Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce)
Made under
Articles 47(2), 55 and 95
History
Entry into force
8 June 2000
Current legislation
The Electronic Commerce Directive (2000/31/EC) in EU law sets up an Internal Market framework for online services. Its aim is to remove obstacles to cross-border online services in the EU internal market and provide legal certainty for businesses and consumers. It establishes harmonized rules on issues such as the transparency and information requirements for online service providers; commercial communications; and electronic contracts and limitations of liability of intermediary service providers. Finally, the Directive encourages the drawing up of voluntary codes of conduct and includes articles to enhance cooperation between Member States.
There was wide-ranging discussion within EU institutions about how to revise this directive which finally happened with the adoption of the Digital Services Act 2022.[1]
Historical background and aim of the Directive
In the 1990s, when the general public started using the internet on a larger scale, the European Commission decided to set up a framework to remove obstacles to cross-border online services in the Internal Market.[2] At that time, legal boundaries to cross-border online services were still largely prevalent, which resulted in a lack of legal certainty for online services.[3] In order to address this issue, as well as promote electronic commerce in the EU and enhance competitiveness of European service providers, the e-Commerce Directive was adopted in 2000.[3] The e-Commerce Directive aimed to achieve this objective by offering a flexible, technology-neutral and balanced legal framework.[4]
Scope of the Directive
Personal scope
The regulation applies to information society services.[5] An information society service is defined as "any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service".[6] The provisions of the e-Commerce Directive thus apply to certain activities or services and not to a specific category of providers. In this context, an information society service includes a broad range of online services, e.g. providing transmission of information via communication networks, online hosting, providing access to a communication network, etc.
Recital 18 adds that when a service is free to the consumer, that does not mean that it falls outside the scope of the e-Commerce Directive in so far as it represents an "economic activity […] such as those offering on-line information or commercial communications, or those providing tools allowing for search, access and retrieval of data". This was reiterated by the European Court of Justice in the Papasavvas case, where the court ruled that a website that was indirectly remunerated through income generated by advertisements could also be qualified as an 'information society service'.[7]
The European Court of Justice also attempted to clarify whether collaborative economy services are included in the personal scope of the Directive. In the Uber Spain case it ruled that Uber's electronic booking platform is not an information society service, but rather "a service in the field of transport", as its "intermediation service must be regarded as forming an integral part of an overall service whose main component is a transport service".[8] In a subsequent ruling, the Court found that Airbnb is an information society service, because the intermediation service forms an integral part of the overall service.[9] With these case, the Court has taken a case-by-case approach in determining whether services in the collaborative economy can be classified as information society services.
Territorial scope
The e-Commerce Directive applies to information society services established in the EU.[10] An information society service is established in the EU when it effectively pursues an economic activity using a fixed establishment for an indefinite period of time.[11] The mere presence and use of technical means and technologies does not constitute in itself an establishment of the provider.[11] Information society services that are established outside the Union are thus not captured by the provisions in the e-Commerce Directive.
Material scope
The e-Commerce Directive does not apply to the field of taxation, the field of data protection, gambling, questions relating to agreements or practices governed by cartel law, activities of notaries and similar professions which involve the exercise of public authority and the representation of a client and defense of his interests before the courts.[12]
Internal market clause
The internal market clause in article 3 of the e-Commerce Directive is one of the key principle of the e-Commerce Directive. This article establishes the country of origin principle, also referred to as the Single Market clause, which ensures the freedom to provide online services across the Single Market.[13] This principle provides that online service providers are subject to the rules of the Member State in which they are established and not the rules of the Member State where the service is accessible. Member States in which the online service provider provides its services must therefore refrain from applying national legislation.
Derogations to this principle are possible on a strict case-by-case basis under the conditions set out in Article 3 e-Commerce Directive, also referred to as the notification mechanism.[14] Under this mechanism, a Member State has to take the following steps when it intends to act against an information society service established in another Member State:
It has to justify its action for the protection of public order, public health, public security or the protection of consumers;
Its action has to be proportionate to the objective;
The Member State first has to contact authorities of the other Member State and ask them to act. If that brings no result, it has to notify the commission and the other Member State of the action it intends to take. The Commission then has the right to receive information and assess the justification of the measure. If it is found that the action is incompatible the Member State should refrain from action.
Article 3 does not apply to intellectual property rights, consumer contracts, freedom of parties to choose the applicable law, the validity of contracts in real estate and the permissibility of unsolicited commercial communications by electronic mail.[15]
Freedom of establishment
Article 4 e-Commerce Directive establishes that information society service providers may not be made subject to prior authorization by Member States before starting any activities.[16]
Basic rules for e-commerce
Articles 5-11 of the e-Commerce Directive set out some of the basic requirements for online services, which include requirements for commercial communications, requirements for electronic contracts and information obligations towards consumers.[17]
Liability of intermediaries
Articles 12-14 of the e-Commerce Directive set out the limited liability exemptions, also referred to as the safe harbors, which contain the conditions under which certain intermediary service providers are exempted from liability for third party content.[18] The e-Commerce Directive does not provide a definition for intermediary service providers; rather it provides for specific types of activities to be conditionally exempted from liability, specifically:
Mere conduit;
Caching; and
Hosting.
Only when a service falls under one of the specific activities can it be exempted from liability. The safe harbors do not prevent intermediaries from taking measures against the infringement of third party rights, either through injunctions or duties of care, as was set out in case law and various legal instruments.[19]
The exemptions in the e-Commerce Directive have a horizontal scope, covering all types of illegal content (e.g. infringements of copyright, defamation, etc.) as well as both civil and criminal liability.
Mere conduit
Article 12 of the e-Commerce Directive contains the safe harbor for mere conduit.[20] Mere conduit is when an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service or the provision of access to a communication network. The service provider shall not be liable for the information transmitted, on the condition that the provider:
does not initiate the transmission;
does not select the receiver of the transmission; and
does not select or modify the information contained in the transmission.
Further, the article states that the acts of transmission and of provision of access include the automatic, intermediate and transient storage of the information transmitted in so far as this takes place for the sole purpose of carrying out the transmission in the communication network, and provided that the information is not stored for any period longer than is reasonably necessary for the transmission.
Caching
Article 13 of the e-Commerce Directive contains the safe harbor for caching. Caching services consist of the transmission in a communication network of information provided by a recipient of the service. The article ensures that a caching service provider is not liable for the automatic, intermediate and temporary storage of that information, performed for the sole purpose of making more efficient the information's onward transmission to other recipients of the service upon their request, provided that:
the provider does not modify the information;
the provider complies with conditions on access to the information;
the provider complies with rules regarding the updating of the information, specified in a manner widely recognized and used by industry;
the provider does not interfere with the lawful use of technology, widely recognized and used by industry, to obtain data on the use of the information; and
the provider acts expeditiously to remove or to disable access to the information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court or an administrative authority has ordered such removal or disablement.
Hosting
Article 14 of the e-Commerce Directive is arguably one of the most discussed articles in the e-Commerce Directive, in part due to the extensive body of case law related to the article. This article relates to hosting, which consists of the storage of information provided by a recipient of the service. Under this article, the hosting provider is not liable for the information stored at the request of a recipient of the service on the condition that:
the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or
the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.
Thus, Article 14 of the e-Commerce Directive provides that the provider, upon obtaining knowledge or awareness of illegal content, acts expeditiously to remove or to disable access to the information. Article 14 of the e-Commerce Directive provides the basis for the development of notice and take down procedures for illegal and harmful information.[21][22] The Directive does not set out any procedural obligations for notice and takedown, but Member States have the possibility to establish their own conditions for procedures.[22]
Article 14 e-Commerce Directive has been further interpreted by several cases in front of the European Court of Justice.[23][24][25][26] These cases have provided further information on the conditions under which the safe harbor is to apply.
Hosting is "where an information society service is provided that consists of the storage of information provided by a recipient of the service".[27] Article 14(1) of the e-Commerce Directive does not specify further what type of services constitute hosting. In this void, the Court of Justice has been left to determine on a case-by-case basis what type of services constitute hosting providers. In its case law, it has applied article 14 of the e-Commerce Directive to a search engine's advertising services,[28] an online sales platform[29] and a social networking platform.[30][19]
Active versus passive hosting
The European Court of Justice has added a further dimension in the Google France and L’Oréal cases, where it established that only "passive" or "neutral" hosts may benefit from the safe harbour.[31][29]
In the Google France case the Court ruled that a service provider could only benefit from the safe harbour if it is neutral, in which case the activity is "of a mere technical, automatic and passive nature", which implies that that service provider "has neither knowledge of nor control over the information which is transmitted or stored.'”[31] The Court based its reasoning on recital 42 e-Commerce Directive, which is directed towards mere conduit and caching services.
In the L’Oréal case the Court further provided that the safe harbour in article 14 of the e-Commerce Directive only applies to service providers if they have not played an active role of such a kind as to give it knowledge of, or control over, the stored data.[28]
The Court further set some identifying factors as to what can be considered active, e.g. setting the terms of service was not considered as acting in an active manner whereas optimizing the presentation of offers for sale was considered as acting in an active manner.[28]
Knowledge or awareness
Article 14(1) contains two distinct knowledge standards (i) "actual knowledge" and (ii) "awareness of the facts or circumstances from which the illegal activity or information is apparent" or constructive knowledge. This distinction is important as it clarifies that criminal liability would require actual knowledge whereas civil liability would solely require constructive knowledge.[19]
In order for actual knowledge to be triggered for the purpose of article 14 e-Commerce Directive a notification needs to be sufficiently precise and adequately motivated.[32] This has been further substantiated by the European Commission in the Commission Recommendation on measures to effectively tackle illegal content online.[33]
A Service provider has awareness as in Article 14 e-Commerce Directive "if it was aware of facts or circumstances on the basis of which a diligent economic operator should have realised" that the content was unlawful and did not act expeditiously to take it down.[24]
Expeditious action
Finally, in order to benefit from the liability exemption under Article 14 of the e-Commerce Directive, upon obtaining actual knowledge hosting services are required to act expeditiously against the notified illegal content. It remains largely unclear what action would qualify as acting "expeditiously".[19]
Conclusion hosting
After nearly 20 years of cases from the European Court of Justice, a complicated and sometimes conflicting body of case law remains.[34] This creates legal uncertainty for companies hoping to benefit from the safe harbour in article 14 e-Commerce Directive.[34]
Prohibition on general monitoring obligation
Article 15 e-Commerce Directive prohibits Member States from imposing general monitoring obligations on online intermediaries. In essence, this means that it is prohibited to require from intermediaries that they actively seek facts or circumstances indicating illegal activity. This prohibition on general monitoring has been confirmed on several occasions by the European Court of Justice. In the Netlog and Scarlet Extended cases the Court held that general monitoring obligations, such as filtering measures, fail to strike the right balance between copyright enforcement and fundamental rights.[25][30]
The prohibition only applies to monitoring of a general nature, monitoring obligations in specific cases and orders by national authorities in accordance with national legislation are allowed.[35] This was further substantiated in the Telekabel case, where the Court held that a filtering injunction which was strictly targeted and did not breach fundamental rights was allowed.[36]
The e-Commerce Directive does allow Member States to allow internet service providers to apply duties of care to detect and prevent certain types of illegal activities.[37] Member States can only impose such duties of care when they can be reasonably expected from online intermediaries and are included in national legislation.[37]
Final provisions in the e-Commerce Directive
The final provisions in the e-Commerce Directive relate to cooperation and enforcement, particularly they encourage the drawing up of voluntary codes of conduct and includes articles to enhance cooperation between Member States.[38] Furthermore, the final chapter contains provisions related to out-of-court dispute settlement, court actions and sanctions.[39]
Tensions
A number of developments have put pressure on the e-Commerce Directive. Since its adoption in the year 2000, the online environment has changed significantly, with a change in the scale of online services and a much wider diversity of services.[19] Furthermore, new types of services have developed that do not specifically fall into the legal categories set out in the e-Commerce Directive as they were still in their infancy in 2000, e.g. collaborative economy services or online advertising.[19][34]
Additionally, Member States have adopted diverging regulation to tackle online harms,[40] new European legislation has been adopted related to specific online harms,[a] and almost 20 years of case law by the European Court of Justice on the e-Commerce Directive have made it very difficult for companies to navigate this legal framework and scale-up across the European Single Market.
Additionally, criticism has been voiced that the limited liability regime promotes the takedown of content without proper scrutiny and that there is not enough regulatory oversight and cooperation.
In her Political Guidelines for the Next European Commission Ursula von der Leyen, President of the European Commission, announced her intention to propose a Digital Services Act to "upgrade our liability and safety rules for digital platforms and complete our Digital Single Market".[44]
^Examples of this are the proposal on countering terrorist content online, the Audiovisual Media Services Directive, the Copyright Directive.[41][42][43]
^Sachetti, Viviana (20 October 2021). "The EU Response to Terrorist Content Online: Too Little, (Maybe not) Too Late?". European Papers. 6 (2): 967–986. doi:10.15166/2499-8249/509. ISSN2499-8249.
^Lodder, Arno R. (2017). "European Union E-Commerce Directive - Article by Article Comments". Guide to European Union Law on E-Commerce. Elgar Commentaries series. 4: 15–58. SSRN1009945.