Everybody on the internet needs domain names. This also true for websites which run an illegal business model dedicated to copyright infringements. Such rogue websites are also called structurally copyright infringing websites. The German highest civil court Bundesgerichtshof (“BGH”) [German Federal Supreme Court] has now held that domain registrars have duties of care to disconnect domains used by structurally copyright infringing websites.
The BGH case was about h33t, a Torrent website comparable to The Pirate Bay. The domain name h33t.com was registered through a German domain registrar. A German record label, whose recordings were illegally available on h33t requested the disconnection of the domain name from the registrar. The registrar refused and the case ended before the BGH.
The decision is available here in the German original.
Main findings of the BGH
The BGH found in favour of a duty of care for the registrar to disconnect the domain, as long as the copyright infringing content remained available on h33t. The legal basis for this was found in the so-called “Stoererhaftung” [breach of duty of care]. In German copyright law, this legal doctrine is used to establish a duty of care in particular for (but not limited to) internet intermediaries. The legal consequences are limited to injunction claims. Against this background, “Stoererhaftung” is considered to function as the default German implementation of Article 8 (3) Directive 2001/29 on the harmonisation of certain aspects of copyright and related rights in the information society (“InfoSoc Directive”), which obliges EU member states to provide for injunction claims against intermediaries whose services are used to infringe a copyright or related right. Exceptionally for access providers, German law implements Article 8 (3) through § 7 (4) German Telemedia Act (“German TMG”; see J.B. Nordemann Gewerblicher Rechtsschutz und Urheberrecht (GRUR) 2021, 18, 19, with further references).
Registrars are not access providers: Due to the different implementation of Article 8 (3) InfoSoc Directive into German law for access providers, the BGH had to decide whether domain registrars qualify as access providers. The BGH decided against this. A registrar merely provides the administrative processing of a domain registration, as opposed to access to the internet (paras. 16, 17). Consequently, “Stoererhaftung” was the correct legal basis for injunction claims against a registrar, not § 7 (4) German TMG.
As the BGH did not see domain registrars as access providers, it was not possible to apply the liability privilege of Article 12 E-Commerce Directive 2001/31 (“E-Commerce Directive”) to domain registrars. While the opinion of the BGH seems to be correct, already in Germany there are other voices in favour of applying the liability privilege of Article 12 E-Commerce Directive to domain registrars (e.g., Oberverwaltungsgericht [Higher Administrative Court] Muenster, decision of January 26, 2010, 13b 760/09, available here), as is the case in other countries. Against this background, that the BGH did not refer the question to the CJEU pursuant to Article 267 TFEU seems a missed opportunity.
Same duties of care for registrars as for access providers: The BGH held that domain registrars make an adequate causal contribution to the copyright infringement at issue. Generally speaking, no user would go to a website on the internet by using the IP address (para. 19).
Nevertheless, regarding duties of care, the BGH put domain registrars into the same group as access providers (paras. 28 et seq.). The domain name system would have to be efficiently administered. In contrast to a hosting provider, the registrar would merely connect the domain and would not store the infringing content. The contractual link to the infringer would not justify more extensive duties of care than for access providers.
This does not seem entirely convincing. In particular, the direct (or indirect) contractual link between the registry and the infringer speaks in favour of more extensive duties of care, because the registry should bear the risk of choosing their contractual partner.
Subsidiarity requirement: One of the consequences of applying the same duties of care to domain registrars as those that apply for access providers is the so-called subsidiarity requirement (“Subsidiaritaetserfordernis”). In short, this means the following: the rightholder is required first to take legal action without success against the operator of the website that has directly infringed copyright law, before they can turn against the registrar. Additionally, it is also necessary to take action against those who have contributed to the infringements by that operation through the provision of services, such as hosting providers. This subsidiarity requirement involves at least an obligation to take all proportionate action. Only if such proportionate action is unsuccessful will the rightholder be able to invoke injunction claims against the domain registrar.
The subsidiarity requirement as set up by the German BGH for access providers and (now) domain registrars has not been followed by case law in other EU member states on Article 8 (3) InfoSoc Directive. The Austrian Federal Supreme Court (OGH) has explicitly rejected a subsidiarity requirement (Austrian Oberster Gerichtshof (OGH), decision of 24 October 2017, 4 OB 121/17y, para 6.3., available here). The British High Court (at the time still a court of an EU member state) has merely assessed criteria of efficiency (“comparative efficacy and burden of the alternative measures”), but not applied a subsidiarity rule (High Court of Justice London (Chancery Division), decision of 17 October 2014 –  EWHC 3354 (Ch) Cartier vs. British Sky, available here). It is also questionable if the German BGH is free to set its own criteria for the duties of care that found such injunction claims. The proportionality of holding such providers responsible seems to be grounded in the harmonized framework of Article 8 (3) InfoSoc Directive and not part of the conditions and modalities which are left to the national law of the member states pursuant to Recital 59 InfoSoc Directive (same opinion Ohly Juristische Zeitschrift (JZ) 2019, 251, 254; J.B. Nordemann Gewerblicher Rechtsschutz und Urheberrecht (GRUR) GRUR 2021, 18, 21). While the BGH did not refer the case to the CJEU, it would be good to have this issue clarified by the CJEU pursuant to Article 267 TFEU in the future.
No overblocking: The disconnection of a domain name will make the entire website unavailable for internet users using this domain name. Therefore, the same issue arises as for blocking measures taken by access providers against an entire website (like DNS blocks or IP address blocks). In these cases, as part of the proportionality assessment, it is necessary to exclude a disproportionate overblocking. In the decision, the BGH correctly reaches this conclusion on the basis of the necessary balancing of the fundamental rights involved (Article 17 (2) of the EU Charter for rightholders, Article 16 for the providers and Article 11 (1) for internet users). With regard to access providers, the BGH case law requires that the blocked content must be to a large extent illegal (“weit ueberwiegend illegal”, para. 34). Some legal content is not sufficient, as this would make it possible for the website to hide between a certain amount of legal content. The BGH did not explore this issue further with regard to domain registries.
As for the future shaping of this proportionality test, quantitative criteria (such as the requirement of 90% or more illegal content) may serve as an indication, but should not be decisive. Rather, a qualitative assessment should be crucial (same opinion: Austrian Oberster Gerichtshof (OGH), decision of 24 October 2017, 4 OB 121/17y, para 3.5., available here). If the website runs a business model dedicated to copyright infringement, this should be a strong factor. In general, illegal business models deserve no protection by the legal system. The Austrian OGH has raised the question whether legal information that is exclusively available on a website must be given greater weight than content that is also available on other sites on the Internet and thus cannot exclusively satisfy the user’s need for information (Austrian Oberster Gerichtshof (OGH), op cit., para 3.6.). But caution is needed, because such considerations could again make it easy for websites to hide behind limited legal content.
Requirements for prior notification: Generally speaking, duties of care for internet intermediaries under German “Stoererhaftung” only arise after notification. For a domain registrar it is necessary that the notification provides all the necessary knowledge to the domain registrar. This is (1) the copyright infringement committed on the website to be disconnected, (2) the nature of the website as structurally copyright infringing, running an illegal business model under copyright law which includes the need to avoid overblocking legal content, and (3) that the rightholder used proportionate means against the operator or the host provider of the website to end the infringement without success (subsidiarity requirement), (see para. 35).
In addition: Freezing of domains
The BGH only decided on a duty of care for domain registrars to disconnect domains of websites dedicated to copyright infringement (structurally copyright infringing websites). But a disconnection may not be enough. If the registrar disconnects and in parallel allows the transfer of the domain to another registrar, the operator of the structurally copyright infringing website may re-connect the domain with a new registrar and continue the illegal business model. Against this background, in another German case the District Court of Cologne and the Court of Appeal Cologne have allowed “freezing” orders against domain registrars. In addition to the duty to disconnect there is also a duty to ensure that the domain may not be registered by the infringing operator with other registrars (“freezing”; District Court Cologne, decision 5 December 2017, 14 O 125/16, available here, confirmed by Court of Appeal (OLG) Cologne, decision of 31 August 2018, 6 U 4/18, para. 73, available here). It is interesting that the Cologne Courts have argued that without such freezing the domain registrar that allows the transfer of the domain and thus enables the operator to continue the infringement would even be liable as an accessory.
The German BGH decision confirms that domain registrars have a duty of care to disconnect domains used by websites dedicated to copyright infringement. It is interesting that the BGH did not see domain registrars as access providers, but still applied the duties of care for access providers to them. This needs to be welcomed as a clarification of open legal issues not only in Germany. That said, it would have been good if the BGH had referred some of the open EU law questions to the CJEU. We will have to wait for another day for a final decision on Union law.