“Free WiFi for Free People” – Germany restricts the liability of providers of public WiFi networks

The number of freely accessible public WiFi spots in Germany remains at a low level, with the reason for this understood to be the unclear legal liability of providers of such WiFi networks for IP rights infringements committed by their users. We take a look at the latest position in German law and what is being done in cases of infringement.


Former legal background in Germany

Unlike other European countries, the number of public WiFi hotspots which are freely accessible to the open public is rather low across Germany. This situation exists despite the efforts of politicians and the industry to safeguard a comprehensive internet coverage in Germany. The main reason has probably been the unclear legal situation with regards to the liability of providers of such WiFi networks for IP rights infringements committed by their users. German courts have accepted liability of providers of open WiFi networks in certain cases. Under German law, third parties can generally be held liable if they set a causal contribution to the infringing action (“Störerhaftung”). German courts have applied this approach also to WiFi providers. For example, the Federal Court of Justice (BGH) found a WiFi provider liable for an IP right infringement committed in its network because the WiFi provider did not properly secure the access to its network. Consequently, access providers were targets of warning letters including fee notes for statutory lawyers’ fees. An entire “legal industry” could benefit from this possibility to enforce cost notes against access providers. These legal and commercial risks have prevented WiFi providers from opening their WiFi networks to the broad public.

The solution of this unwanted situation has been on the agenda of the German legislator for quite a while. The first attempt in summer 2016 has not been very successful due to the ruling of the Court of Justice of the EU (CJEU) in the “McFadden” case (C-484/14). The CJEU essentially ruled here, inter alia, that the E-Commerce Directive does not (i) exclude cease-and-desist claims against WiFi providers in case of IP right infringements and (ii) oblige the WiFi provider to implement password restrictions. The Second Amendment Act of the German Telemedia Act (TMG) did not consider this CJEU decision. Hence, crucial questions remained unclear afterwards, in particular, whether the WiFi provider could be held liable for cease-and-desist claims enforced by the IP rights owner (as opposed to damage claims).

The October 2017 amendment of the TMG

As of 13 October 2017, the Third Amendment Act of the TMG has been put into force. According to this updated legal framework, providers of open Wi-Fi networks are generally not liable anymore for IP rights infringements committed by their users. Such statutory privilege explicitly covers both cease-and-desist and damages claims as well as expenses for the enforcement of such claims (Sec. 8 para. 1 sentence 2 of the TMG). However, providers of open Wi-Fi networks must not remain completely “silent” if a rights owner alleges an IP rights infringement via the open Wi-Fi network. In order to strike a fair balance between the interests involved, the legislator imposed an obligation on the Wi-Fi provider to “block usage of information” in order to prevent future infringements (Sec. 7 para. 4 of the TMG). Hence, the rights owner may request such blocking measures from the Wi-Fi provider which are reasonable and proportionate. Blocking measures should be the “last resort” and asserted only if the direct infringer cannot be identified. The rights owner, however, may not claim compensation for out-of-court expenses incurred to invoke the blocking request.

Comprehensive privilege for Wi-Fi operators

The amendments of the TMG are aimed at ensuring that providers of open Wi-Fi networks cannot be held liable for infringements. Pursuant to the reasoning of the Third Amendment Act, it was the explicit intention of the German legislator that the earlier liability regime for third-party liability under German law (“Störerhaftung”) would not apply to Wi-Fi provider.

Accordingly, Sec. 8 para. 4 of the TMG now stipulates that Wi-Fi providers may not be required to secure their network through a password or the requirement of a prior registration. Sec. 8 para. 4 of the TMG stipulates that an “authority” (“Behörde”) may not oblige the Wi-Fi provider to request users to register or to enter a password. The reference to an authority might give rise to future legal disputes. One could argue that such request may not be imposed by an authority, but by a judge in court proceedings. This could mean that Wi-Fi providers could still be held liable in court proceedings due to missing security measures. Hence, open Wi-Fi networks without any security measures could still remain the exception in the future despite the announced aim of the German legislator to foster usage of such open Wi-Fi networks. The ambiguous wording of the draft has been raised in the legislative process. However, the legislator did not remedy this situation. From a practical perspective, it might, thus, currently still be recommended to implement security measures as a Wi-Fi provider to exclude liability.

If the German courts ruled that liability is excluded even without securing measures, it could be – in theory – an option for the rights owner to initiate court proceedings to force the Wi-Fi provider to implement security measures in the future. Of course, this would require that Sec. 8 para. 4 of the TMG allowed that such order could be imposed by judges. In practice, such action would only be reasonable if a judge expected further massive infringements via this Wi-Fi network. If this was true, however, the right owner would probably rather choose to assert the blocking claim laid down in Sec. 7 para. 4 of the TMG. At first sight, this claim should be a more efficient tool to prevent future infringements. The interaction between both claims remains to be seen in future case law.

Besides, the amended legal framework factually distinguishes between access providers and host providers. Access providers are privileged and exempted from any payment claims. Such privilege does not cover host provider. Pursuant to the legislative grounds, the legislator holds that the interests differ between host provider and access provider. Hence, it appears that the above-mentioned “warning letter industry” could still target host providers. It is at least questionable if such differentiation is justified.

Claim to block usage of information

The newly implemented tool to protect the rights owner’s interest is a claim to block certain information to prevent repeated infringements of IP rights which somehow replaces the primary liability of access providers. In view of the legislator, this should strike a fair balance since the rights owner factually waives his right to cease-and-desist and damages claims against the Wi-Fi provider.

This blocking claim will certainly cause new legal controversies and will concern German courts in the future. In general, it is politically not completely understandable why this blocking claim is confined to IP rights and does not cover privacy/personality rights under German law. Such rights are certainly not less worth of protection than copyright and trademark rights, for example.

The precise reasonable and proportionate blocking measures of the Wi-Fi operator are not clear yet and will most likely have to be determined by German courts. Small internet cafés do not usually have the capabilities and technical knowledge to implement sophisticated technical blocking measures. Hence, the requirements that, for example, internet cafés have to meet to comply with a blocking claim should be lower than requirements of providers of bigger, commercial Wi-Fi networks, such as in hotels etc. Besides, there is always a certain risk of “overblocking” if not only illegal, but also lawful contents are blocked. If you block access to a whole domain or to IP addresses, there is an imminent risk to also block lawful content. Next to that, blocking URLs could be difficult from a technical perspective. Blocking ports might not be sufficiently effective since it could be easily circumvented. It is also unclear what kind of temporary limitations such blocking measures must have. Another issue might arise if lawful content was blocked – could owners of such content assert damages claims, and if yes, against whom?

The Federal Ministry of Commerce (“BMWi”) has published FAQs regarding the new amendment including proposals on how to fulfil blocking requests. The BMWi has provided a “manual” on how to block certain URLs via the router. Hence, it seems likely that this might become the most common blocking measure.

Moreover, blocking claims against the access provider are subsidiary and can only be asserted if the primary infringer cannot be detected or there are no other means to stop the infringement. Besides, there must be a risk of repeated infringements in the future. If the rights owner had to prove this in detail, this could, in practice, deter him from enforcing blocking claims against Wi-Fi providers. This could shift the balance of interest to the detriment of the right owner.


It took the German legislator quite a while to adopt a legal framework which fosters the usage of free WiFi networks. Despite such long preparation, the success of these efforts remains to be seen. It is a little surprising that the amendment has been harshly criticised by rights owners and their representatives. Whilst the WiFi operators should, at first sight, be off the hook, it remains to be seen if blocking claims are an efficient tool to safeguard the rights owners’ interests. It is clear from the CJEU’s McFadden decision that the rights owner may not be completely deprived of its rights. This statement has to be taken into account when applying blocking claims against WiFi providers in Germany.

Leave a Reply