In a recent ruling, the Court of Justice of the European Union (CJEU) provided further guidance on the liability of a commercial establishment for copyright infringement committed by their customers via a free Wi-Fi network - Case C-484/14 (McFadden).

Facts of the case: The ‘Free Wi-Fi Network’

The defendant is a shop owner who operated an anonymous wireless local area network for its customers free of charge. One of the defendant's customers uploaded a song via a file sharing portal on the Internet without the consent of the song's rights holder. The defendant offered access to the Wi-Fi network on an anonymous basis and thus cannot identify the customer who uploaded the song. The copyright holder claimed damages and cost compensation on the ground that the network was used by third parties to infringe his rights.

In this context, the CJEU dealt with several questions that the Regional Court of Munich I referred for a preliminary ruling, including, in particular, whether the operator of a shop who offers a Wi-Fi network to the public free of charge is liable for copyright infringement committed by users of that network.

Changes in case law

Prior to the judgment of the CJEU, it was not certain under which circumstances a commercial establishment, such as a shop or a hotel, may offer free Wi-Fi connection to their customers without taking the risk of being liable for copyright infringement committed by the Wi-Fi users. The main question was whether the service provider of a free Wi-Fi network can rely on the so called "mere-conduit" exception of the e-Commerce Directive. If so, it would be comparable to common Internet Service Providers. Furthermore, there was significant legal uncertainty whether the Wi-Fi provider has to monitor all traffic or has to block access to its network.

Considering those three main issues, the CJEU stated that commercial Wi-Fi operators fall under the scope of the "mere-conduit" exception of the e-Commerce Directive. Therefore, there is no general obligation on Wi-Fi operators to monitor the information that users transmit via a free Wi-Fi network. In consequence, the operator is not liable for damages due to copyright infringement as long as it only provides access to a network.

In this aspect, the judgment rules in favor of free Wi-Fi operators. However, there is a significant restriction and the operator is not entirely free from any liability. As any Internet service provider, it may still be required to establish measures that are capable of preventing users of its network from committing copyright infringement; otherwise, it may be subject to injunctive relief proceedings and cost reimbursement claims of the rights holders. The CJEU explicitly stated that the operator is required to secure its Internet connection by way of password protection and identifying its users before handing out the password.


The judgment has two sides. First, it is unlikely that offering free Wi-Fi networks will be without risks. On the one hand, it strengthens the rights of free Wi-Fi operators by confirming that commercial free Wi-Fi networks are generally not liable for any damages. On the other hand, the practical burden of avoiding the risk of injunctions is very high. The need for password protection and an identity check is somewhat contradictory to the idea of free and ubiquitous Internet connection.

It remains to be seen how the balance between the contradicting interests is struck in practice - in particular, how the Wi-Fi operators will confirm the user's identity. We will keep you informed of future developments as we monitor the further proceedings before the national court.