Supreme Court Limits ISP Copyright Liability, Reverses $1 Billion Verdict Against Cox

The U.S. Supreme Court has sharply limited when internet providers can be held liable for their customers’ copyright infringement, overturning a $1 billion verdict against Cox Communications and rejecting a “knowledge alone” standard that could have turned broadband companies into copyright enforcers.

In a decision issued March 25, the court unanimously agreed to reverse a ruling against Cox but split on its reasoning. Justice Clarence Thomas wrote the majority opinion in Cox Communications, Inc., et al. v. Sony Music Entertainment, et al., joined by Chief Justice John Roberts and Justices Samuel Alito, Elena Kagan, Neil Gorsuch, Brett Kavanaugh and Amy Coney Barrett. Justice Sonia Sotomayor, joined by Justice Ketanji Brown Jackson, concurred in the judgment only.

The court limited its review to contributory copyright liability, a form of secondary liability for helping someone else infringe, and declined to take up a separate question about vicarious liability. It held that an internet service provider, or ISP, can be contributorily liable for user infringement only if it intended its service to be used for infringement.

That intent, the majority said, can be shown in just two ways: by proof that the provider actively induced infringement, or by proof that it offered a product or service “tailored to” infringement — in other words, one that is not capable of “substantial” or “commercially significant” lawful uses. The court rejected the U.S. Court of Appeals for the Fourth Circuit’s rule that simply supplying a product with knowledge it would be used to infringe is enough.

“Mere knowledge that some customers use a service to infringe is not enough,” the opinion emphasized, adding that a provider’s failure to take additional steps to prevent infringement, by itself, does not establish intent.

The ruling wipes out a jury verdict that had become one of the largest copyright awards ever against an ISP. Major record labels led by Sony Music Entertainment sued Cox in federal court in the Eastern District of Virginia, accusing the company of contributorily and vicariously infringing 10,017 copyrighted songs and recordings by continuing to provide internet access to subscribers repeatedly flagged for peer‑to‑peer file sharing.

In 2019, a jury found Cox, which serves about 6 million broadband subscribers, liable for willful contributory and vicarious infringement and awarded roughly $1 billion in statutory damages. During the roughly two‑year period at issue, Cox received 163,148 infringement notices from MarkMonitor, an anti‑piracy vendor working for rights holders.

The Fourth Circuit later vacated the vicarious liability findings but upheld Cox’s contributory liability and remanded on damages, adopting a knowledge‑based standard that allowed liability where Cox knew of repeat infringement and continued to provide service. The Supreme Court rejected that approach as an improper expansion of secondary liability.

Applying its new standard, the court said the record did not support contributory liability for Cox. The justices noted evidence that Cox used warning systems, suspended service, and in some cases terminated customer accounts in response to infringement accusations, including 32 subscriber terminations during the claim period.

Thomas wrote that “Cox neither induced its users’ infringement nor provided a service tailored to infringement.” The court said Cox’s general‑purpose internet access is capable of substantial lawful uses and therefore cannot be treated as a product designed for infringement.

In defining intent narrowly, the decision closely tracks the court’s earlier technology cases. In 1984, in the so‑called Betamax case, Sony Corp. of America v. Universal City Studios, the court held that distributing a device capable of “substantial noninfringing uses” does not, by itself, create contributory liability. In 2005, in MGM Studios Inc. v. Grokster, Ltd., it recognized a separate inducement theory for parties that encourage infringement.

The Cox opinion effectively fuses those precedents into a two‑path test: copyright holders must show either inducement or that the product or service is not capable of substantial noninfringing use. The court also noted that its approach aligns contributory copyright liability with analogous inducement concepts in patent law.

On the Digital Millennium Copyright Act, or DMCA, which sets out “safe harbor” defenses for online providers that follow certain procedures, the court stressed that those protections do not themselves create new bases for liability. Citing section 512(l), the opinion underscored that failing to qualify for a DMCA safe harbor “shall not bear adversely” on a provider’s liability under other law.

Sotomayor’s concurrence, joined by Jackson, agreed that the specific judgment against Cox should be reversed on the current record but criticized the majority for narrowing secondary liability too much. The concurrence warned that the majority’s framework could weaken the incentives Congress built into the DMCA for providers to adopt and enforce policies against repeat infringers, including terminating accounts where appropriate.

Cox, in a March 25 statement, cast the ruling as a confirmation that broadband providers are not front‑line copyright enforcers. “This opinion affirms that Internet service providers are not copyright police and should not be held liable for the actions of their customers,” the company said.

Recording industry groups saw the outcome very differently. Mitch Glazier, head of the Recording Industry Association of America, which represents major labels including Sony, said, “We are disappointed in the Court’s decision vacating a jury’s determination that Cox Communications contributed to mass scale copyright infringement, based on overwhelming evidence that the company knowingly facilitated theft.”

Digital rights advocates celebrated the decision. The Electronic Frontier Foundation, which filed a friend‑of‑the‑court brief urging limits on secondary liability for ISPs, framed the ruling as a rebuke to efforts to deputize providers as copyright enforcers; an EFF blog post summarized its reaction with the line, “Yesterday, the Court agreed.”

Rights holders had argued that holding ISPs accountable is an important tool to curb large‑scale online piracy, especially when individual infringers are difficult to identify. ISPs and technology industry groups, by contrast, warned that expansive secondary liability could expose providers to enormous damages and push them to over‑monitor user activity or cut off internet access for households, schools and businesses based on unproven allegations.

The court’s opinion notes that broadband access is a general‑purpose service used for a wide range of lawful activities and that internet connections are often shared among multiple individuals behind a single IP address.

With the case sent back to the lower courts, judges handling current and future infringement suits against ISPs will have to apply the clarified standard: providers remain exposed when they induce infringement or build services around it, but offering ordinary internet access, even to some users who break the law, is not enough to make them copyright police.