Partner Christiane Stuetzle, senior associate Patricia Ernst, and research assistant Susan Bischoff authored an article for Law360 covering how online content service providers must act to mitigate risks and avoid liability under the European Union’s Copyright Directive, created in an effort to strengthen the rights of copyright holders by making certain platforms that host user-uploaded content (UUC) liable for copyright infringements.
This article was first published on Law360 on May 14, 2021. It is also available as a download on our website. (Please note that Law360 may require a subscription to access this article.)
Until now, throughout the European Union, platforms hosting user-uploaded content have profited from the safe harbor privilege under the EU E-Commerce Directive, which has been shielding platforms from liability for copyright-infringing user uploads for more than 20 years.
This safe harbor privilege implies that online content service providers, or OCSSP, only need to remove copyright-infringing content upon notice to avoid liability for copyright infringement.
In an effort to strengthen the rights of copyright holders, the EU legislator recently decided, however, that certain platform providers will be on the hook for copyright infringements pertaining to user-uploaded content. The directive’s rationale is to close the so-called value gap, a term used to describe rights holders’ missing remuneration if their works are uploaded and shared online by users.
While rights holders have a remuneration claim against such users — though it is difficult to enforce and rarely valuable commercially — they did not have a claim against OCSSPs until now. The directive’s new liability overhauls this substantially: OCSSPs will be considered to commit copyright infringement by making illegal user-uploaded content available.
Liability means, among other things, that OCSSPs can be subject to substantial remuneration and damage claims. Companies need to be aware that this even applies if the OCSSP has properly instructed its users within its standard terms and conditions that upload of non-infringing content only is permitted.
Not all EU member states are supportive of the overhaul. In fact, the Polish government has even challenged the directive before the European Court of Justice. While there is a lot of debate on the details of Article 17, the new liability regime is just around the corner.
The directive requires implementations into national law by June 7. National implementations vary, both as regards timing, some will not meet the deadline, as well as the liability exemptions. Failure by an EU member state to transpose within the deadline will mean that the directive applies directly.
Therefore, it is high time companies had a plan of action to mitigate risks and avoid liability.
Who Is Affected and What Is the Exposure?
The new liability scheme is relevant to OCSSPs only, i.e., service providers, whose main purpose or at least one of the main purposes is to store and give the public access to a large amount of copyright-protected works or subject matters uploaded by its users, which the provider organizes and promotes for profit-making purposes.
For example, categorizing the content and using targeted promotion within would qualify as such organizing. This definition includes certain social media platforms.
For international companies, it is important to keep in mind that these new obligations will apply to any OCSSP hosting copyright-infringing user-uploaded content targeted at the European market regardless of whether its seat is situated within or outside the EU. An OCSSP headquartered in the U.S. but also doing business in Europe will therefore be subject to the new liability scheme.
Sanctions for the copyright infringement committed by an OCSSP will take the form of legal remedies and claims determined by the respective EU member state. For Germany for instance, such sanctions not only include cease-and-desist orders and a penalty in case of recurring infringement, but also information claims and claim for damages in the amount of a hypothetical license fee for the infringing use.
How to Avoid Liability
Under the new liability regime, OCSSPs will have to observe proactive obligations in order to avoid a direct liability for copyright-infringing user-uploaded content.
First and foremost, an OCSSP can avoid direct liability by obtaining a license for the third-party content uploaded by its user.
If no license has been secured, the OCSSP must be able to prove that it complied with the following three obligations:
- The OCCSP must make “best efforts” to obtain a license. The directive’s wording is less precise than some of the national draft implementations. Still, on this basis alone, it is likely that an OCSSP will be required to actively seek licenses from collective rights societies and large rights holders. License offers do not have to be accepted at any price, but a rejection implies that the OCSSP’s liability for an infringement of the relevant works as part of user-uploaded content remains — subject to the conditions described below.
- The OCSSP must make best efforts to block copyright-infringing content for which the rights holder has provided the relevant information. Rights holders can provide the OCSSP with information on works that they wish not to be included in user-uploaded content. In practice, OCSSPs will likely have to implement some sort of reference database fed with that information. Content to be uploaded by the OCSSP’s user will then have to be checked against the database. It is to be expected that OCSSPs will only be able to comply with this obligation by employing advanced filter technologies.
- Finally, the OCSSP must act expeditiously to disable access to or to remove content upon receiving a corresponding request from the rights holder. Subsequently, the OCSSP must block future attempts to upload this removed content, stay-down obligation, by suitable technical means. While the directive does not call such means “automated upload filter,” the majority of stakeholders qualifies this obligation as precisely that. This underlines the economical dimension of Article 17: There is no “one size fits all” filter technology and the directive leaves it open how much companies have to invest into filter technologies.
Adherence to these obligations by the OCSSP shall be determined in accordance with high industry standards of professional diligence and the principle of proportionality. This broad approach leaves EU member states with significant leeway when implementing the directive.
27 EU Member States, 27 Different Sets of Rules
As some of the member states’ implementations contain detailed specifications of the obligations imposed on OCSSPs, providers must consider the national approaches.
For companies operating internationally, it goes without saying that adhering to 27 different national compliance concepts will not be feasible. Instead, they will likely require a compliance concept that aligns with the strictest national set of rules or with their main market.
As one of the most economically relevant markets within the EU, the German implementation draft of the directive, the German Draft Act, is therefore one of the implementations that OCSSPs should closely monitor when developing their risk strategy.
The German Draft Act at a Glance
With regard to licensing best efforts, the German Draft Act adds the additional requirement that OCSSPs must accept licenses available through a collecting management organization or a dependent collecting body established in Germany, as well as individually offered licenses by rights holders, provided that the licenses:
- Concern content that the OCSSP typically makes available in more than minor quantities, e.g., audio-visual content, music;
- Cover a considerable repertoire of works and rights holders as well as the German territory; and
- Allow for use under reasonable terms and conditions, including a reasonable remuneration.
In addition, the OCSSP has to proactively seek licenses from rights holders known to the OCSSP from prior business relationships or other circumstances. The German Draft Act does not stop here though. It also includes a direct compensation claim of authors and performers against the OCSSP to be asserted by collecting societies only.
This even applies where the OCSSP obtains the license from a rights holder such as a record label or a publisher. Even though the OCSSP has not entered into a contract with the author in that case, the author can claim appropriate remuneration from the OCSSP via its collecting society. Business insiders expect that the validity of such double payments will be among the first questions to be presented to the courts.
As regards the obligation to make best efforts to block pre-notified content, the German Draft Act provides for a nuanced procedure.
The user must be given the opportunity to flag the content as statutorily (parody, quote, etc.) or contractually permitted use. In addition, the German Draft Act introduces a new statutory copyright exemption for minor uses — up to 15 seconds of video, 160 characters of text or 125 kilobytes of graphic — against a statutory license fee that the OCSSP has to pay.
This approach is remarkable for a number of reasons. At present, fundamental copyright exemptions such as the right of parody, under German law, do not require extra payment. That principle stays valid — except for uses of parody on OCSSPs. Further, the minor use exemption is a provision by the German legislator without basis in the Copyright Directive and the Information Society Directive.
The European Court of Justice had only recently determined in its “Metal on Metal” decision that copyright exemptions were to be conclusively determined by the Information Society Directive. It remains to be seen if the German legislator’s current inconsistent and much criticized approach will make it into the final implementation.
Another German specificity is the “red buzzer” — a term that until recently was more likely to be associated with gaming shows than with the law. If content is flagged by the user or qualifies as minor use, the OCSSP must upload the content and inform the rights holder.
The rights holder may file a complaint with the OCSSP, starting a maximum one-week-long decision process. In such a case, trustworthy rights holders can make use of the red buzzer procedure, with the German Draft Act lacking a definition for “trustworthy.”
Once the red buzzer is pushed, the OCSSP is then required to immediately block the content until the conclusion of the complaints procedure. In theory, this may sound appealing to rights holders — especially for live broadcasts or content premieres since a few days of illegal exploitation can have a huge commercial impact.
In practice, the hurdle of the red buzzer is that the decision to use it needs to be made by a natural person, not an algorithm. That means rights holders need to staff up in order to benefit from the red buzzer.
If no red buzzer procedure applies, content will stay online until the complaint procedure’s conclusion.
Where content neither is flagged nor qualifies as minor use, the OCSSP must block the content and inform the user, which in turn may file a complaint with the OCSSP.
If works in user-uploaded content do not match any blocking requests, the content will be uploaded.
The EU Commission announced that it would publish guidelines on the interpretation and implementation of Article 17. Yet, with less than a month to go before the deadline, these guidelines are still in the making.
Since the directive will become directly applicable upon expiry of the implementation deadline, OCSSPs are well advised to have a strategy in place.
Regardless of national nuances, it seems very likely that the use of advanced, or filter, technologies to meet the stay-down requirements will be common requirement across the EU. Depending on the business model of the respective OCSSP, in an ideal scenario, such filter technology already exists and could be licensed from a vendor. Some companies already offer filter solutions for music for instance. In other instances, there may be a need to develop tailor-made filter technology.
With regard to licensing best efforts, it makes sense for OCSSPs to prioritize the most relevant and most frequently used categories or even rights catalogs and actively approach these rights holders first as to secure licenses or, at least, evidence best efforts.
 Article 14 DIRECTIVE 2000/31/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL – of June 8, 2000 – on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (europa.eu).
 Under the nuanced and well-established case-law of the European Court of Justice (“ECJ”), the Safe Harbor privilege of the E-Commerce-Directive (see footnote 1) implies a neutral position of the host provider. This requires that the platform confines itself to providing its service neutrally and passively by a merely technical and automatic processing of the data provided by its customers (Case C-324/09, Judgment July 12, 2011, point 113; Joint Cases C-236/08 to C-238/08, Judgment March 23, 2010, point 114). Where a service provider plays an active role, e.g., by optimizing or promoting user content (Case C-324/09, point 116), it has presumed knowledge of or control over unlawful content stored and does thus not profit from the Safe Harbor protection.
 Article 17 of the EU Copyright Directive. DIRECTIVE (EU) 2019/ 790 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL — of April 17, 2019 — on copyright and related rights in the Digital Single Market and amending Directives 96/ 9/ EC and 2001/ 29/ EC (europa.eu).
 Action brought on May 24, 2019, Case C-401/19. The opinion of the Advocate General that precedes each decision of the ECJ is scheduled for July 15, 2021.
 An English language version of the latest draft “Act on the Copyright Liability of Online Sharing Content Service Providers” can be found here. The draft is currently discussed in the relevant committees of the Parliament.
 Case C-476/17, Judgment July 29, 2019.
 The directive requires the European Commission to issue a guidance on the understanding of the directive’s provisions, including best practices for its implementation by the member states. The guidance shall be based on a stakeholder dialogue process. Accordingly, the Commission held several stakeholder dialogue meetings between October 2019 and February 2020 (further information on the meetings can be found here) and called for written statements of the stakeholders.