As a CDN and security company, Cloudflare currently serves around 20 million “Internet properties”, ranging from domains and websites through to application programming interfaces (APIs) and mobile applications.
At least hundreds of those properties, potentially more, are considered ‘pirate’ platforms by copyright groups, which has resulted in Cloudflare being sucked into copyright infringement lawsuits due to the activities of its customers.
On Thursday, Cloudflare filed to go public by submitting the required S-1 registration statement. It contains numerous warnings that copyright infringement lawsuits, both current and those that may appear in the future, could present significant issues of liability for the company.
Noting that some of Cloudflare’s customers may use its services in violation of the law, the company states that existing laws relating to the liability of service providers are “highly unsettled and in flux”, both in the United States and further afield.
“For example, we have been named as a defendant in a number of lawsuits, both in the United States and abroad, alleging copyright infringement based on content that is made available through our customers’ websites,” the filing reads.
“There can be no assurance that we will not face similar litigation in the future or that we will prevail in any litigation we may face. An adverse decision in one or more of these lawsuits could materially and adversely affect our business, results of operations, and financial condition.”
Cloudflare goes on to reference the safe harbor provisions of the DMCA, noting that they may not offer “complete protection” for the company or could even be amended in the future to its detriment.
“If we are found not to be protected by the safe harbor provisions of the DMCA, CDA [Communications Decency Act] or other similar laws, or if we are deemed subject to laws in other countries that may not have the same protections or that may impose more onerous obligations on us, we may face claims for substantial damages and our brand, reputation, and financial results may be harmed. Such claims may result in liability that exceeds our ability to pay or our insurance coverage,” Cloudflare warns.
As a global company, it’s not only US law the company has to consider. Cloudflare references the recently-approved Copyright Directive in the EU, noting that also has the potential to expose Cloudflare and other online platforms to liability.
As recently as last month and in advance of any claims under that particular legislation, Cloudflare experienced an adverse ruling in an Italian court. Local broadcaster RTI successfully argued that Cloudflare can be held liable if it willingly fails to act in response to copyright infringement notices. In addition, Cloudflare was ordered to terminate the accounts of several pirate sites.
Of course, it’s not uncommon for S-1 filings to contain statements that can be interpreted as impending doom, since companies are required to be frank about their business’s prospects. However, with single copyright cases often dealing with millions of dollars worth of alleged infringement, Cloudflare’s appraisal of the risks seems entirely warranted.
Cloudflare’s S-1 filing can be viewed here