SCOTUS Limits Contributory Copyright Liability for Internet Service Providers

In a long-anticipated decision, the US Supreme Court unanimously held that knowledge or awareness that customers may use a service for infringement falls short of establishing contributory liability. The Court’s ruling upends decades of lower court jurisprudence approving knowledge-based theories of contributory infringement.

Cox Communications v. Sony Music rounds out a trio of landmark copyright decisions, each issued a generation apart, applying secondary liability principles to novel and disruptive technologies. [1]

The first, Sony Corp. of America v. Universal City Studios Inc., decided about 40 years ago, after consumer recording tools first became widely available, dealt with claims against the manufacturer of videocassette recorders (VCRs) based on the potentially infringing activities of end users. [2] There, the Court rejected contributory infringement liability arising from the mere distribution of VCRs because the devices were “capable of commercially significant noninfringing uses,” such as time-shifting broadcasts for personal use. [3]

The second, Metro-Goldwyn-Mayer Studios Inc. v. Grokster Ltd., came a decade after the advent of the internet, with the Court holding peer-to-peer file sharing software providers liable for inducing user infringement by distributing a product “with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement.” [4]With Cox, the Court finally clarifies how contributory liability applies to providers of basic internet access.

Key Takeaways

• The Supreme Court held that contributory copyright liability requires proof of intent, which can be established only through intentional inducement or where a service is tailored to infringement.
• Continuing to provide general-purpose services to “known” infringers is not enough for contributory liability.
• The safe harbors under the Digital Millennium Copyright Act (DMCA) offer additional defenses to secondary liability claims but non-compliance does not bear on liability.
• To mitigate risk, online service providers should maintain policies and procedures that effectively discourage infringement.

BACKGROUND

The world’s leading record labels and music publishers sued Cox, a conduit internet service provider (ISP), asserting claims of contributory and vicarious liability for copyright infringement based on the activities of subscribers. At trial, Cox was unable to invoke the DMCA safe harbor because the US Court of Appeals for the Fourth Circuit had previously held in an earlier lawsuit brought by music publishers that Cox did not implement an adequate repeat infringer termination policy, a condition for safe harbor eligibility. [5] The copyright plaintiffs prevailed in the district court on both secondary liability theories, resulting in a $1 billion statutory damages award based on jury findings of willful contributory and vicarious infringement. [6]

On appeal, the Fourth Circuit reversed as to vicarious liability because the rightsholders failed to show that Cox profited from infringement of their copyrighted songs. The panel found that “continued payment of monthly fees for internet service, even by repeat infringers, was not a financial benefit flowing directly from the copyright infringement itself.” [7] However, “[a]pplying Circuit precedent,” the Fourth Circuit affirmed the contributory liability finding, holding that Cox’s continued provision of internet service to known infringers was enough to impose liability. [8]

On this count, the appellate panel reasoned that “supplying a product with knowledge that the recipient will use it to infringe copyrights is exactly the sort of culpable conduct sufficient for contributory infringement.” [9]

Finally, the Fourth Circuit vacated the statutory damages award and remanded so the jury could reassess damages based on contributory liability alone. [10]

Both sides petitioned for certiorari: Cox as to contributory liability; the rightsholders on vicarious liability. The Supreme Court granted review on Cox’s petition only to address the proper standard for contributory copyright infringement. [11]

STATE OF PLAY AFTER SONY AND GROKSTER

Grokster recognized two theories of secondary copyright liability: “One infringes contributorily by intentionally inducing or encouraging direct infringement, and infringes vicariously by profiting from direct infringement while declining to exercise a right to stop or limit it.” [12] In a concurrence, Justice Ruth Bader Ginsburg synthesized the Court’s contributory infringement precedents, writing that “[l]iability under our jurisprudence may be predicated on actively encouraging (or inducing) infringement through specific acts … or on distributing a product distributees use to infringe copyrights, if the product is not capable of ‘substantial’ or ‘commercially significant’ noninfringing uses.” [13]

Following Grokster, confusion reigned over whether its inducement rule “state[d] a separate claim for relief, or rather whether it is a species of contributory infringement.” [14] In other words, did Grokster and Sony articulate the exclusive standard for contributory infringement?

Many federal appellate courts have struggled with this question, establishing contributory liability standards of their own, independent of inducement, based on knowledge of infringement. The US Court of Appeals for the Ninth Circuit, for example, developed one for the “online context” specifically, under which a “computer system operator” could be liable “if it has actual knowledge that specific infringing material is available using its system, and can take simple measures to prevent further damage to copyrighted works, yet continues to provide access to infringing works.” [15] Similarly, in the Second Circuit, courts built upon preexisting circuit precedent holding that “one who, with knowledge of the infringing activity, induces, causes or materially contributes to the infringing conduct of another, may be held liable as a ‘contributory’ infringer.” [16] Meanwhile, the Seventh Circuit found “analogies in the law of aiding and abetting, the criminal counterpart to contributory infringement.” [17]

SUPREME COURT HOLDING AND MAJORITY OPINION

In a majority opinion delivered by Justice Clarence Thomas, the Supreme Court in Cox laid to rest the question left open by Sony and Grokster. It reversed the Fourth Circuit’s application of a knowledge-based standard and held that the “provider of a service is contributorily liable for the user’s infringement only if it intended that the provided service be used for infringement,” which in turn “can be shown only if [1] the party induced the infringement or [2] the provided service is tailored to that infringement.” [18]

Adopting Justice Ginsburg’s concurrence from Grokster, the Court explained that a “provider induces infringement if it actively encourages infringement through specific acts,” and that a “service is tailored to infringement if it is ‘not capable of “substantial” or “commercially significant” noninfringing uses.’” [19] The Court also stressed that “mere knowledge that a service will be used to infringe is insufficient to establish the required intent to infringe.” [20]

Applying these principles, the Court held that Cox neither induced infringement, nor did it provide a service tailored to infringement. [21] Notwithstanding the earlier determination that Cox had an inadequate repeat infringer termination policy, the Court found the record still showed that “Cox repeatedly discouraged copyright infringement by sending warnings, suspending services, and terminating accounts.” [22] The Supreme Court rejected the Fourth Circuit’s formulation of the standard, noting it was “based only on its Circuit precedent establishing a new form of contributory liability” that strayed “beyond the two forms of liability recognized in Grokster and Sony.” [23]

The Court thus sharply limited the scope of secondary liability. After Cox, “contributory liability cannot rest only on a provider’s knowledge of infringement and insufficient action to prevent it.” [24] Cox therefore displaces lower-court standards that impose liability based on knowledge of infringement coupled with a failure to act.

INTERPLAY WITH DMCA SAFE HARBORS

In 1998, 14 years after Sony, Congress passed the Online Copyright Infringement Liability Limitation Act, Title II of the DMCA. [25] Given the uncertain bounds of secondary liability at the time, Congress built into the DMCA a series of safe harbors shielding various types of online service providers from liability based on the infringing activities of users, including conduits like Cox, [26] system caching, or optimization services, [27] hosts or website operators that store user-generated content, [28] and search engines or other information location services. [29]

Congress tailored the eligibility conditions for each DMCA safe harbor to the role each type of provider plays, i.e. where in the internet stack the service sits. For instance, for Section 512(c) providers—which store material at the direction of users—to qualify they must, among other things, expeditiously disable or remove access to complained-of content in response to notifications of claimed infringement, including certain elements. [30] This notice-and-takedown regime does not apply to conduits, which are covered by a separate safe harbor under Section 512(a). However, in the over 25 years since its enactment, the DMCA’s notice-and-takedown architecture has informed how many service providers—including those that do not store user-generated content—structure their abuse protocols, not just for copyright, but also for other intellectual property complaints, and trust and safety issues more broadly. A common element of all the DMCA safe harbors is that service providers adopt and reasonably implement policies for termination of “repeat infringers” “in appropriate circumstances.” [31]

In Cox, the copyright owners argued that, without a knowledge-based standard for contributory liability, the DMCA’s safe harbors, and the robust ecosystem of notice-and-takedown processes that have sprung up in their wake, would “have no effect.” [32] The Supreme Court dismissed these concerns, accusing the rightsholders of “overread[ing] the DMCA.” [33] The DMCA, the Court noted, “merely creates new defenses from liability” for eligible providers. [34]

Justice Thomas bolstered this by pointing out that, in creating the DMCA safe harbors, Congress made a conscious choice not to put a thumb on the scale as to how secondary liability principles developed, expressly stating that noncompliance with safe-harbor conditions “shall not bear adversely upon … a defense by the service provider that the service provider’s conduct is not infringing.” [35]

The Cox saga thus shows that a service provider can defeat secondary liability claims without qualifying for safe harbor under the DMCA. The Supreme Court’s decision makes clear that the DMCA does not define the scope of secondary liability but instead operates independently as a separate set of conditional defenses.

JUSTICE SOTOMAYOR’S CONCURRING OPINION

Justice Sonia Sotomayor, joined by Justice Jackson, concurred in the judgment but wrote separately to criticize the majority for effectively collapsing the scope of contributory liability. [36] She argues that the Cox majority “unnecessarily limits secondary liability” to two established categories—inducement and providing a product incapable of substantial noninfringing uses—even though prior cases (including in her view Sony and Grokster) “left open the possibility that other common-law theories of such liability, like aiding and abetting, could apply in the copyright context.” [37] She concludes that the “majority’s artificial limiting of secondary liability is supported by neither precedent nor statute.” [38]

In addition, Justice Sotomayor contends that the majority’s rule “dismantles the statutory incentive structure that Congress created” in establishing the DMCA safe harbors. [39] As Justice Sotomayor explains, Congress devised the safe harbors to balance the interests of shielding ISPs from liability if they adopt reasonable anti-infringement policies and preserving potential liability to encourage enforcement efforts. [40]

By eliminating most pathways for secondary liability, she argues, the majority’s decision “permits ISPs to sell an internet connection to every single infringer who wants one without fear of liability and without lifting a finger to prevent infringement,” and indeed leaves ISPs “free to abandon” existing policies for handling copyright complaints. [41]

Despite these disagreements, Justice Sotomayor concurs in the judgment because there would be no liability even under a common-law aiding-and-abetting framework. [42] Drawing on recent civil aiding-and-abetting cases, [43] she explains that such liability would still require proof of intentional participation in some underlying wrongful conduct, whereas “[m]ere indifference,” which is the most the evidence against Cox could show, “is not enough for aiding and abetting liability to attach.” [44]

IMPLICATIONS AND RECOMMENDATIONS

As Grokster recognized over 20 years ago, “the administration of copyright law is an exercise in managing the tradeoff” between protecting expression and spurring invention. [45] Under this calculus, the “more artistic protection is favored, the more technological innovation may be discouraged.” [46] The Supreme Court’s decision in Cox significantly recalibrates that balance by rejecting knowledge-based theories of contributory infringement and requiring proof of intent. This ruling thus provides service providers with greater certainty regarding their risk profiles, and some breathing room against claims based on how customers may misuse their services at the margins.

Online service providers and technology companies should consider doing the following:

• Reassess internal communications and compliance practices: Because liability now turns on intent, not mere knowledge, service providers should expect a corresponding shift in litigation strategies from copyright plaintiffs. Internal documents, policies, and communications will take on heightened importance. Companies should therefore ensure that their policies are consistently enforced and that internal messaging does not suggest encouragement of infringement.
• Evaluate product design and features through an inducement lens: Companies should review product functionality, marketing materials, and user workflows to ensure they cannot be characterized as promoting infringing uses. However, providers of general-purpose technologies, including ISPs, cloud services, and emerging platforms such as generative AI systems, can also take comfort from their reduced statutory damages exposure for claims based solely on user conduct, absent evidence of inducement.
• Maintain reasonable anti-infringement measures: Companies should continue to adopt sensible policies to mitigate misuse of their service but should not assume that failure to qualify for DMCA safe harbor increases liability risks without evidence of culpable intent. Cox makes clear that even where such measures fall short of DMCA safe harbor conditions, they can still defeat intent claims.

Cox thus shifts the focus of secondary liability from what providers know to what they intend, reinforcing a broader trend toward requiring affirmative, culpable conduct by intermediaries before imposing liability. The decision marks a watershed development in copyright law with far-reaching implications not only for conduits and online service providers, but also for developers of general-purpose technologies writ large.