Grand Chamber rules that platform's algorithmic control may remove safe harbour availability
Grand Chamber rules that platform's algorithmic control may remove safe harbour availability
Last week, the Grand Chamber of the Court of Justice of the European Union (CJEU) issued its judgment in WebGroup/Coyote, C‑188/24 and C‑190/24. Neither referral specifically related to IP: C-188/24 concerned the operators of pornographic websites, while C-190/24 was made in the context of litigation targeting e-driving assistance and geolocation navigation services.
Yet, the resulting judgment is of great relevance to IP too, as the CJEU clarified key aspects of the Ecommerce Directive (ECD), now found in the Digital Services Act (DSA). Amongst them, two stand out:
- First, the hosting safe harbour (Article 14 ECD; Article 6 DSA) may not apply to providers that exercise algorithmic control over user-uploaded content (UUC);
- Second, the prohibition of general monitoring (Article 15 ECD; Article 8 DSA) only benefits those providers that are eligible for the safe harbour immunities.
Let’s see in greater detail how the Grand Chamber reached this conclusion.
Algorithmic control may remove safe harbour
Starting with the hosting safe harbour availability, the Grand Chamber warned against thinking that, just because a provider hosts third-party content, it is also eligible for the relevant safe harbour. In this sense, recital 42 ECD and relevant CJEU case law – including inter alia YouTube/Cyando [IPKat here] – are clear that such provider must play no 'active role' to fall within the scope of Article 14 ECD / Article 6 DSA: a provider that plays a role that gives it 'knowledge of or control' (the two conditions are alternative) over third-party content is disqualified from the safe harbour.
While the principles above are well-settled and thus unsurprising, the interesting aspect of the judgment is what the Grand Chamber noted at para 110:
the operator of an information society service which controls the stored information is excluded from the benefit of Article 14(1) [ECD], even if it does not become aware of that information due to the automation of the information processing.
Agreeing with the earlier Opinion of Advocate General Szpunar, the Court held (para 111) that:
it is, inter alia, by means of the algorithm used that such an operator exercises control over the information stored. So long as it has predetermined, by means of that algorithm, the conditions under which such information may or may not be broadcast, it is irrelevant that that operator does not itself carry out additional interventions which have the effect of promoting, modifying or deleting information stored with a view to it being broadcast.
Mere categorization and indexation done to enhance content accessibility may not be enough to remove the hosting safe harbour. That said - and considering all of this as stemming from earlier case law - the Grand Chamber went on to state (para 112) that if a provider uses an algorithm that “determines, in the interest of the operator or its service, under what conditions, how and in which order of priority that information is or is not be broadcast, that operator exercises control over that information, with the result that the service it offers cannot be classified as an ‘information society service … that consists of the storage of information provided by a recipient of the service’, within the meaning of Article 14(1) of Directive 2000/31”.
Who benefits from the prohibition of general monitoring?
Having held the above, the Grand Chamber also offered an express clarification of a point that has divided commentators for a long time: who’s the prohibition of general monitoring for?
The CJEU finally dissolved any doubt: only providers benefitting from the safe harbours are the beneficiaries of the no general monitoring obligation provision: if a provider cannot be classified as a provider of an ‘information society service … that consists of the storage of information provided by a recipient of the service’, within the meaning of Article 14(1) ECD, “Article 15(1) . . . does not apply to it” (para 122).
Last but not least, in accordance with settled case law, the Grand Chamber reiterated that the prohibition found in Article 15 ECD / 8 DSA is limited to general monitoring, while leaving intact the possibility of imposing specific monitoring obligations.
Comment
The WebGroup/Coyote judgment is a major development in the EU intermediary liability framework and, according to some, even a departure from earlier case law.
While it may be correct to read this judgment as offering significantly more limited breathing space to providers than rulings like YouTube/Cyando, it was also rendered in a different technological context than, say, landmark rulings like L’Orèal. As such, it fleshes out what ‘active role’, ‘knowledge’, and ‘control’ mean in the era of algorithmic optimization of third-party content offering.
The judgment could also be read in such a way as to essentially remove any hosting safe harbour availability from any platform that goes beyond mere categorization and indexation done to enhance content accessibility. In other words: it could be read as stripping the vast majority of today’s UUC platforms – probably including most, if not all, social media platforms broadly intended – of protection under the EU safe harbour regime.
As always, if such a reading is correct or not, well, time – or rather: litigation – will tell.
[Originally published on The IPKat on 22 June 2026]