The Supreme Court’s decision in Cox Communications, Inc. v. Sony Music Entertainment is widely viewed as a win for internet providers, but the separate opinion by Justices Sotomayor and Jackson tells a more complicated story for technology companies and rights holders. Their concurrence warns that the ruling removes much of the legal incentive for internet providers to take piracy seriously, risking that Congress’s existing framework for dealing with online infringement becomes ineffective.

Cox v. Sony Explained

The dispute started when major record labels won a massive jury verdict against Cox over music piracy by Cox’s customers using peer-to-peer file sharing. The labels argued Cox should be responsible because it:

• Received many notices about subscribers repeatedly sharing copyrighted music without permission.

• Continued providing service to many of those subscribers.

• Collected ongoing subscription fees from those accounts.

The labels’ theory was that Cox was secondarily liable—not because Cox itself copied music, but because it allegedly helped or enabled its customers’ infringement.

On appeal, the Supreme Court unanimously ruled for Cox on the issue of contributory copyright infringement. The Court sent the case back to the lower courts and adopted a narrower view of when an internet provider can be held responsible for its users’ piracy, relying heavily on earlier cases involving devices and services that can be used for both lawful and unlawful purposes.

The Majority’s Rule: Knowledge Plus Inaction Is Not Enough

The Court drew a clearer line for when an internet provider can be liable for contributory infringement:

• An internet provider is not liable just because it knows some customers are infringing and does not disconnect them.

• Instead, liability generally requires one of two things:

• Inducement – actively encouraging, promoting, or positioning the service as a way to infringe, or

• A product or service that is used “especially” or “overwhelmingly” for infringement and is not capable of meaningful lawful use.

Because ordinary broadband internet service has many legitimate uses—streaming licensed content, work, education, communications—the Court treated Cox’s service like a general-purpose tool, not a product designed for infringement. On that view, Cox could not be held liable based solely on how it handled infringement notices or repeat infringer accounts.

The Court also rejected the idea that Congress, through the Digital Millennium Copyright Act (DMCA), quietly expanded the circumstances under which internet providers can be sued. In the majority’s view, the DMCA’s “safe harbor” provisions are defenses that protect qualifying companies from certain claims; they do not create new categories of liability.

The Sotomayor/Jackson Concurrence: Safe Harbor Without a “Stick”

Justice Sotomayor, joined by Justice Jackson, agreed that Cox should win this case on the facts, but criticized the majority for cutting secondary liability back too far. For technology and media businesses, their opinion reads as a potential warning about what comes next.

In the Concurrence:

• The majority “unnecessarily limits” secondary liability by acting as if only inducement and “no substantial non-infringing use” theories are available.

• Earlier cases did not shut the door on more traditional approaches, such as treating a provider as aiding and abetting infringement when it knowingly continues to support obviously wrongful activity.

• The record labels’ argument can be understood as an aiding and abetting claim: Cox allegedly kept providing internet access to specific customers whose connections had been used—and, realistically, would continue to be used—for piracy.

The concurrence still agrees Cox should prevail, but for a narrower reason: on this record, there was not enough evidence of the specific intent that an aiding and abetting theory would require. In other words, the legal theory should remain viable in principle, but the evidence in this case did not meet that bar.

Why They Say the DMCA Safe Harbor Is at Risk of Becoming Obsolete

The most forceful part of the concurrence focuses on how the decision affects the DMCA’s overall design. When Congress created the DMCA safe harbors, it struck a compromise:

• Online services and internet providers could limit their exposure to claims based on their users’ actions.

• In return, those providers had to adopt and reasonably enforce a repeat-infringer policy and follow notice and takedown procedures.
  

This system only works if there is a meaningful risk in the background. Providers give up some flexibility and invest in enforcement because the safe harbor shields them from significant potential liability.

Under the majority’s approach:

• An internet provider that offers general-purpose access, avoids marketing itself as a piracy solution, and does not directly encourage infringement faces very little risk of being held liable, even if it continues to serve known repeat infringers.

• A provider might never terminate a repeat infringer and still avoid liability, so long as its service has many lawful uses and it does not brand itself as a tool for piracy.

The concurrence notes that, during oral argument, Cox’s own counsel essentially acknowledged that under this reading, the DMCA safe harbor provisions do very little “work,” because there is hardly any underlying liability from which providers need to be shielded. That is the essence of the concern that the safe harbor has been “consigned to obsolescence.”

What This Signals for Internet and Infrastructure Providers

For internet providers and similar network-level businesses, the decision reduces one category of risk:

• Courts are now less likely to hold an access provider liable solely for not terminating enough subscribers, even when there are many notices of infringement.

• Companies that sell general-purpose connectivity or broadly useful cloud services can point to this case as helpful precedent.

However, the decision does not remove all risk:

• Intent and design still matter. Internal communications, product roadmaps, and marketing that suggest “turning a blind eye” to piracy or counting on it for growth can still support claims that a company is inducing infringement.

From a risk management standpoint, it remains prudent to:

• Maintain and document a repeat-infringer policy, even if the legal “stick” is now less clear.

• Treat infringement notices as compliance, reputational, and business signals—not merely as technical legal threats.

• Carefully manage how internal teams and external communications describe enforcement thresholds and user segments that may be associated with heavy infringement.

What This Means for Platforms and Online Services

Although Cox involved a broadband internet provider, its reasoning will likely be cited by a wide range of online services, including:

• Hosting and cloud infrastructure providers.

• Content delivery networks.

• Social media, marketplaces, and other platforms.

• Some blockchain and Web3 infrastructure providers.

In practice:

• Services with significant legitimate uses will rely on Cox to argue that awareness of infringement, combined with a failure to remove or terminate, is not enough by itself to impose liability.

• Services whose business model is closely tied to accessing, indexing, or streaming unlicensed content remain at higher risk. For them, product design, enforcement practices, and public messaging still play a major role in assessing exposure.

• Rights holders are likely to respond by focusing more on internal intent, enforcement decisions, and by bringing suits against multiple players in the ecosystem—platforms, search engines, hosting providers, payment services—rather than focusing only on traditional internet providers.

For many technology companies, Cox should be viewed less as a blanket permission slip and more as a roadmap to where future litigation and policy debates will concentrate.

Policy and Industry Outlook: The Next Round of the DMCA Debate

The concurrence provides rights holders with a clear narrative for pushing Congress and regulators to revisit the current framework. The message is straightforward: if the Court has removed most of the risk of secondary liability for access providers, then the balance that Congress tried to achieve through the DMCA safe harbors may no longer function as intended.

In the coming years, businesses should expect:

• Renewed efforts by music, film, and publishing industries to “restore” meaningful incentives for internet providers and other intermediaries to act against repeat infringers.

• Proposals to clarify when a combination of economic benefit, knowledge of infringement, and failure to act is enough to create liability, especially for intermediaries that are closer to where infringement happens.

• Push-back from technology and civil liberties groups, who will emphasize the importance of internet access, innovation, and the danger of cutting off users or suppressing lawful content based on automated or unverified accusations.

For companies operating anywhere in the digital ecosystem, the practical takeaway is that Cox lowers near-term exposure for businesses that look like traditional internet providers, but it also increases long-term uncertainty. Planning for multiple regulatory futures—tighter notice and action rules, changes to safe harbor protections, or new obligations tailored to specific types of services—will be a key part of strategic risk management.

FAQ:

Q1: What did the Supreme Court decide in Cox v. Sony?
The Court held that Cox is not contributory liable for subscribers’ piracy based solely on knowledge and failure to terminate repeat infringers. Liability requires inducement or a product/service that is overwhelmingly used for infringement and not capable of substantial lawful use.

Q2: Does Cox mean ISPs can ignore piracy notices?
No. While Cox raises the bar for secondary liability, notices still matter for reputation, business relationships, and potential future legislative or regulatory standards. They also help show good faith practices if a dispute arises.

Q3: Why do Justices Sotomayor and Jackson say the DMCA safe harbor is becoming “obsolete”?
They argue that if ISPs face almost no realistic secondary liability risk absent inducement, then the DMCA’s safe harbor (which was meant to incentivize repeat infringer policies) no longer does meaningful work. In their view, the majority’s rule removes the “stick” that made the safe harbor “carrot” effective.

Q4: Does the Sotomayor/Jackson concurrence create new liability theories for ISPs?
Not directly. It does, however, keep common law concepts like aiding and abetting in the conversation and can be used as persuasive (but not binding) authority that future cases with stronger evidence of specific intent should come out differently.

Q5: How should technology companies adjust their policies after Cox?
Most should treat Cox as a favorable clarification, not a reason to relax compliance. Maintaining clear repeat-infringer policies, documenting responses to notices, and avoiding any suggestion of marketing to or tolerating piracy remains important—especially for services that could be painted as closer to content than to pure connectivity.