Are preventive duties on hosting service providers in line with EU law? Some comments from a legal perspective on Art. 13 Draft DSM Directive and “upload filters”

Kluwer Copyright Blog
June 28, 2018

Please refer to this post as: , ‘Are preventive duties on hosting service providers in line with EU law? Some comments from a legal perspective on Art. 13 Draft DSM Directive and “upload filters”’, Kluwer Copyright Blog, June 28 2018,

The debate on Art. 13 Draft DSM Directive has gained speed, after the Commission’s initial 2016 proposal was supplemented by the Council’s proposal of May 25, 2018, and after the European Parliament’s JURI Committee on June 20, 2018 also voted on an own proposal for Art. 13 Draft DSM Directive. The plenary vote is due in July 2018. While the language of the proposals by the Commission, Council and Parliament offer differences, all three proposals seem to share the common standpoint that active role hosting providers should have a duty to prevent the availability of unauthorized copyright content.

The contrasting view by some politicians, e.g. MEP Ms. Reda in this blogpost create the impression that such a duty, including by means of applying Automatic Content Recognition technologies would be something new and not already part of the existing EU law. A look from a legal standpoint shows that this impression would not be correct. Rather, so far EU law and the respective case law has allowed the imposition of a duty to prevent the availability of unauthorized copyright content for hosting providers under certain requirements. This includes neutral non-active hosting providers.

See here for more detail.

  1. Duties of care for passive hosting providers

Art. 15 E-Commerce Directive (ECD) provides for a prohibition on imposing general monitoring duties upon internet providers (for the text of Art. 15 see here). This is in particular true for passive hosting providers, which may – due to their non-active role – rely on the liability privileges of Art. 14 ECD. The CJEU understood Art. 14 as applying only to mere technical, automatic and passive operators providing data processing services to their customers (CJEU of 23 March 2010, joined cases C-236/08 to C-238/08 para. 114 – Google and Google France; CJEU of 12 July 2011, C-324/09 para. 113 – L’Oréal/eBay).

Art. 15 ECD plays an important role in particular in determining the scope of injunction claims, which remain applicable even if Art. 14 ECD applies. In contrast to Arts 12 to 14 ECD, Art. 15 ECD applies to injunction claims, in particular to injunction claims which are raised pursuant to Art. 8(3) Copyright Directive in the field of copyright, and pursuant to Art. 11 third sentence Enforcement Directive for other IP rights. Pursuant to Art. 8(3) Copyright Directive and Art. 11 third sentence Enforcement Directive, right holders can ask providers to take measures to prevent future rights infringements.  The Articles do not proscribe or prohibit any measure to achieve the

In this regard, Art. 15 ECD helps to balance the fundamental rights at stake by the internet provider, its users and the right holders (CJEU of 14 April 2011, C-70/10, para. 69 et seq. – Scarlet/SABAM; CJEU of 16 February 2012, C-360/10, para. 39 et seq. – SABAM/Netlog; CJEU of 15 September 2016, C-484/14, para. 87 – McFadden/Sony Music). For example, the CJEU has found that an injunction imposed on a hosting provider requiring it to install a filtering system obliging the hosting provider to actively monitor all the data relating to all of its service users, in order to prevent any future infringement of intellectual property rights is incompatible with Art. 15 ECD (CJEU of 16 February 2012, C-360/10, para. 38 et seq. – SABAM/Netlog).

But as Art. 15 ECD is an open provision which requires a careful balancing of rights, it does not stand in the way of more specific monitoring duties, in particular by hosting providers. For example, file hosters have been obliged by German and Italian courts to apply word filters, after having been notified about a specific title of a copyright work, made available without authorization by a user[1] This interpretation of Art. 15 seems convincing. As the filtering is confined to a specific title, it is not in conflict with the prohibition of general monitoring duties by internet providers. Recital 47 ECD in particular mentions that “monitoring obligations in a specific case” are not prohibited by Art. 15 ECD.

Nevertheless, a clear delineation between prohibited general monitoring obligations and allowed specific monitoring obligations has not yet been established, in the absence of relevant CJEU case law.  Confusingly, the French Federal Supreme Court (Cour de Cassation) has rejected stay down obligations for hosting providers as conflicting with the prohibition of general monitoring duties (Cour de Cassation Arrêt no. 831, 11-13.669, 12 July 2012 – Google France/Bach films; Cour de Cassation Arrêt no. 828 of 12 July 2012 – Google France/Bach films.).

It does not seem convincing to maintain that stay down and a duty to prevent the availability of specific works are always stopped by the prohibition of general monitoring duties pursuant to Art. 15 ECD.  In the end, it is a question of the technical solution used by the provider. For example, if the measures relate only to files of a certain type and thus only prevent the availability of such files, one cannot talk of general monitoring.   If one would apply Art. 15 ECD in all cases that involve any processing of data, no room would be left for specific monitoring duties.  What also speaks in favour of the freedom to establish specific monitoring duties to ensure prevention of infringements, is the recognition of a balancing of rights by the CJEU specifically for Art. 15 ECD. If any and all prevention duties for hosting providers were prohibited by Art. 15 ECD, this would preclude any kind of duties of care for hosting providers and would reduce the duties of hosting providers to a mere takedown. Such mere takedown duties would not be in line with EU law.

Rather, the CJEU has in several cases recognised prevention duties of hosting providers (CJEU of 12 July 2011, C-324/09 para. 131 – L‘Oréal/eBay; CJEU of 16 February 2012, C-360/10 para. 29 – SABAM/Netlog.). In particular for hosting providers after they were notified of a clear rights infringement, Art. 8 (3) Copyright Directive establishes duties beyond mere takedown, also for stay down and for prevention of similar clear rights infringements of the same kind. This is at least the established case law of the German Federal Supreme Court.[2] In its L’Oréal/eBay decision, the CJEU confirmed the German case law for the sister provision Art. 11 3rd sentence Enforcement Directive. According to the court, the prevention duty included the duty to ensure that an online market place takes measures “which contribute, not only to bringing to an end infringements of these rights by users of the market place, but also to preventing further infringements of that kind”. (CJEU of 12 July 2011, C-324/09 paras. 127, 128 to 134 – L‘Oréal/eBay). In particular, according to the German case law, such (specific) prevention duties by hosting providers can include the application of word filters with regard to the works notified to the provider.

In the case of unjustified notices, it should also be noted that here too EU law already provides for a solution. E.g. for access providers the CJEU has confirmed a right of action for internet users where they face an unjustified blocking of information through website blocking (CJEU of 27 March 2014, C-314/12 para. 57 – UPC Telekabel Wien). This decision concerned Art. 8 (3) Copyright Directive and more specifically the weighing of the fundamental rights at stake. Art. 8 (3) also applies to hosting providers. As a consequence, and also in the case of unjustified blocking of information by hosting providers already under the existing regime of Art. 8 (3) Copyright Directive, the rules provide for a right of action for the uploader.

As a result, reasonable and specific duties to prevent the availability of copyright works for neutral and passive hosting service providers seem possible under the current regime.

  1. The case of active hosting providers

That said, prevention duties (which may include upload filtering for specific content) for active hosting providers should not fall behind this current status of law for passive providers.  Rather, it logically follows from CJEU case law that active hosting providers deserve even a stricter liability regime than neutral hosters.

CJEU Ziggo/Brein (“The PirateBay”) concerned a website blocking claim raised against a Dutch access provider under Art. 8(3) Copyright Directive. In this context, the CJEU analysed the website The Pirate Bay, which is an online index for digital content, facilitating peer-to-peer file sharing among users of the BitTorrent protocol. The court held it to be a sufficient intervention in a communication that The PirateBay offered an index classifying the works under different categories, based on the type of works, genre and popularity, and the operators of The PirateBay checking that the work has been placed in the appropriate category. Also, the operators deleted obsolete or false Torrent files and actively filtered some content (CJEU of 14 June 2017, C-610/15, para. 38 – Ziggo/Brein).

The role of The Pirate Bay as a platform to connect users of the BitTorrent protocol for infringing activity was evaluated by the CJEU as primary liability for communication to the public. Moreover, it appears that the criteria for primary liability (as established by the CJEU in The Pirate Bay) for communication to the public run parallel with the requirements for an “active role”, which excludes hosting providers from the liability privilege of Art. 14 ECD.[3] This would also guarantee a sound interface without gaps between the EU liability rule for communication to the public and the liability privilege of Art. 14 ECD.

Therefore, according to the CJEU case law, active hosting service providers are, due to their very nature, under a stricter, primary, copyright liability through their (active or deliberate) intervention in the making available of works on their platform.  It follows that in order to avoid liability, active hosting service providers must take effective measures to prevent the unauthorised availability of works on the services.  It would be a bizarre conclusion that primarily liable service providers would have lesser duties than those already applied to passive hosting service providers (see 1. above).

It may be of interest in this respect that the German Federal Supreme Court (BGH) has also applied the requirements for filtering duties for providers which are within Art. 15 ECD to providers outside it. According to the opinion of the BGH, search engines are not within the reach of Art. 15 ECD. But the prohibition to impose general filtering obligations upon them applies. Nevertheless, specific filtering duties may be imposed on search engines. In particular, after a notification by the right holder, work specific word filtering duties and also work specific audiovisual filtering duties (if proportionate) may be imposed on the search engine (BGH of September 21, 2017, file no. I ZR 11/16: “Vorschaubilder III” (“Thumbnails III”), see here.

It would therefore appear perfectly feasible and within the framework of the existing EU law to impose more extensive duties to prevent the availability of copyright content on active hosting service providers, subject to a careful balancing of legitimate interests and rights. Active hosting providers with an in principle legal business model may in particular face specific filtering duties. Depending on the business model, such filtering duties may be extended. For example a borderline business model attracting infringements could face more general filtering duties.

  1. Result: A duty to prevent the availability of protected works is a necessary part of copyright liability law

CJEU and national case law show that reasonable duties of care for hosting service providers, including the duty to prevent the availability of copyright works, are an integral part of copyright liability already.  They have been applied for years without “breaking the internet”. But such “preventive” duties have to be applied with a differentiated approach:

–             Duties of Passive hosting providers should be assessed against Art 15 of the ECD, and in particular the prohibition against “general” monitoring.

–             Active hosting service providers fall under a stricter regime. But the scope of duties depends on the legitimate interests at stake. For some active role hosters specific monitoring will apply, but in other cases they must do more. One example would be services deploying a business model based on the unauthorized availability of copyrighted works uploaded by their users. In order to avoid copyright liability such services should take effective measures to prevent the availability of works on their services.

To make sure you do not miss out on posts from the Kluwer Copyright Blog, please subscribe to the blog here.


[1] German Federal Supreme Court (Bundesgerichtshof – BGH) of 15 August 2013, I ZR 79/12, para. 56 – File-Hosting-Dienst II; BGH, I ZR 85/12 , para. 61 – File-Hosting-Dienst III; Court of Appeal of Hamburg of 1 July 2015 2015, 5 U 87/12, juris para. 547; see further Jan Bernd Nordemann in Fromm/Nordemann, Urheberrecht Kommentar (Commentary to the German Copyright Act), 11th Edition 2014, Article 97 German Copyright Act, note 163a. Same opinion in Italy: Court of Rome, Verdict no. 8437/16.

[2] German Federal Supreme Court (Bundesgerichtshof – BGH) GRUR 1030 para. 46 (2013) – File-Hosting-Dienst I; German Federal Supreme Court (Bundesgerichtshof – BGH) GRUR 370 para. 29 (2013) – Alone in the Dark; see for a detailed analysis of the BGH case law Jan Bernd Nordemann 59 (no. 4) Journal Copyright Society of the USA (2012) 773 at 778 et sec.; Jan Bernd Nordemann Liability for Copyright Infringements on the Internet: Hostproviders (Content Providers) – The German Approach, 2 (2011) JIPITEC 37.

[3] Same opinion Ohly, The broad concept of “communication to the public” in recent CJEU judgments and the liability of intermediaries: primary, secondary or unitary liability? GRUR Int. 2018, 517; Jan Bernd Nordemann, EuGH-Urteile GS Media, Filmspeler und ThePirateBay: Ein neues europäisches Haftungskonzept im Urheberrecht für die öffentliche Wiedergabe, GRUR Int. 2018, 527 et seq; Jan Bernd Nordemann, Recent CJEU case law on communication to the public and its application in Germany: A new EU concept of liability, to be published in JIPLP 2018).