The CJEU has confirmed the AG's Opinion, in McFadden v Sony Music Entertainment Germany (C-484/14), that operators of a free Wi-Fi service, who offer that service to the public, are not liable for copyright infringements committed by users of that network. However, such an operator may be required to password-protect its network in order to bring an end to, or prevent, such infringements.

The CJEU held that making a WiFi network available to the public free of charge in order to draw attention of potential customers to the goods and services of a shop constitutes an "information society service" under the Electronic Commerce Directive (2000/31/EC). The Directive exempts intermediate providers of "mere conduit" services from liability for unlawful acts committed by a third party where three cumulative conditions are satisfied: (i) the provider of the mere conduit service did not initiate the transmission; (ii) did not select the recipient of the transmission; and (iii) did not select or modify the information contained in the transmission. The CJEU confirmed that where the above three conditions are satisfied, a service provider, such as the operator of a shop, who provides access to a communication network, may not be held liable.

A copyright owner may, however, seek injunctive relief in a national court against such a provider to end, or prevent, any infringement. The CJEU held that a national court could impose an injunction requiring a provider to password-protect the internet connection in order to prevent copyright infringement by users, so long as users were required to reveal their identity in order to obtain the required password and could not, therefore, act anonymously. It is worth noting, however, that the Directive expressly rules out the adoption of a measure requiring a provider to monitor information transmitted via a network.