An unexpected visit from the public prosecutor or tax investigation authorities early in the morning – a so-called “dawn raid” – represents a significant stress test for any company and its employees. In this high-pressure situation, the first few minutes often determine whether the measure escalates into chaos and legal disadvantages or can be managed in an orderly manner.
For managing directors and board members, such a search therefore constitutes a material governance risk. Those who act unprepared risk not only the loss of procedural rights and a “tainted” atmosphere for discussions, but, in extreme cases, even allegations of obstruction of justice.
A well-prepared and practised crisis response is therefore not “optional”, but an integral part of responsible corporate governance.
1. Legal Framework
A search constitutes a serious interference with fundamental rights, which is nevertheless permissible even on the basis of mere initial suspicion:
- Judicial warrant requirement: As a general rule, only a judge may order a search. Only in cases of “imminent danger” may the public prosecutor issue such an orde
- Initial suspicion: There must be “factual indications” of a criminal offence (Section 152(2) of the Code of Criminal Procedure). In practice, this is often little more than a “mere hint of suspicion”.
- Expectation of finding evidence: There must be a plausible assumption that the search will lead to the discovery of evidence. In the case of third parties (cf. Section 103 of the Code of Criminal Procedure), however, specific facts are required giving reason to believe that the person, trace or object sought is located in the premises to be searched.
- Proportionality: Finally, the measure must not be disproportionate in light of its purpose and the consequences of the interference.
2. Common Mistakes in Practice
In practice, the proper handling of a search often fails due to a lack of knowledge of the legal framework and insufficient training.
The most common mistakes:
Confrontation without legal basis
Attempts to halt or limit the search (“this cupboard / this server is irrelevant to you”) are among the most common mistakes. Occasionally, there is also a lack of awareness that any potential complaint does not have a suspensive effect. In fact, a search can almost never be prevented, but only “channeled.”
Destruction of evidence
Hastily deleting emails or destroying documents after the authorities arrive or once the measure has concluded constitutes serious misconduct, which may amount to obstruction of justice and could lead to the imposition of pre-trial detention.
Informal discussions
Conversations with authorities outside formal interviews, e.g., “in passing,” are often misused to obtain information. Employees should therefore be aware of the standard question: “Are you questioning me as a witness or as a suspect?” In either case, there is a right to consult a lawyer beforehand, either as defence counsel or witness advisor. All of this is decided solely by the individual employee, as any “internal direction” is not permitted.
“Full cooperation”
Unquestioning “full cooperation” also represents a common and consequential mistake. For example, while the discovery of evidence should be facilitated cooperatively through guidance, such evidence should not be handed over voluntarily. This is particularly true for evidence unrelated to the time period or the alleged offence.
No preparation of IT systems
Every company should also be prepared for an official request to mirror data. This preparation begins well in advance with the organisation of data management: the more clearly data is assigned, for example, to time periods or projects, the easier it is to limit the scope of the mirroring. Furthermore, interfaces should be in place and regularly tested to prevent the “worst-case scenario” of a full data mirror or even the removal of the server. IT staff should also receive particularly intensive training.
3. Strategic Context: Governance and Prevention
From a corporate governance perspective, proper preparation for searches is an essential part of risk management.
Modern compliance now integrates “dawn raid readiness” as a core component of the compliance management system. This includes not only the creation of checklists for such situations, but also ensuring an organised IT document structure. Employees should also be regularly trained on the correct conduct during a search. This is particularly important for the legal and compliance departments, reception staff, and IT personnel. By 2026, stakeholders and supervisory authorities will no longer tolerate escalations or friction during searches.
4. Practical Recommendations
Implementation of “Dawn Raid Kits”
Keep folders with checklists, contact lists of lawyers, and template forms ready at reception, with compliance officers, and in the legal department.
Definition of responsibilities
Define an immediate reporting chain (Reception > Management > Legal/Compliance > External lawyers). If your IT infrastructure allows, set up an email distribution list and a phone alert system so that all members of the crisis team can be quickly informed.
Training and Awareness
Raise awareness among reception staff, as well as personnel in the compliance, legal, and IT departments, specifically for these situations. These employees are the “first responders” and key decision-makers.
Review of the search warrant
Check on-site: Who is the suspect? What is being searched for? Is the warrant current (not older than six months)?
Accompanying the search
Never leave the investigators unattended. Document every item taken and request a seizure record.
IT search
Ensure well in advance that access is limited through organised data storage. If necessary, conclude data transfer agreements to prevent a full data mirror or even the removal of the server, and to maintain business operations. This should not be done without legal advice.
Our Advisory Approach at Pragal Rechtsanwälte
We are happy to assist you in preparing your company for the event of a search and to support you should such a situation arise. With the experience of Attorney Kristina Konrad in internal investigations and the expertise of Dr. Oliver Pragal as an experienced criminal defence lawyer in business law, we offer comprehensive and interdisciplinary advice. We support you in the creation of tailored guidelines and conduct training for your executives and employees.
Conclusion
A search can often not be prevented, but it can be “channeled” through professional preparation. A cool head and clear procedures minimise the risk of mistakes that are difficult to rectify later in the proceedings. Invest in prevention before the critical event occurs – for the safety of your company and your employees.
ContactFAQ: Common Questions on Proper Conduct During Company Investigations
No, this is not possible. However, you should politely request that the authorities wait to begin the search until your legal counsel has arrived. The authorities will often accommodate this for a short period, provided there is no risk of evidence being destroyed.
As a general rule, every employee has the right to give a statement only after consulting a lawyer. Suspects in any case have the right to remain silent; witnesses have the right to consult a lawyer as a witness advisor before making a statement. Spontaneous statements during a search are rarely helpful (except for guidance on the location of evidence being sought). Nevertheless, the decision must remain with the employee (no “internal direction”).
Investigators are allowed to seize items that may serve as evidence. To prevent the seizure of private devices, a strict separation of business and personal data, as well as a clear IT policy in advance, is essential.
Ja, der Hausrechtsinhaber kann Vernehmungen in den Geschäftsräumen untersagen, da der Durchsuchungsbeschluss hierzu keine Ermächtigung enthält. Die Beamten müssten die Mitarbeitenden dann gesondert zur Dienststelle laden. Das Eskalationssignal einer solchen Entscheidung muss sorgsam abgewogen werden.
In addition to the search warrant, the seizure record (a list of items taken) is essential. It forms the basis for the later reconstruction of the removed data and documents.
