Cheat Software Copyright Law | IT-Medienrecht

Learn how the BGH ruling on cheat software affects copyright law in gaming. Understand the Sony ./. Datel case (I ZR 157/21) and its implications. Read…

BGH Ruling on Cheat Software: Copyright Infringement Only if Program Code is Altered

The question of whether cheat software is inadmissible under copyright law has been a constant issue for the games industry for years. A recent ruling by the Federal Court of Justice (BGH) on July 31, 2025 (case no. I ZR 157/21 – “Action Replay II”) has now provided clarification from the highest court.

The BGH states that the distribution of cheat software for the PlayStation Portable (PSP) does not infringe copyright if the game's program code remains untouched. It only becomes an infringement if values in the main memory are changed while the game is running. At first glance, this might seem like a "free pass" for cheats. However, the implications lie in the details of the Software Directive and its implementation in the Copyright Act (UrhG).

The ruling also highlights a clear distinction from other legal instruments. These include the protection of technical measures, fair trading law, and publishers' contract law. The decision forces the industry to consider a more nuanced approach.

The BGH Ruling: Sony vs. Datel

The proceedings originated from a conflict between Sony, the platform operator and rights holder of the PSP titles, and Datel. Datel is a provider of tools such as "Action Replay PSP" and "Tilt FX". These tools do not modify the source or object code of the game.

Instead, they overwrite specific variables in RAM while the game is running. This results in visible advantages for players, such as additional skills, unlocked content, or modified game physics. The key legal issue is not the "morality" of cheating.

Rather, it focuses on whether these interventions qualify under copyright law as a "modification" or other act of use of the protected computer program.

The Legal Framework: EU Directive and German Copyright Act (UrhG)

The legal framework under EU law stems from Directive 2009/24/EC on the legal protection of computer programs. This directive primarily protects the form of expression of a computer program, specifically its source and object code. It does not protect the underlying ideas, algorithms, or functional principles.

Section 69a (2) of the German Copyright Act (UrhG) expressly reflects this distinction. It emphasizes that the specific form of the program is protected, not its function or the process itself. Consequently, Section 69c No. 2 UrhG refers to acts such as "translation, adaptation, arrangement and other alterations."

The offense requires a change to the work itself, meaning a modification of the protected form of expression. Regularly, this involves a change to the program code or a copy of the program.

Interpretation of Copyright Protection by the BGH

The established case law clarifies that if the code is not altered and no modified program copy is created, there is no reworking within the meaning of Section 69c No. 2 UrhG. This applies when only temporary modifications are made to game-internal states generated in RAM. The temporary modification of the game result affects the sequence of the program logic, but not the protected form of expression.

The BGH thus consistently follows the interpretation of the Court of Justice of the European Union (CJEU). The CJEU clarified in preliminary ruling proceedings (Case C-159/23) that the scope of software copyright protection does not "extend" to all program-based processes. It remains limited to the expression, meaning the code.

In other words, the boundary is not drawn at "influencing the game," but at "influencing the program code or a copy of the program."

Technical Design: Permissible RAM Manipulation vs. Impermissible Code Alteration

This ruling does not mean that every form of cheat software is permissible. The decisive factor is the technical design of the software.

The technical distinction is fine:

Other Legal Instruments Relevant to Cheat Software

Beyond direct copyright infringement, several other legal avenues are relevant.

Section 69d UrhG: Observation and Testing of Software

Section 69d UrhG allows the observation, examination, or testing of a program's functioning to determine its ideas and principles. This is permitted within the framework of a legally acquired program. This norm does not justify cheat exploitation.

However, it expresses the same underlying principle: ideas and functional principles are not protected, but their concrete form is. Cheating exploits this non-protectability. Copyright law only becomes relevant when the form of expression is affected.

Section 95a UrhG: Protection of Technical Measures

Section 95a UrhG draws a second, often more practically significant line. This standard protects "effective technical measures" designed to prevent or restrict acts not permitted by the rights holder.

If an effective anti-cheat measure is circumvented, the circumvention itself may be prohibited. This is regardless of whether the code remains unchanged. Examples of effective measures include:

This provides a clear compliance path for publishers. The legal leverage shifts from copyright in the code to the design of robust technical protection measures. These measures must be classified as "effective" and consistently enforced. Without such measures, the copyright lever against pure RAM cheats may remain blunt. For further information on this topic, see our article on anti-cheat software vs. data protection.

Unfair Competition Law (UWG)

The distribution of cheat software can also constitute an unfair hindrance of competitors (Section 4 No. 4 UWG). This occurs if it deliberately interferes with a publisher's competitive development. For instance, by systematically destroying game balance, matchmaking fairness, or the online economy.

A breach of law (Section 3a UWG) is also conceivable if a prohibition applies elsewhere. This might be via Section 95a UrhG, and the act of circumvention is instrumentalized for market purposes. The assessment under unfair competition law is always case-specific.

It requires a balance between the tool provider's entrepreneurial freedom of development and the publisher's affected market regulations.

Contract Law: EULAs and Terms of Use

Contract law offers a fourth building block. Publishers have an effective set of instruments, including End User License Agreements (EULA), terms of use, and game rules. Cheats can be contractually prohibited.

Violations regularly entitle publishers to blocks and terminations, as well as claims for damages in individual cases. The control of general terms and conditions (Section 307 BGB) requires transparency and proportionate sanctions. Clauses that prohibit manipulative interventions, botting, or match-fixing are customary in the industry and legally viable.

These clauses must be clearly worded, serve to maintain a fair gaming environment, and provide for graduated measures. For the B2C sector, clear, pre-contractual information is recommended regarding:

The enforceability of the EULA is not affected by the exclusion of copyright claims in the core area. Instead, the focus of legal enforcement shifts. For more details on contractual aspects in gaming, consider reading about T&Cs, regulation & compliance in blockchain & computer games or contractual framework conditions for live service games.

Compliance Guidelines for Tool Manufacturers

For tool manufacturers, specific compliance guidelines apply. What remains permissible is what works without code intervention. It must not circumvent any effective technical measures, nor participate in the market in an unfair manner. It also must not use any third-party property rights.

This means avoiding proprietary keys, infiltration of signed modules, or circumvention of console security chains. Technical and legal documentation is recommended. This documentation should state that the functional depth is limited to RAM value manipulation and that no integrity checks are circumvented.

Furthermore, the software should not contain any proprietary content. Manufacturers should avoid "universal loader" functionalities that load signed areas without authorization or override signature-based checks. Even a "purpose of use" clause (e.g., "for single players only") is not a legal shield if practice demonstrates otherwise.

Recommendations for Publishers and Developers

Publishers and developers should implement a bundle of technical, contractual, and organizational measures:

  1. Technical Measures: Anti-cheat mechanisms should clearly exceed the "effectiveness" threshold of Section 95a UrhG. This includes documented, dynamic protection concepts, server-side plausibility checks, and tamper-resistant, signed client modules. Telemetry-supported abuse detection with data protection justification via legitimate interests (Art. 6 para. 1 lit. f GDPR) is also crucial. For insights into game development, see chain of title in game development.
  2. Contractual Frameworks: EULAs and game rules should contain clear definition clauses for terms like "cheat," "bot," and "exploit." They should also outline graduated sanctions, transparency regarding evidence, and audit options.
  3. Organizational Measures: Internal "play integrity" processes, a de-escalation path with warnings, logging concepts, and audit-proof evidence are useful. These provide a reliable basis for measures under fairness or contract law.

Broader Implications and Scope of the Ruling

The decision extends beyond the pure console context. For PC titles with modding-friendly architectures, it clarifies the dividing line between permissible and impermissible interventions. Permissible modifications include content mods that work via officially provided interfaces. Impermissible interventions involve code patching or non-signature binary changes.

For cloud and live service games, the risk of pure client cheats is reduced, as the main game logic resides on the server side. In these cases, the tort and contractual situation shifts to the interaction layer between client and server, including protection against manipulative requests and packet replays.

The decision does not create a "cheat amnesty" for esports. League rules, house rules, and contracts remain valid. Violations can be sanctioned regardless of whether a copyright infringement has occurred. The clear definition of the rules and the provability of the respective manipulation remain important for esports teams, as discussed in our article on liability risks for esports teams.

Dogmatic Foundation of Software Copyright

Dogmatically, the line drawn is convincing: software protection remains expression protection. The object of protection is the code, not the game result. If every interference with the flow of a program logic were considered a copyright infringement, the boundary between work and function protection would collapse. Debugging tools, performance analyzers, or accessibility aids could hardly be clearly located.

At the same time, the decision does not ignore real market disruptions. It shifts the debate to the protection instruments appropriate to the system: technical measures, contractual compliance, and fair trading law. This route, though more demanding than simply relying on Section 69c UrhG, reflects the legislator's intention. The Software Directive deliberately limited protection to forms of expression.

Unresolved Questions and Future Challenges

It remains unclear where the exact technical and legal demarcation line is drawn when RAM manipulation turns into "soft" hooking. This form of hooking actually replaces executable sequences without permanently changing the binary code. The qualification of modern "kernel-level" anti-cheat drivers and their circumvention also pose practical questions of demarcation.

Are mere monitoring hurdles overcome, or does the attacker interfere with signed code paths? In the first case, an examination via Section 95a UrhG (effectiveness and circumvention) is likely. In the second case, Section 69c comes into play again. Finally, the question remains to what extent publishers must set limits on telemetry in terms of product and data protection law.

The deeper anti-cheat systems interfere with the operating system, the more carefully purpose limitation, transparency, and proportionality must be designed. This is especially relevant given the increasing focus on cybersecurity tightening in 2025 and general data protection in esports.

Practical Approach: The Three-Pillar Strategy

In practice, a "three-pillar" approach is recommended for publishers:

  1. Technical Measures: Implement effective technical measures that are not just present but demonstrably "effective." This includes documented threat analysis and dynamic updating.
  2. Contractual Frameworks: Establish contractual frameworks that precisely address manipulative interventions. These should provide for graduated reactions, transparent communication, and remonstration processes. For guidance on drafting robust agreements, refer to our article on drafting contracts for AI-based services, which share principles with other software contracts.
  3. Fair Trading Law Strategy: Develop a strategy under fair trading law against commercial cheat providers. This strategy should target deliberate obstruction or systematic circumvention of the law.

This coordinated legal position ensures robustness, even if main claims under copyright law are ruled out in individual cases.

Guidance for Tool Providers and Modding Communities

For tool providers, the focus should be on technical self-restriction, verification, and distancing from circumvention activities. A clean architecture significantly reduces risk. This means only addressing RAM values, leaving integrity checks untouched, and not using proprietary content.

Furthermore, marketing statements and user communication should not create false incentives. Phrases like "bypasses all protection" or "unbannable" encourage accusations of unfair competition. For creator communities pursuing legitimate modding interests, using official interfaces and toolchains is recommended. This helps to avoid suspicion of code tampering or circumvention of protection measures in the first place. You can find more information about the legal aspects of modding and user-generated content on our blog.

Fazit

The BGH's ruling is not an invitation to lose control, but a systemic decision clarifying software copyright law. It compels the industry to utilize the correct levers: effective technical protection measures, well-drafted contracts, clear rules, and consistent enforcement. By doing so, a fair gaming experience can be ensured, even in an environment with "legal" RAM cheats. Tool providers now understand the legal boundaries for innovation. The core message is clear: not every intervention in gameplay constitutes an intervention in a copyrighted computer program. The line is drawn at the code itself and its effective shielding.