For the first time in decades, the nation's high court, in Cox Communications, Inc. v. Sony Music Entertainment, addressed the contours of secondary liability for copyright infringement – a hot-button issue for internet service providers (ISPs), social media platforms, and generative artificial intelligence (GAI) tools. Secondary liability is not expressly codified in the Copyright Act and has been the subject of many high-profile cases. The Supreme Court last addressed this issue in MGM Studios Inc. v. Grokster, Ltd. (2005) and Sony Corp. of America v. Universal City Studios, Inc. (1984), in cases involving home video recording and peer‑to‑peer file sharing, demonstrating how the application of copyright infringement liability continues to evolve.
The recent opinion relates to a suit brought by Sony Music and other music publishers against Cox Communications, an internet service provider, alleging contributory and vicarious copyright infringement based on subscribers' unauthorized downloading and sharing of more than 10,000 copyrighted works. A jury in the Eastern District of Virginia found Cox willfully liable on both theories and awarded approximately $1 billion in damages. On appeal, the Fourth Circuit affirmed the contributory infringement verdict but reversed the finding of vicarious liability and remanded for recalculation of damages. The copyright owners sought Supreme Court review to preserve the jury's damages award, while Cox petitioned for review of the contributory liability ruling.
The Supreme Court granted certiorari solely to address Cox's challenge to the contributory infringement finding. In doing so, the Court reaffirmed that ISPs are not required to act as copyright "police" and should not be held secondarily liable for the infringing conduct of their subscribers absent evidence of inducement or services designed to facilitate infringement. As observed in the concurring opinion: "Congress did not enact the safe harbor just so that this Court could eviscerate it."
Intent Remains the Touchstone of Contributory Liability
The Supreme Court reaffirmed that intent is a necessary element of contributory copyright infringement and that an ISP's mere awareness that its services have been used for infringing activity – even when the ISP fails to terminate the accounts of those users – is insufficient to establish secondary copyright infringement liability. The Court found insufficient evidence of inducement, emphasizing that inducement requires affirmative conduct directed at fostering infringement, not passive inaction. The Court further found Cox's services were not tailored to facilitate copyright infringement. In delivering the Court's unanimous opinion, Justice Clarence Thomas noted that the internet serves many purposes other than copyright infringement and that Cox had not designed its services to make infringement easier.
Importantly, holding Cox liable merely for failing to terminate internet service to infringing accounts would expand secondary copyright liability beyond Supreme Court precedent. Such an approach would risk holding ISPs liable simply for offering widely used, lawful services to the general public. In highlighting the practical limits of enforcement-based liability theories, the Court also expressed concern during oral arguments about developing a "workable" solution for effectively policing all ISP customer activity, particularly for household accounts where it may be unclear who is responsible for the alleged infringement.
Failure to Satisfy DMCA Safe‑Harbor Requirements Does Not Automatically Create Copyright Liability
The Court reiterated that the Digital Millennium Copyright Act (DMCA) provides meaningful protections for service providers that qualify for its safe‑harbor provisions. In particular, service providers are shielded from secondary liability for certain forms of copyright infringement where they have adopted and reasonably implemented a policy providing for the termination of subscribers or account holders who are repeat infringers.
The Cox Communications, Inc. v. Sony Music Entertainment opinion made clear that an ISP's mere knowledge of infringing activity is not sufficient to support claims of contributory liability – even if the ISP fails to terminate the services of the infringing users. In aligning with precedent, a copyright holder must show evidence that the service provider affirmatively induced infringement or tailored its services to facilitate infringing activity.
Further, the Court affirmed that failure to satisfy the technical requirements of the DMCA safe-harbor provisions does not weigh against a service provider's ability to assert that it is not liable for infringement, reinforcing that secondary liability must rest on more than passive inaction.
Limits of the Decision and Potential Avenues for Future Liability
In a concurring opinion, Justice Sonia Sotomayor cautioned that the majority's rule upends the DMCA's balance between: (1) creating incentives for ISPs to take reasonable steps to prevent copyright infringement; and (2) assuring ISPs that they are not required to take on the impossible task of responding to every instance of infringement. According to Justice Sotomayor, the rule "consigns the safe harbor provision to obsolescence" and, hereafter, "ISPs no longer face any realistic probability of secondary liability for copyright infringement, regardless of whether they take steps to address infringement on their networks…." She expressed concern that, following this opinion, ISPs may be less inclined to make good-faith efforts to address infringement. Justice Sotomayor recognized, however, that the Court's ruling leaves open the possibility that other common law theories, including aiding and abetting, could provide a basis for secondary liability in future cases. Her concurrence underscores the limited reach of contributory infringement where defendants do not themselves copy, distribute, or publish infringing material, while signaling that platforms that engage more directly with content may continue to face exposure.
The DMCA's safe harbors were necessarily enacted as the internet transitioned from a niche tool to a mass medium for content creation and consumption. At that time, phrases such as "surfing the web," "logging on," and "riding the information superhighway" were treated as cutting‑edge novelties, Napster was a household name, and Congress was legislating for a dial‑up world of static webpages and guestbooks. Now, nearly thirty years later, the DMCA is increasingly viewed as less popular and in need of modernization due to massive technological, economic, and cultural shifts. Its relatively simplistic, checkbox-driven takedown regime – rooted more in formal technical compliance than substantive reality – may have been adequate for the GeoCities era, but it is increasingly ill-suited to address the scale, speed, and complexity of today's networked digital ecosystem. The Supreme Court's recent opinion raises questions that may spur policymakers to explore better alternatives to balance the interests of copyright owners and ISPs.
For questions regarding secondary copyright liability, ISP obligations, or DMCA compliance, please contact Benjamin West Janke, Ashley E. White, Jeremy D. Ray, E. Scott Johnson or any member of Baker Donelson's Intellectual Property Group.