The E-Commerce Directive is going through a hard time. Numerous policy initiatives and judgements of the Court are exposing its provisions to a real stress test. The goal of this paper is not summarize or evaluate in general this trend, but to show how a single decision of the CJEU with few open issues can lead to destabilization of the system. The center-stage of this brief article is the Court’s recent decision in Mc Fadden v Sony Germany and its short-term and long-term consequences for the future of safe harbours, their scope and IP enforcement. The paper argues that by allowing the exclusion of pre-trial costs and litigation costs from the liability exemptions, the Court has drilled yet another hole in the system of safe harbours. It also highlights that the decision to permit password-locking as an enforcement practice is a short-sighted policy choice that will require number of clarifications. Last but not least, it is argued that a root-cause of the rejection of Advocate General’s proposition to outlaw password-locking is the Court’s treatment of the fundamental rights as the only framework of reference for IP enforcement. This causes also constructive and well-explained arguments of good innovation policy to fall often on deaf ears.