The forbidden Apple

This article examines a Belgian case in which a claimant sought damages from Apple after spending nearly €70,000 on loot boxes purchased through an iPhone app. The dispute raised two key questions: whether loot boxes qualify as illegal games of chance under Belgian gambling law, and whether Apple, as operator of the App Store, can be held liable for hosting such content. The discussion explores the Belgian Gaming Commission’s position that loot boxes constitute gambling, the relevant provisions under Belgian law on games of chance, and the EU liability regime for online intermediaries under the e-Commerce Directive and the Digital Services Act. Central to the debate is whether Apple acted merely as a passive host, entitled to safe harbor protection, or whether its active role in app review and payment processing undermines that status. Although the case was settled before judicial clarification, it highlights unresolved questions regarding platform liability for illegal gambling content in the EU.

Introduction

A Belgian man brought an action for extra-contractual liability against Apple Distribution International Ltd (“Apple”), claiming compensation for damages that resulted from an illegal game of chance acquired through Apple’s App Store.

The claimant had not downloaded a casino app. He had downloaded a regular gaming app, in which he could purchase “loot boxes”. Over the course of a few months in 2021, the claimant spent a total of €67.813 on his iPhone – and through the in-app payment system – on loot boxes in the video game in question. According to the claimant, the mechanism of loot boxes is contrary to Belgian gambling legislation. He argued that Apple, by allowing in its Belgian App Store a game that infringes that legislation, committed an extra-contractual breach, so that it can be held liable for the resulting damage.

The case hinges on two questions: 1) Is a loot box in a video game really a game of chance; and if so, 2) can Apple be held liable for the losses incurred by the player as the provider of the App Store on which the gaming software was acquired?

With regard to the potential liability of Apple, the judge referred a number of questions to the Court of Justice of the European Union.

Loot box gambling

A report on loot boxes under the Belgian law on games of chance caused quite a stir when it was released back in April of 2018. In this report, the Gaming Commission concluded that certain loot boxes satisfied all the requirements to be considered gambling. Since these loot box gambling products were not licensed, they were illegal, and publishers of games with loot boxes could be held liable. The Gaming Commission defines loot boxes as “the umbrella term for one or more game elements that are integrated into a video game whereby the player acquires game items either for payment or for free in an apparently random manner. These items can be very diverse, varying from characters or objects to emotions or special characteristics.”

The Belgian law on games of chance of 7 May 1999 defines a game of chance as “any game in which a stake of any kind is wagered, whether the loss of this stake by at least one of the players or a gain of any kind for at least one of the players or organisers of the game is the result, and in which chance plays even an incidental role in the outcome of the game, the determination of the winner or the determination of the amount of the winnings.”

As such, for a game to be a game of chance, there must be 1) a stake, 2) a game in which chance plays an element, 3) a potential gain of any kind. Loot boxes are often (and this was the case here) offered in the form of a game, whereby chance determines the outcome (i.e. what the player receives from the loot box). Loot boxes can be purchased for money (as was the case here since the loot boxes were purchased through the Apple eco-system via their IAP payment system). It is therefore quite straightforward to establish that two-out-of-the-three criteria are indeed satisfied.

One can debate whether a loot box really offers a type of (potential) gain to the player, if the prizes in question cannot be redeemed for anything of actual monetary value. However, it cannot be disputed that these loot boxes, and the prizes they have to offer, represent some sort of value to the players purchasing them. Testament to this reality is the fact that the claimant in this case spent almost €70.000 on them. As intangible as the prize may be, it does seem to represent value, and this is what the Gaming Commission also concluded in its 2018 report on loot boxes. It followed a judgment from the Council of State regarding a type of social casino website.

Apple liability

1) Liability regime for intermediate service providers

Having established that there was illegal gambling lurking within a regular gaming app that was provided on the Apple App Store, the next question then is whether Apple itself could be held liable towards the player.

European Union law provides a specific liability regime for providers of (online) intermediary services.4

4 I.e. mere conduit, caching, and hosting services, consisting of the transmission or storage in a communication network of information provided by a recipient of the service. Since 17th February 2024, this liability regime can be found in Regulation (EU) 2022/2065 of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (‘the Digital Services Act’ or ‘DSA’), and more specifically articles 4, 5, 6 and 8 of that Regulation. Prior to this point, the liability regime was enshrined in articles 12 to 15 of Directive 2000/31/EC of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’ or ‘e-Commerce Directive’). Although there are certain differences between the wording of the Directive on electronic commerce and the Digital Services Act in this regard, the general outline is very similar. Therefore, case-law with regard to the liability regime of the Directive on electronic commerce is also applicable to the liability regime as set out in the Digital Services Act. The case at hand is still under the (old) provisions of the Directive on electronic commerce.

The Directive on electronic commerce explicitly provides that it does “not apply to […] gambling activities which involve wagering a stake with monetary value in games of chance, including lotteries and betting transactions”.

Even if no longer relevant under the DSA, it should be pointed out that the liability regime of the e-commerce Directive has been considered in general as also encompassing liability for illegal content related to gambling.

”This is the only workable interpretation of the exclusion of gambling from the e-commerce Directive. The exclusion aims to make sure that there would be no unintended creation of a unified EU gambling market, with cross-border provision of services. Contrary to regular markets, this is not wanted for the gambling market, which are regulated on a national (or regional) level, with national licenses and compliance regimes.

The exclusion of gambling was not, however, intended to complicate and diversify the liability regime of internet service providers with regard to illegal content made available through their services. On the contrary: this liability regime can only function properly if it applies horizontally, to all types of illegal content. The fact that the DSA (which now incorporates this liability regime) does not have an exclusion for gambling, only further strengthens the argument that it was never the intention to apply different rules to illegal gambling content in this regard.

Now, what does this liability regime entail? Essentially, it sets up a safe harbor for intermediate service providers. They are not liable for illegal content being made available using their services, provided that they are not actively involved and are not aware of the illegal content. Specifically with regard to “hosting”, the DSA provides that the safe harbor only applies on condition that the provider:

(a) does not have actual knowledge of illegal activity or illegal content and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or illegal content is apparent; or

(b) upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the illegal content.

In addition, the recipient of the service cannot act under the authority or the control of the provider.

It should be noted that the European Commission has categorized the App Store as a hosting service that stores and disseminates information to the public at the request of recipients of its service.

2) Apps containing illegal gambling content

Whereas the DSA refers to “illegal content”, the e-commerce Directive (applicable in this case) refers to the hosting of “illegal activity or information”. In one of its questions to the Court of Justice, the referring court asked for clarification as to whether, under the e-Commerce Directive, apps or software can be considered “information” and hence come within the scope of the specific liability regime foreseen by articles 12-14 of the e-Commerce Directive.

It stands to reason that apps with illegal content would indeed be covered by the provisions of “illegal information” or “illegal activity” as used in the e-Commerce Directive. This has been generally considered to be true, for instance in preparation of the DSA, where it was stated that “a large array of online actors ranging from traditional electronic communications providers (e.g. internet service providers) to new online intermediaries (e.g. search engines, social media companies, software and game and cloud providers), potentially fall under the scope of the E-commerce Directive” and that the “E-commerce Directive liability rules apply to all ‘information society services’”.

The same approach was taken in a study made on behalf of the European Commission regarding the scope of the e-Commerce Directive, which refers to “Services that offer users the ability to store and share different forms of files online (including video, audio, image, software and text documents)”.

The referring court also sought clarification regarding the nature of “illegal” content in this context. The e-Commerce Directive excludes, in principle, a generic type of activity, i.e. “gambling activities which involve wagering a stake with monetary value in games of chance, including lotteries and betting transactions”

But at the same time gambling is only illegal if it is not properly licensed. It is a matter of national (or regional, as is the case in some Member States) law whether certain software should be regarded as illegal gambling or not. A loot box in a game can constitute illegal gambling in Belgium, and at the same time be perfectly legal in another Member State. It can be legal because it is licensed, but also because it is simply not considered to be a game of chance. In determining what is legal or illegal, there is no pan-European definition.

3) Assessment of Apple’s liability

The root of the matter is the question whether Apple can rely on the safe harbor provisions for a hosting provider.13

13 Under the e-Commerce Directive or the DSAThis requires an assessment of the extent to which Apple had knowledge (or should be considered to have knowledge) of the illegal content in question. The referring Court also sought guidance from the Court of Justice on this issue. Should Apple (or any other service provider for that matter) take action as soon as it becomes aware of the existence of “loot boxes” in a game on the Belgian market, knowing that loot boxes may (but not necessarily) be considered games of chance? Or does such general information not suffice as actual knowledge of the illegal nature of the game in question?

Article 14 of the e-Commerce Directive (as well as article 6 of the DSA), regarding hosting activities, distinguishes criminal from civil liability. The former can only be established when the provider has “actual knowledge of illegal activity or information”. The latter can however be established when the provider would be “aware of facts or circumstances from which the illegal activity or information is apparent”. In the present case, the issue is civil liability, so there is no need to demonstrate that Apple had actual knowledge.

The Court of Justice has issued guidance on how the requirement that a provider must be “aware of facts or circumstances from which the illegal activity or information is apparent” should be interpreted. It found that a hosting provider cannot rely on the safe harbor exemption if it was aware of facts or circumstances on the basis of which a diligent economic operator should have identified the illegality in question and acted accordingly. This is interpreted as covering every situation in which the provider concerned becomes aware, in one way or another, of such facts or circumstances.

The Court also finds that “the illegality of the activity or information must be a matter of actual knowledge or must be apparent, that is to say, it must be specifically established or readily identifiable” and refers to the need to maintain a balance between the various interests at stake, which include observance of freedom of expression. It states:

“Thus, first, the providers of the services concerned cannot, in accordance with Article 15(1) of that directive, be subject to a general obligation to monitor the information which they transmit or store or to a general obligation actively to look for facts or circumstances indicating illegal activity. Second, pursuant to Article 14(1)(b) of the Directive on Electronic Commerce, those providers must, as soon as they actually obtain knowledge or awareness of illegal information, act expeditiously to remove or to disable access to that information, and must do so with due regard to the principle of freedom of expression. As the referring court has also pointed out, it is only in relation to specific content that such a provider is able to fulfil that obligation.”

As such, it would seem that a mere reference to “loot boxes” would not suffice to hold Apple accountable for gaming software made available on the Belgian market via its App Store. Indeed, not every loot box will constitute gambling under the definition of the Belgian law on games of chance.

However, it could be argued that Apple was aware of the fact that real money, in large amounts, was being paid by players for these loot boxes. Indeed, payments go through Apple’s eco-system.

This could have (and perhaps should have) triggered additional scrutiny from Apple with regard to possible illegal gambling activities. The Belgian legal framework, and more specifically the interpretation of the Belgian Gaming Commission regarding loot boxes, was covered extensively in the media and could be considered as something that should have been known to Apple.

Furthermore, it should be noted that the safe harbor liability regime can never apply “when the recipient of the service is acting under the authority or the control of the provider.”

The e-commerce directive states in consideration (42) of its preamble:

“The exemptions from liability established in this Directive cover only cases where the activity of the information society service provider is limited to the technical process of operating and giving access to a communication network over which information made available by third parties is transmitted or temporarily stored, for the sole purpose of making the transmission more efficient; this activity is of a mere technical, automatic and passive nature, which implies that the information society service provider has neither knowledge of nor control over the information which is transmitted or stored.”

The applicability of this provision in this case was also put forward for review by the referring court. The Court of Justice has in the past ruled that the fact “that the operator of an online marketplace stores offers for sale on its server, sets the terms of its service, is remunerated for that service and provides general information to its customers” does not push it beyond a passive intermediary, and such an operator can still enjoy the safe harbor for liability.

Similarly, the Court of Justice has stated that the fact “that the operator of a video-sharing platform, such as YouTube, implements technological measures aimed at detecting, among the videos communicated to the public via its platform, content which may infringe copyright, does not mean that, by doing so, that operator plays an active role giving it knowledge of and control over the content of those videos”.

However, the creating, selecting, viewing or monitoring of content uploaded to their platforms could place the platform provider in an active rather than passive role. The Court of Justice also finds:

“Where, by contrast, the operator has provided assistance which entails, in particular, optimizing the presentation of the offers for sale in question or promoting those offers, it must be considered not to have taken a neutral position between the customer-seller concerned and potential buyers but to have played an active role of such a kind as to give it knowledge of, or control over, the data relating to those offers for sale. It cannot then rely, in the case of those data, on the exemption from liability referred to in Article 14(1) of Directive 2000/31.”

Apple would likely argue that it is simply a passive host of the apps available on its app-store. However, any app that finds its way into Apple’s App Store must first pass a process of review by Apple itself. There are guidelines which must be followed and which – amongst other things – refer to the content of the apps that are intended for dissemination through the App Store. These guidelines provide, for instance, that “Apps should not include content that is offensive, insensitive, upsetting, intended to disgust, in exceptionally poor taste, or just plain creepy.”

Even if these guidelines, or at least some of them, serve a commendable purpose, it is hard to ignore that Apple actively reviews apps before admitting them to the App Store. This goes beyond setting out general terms and conditions. In addition, as mentioned, Apple is also actively involved in the sense that in-app payments go through its payment system, and Apple thereby profits from players purchasing (illegal) loot boxes. This does not align with the concept of a merely passive hosting provider.

It seems that Apple being liable for illegal gambling tucked away in a regular game on offer in its App Store, is not that far-fetched. We will however never know what the Belgian judge would have decided in the end, nor what the guidance of the Court of Justice would have been on the matters referred to it by the judge. Apple settled the case with the claimant. But the EU’s safe harbor for digital platforms may not be all that safe.