British Telecommunications Plc & Anor, R (on the application of) v The Secretary of State for Business, Innovation and Skills

This judicial review concerned challenges by ISPs (BT and TalkTalk) to the online copyright infringement provisions of the Digital Economy Act 2010 and to a draft Costs Order, on multiple grounds of EU law and proportionality. The court analysed whether the "initial obligations" in the Act were technical regulations requiring prior notification under the Technical Standards Directive, whether the scheme was compatible with the E‑Commerce Directive (in particular Articles 12 and 15), the Privacy and Electronic Communications Directive and the Data Protection regime, the Authorisation Directive and whether the measures were proportionate.

The court held that the initial obligations did not yet have independent legal effect because their incidence and detailed content are expressly made contingent upon an initial obligations Code to be made and brought into force. For that reason the initial obligations were not a technical regulation requiring prior notification under the Technical Standards Directive; the proper text to be notified is the draft Code when it is in a form allowing substantial amendment. The court interpreted Article 12 E‑Commerce narrowly: the immunity protects mere conduit ISPs from liability for the information transmitted but does not prevent national law imposing regulatory obligations (notifications, record‑keeping, appeals procedure and, prospectively, technical measures) targeted at copyright infringement so long as those obligations do not make the ISP liable "for the information transmitted" (i.e. liable in damages or penalty in respect of the underlying infringement itself).

The court held that the DEA regime (as presently enacted) did not amount to a general monitoring obligation prohibited by Article 15 E‑Commerce: ISPs are passive recipients of copyright infringement reports supplied by rights‑holders and are not required by the DEA to inspect or monitor content generally. On data protection and PECD issues the court accepted that processing of IP/traffic data and related personal data would fall within the DPD/DPA but concluded that processing could be lawful under the specified legal bases (for example for establishment/exercise of legal claims) and that appropriate derogations or safeguards could be provided in the Code. The Authorisation Directive did not require the contested statutory provisions to be contained within the general authorisation conditions, and most of the cost‑sharing arrangements were not administrative charges for the purposes of Article 12 AD.

However the court found that the provisions of the draft Costs Order and the DEA which would require ISPs to bear 25% of certain "qualifying" administrative costs charged by Ofcom (recovering Ofcom's regulatory/administrative costs) amounted to administrative charges falling within Article 12 of the Authorisation Directive and went beyond the types of administrative charges permitted: that limb of the challenge succeeded. The remaining challenges (TSD notification, ECD, PECD/DPD incompatibility, proportionality) were dismissed.

Nature of the claim / relief sought: Judicial review by two ISPs seeking declarations and relief that aspects of the Digital Economy Act 2010 (the "contested provisions") and the draft Copyright (Initial Obligations) (Sharing of Costs) Order 2011 were incompatible with EU law (Technical Standards Directive, E‑Commerce Directive, Privacy and Electronic Communications Directive, Data Protection Directive, Authorisation Directive) and were disproportionate; they sought unenforceability or other relief.

Background and parties:

• The claimants were major UK ISPs (BT and TalkTalk). The defendant was the Secretary of State for Business, Innovation and Skills. There were multiple interested parties representing rights holders and industry and two interveners (Open Rights Group/Article 19 and Consumer Focus).
• The statutory scheme imposed "initial obligations" on ISPs by inserting sections 124A–124E (and associated provisions) into the Communications Act 2003, with detailed duties to be set in an industry or Ofcom Code. The Act also permitted future "technical obligations" and provided for Ofcom enforcement and an appeals mechanism. Section 15 DEA authorised a Costs Order to allocate costs between rights‑holders and ISPs; a draft Costs Order had been notified to the Commission.

Issues framed by the court:

1. Whether the initial obligations and related measures were "technical regulations" or "rules on services" requiring prior notification under the Technical Standards Directive (TSD).
2. Whether the scheme was compatible with the E‑Commerce Directive (Articles 12, 15 and Article 3 country‑of‑origin principles and derogations).
3. Compatibility with the Data Protection Directive, the Data Protection Act 1998 and the Privacy and Electronic Communications Directive (processing of IP/traffic/personal data, retention, and derogations).
4. Whether the measures were sector‑specific conditions governed by the Authorisation Directive, and whether administrative charges (in particular recovery of Ofcom's administrative costs from ISPs) complied with Article 12 AD.
5. Whether the measures were proportionate, having regard to EU free movement principles, fundamental rights (privacy and expression) and the evidence in the Impact Assessment.

Court’s reasoning (concise):

• On the TSD: the initial obligations lacked independent legal effect because their operative content and incidence on ISPs were contingent on the Code. Absent a Code in force, the statutory provisions did not impose enforceable obligations on individuals and therefore were not a notifiable technical regulation; the proper instrument to notify was the draft Code (Article 1(12) TSD). Case law (CIA, Commission v Germany, Sapod) requires that the contested measure have legal effect by itself to be notifiable.
• On the E‑Commerce Directive: Article 12 immunity for mere conduit ISPs was interpreted narrowly — it protects ISPs from liability "for the information transmitted" (damages/pecuniary liability for the underlying infringement) but does not prevent Member States from providing procedures enabling rights holders to obtain information, notifications and technical measures where courts/authorities so order. The DEA’s regulatory liabilities (notifications, lists, possible technical measures and administrative penalties for non‑compliance with those regulatory duties) are regulatory obligations parasitic on the scheme and are not the same as liability for the information transmitted. Article 15 (no general monitoring) did not prohibit the DEA since ISPs are passive recipients of rights‑holder reports rather than required to monitor content generally.
• On data protection/PECD: processing of IP/traffic data and other personal data arises, but the court accepted that processing could be justified under the data protection legal bases (eg for establishment/exercise of legal claims) and that derogations or safeguards could be arranged when the Code and Costs Order are finalised.
• On the Authorisation Directive and administrative charges: the court rejected the submission that all sector‑specific legal obligations must be included in the general authorisation. However charges imposed to recover Ofcom’s administrative costs (the 25% share borne by ISPs of qualifying Ofcom costs) were administrative charges within Article 12 AD and could not lawfully cover costs beyond those specified by Article 12; the Costs Order therefore contravened Article 12 AD in relation to qualifying administrative charges.
• On proportionality: the court recognised a wide margin of appreciation for Parliament in complex polycentric policy of this kind and found Parliament had a rational basis on the evidence and consultations to enact the regime; the proportionality challenge failed on the facts.

Outcome: The claim succeeded only on the ground that certain cost allocation provisions (administrative charges) contravened Article 12 of the Authorisation Directive; all other grounds were dismissed. The court granted appropriate relief on the successful limb and otherwise dismissed the application.

The claim is allowed in part. The court found that, for the purposes of the Technical Standards Directive, the initial obligations in the Digital Economy Act 2010 do not yet have independent legal effect because their incidence and detailed content are contingent on a Code to be made and brought into force; they were therefore not technical regulations requiring prior notification. The DEA scheme did not breach the E‑Commerce Directive’s prohibition on general monitoring or the Articles cited when properly interpreted, nor did it unlawfully breach the data protection and PECD provisions in principle; the proportionality challenge failed. However, the court held that the mechanism by which ISPs would be made to bear a share of Ofcom’s qualifying administrative costs constituted administrative charges within Article 12 of the Authorisation Directive and was unlawful. The Claimants succeed only on that ground; all other claims are dismissed.