Supreme Court Rules for ISPs in Landmark Copyright Case

On March 25, 2026, the United States Supreme Court issued the unanimous, landmark decision in Cox Communications, Inc. v. Sony Music Entertainment,¹ reversing a $1 billion jury verdict against Cox, a major internet service provider (ISP). The Court held that an ISP cannot be held liable for contributory copyright infringement committed by its subscribers merely because it knew some users were engaging in illegal file-sharing. This is the first decision to directly address contributory copyright liability as applied to general internet access providers, significantly reshaping the legal landscape for ISPs, technology companies, and any business that provides services others might use to infringe copyrights.

Background

The dispute began when Sony Music Entertainment and other major record labels sued Cox Communications, alleging that Cox knowingly allowed subscribers to pirate music through peer-to-peer file-sharing networks. Sony employed a monitoring firm called MarkMonitor to track infringement across the internet. Over a roughly two-year period, MarkMonitor sent Cox over 160,000 notices linking specific subscriber IP addresses to alleged copyright violations, including illegal downloads and uploads of copyrighted songs.

Cox was not without a response. The company had an infringement policy in place, issuing warnings, suspending, and eventually terminating subscriber accounts — and argued that its system ended 98% of identified infringements. However, Cox’s policy required up to 13 notices before an account could be terminated, and during the relevant period, Cox terminated only 32 subscribers for copyright infringement, even as it terminated hundreds of thousands of accounts for nonpayment.

A federal jury in the Eastern District of Virginia found Cox willfully liable for both contributory and vicarious copyright infringement involving over 10,000 copyrighted works and awarded Sony $1 billion in statutory damages. The Fourth Circuit upheld the contributory infringement finding. Cox appealed, and the Supreme Court agreed to hear the case.

Legal Framework

Under the U.S. Copyright Act, the primary infringer is the person who actually reproduces or distributes copyrighted material without authorization.² But copyright law also recognizes secondary liability — that is, liability imposed on a party who did not personally commit the infringement but whose conduct facilitated or enabled it. Secondary liability comes in two forms:

• Contributory liability: where a party intentionally induces or materially contributes to another’s infringement; and
• Vicarious liability: where a party profits from infringement while having the ability to supervise or stop it.

The Supreme Court granted certiorari on only the issue of contributory liability.

The Court’s Decision: Intent Is the Linchpin

Justice Clarence Thomas authored the majority opinion, joined by seven other justices. The Court held that an ISP or service provider is contributorily liable for a user’s infringement only if it intended its service to be used for infringement. The Court further established that this required intent can be proven in only two ways:

• Inducement: The provider affirmatively induced or encouraged users to infringe — such as by marketing its service as a tool for piracy; or
• Tailored-to-infringement: The provider’s service was specifically designed or tailored to facilitate copyright infringement as its primary or principal purpose.

“A company is not liable as a copyright infringer for merely providing a service to the general public with knowledge that it will be used by some to infringe copyrights.”

Justice Clarence Thomas, writing for the Court

Why Cox Was Not Liable

Applying these standards to Cox, the Court found no liability on three grounds. First, Sony had identified infringing IP addresses — not specific infringers. Because multiple people (family members, guests, dormitory residents) can share an IP address, Cox’s knowledge was about the connection used to infringe, not the actual individual who did so. This prevented any finding that Cox had induced specific acts of infringement. Second, Cox never promoted or marketed its internet service as a vehicle for piracy. Unlike the file-sharing platform at issue in MGM Studios v. Grokster — whose very business model depended on facilitating unauthorized downloads — Cox’s internet service was a general-purpose product used overwhelmingly for lawful activities. Third, Cox’s service was plainly capable of substantial, commercially significant non-infringing uses, and Cox had not tailored it to make copyright infringement easier.

The Concurrence: A Word of Caution

Justice Sotomayor, joined by Justice Jackson, concurred in the judgment but wrote separately to express concern that the majority opinion unnecessarily narrowed secondary liability doctrine. Justice Sotomayor argued that other common-law theories — such as aiding and abetting — could potentially apply in the copyright context, and that the majority’s reasoning prematurely forecloses those avenues. Businesses and their counsel should note this concurrence as a signal that secondary liability questions in the copyright arena may not be entirely settled.

The DMCA’s Safe Harbor: Still Vital, But Not the Whole Story

The Digital Millennium Copyright Act (DMCA) provides a safe harbor shielding ISPs from liability for user-generated infringement if the provider adopts and reasonably implements a repeat-infringer termination policy, responds to takedown notices, and does not receive a direct financial benefit from the infringement. Notably, in this case Cox was unable to invoke the DMCA safe harbor defense because a prior court ruling had already foreclosed it for the period in question.

The Court clarified that the DMCA’s safe harbor rules are separate from the question of whether underlying conduct is infringing in the first place. Failure to comply with the DMCA safe-harbor requirements does not, by itself, render an ISP’s conduct infringing — the DMCA creates defenses, not new bases for liability. Even so, maintaining a robust, compliant DMCA policy remains the single most important legal protection available to ISPs and online service providers.

Practical Takeaways

The Cox decision is a significant victory for the internet infrastructure and technology industries, but it is not a license for complacency. The ruling clarifies where the outer boundary of contributory liability lies — but it does not eliminate all risk. Here is what your business needs to know.

For Internet Service Providers (ISPs)

• Maintain a meaningful repeat-infringer policy. Cox survived the constitutional question here, but its DMCA defense was unavailable due to prior litigation. A properly implemented, consistently enforced DMCA takedown and termination policy is your first and strongest line of defense.
• Do not market or promote your service as a vehicle for infringing activity. The Court drew a sharp line between general internet access and services whose business model is tied to facilitating piracy. Stay clearly on the right side of that line.
• Respond to infringement notices. Even though knowledge alone is not sufficient for liability, a pattern of ignoring repeated, credible infringement notices could become relevant evidence in future litigation, including in the DMCA safe-harbor analysis.
• Monitor the Sotomayor concurrence. Justice Sotomayor’s separate opinion signals that at least two justices believe secondary liability theories beyond inducement and tailored services could potentially apply. Future litigation may test those boundaries, particularly with platforms that have more direct involvement in user activity.

For Online Platforms and Software-as-a-Service (SaaS) Providers

• The “tailored to infringement” test matters. If your platform or service is specifically designed in a way that makes it easier for users to infringe — think specialized tools for ripping or redistributing copyrighted content — you face far greater risk than a general-purpose service. Review your product’s features through this lens.
• Marketing and messaging matter. Statements in advertising, documentation, or sales materials that encourage users to use your service to access or share copyrighted material without authorization could be used as evidence of the inducement that the Court identified as a basis for liability.
• Maintain and enforce robust Terms of Service. Clearly prohibiting copyright infringement in your terms, and consistently acting on violations, supports both the DMCA safe harbor and a showing that you did not intend your service to be used for infringement.

For Businesses That Provide Services Involving Copyrighted Content

• Obtain proper licenses. If your business involves distributing, streaming, or otherwise making copyrighted works available — even as a background element of another service — make sure you have the necessary licenses. The Cox ruling does not protect businesses that have affirmatively licensed or distributed infringing content.
• Understand the limits of the ruling. Cox won because it provided a general internet service it had no reason to believe was being used predominantly for infringement. If your business model depends on user-generated content or file-sharing, you may face a much closer question, particularly if you have knowledge of specific, repeated infringement and take no meaningful action.
• Consult counsel before ignoring infringement notices. Receiving repeated, specific notices of infringement on your platform and doing nothing is a risk factor — even after Cox. While knowledge alone is no longer enough, documented indifference combined with other facts could still generate litigation exposure.

Conclusion

This case is one of the most significant copyright decisions in years. By holding that mere knowledge of user infringement — standing alone — cannot create contributory liability for an ISP, the Court has set an important and protective standard to reign in copyright infringement liability. At the same time, it has drawn a clear line against those providers that actively encourage infringement or build services designed around it are not protected.

The legal environment surrounding copyright, secondary liability, and the DMCA continues to evolve rapidly. Businesses in the technology, media, and communications sectors should review their current policies and practices in light of this ruling.

This blog posting is for informational purposes only and does not constitute legal advice.

Contact our practice group for guidance specific to your business.

Footnotes

1. Case No. 24-171 (U.S. Mar. 25, 2026). ↩

2. See 17 U.S.C. §501. ↩