The decisions of the BGH (German Federal Court of Justice) in “YouTube II”, “uploaded II” and “uploaded III” have changed things, at least for hosting providers, in one key aspect: hosting providers can now be (indirectly) liable for the copyright infringements committed by their users, if those hosting providers violate duties of care. This post examines the new situation in detail and also attempts to ascertain whether such indirect liability may also apply to other areas.
Under German law, there are no special rules governing liability in cases of intellectual property rights infringements. Therefore, case law plays a huge role in ensuring the establishment of a fair and balanced liability regime, in particular as concerns the issue of (indirect) liability for internet service providers and other intermediaries whose services are used to commit copyright infringements. For years, the BGH has answered the question as to whether such intermediaries are (indirectly) liable as perpetrators or participants on the basis of principles of national German criminal law (Sections 25-27 of the German Criminal Code, StGB). The German BGH did allow a few civil law exceptions, in particular in relation to adopting content as one’s own or false legal appearance. The resulting conclusion in the BGH case law (e.g., in this case) was that – generally speaking – the only possible legal consequence for internet service providers was a the so-called principle of ‘Stoererhaftung’. This is not an indirect liability concept. ‘Stoererhaftung’ merely provides for a cease and desist and removal obligation where a reasonable duty was breached. Importantly, no claims for damages were possible. The situation was only different, according to the BGH, in the exceptional cases where providers intentionally collaborated with their customers to commit rights infringements. The BGH had previously worked on the basis that ‘Stoererhaftung’, as the implementation of Article 8(3) of the Copyright Directive (2001/29), had to be interpreted in line with the Directives but that perpetrator and participant liability, for example, did not. That has now changed. In its decisions in “YouTube II”, “uploaded II” and “uploaded III”, the BGH has now introduced (full) liability for hosting providers, as indirect infringers, into German law as an express deviation from the previous German principle of “Stoererhaftung’.
I. The new BGH liability model for hosting providers
The BGH decisions were based on different factual situations. “YouTube II” concerned the infringement of the right of communication to the public as per Article 3 of the Copyright Directive (2001/29) in relation to copyright and related rights in various music tracks. A user had uploaded the music tracks in question – together with image material – without consent to the internet platform YouTube. The plaintiff in “uploaded II” was a scientific publisher that held exclusive rights of making available to the public in medical books. Those rights were being infringed in Germany by users storing the books in question on servers provided by the file hosting and sharing service “uploaded” and publishing the download links online, on third-party websites – so-called link collections – such that the books were thus available to the public. The “uploaded III” case also concerned the infringement of rights of communication to the public via the aforementioned file hosting and sharing service. That case, however, concerned the related rights of the producer of certain music phonograms (Section 85 of the German Copyright Act, UrhG).
2. Referrals to and case law of the CJEU
The BGH considered the question of whether YouTube or uploaded were indirectly liable in the light of various CJEU decisions, such as “Brein v Ziggo” and “Brein v Wullems”. The BGH decided to refer a number of questions in this regard to the CJEU, which the CJEU then answered in its judgment of 22 June 2021 in “YouTube and Cyando”. As far as the indirect liability of platforms like YouTube and uploaded was concerned, the CJEU decided that such liability existed if (A) the platforms play an “indispensable role” in the communication of the rights infringements, which primarily boils down to a causality requirement, and (B) the platforms violated certain duties. Such duties include (1) the expeditious deletion or blocking of content that has been made available in a rights-infringing manner upon the platform operator becoming aware of specific infringements (2) the adoption of appropriate technical measures to credibly and effectively counter infringements on the platform and (3) not knowingly promoting rights infringements, something which is strongly suggested if an operator chooses a business model that encourages users to commit rights infringements.
3. The BGH decisions
a) A new system of duties of care
As seen above, the CJEU takes its liability model for parties indirectly responsible for a copyright infringement from an interpretation of the fully harmonised right of communication to the public as per Article 3 of the Copyright Directive (2001/29). Even though the CJEU has thus overcome the differentiation between use of exploitation rights (primary liability) on the one hand and indirect or secondary liability rules on the other, one can convincingly argue that, in effect, a harmonisation of exploitation rights can only truly succeed if the liability rules are also harmonised alongside them.
In its three decisions, the German BGH initially found – based closely on the CJEU decision – that the platform operators did perform an act of communication to the public because they played an “indispensable role” and had breached certain duties. As the CJEU had already confirmed the “indispensable role” of the platforms, the BGH concentrated on the aspect of intent behind the actions of YouTube and uploaded in the different cases. In this context, as established by the CJEU in its referral decision, actions can be deemed intentional if certain duties are breached, wilfully or even just negligently. As the wilful or negligent violation of duties constitutes an act of communication to the public (as indirect perpetrator), such obligations under German law (and also in other jurisdictions) are comparable with duties of care. For a long time, German general civil law has recognized liability for breaches of duties of care in particular for indirect contributors to a tort where they have opened up a source of risk. But the German BGH had always refused to apply this liability concept to copyright infringements. Ultimately, in its implementation of the CJEU decision, the BGH therefore introduced into German law a copyright system of liability for the breach of duties of care that it had previously consistently rejected.
b) Obligation following specific notification: Take down, stay down and preventive measures
A duty to act on the part of the hosting provider arises upon receipt of a notification from the rightholder that some protected content is being illegally made available to the public via that provider’s platform. The hosting provider must then expeditiously take the measures necessary – deletion or blocking – to make that content inaccessible. As far as the notification of the specific rights infringement is concerned, the BGH adds more detail to the CJEU decision in that the BGH requires that the notification must be of a “clear” rights infringement. The notification must include sufficient precise information that the recipient can easily identify the rights infringement without having to conduct a detailed legal examination.
According to the BGH, the receipt of such a notification about a clear rights infringement by a platform operator gives rise to a duty of care on the part of that platform operator in two respects (or three, depending on how one counts them).
- To prevent access to the specific file identified by the rightholder through blocking or deletion (take down) plus prevention of the upload of identical files (stay down);
- To prevent further similar rights infringements from being committed in the future (including by other uploaders).
This obligation covers both existing and future rights infringements of a similar type, regardless of whether they are committed by the same user or by another user or users. An infringement is deemed similar if it involves the same work (or same protected performance) and the infringement is identical at its core or at least a risk of first offence exists. The “stay down” obligations are thus extensive, going beyond, for example, what the US DMCA requires of platform operators.
At the same time, the BGH is rightly relatively strict with platform operators that have been notified of clear rights infringements. As the requirement is for platform operators to act expeditiously in meeting their obligations, it is not acceptable for rights-infringing content to remain available two days after receipt of a notification.
c) Obligation to counter copyright infringements credibly and effectively
Another duty can also arise if the platform operator ought at least to know that, in a general sense, users are making copyright protected content available to the public via its platform. In such cases, the platform operator must put in place technological measures that can be expected from a reasonably diligent operator in its situation in order to counter credibly and effectively copyright infringements on that platform. In this context, the requirement is that the platform operator has knowledge, not of specific rights infringements, but only of the fact that infringements take place on its platform.
In practice this will normally be the case with platforms that store third-party content in large volumes, hence one can generally work on that presumption. The obligation that arises in this context cannot be met merely through reactive measures such as report buttons, abuse forms or advanced take down tools for sending specific notifications to the platform operator. Instead, the platform operator must, according to the convincing German BGH case law on this point, also take proactive steps. The BGH did not answer the question as to whether filter systems – such as YouTube Content ID – suffice or not. In my view, filters should certainly be deemed insufficient if they are only able to recognise identical files (as is the case with, for example, hash filters).
d) Duty not to promote the rights-infringing conduct of users
According to the BGH, platforms have an additional obligation not knowingly to promote any rights-infringing conduct on the part of their users. One indication that such promotion is taking place may be that the operator in question has adopted a financial model that encourages users of its platform illegally to communicate protected content to the public via that platform. In relation to uploaded, the BGH concluded that the financial model adopted was based on the availability of illegal content and was designed to encourage its users to share such content via the platform. In particular, the price and remuneration system used considerably increased the risk of rights-infringing use of the service. Moreover, the BGH found that 90% to 96% of the total volume of files available on uploaded constituted rights-infringing content.
II. The end of ‘Stoererhaftung’ for other types of provider too?
It now seems likely that other types of provider will in future, like hosting providers, be indirectly liable where they breach duties of care, if they play an “indispensable role” within the meaning of the CJEU case law.
This applies firstly for link posters, to the extent they are deemed intermediaries, because according to the case law of the CJEU, the posting of links constitutes an act of communication to the public and thus link posters clearly play an indispensable role. In such a case, certain duties already apply, according to the CJEU in “GS Media v Sanoma”, if the poster of the link knew or ought to have known that the link led to copyright-infringing content.
Domain providers (registrars, registries) would also likely be deemed to play an “indispensable role”. A domain name is very important for the accessibility of the (rights-infringing) content of a website, since it is hardly likely that any users will instead access the website directly using the IP address. As far as domain providers are concerned, however, corresponding duties of care need to be developed, especially at an EU law level. The German BGH has already established duties for registrars in its decision in “Stoererhaftung des Registrars”. However, some of these duties seem to be particulariy strict. That is true in particular for the subsidiarity principle (which would view the registrar as the last resort, so that duties of care e.g., to disconnect a domain name only exist if alternative remedies against the direct infringer and other participants closer to the infringement have been exhausted); see here for a comment on the BGH decision “Stoererhaftung des Registrars”.
In the case of access providers, one must also ask whether they play an “indispensable role” in the infringement being made available. In this context, it must firstly be noted that they play a passive role that amounts merely to the provision of infrastructure. According to the CJEU judgment in “YouTube and Cyando”, however, it must also be taken into account that the CJEU does not require an active role to conclude that an indispensable role exists, rather it only requires a causal contribution or even merely an act which promotes the infringement.
III. Outlook and other open questions
With its decisions in “YouTube II”, “uploaded II” and “uploaded III” the BGH has made one important change, at least for hosting providers: hosting providers can now be indirectly liable for the copyright infringements committed by their users, if those hosting providers violate duties of care.
Another open question is whether the indirect (but full) liability of platforms is limited to communication to the public under Article 3 of the Copyright Directive (2001/29). For instance, it is unclear whether the new BGH case law, with its abandonment of Stoererhaftung and the platform obligations described above, also applies to platforms, like eBay, on which third parties distribute copyright infringements. An argument in favour of such obligations also applying in that way would be that there is a need for a “level playing field” at a pan-European level for the right of distribution as per Article 4 of the Copyright Directive (2001/29) to prevent differing national liability models applying in the case of EU cross-border platform activities.
Another question is: Will the indirect liability model for indirect infringers also be applied to the infringement of other intellectual property rights, in particular on the internet? This question has not yet been answered by the CJEU. However, the CJEU mentioned in “Coty/Amazon” the first sentence of Article 11 and Article 13(1) of the Enforcement Directive (2004/48) as being relevant, and specifically the term infringer, which can also include indirect infringers. There seem to be compelling arguments for also applying the CJEU and BGH liability model to trademark infringements and to move on from “Stoererhaftung” in Germany in this respect too.
The authors published a longer version of this post in the German Journal of Copyright and Media Law (ZUM), 2022, pages 806-816). The short form was prepared with the help of Elisabeth Eckhold (legal trainee, NORDEMANN) and the English translation by Adam Ailsby, Belfast (www.ailsby.com).