Out-Law Guide 5 min. read

Liability of ISPs for 3rd party material

This guide is based on UK law. It was last updated in November 2008.

When John Bunt attempted to sue AOL, BT and Tiscali in 2005, he hoped they would be found liable for defamatory comments made about him by three individuals using their services. What he did in fact do, was merely help to re-iterate the law. The judge found that an Internet service provider ("ISP") which performs no more than a passive role in facilitating postings on the Internet cannot be said to be the publisher of that information.

While the law absolves ISPs of liability where they are only providing connectivity services, there are still circumstances where ISPs, Virtual ISPs ("VISPs"), web hosts and those providing chat room facilities on their website (all of whom we will refer to as "ISPs") could be held responsible for material posted by third parties.

This guide will take a brief look at the E-Commerce Regulations and the protections offered to ISPs by this legislation. It will then look at the areas where ISPs are still at risk in respect of third party material and what steps they can take to mitigate the risks.

The E-Commerce Regulations

So, what legal protections are there for ISPs? The Electronic Commerce (EC Directive) Regulations 2002 (or the E-Commerce Regulations as they are commonly known), introduced a number of provisions setting out the circumstances where Internet intermediaries should not be held accountable for material which is hosted, cached or carried by them.

For instance, Regulation 17 provides that a service provider shall not be liable for unlawful or illegal content, sent or posted by any of its users, so long as the service provider does not initiate the transmission, does not select the receiver of the transmission and does not select or modify the information contained in the transmission.

In other words, if the above criteria are met, a service provider will be treated as a "mere conduit" as opposed to an author, editor or publisher.

Further protection is offered in respect of the caching of information. Again, provided that certain criteria are fulfilled, the E-Commerce Regulations relieve service providers of liability for the automatic, intermediate or temporary storage of information, where such activities are performed for the sole purpose of more efficient onward transmission of the information to other recipients of the service upon such recipients' requests.

It is important to note that the service providers must ensure that they comply with any conditions which are imposed on the access to the information. They could, therefore, still be liable if the owner of the site specifically prohibits caching. The other key element is the obligation on service providers to ensure that the information is updated. One of the criticisms of using caches is that the most up to date version of the site is not necessarily available to people using that particular service provider. This is something which service providers should be aware of.

Regulation 19 addresses the issue of a service provider's liability in connection with the storing of information where such information relates to an unlawful activity. The E-Commerce Regulations provide that the service provider shall not be liable if it does not have actual knowledge of the information or the unlawful activity. Where a claim for damages is made, the service provider will be protected so long as it is not aware of facts or circumstances which would have made it apparent that the information or the activity to which it relates is unlawful. It shall also not be liable if it acts expeditiously to remove or to disable access to the information on obtaining such knowledge or awareness and providing the recipient of the service was not acting under the authority or the control of the service provider.

The main point, therefore, is that of knowledge. If the service provider is made aware of the unlawful nature of the material, it is obliged to remove such material or disable access to it expeditiously. Regulation 22 provides that in determining whether a service provider has actual knowledge a court shall look at all matters which appear to be relevant in the circumstances and lists those particular things that a court shall take into account when reaching a decision. 

What are the risks now?

The main risks arise where ISPs seek to perform an editorial or monitoring function. In such cases, they could still be found liable for any unlawful material hosted on their systems. Such material includes any items which breach the intellectual property rights of a third party, viruses and worms, pornography, racist and terrorist material, etc. Basically, if an ISP monitors the content on their system with a view to removing unlawful material, but fails to remove it, it may be deemed to be a publisher of that material. It is essential therefore, that ISPs have in place proper procedures to ensure that if they perform a monitoring function, they immediately remove any unlawful material.

As mentioned above, where an ISP does not perform a monitoring function but receives a complaint about unlawful material, it should immediately investigate the complaint and remove any material which is unlawful. For more detail see our Guide on Notice and Takedown.

Getting the balance right

Often an ISP is placed in a difficult position. On the one hand, it has a customer who has entered into an agreement with the ISP for the provision of internet connectivity and/or web hosting services. If the ISP removes the material posted by that customer without the appropriate right to do so, it could find itself in breach of contract giving rise to a claim for damages.

On the other hand, if the ISP is made aware of the unlawful material and fails to remove it, it may become liable for the publication of such material giving rise to a claim for damages or even criminal prosecution.
There may also be occasions where an ISP, for its own reasons, may not wish to be associated with certain material on its systems.

The best way to address this conflict is for the ISP to have clear terms and conditions which set out the circumstances upon which their services may be used and which permit them, in their absolute discretion, to remove material from their servers.

In this way, the ISP can seek to protect itself against a claim for damages for breach of contract if it has to take action to prevent it from being liable for third party content. It is, of course, essential that these terms and conditions are properly incorporated into any contract. See our checklists, ISP/ Web Host Conditions and Terms and Conditions.


At present, the best advice to ISPs to prevent liability for third party content is (i) not to monitor content on their systems and (ii) where they have been advised that they may be storing or hosting information which is unlawful, to investigate the matter swiftly and if necessary, ensure that the material complained of is either removed or suspended whilst further investigations are undertaken.  

In order to ensure that it has the right to do this, the ISP should ensure that it terms and conditions cover this area adequately and that such terms and conditions are properly incorporated into any contract it has with its customers. It is also essential that all of its customers and users are made fully aware of the basis upon which they may use the service, whether this be by means of an authorised use policy or otherwise.


We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.