The creative industries argue that piracy costs the industry £400m a year in lost revenue. However, attempts to introduce a legal framework to reduce online copyright infringement (‘OCI’) have been highly controversial and governments are struggling to find the right balance between, on the one hand, the intellectual property rights of content owners and on the other hand, both the rights of ISPs to freely operate their businesses and the fundamental rights of individuals. In June of this year, after some setbacks, OFCOM published its draft code governing the obligations imposed on ISPs under the UK Digital Economy Act, which means the UK framework for dealing with OCI will finally be set in motion. This article focuses on some of the problems which have arisen in Europe and outlines the current framework for dealing with OCI in France, Spain and the UK.


In 2000 the European E-Commerce Directive established the principle of “notice and take down” procedures, giving ISPs immunity from liability except where they have been notified of infringement and do not promptly take down the content. The following year, the Information Society Directive came into force, which provided that member states must ensure that rights holders can apply for an injunction against internet intermediaries whose services are used by a third party to infringe a copyright. The IP Enforcement Directive also requires member states to ensure that measures necessary for the enforcement of intellectual property rights shall not be unnecessarily complicated or costly. The directives had to be implemented through national legislation and this has led to inconsistencies in the national legislation of member states. This is particularly problematic for large ISPs operating in several jurisdictions.


In 2006, France transposed into national law the Information Society Directive. The French law, called the “DADVSI” in French, crystallized debates regarding the appropriate measures that should be taken to limit OCI. A number of French parliamentarians argued that the individual downloading of copyrighted content for private purposes should be covered by a compulsory licence for private copying and not considered as infringement. In France, copyright owners already receive remuneration from blank tape levies, and those levies have been extended to apply to blank CDs and other forms of computer memory. Consequently some argued that individual file sharing should be considered a form of private copying, covered by an exception to copyright and remunerated via the private copy levy. Individual lawsuits against Internet users for file sharing in France were in some cases unsuccessful because judges balked at applying harsh infringement sanctions to teenagers who download music for personal usage. It became clear that French copyright law was illadapted to the problem of OCI, in part because France’s penalties for copyright infringement were so severe.

Ultimately, the DADVSI did not create compulsory licencing for private downloading. Instead, the law contained a provision stating that individual peer-topeer downloads would no longer be considered a crime under French copyright law, but would be considered only a misdemeanour subject only to a low-level fine equivalent to a parking ticket. France’s Constitutional Court held that this lightened sanction regime was unconstitutional because it created two different kinds of punishment for an act of copyright infringement depending solely of the technology used to commit the infringement. The court found that this difference in sanctions violated the constitutional principle of equality of punishment for the same offence. The DADVSI also created a new duty of care for Internet subscribers to take reasonable measures to ensure that their Internet access is not used for infringement. But this duty of care was not accompanied by any sanction and remained a dead letter in practice. Finally, the DADVSI permitted courts to prohibit the distribution of software that is principally used for infringement.

The DADVSI created a new regulatory authority, then called the “ARMT,” to regulate questions linked to interoperability of technical protection measures. The ARMT was supposed to strike a balance between copyright and freedom of expression by ensuring that technical protection measures do not frustrate legitimate uses of the protected work, or prevent interoperability. However, the ARMT was not given any rulemaking authority. The ARMT was to intervene solely in individual cases, either as a mediator or as an arbitrator to order access to interoperability information in appropriate cases. The ARMT was inactive, in part because music labels did not end up making extensive use of anti-copy measures on CDs. The ARMT survived, however, and ultimately became the French regulatory authority today known as the “HADOPI.”

Following adoption of the DADVSI, the French President urged right holders, ISPs and several large hosting platforms to sign a charter pursuant to which right holders undertook to make more content available for legal online offers, ISPs and other Internet platforms agreed to implement graduated response and to experiment with filtering, and the government agreed to put into place a legal framework that would support both the development of legal offers and the implementation of a graduated response regime. After signature of the Elysée Agreement, neither right holders nor ISPs took action, and waited for the government to take the first step by putting into place the promised new legal framework for graduated response. The government then proposed the controversial HADOPI law, which would introduce the graduated response regime in France, a regime that could ultimately lead to the temporary suspension of Internet access for repeat infringers.

The first version of the HADOPI law was adopted by both houses of French Parliament, but invalidated in part by the French Constitutional Court. The first version of the law had given the HADOPI administrative agency the power to order the suspension of Internet access for certain repeat infringers after a procedure in which the suspected infringer could present his or her defence. The Constitutional Court found that the suspension of Internet access constituted a serious restriction on freedom of expression and that such a serious measure should only be ordered by a judicial authority, and not by an administrative agency. After invalidation of this portion of the HADOPI law, the government introduced an amended version that provided for an expedited procedure pursuant to which a court would make the ultimate decision as to whether to suspend Internet access for repeat infringers. It is this version of the law that is in effect today.

Under the HADOPI graduated response regime, right holder organizations collect IP addresses of suspected infringers using peer-to-peer networks. The evidence is then transmitted to the HADOPI regulatory authority, who then obtains from Internet access providers the names of the subscribers corresponding to the IP addresses. The HADOPI then sends an initial e-mail to the relevant subscribers informing them of their duty to ensure that their Internet access is not used for infringing purposes, and reminding the subscriber of the existence of legal online offers. To date, the HADOPI has sent out approximately 1,000,000 first warnings. Repeat infringers then receive a registered letter from the HADOPI stating that the subscriber has been identified again as the source of infringing content, and that if the conduct does not cease the HADOPI may transmit the file to the public prosecutor for sanctions, which may include suspension of Internet access. To date approximately 100,000 registered letters of this type have been sent. For subscribers that continue to show evidence of infringing activity, the HADOPI then selects a relatively small number of files and asks the relevant subscriber to participate in a hearing and present his views. The HADOPI then sends certain files to the public prosecutor who can then seek an order from a judge to interrupt the subscriber’s Internet access. As of the date of publication, no court has ordered the suspension of any Internet access, and the HADOPI’s chairperson has indicated that slightly less than 300 files are being reviewed for possible transmission to the public prosecutor.

Since the date it was created, the HADOPI has been subject to vocal criticism, particularly from advocates of Internet freedom. A number of influential members of the French socialist party criticized the HADOPI as being a waste of money, an invasion of fundamental rights and ineffective. As a result of the recent election of the socialist François Hollande as President of France, and the new socialist majority in Parliament, the future of the HADOPI regulatory authority and of the French graduated response regime is uncertain.


In the Government’s Review of Intellectual Property in the UK in December 2006 (the Gowers Review) Mr Gowers reported that UK legislation, in particular s97A of the UK Copyright, Designs and Patents Act 1988, was not providing rights holders with sufficient protection against OCI (in particular illegal file-sharing). Under s97A, the High Court has the power to grant an injunction against a service provider, where that service provider has actual knowledge of another person using their service to infringe copyright. Gowers recognised that rights holders and ISPs disagreed over the interpretation and effect of s97A and it was completely untested since 2003. Consequently, in February 2008, the government said it would consult on legislation that would require ISPs and rights holders to co-operate in taking action on OCI, with a view to implementing legislation by April 2009. In July 2008 the UK’s six largest ISPs signed a memorandum of understanding with industry representatives and government under which they committed to working towards a significant reduction in illegal file-sharing. Ultimately, however, the memorandum of understanding failed as rights holders and the ISPs could not agree how the costs of any measures to reduce OCI should be borne.

Consequently, the government was forced to legislate in this area and the relevant provisions were enacted in the UK Digital Economy Act 2010 (‘DEA’). Throughout the DEA’s passage throughout Parliament, the provisions relating to OCI caused widespread controversy and were heavily amended at each stage.

To deal with OCI, the DEA foresees two phases of regulation. The first phase consists of a mechanism pursuant to which right holders would detect the IP addresses of suspected online infringers and forward these IP addresses to the relevant ISPs. The ISPs would then send warning notices to the suspected infringers. The ISPs would also be required to provide to right holders an anonymous list of subscribers for whom the ISP had previously received a large number of infringement notices from the right holders. This anonymous list would permit right holders to go to court in order to request the name of the relevant subscribers for the purpose of bringing individual copyright infringement actions. The second phase of regulation consists of technical measures that ISPs may be required to implement in order to limit OCI. These technical measures may include the limitation of Internet access for certain subscribers, a measure similar to the French graduated response regime.

Both phases are contingent on the adoption of detailed implementing rules by OFCOM. The DEA provides either that the detailed rules would be developed in the form of a code of conduct by industry stakeholders, a code which would then be approved by OFCOM, or in the absence of agreement by industry stakeholders, that the code would be adopted directly by OFCOM. Shortly after adoption of the DEA, OFCOM launched a public consultation regarding the draft code of practice that OFCOM intended to adopt. In the meantime, two ISPs challenged the DEA before the High Court of England on the grounds that the DEA violated several European directives and also constituted a disproportionate restriction on the fundamental rights of Internet users. The High Court validated virtually all provisions of the DEA. After the High Court’s decision, the two UK ISPs lodged an appeal before the Court of Appeal. On March 6, 2012, the Court of Appeal upheld the initial decision of the High Court . Consequently it is now possible for OFCOM to adopt the initial code of obligations that would permit the first phase of the DEA to go into operation. OFCOM issued a new draft of these regulations on 26 June 2012 for public consultation. OFCOM proposes that the costs of the ISPs and OFCOM should be split 75:25 between the copyright owners and the ISPs. There is likely to be considerable debate over this proposal.

Twelve months after the initial obligations code comes into force (which is now expected to happen in 2014), OFCOM must prepare a report for the Secretary of State containing a detailed assessment as to whether the initial phase consisting of the sending of notices to subscribers has resulted in a decrease in OCI. The Secretary of State can then instruct OFCOM to conduct further assessment, including industry consultation, as to whether additional technical measures should be imposed on ISPs in order to limit the OCI. OFCOM must then prepare a report for the Secretary of State assessing the effect of various technical measures. Based on that report the Secretary of State may make an order that ISPs implement those technical measures. However, the Secretary of State’s order would first have to be approved by both Houses of Parliament.

In addition to granting the Secretary of State the power to impose technical measures on ISPs, the DEA empowers the Secretary of State to adopt regulations regarding court injunctions requiring service providers to block access to sites for the purpose of preventing OCI. The service providers that could be affected by injunctions of this type would include publishers of websites, hosting providers, and providers of other online services. This was the most controversial aspect of the OCI provisions and was heavily watered down during its passage through Parliament. In its final form, industry must be consulted and, as with the order to impose technical measures, the Secretary of State must gain approval by both Houses of Parliament within a 60 day “super-affirmative” window. Given that Ofcom has undertaken a review of the way in which the legislation relating to blocking injunctions might work and has concluded that it is likely to be ineffective, in particular as s97A of the UK Copyright, Designs and Patents Act already provides copyright owners with a remedy, which has now been tested by rights holders with success, it seems unlikely that the Secretary of State will ever adopt any site-blocking regulations.


On 31 December 2011, the Spanish Official Gazette published the Royal Decree 1889/2011 which develops the functions of the Spanish Copyright Commission (“SCC”) and implements the notice and takedown procedure for the protection of copyright on the Internet that was approved by the controversial Spanish “Sinde Act”. The SCC was created within the Culture Ministry as a national agency for the defence of copyright. It was originally assigned with arbitration and mediation functions. However its role was enhanced in March 2011 by the controversial anti-Internet piracy “Sinde Act”, which provided for a new notice and takedown procedure for the removal of copyright infringing content from the Internet and created a new division of the SCC (“Section Two”) in charge of dealing with such procedure. However, in practice, the operation of this new Section Two of the SCC and the possibility of using the notice and takedown mechanism, was not in force until 29 February 2012.

Any online content and service provider may be affected by the new notice and takedown procedure. This includes those providing communication infrastructure and services (e.g. operators giving access to the Internet or providing mere hosting or housing services, etc.), to those allowing third parties to upload content such as social networks, blogs or marketplaces, and other service providers such as the ones providing links to third parties’ content. Any individual or company engaged in the provision of Internet services may be required to suspend the connection to illicit content or take down content that has been uploaded by third parties. The notice and takedown procedure is applicable against alleged copyright infringing activities which fulfil the following two cumulative requirements:

  1. they are carried out with a profit-making motive, or cause (or are capable of causing) a patrimonial damage (i.e. financial loss)
  2. they constitute “information society services”, as this concept is used by the Spanish E-commerce Act implementing the E-commerce Directive.

Generally speaking these include most of the activities carried out by online content and service providers. The only exceptions are the providers of the so-called “intermediary services” which, under the Spanish E-commerce Act include Internet access, caching, hosting and the provision of links and search tools. Although the intermediary services providers are not the target of the notice and takedown procedure - as generally speaking, they are not liable for the copyright infringement - they may be asked to cooperate with the SCC by providing information about the alleged infringer and/or suspending access to the information society services which breach copyright.

Under the scheme, in order to report the infringement, the copyright holder must fill in an application and submit it to the SCC. The application must provide the identification of the affected copyrighted works, a description of the alleged infringement and evidence of the existence of the copyright, of the existence of the breach and of the damage or potential damage that is caused. Moreover, the copyright holder must provide any information it has regarding the relevant ISP and the intermediary service providers used by it. The SCC will then notify the relevant intermediary services providers about the initiation of the procedure on the basis of their condition as a party interested in it and to facilitate future cooperation in the identification of the alleged infringer or the removal of the illicit content. The SCC will then proceed to identify the individual or entity responsible for the alleged infringement. If the SCC is not capable of identifying the responsible party (e.g. there is not enough information available about the ISP) it will immediately refer to the Courts (in this case, the Administrative Courts) and ask them for a Court order asking the relevant intermediary services provider to provide the SCC with any data it has that may help with the identification of the relevant ISP. The intermediary services provider must fulfil the order within 48 hours.

Once the provider for the content has been identified, the SCC will notify the initiation of the notice and takedown procedure to the online content and service provider and to the relevant provider of the intermediary services. The online content and service provider has 48 hours to voluntarily remove the illicit content or activity or provide evidence in defence of the content or activity that is deemed to be illicit. If it voluntarily removes the content, the SCC will terminate the procedure and notify the interested parties (in principle, the copyright holder and the intermediary services providers). If after 48 hours the online content and service provider has not voluntary removed the illicit content or activity, the SSC will have two days to assess all the evidence and notify its result to the interested parties together with a proposal. Such interested parties will have five days to file its conclusions regarding the resolution of the SSC.

Once the five day conclusion period has elapsed, the SSC will have three days to issue a reasoned and justified final resolution. This resolution will confirm the existence or the absence of copyright infringement. If copyright infringement is confirmed the SSC will order the online content and service provider to remove the illicit content or activity within a maximum period of 24 hours. The resolution will also be notified to the providers of the intermediary services and shall also state the suspension measures that must be implemented in order to stop the information society service through which the ISP infringes the copyright, in case a positive decision from the Courts is issued.

If, once the order of the SSC is made, the illicit content or activities are not removed within 24 hours the SSC will immediately address the competent Administrative Court and ask it to issue a Court decision that confirms or rejects the implementation of the measures proposed by the SSC in the above resolution. If the Court authorizes such measures, the Court decision shall be notified to all the interested parties and the intermediary services provider will have to implement the suspension measures proposed by the SSC within 72 hours after receipt of the notification of the Court decision, provided that the online content and service provider has not removed the illicit content or activity itself. The suspension measures applied by the intermediary services provider shall be removed if the ISP proves that the illicit activity has terminated or, in any case, one year after their implementation.

The implementation of this notice and takedown procedure has drawn some criticism in Spain. One of the most controversial aspects relates to the consequences of the voluntary removal of the illicit content or activity by the online content and service provider. According to the law, such voluntary removal is regarded as an implicit recognition of the copyright infringement by the provider. The notice and takedown procedure is compatible with civil, criminal and administrative actions that may be filed by the copyright holders against the relevant provider. In this scenario, there is a risk that the implicit recognition of the copyright infringement that comes with the voluntary removal of the content, may be used as a base for claiming damages against the provider.

A controversial aspect of the Spanish notice and take down procedure was the application of the notice and takedown procedure to websites providing access to illegal content hosted by third parties. There was a strong debate in Spain on whether these websites were mere intermediaries - as they do not host the illegal content themselves - or true ISP content and service providers directly subject to the notice and takedown procedure. However, in its first decision issued by the SSC in June 2012 (case AGEDI vs., the SSC has clarified that such links providers (in this case bajui. com) are mere intermediaries and, thus, not directly regarded as copyright infringers. In any case, as intermediaries, they must supress the access to the illegal content following the order of the SSC.


There are multiple European directives governing this area, which have all been implemented differently by member states. This has led to quite different approaches to dealing with OCI at national level. In France, the UK and Spain a regulatory authority has been entrusted with responsibility for ensuring that OCI is reduced under a regulatory framework without infringing fundamental rights. However, the obligations on ISPs, and intermediary service providers, to assist and co-operate in the reduction of OCI varies throughout Europe and remains the subject of much criticism and debate, which has stalled and delayed the progress in this area. Sadly, it will be several years before the success of these models will be seen, by which time a pan-European proposal will almost certainly be on the table from the Commission.