardship to Defendants”. The Defendants also acted in good faith in resisting discovery. The Court finally indicated that alternative means for obtaining the information sought was available through the Hague Convention.

Consequently, the Court denied the Motion to Compel the production of several de-pseudonymized documents.

This recent application and recognition of the French Blocking Statute in U.S. Courts has important potential implications. This decision demonstrates that it is possible for French natural and legal persons to oppose the disclosure of sensitive information sought by foreign authorities outside the framework of international mutual legal assistance schemes.

3.- Looking Forward

As both international mutual legal assistance schemes and discovery procedures are time consuming, and do not always produce the results sought, it is possible to envisage few possibilities for entities and institutions to share some sensitive information outside the judicial framework.

The first possibility would be cooperation agreements between governmental authorities. As an example, the French Financial Markets Authority (“Autorité des Marchés Financiers”, “AMF”), and the French Prudential Control and Resolution Authority (“Autorité de Contrôle Prudentiel et de Résolution”, “ACPR”) signed two cooperation agreements with the Securities Exchange Commission (“SEC”) in 2021 in order to allow French entities to register as Security Based Swap Dealers with the SEC and to benefit from a substituted compliance regime[11].

Agreements of this nature, governed by article 50 of the GDPR, would allow, within a specific and established framework, sharing some sensitive information between authorities and entities. We can imagine agreements with export control and dual-use goods departments, banking governmental bodies, or cybersecurity agencies.

Moreover, some French and European companies, may start to take into account the burdens of producing information or denying such production and adapt/amend their internal rules, including Binding Corporate Rules (“BCR”) as provided by article 47 of the GDPR, to manage the relations of the company with other companies or authorities. BCRs are to be established by the production and internal diffusion of procedures and manuals, including rules to be followed by the employees of the company. Documents of this nature are already, and in certain circumstances, mandatory for certain companies, in accordance with both the GDPR and the various EU Member States’ anti-bribery regulations.

The establishment of internal procedures and processes may be taken into account by the U.S. Department of Justice in case of sentencing. The Evaluation of Corporate Compliance Programs states that “the United States Sentencing Guidelines advise that consideration be given to whether the corporation had in place at the time of the misconduct an effective compliance program for purposes of calculating the appropriate organizational criminal fine[12].

In any case, internal compliance programs would demonstrate good faith in the defendant company, if it is invoking the French Blocking Statute before U.S. courts.

Frédéric Saffroy, Partner & Alice Bastien, Associate.

[1]               Article 1 bis of the Blocking Statute.

[2]               For example, the Hague Convention of March 18, 1970, on the Taking of Evidence Abroad in Civil or Commercial Matters, providing a specific framework for the cross-border communication of evidence, through a letter of request sent by a court in the requesting State, and the Mutual Legal Assistance Treaty of December 10, 1998 between France and the United States.

[3]               Criminal chamber, Cour de cassation, n° 07-83.227, December 12, 2007, in the “Executive Life” case.

[4]               Société Nationale Industrielle Aérospatiale v. U.S. District Court for the Southern District of Iowa, 482 U.S. 522 (1987)

[5]               Law n°2016-1691 of 9 December 2016

[6]               Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data

[7]               Decree n° 2022-207 of February 18, 2022.

[8]               Société Nationale Industrielle Aérospatiale v. U.S. District Court for the Southern District of Iowa, 482 U.S. 522 (1987)

[9]               First Am. Corp. v. Price Waterhouse LLP, 154 F. 3d 16 (2d Cir. 1998)

[10]              Kashef v. BNP Paribas SA, 16 CV 3228 AKH-JW filed on 05/23/2022

[11]              Memorandum of Understanding, Concerning Consultation, Cooperation and the Exchange of Information Related to the Supervision and Oversight of Certain Cross-Border Over-the-Counter Derivatives Entities In Connection with the Use of Substituted Compliance by Such Entities, July 23, 2021

[12]              U.S. Department of Justice, Criminal Division, Evaluation of Corporate Compliance Programs, updated June 2020