Text size:

Information Society Services Act

Issuer:Riigikogu
Type:act
In force from:16.08.2022
In force until:30.06.2024
Translation published:25.08.2022

Information Society Services Act1

Passed 14.04.2004
RT I 2004, 29, 191
Entry into force 01.05.2004

Amended by the following legal instruments (show)

PassedPublishedEntry into force
28.06.2004RT I 2004, 54, 38701.07.2004
19.10.2005RT I 2005, 61, 47301.01.2006
19.04.2006RT I 2006, 21, 16025.05.2006
14.06.2006RT I 2006, 31, 23416.07.2006
22.11.2007RT I 2007, 66, 40801.01.2008
17.12.2009RT I 2010, 2, 322.01.2010
22.04.2010RT I 2010, 22, 10801.01.2011, enters into force on the date which has been determined in the Decision of the Council of the European Union regarding the abrogation of the derogation established in respect of the Republic of Estonia on the basis provided for in Article 140 (2) of the Treaty on the Functioning of the European Union, Council Decision 2010/416/EU of 13 July 2010 (OJ L 196, 28.07.2010, pp. 24 - 26).
20.05.2010RT I 2010, 31, 15801.10.2010
10.06.2010RT I 2010, 38, 23010.07.2010
16.12.2010RT I, 06.01.2011, 116.01.2011
19.02.2014RT I, 13.03.2014, 401.07.2014
19.06.2014RT I, 12.07.2014, 101.01.2015
21.11.2018RT I, 12.12.2018, 301.01.2019
12.06.2021RT I, 22.06.2021, 1302.07.2021, in part 01.09.2021
19.07.2022RT I, 06.08.2022, 216.08.2022

§ 1.  Purpose of Act

 (1) This Act provides for the requirements for information society service providers, the organisation of supervision and liability for violation of this Act.

 (2) The provisions of the Administrative Procedure Act shall apply to the administrative procedure prescribed in this Act, taking into consideration the specifications arising from this Act.

 (3) The provisions of this Act do not apply to issues related to the information society services which are regulated by the Electronic Communications Act, the Personal Data Protection Act and the Media Services Act.
[RT I, 06.01.2011, 1 - entry into force 16.01.2011]

§ 2.  Definitions

  In this Act, the following definitions are used:
 1) “Information society services” are services provided in the form of economic or professional activities at the direct request of a recipient of the services, without the parties being simultaneously present at the same location, and such services involve the processing, storage or transmission of information by electronic means intended for the digital processing and storage of data. Information society services must be entirely transmitted, conveyed and received by electronic means of communication. Services provided by means of fax or telephone call and television or radio services are not information society services;
[RT I, 06.01.2011, 1 - entry into force 16.01.2011]
 2) “regulated professional activity” is any professional activity the pursuit of which requires professional qualifications determined by law.

§ 3.  Application of law of state of place of business

 (1) Information society services provided through a place of business located in Estonia (hereinafter services) shall meet the requirements arising from Estonian law regardless of the Member State of the European Union or Member State of the European Economic Area in which the service is provided.

 (2) The provision, in Estonia, of services belonging to the co-ordinated field through a place of business located in a Member State of the European Union or Member State of the European Economic Area are not subject to restriction, except in the case and to the extent justified for the protection of morality, public order, national security, public health and consumer rights.

 (3) The restrictions specified in subsection 2 of this section shall meet the following conditions:
 1) a restriction shall be established against a specific information society service which prejudices the objectives referred to in subsection 2 of this section or which presents a serious risk of prejudice to those objectives;
 2) a restriction shall be proportionate to its objective;
 3) before establishing a restriction, a competent Estonian body has asked the state of the location of the place of business to establish a restriction, and the latter has not established the restriction, or the restriction is inadequate;
 4) a competent Estonian body has notified the European Commission and the relevant Member State of its intention to establish a restriction;
 5) in the case of urgency, derogation from the conditions stipulated in clauses 3 and 4 of this subsection is permitted. In the case of urgency, the competent Estonian body shall notify the restriction in the shortest possible time to the European Commission and to the Member State, indicating the reasons for which it is considered that there is urgency;
[RT I, 22.06.2021, 13 - entry into force 02.07.2021]
 6) clauses 3–5 of this subsection shall not apply to court proceedings.

 (4) The provisions of subsection 2 of this section shall not apply to:
 1) the freedom of the parties to choose the law applicable to their contract;
 2) contractual obligations concerning consumer contracts;
 3) copyright and related rights;
 4) protection of semi-conductors;
 5) protection of databases;
 6) protection of industrial property rights;
 7) formal requirements of the law valid in respect of transactions with rights in immovables;
 8) the permissibility of commercial communications by electronic mail;
 9) advertising of investment funds;
 10) the insurers’ obligation to inform the competent body of the general and specific terms of obligatory insurance;
 11) the insurers’ right of establishment and freedom of provision of services;
 12) non-life and life insurance contracts which cover risks existing in Member States of the European Union;
 13) the activities, as public authorities, of notaries, enforcement agents and other persons engaging in liberal professions in public law;
 14) the representation of parties and of their interests in proceedings in court;
 15) lotteries and gambling activities, including games of chance and betting transactions involving wagering a stake;
 16) issue of electronic money by a company using the right provided by § 12 of the Electronic Money Institutions Act.
[RT I 2010, 2, 3 - entry into force 22.01.2010]

§ 31.  Notification

 (1) The European Commission shall be notified of:
 1) legislation under preparation concerning requirements for information society services;
 2) requirements for information society services established by stock exchange, regulated securities market and securities settlement system.

 (2) Notification need not be given of legislation concerning the following:
 1) requirements for electronic communications services which are regulated by the legislation of the European Union;
 2) requirements for financial services which are regulated by the legislation of the European Union and which are listed non-exhaustively in Annex VI to the Directive 98/48/EC of the European Parliament and Council (OJ L 217, 5.8.1998, pp. 18–26).

 (3) Notification need not be given of draft legislation which complies with the European Union approximation legislation or fulfils the obligations arising out of international agreements resulting in the adoption of common requirements for information society services in the European Union.

 (4) Drafters of legislation subject to notification submit draft legislation to the authority which co-ordinates notification. Draft legislation shall be submitted to notification at such stage of proceedings which allows to make amendments to the draft legislation.

 (5) The Government of the Republic shall establish the procedure for notification of draft legislation concerning requirements for information society services and of requirements for information society services established by stock exchange, regulated securities market and securities settlement system and shall appoint the authority which co-ordinates information exchange.
[RT I 2010, 31, 158 - entry into force 01.10.2010]

§ 4.  Information to be submitted concerning service provider

 (1) A service provider shall render directly and permanently accessible to the recipients of the service at least the following information:
 1) the name of the service provider, its registry code and the name of the corresponding register, the service provider’s address and other contact details, including the electronic mail address;
 2) its registration number if, for operation in the corresponding field of activity, registration in the register of economic activities is required by law, or its activity licence number;
 3) if reference is made to the fee charged for the service, information on whether the fee includes taxes and delivery charges;
 4) the value added tax identification number if the service provider is a person liable to value added tax.
[RT I, 22.06.2021, 13 - entry into force 01.09.2021]

 (2) In addition to the provisions of subsection 1 of this section, a service provider engaged in a regulated professional activity shall render directly and permanently accessible to the recipients of the service the following information;
 1) the name of any professional body or similar institution with which the service provider is registered in connection with the provided service;
 2) the professional title and the Member State where it has been granted;
 3) a reference to the applicable professional rules in the Member State of the location of its place of business, and the means to access them.

§ 5.  Commercial communications

 (1) "Commercial communication" is any information designed to promote, directly or indirectly, the goods, services or image of a person engaged in economic or professional activity.
[RT I 2010, 38, 230 - entry into force 10.07.2010]

 (2) A commercial communication shall comply with the following conditions:
 1) the commercial communication shall be clearly identifiable as such;
 2) the person on whose behalf the commercial communication is made shall be clearly identifiable;
 3) promotional offers, such as discounts, premiums and gifts, promotional competitions and games, shall be clearly identifiable as such;
 4) the conditions for participation in the promotional offers and commercial lotteries specified in clause 3 of this section shall be presented clearly.

 (3) The following are not commercial communications:
 1) information allowing direct access to the activity of a natural or legal person, in particular a domain name or an electronic-mail address;
 2) information relating to the image, goods or services of a person compiled independently of the person.
[RT I 2010, 38, 230 - entry into force 10.07.2010]

§ 6.  [Repealed - RT I 2010, 38, 230 - entered into force 10.07.2010]

§ 7.  Contracts concluded through public data communication network

  Contracts between service providers and recipients of their services through public data communication networks, where the parties are not simultaneously present, shall be concluded pursuant to the provisions of § 621 of the Law of Obligations Act.

§ 8.  Restricted liability upon mere transmission of information and provision of access to public data communications network

 (1) Where a service is provided that consists of the mere transmission in a public data communication network of information provided by a recipient of the service, or the provision of access to a public data communication network, the service provider is not liable for the information transmitted, on condition that the provider:
 1) does not initiate the transmission;
 2) does not select the receiver of the transmission;
 3) does not select or modify the information contained in the transmission.

 (2) The acts of transmission and of provision of access in the meaning of subsection 1 of this section include the automatic, intermediate and transient storage of the information transmitted in so far as this takes place for the sole purpose of carrying out the transmission in the public data communication network, and provided that the information is not stored for any period longer than is reasonably necessary for the transmission.

§ 9.  Restricted liability upon temporary storage of information in cache memory

  Where a service is provided that consists of the transmission in a public data communication network of information provided by a recipient of the service, the service provider is not liable for the automatic, intermediate and temporary storage of that information, if the method of transmission concerned requires caching due to technical reasons and the caching is performed for the sole purpose of making more efficient the information's onward transmission to other recipients of the service upon their request, on condition that:
 1) the provider does not modify the information;
 2) the provider complies with conditions on access to the information;
 3) the provider complies with rules regarding the updating of the information, specified in a manner widely recognised and used in the industry;
 4) the provider does not interfere with the lawful use of technology, widely recognised and used by the industry, to obtain data on the use of the information;
 5) the provider acts expeditiously to remove or to disable access to the information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court, the police or a state supervisory authority has ordered such removal.

§ 10.  Restricted liability upon provision of information storage service

 (1) Where a service is provided that consists of the storage of information provided by a recipient of the service, the service provider is not liable for the information stored at the request of a recipient of the service, on condition that:
 1) the provider does not have actual knowledge of the contents of the information and, as regards claims for the compensation of damage, is not aware of facts or circumstances from which the illegal activity or information is apparent;
[RT I 2010, 38, 230 - entry into force 10.07.2010]
 2) the provider, upon obtaining knowledge or awareness of the facts specified in clause 1 of this section, acts expeditiously to remove or to disable access to the information.

 (2) Subsection 1 of this section shall not apply when the recipient of the service is acting under the authority or the control of the provider.

§ 11.  No obligation to monitor

 (1) A service provider specified in §§ 8–10 of this Act is not obligated to monitor information upon the mere transmission thereof or provision of access thereto, temporary storage thereof in cache memory or storage thereof at the request of the recipient of the service, nor is the service provider obligated to actively seek facts or circumstances indicating illegal activity.

 (2) [Repealed - RT I 2006, 31, 234 - entered into force 16.07.2006]

 (3) Service providers are required to promptly inform the competent supervisory authorities of alleged illegal activities undertaken or information provided by recipients of their services specified in §§ 8–10 of this Act, and to communicate to the competent authorities information enabling the identification of recipients of their service with whom they have storage agreements.

 (4) In order to establish the truth, service providers shall submit information at their disposal concerning the recipients of their information storage services to the Prosecutor's Office and investigative body, on the bases and pursuant to the procedure prescribed in the Code of Criminal Procedure, and to a security authority and a surveillance agency, on the bases and pursuant to the procedure provided by law, within the term specified thereby.

 (5) In order to establish the truth, service providers shall provide the court, on the basis of single written requests thereof and on the bases and pursuant to the procedure prescribed in the Code of Civil Procedure, with information at their disposal on recipients of their information storage services within the term specified by the court. For the purposes of this section, single request is a request for the personal data of the recipient of services and for the fact of transmission of transmitted information, and the duration, method and format of transmitted information of the recipient of services in connection with a particular electronic mail, a particular electronic commentary or another communication session related to the transmission of a single message.
[RT I 2006, 31, 234 - entry into force 16.07.2006]

§ 12.  State supervision
[RT I, 13.03.2014, 4 - entry into force 01.07.2014]

 (1) State supervision over compliance with the requirements provided for in this Act for information that must be provided concerning service providers shall be exercised by the Consumer Protection and Technical Regulatory Authority.
[RT I, 12.12.2018, 3 - entry into force 01.01.2019]

 (2) Supervision over compliance with the requirements provided for in Regulation (EU) No 2019/1150 of the European Parliament and of the Council on promoting fairness and transparency for business users of online intermediation services (OJ L 186, 11.07.2019, p. 57–79) shall be exercised by the Consumer Protection and Technical Regulatory Authority.
[RT I, 22.06.2021, 13 - entry into force 02.07.2021]

§ 13.  Specific state supervision measures
[RT I, 13.03.2014, 4 - entry into force 01.07.2014]

  In order to exercise state supervision provided for in this Act, the Consumer Protection and Technical Regulatory Authority may apply the specific state supervision measure provided for in § 30 of the Law Enforcement Act on the basis of and pursuant to the procedure provided for in the Law Enforcement Act.
[RT I, 12.12.2018, 3 - entry into force 01.01.2019]

§ 131.  Right of Consumer Protection and Technical Regulatory Authority to request restriction of information society services

 (1) Where the information disseminated to the public through information society services incites hatred, violence or discrimination on the basis of nationality, ethnic origin, language, religion or other circumstances specified in § 12 of the Constitution of the Republic of Estonia, incites war or justifies war crimes, and where it is necessary in order to ensure national security and there are no other effective possibilities for termination of the dissemination of such information and for averting the danger, the Consumer Protection and Technical Regulatory Authority has the right to issue a precept to a provider of information society services and to request the removal of information provided through information society services or restriction of access to the information, taking into account the specifications provided in subsections 2 and 3 of this section.

 (2) A provider of publicly available electronic communications services providing Internet access is obliged, on the basis of a precept issued by the Consumer Protection and Technical Regulatory Authority, to disable the domain name specified in the precept in the name servers belonging thereto.

 (3) The administrator of a domain register and the domain registrar are obliged, on the basis of a precept issued by the Consumer Protection and Technical Regulatory Authority, to disable access to a domain or to delete the registration of the domain name specified in the precept and to allow the authority to register the domain name in their own name.
[RT I, 06.08.2022, 2 – entry into force 16.08.2022]

§ 14.  Non-compliance levy rates
[RT I, 13.03.2014, 4 - entry into force 01.07.2014]

  Upon failure to comply with a precept, the maximum rate of the non-compliance levy imposed pursuant to the procedure provided for in the Substitutional Performance and Non-Compliance Levies Act is 640 euros for natural persons and 100,000 euros for legal persons.
[RT I, 22.06.2021, 13 - entry into force 02.07.2021]

§ 15.  Transmission of non-conforming information

 (1) The provision of information society services which do not conform to the requirements provided for in this Act for information that must be provided concerning service providers, for commercial communications or transmission thereof is punishable by a fine of up to 300 fine units.

 (2) The same act, if committed by a legal person,
is punishable by a fine of up to 400,000 euros.
[RT I, 22.06.2021, 13 - entry into force 02.07.2021]

§ 151.  [Repealed - RT I 2006, 21, 160 - entered into force 25.05.2006]

§ 152.  Failure to comply with requirements provided for in Regulation (EU) No 2019/1150 of European Parliament and of Council

 (1) Failure to comply with the requirements provided for in Articles 11 and 12 of Regulation (EU) No 2019/1150 of the European Parliament and of the Council –
is punishable by a fine of up to 300 fine units.

 (2) The same act, if committed by a legal person,
is punishable by a fine of up to 400,000 euros.
[RT I, 22.06.2021, 13 - entry into force 02.07.2021]

§ 16.  Proceedings

 (1) [Repealed – RT I, 12.07.2014, 1 - entry into force 01.01.2015]

 (2) Extra-judicial proceedings concerning the misdemeanours provided for in §§ 15 and 152 of this Act shall be conducted by the Consumer Protection and Technical Regulatory Authority within the limits of its competence.
[RT I, 22.06.2021, 13 - entry into force 02.07.2021]

§ 17.  [Omitted from this text.]

§ 18.  Entry into force of Act

  This Act enters into force on 1 May 2004.


1Directive 2000/31/EC of the European Parliament and the Council on certain legal aspects of information society services, in particular electronic commerce, in the Internal market (OJ L 178, 17.7.2000, pp. 1–16); Directive 98/48/EC of the European Parliament and the Council amending Directive 98/34/EC laying down a procedure for the provision of information in the field of technical standards and regulations (OJ L 217, 5.8.1998, pp. 18–26). [RT I 2010, 31, 158 - entered into force 01.10.2010]; ² RT = Riigi Teataja = State Gazette

https://www.riigiteataja.ee/otsingu_soovitused.json