The Court of Justice of the European Union (CJEU) has delivered what may prove to be one of the most significant judgments on intermediary liability in recent years. In its Grand Chamber judgment in WebGroup Czech Republic and Coyote System (Joined Cases C-188/24 and C-190/24), the Court addressed the scope of the hosting exemption under Article 14 of the e-Commerce Directive and, in doing so, provided important guidance on the notion of “control” in the context of online platforms.
The judgment is significant because it revisits one of the foundations of internet regulation: the circumstances under which online platforms can avoid liability for content generated by their users. While the Court does not remove the hosting exemption, it adopts a broader interpretation of the concept of “control”, potentially narrowing the scope of protection available to platforms that actively organise or disseminate user-generated content.
The decision also raises important questions regarding the future application of the Digital Services Act (DSA), particularly for platforms that rely heavily on recommender systems, ranking mechanisms and algorithmic content curation.
A case about much more than intermediary liability
The judgment arose from two French cases. The first concerned age-verification obligations imposed on providers of online pornographic content. The second involved Coyote System, a navigation application that allows users to share information regarding road conditions and police checks.
Much of the Court’s reasoning focused on the country-of-origin principle under Article 3 of the e-Commerce Directive and the circumstances in which Member States may impose restrictions on information society services established in another Member State.
In that respect, the judgment confirms the broad scope of the “coordinated field” and reinforces the central role of the internal market framework governing digital services. The Court also reaffirmed that Member States may adopt targeted measures against specific services where the conditions set out in Article 3(4) are satisfied, particularly where public policy, public security or the protection of minors are at stake.
Nevertheless, it is the Court’s observations on the hosting exemption that are likely to attract the greatest attention.
Knowledge and control are distinct concepts
For many years, discussions regarding Article 14 have focused primarily on the concept of knowledge. The hosting exemption generally protects providers that merely store information supplied by users and that act expeditiously once they obtain knowledge of unlawful content.
The Court has now emphasised that knowledge and control are separate and independent concepts. A provider may lose the benefit of the hosting exemption not only where it has knowledge of unlawful content, but also where it exercises control over the information stored on its service.
Importantly, the Court confirmed that such control may exist even where no human intervention takes place. The use of algorithms does not prevent a finding of control where the provider has predetermined the conditions under which information is disseminated.
This aspect of the judgment may prove to be its most consequential legacy.
Not every algorithm removes the safe harbour
At first sight, the Court’s reasoning appears alarming for modern online platforms. After all, virtually every platform relies on algorithms to organise, rank, recommend or moderate content.
However, the judgment should not be read as suggesting that any algorithmic processing automatically deprives a provider of the hosting exemption.
The Court draws a distinction between systems that merely categorise or index information to improve accessibility and systems that determine how, whether and in what order information is disseminated. According to the Court, it is the latter category that may amount to control.
Where precisely that line is drawn remains unclear.
The judgment therefore raises a number of important questions. Does a personalised recommendation system amount to control? What about ranking mechanisms designed to maximise user engagement? Can a platform still be regarded as neutral where it uses algorithms primarily to improve user experience rather than to advance its own commercial interests?
The Court provides no definitive answers.
The Advocate General’s more nuanced approach
The Advocate General’s Opinion provides important context for understanding the judgment.
In his Opinion, Advocate General Szpunar recognised that online platforms do not lose the benefit of the hosting exemption merely because they use algorithms to organise, index, search or recommend content. Referring to previous case law, including YouTube and Cyando, he noted that functions such as indexing, search and recommendation may still constitute merely technical and automatic processing of information and do not necessarily imply control over the content itself.
Instead, the Advocate General focused on a distinctive feature of the Coyote service. In his view, Coyote was not merely storing and displaying information provided by users. Through algorithmic processing, the service aggregated, validated and transformed individual user reports into a new informational output designed to present an accurate picture of traffic conditions.
This distinction may prove significant. It suggests that the Advocate General saw a meaningful difference between algorithms that facilitate access to information and algorithms that actively shape, transform or generate a new body of information. While the Court ultimately adopted broader language concerning algorithmic control, the specific characteristics of the Coyote service remain relevant when assessing how far the judgment extends to social media platforms, online marketplaces, search engines and other digital services.
Why the facts matter
The factual context of the Coyote case should not be overlooked.
Unlike many online platforms, Coyote was designed to aggregate and process user reports in order to generate information about road conditions and police checks. This feature appears to have played an important role in both the Advocate General’s Opinion and the Court’s reasoning.
Whether the same reasoning should apply to social media platforms, online marketplaces or search engines remains open to debate.
Implications for the Digital Services Act
Although the judgment concerns the e-Commerce Directive, its significance extends far beyond that instrument.
The DSA has replaced the intermediary liability framework contained in Articles 12 to 15 of the Directive while preserving many of its core principles. At the same time, the DSA expressly recognises that modern platforms rely on recommender systems and imposes detailed obligations concerning their transparency and governance.
This creates an interesting tension.
If every meaningful recommender system were sufficient to establish “control”, many platforms could find themselves outside the hosting exemption altogether. Such an outcome would sit uneasily with the broader architecture of the DSA, which appears to assume that platforms can both benefit from liability exemptions and operate sophisticated recommendation systems.
Future litigation will need to clarify where the boundary lies between permissible organisation of information and algorithmic control, and how that distinction fits within the DSA’s framework for recommender systems and platform governance.
Looking ahead
The judgment does not signal the end of the hosting exemption. However, it significantly reshapes the legal analysis.
By confirming that algorithmic control may be sufficient to exclude a provider from the exemption, even in the absence of actual knowledge of unlawful content, the Court has shifted the focus of intermediary liability debates from knowledge to control.
The key question for future cases will be where the line is drawn between the organisation of information and the active determination of its dissemination. The answer will be critical not only for the future interpretation of the hosting exemption, but also for understanding how the DSA applies to platforms that rely on recommender systems, ranking mechanisms and algorithmic content curation.
