This Act implemented the EU Electronic Commerce Directive 2000/31/EC, introducing intermediary liability for unlawful content. Following the Directive it differentiates between mere conduit, catching and hosting, introducing no obligation to monitor or filter hosted or cached content as well as a basic notice-and-takedown procedure. The Act determines obligations of information service providers (ISPs), rules for insulating them from legal liability as well as rules for the protection of personal data treated by the intermediaries.
(1) Definitions. According to the Act, “providing services by electronic” means to render a service by transmitting and collecting data by means of teleinformation systems, at the individual request of a service recipient, without the parties being simultaneously present, while the data are transmitted through public networks. It distinguishes between a “service provider” and a “service recipient” whereby the former is understood as “any natural person, legal person or organizational unit without legal entity, who, while performing, even as side activities, commercial or professional activities provides services by electronic means”. The Act does not differentiate between access, service or content providers.
(2) Media and Publishers Liability. Although the Act on rendering electronic services explicitly does not cover media (Article 3), Poland has been one of the first European states to recognize the editorial liability of information service providers (see case State Prosecutor v. Norbert Z. & Tomasz K below).
(3) Spam. The Act covers also intermediary liability for spam introducing an opt-in model of spam protection. Article 9 requires commercial information to be clearly separated and marked in a manner that no doubt may arise that it is information of a commercial character. Article 10 prohibits sending unsolicited commercial information to a specified recipient - who never expressed any specific consent to receive it - by electronic communication means.
(4) Liability Exemptions. Chapter 3 of the Act is devoted to liability exemptions for ISPs. Article 12 introduces the mere conduit exemption stating that no responsibility for conveyed data shall be borne by the one who, while transmitting data, is not an initiator of the transmission, does not select the recipient of data, nor deletes or modifies the data subject to transmission. The exemption covers also automated and short-term indirect storing of such data, if this activity aims exclusively at proceeding with the transmission, and the data are not stored longer than it is ordinarily necessary for accomplishing the transmission. Similarly an exemption for caching services providers is provided in Article 13, which excludes any responsibility for stored data of entities transmitting data and providing for automated and short-term indirect storing of the data in order to make them quickly accessible on the request of another entity if they do not delete or modify the data, use information techniques recognized and usually applied for such activities and do not interfere with such techniques.
(5) Notice and Take Down. The notice and takedown procedure for cached illegal content is provided for in Article 13 par. 2 which exempts from liability for stored data the person, who, “immediately erases the data or makes the access to the stored data impossible as soon as he/she receives the message that the data have been erased from the initial source of transmission or the access to them has been made impossible, or a court or any other competent authority has ordered to erase the data or to make the access to them impossible.” Similar regulations relating to hosting providers can be found in Article 14 which exempts from liability for stored data a person, who, while making the resources of a teleinformation system available for the purpose of the data storage by a service recipient, is not aware of unlawful nature of the data or the activity related to them, and in case of “having been officially informed or having received a credible notice on the unlawful nature of the data or the activity related to them, makes the access to the data immediately impossible”. The terms “official information”, “credible notice” and “immediately” have not been defined in the Act nor in accompanying jurisprudence, resulting in much autonomy for service providers in making their decisions. This autonomy requires ISPs to make autonomous decisions on the credibility of the information received, legality of content and due time for such content to be disabled. There is no detailed notice-and-takedown procedure on formal and procedural conditions of filing a notice and its consequences in place, nor is there coherent self regulation in this area, with individual service providers making their decision individually. This situation causes an undesired chilling effect resulting in intermediary service providers disabling most content reported as potentially illegal in order to avoid any liability.
(6) Personal Data Protection. The Act introduces also detailed obligations of intermediary service providers regarding the rules of the Personal Data Protection Related to Providing Services by Electronic Means in Articles 16–24.
Topic, claim, or defense
General or Non-Specified
Type of service provider
General or Non-Specified
Host (Including Social Networks)
Internet Access Provider (Including Mobile)
OSP obligation considered
Block or Remove
Monitor or Filter
Type of law
General effect on immunity
General intermediary liability model
Takedown/Act Upon Knowledge (Includes Notice and Takedown)