Just now, while surfing on LinkedIn, I became aware of an exciting ruling by the Regional Court of Cologne (14 O 29/21). Although the ruling was issued last year, it is remarkable that it has received relatively little attention so far. This is particularly surprising given that content delivery networks (CDNs) – in this particular case, presumably Cloudflare – are used by many companies. The question about the permissibility of services like Cloudflare is indeed a frequently asked question that leads many interested people to my blog.

Considering the importance of the topic and since the liability of IT companies – in particular the question when the management is personally liable – is a central topic in my work right now, I would like to take up and discuss this ruling despite its low attention so far. This is because this ruling could have far-reaching effects on the liability of IT infrastructure providers and thus present the entire industry with new challenges.

However, before we can discuss the full implications of this ruling, it is necessary to clarify the underlying legal framework.

The legal basis

Stoererhaftung in German copyright law is a concept that refers to a party’s responsibility for copyright infringement. Basically, it states that a party can be held liable if it contributes in any way to a third party committing copyright infringement. Interestingly, this can apply even if the party itself was not directly involved in the copyright infringement, but nevertheless played a decisive role in its implementation.

In the current context, this particularly concerns the operators of content delivery networks (CDNs). CDNs are networks of distributed servers designed to deliver content to users based on their geographic proximity to one of the network’s servers. This is done to maximize delivery efficiency and minimize latency for the end user.

In the ruling relevant here, the court argued that CDN operators can bear joint responsibility for copyright infringements. You deliver content – including content that infringes copyrights – to end users. This means that if they have knowledge of such copyright infringement and do nothing to stop it, they may be considered contributors to the infringement. This may be true even if they themselves did not cause the injury, as they nevertheless play an essential role in its execution.

This ruling expands the application of the “Stoererhaftungsprinzip” (Breach of Duty of Care) in German copyright law and could have far-reaching effects on the responsibilities of CDN operators and other IT infrastructure providers. They should therefore be aware of the potential legal consequences and may want to reconsider their strategies for managing and controlling the content they deliver.

The decision of the Cologne Regional Court

In its decision, the court found that the CDN operator in question had enabled copyright infringement by providing its services and was therefore liable as a tortfeasor. Upon closer examination, the court found that the CDN operator contributed to copyright infringement by hosting and distributing copyrighted material without the necessary consent of the copyright holders.

This ruling is exciting, but also problematic at the same time, and could be groundbreaking for similar cases in Germany. It is the first ruling of its kind to identify a CDN operator as the interferer in a copyright infringement.

Interestingly, this ruling is not isolated, but follows a similar trend noted by the Leipzig Regional Court in an earlier case. In this case, a DNS resolver, a key component of the Internet that converts user requests for specific websites into IP addresses, was identified as the perpetrator of copyright infringement.

Although both cases are currently on appeal, they demonstrate a growing willingness on the part of the courts to extend copyright infringement liability to IT infrastructure providers. This could be a sign that we are moving toward a new era of liability for such providers, in which the courts will require them to take stronger measures to ensure that their services are not used to carry out copyright infringement.

The implications for the industry

These developments suggest that a precedent for hoster liability may not be far off. It is now more important than ever for IT infrastructure providers, such as hosters, CDN operators and other service providers, to review and adapt their contracts, compliance processes and standards of conduct.

There is no denying that these court decisions should be a wake-up call for the IT industry. Even if the appeals in these cases are successful, the risk remains that future rulings could decide in a similar manner.

It is therefore critical that IT infrastructure providers take proactive measures to ensure that their services cannot be used to support copyright infringement. This could include implementing tighter controls, improving monitoring systems, or working closely with copyright holders.

Conclusion

The current ruling by the Cologne Regional Court marks a potential turning point in the liability of IT infrastructure providers. It is a clear call for the industry to reconsider their existing practices and take steps to ensure that they are not unwittingly contributing to copyright infringement. It is time to act – NOW.