Limitation of liability for ISP activities

Internet service providers fulfil a central role in the modern information activity by acting as a conduit and clearing house for the transmission of electronic communications. South African law recognises the special position of ISPs and the need for them to be protected against liability in respect of third party content and activities which take place over their networks.

As is the case in many other jurisdictions, a “safe harbour” is created for ISPs through the operation of Chapter XI of the Electronic Communications and Transactions Act 25 of 2002 (“the ECT Act”).

A “service provider” under the Act is defined as a person providing services including “the provision of connections, the operation of facilities for information systems, the provision of access to information systems, the transmission or routing of data messages between or among points specified by a user and the processing and storage of data, at the individual request of the recipient of the service”.

Section 73 of the ECT Act stipulates that a service provider “is not liable for providing access to or for operating facilities for information systems or transmitting, routing or storage of data messages via an information system under its control”. This immunity holds only where the service provider:

  • is a member of an IRB and has adopted and implemented the code of conduct of that IRB;
  • does not initiate the transmission;
  • does not select the addressee;
  • performs the functions in an automatic, technical manner without selection of the data; and
  • does not modify the data contained in the transmission.

The section 73 “mere conduit” immunity does not interfere with the right of the courts to order a service provider to terminate or prevent unlawful activity in terms of any other law which may apply.

Hosting, caching and information local tools

This legislative immunity also covers hosting of content, caching of content and the provision of tools such as hyperlinks which are designed to assist users to find information. In all of these instances there are further requirements set out in the relevant section and which in essence stipulate that the provision of the service or performance of the activity must take place at arm’s length, in accordance with industry standards and that the service provider should not have knowledge of unlawful activity.

Take-Down Notice Procedure

Section 77 of the ECT Act creates a procedure which allows a complainant to notify a service provider or its designated agent of unlawful activity in a written notice which sets out the right which has been infringed and the location or nature of the infringing material or activity under the control of the service provider. A service provider is obliged to act expeditiously to remove or disable access to infringing content, failing which it may lose the immunity it has in respect of hosted content under section 75 of the ECT Act.

No general obligation to monitor

Section 78 of the ECT Act explicitly states that services providers are not under any general obligation to monitor the data which it transmits or stores or to actively seek facts or circumstances indicating an unlawful activity. This is recognition of practical reality: even a small Internet access provider would find it impossible to monitor all the content flowing over its systems due to the volume of content and the speed at which it travels.

Internet access providers are further under a Constitutional imperative to respect the privacy of their subscribers and are prohibited under RICA from any unauthorised interception and/or monitoring of electronic communications.


Guidelines for Recognition of Industry Representative Bodies of Information System Service Providers (14 December 2006)