Federal Court of Justice rules on auditors' duty to inform and render account

In a landmark ruling on December 11, 2025 (Ref.: III ZR 438/23), the Federal Court of Justice (Bundesgerichtshof—BGH) ruled that auditors must disclose the contents of their audit files to, and allow them to be inspected by, the audited company. The decision clarifies key issues in dealing with requests for information and inspection from the company. Both the company and the auditor will have to observe the guidelines now clarified by the highest court in future cases, particularly when examining and enforcing possible liability claims (or defending against them).

Background to the decision

The BGH ruling concerns the "Wirecard complex". The insolvency administrator of the collapsed group had, among other things, requested former auditor EY to disclose the content and to allow an inspection of its files created in the course of the audits.

Such requests for information and inspection are of considerable practical importance in complex liability and damage cases. If companies discover legal or compliance violations or incur severe damages, the question often arises whether the legal, tax, or economic advisors involved breached their duties within the scope of their assignment and are therefore (jointly) liable to the company for the damages incurred. For companies, the files kept by the advisors (nowadays mostly in electronic form, formerly in classic paper form) are an essential – and in many cases the only promising – source of information for examining any liability claims. The range of possible applications is incredibly diverse. It extends from corporate transactions to restructuring and insolvency cases, product liability, contract or antitrust law, and the preparation and auditing of annual and consolidated financial statements. This was the case in the ruling issued by the BGH.

With respect to auditors the highest court had not yet conclusively clarified whether and to what extent they are obligated to provide the company with information on the contents of and access to their files. Lower court decisions have affirmed such obligations but remained divided on their scope. Various voices, in particular from the audit sector and related interest groups, took the view that the auditor’s statutory independence and freedom from instructions precluded any disclosure obligations to the commissioning company.

There was also a discussion about the applicable period of limitation for any rights of the company against the auditor to obtain information and access documents. This is a highly relevant question in practice, as evidence of possible auditor misconduct often only comes to light many years after the audit has been completed, especially since it is not uncommon for employees or managers of the company to be involved, who have no particular interest in a thorough investigation. The prevailing opinion had previously been that the rights to information and inspection were so-called deferred claims (verhaltene Ansprüche), where the period of limitation only begins to run when (first) asserted by the client.

Key points of the BGH ruling

The BGH has now clarified these previously disputed issues in its ruling:

• The auditor must inform the company about the contents of its audit files, allow it to inspect the files, and hand over the documents contained therein. The BGH justifies this obligation with the agency nature of the audit: The audit is (also) carried out in the interest of the company. Section 675 (1) of the German Civil Code (BGB) refers to the provisions of agency law, which comprehensively oblige the agent (in this case: the auditor) to render account to the principal (in this case: the audited company). Pursuant to Section 666 BGB, the agent is obliged to "provide the principal with the necessary information, to provide information on the status of the mandate upon request, and to render account after the execution of the mandate." And according to Section 667 BGB, the agent must "hand over to the principal everything he receives for the execution of the mandate and everything he obtains from the execution of agency."
• Subject to certain restrictions, the BGH extends the scope of the duty to render account and hand over to the entire audit file, which the auditor is required to maintain pursuant to Section 51b (1) and (5) WPO. This covers all documents that the auditor keeps in his audit file; it is irrelevant whether the audit file is kept in electronic form, Section 51b (7) WPO.
• According to the BGH, certain restrictions must be observed. The following are exempt from the obligation to disclose: (1) documents that the client has already received, (2) correspondence between the auditor and his client, (3) the auditor's working papers prepared for internal purposes, and (4) records of the auditor's "personal impressions" and "confidential background information." However, the BGH repeatedly emphasizes that these are exceptions that must be interpreted and applied narrowly. This counts in particular for internal working papers (see Section 51b (4) WPO), which, contrary to an opinion strongly held among auditors, do not cover all documents prepared by the auditor. The BGH thus clearly rejects any "backdoor" attempt to invalidate the audited company's rights to accountability and disclosure. In addition, the BGH states that even documents that do not (or no longer) have to be handed over remain subject to the obligation to provide information and allow inspection, as long as they are not "notes that require confidentiality or other notes prepared solely for internal purposes."
• If (as is usually to be expected) a dispute arises between the auditor and the company as to whether and to what extent documents from the audit file are excepted from being disclosed or handed over to the company, the BGH assigns the burden of proof and assertion to the auditor. The auditor must demonstrate specifically and with reference to the respective document that it falls under the restrictions established by the BGH. This "information must be so detailed with regard to the respective document that the judge is able to make a judgment on the grounds for refusal." In doing so, the BGH is following up on its previous case law, which imposed "strict requirements" on the corresponding burden of proof in comparable cases (BGH, judgment of May 17, 2018 – Case No.: IX ZR 243/17).
• The BGH takes a more favorable position for the auditor on the issue of the statute of limitations. Contrary to the previously prevailing opinion in (lower court) case law and legal literature, the BGH assumes that the limitation period for claims under Section 666 BGB (information and inspection) begins at the latest with the completion of the specific audit, i.e., with the submission of the written audit reports to the company in accordance with Section 321 of the German Commercial Code (HGB). Although the BGH also qualifies these claims as deferred claims, it does not view the assertion as relevant. The claims become time-barred within three years, running from the end of the year in which the audit was completed (Sections 195, 199 (1) BGB). For example, if the audit of the annual financial statements for the financial year ending December 31, 2025, is completed by submitting the audit report on April 5, 2026, according to the BGH’s ruling the limitation period for the claims under Sections 675, 666 BGB expires at the end of December 31, 2029.

Practical consequences for future cases

The BGH's decision will have far-reaching consequences in practice. In light of the Wirecard complex and the resulting increase in auditor liability under the Act to Strengthen Financial Market Integrity of June 3, 2021 (FISG), but also in light of other high-profile cases (such as Grenke, Adler Group, Greensill), auditors must increasingly expect their work to be critically scrutinized by the audited company. Conversely, the company's management board is generally obliged to investigate any indications of possible claims against the auditor and, if there is a reasonable prospect of success, to assert them; this also applies to the insolvency administrator. The preliminary examination of possible claims by inspecting the auditor's files and obtaining the documents contained therein will therefore become increasingly relevant. The following aspects should be taken into account in practice:

• Since the BGH links the start of the limitation period for the right to information and inspection to the completion of the audit, there is a significant risk for the company that, when possible indications of liability claims first arise, the rights to information and inspection for the relevant audit period will already be time-barred. This has the unfortunate consequence that the company can no longer examine possible liability claims with the help of the auditor's files.

Practical note: Companies must therefore consider inspecting the audit files at regular intervals, regardless of potential red flags, and having the recorded documents handed over to them in order to secure possible evidence for later liability cases. Alternatively—and also to (temporarily) avoid the considerable expense associated with providing information, granting access, and handing over documents— the company and the auditor can, for example, agree that the limitation period, in deviation from Sections 195, 199 of the German Civil Code (BGB), shall only commence when the company asserts its claim or, in any case, only upon expiry of the relevant statutory retention periods (it should be noted that the law does not specify a uniform retention period).

• According to the BGH ruling, the statute of limitations for any liability claims does not depend on the statute of limitations for the rights to information and inspection under Sections 675 and 666 BGB. Companies must therefore take precautions to avoid the statute of limitations expiring, regardless of whether they have already asserted a claim for information and inspection, the fulfillment of which may be disputed and delayed.

Practical note: As with other liability and damage claims, companies should therefore consider entering into an agreement with the auditor to suspend the statute of limitations for any liability claims as a precautionary measure. In the interests of both parties, care should be taken to define the liability claims in question as specifically as possible. If such an agreement cannot be reached, it will be necessary to consider in each individual case whether other measures to suspend the statute of limitations need to be taken.

• A key potential dispute will be which specific documents, in accordance with BGH’s ruling, do not have to be disclosed, made available for inspection, and/or handed over. Companies should ensure that the auditor complies with the "strict requirements" confirmed by the Federal Court of Justice for asserting any exceptions. In particular, the assertion must refer specifically to individually designated and identifiable documents. For their part, auditors should ensure, also to avoid unnecessary additional work, that their descriptions are as meaningful as possible, on the one hand not revealing the relevant secret, but on the other hand enabling a neutral third party (a court) to make an independent judgment as to whether a recognized exception applies.

Practical note: "Blacklists" or "negative lists" as they are used in due diligences may be useful. Ideally, the company and the auditor should agree in advance on how the presentation is to be made. It also makes sense to have a dispute resolution mechanism in place, i.e., how—and, above all, by whom—the justification of the auditor's claim to limit his accountability is to be decided; an arbitrator or a "filter team" could be useful.

Of course, auditors should refrain from destroying disputed documents even after the expiry of the statutory retention periods before it has been conclusively clarified whether the auditor is entitled to refuse to disclose and/or hand them over. If the auditor culpably fails to submit documents subject to the duty of disclosure, accountability, and/or hand over, he or she may face claims for damages and procedural sanctions (obstruction of evidence).

• Audit files contain sensitive information relating to both the commissioning company and the auditor, which may constitute business or trade secrets. Since court proceedings are generally public, there is a risk for both sides that in the event of a dispute relevant information will become public knowledge. The parties must therefore—if a dispute cannot be avoided—consider whether to seek the exclusion of the public from the court proceedings (Section 172 No. 2 GVG) or, preferably, a court order implementing procedural confidentiality measures pursuant to Section 273a ZPO.
• The BGH did not rule on how the disclosure of information, inspection, and/or handover should take place in the specific case. This no longer concerns the primary judicial proceedings, but – in the event of a dispute – the enforcement of a corresponding judgment. Since experience has shown that the disputed enforcement of rights to information and inspection can cause considerable time and expense on both sides , both the company and the auditor should consider whether an agreement can be reached in advance.

Practical note: It is particularly useful to agree on the place, time, format, and content of the relevant information and the inspection. Information about the content of the files should be provided in writing and (in any case) in the form of an inventory (Section 260 (1) BGB), so that the individual documents can be sufficiently specified for later handover. According to the correct – but not undisputed – opinion, the party entitled to inspect the documents (in this case, the company) may also make copies of the documents; it is also advisable to reach an agreement on this question in advance. Other sensible arrangements depend on the individual case, such as the format in which the files are kept. If no agreement can be reached, the company can enforce its rights to information and inspection by imposing coercive measures (Section 888 ZPO); for the subsequent handover of the documents, it can seek to involve a bailiff (Section 883 ZPO) or a third party (Section 887 ZPO).

Conclusion

The BGH’s decision clarifies important questions regarding the auditor's accountability to the company. Nevertheless, requests for information and inspection will continue to involve considerable factual effort and pose legal pitfalls for both sides. Both the company and the auditor should address both by carefully preparing and executing such requests for information and inspection.

This client information contains only a non-binding overview of recent developments in German competition law and is not meant to replace legal advice. In case of comments or questions, please contact: