|Title:||Directive 2000/31/EC of the European Parliament and of the Council on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce)|
|Topic:||Regulation with regard to information society services, in particular electronic commerce; including the legal liability of intermediary service providers,|
|Direct / indirect relevance||Indirect. The text contains liability provisions for intermediary service providers which imply an obligation to implement appropriate RM/RA measures with regard to network/information security.|
|Scope:||Directly applicable to all EU Member States|
|Legal force:||EU Directive, requires transposition into national law|
|Affected sectors:||Most forms of information society services, although a number of subject field (e.g. activities of notaries public) and contract types (e.g. the transfer of property rights to real estate) are emphatically excluded from the scope of the Directive.|
|Relevant provision(s):||Article 3 – Internal market
1. Each Member State shall ensure that the information society services provided by a service provider established on its territory comply with the national provisions applicable in the Member State in question which fall within the coordinated field.
Section 4: Liability of intermediary service providers
Article 12 - "Mere conduit"
1. Where an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network, Member States shall ensure that the service provider is not liable for the information transmitted, on condition that the provider:
(a) does not initiate the transmission;
(b) does not select the receiver of the transmission; and
(c) does not select or modify the information contained in the transmission.
2. The acts of transmission and of provision of access referred to in paragraph 1 include the automatic, intermediate and transient storage of the information transmitted in so far as this takes place for the sole purpose of carrying out the transmission in the communication network, and provided that the information is not stored for any period longer than is reasonably necessary for the transmission.
3. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States' legal systems, of requiring the service provider to terminate or prevent an infringement.
Article 13 - "Caching"
1. Where an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient the information's onward transmission to other recipients of the service upon their request, on condition that:
(a) the provider does not modify the information;
(b) the provider complies with conditions on access to the information;
(c) the provider complies with rules regarding the updating of the information, specified in a manner widely recognised and used by industry;
(d) the provider does not interfere with the lawful use of technology, widely recognised and used by industry, to obtain data on the use of the information; and
(e) the provider acts expeditiously to remove or to disable access to the information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court or an administrative authority has ordered such removal or disablement.
2. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States' legal systems, of requiring the service provider to terminate or prevent an infringement.
Article 14 – Hosting
1. Where an information society service is provided that consists of the storage of information provided by a recipient of the service, Member States shall ensure that the service provider is not liable for the information stored at the request of a recipient of the service, on condition that:
(a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or
(b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.
2. Paragraph 1 shall not apply when the recipient of the service is acting under the authority or the control of the provider.
3. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States' legal systems, of requiring the service provider to terminate or prevent an infringement, nor does it affect the possibility for Member States of establishing procedures governing the removal or disabling of access to information.
No general obligation to monitor
1. Member States shall not impose a general obligation on providers, when providing the services covered by Articles 12, 13 and 14, to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity.
2. Member States may establish obligations for information society service providers promptly to inform the competent public authorities of alleged illegal activities undertaken or information provided by recipients of their service or obligations to communicate to the competent authorities, at their request, information enabling the identification of recipients of their service with whom they have storage agreements.
|Relevance to RM/RA:||The cited provisions of the Directive are relevant to RM/RA, because:
• Jurisdictional competence of information society service providers is dominated by the country of origin principle, meaning that in principle competence is allocated to the jurisdiction in which the service provider is established. This means that information society service providers can shield themselves from a certain degree of harm by adequately assessing the risks following from this rule (and if warranted, to find a new establishment in a different legal regime).
• The Directive presents a specific set of rules for the liability (both civil and penal) of certain intermediary services providers. Briefly summarised, they are exempted from a general obligation to monitor the activities of their customer base, and will not be held liable for any unlawful activities occurring through their services, provided that they are not aware of them or of any specific facts which are indicative of them, and that the service provider acts promptly to halt the unlawful activity when its existence is signalled. Proper RM/RA implies that intermediary service providers must install adequate procedures for assessing claims of unlawful activities, and for putting a halt to them in compliance with local law. From a secondary perspective, they must also be able to assess if the signalled activity is indeed prima facie unlawful, which also implies that sufficient RM/RA policies are installed (to avoid liability for claims of customers whose services have