CryptoServers
Server starten

· Rechtliche Erklärung

DMCA-ignoriertes Hosting — was es bedeutet, was nicht

A precise definition. The DMCA (Digital Millennium Copyright Act, 17 USC §512) is a United States federal statute. It has no extraterritorial force. Hosts whose corporate entity and physical infrastructure sit outside US jurisdiction are not bound by it — DMCA take-down notices that arrive in their inbox have the same legal weight as a strongly-worded email. Cryptoservers is incorporated in Saint Kitts and Nevis, with datacenters in Iceland, the Netherlands, Romania and Switzerland; we do not honour DMCA notices because they have no operative effect over our infrastructure. That does not mean copyright is unenforceable — it means takedown is routed through local court process, not a private letter.

Einen Server bereitstellen Rechtsgebietstabelle
Nur Gerichtsbeschlüsse Saint Kitts & Nevis eingetragen IS · NL · RO · CH Krypto-Checkout, kein KYC
DMCA-ignored offshore hosting

Warum wir DMCA ignorieren Mitteilungen

Nicht als Marketingpostur — als rechtliche Realität. Das Gesetz erreicht unsere Infrastruktur schlichtweg nicht.

The DMCA is codified at 17 USC §512 as part of US copyright law. Section 512(c), the safe-harbour provision, conditions a US online-service-provider's liability shield on a notice-and-takedown procedure. The statutory text addresses "service providers" as defined in §512(k), and the enforcement mechanism — the §512(j) injunctive-relief framework — sits inside the United States federal courts.

None of those mechanisms have force outside the United States. A foreign court will not enforce a US copyright statute as a free-standing cause of action; bilateral instruments like the Berne Convention oblige member states to <em>protect copyright</em>, not to import US procedural rules. As a Nevisian company with infrastructure in Iceland, the Netherlands, Romania and Switzerland, we sit outside the reach of §512 entirely.

Practically: every week the abuse mailbox receives DMCA notices. They are auto-classified, the customer is informed (so they can comment if they wish), and the content remains up. We do not act on them because we have no statutory obligation to and because doing so on a private letter would amount to private censorship without due process. That is not a service we offer.

"The DMCA is a creature of US federal law. Its notice-and-takedown procedure operates within the framework of US courts. It is not an international treaty and it does not bind foreign service providers." — common reading of §512 in international IP scholarship; see e.g. Cornell LII annotations.

Was wir TATSÄCHLICH beachten — ordentliches Verfahren, keine Briefe

Cryptoservers steht nicht „über dem Gesetz" und hat das nie behauptet. Es gibt fünf Kategorien von Rechtsverfahren, an die wir gebunden sind, alle enger gefasst als der DMCA.

  • Nevisian court orders. We are incorporated in Saint Kitts and Nevis. Civil and criminal orders properly served and finalised in Nevisian courts are binding on us. The High Court of Justice of Saint Christopher and Nevis is the standard forum.
  • Iceland — local judicial process. Our Reykjavík datacenter is operated under Icelandic law. Court orders issued by the District Court of Reykjavík (Héraðsdómur Reykjavíkur) and finalised by the Supreme Court of Iceland (Hæstiréttur Íslands) bind that PoP. Iceland's IMMI (Icelandic Modern Media Initiative) framework constrains pre-trial takedowns.
  • Netherlands — local judicial process. The Dutch courts (Rechtbank Amsterdam) issue takedown orders under the Civil Code and the implementing legislation of the EU eCommerce Directive (now DSA). We honour those orders, narrowly scoped to the content they identify.
  • Romania — local judicial process. Romanian courts (Tribunalul Bucureşti) issue orders under Law no. 365/2002 (eCommerce) and the DSA. Romania's Constitutional Court ruling in 2014 (Decision no. 440/2014) struck down the previous mandatory data-retention regime, narrowing the categories of compelled disclosure.
  • Switzerland — local judicial process. Swiss courts (Bezirksgericht Zürich) issue orders under the Civil Code Art 28a and the Federal Act on Data Protection (FADP). Switzerland is outside the EU and outside the 14-Eyes signals-intelligence agreement; local jurisdiction is the only route.

A binding order of the kind above gets a documented response. Our <a href="/de/canary/">warrant canary</a> publishes the count of orders honoured per quarter (and signals if a US, Five-Eyes or other foreign-jurisdiction order has ever been complied with — by going un-signed if so).

DMCA-äquivalente Gesetze nach Rechtsgebiet

Jedes Land hat einen Rahmen für die Haftung von Intermediären im Urheberrecht. Sie unterscheiden sich darin, ob eine private Mitteilung einen Takedown auslöst oder ob eine Gerichtsverfügung erforderlich ist. Diese Tabelle legt die fünf Rechtsgebiete dar, die unsere Infrastruktur berühren (plus USA zum Vergleich).

Rechtsgebiet Äquivalentes Gesetz Takedown-Auslöser Speicheranforderung Status für Cryptoservers
Saint Kitts & Nevis Copyright Act, Cap 18.08; Electronic Transactions Act, Cap 4.21 Gerichtsbeschluss Keine für ISPs/Hoster Bindend (Unternehmenssitz)
Iceland (IS) Act on Electronic Commerce no. 30/2002; IMMI framework Gerichtsbeschluss Begrenzt; durch EU-Urteil aufgehoben Bindend (Rechenzentrum)
Netherlands (NL) EU eCommerce Directive Art 14; DSA Art 6 (Reg 2022/2065) Gerichtsbeschluss oder tatsächliche Kenntnis der Rechtswidrigkeit Keine vorgeschrieben Bindend (Rechenzentrum)
Romania (RO) Law no. 365/2002 (eCommerce); DSA Gerichtsbeschluss Keine seit Urteil 2014 Bindend (Rechenzentrum)
Switzerland (CH) ZGB Art 28a; URG (Copyright Act); FADP Gerichtsbeschluss Keine für Hoster (BÜPF ausgenommen) Bindend (Rechenzentrum)
United States (US) 17 USC §512 (DMCA) Private Mitteilung (kein Gericht erforderlich) Keine vorgeschrieben Nicht bindend (keine US-Präsenz)

Das Muster ist konsistent: Jedes Rechtsgebiet, in dem wir tätig sind, erfordert eine Gerichtsverfügung oder deren Äquivalent („tatsächliche Kenntnis" gemäß der eCommerce-Richtlinie — von niederländischer und deutscher Rechtsprechung als tatsächlich eine Gerichtsentscheidung für mehrdeutige Ansprüche erfordernd interpretiert). Die Vereinigten Staaten sind der Ausreißer mit ihrem privaten Mitteilungsauslöser; wir sind der Ausreißer darin, ihm nicht unterworfen zu sein.

Was DMCA-ignoriert NICHT bedeutet

Der ehrliche Abschnitt. Die Verwechslung von „DMCA-ignoriert" mit „gesetzlos" bringt Menschen in Schwierigkeiten — sie nehmen an, wir seien ein Zufluchtsort für Dinge, die wir ausdrücklich nicht sind.

Not a haven for: CSAM, credible threats of violence, active phishing infrastructure, malware command-and-control, doxxing campaigns, or anything else that crosses into criminal law in our operating jurisdictions. We act on credible reports for these categories within 48 hours and we cooperate with criminal investigations conducted through proper local process.

Criminal law applies regardless. Saint Kitts and Nevis, Iceland, the Netherlands, Romania and Switzerland all criminalise the same core categories: child sexual abuse material, credible threats, fraud, money-laundering, terrorism financing. None of that becomes legal because the DMCA does not reach us. If your business is in those categories, no offshore host should sell you service — including us.

Users in DMCA jurisdictions still face notices to themselves directly. A US-resident user accessing our VPS may see DMCA notices arrive at their home ISP, naming the user's home IP for the access traffic. The notice does not reach Cryptoservers, but it does reach the user. EU users may face Article 14 routing letters from their own ISPs. Operating an ID-tied home connection while running a service that draws DMCA fire is its own threat model, separate from where the VPS lives.

Intermediary liability is a moving target. The EU Digital Services Act (effective 2024 for VLOPs, 2024 for general intermediaries) tightened notice-and-action rules, increased transparency-reporting obligations, and gave national regulators more enforcement teeth. Romania's DNSC and the Dutch ACM now have direct supervisory authority over hosts in their jurisdictions. We comply with DSA reporting; that compliance does not change our practical position on private DMCA letters but it does add procedural overhead we now meet.

"DMCA-ignored" ≠ "bulletproof". Bulletproof hosting is a black-market term for hosts who knowingly accept obvious criminal customers. We are emphatically not bulletproof, and conflating the terms damages the legitimate use case (journalism, activism, security research, archival, censorship-circumvention).

DMCA-ignored hosting FAQ

Die acht häufigsten Fragen von Käufern und Journalisten über die DMCA-ignorierten Eigenschaft und was sie in der Praxis bedeutet.

Ist DMCA-ignorierendes Hosting legal?
Yes — the DMCA is a US federal statute (17 USC §512) and has no extraterritorial force outside the United States. A non-US host that does not operate in the US is under no obligation to honour DMCA notices. What it must honour is whatever the local intermediary-liability framework requires (in the EU, the eCommerce Directive Article 14; in the UK, the Electronic Commerce Regulations 2002; in Switzerland, ZGB Article 28a) — and those generally trigger only on a court order, not on an unverified takedown letter from a private claimant.
Can I host pirated content on a DMCA-ignored server?
No. Copyright still exists in our jurisdictions; it is just enforced differently. Operating a piracy site is illegal almost everywhere, including Saint Kitts and Nevis (Copyright Act, Cap 18.08). What "DMCA-ignored" means is that the United States cannot use a private notice to compel us to remove content — it does not mean copyright is unenforceable. A Nevisian court order based on a credible copyright claim would still bind us.
Will my home ISP or my employer get a notice if I host on a DMCA-ignored server?
They might still receive a notice routed through their own jurisdiction, because the DMCA targets the US-facing components of an alleged infringement. If you are a US resident accessing your VPS, your ISP may receive a notice naming your home IP. If you are an EU resident, your ISP may receive an Article 14 routing letter. The notices will not reach Cryptoservers; they may reach you directly through other parts of the network. Plan accordingly.
What happens if a court order is served on Cryptoservers?
It depends on which court. We are bound by orders from Nevisian courts and by the local-jurisdiction process where each datacenter sits (Iceland MoJ, Swiss judiciary, NL court, RO court). A US, UK or German court order without a corresponding local recognition has no operative effect and we will not act on it. If a Nevisian court issues a binding order we comply, narrowly scoped to what the order actually compels. Our warrant canary publishes the count quarterly.
Do you ignore non-US copyright takedown notices too?
We process notices the same way regardless of source country — they are forwarded to the customer, who has 14 days to respond. We do not unilaterally take content down on a private complaint. We do unilaterally take content down for what is illegal in our jurisdiction (CSAM, credible threats, malware C2). Copyright disputes between two private parties go through court process; private letters do not.
How is "DMCA-ignored" different from "bulletproof hosting"?
They are not synonyms — and the conflation is harmful to the legitimate use case. "Bulletproof" hosting is a black-market term for hosts who knowingly accept obvious criminal customers (spam, phishing, malware C2) and refuse to act on any abuse report regardless of merit. We are emphatically not bulletproof: we accept abuse reports for criminal categories and act on them within 48 hours. "DMCA-ignored" describes the narrow legal property that US private takedown notices have no force in our jurisdiction — nothing more.
Is DMCA-ignored hosting useful for any specific use case beyond piracy?
Yes — and these are the actual customer profiles we see: independent journalists publishing leaked documents whose subjects file mass DMCAs to suppress them; security researchers publishing vulnerability proofs whose disclosures are challenged by the affected vendor as "copyright infringement"; archivists hosting public-domain or fair-use derivative works repeatedly mass-flagged by automated bots; whistleblower platforms; censorship-circumvention tools whose binaries are filed against by states. None of those need legal immunity; they need due process before takedown.
What about EU eCommerce Directive Article 14 and the new DSA?
For our Netherlands and Romania datacenters the relevant framework is the EU eCommerce Directive Article 14 (now updated by the Digital Services Act, Regulation 2022/2065). Article 14 / DSA Article 6 grants intermediaries a safe harbour as long as they act to remove specifically-identified illegal content upon "actual knowledge". We treat a court order as actual knowledge; we do not treat a private letter as such. The DSA also imposes notice-and-action requirements which we comply with — but compliance does not mean automatic takedown.

Gesetze, Urteile und externe Quellen

Primärquellen:
17 USC §512 — DMCA (Cornell Legal Information Institute)
EU eCommerce Directive 2000/31/EC, Article 14
Digital Services Act — Regulation (EU) 2022/2065
Romania Constitutional Court Decision no. 440/2014 (data retention)
Iceland — IMMI (Icelandic Modern Media Initiative)
Wikipedia — Digital Millennium Copyright Act
EFF — DMCA issue archive

Hosting, das antwortet auf Gerichtsbeschlüsse, nicht Briefe.

Fünf Offshore-Rechtsgebiete, kein DMCA-Hebel, Nur-Krypto-Checkout, kein KYC. Land bei der Bereitstellung wählen.

Einen Server bereitstellen Rechtsgebiete vergleichen