The 2002 E-Commerce Regulations provide a number of exemptions to internet service providers (ISPs) for all liability, including where the ISPs are acting as hosts or mere-conduits, or where they cache data. However, these exemptions only apply to laws that were passed before the date that the E-Commerce Regulations were made.

The Terrorism Act 2006 includes a number of offences for which website operators and ISPs could be liable, including encouraging acts of terrorism and disseminating terrorist publications. There is a requirement under the Act to take down illegal material from a website when instructed to do so by a police constable, otherwise the website operator and ISP are regarded as having endorsed any illegal statements or conduct. There are some defences available in the Act, but none as far reaching as those offered by the 2002 E-Commerce Regulations to other criminal offences found in earlier legislation.

To address this issue, in June 2007, the government issued the Electronic Commerce Directive (Terrorism Act 2006) Regulations 2007. These Regulations create exceptions from liability for offences under the Terrorism Act 2006, including the dissemination of terrorist information, where ISPs act as mere conduits, caches or hosts of information.

However, the 2007 Regulations also extend the "country of origin" principle to the Terrorism Act, meaning that UK ISPs can now be liable for the conduct and statements of their users, even if all of their services are directed to and provided in other European countries and not to the UK.

To view the article in full, please see below:

Full Article

In June 2007 the government issued new Regulations which create exemptions from liability for offences under the Terrorism Act 2006, including the dissemination of terrorist information, where Internet Service Providers (ISPs) act as mere conduits, caches or hosts of information.

The Terrorism Act 2006 came into force on 25 July 2006 and created a number of new offences including encouraging terrorism and disseminating terrorist publications. Liability of ISPs and website operators is triggered by material that, in the opinion of the police, is likely to encourage acts of terrorism, or is likely to be used in the commission of terrorist acts. The Act also includes an offence for website operators who are deemed to endorse terrorist material. Website operators will be deemed to endorse such terrorist material when they fail to comply, without reasonable excuse, with a "notice" issued by a police constable requiring removal of the offending material within 2 days. Essentially, the Act introduced a potential liability for forum/discussion board hosts and website operators who are reckless as to whether content posted by third parties contains terrorist material.

The criminal offences in the Act carry severe potential sanctions which, on indictment (trial by jury), are a maximum of an unlimited fine and up to 7 years’ imprisonment.

The Act also applies to any "repeat statement" – i.e. a statement which is "for all purposes, to the same effect as the statement to which the notice is related". Again a provider will be deemed to endorse the offending material where they fail to remove such information within two days. This two day period will begin to run from the date of re-publication, and not from the date of receipt of a further notice from a police constable. However, the Act does state that a person is not deemed to endorse a repeat statement where he "is not aware of the publication of the repeat statement" or where he has taken "every step he reasonably could to prevent a repeat statement" becoming available to the public.

The Electronic Commerce Directive (Terrorism Act 2006) Regulations 2007 (the "Regulations") came into force on 21 June 2007. The Regulations extend the application of the "country of origin" principle to the Terrorism Act. As a result, all relevant offences in the Terrorism Act will also apply to UK-established providers even where they only provide services in other EEA member states. This was the case previously, and still applies where services are provided to any foreign country, but the offences are restricted to "Convention Offences", which are a much more limited set of terrorism related offences set out in the Schedule to the Act. The new "country of origin" rules apply to all offences in the Act, not just to "Convention Offences".

The Regulations also extend certain protections of the E-commerce Directive to the Terrorism Act. Particularly important for providers, the Regulations create exemptions from liability for relevant offences where providers act as mere conduits, caches or hosts of information:

  • "Mere conduits" who transmit information provided by a recipient of the service, or who provide access to a communications network, will not be guilty of a relevant offence if they do not initiate the transmission, select the recipient of the transmission or select or modify the information contained in the transmission.

  • Providers who "host" information provided by a recipient of the service are not capable of being guilty of a relevant offence if they did not know the information provided was unlawful terrorist-related material; or that upon obtaining actual knowledge of such information they expeditiously remove the information or disable access to it.

  • Providers who "cache" information provided by a recipient of the service are not capable of being guilty of a relevant offence provided that they meet certain conditions. These include acting "expeditiously" to remove or disable access to the information on obtaining actual knowledge that the illegal material has been removed from the network, that access to it has been disabled, or that a court has ordered such removal.

Comment:

In order to protect themselves, ISPs and website operators should, wherever possible, have clearly worded terms and conditions and a policy which requires that anything uploaded by any user must not contain any material which relates to terrorism or which would constitute an offence under the Terrorism Act or any successor. In addition, strict procedures should be put in place expeditiously to deal both with complaints from the public about postings and, in particular, notices received from a police constable. Where notice is received from a police constable and material is removed, providers must take all reasonable steps to prevent repeat statements from appearing. These steps are likely to include putting in place word-search systems and banning or suspending offending users.

Providers may be concerned that they are being asked to make judgement calls in relation to deciding when information provided to them constitutes unlawful terrorist-related material. There will also be concern as to the requirement on a provider to take "every step he reasonably could" with respect to repeat statements, which will effectively place a monitoring obligation on ISPs and website operators. There is no other legislation relating to the removal of infringing or illegal material from a website which requires ISPs and website operators to actively monitor the data which appears on their systems in this way.

This article was written for Law-Now, CMS Cameron McKenna's free online information service. To register for Law-Now, please go to www.law-now.com/law-now/mondaq

Law-Now information is for general purposes and guidance only. The information and opinions expressed in all Law-Now articles are not necessarily comprehensive and do not purport to give professional or legal advice. All Law-Now information relates to circumstances prevailing at the date of its original publication and may not have been updated to reflect subsequent developments.

The original publication date for this article was 30/07/2007.