Section 230 Reform and Platform Liability for User-Generated IP Infringement

A Tale of Two Shields

Picture a single video uploaded to a hypothetical platform we will call "Streamly." In the clip, a user named Dana films herself reviewing a new sneaker. She criticizes the brand in salty terms, plays thirty seconds of a hit song in the background, holds the sneaker so its trademarked logo fills the frame, and stitches in a clip from a movie trailer for comedic effect. Within a week, Dana's video draws four very different complaints. The sneaker company says the video is defamatory and demands it come down. The record label sends a copyright takedown notice over the song. The movie studio threatens to sue Streamly for the trailer clip. And a rival shoemaker complains that Streamly's "shop this look" button sells counterfeits bearing the same logo.

Here is the puzzle that this article exists to solve: each of those four complaints lands in a different legal universe, even though they all concern the same thirty-second video on the same platform. The defamation claim runs into a wall called Section 230, which tells the sneaker company that Streamly cannot be treated as the speaker of Dana's words. The copyright claims run into a different wall called the DMCA's Section 512 safe harbor, which lets Streamly avoid damages so long as it takes the song down promptly. The trademark claim runs into no statutory wall at all and must be fought on the merits under common-law doctrines of contributory and vicarious liability. And the counterfeit-listing claim may be the most dangerous of the four, because there Streamly is arguably doing more than passively hosting—it is helping to sell.

Most coverage of "Section 230 reform" treats the statute as a monolith—the famous twenty-six words that, in the oft-quoted phrase of Jeff Kosseff's book, "created the internet." But intellectual property has always lived in a strange annex of the Section 230 house. The statute's own text, in 47 U.S.C. § 230(e)(2), says that "nothing in this section shall be construed to limit or impair the enforcement of … any law pertaining to intellectual property." In other words, the famous shield was never raised over IP claims in the first place. That single sentence is the hinge on which this entire article turns. It means that when Congress debates "repealing Section 230," it is debating something that, for copyright and trademark, has been largely beside the point for a quarter century—and yet the debate would still reshape IP enforcement in ways most participants barely discuss.

This article unpacks that paradox. We will explain what Section 230 does and, crucially, does not do for IP; how the DMCA's Section 512 quietly became the real rulebook for online copyright; why trademark gets a rougher, common-law ride; and how the current wave of reform proposals—from the December 2025 Sunset Section 230 Act to the enacted TAKE IT DOWN Act—would ripple into IP enforcement through the shared plumbing of modern content moderation. Along the way we will fold in the Supreme Court's recent reckonings: its First Amendment landmark in Moody v. NetChoice, its terrorism-liability detour in Gonzalez v. Google and Twitter v. Taamneh, the Third Circuit's destabilizing decision in Anderson v. TikTok, and—most consequential of all for the copyright track—the Court's unanimous March 2026 rewrite of contributory infringement in Cox Communications, Inc. v. Sony Music Entertainment. By the end, a judge, a general counsel, and a curious creator should all be able to see why these two shields—Section 230 and Section 512—fit together, where they leave gaps, and what reform might do to the seams. For the deeper mechanics of the copyright shield itself, this piece travels in close company with our companion guide to filing and responding to DMCA takedown notices.

What Section 230 Actually Says—and Does Not Say

Section 230 was enacted in 1996 as part of the Communications Decency Act. Most of that Act was an attempt to police online indecency, and most of it was struck down the following year in Reno v. ACLU, 521 U.S. 844 (1997). Section 230 survived, and it has outlived nearly everything else in the statute it rode in on.

Its operative core is § 230(c)(1): "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." Translated into plain English: if a third party writes something, you (the platform that merely hosts it) are not legally the author of that something. A second provision, § 230(c)(2), adds a separate "Good Samaritan" shield, protecting platforms from liability for good-faith decisions to remove or restrict access to material they find "obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable." The first provision protects the choice to leave content up; the second protects the choice to take it down. Together they were meant to encourage moderation without punishing it.

The statute's drafters, Representatives Chris Cox and Ron Wyden, wrote it against a specific villain: Stratton Oakmont, Inc. v. Prodigy Services Co., 1995 WL 323710 (N.Y. Sup. Ct. May 24, 1995). Prodigy had marketed itself as a family-friendly service that moderated its message boards, and a New York court reasoned that because Prodigy exercised editorial control, it should be treated like a newspaper publisher and held liable for a user's defamatory post. The perverse lesson was that moderation created liability while a hands-off "anything goes" service escaped it. Section 230 was written to abolish that trap, and the early appellate decisions—above all Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997)—read it broadly to do exactly that, immunizing AOL even where it had notice of allegedly defamatory posts. Zeran's reasoning, that distributor liability is just a species of publisher liability and so equally barred, became the template the rest of the country followed.

But breadth has limits, and § 230(e) spells out four of them. First, § 230(e)(1) preserves federal criminal law. Second, § 230(e)(3) preserves state laws that are "consistent with" Section 230 while preempting those that conflict. Third, the FOSTA amendments of 2018 (§ 230(e)(5)) carved out civil sex-trafficking claims. And fourth—the exception that drives this article—§ 230(e)(2) preserves "any law pertaining to intellectual property."

There is one more boundary courts have drawn that matters for IP: Section 230 protects platforms only as to content "provided by another information content provider." When a platform itself helps to create or develop the unlawful content, it becomes an "information content provider" and loses the shield. The Ninth Circuit's en banc decision in Fair Housing Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d 1157 (9th Cir. 2008), is the canonical illustration: a roommate-matching site lost immunity for discriminatory drop-down menus it designed and required users to answer, while keeping immunity for the open-ended "additional comments" box users filled in themselves. The line between hosting and developing recurs everywhere in IP, because a marketplace that designs listing templates, recommends products, or fulfills orders is doing something closer to "developing" than a bulletin board that simply displays posts.

The IP Carve-Out: 230(e)(2) and Why It Matters

So what does it mean that "any law pertaining to intellectual property" is exempt from Section 230? It means that a copyright owner, a trademark owner, a patent holder, or (in some courts) the holder of a state-law right of publicity can sue a platform for IP infringement without the platform raising Section 230 as a one-paragraph, motion-to-dismiss-stage immunity. The shield simply is not in the case. The platform must instead win, if it can, on the substantive IP doctrine: no direct infringement, no contributory or vicarious liability, fair use, the DMCA safe harbor, and so on.

That sounds clean, but two interpretive fights have made the carve-out messier than its plain text suggests.

The first fight is federal-versus-state. The Ninth Circuit, in Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102 (9th Cir. 2007), worried that letting fifty states define "intellectual property" however they liked would Balkanize Section 230 and defeat its purpose of a uniform national rule. So the Ninth Circuit held that § 230(e)(2) reaches only federal IP claims; state-law IP-flavored claims, including the right of publicity, remain barred by Section 230. The District of New Hampshire took the opposite view in Doe v. Friendfinder Network, Inc., 540 F. Supp. 2d 288 (D.N.H. 2008), reading "any law" to mean any law, state or federal, and thus letting a state right-of-publicity claim proceed. This split is alive and consequential. In the Ninth Circuit, a model whose photo is misused to advertise a website may be blocked by Section 230 from suing the platform on a publicity theory; in New Hampshire, she may not. Practitioners must therefore know not just whether a claim "sounds in IP" but which circuit they stand in and whether the claim is federal or state. For more on the underlying state-law interest, see our overview of right of publicity basics.

The second fight is what counts as a "law pertaining to intellectual property" at all. Trade secret misappropriation? Most courts treat it as IP and outside the shield, especially after the federal Defend Trade Secrets Act gave trade secrets a federal home. State unfair-competition and "passing off" claims? It depends on whether the court sees them as IP or as repackaged defamation. The takeaway for litigators is that the carve-out is a doctrinal pressure point, not a bright line—and a plaintiff who can plausibly dress a claim in IP clothing may slip past Section 230 entirely. We discuss the broader contours of these protections in our copyright FAQs and our explainer on the protection of trade secrets.

How DMCA Section 512 Fills the Copyright Gap

If Section 230 does not shield platforms from copyright claims, what does? The answer—and it is the single most important practical fact in this whole area—is the Digital Millennium Copyright Act's Section 512, codified at 17 U.S.C. § 512. Congress passed it in 1998, two years after Section 230, precisely to fill the copyright gap that § 230(e)(2) leaves open. Section 230 and Section 512 are thus best understood as a matched pair: Section 230 handles the universe of non-IP claims (defamation, negligence, most state torts), and Section 512 handles the specific, carved-out world of copyright. Our guide to filing and responding to DMCA takedown notices walks through the mechanics step by step; here we situate Section 512 in the liability map.

Section 512 creates four "safe harbors," each matched to a different platform function: § 512(a) for transitory digital network communications (the passive conduit, like an ISP routing packets); § 512(b) for system caching; § 512(c) for information residing on systems at the direction of users (hosting—the safe harbor that matters for YouTube, social media, and marketplaces); and § 512(d) for information location tools (search engines and links). A platform that fits within a safe harbor cannot be held liable in damages for user-uploaded infringement, provided it satisfies that harbor's conditions.

The hosting safe harbor of § 512(c) is the workhorse. To stay inside it, a platform must clear several gates. It must lack actual knowledge that specific material is infringing, and it must also lack awareness of "facts or circumstances from which infringing activity is apparent"—the so-called "red flag" standard. It must "act expeditiously" to remove material once it gains such knowledge. It must not receive "a financial benefit directly attributable to the infringing activity" in cases where it has "the right and ability to control" that activity—the statutory echo of vicarious liability. It must designate an agent to receive notices and register that agent with the Copyright Office (since the 2016 rollout of the Office's electronic registration system, that registration must be renewed online every three years, and a lapsed registration can sink the defense). And, critically, it must "adopt and reasonably implement" a policy for terminating repeat infringers in appropriate circumstances.

Two doctrinal subtleties have shaped how these gates operate. First, the knowledge standard is specific, not general. In Viacom International, Inc. v. YouTube, Inc., 676 F.3d 19 (2d Cir. 2012), the Second Circuit held that the "red flag" disqualifier requires awareness of specific infringing material—a general suspicion that a site is rife with infringement is not enough. The court also imported the common-law doctrine of "willful blindness," meaning a platform cannot deliberately avert its eyes from specific known infringements. The Second Circuit refined the red-flag idea further in Capitol Records, LLC v. Vimeo, Inc., 826 F.3d 78 (2d Cir. 2016), holding that an employee's mere viewing of a video containing recognizable music does not, without more, establish red-flag knowledge of infringement.

Second, and for years the live battleground, is the repeat-infringer condition. The Fourth Circuit's decisions in the Cox Communications litigation transformed this once-sleepy requirement into a multibillion-dollar exposure. In BMG Rights Management (US) LLC v. Cox Communications, Inc., 881 F.3d 293 (4th Cir. 2018), the court held that Cox had failed to "reasonably implement" a repeat-infringer policy because it processed terminations in a way designed to avoid actually terminating paying subscribers—and so lost the § 512(a) safe harbor entirely. The sequel, Sony Music Entertainment v. Cox Communications, Inc., 93 F.4th 222 (4th Cir. 2024), affirmed contributory infringement liability while vacating a $1 billion jury verdict and remanding on damages. That decision teed up the question the Supreme Court answered in 2026, examined in the next section: just how much culpability does it take to make an internet service "contributorily" liable for what its subscribers do? For practitioners, the enduring lesson of the Cox saga's first chapters remains blunt—the cheapest part of Section 512, writing and following a real repeat-infringer policy, is also the part most likely to forfeit the entire safe harbor if neglected.

Section 512 also contains a feature that protects users, not platforms: the counter-notification process and the § 512(f) misrepresentation claim. When content is removed, the uploader may file a counter-notice, and if the copyright owner does not sue within ten to fourteen business days, the platform must restore the material. And § 512(f) gives a remedy against abusive notices: a person who "knowingly materially misrepresents" that material is infringing may be liable for damages. The Ninth Circuit's decision in Lenz v. Universal Music Corp., 815 F.3d 1145 (9th Cir. 2016)—the "dancing baby" case, in which a mother's home video of her toddler bopping to a Prince song was taken down—held that a copyright holder must form a subjective good-faith belief that a use is not a fair use before sending a takedown notice. Lenz is a thin reed in practice (it requires only subjective good faith, which is hard to disprove), but it is the law's main acknowledgment that takedown power can be abused against lawful expression like fair use, parody, and commentary.

Finally, two negative spaces in Section 512 deserve emphasis. The statute expressly does not require platforms to monitor: § 512(m) provides that safe-harbor eligibility is not conditioned on "monitoring its service or affirmatively seeking facts indicating infringing activity." This is the "no general monitoring" principle, and it is the philosophical heart of the American approach—reactive notice-and-takedown rather than proactive filtering. And § 1201 of the DMCA, the anti-circumvention provision that bars breaking digital locks, is a different beast entirely; it is not a safe harbor but a prohibition, and it surfaces in unexpected places like the triennial exemptions that let owners unlock their own cell phones.

Cox v. Sony (2026): The Supreme Court Rewrites Contributory Infringement

For more than fifty years, the unspoken assumption of online copyright enforcement was that a service provider who knew about infringement and materially contributed to it could be held secondarily liable. That formula—"knowledge plus material contribution"—descended from the Second Circuit's 1971 decision in Gershwin Publishing Corp. v. Columbia Artists Management, Inc., 443 F.2d 1159 (2d Cir. 1971), and it powered the entire Cox litigation, the BMG litigation before it, and the rights holders' broader campaign to make ISPs the enforcement arm of the recording industry. On March 25, 2026, the Supreme Court swept that formula away.

In Cox Communications, Inc. v. Sony Music Entertainment, 607 U.S. ___ (2026), the Court ruled unanimously, in an opinion by Justice Thomas, that "knowledge plus material contribution" is not a sufficient basis for contributory copyright liability. The facts were stark and, for an ISP, uncomfortable: the rights holders' agent MarkMonitor had sent Cox more than 163,000 infringement notices, and Cox operated a notorious "thirteen-strike" policy under which it warned and occasionally suspended subscribers but almost never terminated them for infringement—while terminating freely for nonpayment. The Fourth Circuit had found that pattern enough to support contributory liability. The Supreme Court reversed and remanded.

The new standard is narrower and intent-focused. A service provider is contributorily liable only if it intended its service to be used for infringement, and that intent can be shown just two ways: (1) the provider induced the infringement—actively encouraging it through specific acts, the Grokster model in which a file-sharing company markets its software as a piracy tool (Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913 (2005)); or (2) the provider supplied a service tailored to infringement, meaning a service "not capable of substantial or commercially significant noninfringing uses," the inverse of the Sony Betamax staple-article rule (Sony Corp. of America v. Universal City Studios, Inc., 464 U.S. 417 (1984)). Internet access, the Court reasoned, is the paradigm of a service with overwhelmingly lawful uses, so merely continuing to serve a customer who happens to infringe—even after thousands of notices—cannot itself establish the culpable intent the doctrine requires. Knowing about infringement and declining to cut off a subscriber is not, without more, the same as intending the infringement.

Two boundaries on the holding deserve emphasis, because they shape exactly how much changed. First, the decision is about contributory liability only. The Court pointedly left vicarious liability—the theory that turns on a defendant's right and ability to control the infringer plus a direct financial benefit—untouched, and lower courts will now do more work under that heading. Second, Justice Sotomayor, joined by Justice Jackson, concurred only in the judgment, arguing that the Court went too far in jettisoning material contribution wholesale and warning that the majority's intent gloss could under-protect copyright owners against intermediaries who profit from looking the other way. The split signals that the contours of the new rule will be litigated for years.

What does Cox v. Sony mean for the liability map this article draws? Three things. First, it dramatically raises the bar for suing conduit ISPs (the § 512(a) world) over their subscribers' file-sharing; the rights holders' most lucrative recent theory has been gutted at the merits, quite apart from any safe harbor. Second, it shifts attention to the surviving theories—inducement, vicarious liability, and direct infringement—so expect plaintiffs to plead financial-benefit-and-control facts more aggressively and to hunt for marketing or design choices that look like encouragement. Third, and easy to miss, it changes the stakes of the safe harbor. Section 512's repeat-infringer condition still matters, but its strategic value has fallen for conduit providers: a platform that would not be contributorily liable under Cox anyway has less to lose if it stumbles out of § 512(a). For hosting platforms (§ 512(c)), the safe harbor remains central, because direct-infringement and vicarious theories there are very much live. The bottom line is that the Supreme Court did for copyright's secondary-liability doctrine something like what Tiffany v. eBay did for trademark's: it told rights holders that generalized notice of a problem is not the same as a service built to cause it.

Trademark Has No 512: The Common-Law Track

Copyright owners have a tidy, statutory rulebook. Trademark owners do not. There is no Section 512 for trademarks—no notice-and-takedown safe harbor, no registered agent, no statutory counter-notice. Because Section 230 also excludes "any law pertaining to intellectual property," a trademark plaintiff who sues a platform faces neither a Section 230 shield nor a Section 512 safe harbor. The whole case is fought on the merits of trademark law's secondary-liability doctrines.

The governing framework comes from a brick-and-mortar Supreme Court case, Inwood Laboratories, Inc. v. Ives Laboratories, Inc., 456 U.S. 844 (1982), which held that a manufacturer can be contributorily liable for trademark infringement if it intentionally induces infringement or continues to supply its product to one it "knows or has reason to know" is engaging in infringement. Translating that pharmacy-counter rule to the internet fell to the Second Circuit in Tiffany (NJ) Inc. v. eBay Inc., 600 F.3d 93 (2d Cir. 2010), cert. denied, 562 U.S. 1082 (2010). Tiffany argued that eBay should be liable for the flood of counterfeit Tiffany jewelry sold on its marketplace. The court disagreed, holding that generalized knowledge that some counterfeits are sold is not enough; contributory liability requires knowledge of specific listings or sellers, and eBay's robust notice-and-takedown program (its "VeRO" system) meant it removed specific items when notified. Tiffany v. eBay is, in effect, the judicially improvised trademark analog to Section 512: it rewards platforms that build responsive takedown systems and punishes only those that ignore specific, known infringement.

It is worth pausing on a doctrinal symmetry the 2026 Supreme Court term has now sharpened. Trademark's Inwood/Tiffany line has long demanded specific knowledge and (in the inducement branch) something like culpable intent. With Cox v. Sony, copyright's contributory doctrine has migrated toward the same place—intent and tailoring, not mere knowledge plus contribution. The two regimes are converging on a shared intuition: an intermediary that builds general-purpose infrastructure and responds to specific complaints is not an infringer, while one that designs for, encourages, or knowingly fosters infringement is.

But the ground is shifting, and counterfeits are the fault line. The more a platform behaves like a seller rather than a passive venue—setting prices, holding inventory, fulfilling orders, designing the buying experience—the more it risks direct or contributory liability. The Fourth Circuit allowed a contributory-infringement and counterfeiting case against Amazon to proceed in part precisely because Amazon's involvement in fulfillment blurred the line between marketplace and merchant. International developments push the same way: the Court of Justice of the EU, in joined cases involving Louboutin and Amazon (2022), held that a marketplace can be directly liable when its presentation leads consumers to believe the platform itself is selling the infringing goods. The strategic lesson for brand owners and their counsel is to scrutinize how "hands-on" a platform is, and to plead facts showing specific knowledge and active participation. Our strategic guide to brand protection online develops the enforcement playbook—test buys, VeRO and Brand Registry programs, ACPA cybersquatting claims, and coordinated takedowns—that fills the gap left by the absence of a trademark Section 512.

A final wrinkle: even though Section 230 does not apply to the IP claim itself, trademark plaintiffs sometimes try to smuggle in non-IP theories (negligence, state unfair competition, consumer-protection statutes) that are subject to Section 230. Courts then sort the complaint claim by claim—a tedious but essential exercise that explains why the same lawsuit can have some counts dismissed on Section 230 grounds and others survive as "IP."

The Supreme Court's 2023–2024 Reckoning

For all the talk of reform, several of the most consequential recent developments in intermediary liability came not from Congress but from the Supreme Court, in a series of decisions that any current treatment of Section 230 must address.

The first two arrived together in 2023. In Gonzalez v. Google LLC, 598 U.S. 617 (2023), the families of victims of an ISIS attack argued that YouTube's algorithmic recommendations of terrorist content fell outside Section 230 because the recommendations were the platform's own speech, not the user's. This was the long-awaited test of whether Section 230 protects recommendation algorithms—the central nervous system of the modern internet. The Court ducked it. In a brief per curiam opinion, it found the underlying claims largely failed for reasons explained in its companion case and declined to opine on Section 230's reach. That companion case, Twitter, Inc. v. Taamneh, 598 U.S. 471 (2023), held that the platforms' generic provision of services to billions of users, including some terrorists, did not amount to "aiding and abetting" terrorism under the Anti-Terrorism Act. Taamneh mattered enormously because it let the Court resolve Gonzalez without touching Section 230 at all—the immunity question was left for another day. The practical effect: algorithmic recommendation lives in a doctrinal twilight, immunized in some courts and not others.

The third and, for the structure of the field, most important decision came in 2024: Moody v. NetChoice, LLC, 603 U.S. 707 (2024). Moody was not a Section 230 case in form—it concerned First Amendment challenges to Texas and Florida laws that tried to restrict how large platforms moderate and curate content. But its reasoning reverberates through everything in this article. Writing for the Court, Justice Kagan held that a platform's editorial choices about what content to host, remove, prioritize, and arrange are themselves expressive activity protected by the First Amendment—that compiling and curating others' speech into a feed is analogous to a newspaper's editorial judgment, which the government cannot commandeer. The Court vacated and remanded because the lower courts had not properly analyzed the laws' full range of applications (a lesson in facial-challenge discipline), but the constitutional signal was unmistakable.

Why does Moody matter for IP and for reform? Because it reframes the stakes. If content moderation and curation are First Amendment-protected editorial activity, then statutes that try to force platforms to host or carry content face serious constitutional headwinds—and statutes that try to force aggressive removal raise the mirror-image risk of pressuring protected editorial choices and chilling lawful speech. Moody thus supplies an independent constitutional backstop that would survive even a complete repeal of Section 230. As the Information Technology and Innovation Foundation and others have observed, platforms stripped of Section 230 would still win most user-content suits on First Amendment grounds—but only after the expense of litigating them. Moody changes the conversation from "does the statute immunize this?" to "can the government constitutionally regulate editorial judgment at all?" That is a deeper question, and it is the lens through which the reform bills below should be read.

The Algorithm Question After Anderson v. TikTok

While the Supreme Court dodged the algorithm question in Gonzalez, the Third Circuit ran straight at it. In Anderson v. TikTok, Inc., 116 F.4th 180 (3d Cir. 2024), the court considered a wrenching case in which a ten-year-old died attempting a dangerous "Blackout Challenge" that TikTok's "For You" algorithm had allegedly served to her. The Third Circuit held that Section 230 did not immunize TikTok, reasoning—and explicitly leaning on Justice Thomas's concurrences and on the logic of Moody—that when a platform's algorithm curates and recommends content, that curation is the platform's own expressive product, not merely "information provided by another information content provider." In a striking jujitsu move, the court used Moody's holding (that curation is protected speech) to conclude that curation is therefore the platform's own speech and so falls outside Section 230's protection for third-party content.

Anderson is a circuit-level decision, not a Supreme Court ruling, and other courts have been more cautious; the doctrine is genuinely unsettled and fast-moving. But for IP, the implications are direct—and they now interact with Cox v. Sony in an interesting way. Recommendation engines decide which videos, songs, listings, and images reach audiences. If algorithmic amplification can strip Section 230 immunity for the harms of recommended content, plaintiffs may argue by analogy that a platform's active promotion of infringing material—pushing a pirated film into millions of "For You" feeds—looks less like passive hosting and more like the inducement or material participation that grounds secondary infringement. That said, Cox cuts the other direction on the contributory branch: after Cox, a plaintiff must show the platform intended the infringement, so the mere fact that a neutral, lawful-use-dominated recommender happened to surface an infringing clip will rarely suffice. Expect the algorithm fight to shift toward inducement framing (was the recommender designed or tuned to push infringing content?) and toward vicarious liability (does the platform control and profit from the amplified infringement?). The line between hosting and developing, drawn in Roommates.com, is being redrawn in real time around the algorithm. We explore the adjacent questions of automated curation, data, and rights at the boundary of data scraping and the computer-fraud and copyright claims after hiQ v. LinkedIn.

The 2026 Reform Landscape: From Carve-Outs to Sunset

Congressional appetite for Section 230 reform has only grown, and the proposals span a spectrum from surgical to apocalyptic. Understanding them matters even for the IP practitioner, because—as we will see—reform aimed entirely at non-IP harms would still reshape how platforms police infringement.

The Sunset Section 230 Act is the most dramatic. Introduced in December 2025 by Senators Lindsey Graham and Dick Durbin, with a bipartisan roster of co-sponsors, the bill would simply repeal Section 230 two years after enactment. Its theory is not that the internet should lose its liability shield forever, but that a hard deadline would force the technology industry "to come to the table" and negotiate a replacement. It is a legislative game of chicken. The risk, as critics note, is that the clock could run out with no replacement, dumping platforms back into the pre-Section 230 world of Stratton Oakmont, where moderation invites publisher liability and abdication invites a flood of harmful content. The Information Technology and Innovation Foundation warned that a sunset would produce "an influx of frivolous lawsuits" that platforms would mostly win but at great expense—expense that "would take resources away from innovation."

The SAFE TECH Act, championed by Senators Mark Warner and Mazie Hirono, is the targeted alternative. It would peel back Section 230 immunity for paid advertising, content that facilitates civil-rights violations, certain stalking and harassment claims, and a few other categories, while preserving the core shield for ordinary user-generated content. The bill's logic is that platforms should not enjoy immunity for content they are paid to distribute.

The EARN IT Act and STOP CSAM Act condition immunity on platform compliance with best practices for detecting and removing child sexual abuse material, and create new exceptions for CSAM-related claims. Civil-liberties and security advocates argue these bills would pressure platforms to abandon strong encryption and to over-scan, a debate with obvious spillover into how aggressively platforms scan everything else, including for copyright.

The TAKE IT DOWN Act, signed into law in May 2025, is the most concrete reform on the books. It criminalizes the publication of non-consensual intimate imagery—including AI-generated deepfakes—and requires covered platforms to establish a notice-and-removal process and to remove flagged material within 48 hours of a valid request. Although it does not amend Section 230's text, it imposes a new statutory takedown duty modeled loosely on the DMCA's notice-and-takedown architecture. It is, in a sense, a third sibling alongside Section 230 and Section 512: a content-specific notice-and-removal regime for intimate imagery. Its existence proves that Congress's preferred tool for new online harms is increasingly the DMCA-style takedown duty rather than wholesale immunity reform—a development with deep relevance to anyone designing platform compliance systems, and one that intersects with the deepfake and likeness questions covered in our piece on the right of publicity meeting digital doubles.

Beyond these headliners, a cottage industry of indirect reforms—transparency mandates, algorithm-disclosure requirements, age-verification rules, and commissioned studies—reshapes platform behavior without touching § 230's text. The Lawfare Section 230 tracker catalogs dozens of such proposals across recent Congresses. And at the state level, the very statutes struck or remanded in Moody signal that states will keep legislating in this space, ensuring continued friction between state ambitions and federal constitutional limits.

Why Reform Aimed Elsewhere Still Hits IP

Here is the counterintuitive core of this article: even reform that says nothing about copyright or trademark would transform IP enforcement, because platforms do not run separate machines for separate harms. They run one machine.

Shared moderation infrastructure. A modern platform's trust-and-safety stack is a single, integrated system. The same upload pipeline, the same classifiers, the same human-review queues, and the same appeal mechanisms handle copyright takedowns, harassment reports, CSAM detection, and misinformation flags. YouTube's Content ID system began as a copyright tool—matching uploads against a reference database of rights holders' works—but the same fingerprinting and machine-learning capabilities now underpin moderation across categories. When new legal pressure forces a platform to upgrade or expand that machine for any purpose, the upgraded machine processes IP too. If the EARN IT Act pushes a platform to deploy more aggressive upload scanning for CSAM, that scanning architecture is trivially extensible to scanning for copyrighted audio. The IP consequences of non-IP reform are therefore not speculative; they are baked into the engineering.

The drift from notice-and-takedown to filtering. Section 512(m)'s no-monitoring principle reflects a 1998 judgment that reactive takedown beats proactive filtering. But that judgment rested on assumptions—about cost, error rates, and technical feasibility—that two decades of progress have eroded. Perceptual hashing, audio fingerprinting, and machine-learning classifiers have matured enormously. Once a platform builds proactive filters to satisfy non-IP mandates, the marginal cost of pointing them at copyright collapses, and rights holders who have long lobbied for "notice-and-staydown" obligations may achieve through the back door what Congress never gave them through the front. Europe has already taken this step explicitly: Article 17 of the EU's 2019 Copyright Directive effectively requires large platforms to license or filter copyrighted content, a regime the CJEU upheld in Poland v. Parliament and Council (Case C-401/19, 2022) subject to safeguards for lawful use.

Over-removal and the chill on lawful use. Filtering is blunt. Automated systems are poor at the context-dependent judgments that copyright fair use and trademark nominative-fair-use defenses demand. A bot cannot easily tell criticism from infringement, parody from piracy, or a lawful product review from counterfeiting. When liability rises, the rational platform response is to remove first and ask questions never, because removing lawful content is cheap and defending a lawsuit is expensive—the phenomenon scholars call "collateral censorship." Section 512's counter-notice process is a weak corrective: it is slow, it is procedurally daunting, it forces anonymous users to unmask themselves to their accusers, and studies suggest much lawful content removed via DMCA is never restored. The same dynamics that surfaced in the generative-AI copyright disputes—where even human experts struggle to draw the infringement line become catastrophic when the line-drawing is delegated to filters operating at the scale of billions of uploads.

Business-model and risk recalibration. Reform-driven uncertainty would force platforms to rethink what content they host at all. Some would narrow their offerings; a small video service might simply ban background music rather than license or filter it, a categorical over-correction that harms creators while protecting no one's rights. Others would tighten pre-publication review, inevitably extending that review to IP. The combined effect is that the equilibrium created by the Section 230/Section 512 pairing—predictable enough for platforms to host vast quantities of user content—would wobble, and IP enforcement would wobble with it. It is worth noting that Cox v. Sony slightly recalibrates this calculus on the copyright side: by making contributory liability harder to establish, the decision relieves some of the pressure that drove conduit ISPs toward aggressive subscriber termination. But that relief is asymmetric—it helps neutral conduits far more than hosting platforms, and it does nothing for trademark or for the non-IP exposures that drive the filtering arms race.

The Disparate Impact on Platforms of Different Sizes

A recurring and underappreciated theme is that reform's burdens fall unevenly. The same change that a trillion-dollar company shrugs off can be fatal to a startup, which means that reforms sold as "platform accountability" can perversely entrench the largest incumbents.

Large platforms can absorb the costs. Content ID reportedly cost hundreds of millions of dollars to build and demands constant investment to maintain; only a handful of companies can field anything comparable. Major platforms also enjoy direct licensing relationships with record labels, studios, and major brands that bypass takedown entirely—YouTube, Spotify, and TikTok pay rights holders under negotiated deals, converting potential infringement into revenue. If reform effectively mandates filtering or raises litigation exposure, the incumbents already have the filters and the licenses. The mandate becomes a moat.

Small platforms face existential risk. A single lawsuit—however meritless, and however certain the platform is to win under Moody and the IP doctrines surveyed above—can bankrupt a startup before it reaches summary judgment. Katie Tummarello of Engine, which represents startups, has warned that Section 230 reforms "could disproportionately harm smaller startups," and the Electronic Frontier Foundation has argued that "the free and open internet as we know it couldn't exist without Section 230." For IP specifically, the unpredictability of fair-use analysis makes early dismissal unlikely and litigation costly, so a small platform's rational move is often to ban entire content categories—no music, no images, no embeds—rather than risk the suit. Those categorical bans impoverish the internet without protecting any rights holder whose work was never actually at risk. The asymmetry is why thoughtful reform proposals increasingly include small-platform carve-outs, revenue or user thresholds, or grace periods—mechanisms borrowed from the DSA's tiered structure, discussed next.

Marginalized communities and viewpoint diversity bear a further, quieter cost. Automated moderation disproportionately flags content from communities of color, LGBTQ+ creators, and religious and political minorities, owing to biased training data and context-blind keyword matching. As Public Knowledge has observed, when legal or reputational risk attaches to a category of content, "research consistently shows that content from communities of color, women, LGBTQ+ communities, and religious minorities will be the first to be removed, downranked, or demonetized." In the IP context, this hits remix and transformative cultures hardest—precisely the creative practices that copyright's fair-use doctrine is supposed to protect.

The European Mirror: The Digital Services Act

The EU offers a fully built alternative to the American model, and it is instructive precisely because it took a different road. The Digital Services Act (Regulation (EU) 2022/2065), fully applicable since February 2024, keeps a conditional liability shield but layers extensive affirmative duties on top of it.

The DSA's baseline immunity, inherited from the E-Commerce Directive, looks less like Section 230's near-categorical shield and more like the DMCA's knowledge-based model: a hosting provider is not liable for user content so long as it lacks "actual knowledge of illegal activity or illegal content" and acts "expeditiously" to remove such content once it knows. Crucially, the DSA preserves a prohibition on general monitoring obligations (Article 8), echoing § 512(m)—though sector-specific rules like the Copyright Directive's Article 17 carve their own filtering exceptions.

What sets the DSA apart is its scaffolding of procedural duties, tiered by platform size. All intermediaries must name points of contact and legal representatives and publish transparency reports. "Online platforms" must additionally run notice-and-action mechanisms, give users "statements of reasons" explaining moderation decisions, provide internal complaint handling, and submit to out-of-court dispute settlement. "Very Large Online Platforms" (those with 45 million-plus EU users) face the heaviest obligations: systemic-risk assessments, independent audits, researcher data access, and crisis protocols.

For IP, several DSA features are notable. Its mandatory notice-and-action and appeal mechanisms formalize what U.S. platforms already do under the DMCA, and its "trusted flagger" system—prioritizing notices from vetted expert organizations—could streamline rights-holder enforcement (though it also risks over-removal if flaggers' notices are rubber-stamped). The "statement of reasons" requirement could bring welcome transparency to IP takedowns, helping users understand and contest removals. And the famous "Brussels Effect"—the tendency of EU rules to become de facto global standards because compliance is cheaper to implement everywhere than to localize—means American users may receive DSA-style procedures regardless of what Congress does. A U.S. rights holder might find that the most consequential reform of online IP enforcement in this decade was written in Brussels, not Washington. The contrast also clarifies the American choice: the U.S. could keep Section 230's broad shield, adopt the DSA's procedural-obligations model, or sunset into the uncharted territory of common-law publisher liability. Each path implies a different future for IP enforcement.

A Worked Hypothetical: Streamly Under Three Regimes

Return to Streamly and Dana's sneaker-review video, and trace how the four complaints resolve under three possible legal worlds.

Today (Section 230 plus Section 512, after Cox v. Sony). The sneaker company's defamation claim is dismissed at the pleading stage: under § 230(c)(1), Streamly is not the speaker of Dana's words, and Zeran forecloses notice-based liability. The record label's copyright claim never reaches a courtroom; Streamly's registered DMCA agent receives the takedown, Streamly pulls the song clip "expeditiously," and—because Streamly maintains a real repeat-infringer policy after the Cox litigation—it keeps its § 512(c) safe harbor. Even if Streamly somehow fumbled the safe harbor, Cox v. Sony now makes it hard for the label to win on contributory liability without showing Streamly induced the infringement or runs a service tailored to it; a general-purpose video host with vast lawful uses does not fit that bill (though the label might still try a vicarious-liability theory, which Cox left open). The movie studio's copyright threat resolves the same way, though Dana might counter-notice and assert fair use for the brief, transformative trailer clip, invoking the Lenz good-faith requirement. The rival shoemaker's counterfeit-listing trademark claim is the hard one: Section 230 does not apply (it is IP), there is no Section 512 for trademarks, and the case turns on Tiffany v. eBay—did Streamly have specific knowledge of the counterfeit listings and fail to act, and how seller-like is its "shop this look" fulfillment? That count may survive a motion to dismiss.

Under the SAFE TECH Act. If Dana's video were a paid advertisement Streamly distributed, the defamation analysis could change—SAFE TECH would strip Section 230 immunity for paid content, exposing Streamly to publisher liability for the ad. The IP claims are unaffected by their text but indirectly pressured: facing new advertising liability, Streamly tightens pre-publication review, and that review net catches more music and logos too.

Under a completed Section 230 sunset. Now the shield is gone. The defamation claim proceeds past the pleadings; Streamly must litigate it, very likely winning on the merits and on Moody's First Amendment ground, but only after costly discovery. To reduce its newly unbounded exposure, Streamly deploys aggressive upload filtering—and that same filter now scans for copyrighted audio and trademarked logos, catching Dana's lawful, fair-use trailer clip in the dragnet and auto-removing it with no human ever assessing fair use. The paradox crystallizes: a reform that never mentioned copyright has made copyright enforcement more automated, more over-inclusive, and less protective of lawful expression than the Section 230/Section 512 world it replaced—and it has done so even as Cox v. Sony made the underlying contributory-liability claim harder to prove, because the platform's risk-aversion, not its actual legal exposure, drives the over-removal.

The hypothetical makes the thesis concrete. IP enforcement is not insulated from Section 230 reform by the § 230(e)(2) carve-out; it is exposed to that reform through the shared machinery of moderation.

Practical Guidance for Stakeholders

For platform operators, the to-do list is concrete and largely achievable today. Register and renew your DMCA agent with the Copyright Office, and calendar the three-year renewal—a lapse is an unforced error that can forfeit § 512(c). Write a real repeat-infringer policy and, more importantly, follow it; the Cox line proves that a policy on paper that is ignored in practice can forfeit the safe harbor, even if Cox v. Sony has made the underlying contributory claim harder to win. Do not over-read Cox v. Sony: it narrows contributory liability for conduit-like services, but it leaves vicarious liability, direct infringement, inducement, and the entire trademark track intact, so avoid marketing or product choices that look like encouragement of infringement. Build notice-and-action and appeal mechanisms that would satisfy both the DMCA and the DSA, since the Brussels Effect makes dual compliance the efficient default. Audit how "seller-like" your marketplace features are, because fulfillment, pricing, and curation push you toward Tiffany v. eBay liability and away from passive-host immunity. Preserve human review for the contextual calls—fair use, parody, criticism—that filters botch. And engage with policymakers: technical testimony about error rates and feasibility is the surest way to keep reform tethered to reality.

For rights holders, the strategic picture is nuanced—and Cox v. Sony just changed it. Against conduit ISPs, the "knowledge plus material contribution" theory is gone; plan instead to develop inducement facts (marketing, design, tuning) or vicarious-liability facts (control plus direct financial benefit). Reform that nudges platforms toward filtering may reduce your enforcement burden—but only if you can supply reference files and metadata, which favors large rights holders and leaves smaller creators behind. Send specific, well-documented notices: Tiffany and Viacom both reward specificity and punish generalized grievance, and post-Cox specificity matters more than ever. Consider whether aggressive platform moderation actually serves your interests; the same fan engagement, remix culture, and viral sharing that filtering would suppress is often the engine of a work's commercial success. And watch the trademark frontier, where the marketplace-as-seller theory is your most promising avenue against counterfeiters. Our guidance on filing and responding to DMCA takedown notices and on brand protection online translates these principles into operational steps.

For content creators, the watchword is resilience. Understand fair use before you build on others' work; document your creative process; keep originals and archives; and diversify across platforms so a single wrongful takedown cannot erase your audience. Know your counter-notice rights under § 512(g)—they are underused precisely because they are intimidating. And recognize that your voice is structurally underrepresented in reform debates dominated by platforms and major rights holders; creator-advocacy organizations exist to close that gap. Bear in mind, too, that piracy is not a victimless shortcut—the consequences of pirating intellectual property reach individual users, not just platforms. The broader landscape of online speech, platform terms, and user obligations is mapped in our primer on social media law basics.

Key Takeaways

Section 230 and intellectual property occupy separate but interlocking spheres. Section 230(c)(1) shields platforms from being treated as the publisher of user content, but § 230(e)(2) carves out "any law pertaining to intellectual property," so the famous shield never covered IP claims to begin with. The copyright gap is filled by the DMCA's Section 512 notice-and-takedown safe harbor; the trademark gap is filled by nothing statutory, leaving common-law contributory liability under Inwood and Tiffany v. eBay to do the work. The federal-versus-state scope of the IP carve-out remains split (Perfect 10 versus Doe v. Friendfinder). On the merits, the most important 2026 development is Cox Communications v. Sony Music Entertainment, in which a unanimous Supreme Court junked the half-century-old "knowledge plus material contribution" test and held that contributory copyright liability requires inducement or a service tailored to infringement—dramatically narrowing exposure for general-purpose intermediaries while leaving vicarious liability intact. The Court's earlier work—Gonzalez, Taamneh, and above all Moody v. NetChoice—reframed the field around the First Amendment status of editorial curation, while Anderson v. TikTok threw algorithmic recommendation into doctrinal flux. Reform proposals range from the surgical (SAFE TECH, the enacted TAKE IT DOWN Act) to the existential (the Sunset Section 230 Act), and even reform aimed entirely at non-IP harms would reshape IP enforcement through the shared infrastructure of content moderation, pushing platforms from reactive takedown toward proactive filtering with all its risks of over-removal. The EU's Digital Services Act offers a procedural-obligations alternative whose Brussels Effect may reach American users regardless of Congress. For everyone—platforms, rights holders, and creators—the prudent course is to build flexible, transparent, dual-compliant systems and to participate in the policy conversation before it is settled.

Frequently Asked Questions

Does Section 230 protect platforms from copyright claims? No. Section 230(e)(2) expressly excludes "any law pertaining to intellectual property," and courts read that to include federal copyright. A platform's protection against copyright claims comes instead from the DMCA's Section 512 safe harbor, which requires a registered agent, a repeat-infringer policy, prompt takedown on valid notice, and no disqualifying knowledge or financial benefit. Even outside the safe harbor, after Cox v. Sony a copyright owner must clear a high bar to hold a general-purpose platform contributorily liable. See our DMCA takedown guide.

What did Cox v. Sony decide? In Cox Communications, Inc. v. Sony Music Entertainment, 607 U.S. ___ (2026), a unanimous Supreme Court (opinion by Justice Thomas) held that contributory copyright liability requires that the defendant intended its service to be used for infringement—shown either by inducement (actively encouraging infringement, the Grokster model) or by supplying a service tailored to infringement (one with no substantial noninfringing uses). Mere knowledge of infringement plus continued service is not enough. The Court reversed the Fourth Circuit's judgment against Cox and left vicarious liability untouched; Justice Sotomayor, joined by Justice Jackson, concurred only in the judgment.

If Congress repealed Section 230 tomorrow, would copyright enforcement change? Not directly, because copyright already runs through Section 512 (and, on the merits, through Cox v. Sony), not Section 230. But it would change indirectly. Stripped of Section 230 for everything else, platforms would face new liability for non-IP claims and would likely respond by deploying broader upload filtering—filters that scan for copyrighted material too, increasing automated removals and over-removal of fair use.

Why is trademark treated differently from copyright online? Because there is no trademark equivalent of Section 512. Trademark claims against platforms are governed by common-law secondary-liability doctrines—Inwood Laboratories and Tiffany v. eBay—which require knowledge of specific infringing listings, not merely general awareness that some infringement occurs. The more a platform behaves like a seller rather than a passive venue, the greater its exposure. After Cox v. Sony, copyright's contributory standard has actually converged toward trademark's emphasis on intent and tailoring.

What did Moody v. NetChoice decide, and why does it matter here? Moody v. NetChoice, 603 U.S. 707 (2024), held that platforms' editorial choices about curating and arranging user content are protected First Amendment expression that the government generally cannot commandeer. It matters because it gives platforms a constitutional defense that would survive even a full Section 230 repeal—and it reframes both pro-carriage and forced-removal mandates as potential intrusions on editorial judgment.

Did the Supreme Court decide whether Section 230 protects recommendation algorithms? No. In Gonzalez v. Google (2023) the Court declined to reach the question, resolving the dispute through the companion Taamneh case under the Anti-Terrorism Act instead. The Third Circuit later held in Anderson v. TikTok (2024) that algorithmic curation is the platform's own speech and so falls outside Section 230, but that view is contested and the law remains unsettled.

What is the TAKE IT DOWN Act? Signed into law in May 2025, it criminalizes non-consensual intimate imagery (including AI deepfakes) and requires covered platforms to remove flagged material within 48 hours via a notice-and-removal process. It does not amend Section 230's text, but it adds a DMCA-style takedown duty for a specific category of content—evidence that Congress increasingly prefers targeted takedown obligations over broad immunity reform.

Is a right-of-publicity claim against a platform barred by Section 230? It depends on the circuit. The Ninth Circuit (Perfect 10 v. CCBill) limits the § 230(e)(2) IP carve-out to federal IP, so state-law right-of-publicity claims remain barred by Section 230. Other courts (Doe v. Friendfinder) read "any law" to include state IP claims, allowing them to proceed. Know your forum.

Does the EU's Digital Services Act affect U.S. platforms and users? Often, yes—through the "Brussels Effect." Because it is usually cheaper to implement one global compliance system than to localize, many platforms extend DSA-required notice-and-action mechanisms, statements of reasons, and appeal processes to all users worldwide, including Americans, regardless of U.S. law.

References and Further Reading

47 U.S.C. § 230 (Communications Decency Act, Section 230), including § 230(c)(1), § 230(c)(2), and the § 230(e)(2) intellectual-property exception

17 U.S.C. § 512 (DMCA safe harbors); 17 U.S.C. § 1201 (anti-circumvention)

Reno v. ACLU, 521 U.S. 844 (1997)

Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997)

Stratton Oakmont, Inc. v. Prodigy Services Co., 1995 WL 323710 (N.Y. Sup. Ct. May 24, 1995)

Fair Housing Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d 1157 (9th Cir. 2008) (en banc)

Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102 (9th Cir. 2007)

Doe v. Friendfinder Network, Inc., 540 F. Supp. 2d 288 (D.N.H. 2008)

Viacom International, Inc. v. YouTube, Inc., 676 F.3d 19 (2d Cir. 2012)

Capitol Records, LLC v. Vimeo, Inc., 826 F.3d 78 (2d Cir. 2016)

Lenz v. Universal Music Corp., 815 F.3d 1145 (9th Cir. 2016)

Sony Corp. of America v. Universal City Studios, Inc., 464 U.S. 417 (1984)

Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913 (2005)

Gershwin Publishing Corp. v. Columbia Artists Management, Inc., 443 F.2d 1159 (2d Cir. 1971)

BMG Rights Management (US) LLC v. Cox Communications, Inc., 881 F.3d 293 (4th Cir. 2018)

Sony Music Entertainment v. Cox Communications, Inc., 93 F.4th 222 (4th Cir. 2024)

Cox Communications, Inc. v. Sony Music Entertainment, 607 U.S. ___, No. 24-171 (2026) (Thomas, J.) (Sotomayor, J., concurring in the judgment, joined by Jackson, J.)

Inwood Laboratories, Inc. v. Ives Laboratories, Inc., 456 U.S. 844 (1982)

Tiffany (NJ) Inc. v. eBay Inc., 600 F.3d 93 (2d Cir. 2010), cert. denied, 562 U.S. 1082 (2010)

Gonzalez v. Google LLC, 598 U.S. 617 (2023)

Twitter, Inc. v. Taamneh, 598 U.S. 471 (2023)

Moody v. NetChoice, LLC, 603 U.S. 707 (2024)

Anderson v. TikTok, Inc., 116 F.4th 180 (3d Cir. 2024)

U.S. Copyright Office, "Section 512 of Title 17: A Report of the Register of Copyrights" (May 2020), https://www.copyright.gov/policy/section512/

Congressional Research Service, "Section 230: An Overview," Report R46751

Sunset Section 230 Act (introduced December 2025); SAFE TECH Act; EARN IT Act; STOP CSAM Act; TAKE IT DOWN Act (enacted May 2025)

Regulation (EU) 2022/2065 (Digital Services Act); Directive (EU) 2019/790 (Copyright Directive), Article 17; Poland v. Parliament and Council, Case C-401/19 (CJEU 2022)

Lawfare Section 230 Tracker; Electronic Frontier Foundation, "Section 230"; Public Knowledge, Section 230 reform analyses; Information Technology and Innovation Foundation commentary

This article is general information, not legal advice. Intermediary-liability law is unsettled and fast-moving, varies by jurisdiction, and turns on specific facts; consult qualified counsel before acting on anything discussed here.