Mexico has just adopted a terrible new copyright law, thanks to pressure from the United States (and specifically from the copyright maximalists that hold outsized influence on US foreign policy).

This law closely resembles the Digital Millennium Copyright Act enacted in the US 1998, with a few differences that make it much, much worse.

We’ll start with a quick overview, and then dig deeper.

“Anti-Circumvention” Provision

The Digital Millennium Copyright Act included two very significant provisions. One is DMCA 1201, the ban on circumventing technology that restricts access to or use of copyrighted works (or sharing such technology). Congress was thinking about people ripping DVDs to infringe movies or descrambling cable channels without paying, but the law it passed goes much, much farther. In fact, some US courts have interpreted it to effectively eliminate fair use if a technological restriction must be bypassed.

In the past 22 years, we’ve seen DMCA 1201 interfere with media education, remix videos, security research, privacy auditing, archival efforts, innovation, access to books for people with print disabilities, unlocking phones to work on a new carrier or to install software, and even the repair and reverse engineering of cars and tractors. It turns out that there are a lot of legitimate and important things that people do with culture and with software. Giving copyright owners the power to control those things is a disaster for human rights and for innovation.

The law is sneaky. It includes exemptions that sound good on casual reading, but are far narrower than you would imagine if you look at them carefully or in the context of 22 years of history. For instance, for the first 16 years under DMCA 1201, we tracked dozens of instances where it was abused to suppress security research, interoperability, free expression, and other noninfringing uses of copyrighted works.

It’s a terrible, unconstitutional law, which is why EFF is challenging it in court.

Unfortunately, Mexico’s version is even worse. Important cultural and practical activities are blocked by the law entirely. In the US, we and our allies have used Section 1201’s exemption process to obtain accommodations for documentary filmmaking, teachers to use video clips in the classroom, for fans to make noncommercial remix videos, to unlock or jailbreak your phone, to repair and modify cars and tractors, to use competing cartridges in 3D printers, and for archival preservation of certain works. Beyond those, we and our allies have been fighting for decades now to protect the full scope of noninfringing activities that require circumvention, so that journalism, dissent, innovation, and free expression do not take a back seat to an overbroad copyright law. Mexico’s version has an exemption process as well, but it is far more limited, in part because Mexico doesn’t have our robust fair use doctrine as a backstop.

This is not a niche issue. The U.S. Copyright Office received nearly 40,000 comments in the 2015 rulemaking. In response to a petition signed by 114,000 people, the U.S. Congress stepped in to correct the rulemaking authorities when they allowed the protection for unlocking phones to lapse in 2012.

“Notice-and-Takedown” Provision

In order to avoid the uncertainty and cost of litigation (which would have bankrupted every online platform and deprived the public of important opportunities to speak and connect), Congress enacted Section 512, which provides a “safe harbor” for various Internet-related activities. To stay in the safeharbor, service providers must comply with several conditions, including “notice and takedown” procedures that give copyright holders a quick and easy way to disable access to allegedly infringing content. Section 512 also contains provisions allowing users to challenge improper takedowns. Without these protections, the risk of potential copyright liability would prevent many online intermediaries from providing services such as hosting and transmitting user-generated content. Thus the safe harbors have been essential to the growth of the Internet as an engine for innovation and free expression.

But Section 512 is far from perfect, and again, the Mexican version is worse.

First of all, a platform can be fined simply for failing to abide by takedown requests even if the takedown is spurious and the targeted material does not infringe. In the US, if they opted out of the safe harbor, they would still only be liable if someone sued them and proved secondary liability. Platforms are already incentivized to take down content on a hair trigger to avoid potential liability, and the Mexican law provides new penalties if they don’t.

Second, we have long catalogued the many problems that arise when you provide the public a way to get material removed from the public sphere without any judicial involvement. It is sometimes deployed maliciously, to suppress dissent or criticism, while other times it is deployed with lazy indifference about whether it is suppressing speech that isn’t actually infringing.

Third, by requiring that platforms prevent material from reappearing after it is taken down, the Mexican law goes far beyond DMCA 512 by essentially mandating automatic filters. We have repeatedly written about the disastrous consequences of this kind of automated censorship.

So that’s the short version. For more detail, read on. But if you are in Mexico, consider first exercising your power to fight back against this law.

Take Action

If you are based in Mexico, we urge you to participate in R3D's campaign "Ni Censura ni Candados" and send a letter to Mexico's National Commission for Human Rights to asking them to invalidate this new flawed copyright law. R3D will ask for your name, email address, and your comment, which will be subject to R3D's privacy policy.

We are grateful to Luis Fernando García Muñoz of R3D (Red en Defensa de los Derechos Digitales) for his translation of the new law and for his advocacy on this issue.

In-depth legislative analysis and commentary

The text of the law is presented in full in blockquotes. EFF's analysis has been inserted following the relevant provisions.

Provisions on Technical Protection Measures

Article 114 Bis.- In the protection of copyright and related neighboring rights, effective technological protection measures may be implemented and information on rights management. For these purposes:

I. An effective technological protection measure is any technology, device or component that, in the normal course of its operation, protects copyright, the right of the performer or the right of the producer of the phonogram, or that controls access to a work, to a performance, or to a phonogram. Nothing in this section shall be compulsory for persons engaged in the production of devices or components, including their parts and their selection, for electronic, telecommunication or computer products, provided that said products are not destined to carry Unlawful conduct, and

This provision adopts a broad definition of ‘technological protection measure’ or TPM, so that a wide range of encryption and authentication technologies will trigger this provision. The reference to copyright is almost atmospheric, since the law is not substantively restricted to penalizing those who bypass TPMs for infringing purposes.

II. The information on rights management are the data, notice or codes and, in general, the information that identifies the work, its author, the interpretation, the performer, the phonogram, the producer of the phonogram, and to the holder of any right over them, or information about the terms and conditions of use of the work, interpretation or execution, and phonogram, and any number or code that represents such information, when any of these information elements is attached to a copy or appear in relation to the communication to the public of the same.

In the event of controversies related to both fractions, the authors, performers or producers of the phonogram, or holders of respective rights, may exercise civil actions and repair the damage, in accordance with the provisions of articles 213 and 216 bis. of this Law, independently to the penal and administrative actions that proceed.

Article 114 Ter.- It does not constitute a violation of effective technological protection measures when the evasion or circumvention is about works, performances or executions, or phonograms whose term of protection granted by this Law has expired.

In other words, the law doesn’t prohibit circumvention to access works that have entered the public domain. This is small comfort: Mexico has one of the longest copyright terms in the world.

Article 114 Quater.- Actions of circumvention or evasion of an effective technological protection measure protection that controls access to a work, performance or execution, or phonogram protected by this Law, shall not be considered a violation of this Law, when:

This provision lays out some limited exceptions to the general rule of liability. But those exceptions won’t work. After more than two decades of experience with the DMCA in the United States, it is clear that when regulators can’t protect fundamental rights by attempting to imagine in advance and authorize particular forms of cultural and technological innovation. Furthermore, several of these exemptions are modeled off of stale US exemptions that have proven completely inadequate in practice. The US Congress could plead ignorance in the 90s; legislators have no excuse today.

It gets worse: because Mexico does not have a general fair use rule, innovators would be entirely dependent on these limited exemptions.

I. Non-infringing reverse engineering processes carried out in good faith with respect to the copy that has been legally obtained of a computer program that effectively controls access in relation to the particular elements of said computer programs that have not been readily available to the person involved in that activity, with the sole purpose of achieving the interoperability of an independently created computer program with other programs;

If your eyes glazed over at “reverse engineering” and you assumed this covered reverse engineering generally, you would be in good company. This exemption is sharply limited, however. The reverse engineering is only authorized for the “computer program that effectively controls access” and is limited to “elements of said computer programs that have not been readily available.” It does not mention reverse engineering of computer programs that are subject to access controls – in part because the US Congress was thinking about DVD encryption and cable TV channel scrambling, not about software. If you circumvent to confirm that the software is the software claimed, do you lose access to this exemption because the program was already readily available to you? Even if you had no way to verify that claim without circumvention? Likewise, your “sole purpose” has to be achieving interoperability of an independently created computer program with other programs. It’s not clear what “independently” means, and this is not a translation error – the US law is similarly vague. Finally, the “good faith” limitation is a trap for the unwary or unpopular. It does not give adequate notice to a researcher whether their work will be considered to be done in “good faith.” Is reverse engineering for competitive advantage a permitted activity or not? Why should any non-infringing activity be a violation of copyright-related law, regardless of intent?

If you approach this provision as if it authorizes “reverse engineering” or “interoperability” generally you are imagining an exemption that is far more reasonable than what the text provides.

In the US, for example, companies have pursued litigation over interoperable garage door openers and printer cartridges all the way to appellate courts. It has never been this provision that protected interoperators. The Copyright Office has recognized this in granting exemptions to 1201 for activities like jailbreaking your phone to work with other software.

II. The inclusion of a component or part thereof, with the sole purpose of preventing minors from accessing inappropriate content, online, in a technology, product, service or device that itself is not prohibited;

It’s difficult to imagine something having this as the ‘sole purpose.’ In any event, this is far too vague to be useful for many.

III. Activities carried out by a person in good faith with the authorization of the owner of a computer, computer system or network, performed for the sole purpose of testing, investigating or correcting the security of that computer, computer system or network;

Again, if you skim this provision and believe it protects “computer security,” you are giving it too much credit. Most security researchers do not have the “sole purpose” of fixing the particular device they are investigating; they want to provide that knowledge to the necessary parties so that security flaws do not harm any of the users of similar technology. They want to advance the state of understanding of secure technology. They may also want to protect the privacy and autonomy of users of a computer, system, or network in ways that conflict with what the manufacturer would view as the security of the device. The “good faith” exemption again creates legal risk for any security researcher trying to stay on the right side of the law. Researchers often disagree with manufacturers about the appropriate way to investigate and disclose security vulnerabilities. The vague statutory provision for security testing in the United States was far too unreliable to successfully foster essential security research, something that even the US Copyright Office has now acknowledged. Restrictions on engaging in and sharing security research are also part of our active lawsuit seeking to invalidate Section 1201 as a violation of free expression.

IV. Access by the staff of a library, archive, or an educational or research institution, whose activities are non-profit, to a work, performance, or phonogram to which they would not otherwise have access, for the sole purpose to decide if copies of the work, interpretation or execution, or phonogram are acquired;

This exemption too must be read carefully. It is not a general exemption for noninfringing archival or educational uses. It is instead an extremely narrow exemption for deciding whether to purchase a work. When archivists want to break TPMs to archive an obsolete format, when educators want to take excerpts from films to discuss in class, when researchers want to run analytical algorithms on video data to measure bias or enhance accessibility, this exemption does nothing to help them. Several of these uses have been acknowledged as legitimate and impaired by the US Copyright Office.

V. Non-infringing activities whose sole purpose is to identify and disable the ability to compile or disseminate undisclosed personal identification data information, reflecting the online activities of a natural person, in a way that it does not to affect the ability of any person to gain access to a work, performance, or phonogram;

This section provides a vanishingly narrow exception, one that can be rendered null if manufacturers use TPMs in such a way that you cannot protect your privacy without bypassing the same TPM that prevents access to a copyrighted work. And rightsholders have repeatedly taken this very position in the United States. Besides that, the wording is tremendously outdated; you may want to modify the software in your child’s doll so that it doesn’t record their voice and send it back to the manufacturer; that is not clearly “online activities” – they’re simply playing with a doll at home. In the US, “personally identifiable information” also has a meaning that is narrower than you might expect.

VI. The activities carried out by persons legally authorized in terms of the applicable legislation, for the purposes of law enforcement and to safeguard national security;

This would be a good model for a general exemption: you can circumvent to do noninfringing things. Lawmakers have recognized, with this provision, that the ban on circumventing TPMs could interfere with legitimate activities that have nothing to do with copyright law, and provided a broad and general assurance that these noninfringing activities will not give rise to liability under the new regime.

VII. Non-infringing activities carried out by an investigator who has legally obtained a copy or sample of a work, performance or performance not fixed or sample of a work, performance or execution, or phonogram with the sole purpose of identifying and analyzing flaws in technologies for encoding and decoding information;

This exemption again is limited to identifying flaws in the TPM itself, as opposed to analyzing the software subject to the TPM.

VIII. Non-profit activities carried out by a person for the purpose of making accessible a work, performance, or phonogram, in languages, systems, and other special means and formats, for persons with disabilities, in terms of the provisions in articles 148, section VIII and 209, section VI of this Law, as long as it is made from a legally obtained copy, and

Why does accessibility have to be nonprofit? This means that companies trying to serve the needs of the disabled will be unable to interoperate with works encumbered by TPMs.

IX. Any other exception or limitation for a particular class of works, performances, or phonograms, when so determined by the Institute at the request of the interested party based on evidence.

It is improper to create a licensing regime that presumptively bans speech and the exercise of fundamental rights, and then requires the proponents of those rights to prove their rights to the government in advance of exercising them.  We have sued the US government over its regime and the case is pending.

Article 114 Quinquies.- The conduct sanctioned in article 232 bis shall not be considered as a violation of this Law:

These are the exemptions to the ban on providing technology capable of circumvention, as opposed to the act of circumventing oneself. They have the same flaws as the corresponding exemptions above, and they don’t even include the option to establish new, necessary exemptions over time. This limitation is present in the US regime, as well, and has sharply curtailed the practical utility of the exemptions obtained via subsequent rulemaking. They also do not include the very narrow privacy and library/archive exemptions, meaning that it is unlawful to give people the tools to take advantage of those rights.

I. When it is carried out in relation to effective technological protection measures that control access to a work, interpretation or execution, or phonogram and by virtue of the following functions:

a) The activities carried out by a non-profit person, in order to make an accessible format of a work, performance or execution, or a phonogram, in languages, systems and other modes , means and special formats for a person with a disability, in terms of the provisions of articles 148, section VIII and 209, section VI of this Law, as long as it is made from a copy legally obtained;

b) Non-infringing reverse engineering processes carried out in good faith with respect to the copy that has been legally obtained of a computer program that effectively controls access in relation to the particular elements of said computer programs that have not been readily available to the person involved in that activity, with the sole purpose of achieving the interoperability of an independently created computer program with other programs;

c) Non-infringing activities carried out by an investigator who has legally obtained a copy or sample of a work, performance or performance not fixed or sample of a work, performance or execution, or phonogram with the sole purpose of identifying and analyzing flaws in technologies for encoding and decoding information;

d) The inclusion of a component or part thereof, with the sole purpose of preventing minors from accessing inappropriate content, online, in a technology, product, service or device that itself is not prohibited;

e) Non-infringing activities carried out in good faith with the authorization of the owner of a computer, computer system or network, carried out for the sole purpose of testing, investigating or correcting the security of that computer, computer system or network, and

f ) The activities carried out by persons legally authorized in terms of the applicable legislation, for the purposes of law enforcement and to safeguard national security.

II. When it is carried out in relation to effective technological measures that protect any copyright or related right protected in this Law and by virtue of the following functions:

a) Non-infringing reverse engineering processes carried out in good faith with respect to the copy that has been legally obtained of a computer program that effectively controls access in relation to the particular elements of said computer programs that have not been readily available to the person involved in that activity, with the sole purpose of achieving the interoperability of an independently created computer program with other programs, and

b) The activities carried out by persons legally authorized in terms of the applicable legislation, for the purposes of law enforcement and to safeguard national security.

Article 114 Sexies.- It is not violation of rights management information, the suspension, alteration, modification or omission of said information, when it is carried out in the performance of their functions by persons legally authorized in terms of the applicable legislation, for the effects of law enforcement and safeguarding national security.

Article 232 Bis.- A fine of 1,000 UMA to 20,000 UMA will be imposed on whoever produces, reproduces, manufactures, distributes, imports, markets, leases, stores, transports, offers or makes available to the public, offer to the public or provide services or carry out any other act that allows having devices, mechanisms, products, components or systems that:

Again, it’s damaging to culture and innovation to ban non-infringing activities and technologies simply because they circumvent access controls.

I. Are promoted, published or marketed with the purpose of circumventing effective technological protection measure;

II. Are used predominantly to circumvent any effective technological protection measure, or

This seems to suggest that a technologist who makes a technology with noninfringing uses can be liable because others, independently, have used it unlawfully.

III. Are designed, produced or executed with the purpose of avoiding any effective technological protection measure.

Article 232 Ter.- A fine of 1,000 UMA to 10,000 UMA will be imposed, to those who circumvent an effective technological protection measure that controls access to a work, performance, or phonogram protected by this Law.

Article 232 Quáter.- A fine of 1,000 UMA to 20,000 UMA will be imposed on those who, without the respective authorization:

I. Delete or alter rights management information;

This kind of vague prohibition invites nuisance litigation. There are many harmless ways to ‘alter’ rights management information – for accessibility, convenience, or even clarity. In addition, when modern cameras take pictures, they often automatically apply information that identifies the author. This creates privacy concerns, and it is a common social media practice to strip that identifying information in order to protect users. While large platforms can obtain a form of authorization via their terms of service, it should not be unlawful to remove identifying information in order to protect the privacy of persons involved in the creation of a photograph (for instance, those attending a protest or religious event).

II. Distribute or import for distribution, rights management information knowing that this information has been deleted, altered, modified or omitted without authorization, or

III. Produce, reproduce, publish, edit, fix, communicate, transmit, distribute, import, market, lease, store, transport, disclose or make available to the public copies of works, performances, or phonograms, knowing that the rights management information has been deleted, altered, modified or omitted without authorization.

Federal Criminal Code

Article 424 bis.- A prison sentence of three to ten years and two thousand to twenty thousand days fine will be imposed:

I. Whoever produces, reproduces, enters the country, stores, transports, distributes, sells or leases copies of works, phonograms, videograms or books, protected by the Federal Law on Copyright, intentionally, for the purpose of commercial speculation and without the authorization that must be granted by the copyright or related rightsholder according to said law.

The same penalty shall be imposed on those who knowingly contribute or provide in any way raw materials or supplies intended for the production or reproduction of works, phonograms, videograms or books referred to in the preceding paragraph;

This is ridiculously harsh and broad, even in the most generous reading. And the chilling effect of this criminal prohibition will go even further. If one “knows” they are providing paper to someone but do not know that person is using it to print illicit copies, there should be complete legal clarity that they are not liable, let alone criminally liable.

II. Whoever manufactures, for profit, a device or system whose purpose is to deactivate the electronic protection devices of a computer program, or

As discussed, there are many legitimate and essential reasons for deactivating TPMs.

III. Whoever records, transmits or makes a total or partial copy of a protected cinematographic work, exhibited in a movie theater or places that substitute for it, without the authorization of the copyright or related rightsholder.

Jail time for filming any part of a movie in a theater is absurdly draconian and disproportionate.

Article 424 ter.- A prison sentence of six months to six years and five thousand to thirty thousand days fine will be imposed on whoever that sells to any final consumer on the roads or in public places, intentionally, for the purpose of commercial speculation, copies of works, phonograms, videograms or books, referred to in section I of the previous article.

If the sale is made in commercial establishments, or in an organized or permanent manner, the provisions of article 424 Bis of this Code will be applied.

Again, jail for such a violation is extremely disproportionate. The same comment applies to many of the following provisions.

Article 425.- A prison sentence of six months to two years or three hundred to three thousand days fine will be imposed on anyone who knowingly and without right exploits an interpretation or an execution for profit.

Article 426.- A prison term of six months to four years and a fine of three to three thousand days will be imposed, in the following cases:

I. Whoever manufactures, modifies, imports, distributes, sells or leases a device or system to decipher an encrypted satellite signal, carrier of programs, without authorization of the legitimate distributor of said signal;

II. Whoever performs, for profit, any act with the purpose of deciphering an encrypted satellite signal, carrier of programs, without authorization from the legitimate distributor of said signal;

III. Whoever manufactures or distributes equipment intended to receive an encrypted cable signal carrying programs, without authorization from the legitimate distributor of said signal, or

IV. Whoever receives or assists another to receive an encrypted cable signal carrying programs without the authorization of the legitimate distributor of said signal.

Article 427 Bis.- Who, knowingly and for profit, circumvents without authorization any effective technological protection measure used by producers of phonograms, artists, performers, or authors of any work protected by copyright or related rights, it will be punished with a prison sentence of six months to six years and a fine of five hundred to one thousand days.

Article 427 Ter.- To who, for profit, manufactures, imports, distributes, rents or in any way markets devices, products or components intended to circumvent an effective technological protection measure used by phonogram producers, artists or performers, as well as the authors of any work protected by copyright or related rights, will be imposed from six months to six years of prison and from five hundred to one thousand days fine.

Article 427 Quater.- To those who, for profit, provide or offer services to the public intended mainly to avoid an effective technological protection measure used by phonogram producers, artists, performers, or performers, as well as the authors of any protected work. by copyright or related right, it will be imposed from six months to six years in prison and from five hundred to a thousand days fine.

Article 427 Quinquies.- Anyone who knowingly, without authorization and for profit, deletes or alters, by himself or through another person, any rights management information, will be imposed from six months to six years in prison and five hundred to one thousand days fine.

The same penalty will be imposed on who for profit:

I. Distribute or import for its distribution rights management information, knowing that it has been deleted or altered without authorization, or

II. Distribute, import for distribution, transmit, communicate, or make available to the public copies of works, performances, or phonograms, knowing that rights management information has been removed or altered without authorization.

Notice and takedown provisions

Article 114 Septies.- The following are considered Internet Service Providers:

I. Internet Access Provider is the person who transmits, routes or provides connections for digital online communications without modification of their content, between or among points specified by a user, of material of the user’s choosing, or that makes the intermediate and transient storage of that material done automatically in the course of a transmission, routing or provision of connections for digital online communications.

II. Online Service Provider is a person who performs any of the following functions:

a) Caching carried out through an automated process;

b) Storage, at the request of a user, of material that is hosted in a system or network controlled or operated by or for an Internet Service Provider, or

c) Referring or linking users to an online location by using information location tools, including hyperlinks and directories.

Article 114 Octies.- The Internet Service Providers will not be responsible for the damages caused to copyright holders, related rights and other holders of any intellectual property right protected by this Law, for the copyright or related rights infringements that occur in their networks or online systems, as long as they do not control, initiate or direct the infringing behavior, even if it takes place through systems or networks controlled or operated by them or on their behalf, in accordance with the following:

I. The Internet Access Providers will not be responsible for the infringement, as well as the data, information, materials and contents that are transmitted or stored in their systems or networks controlled or operated by them or on their behalf when:

For clarity: this is the section that applies to those who provide your Internet subscription, as opposed to the websites and services you reach over the Internet.

a ) Does not initiate the chain of transmission of the materials or content nor select the materials or content of the transmission or its recipients, and

b) Include and do not interfere with effective standard technological measures, which protect or identify material protected by this law, which are developed through an open and voluntary process by a broad consensus of copyright holders and service providers, which are available from in a reasonable and non-discriminatory manner, and that do not impose substantial costs on service providers or substantial burdens on their network systems.

There is no such thing as a standard technological measure, so this is just dormant poison. A provision like this is in the US law and there has never been a technology adopted according to such a broad consensus.

II. The Online Service Providers will not be responsible for the infringements, as well as the data, information, materials and content that are stored or transmitted or communicated through their systems or networks controlled or operated by them or on their behalf, and in cases that direct or link users to an online site, when:

First, for clarity, this is the provision that applies to the services and websites you interact with online, including sites like YouTube, Dropbox, Cloudflare, and search engines, but also sites of any size like a bulletin-board system or a server you run to host materials for friends and family or for your activist group.

The consequences for linking are alarming. Linking isn’t infringing in the US or Canada, and this is an important protection for public discourse. In addition, a linked resource can change from a non-infringing page to an infringing one.

a) In an expeditious and effective way, they remove, withdraw, eliminate or disable access to materials or content made available, enabled or transmitted without the consent of the copyright or related rights holder, and that are hosted in their systems or networks, once you have certain knowledge of the existence of an alleged infringement in any of the following cases:

1. When it receives a notice from the copyright or related rights holder or by any person authorized to act on behalf of the owner, in terms of section III of this article, or

It’s extremely dangerous to take a mere allegation as "certain knowledge" given how many bad faith or mistaken copyright takedowns are sent.

2. When it receives a resolution issued by the competent authority ordering the removal, elimination or disabling of the infringing material or content.

In both cases, reasonable measures must be taken to prevent the same content that is claimed to be infringing from being uploaded to the system or network controlled and operated by the Internet Service Provider after the removal notice or the resolution issued by the competent authority.

This provision effectively mandates filtering of all subsequent uploads, comparing them to a database of everything that has been requested to be taken down. Filtering technologies are overly broad and unreliable, and cannot make infringement determinations. This would be a disaster for speech, and the expense would also be harmful to small competitors or nonprofit online service providers.

b) If they remove, disable or suspend unilaterally and in good faith, access to a publication, dissemination, public communication and/or exhibition of the material or content, to prevent the violation of applicable legal provisions or to comply with the obligations derived of a contractual or legal relationship, provided they take reasonable steps to notify the person whose material is removed or disabled.

c) They have a policy that provides for the termination of accounts of repeat offenders, which is publicly known by their subscribers;

This vague provision is also often a sword wielded by rightsholders. When the service provider is essential, such as access to the Internet, termination is an extreme measure and should not be routine.

d) Include and do not interfere with effective standard technological measures that protect or identify material protected by this Law, which are developed through an open and voluntary process by a broad consensus of copyright holders and service providers, which are available in a reasonable and non-discriminatory manner, and that do not impose substantial costs on service providers or substantial burdens on their systems or networks,

Again, there’s not yet any technology considered a standard technological measure.

e) In the case of Online Service Providers referred to in subsections b) and c) of the section II of article 114 Septies, in addition to the provisions of the immediately preceding paragraph, must not receive a financial benefit attributable to the infringing conduct, when the provider has the right and ability to control the infringing conduct.

This is a bit sneaky and could seriously undermine the safe harbor. Platforms do profit from user activity, and do technically have the ability to remove content – if that’s enough to trigger liability or to defeat a safe harbor, then the safe harbor is essentially null for any commercial platform.

III. The notice referred to in subsection a), numeral 1, of the previous section, must be submitted through the forms and systems as indicated in the regulations of the Law, which will establish sufficient information to identify and locate the infringing material or content.

Said notice shall contain as a minimum:

1. Indicate of the name of the rightsholder or legal representative and the means of contact to receive notifications;

2. Identify the content of the claimed infringement;

3. Express the interest or right regarding the copyright, and

4. Specify the details of the electronic location to which the claimed infringement refers.

The user whose content is removed, deleted or disabled due to probable infringing behavior and who considers that the Online Service Provider is in error, may request the content be restored through a counter-notice, in which he/she must demonstrate the ownership or authorization he/she has for that specific use of the content removed, deleted or disabled, or justify its use according to the limitations or exceptions to the rights protected by this Law.

The Online Service Provider who receives a counter-notice in accordance with the provisions of the preceding paragraph, must report the counter-notice to the person who submitted the original notice, and enable the content subject of the counter-notice, unless the person who submitted the original notice initiates a judicial or administrative procedure, a criminal complaint or an alternative dispute resolution mechanism within a period not exceeding 15 business days since the date the Online Service Provider reported the counter-notice to the person who submitted the original notice.

It should be made clear that the rightsholder is obligated to consider exceptions and limitations before sending a takedown.

IV. Internet Service Providers will not be obliged to supervise or monitor their systems or networks controlled or operated by them or on their behalf, to actively search for possible violations of copyright or related rights protected by this Law and that occur online.

In accordance with the provisions of the Federal Law on Telecommunications and Broadcasting, Internet Service Providers may carry out proactive monitoring to identify content that violates human dignity, is intended to nullify or impair rights and freedoms, as well as those that stimulate or advocate violence or a crime.

This provision is sneaky. It says “you don’t have to filter, but you’re allowed to look for content that impairs rights (like copyright) or a crime (like the new crimes in this law).” Given that the law also requires the platform to make sure that users cannot re-upload content that is taken down, it’s cold comfort to say here that they don’t have to filter proactively. At best, this means that a platform does not need to include works in its filters until it has received a takedown request for the works in question.

V. The impossibility of an Internet Service Provider to meet the requirements set forth in this article by itself does not generate liability for damages for violations of copyright and related rights protected by this Law.

This provision is unclear. Other provisions seem to indicate liability for failure to enact these procedures. Likely this means that a platform would suffer the fines below, but not liability for copyright infringement, if it is impossible to comply.

Article 232 Quinquies.- A fine of 1,000 UMA to 20,000 UMA will be imposed when:

I. Anyone who makes a false statement in a notice or counter-notice, affecting any interested party when the Online Service Provider has relied on that notice to remove, delete or disable access to the content protected by this Law or has rehabilitated access to the content derived from said counter-notice;

This is double-edged: it potentially deters both notices and counternotices. It also does not provide a mechanism to prevent censorship; a platform continues to be obligated to act on notices that include falsities.

II. To the Online Service Provider that does not remove, delete or disable access in an expedited way to the content that has been the subject of a notice by the owner of the copyright or related right or by someone authorized to act on behalf of the holder, or competent authority, without prejudice to the provisions of article 114 Octies of this Law, or

This is a shocking expansion of liability. In the US, the safe harbor provides important clarity, but even without the safe harbor, a platform is only liable if they have actually committed secondary copyright infringement. Under this provision, even a spurious takedown must be complied with to avoid a fine. This will create even worse chilling effects than what we’ve seen in the US.

III. To the Internet Service Provider that does not provide expeditiously to the judicial or administrative authority, upon request, the information that is in their possession and that identifies the alleged infringer, in the cases in which said information is required in order to protect or enforce copyright or related rights within a judicial or administrative proceeding.

We have repeatedly seen these kinds of information requests used alongside a pointless copyright claim in order to unmask critics or target people for harassment. Handing out personal information should not be automatic simply because of an allegation of copyright infringement. In the US, we have fought for and won protections for anonymous speakers when copyright owners seek to unmask them because of their expression of their views. For instance, we recently defended the anonymity of a member of a religious community who questioned a religious organization, when the organization sought to abuse copyright law to learn their identity.