Internet service providers liability and copyright protection in the EU

Internet service providers liability and copyright protection in the EU

The re-posting of this analysis is part of a cross-posting collaboration with MediaLaws: Law and Policy of the Media in a Comparative Perspective.


Which is the legal framework surrounding Internet Service Providers (ISPs) in the EU, when it comes to copyright protection? The following article analyses the importance of ISPs in the enforcement of rights in Cyberspace and in balancing different interests.

This work finds its roots in the essay composed in the context of the LSE Summer School 2015 Cyberlaw course attended by the author, during which he was given a full introduction on all the hot topics covered by Information Technology Law.



A European ISP, EasyTelco, leases to its clients its fiber-optic cables to deliver fast Internet access.
A movie producer, DotCom Entertainment, has recently informed EasyTelco that some of its clients are allowing users to access a website based in Greece, called, which hosts unauthorised copies of some of the products of DotCom Entertainment. Hence, they ask EasyTelco to block access to and to any other site on which they know are illegally hosted DotCom Entertainment movies.



As a matter of simplicity, we will not domicile EasyTelco in any EU State in particular, in order to hold a more generic point of view. Moreover, we will focus only on the ISP regime, omitting the position of the other subjects involved in the case.

First, it is easy to recognise that DotCom Entertainment, being the author of the multimedia products involved in the dispute, holds a rightful copyright over them, which includes, among others, an exclusive right to make or authorise the making of copies of the work and to decide whether to issue those to the public. Thus, it is copyright infringing to engage in unauthorised copying for commercial purposes, and the law gives action on that to the right holder.

In the light of this right, the position of EasyTelco is a complex one, because it lays at the very cross-over between contrasting interests, as we will see.

The ISPs legal status has been shaped by the European Electronic Commerce Directive[1] and the Copyright and Related Rights in the Information Society Directive[2]. As a matter of fact, Art. 8(3) of the Copyright and Related Rights in the Information Society Directive creates a “notice and take down” system:

 “Member States shall ensure that rightholders are in a position to apply for an injunction against intermediaries whose services are used by a third party to infringe a copyright or related right.”

However, protection of copyright needs to be balanced with the safe harbour provision of the art. 15(1) of the Electronic Commerce Directive, which says that:

 “Member States shall not impose a general obligation on providers, when providing the services covered by Articles 12, 13 and 14, to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity.”

The article refers to art. 12, 13 and 14, which all define different types of ISPs, to identify the subjects benefiting from the protection of the above-mentioned article. In brief, the three articles set forth that “mere conduit”, caching and hosting providers shall not be liable for the information they transmit, cache and host, unless they are made aware of their (defamatory, copyright infringing, etc.) nature. In particular, art.12[3] is the one relevant for our purposes, as long as it defines the “mere conduit” provider as whoever allows transmission of information in or access to a communication network, which happens to be the exact activity of EasyTelco. As a final point, the third paragraph of the article allows norms such as art.8 of the Directive on copyright protection, stating that:

“3. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States’ legal systems, of requiring the service provider to terminate or prevent an infringement.”

Therefore, EasyTelco should not be held liable for copyright violations occurred within its connection services, as long as it is unaware of them, according to the general prohibition set forth by art.15 Ecommerce Directive on imposing a general duty to monitor the content of communications. However, following the “notice and take down” system, it is likely that a court would grant an injunction to the claiming party to oblige EasyTelco to unable access to copyright infringers such as



An English case helps us understanding how courts balance the two contrasting EU provisions: Twentieth Century Fox and ors v British Telecommunications plc (Newzbin II) [4]. The “Studios” were trying to close the P2P sharing website Newzbin, liable of hosting copyright infringing materials. The claimants decided to seek an injunction under s.97A[5] of the CDPA 1988, which mirrors art.8 of the Copyright and Related Rights in the Information Society Directive, against BT, to oblige it to prevent users to access Newzbin via the inclusion of the URL in the Cleanfeed blacklist.

As a matter of fact, the majority of the ISPs in the UK have implemented since 2004 a technical system developed originally by BT, called Cleanfeed, which blocks all the requests from the UK to any webpage inserted in a blacklist because of hosting child abuse related images. This content blocking solution has proved to be the ideal solution to inhibit access to sites which have been found infringing copyright during their activities, but whose servers are located abroad, consequently voiding any chance of direct enforceability of a UK court order. Then, when BT claimed violation of art.15 of the Ecommerce Directive, Arnold J pointed out that, due to the previous existence of the Cleanfeed filter, adding a single site to the blacklist could not be regarded as imposing a general obligation, so he granted the injunction to the claimants. In arguing that, he referred to a similar Belgian case[6] at that moment under the scrutiny of the ECJ, where the Belgian authors society was asking the national ISPs to cover all the communications across their networks with a totally new monitoring system to prevent copyright violations. Arnold J underlined the striking difference between the two cases, and that only the Belgian one implied a violation of art.15, as it was eventually ruled by the ECJ, because it obliged all Belgian ISPs to create, at their own expenses, a brand new filtering scheme.



Nowadays, ISPs are one of the most powerful tools to regulate cyberspace and to enforce laws and court orders, in a manner that remembers the concept of “regulation by architecture” theorised by Lawrence Lessig[7].  As a result, they are at the very intersection of various interests, from copyright to freedom of expression, right to privacy and the preservation of a functional and efficient Internet.

”Originally the European legislature made a lot of efforts to restrain intermediaries from choosing
party and made sure they would take up a merely neutral-passive role. This is clearly reflected by the
special exemption regime installed by the E-Commerce Directive that was adopted in 2000 as a
response to the disparities that existed amongst Member States concerning the liability of service
providers acting as intermediaries which prevented the smooth functioning of the Internal Market”[8].

However, legislators are constantly looking for new solutions to regulate them, as the French HADOPI system. HADOPI (Haute Autorité pour la Diffusion des Oeuvres et la Protection des droits sur Internet) is an administrative authority to whom copyright holders may notify infringements of their copyright, hence activating a so-called “three strikes procedure”, which consists of two consecutive warnings, first an email, then a more formal letter, down to the last step if the user continues in his offending activities, which contemplates a temporary suspension of internet access. Concerns related to the constitutionality of the new law were raised before its approval by the Conseil Constitutionnel, which eventually led to introducing the possibility for the user to appeal to a court against the HADOPI’s suspension of Internet access. Similar multi-strikes approaches have been followed by countries like U.S., Eire and the UK with the Digital Economy Act 2010, but all of those hide a problem of fair balancing between the rights at stake.

There are clear problems surrounding that design-based manner of enforcing law on the Internet, unquestionably one is the power to limit freedom of expression, a fundamental right as acknowledged by the ECHR (art.10), which is given to an administrative authority, expression of the government, and not to the judiciary.

Again, as soon as copyright holders’ claims start growing, it is not clear how the courts will deal with extending blocking techniques to all the offending users without contrasting with the general prohibition of art.15 of the Electronic Commerce Directive and the neutral role of ISPs it wants to preserve. Lastly, it might be argued that also serious privacy matters arise when an administrative body such as HADOPI requires surveillance over a citizen. Indeed, art. 8 (2) of the Human Rights Act allows some limitations of the right to privacy one enjoys only for, amongst others, “the protection of the rights and freedoms of others”, which could be the case when enforcing copyright. Nevertheless, are we sure it is best way to allow a body of the Government to compress a fundamental right just to protect an economic interest of some corporations? An authoritative point of view on the subject was expressed in 2008 by the ECJ in the Spanish Promusicae v. Telefonica, in which a copyright holder asked the ISP to communicate the personal data of users of Kazaa to allow suing them in civil trial. The court decided that there was no obligation under UE law for Member States to impose a duty to disclose personal data to ensure copyright protection.

Curiously, it is interesting to notice how even in Italy the one year-old regulation on online copyright issued by AGCOM, it is under review at the moment by the Italian Constitutional Court. The reasons behind this is that the Authority, quiet similarly to HADOPI in France, wants to protect copyright holders up to blocking access to offending sites after a summary hearing of the parts involved. As distinctly reported by Marco Bellezza in an article appearing on[9], what basically has been challenged is that this procedure underlies some critical constitutional issues, i.e. the fact that orders to limit  a fundamental right as freedom of expression in favour of a so-called “economic freedom” should not come from a regulation of an executive body, but from an act of parliament, and together with the chance of battling them in court, not before a mere administrative authority.



[1] Dir. 2000/31/EC of the European Parliament and of the Council of 8 June 2000, OJ L 178, 17 July 2000.
[2] Dir. 2001/29/EC of the European Parliament and of the Council of 22 May 2001, OJ L 167, 22 June 2001.
[3] “(1)Where an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network, Member States shall ensure that the service provider is not liable for the information transmitted […]“
[4] [2011] EWHC 1981 (Ch).
[5] “(1)The High Court (in Scotland, the Court of Session) shall have power to grant an injunction against a service provider, where that service provider has actual knowledge of another person using their service to infringe copyright.”
[6] Scarlet Extended SA v SABAM. (C-70/10) [2012] ECDR 4.
[7] Lessig, L. (1999) “Code and Other Laws of Cyberspace”. New York: Basic Books.
[8] Werkers, E. Intermediaries in the Eye of the Copyright Storm – A Comparative Analysis of the Three Strike Approach within the European Union (August 15, 2011). ICRI Working Paper No. 4/2011.
[9] Bellezza, M. #dda online: la questione di costituzionalità e il regolamento AGCOM. Retrived: 05/08/15, from: