Ian Brown (ian/at/

Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society has proven more contentious than its drafters foresaw. This EU Copyright Directive (EUCD), as it is commonly known, allowed only 19 months for implementation by Member States. But controversy in many of the fifteen States meant that only Denmark and Greece met this deadline.

Given the experience in the United States with a similar piece of legislation passed in 1998, this may be less surprising than it seems. The EUCD and the US Digital Millennium Copyright Act (DMCA) both give new protection to “technological measures:” systems that restrict the use of literary and other works in digital form based on instructions from their owners.  Even legitimate users of such works are forbidden from circumventing such measures. Tools that facilitate circumvention are also banned. This has led to problems in the US for innovators, researchers, the press, and the public at large.

This guide describes the debate that has occurred within each of the EU states during this process of implementation. It also describes the options that are available in implementation, and how these options have been exercised across the EU. Our aim is to provide information to government and civil society bodies in the countries that will be joining the EU during 2004, and hence who must also transpose the Directive into national law as part of that process. These organisations will then be in a better position to represent the views of copyright users in the debate over transposition, in order to ensure a proper balance between the rights of rightsholders and users.

The European Commission is due to report on the operation of the Directive in December 2004, after which amendments may be made by the Parliament and Council. Until then, careful use of its flexibility in implementation may prevent the recurrence in Europe of some of the problems seen in the US as a result of the DMCA.

The guide will be updated to provide further information as the legal situation evolves, particularly in those countries that have only very recently, or are yet to, publish draft legislation (Ireland, Luxembourg and Sweden.)


Our thanks to the authors of the individual country reports in this guide, who provided further help and advice on other aspects of the project. They are: Nicholas Bohm, Andreas Dietl, Maximillian Dornseif, Alexandre Dulaunoy, Alberto Escudero-Pascual, Andrea Glorioso, Volker Grassmuck, Rachel Kramer, Vassilios Maroulis, Meryem Marzouki, Erich Moechel, Sjoera Nas, Ville Oksanen, Rene Pfeiffer, João Miguel Neves, Alceste Scalas, Per Helge Sorensen and Mikko Valimaki.

An advisory panel of experts provided invaluable advice and review of the guide. It was made up of Ross Anderson, Nicholas Bohm, Simon Davies, Robin Gross, Martin Keegan, Fred von Lohmann, Julian Midgley, Pamela Samuelson, Barbara Simons and Ian Walden.

Lee Bygrave, Robert Clark, Eoin O'Dell, Séverine Dusollier, Liam Herrick and Niels Vestergaard Jensen also provided helpful input.

The guide was made possible by a grant from the Open Society Institute. Thanks in particular to Vera Franz of OSI, who worked with us in developing the project.

About FIPR

The Foundation for Information Policy Research is an independent body that studies the interaction between information technology and society. Its goal is to identify technical developments with significant social impact, commission and undertake research into public policy alternatives, and promote public understanding and dialogue between technologists and policy-makers in the UK and Europe. The majority of its recent work has been on surveillance, copyright, medical privacy and electronic voting. FIPR is a member of European Digital Rights (EDRi) and the Global Internet Liberty Campaign (GILC). Its homepage is at


The World Intellectual Property Organisation is the part of the United Nations system responsible for administering various treaties on patents, trademarks, designs – and copyright. WIPO and its forerunner organisations are 120 years old. From the Paris and Berne conventions agreed in 1883 and 1886, WIPO now administers 23 treaties on a wide range of intellectual property[1].

WIPO decided in 1989 to investigate the impact of computers and communications networks upon copyright. Annual meetings of experts were held over the next seven years, culminating in the agreement of the WIPO Copyright Treaty[2] and Performances and Phonograms Treaty[3] in December 1996 by representatives of the 160 member states. These treaties have provided the impetus for many nations around the world to update their copyright laws.

Meanwhile, the Agreement on Trade-Related Aspects of Intellectual Property Rights[4] (TRIPS) was agreed as part of the treaties establishing the World Trade Organisation in 1994. This was the result of a strategy by United States business to move intellectual property policy development away from WIPO, where developing nation members had different views on the value to their economies, cultures, education and healthcare systems of strong intellectual property rights. The US and later the European Union put sustained pressure on other parties to the WTO treaties to accept strong private rights in TRIPS[5].

TRIPS covers a wide range of intellectual property, from geographical indicia to integrated circuit layouts. But like the WIPO Copyright Treaty, its provisions on copyright are largely based upon the Berne Convention for the Protection of Literary and Artistic Works[6]. Its most important feature is its binding nature upon all WTO members. Breaking its provisions may lead to trade sanctions being imposed through the WTO Dispute Settlement process[7].

The United States also uses the absence of “adequate and effective” protection for intellectual property rights as one of the criteria for imposing trade sanctions under the “Special 301” procedure introduced by the Omnibus Trade and Competitiveness Act of 1988[8]. The US used this procedure to remarkable effect in negotiating TRIPS[9], and has since been using it to impose additional “TRIPS plus” requirements on other nations in parallel with their inclusion in bilateral free trade agreements[10].

Against this background, the EU embarked upon a process to update and harmonise its member states’ laws on copyright and related rights. The EU single market is the European Commission’s most cherished achievement, and the Commission is always keen to “tidy up” disparities between national laws that inhibit the functioning of this market. Differing copyright regimes were seen as a clear obstacle to European trade. The Commission therefore developed a draft Directive on the subject between 1997 and 2000.

As with the development of the Digital Millennium Copyright Act in the US, rightsholder organisations saw the opportunity for a second chance to push proposals that had been rejected by the diplomatic conference that led to the WIPO treaties. In particular, they were keen to reintroduce the detailed anti-circumvention rules previously proposed by the US but rejected in favour of the simpler and more flexible language of Articles 11 and 18 of the final WIPO Copyright and Performances and Phonograms treaties[11].

The developing nations who forced the WIPO compromise[12] were missing from this second round. Copyright user organisations were also grossly underrepresented compared to the number of industry lobbyists in Washington DC and Brussels. Unsurprisingly therefore, both the EU and US ended up with legislation specifically outlawing acts of circumvention and circumvention devices, rather than concentrating on acts of copyright infringement.

Problems in the United States

The Electronic Frontier Foundation has documented numerous problems that anti-circumvention provisions in the Digital Millennium Copyright Act have caused in the US for legitimate users of copyright works[13]. These provisions contain almost identical language to that of the EU Copyright Directive.

Most obviously, the lack of a “legitimate fair use” exception to the DMCA anti-circumvention provisions is already preventing users of works from exercising their rights. Millions of copy-protected CDs are in circulation around the world. It is illegal in the US to circumvent the protection to make a personal copy in another format, such as on a portable MP3 player, or to collect songs by different artists together on a mix CD or tape. The developers of tools allowing the “time-shifting” of streaming media have been threatened and restrained by injunctions. And the author of a tool that allows font designers to enable the embedding of their own fonts in documents was threatened several times under the DMCA.

Free expression has been more widely threatened. Microsoft threatened the Slashdot website after one of its readers republished an access-controlled but public document from the Microsoft website. The DeCSS tool, which allows Linux users to watch legitimately-acquired DVDs, has come under sustained attack by the movie industry. Its developers and web sites containing – and even linking to – the program have been sued. The Russian author of a tool that allowed protected Adobe e-Books to be converted to the more flexible Portable Document Format was jailed for several months after visiting Las Vegas to speak about his work at a conference. Some non-US researchers are now boycotting the country to avoid similar problems. IEEE, the largest publisher of computer science journals, even worried that it might be liable for security articles carried in those journals. It attempted to force authors to accept liability under the DMCA for their work, but an outcry from members prevented this change.

Further problems have been encountered by researchers. An investigation into the problems of filtering software was blocked because the software developer claimed that its encrypted list of filtered sites was protected under the DMCA. A journalist gathering information on airport security was prevented by DMCA worries from using anonymously-provided passwords to read government documents.

The security research that is vital to the safety of critical information infrastructures is particularly at risk, as it examines the strength of mechanisms that may be used in some technological protection measures. This was emphasised by Richard Smith, the adviser to the US President on cyber-security, who said: “I think a lot of people didn't realize that it would have this potential chilling effect on vulnerability research.”

The best-known case is of Princeton professor Ed Felten and his research team, who found problems with rights management information systems proposed for use by the music industry. The Recording Industry Association of America threatened each of the researchers, their employers, and the organisers and hosts of a technical workshop where they were due to present their results using DMCA provisions. This has directly damaged the development of the very technological measures that rightsholders are relying on to protect their content.

Other examples include Hewlett-Packard sending DMCA threats to researchers who had found problems in one of its operating systems; a Dutch programmer who declined to publish research on the weaknesses of an Intel video encryption system in case of future legal action during a trip to the US; and the removal by several scientists of research papers on security vulnerabilities from their websites.

The problems encountered for competition and innovation demonstrate consequences of the DCMA extending well beyond its proclaimed legislative intent. Legal actions have concentrated on stopping the sale of compatible accessories such as printer cartridges, under the pretence of preventing the circumvention of copyright control devices that in reality are used to verify the manufacturer of accessories. Lexmark has brought such a case against Static Control Components. Blizzard Entertainment has sued open source developers who created a free alternative server to allow users of Blizzard video games to compete across the Internet. And Sony has sued the manufacturers of “mod chips” which allow Playstation users to play games purchased in different regions of the world – many of which are not available outside their home markets.

Sony has also sued the developers of emulator software that allows Playstation games to be played on Apple Macintoshes and Windows PCs, and threatened the author of code that customised their Aibo robot pet dogs.  Further innovation was stifled by threats from Apple to the developer of software that allowed owners of older Macintoshes to make use of new Apple iDVD software. Apple preferred that users should instead be forced to upgrade to a new machine.

Much more information on all of these cases can be found in the EFF report.

Immediate public policy objectives

There are two important policy goals that are favoured across the EU in relation to Internet policy, and should be emphasised in implementations of the Copyright Directive.

The first is the EU focus on the “information society” rather than the “information economy” popular in the US. If this is to mean anything, it is that economic concerns must only be one consideration in government action designed to promote the development of such a society. Other issues such as creativity and a vibrant cultural sphere must also be considered.

While strong intellectual property rights are often promoted as a mechanism to encourage and reward creativity, legislation must allow the creative reuse of content that is a vital part of literature, art and other such endeavours. For the great majority of human history, such creativity has flourished without the existence or enforcement of intellectual property rights[14].

The second is the encouragement of high-technology research within the EU, particularly in the area of security. European governments and the Commission are proud of the results of their investment in this area, which has had some notable successes in the past decade – such as the selection in open competition by the US government of a European cipher (Rijndael) as the basis for its Advanced Encryption Standard. Another European competition entry (Serpent) reached the final shortlist of five.  It is therefore vital that implementations do not restrict or threaten this research, which is seen as vital to the future competitiveness of EU economies.

Wider public policy objectives

There are several longer-term policy objectives that must be considered when implementing the Directive. The increased security, transparency, reliability and sovereignty provided by open source software must be encouraged. Competition, free expression, cultural diversity and privacy must all be supported rather than hindered by copyright law.

Open source software

Open source software is becoming increasingly popular within European public and private sector organisations. Governments and companies are keen on the reduced price and higher reliability of software that is constantly being developed by enthusiasts around the world. Software such as GNU/Linux has also provided vital competition in many monopolistic software markets, keeping down prices across the whole sector.

Open source has several additional attractions for governments. Because the complete functionality of the software can be examined, government agencies may determine the security – or otherwise – of a piece of code. And where software features tend to shape citizens’ behaviour, open source makes that implicit regulation transparent[15].

Perhaps most attractively, for governments other than that of the United States, freely modifiable software increases sovereignty. It removes reliance on the behaviour of software companies that are largely based in and subject to political pressure from the US. The Swedish government, for example, discovered in 1997 that the Lotus Notes software being used by Members of Parliament, 15,000 tax agency staff and 400,000 to 500,000 citizens allowed the US National Security Agency to decrypt messages “protected” using its security features[16].

Free trade and effective markets

There has long been a conflict between competition policy and intellectual property monopolies. It is ironic that a global agreement on these monopolies (TRIPS) is embedded in a free-trade body such as the World Trade Organisation[17].

It is important that the copyright and related monopoly rights granted by the Copyright Directive are not allowed to be used to restrict other markets, as has already been seen in the US Lexmark v. Static Control case described in the previous section.  In particular, legal protection for technical measures that restrict access to copyright works should not be usable to protect authentication mechanisms that prevent competition in accessory markets such as printer cartridges.

Nor should the use of technical measures to enforce differential pricing between market segments be protected under this Directive. While there is an ongoing debate over the long-run value to the consumer of price discrimination[18], any such protection should be given through separate and openly debated legislation rather than by copyright law. We suspect such legislation would be extremely unpopular.

A longer-term objective must be to replace the Copyright Directive’s “Community exhaustion” of copyright with “international exhaustion”. This would allow the global movement of copyright works once they had been legally purchased anywhere in the world, reducing the impact of price discrimination between different national markets. National exhaustion was pushed by some countries during the TRIPS negotiations, but this proved too controversial a subject to reach agreement upon during that trade round[19].

Freedom of expression

Copyright is always to some extent in tension with freedom of expression. The former is an economic tool intended to “promote the Progress of Science and useful Arts” (in the words of Article I of the US Constitution); the latter is a fundamental human right guaranteed by instruments such as the EU Charter of Fundamental Rights[20] (which will be binding on all Member States under the forthcoming EU Constitution) and the European Convention on Human Rights[21]. The implementation of copyright must be carefully limited to provide those economic benefits without unduly limiting free speech.

Even in the US, with the robust protection of the Constitution’s First Amendment, the DMCA has caused free speech problems, as described earlier. US courts have dismissed free speech arguments in cases against the publication of or even linking to circumvention tools[22]. Nor does the EU have any equivalent to US legislative precedent[23] protecting the source code of software as speech. Member States must therefore be careful that their implementations of the Copyright Directive do not trample on the free speech rights of their citizens.

Cultural diversity

Many EU States such as France are particularly concerned about “homogenisation” of culture.  They have so far resisted attacks on their national quotas for films, movies and music through free trade agreements. They should also resist attempts by large global corporations to lock up content through increasingly strong intellectual property rights, dominating markets for content[24] and reducing the rights of European artists to build on previous works.


Digital Rights Management (DRM) systems often allow rightsholders to monitor in great detail the use of their products by consumers. Users could therefore find that details of every access to a protected work they have made are stored by rightsholders or their agents, and used for secondary purposes such as marketing related products. This information may also be linked with other personal information on a consumer, creating a detailed profile[25].

Several governments have provided law enforcement and intelligence agencies with access to this type of data, and courts could order access in many different circumstances. Copyright holders have already been given expedited access to the personal details of ISP customers they allege are infringing their rights in the US under the Digital Millennium Copyright Act, and are lobbying to obtain these powers in the EU under Article 9 of the draft Directive on the enforcement of intellectual property rights[26].

As with freedom of expression, privacy is a right guaranteed by the European Convention on Human Rights (see Article 8) along with the EU Charter of Fundamental Rights (see Articles 7 and 8). Copyright Directive implementations must not allow rightsholders to collect large amounts of personal data on their customers under the guise of “technological protection measures”.

The Copyright Directive

The Directive[27] is in two parts: the preamble, which sets out the background, and the Articles. The preamble is of a more explanatory nature, and sets out the context within which the Articles should be implemented by Member States. Nonetheless, it does have legal force, and contains some important principles that should be reflected in implementing legislation.

The first eight Recitals of the preamble describe the reasons why the Directive was created. They concentrate on the development and proper functioning of the EU’s internal market, and encouragement of creativity and competitiveness and the general development of the Information Society. More concretely, they state that copyright and related rights need updating given technical developments (such as the Internet), and that this updating should be done in a harmonised way across the EU.

Recitals 8—12 then attempt to justify the specific approach taken, and why the authors of the Directive feel that strong Intellectual Property Rights are necessary to meet the objectives described above.

The remaining recitals discuss further objectives and reasoning behind the Articles. We will describe them further in that context in the next section, which describes each Article (as grouped by the Directive).

Objective and scope

Article 1 sets out the scope of the Directive. It limits the Directive’s effect on related intellectual property rights in existing EU law, most importantly the Software Directive[28]. This should mean, for example, that technical measures protecting computer software should not be covered by Article 6 of the Copyright Directive. Articles 5(3) and 6 of the Software Directive should continue to allow the “reverse-engineering” of software for the purposes of creating compatible programs. Without this protection, free software developers could be prevented from fully accessing Application Programming Interfaces or similar features in commercial software.

An ideal implementation of the Software and Copyright Directives would also allow the reverse-engineering of file formats, in order to allow free software to read and write files in commercial software formats. Without this protection, commercial software companies can exploit network effects to impose monopoly prices on software markets.

Rights and Exceptions

Articles 2—4 set out the rights protected by the Directive. Article 2 provides the most fundamental “copy” right. It provides exclusive rights over the reproduction of “direct or indirect, temporary or permanent” copies of works to performers, phonogram producers, film producers, broadcasting organisations and authors. Articles 3 and 4 give “communication to the public” rights to all of these groups except authors, who are granted distribution rights. Recital 30 states that all of these rights may be assigned, transferred or licensed.

Unlike communication rights, Recital 28 states that distribution rights are “exhausted” by a first sale within the EU. This means that publishers may not prohibit the resale of books, whereas the groups given communication rights may prohibit secondary markets in those works. This prevents resale of their services, supporting the effectiveness of any differential pricing employed. Recital 29 states that rights in services, particularly those supplied on-demand, should not be exhausted by a sale within the EU.

Article 5 sets out the limitations and exceptions that may be applied to the rights provided in Articles 2—4. It is an exhaustive list, which means that any exception outside this list is not allowed, even if it currently exists in Member State law. This is justified in Recital 31 given the “new electronic environment” and the effect of exceptions on the internal market. This Recital also states that a fair balance between different types of rightholders, and with consumers, must be safeguarded in these exceptions. Recital 32 says that Member States must come to a “coherent application” of the exceptions, which will be reviewed in implementing legislation later.

The mandatory exception to the reproduction right in Article 5(1) provides for “transient and incidental” reproduction that is an “essential and integral” part of network transmission by an intermediary or allows lawful use of a work with no “independent economic significance.” Recital 27 emphasises that providing communications facilities does not by itself qualify as making a communication. This exception must be implemented in full, and prevents coercion of Internet Service Providers running services such as Web caches with no independent value for their users.

It also prevents rightsholders from controlling all access to works through digital technologies, which by their very design make temporary “copies” of works as they are transferred from a medium such as a DVD to the player’s memory for processing, and then to a display or speaker. Rightsholders have previously argued that they should control such reproductions: “Even the most fleeting cascade of electrons is being claimed by them as part of their income stream”[29].

This one mandatory exception demonstrates that the communications industry concentrated their lobbying on the provisions that directly affect their business, unlike their actions as part of a broader coalition at the WIPO negotiations. The same thing happened in the US, resulting in Title II of the DMCA, the Online Copyright Infringement Liability Limitation Act. Its s.512 contains some very similar provisions to those of the Copyright and E-Commerce Directives.

Recital 33 of the EUCD prevents proxies from altering cached data, and mandates “widely recognised and used” technology that provides information on access to data by users to rightsholders. Given the minimisation requirement of Article 6 of the Data Protection Directive[30], such technology should provide anonymised rather than personally identifiable information.

Article 5.2 sets out optional exceptions to the reproduction right. As with articles 5.3 and 5.4, which of these are implemented is entirely up to Member States. The five possible exceptions are: (a) photocopying (except sheet music); (b) non-commercial private use, when fair compensation is paid; (c) non-commercial acts by libraries, educational establishments, museums and archives; (d) ephemeral recordings made by and for broadcasting organisations; and (e) non-commercial reproduction of broadcasts by social institutions, provided fair compensation is paid. Recital 35 states that when fair compensation is required, the level set should take account of damage done to the rightsholder by the exception. If minimal damage is done, no payment may be required. But Recital 36 says that Member States may require payment of fair compensation even when it is not required by the Directive.

Article 5.3 sets out a longer list of exceptions to both the reproduction and communication rights. These exceptions were valued strongly enough for those States where they exist to bargain for their inclusion in the Directive. Most important of these for general purposes are (a) teaching and scientific research; (b) use by disabled persons; (c) news reporting; (d) criticism or review; and (k) caricature, parody or pastiche. Recital 14 emphasises the necessity of exceptions for education and teaching to encourage learning and culture. Recital 43 says that “all necessary measures” should be taken to enable the use of works by disabled persons.

Article 5.4 allows any exceptions to the reproduction right contained in Articles 5.2 and 5.3 to be applied to the distribution right “to the extent justified by the purpose of the authorised act of reproduction.”

The “three-step test” from the Berne convention and TRIPS is included in Article 5.5. This limits copyright exceptions to “special cases” which do not conflict with “normal exploitation” of copyright materials or “unreasonably prejudice” legitimate rights held. Recital 44 repeats that exceptions should be “exercised in accordance with international obligations”. Rightsholders have argued that this test should be explicitly included in national legislation as a further court-interpreted limitation on exceptions, but some States (such as the UK) have instead used it as a test of whether exceptions may properly be included in the implementing legislation.

Protection of Technological Measures and Rights-Management Information

The general purpose of this section is set out by Recitals 13 and 47. They state that common development and use of technological protection measures and rights-management information is essential, because both technologies give effect to copyright and related rights.

Article 6 is by far the most controversial part of the Directive, as are the similar provisions of s.1201 of the Digital Millennium Copyright Act in the US.

Article 6.1 requires that Member States provide “adequate legal protection” against the deliberate circumvention of technological measures – regardless of whether such an act infringed any copyright. A user must know or have reasonable grounds to know they are causing such circumvention, but the purpose for which it is done is irrelevant. Even fast-forwarding through a commercial at the start of a DVD could therefore be illegal if restricted by the rightsholder. Sanctions are expanded upon in Article 8.

Article 6.2 expands this protection by banning the manufacture, import, distribution, sale, rental or advertisement of circumvention devices or services – and also their possession for commercial purposes. This applies to any device or service that is marketed or primarily designed to circumvent technical measures, or has only limited other commercial purpose. Again, it is irrelevant whether the purpose to which such a device is put is copyright infringement. It is unclear whether open source software could be said to have a commercial purpose. Recital 49 says that States may further ban private possession of circumvention devices.

The definition of “technological measures” and whether they are “effective” is contained in Article 6.3. Both are wide definitions. The former covers any mechanism normally used to restrict acts not authorised by a rightsholder. The latter covers any access control, protection mechanism or copy-control mechanism, whatever its technical effectiveness. Therefore even the weakest protection measures gain legal protection against even the simplest types of circumvention. Under this definition, a marker pen – which can be used to defeat several types of CD protection mechanisms by drawing on the CD – could be classed as a circumvention device if it was advertised as such.

Recital 48 provides some limit to any further extension of protection for technical measures by Member States. Protection should not prevent “normal operation of electronic equipment and its technological development;” nor should technical measures be required in products or services. Member States should not use the Directive as a justification to introduce legislation mandating the inclusion of protection measures in electronic devices.

Senator Fritz Hollings twice introduced such legislation in the US Senate. His initial Security Systems Standards and Certification Act[31] covered all “interactive digital devices”, while the Consumer Broadband and Digital Television Promotion Act[32] was slightly more narrowly aimed at “digital media devices”.  But neither made any significant progress in the Senate.

Recital 48 also states that implementations “should not prohibit those devices or activities which have a commercially significant purpose or use other than to circumvent the technical protection.”  These other significant uses must include those of open source software. Such software may not be sold commercially but is commercially significant in its benefits to its users and its effects on markets that might otherwise be monopolies. Implementations should make clear that software need not be sold commercially for its purpose to qualify as commercially significant.

Finally for Recital 48, legal protection for technical measures “should not hinder research into cryptography.”  Implementations should provide a strong generic exemption for such research if this is not already provided by overarching law (as it is by the German constitution, for example).

Cryptographic research involves far more than the theory of cryptologic mathematics; most cryptographic mechanisms fail for engineering reasons connected with protocol design or the implementation in hardware and/or software. Such research cannot be very productive unless it is targeted at real systems. ‘Toy’ systems developed in the laboratory are inadequate as many of the novel and interesting failures arise from the interaction of components designed by people from different disciplines, or from the scale and complexity of real systems[33]. Nor should this exemption be limited to “recognised” researchers such as academic university staff; much important security research is carried out by hobbyists and students.

Article 6.4 is perhaps the most crucial part of the Directive. It specifies the procedures that should be used to reconcile the “fair dealing” exceptions in Article 5 with the ability of consumers to exercise them given technological measures protected under Article 6.

Unlike the DMCA, Article 6.4 does not give protection to certain groups (such as security researchers) against liability for circumvention offences. In the first instance, it merely requests that rightsholders take voluntary measures to allow the exercise of certain exceptions. Recital 51 emphasises that these may include “the conclusion and implementation of agreements between rightholders and other parties concerned.”

The measures taken must facilitate the reproduction right exceptions in Article 5.2 (except private use in 5.2(b)) and a limited subset of the reproduction and communication rights exceptions in Article 5.3 (for teaching and research, use by disabled persons and public security functions). They may also include the private use exception, but must allow rightsholders to restrict the number of private copies so made. Any technical measures used in any of these voluntary measures must also be protected by Article 6.1.

If voluntary measures are not taken, Member States must take “appropriate measures” of their own to ensure that citizens may benefit from the exceptions. However, this is not the case with works made available through on-demand services. Such services are defined very broadly – on “agreed contractual terms in such a way that members of the public may access them from a place and at a time individually chosen by them.”  This definition is also included in Recitals 25 and 53.

Several of the exceptions and limitations permitted by Article 5 require fair compensation. However, Recital 35 makes clear that one of the factors that must be taken into account in setting the level of such compensation is the use of technical measures protected under Article 6. This is explicitly restated for the private copy exception in Article 5.2(b) and in Recital 52. It is likely that fair compensation levels will be reduced as the use of technical measures increases.

Article 7 gives protection to electronic Rights Management Information. This is any type of data provided by rightsholders that identifies a work, its author or the terms and conditions of access. It must be associated with a copy or communication to the public of a protected work (Article 7.2). The development and use of compatible systems is encouraged by Recital 54.

Article 7.1 and Recital 56 state that Member States must provide “adequate legal protection” against removal or alteration of such information. This protection must also be provided against the communication to the public (and related acts) of a work where rights management information has been removed, if this would encourage or conceal copyright infringement.

Recital 57 emphasises that rights-management systems should protect the privacy of users, in accordance with the Data Protection Directive.

Article 7 contains several interesting differences with Article 6. It allows removal of rights management information given “authority” – hence allowing the entity that applied the information to authorise its removal, unlike an entity that has applied a technical protection measure. The restrictions in subparagraph 1(b) also require intent to infringe a right, uniquely amongst all of the Directive’s measures. Nor are there any controls on devices that remove rights management information, as Article 6 provides for circumvention devices.

Common provisions

Member States must provide “effective, proportionate and dissuasive” sanctions and remedies under Article 8, and take all necessary measures to ensure they are applied. Article 8.2 and Recital 58 say that rightsholders must be able to bring actions for damages, obtain injunctive relief and apply for seizure of infringing materials and circumvention devices. Despite the mandatory exception in Article 5.1(a) for online services, Article 8.3 and Recital 59 require that rightsholders must also be able to apply for an injunction against an intermediary whose services are being used to infringe their rights. Article 12 of the E-Commerce Directive[34] provides a “mere conduit” defence for intermediaries, but this may be overridden by a court or administrative authority action[35]. Recital 16 states that the Copyright Directive should be implemented without prejudice to the liability provisions of the E-Commerce Directive.

Article 9 expands on Article 1 and reaffirms that existing legal provisions in a wide range of other areas – including but by no means limited to other intellectual property rights – should not be affected by the Directive.

From a public policy perspective, the most important of these areas are privacy and competition law. Many Digital Rights Management systems track the usage of protected materials. Article 9 and Recital 57 confirm that this tracking will be subject to the requirements of the Data Protection Directive[36] – notably that data collected should be relevant, not excessive for purpose, and kept for the minimum time necessary in identifiable form; and that users should be notified of and consent to the collection, and be able to access data concerning them.

Nor should technological measures be allowed to override competition policy. Anti-circumvention rules must be tailored as tightly as possible to protect copyright but not accessories. Under the DMCA, they have been used to control accessory markets (such as for printer cartridges). This would directly contradict the EU’s recycling directive[37] as it affects printer cartridges.

Recital 17 states that the compliance of collecting societies with competition rules should also be enforced. 

Recital 50 explicitly says that provisions on reverse engineering for software compatibility in the Software Directive must not be affected. Therefore, circumvention of technical measures protecting software for developing compatible software, and the development of devices that perform such circumvention, must not be prohibited in implementing Articles 6.1 and 6.2.

The administrative provisions of Articles 10—11 and 13—15 cover timing and other implementation details. They specify the Directive’s retrospective effect; adaptations of directives 92/100/EEC[38] (rental and lending rights) and 93/98/EEC [39](term lengths); deadline for implementation; entry into force; and the addressees (the Member States).

Article 12 sets up a procedure for a triennial review of the Directive, and a contact committee made up of representatives of the Member States and chaired by a Commission representative.

The Commission must submit a report by 22 December 2004 and then every three years on the effects of the Directive given the development of the digital market. The effects of Article 5, 6 and 8 are particularly pertinent. If necessary, this report may propose amendments to the Directive – especially to improve the functioning of the internal market.

The contact committee is charged with reviewing the functioning of the internal and digital markets, organising consultations on the Directive and exchanging information on relevant developments between Member States.

Options for implementation

There are several parts of the Directive that are important for the achievement of the public policy objectives outlined earlier in this chapter. Good national implementations should use the flexibility contained in the Directive in the following ways:

Article 5

Both for the benefit of their own citizens as well as best achieving the original intent of the Directive[40] – the harmonisation of copyright law across the EU – Member States should include the maximum number possible of the exceptions from Article 5 paragraphs 2, 3 and 4 in their implementing legislation. If the initial implementation is done using a legislative procedure such as that in the UK and Ireland – where only mandatory changes may be implemented in a fast-track process – the States should later use primary legislation to implement new exceptions.

To reduce legal uncertainty implementations should not explicitly include the three-step test in Article 5(5). Instead, as in several countries such as the UK (see the table below for others), it should be applied to exceptions as they are considered for inclusion in legislation.

The Directive exhaustively enumerates permissible exceptions rather than providing a more flexible court-interpreted “fair use” test as exists for example in the US. Given the balanced approach that copyright law is supposed to represent, Member States should not provide a judicial power which could operate only to further limit the available exceptions.

Article 6

The best implementation of Article 6(1) would only prohibit circumvention when it resulted in infringement of the rights in Articles 2—4. Norway provided for this in its draft implementation, and the Danish Minister of Culture claimed that the final Danish implementation also has this effect.

A remote second-best option is to provide only minor civil sanctions for circumvention acts. Italy’s draft provides for a fine of 154€, which may be reduced for minor offences. The UK draft allows for damages for loss or recovery of profit to be awarded, neither of which is relevant for non-infringing circumvention.

Even with a “fair circumvention” right such as in the Danish and draft Norwegian implementations, citizens will find it increasingly difficult to exercise such a right without the tools to do so as technological protection mechanisms improve. Definitions of circumvention devices or services should carefully exclude products intended to facilitate the exercise of exceptions by legitimate owners of a work.

The Directive suggests a voluntary approach from rightsholders to allow exceptions to be exercised by beneficiaries. We believe this will only be effective if it is backed up with “effective, proportionate and dissuasive” sanctions for rightsholders who do not provide a timely means to do so. Many rightsholders will be based outside the EU with a primary focus on other markets. Meanwhile, for example, a visually impaired person may require immediate access to a work for educational or employment purposes.

An ideal implementation would withhold the benefits of copyright for technically protected works (and at the same time withhold protection against circumvention of the protection for them) until this requirement was met by rightsholders. This could be implemented in exactly the same way as the UK Patents Act of 1977 prevented the enforcement of a patent if a license existed anywhere that illegally tied it to other contractual conditions (such as the supply of raw materials). There is no reason why the intellectual property rights in the Copyright Directive should not be limited in the same way.

A less ideal implementation would, in the same manner as the Data Protection Directive, allow beneficiaries to complain to a national authority who would undertake speedy and effective action on their behalf. Beneficiaries and groups representing them should also have a direct right of action through the courts against rightsholders. The Spanish Minister of Culture, for example, will be able (under the current draft) to impose 6,000€ per day fines on rightsholders who prevent the exercise of exemptions using technological prevention measures. Government bodies given this task should contain representatives from all interested parties – competition and privacy commissioners, consumer representatives as well as rightsholders.

In either case, the outcome should protect all beneficiaries of exceptions against a particular rightsholder. Rulings may also provide advice to other rightsholder in similar situations on how to remedy problems before enforcement action is taken against them.

The definitions in Article 6(3) should be transposed carefully to limit the effect of Article 6 to technological measures that are focussed on protecting copyright[41]. As per Articles 1 and 9 and recital 48, this protection should not interfere with the circumvention of devices that limit accessory markets, security research or consumer privacy. For example, a device that monitored consumers’ use of digital media does not prevent or restrict unauthorised acts in the normal course of its operation, and hence should not be protected[42]. The personal data collected by rightsholders should be minimised as per the Data Protection Directive. And consumers should not be prevented from protecting their privacy by circumventing technological measures that report personal information back to rightsholders, or obtaining the tools necessary to do so.

As with the Danish implementation, mechanisms such as DVD region codes, which are used to release DVDs in different markets at separate times and at different prices, should be excluded.

Finally, Article 6(4)(4) attempts to remove all protections for beneficiaries when works are supplied “on agreed contractual terms in such a way that members of the public may access them from a place and at a time individually chosen by them.” This is a dramatic reduction of copyright users’ rights that needs urgent revision in the review of the Directive. For the time being, implementations should emphasise how unlikely this condition is to be met, given the slow progress of high-bandwidth high-quality mobile browsing devices. Content supplied to a home or office PC is obviously not accessed “from a place… individually chosen by” members of the public.

Summary of implementations








Became law 1/7/03

Latest draft amendments 18/10/02

Approved by Bundesrat 11/7/03

Approved by Parliament 17/12/02

Draft 6/11/02

Circumvention penalties

Damages; 6 months; 360 daily income rates fine

2.5—2500€; repeat offence fine+3 months—2 years

1 year

Fines and general liability

Not specified


services penalties

1 year; 3 years for commercial purposes

Determined by IP Commission

Explicit three-step test






Procedure for exercising exemptions

Judicial order

Will be defined later in secondary legislation

Judicial order

Complain to Board for Intellectual Property Rights; users may circumvent if rightsholder ignores longer than 4 weeks; appeal to courts. Not for 5(2)(b)

Complain to Commission on Intellectual Property which may recommend a penalty of  6000€/day to Ministry of Education, Culture and Sport

Circumvention research exemption



Via Constitution












Draft 10/10/02

Draft 4/4/03

Became law 10/10/02

Became law 29/4/03

Draft 22/7/02

Draft 2/12/02

Draft 7/8/02

Fine, 2 years prison, confiscation

2 years, 150,000€ fine

1 year, fine of 2,900—15,000€

154€ fine, 1,032€ for repeated offence

Court-ordered damages, unlikely to be more than legal costs

3 years, fine of 250—125,000€ (150—75,000€ for attempt)

Damages for loss or recovery of profit


6 months – 4 years, 2,500—15,000€ fine

2 years, unlimited fines[43]








Via courts

Complain to 3-person mediation body; appeal to Appeal Court of Paris

Complain to mediator; appeal to Court of Appeal

Complain to Permanent Copyright Consulting Committee; appeal to courts

None – government will wait to see if there is a problem before creating

Complain to Comissão de Mediação e Arbitragem

Complain to Minister; resulting breach of directions by rightsholders gives right of action for breach of statutory duty










[1] “About WIPO”. See

[2] “WIPO Copyright Treaty” (1996). Available from

[3] “WIPO Performances and Phonograms Treaty” (1996). Available from

[4] “Trade-Related Aspects of Intellectual Property Rights”, Annex 1C, Marrakesh Agreement Establishing the World Trade Organization (1994). Available from

[5] Peter Drahos with John Braithwaite, “Information Feudalism”, London: Earthscan Publications,  pp.108—149 (2002)

[6] “Berne Convention for the Protection of Literary and Artistic Works”, as amended (1979). Available from

[7] “WTO Dispute Settlement Gateway”. See

[8] 19 U.S.C. § 2411. See section IV of the Department of Commerce commentary at (2001)

[9] Supra note 5 pp.99—107

[10] See for example the May 9 2003 letter from US Representatives Lofgren and Boucher to the Secretary of Commerce, available at

[11] Jessica Litman, “Digital Copyright”, Amherst: Prometheus Books (2001) pp.128—130

[12] Pamela Samuelson and John Browning, “Confab Clips Copyright Cartel”, Wired 5.03 (1997). Available from

[13] Electronic Frontier Foundation, “Unintended Consequences: Four Years under the DMCA”. See

[14] Supra note 5  p.36

[15] Lawrence Lessig, “Code and other laws of cyberspace”, Basic Books (2000)

[16] Duncan Campbell, “Development of surveillance technology and risk of abuse of economic information”, working document for the Science and Technology Options Assessment Panel of the European Parliament, (1999). Available from

[17] Supra note 5 pp.210—211

[18] James Boyle, “Cruel, Mean or Lavish?: Economic Analysis, Price Discrimination and Digital Intellectual Property”,  536 Vanderbilt Law Review 2007 (2000). Available from

[19] Supra note 5 p.37

[20] “The Charter of Fundamental Rights of the European Union”, OJ C 364/01 (2001). Available from

[21] Council of Europe, “Convention for the Protection of Human Rights and Fundamental Freedoms” (1950). Available from

[22] Supra note 13

[23] 93 Cal. App.4th 648, 113 Cal. Rptr.2d 338 (2001), appeal granted, 117 Cal. Rptr.2d 167, 41 P.3d 2


[24] Supra note 5 pp. 176—178

[25] L.A. Bygrave, “Digital Rights Management and Privacy – Legal Aspects in the European Union”, pp.527—529, in E. Becker et al., “Digital Rights Management – Technological, Economic, Legal and Political Aspects”, Heidelberg: Springer Verlag (2003) s.4. 

[26] European Commission, “Proposal for a Directive on the enforcement of intellectual property rights”, COM (2003) 46(01). Available from

[27] See

[28] Council Directive 91/250/EEC of 14 May 1991 on the legal protection of computer programs, as amended by Directive 93/98/EEC. OJ L 122, 17/5/91, p. 42.

[29] Supra note 5 p.186

[30] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. OJ L 281, 23/11/95, p. 31.

[31] See (2001)

[32] See (2002)

[33] “FIPR response to the UK government consultation on the implementation of the Copyright Directive” (2002). Available from

[34] Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market. OJ L 178, 17/07/2000, p.1.

[35] Article 12.3 ibid.

[36] ibid.

[37] Directive 2002/96/EC of 27 January 2003 of the European Parliament and of the Council on waste electrical and electronic equipment. OJ L 37 , 13/02/2003, p.24

[38] Council Directive 92/100/EEC of 19 November 1992 on rental right and lending right and on certain rights related to copyright in the field of intellectual property. OJ L 346, 27/11/92, p. 61. As amended by Directive 93/98/EEC.

[39] Council Directive 93/98/EEC of 29 October 1993 harmonizing the term of protection of copyright and certain related rights.

OJ L 290, 24/11./993, p.9

[40] P. Bernt Hugenholtz, “Why the Copyright Directive is Unimportant, and Possibly Invalid”, EIPR 2000-11, pp. 499—505. Available from

[41] “From the Explanatory Memorandum, however, it can be concluded that only when a measure prevents acts that the copy-right holder can prohibit on the basis of copyright law does it need to be protected.” K.J. Koelman and N. Helberger, “Protection of Technological Measures” in B. Hugenholtz, ed., “Copyright and Electronic Commerce: Legal Aspects of Electronic Copyright Management, London: Kluwer Academic Publishers (2000), p.171.

[42] Supra note 25 pp.526—529

[43] For commercial or large-scale dealing