Skip to main content

Hosting provider “active” role and liability

The latest ruling of the Court in Rome on the liability regime of hosting providers: cases of liability under Art. 2043 Italian Civil Code and exemptions

Internet service providers play a strategic role in the digital market, as they intermediate between demand and supply of content on the Internet. When the content uploaded by users of a hosting service is illegal, the hosting provider itself may be charged with liability under article 2043 of the Italian Civil Code, to the extent it has played an “active” role pursuant to Legislative Decree 70/2003 and the E-Commerce Directive. How to distinguish when a hosting provider has an active or passive role? What does awareness entail? And what are the practical implications deriving from an active or passive role? The Court of Rome has recently addressed  the spectrum of the extension of responsibility with the ruling n. 693 of 2019.

Discover all answers in this article by ICT Legal Consulting, an international law firm with offices in Milan, Bologna, Rome and Amsterdam and presence in nineteen other countries specialized in the fields of ICT, Privacy, Data Protection/Security and Intellectual Property Law.



On January 10th 2019, the regional Court in Rome (Tribunale di Roma) Section XVII Civil, issued decision no. 693, which addresses the issue of the liability regime of hosting providers with respect to illegal content that was uploaded by users of hosting services – also referring to the ‘active’ or ‘passive’ role of the hosting providers.

Background information

Generally, Internet service providers (a category which also includes hosting providers) are those network operators who are active on the information society services’ market and provide Internet services; such as, the connection, transmission and storage of data, also by making their technical equipment (i.e., servers) available for hosting such data. These data is routed through servers that perform the service, which can consist of providing either Internet access (access provider) or email-services and web space (hosting provider). In essence, the service providers take the role of an intermediary between those who want to make information available on the Internet and the end-users who wish to use or receive that information.

Henceforth the need to understand in which cases Internet service providers can be held liable for illegal content or operations performed by those who use the particular service, and in which cases they are not.

Main issues

The necessary references to the legislative framework are to be found in Directive 2000/31/EC (hereinafter, the ‘Directive’) on information society services (in particular electronic commerce), as well as its implementation in Italy through the Legislative Decree 70/2003, which provides for exemptions from liability of certain service providers for offences and violations committed by its users – when specific requirements are met.

In particular, Article 16 of Legislative Decree 70/2003 exempts liability on the conditions that the provider:

  • is not aware of the fact that the activity or information is unlawful and, with regard to actions for damages, is not aware of the facts or circumstances that make apparent the unlawfulness of the activity or information;
  • takes immediate action to remove the information, or to disable access to such information, as soon as it becomes aware of such facts, and upon the appropriate communication to the competent authorities“.

However, Article 15 of Directive restricts providers from imposing a general obligation of conducting preventative and generalised monitoring, as well as “a general obligation actively to seek facts or circumstances indicating illegal activities” (Article 15.1 of Directive), since this would result in curtailing the fundamental right to freedom of expression and information (art. 11, EU Charter of fundamental rights).

The result is a general ‘basic’ rule according to which internet service providers are not liable for the information processed and the operations carried out by the users of the service, unless they intervene within the users’ content or in the performance of the operations, thereby taking an ‘active’ role. In fact, recitals 42 and 43 of the Directive require a ‘passive’ role of the Internet service provider – i.e., one of a purely technical and/or automatic nature – in order to be entitled to the exemption in question.

Therefore, it follows that when the role qualifies as ‘active’, Article 16 (liability exemption) of the Decree would not be applicable and this, consequently, results to a non-contractual tort/delict under Article 2043 of the Italian Civil Code, which consists of an obligation for the provider to compensate any damages that arise thereof.

In short, in order to determine whether the liability exemption applies or not, it is necessary to understand in which cases the service provider takes an ‘active’ and / or a ‘passive’ role. The recent ruling is in line with national and supranational case-law on this issue.

Practical Implications

According to the Italian case law, a hosting provider has an ‘active’ role whenever it intervenes – even merely in the organisation, selection or promotion of the uploaded material, enhancing the content or exploiting it economically by means of advertising. In this regard, according to the recent decision, it is sufficient to provide ‘assistance in enhancing the presentation of offers for sale and in promoting them‘, thus it is not necessary that the actual content has been manipulated with.

Conversely, a merely ‘passive’ role would occur whenever the service of the hosting provider is limited to providing a ‘neutral service’ through a purely technical and passive processing of the data provided by the users, while also being able to offer better usability through technological expedients, such as providing simple technical access (App. Milano 7.01.2015 Yahoo vs. RTI), without – due to this purpose – departing from its ‘passive’ role. In other words, the hosting provider must be precluded from having control over the content or editing rights that would give the provider knowledge about the content, since that way the provider would meet the aforementioned requirement of Art. 16.1.a of the Decree and therefore trigger its liability.

As a matter of fact, the Court of Justice of the European Union has on several occasions stated that having an ‘active’ role does not impose on the provider the generalised obligation of an ex ante control on all uploaded content; likewise, having a ‘passive’ role does not exempt from liability if – once becoming aware of the illegal character of an activity or information – the provider does not take action and remove them, provided that this would meet the requirement under Article 16.of the Decree.

This in turn leads to the question of what is actually meant by ‘to become aware’ and, consequently, when the obligation to take action is triggered, and what shall be done.

According to the decision of the Court in Rome, it would not be necessary to have a personal and first-hand knowledge of the illegal content, but it would be sufficient that the technological means (e.g., the software that indexes/catalogues/structures the data in an automatic manner, without any human intervention) are suitable to allow for the ‘awareness’ and control of the stored data. In such cases, the provider would be considered as ‘being aware’ of the contents and, in case of inaction, would be held liable to Article 2043 of the Italian Civil Code for the consequent damages.

However, it is clarified that if the awareness does not occur independently (or indirectly through the technological equipment of the provider), the obligation to take action could arise ex post, following a complaint by the competent authorities or a precise indication of the contents to be removed by the potentially damaged person. In the present case, a general instruction requiring the provider to search for ‘all the programs’ illegally uploaded or disseminated in an indiscriminate manner was considered insufficient, but it was also clarified that the exact indication of the URLs of each illegal audio-visual content is not necessary, insofar as the simple knowledge of the title of the illegal audio-visual content is sufficient to trigger the obligation of taking action.

With regards to the substance of the providers’ ‘diligence’: recital 48 of the Directive requires the diligence “which can reasonably be expected from them and which are specified by national law” and consists of removing the content or promptly disabling access to it.

Continue reading here.

In collaboration with

ICT Legal Consulting is an international law firm with offices in Milan, Bologna, Rome and Amsterdam and presence in nineteen other countries specialized in the fields of ICT, Privacy, Data Protection/Security and Intellectual Property Law.


ICT Legal Consulting

Author ICT Legal Consulting

ICT Legal Consulting is an international law firm founded in 2011 with offices in Milan, Bologna, Rome and Amsterdam, and presence in nineteen other countries (Australia, Austria, Belgium, Brazil, China, France, Germany, Greece, Hungary, Mexico, Poland, Portugal, Romania, Russia, Slovakia, Spain, Turkey, United Kingdom and USA). The firm was established by Paolo Balboni and Luca Bolognini, who have successfully assembled a network of trusted, highly-skilled lawyers specialized in the fields of Information and Communication Technology, Privacy, Data Protection/Security and Intellectual Property Law.

More posts by ICT Legal Consulting