For years, the Digital Millennium Copyright Act (DMCA) safe harbor has been treated as one of the strongest legal protections available to online platforms.

Online platforms (OP) are sites like social media platforms, hosting providers and marketplaces where content is hosted by a second party..

When infringement occurs on an online platform by a direct infringer/user/account holder/client uploading someone else's intellectual property, OPs have immunity to infringement claims so long as they abide by the rules of the Digital Millenial Copyright Act as it pertains to hosts. This includes having a way for IP holders to contact them, receiving and acting 'expeditiously' on take-down notices and having and implementing repeat infringer policies.

OPs have relied on the DMCA Safe Harbor as a shield against copyright liability for user-generated content, but it's not a blanket defense, OPs must do certain things like I shared above, to benefit from the defense because safe harbor was never intended to be absolute. It was conditional from the beginning. Over time, courts have clarified those conditions in ways that matter more now than ever.

Case law has shaped and clarified and tightened the boundaries of Safe Harbor. The resounding result is that platforms are protected only so long as they act like responsible intermediaries. When they fail to do so, that protection begins to erode.

Safe Harbor Was Always Conditional

The modern framework for platform liability was shaped in cases like Viacom International Inc. v. YouTube, Inc..

In that case, YouTube ultimately prevailed as an OP, but the court made a critical distinction: safe harbor applies only when a platform lacks specific knowledge of specific infringement. General awareness that infringement exists on a platform is not enough to create liability. However, once a platform has actual knowledge of particular infringing material, it must act.

Think about it like someone emailing Google and telling them that they have images in search results that are infringing. That might be 'general awareness' but its not enough specific knowledge to hold them liable. But when you tell them what is infringing, where it is infringing, how it is infringing etc--then they have specific knowledge, then they have to ACT.

Another way to think of it is like this: imagine you own a flea market and rent booths to vendors. One day, a vendor starts selling counterfeit handbags without your knowledge.

You would not automatically be responsible simply because someone else used your space improperly without you knowing about it.

But then the designer contacts you. They send photos, receipts, product comparisons, and repeatedly notify you that counterfeit goods are being sold from the same booth.

What happens next matters.

If you investigate and remove the vendor, you acted appropriately once you became aware of the issue.

You have specific knowledge and now you have to take action.

But if you ignore the complaints, allow the same vendor to continue operating, or repeatedly let counterfeit goods return after being reported, the situation changes. At that point, the issue is no longer lack of knowledge. It becomes YOU allowing the conduct to continue after being put on notice.

That distinction is the foundation of modern Safe Harbor protection.

That principle became the foundation of modern platform copyright law.

Safe harbor depends not just on what a platform knows generally, but what it knows specifically and what it does in response.

Repeat Infringer Policies Must Be Real

One of the most important limitations on safe harbor is the requirement that platforms adopt and reasonably implement a policy for terminating repeat infringers.

Repeat infringers are the ones who are warned, the infringing material is removed from their accounts/platforms and they shrug and continue to infringe. Safe Harbor doesn't keep protecting OPs simply because they take action each time they receive a report, they also must have a repeat infringer policy and take ACTION according to it.

That requirement was tested directly in BMG Rights Management (US) LLC v. Cox Communications, Inc.

Cox argued that it qualified for DMCA safe harbor because it maintained a repeat infringer policy. But evidence showed something very different in practice. Internal communications demonstrated that Cox often avoided permanently terminating repeat offenders because disconnecting subscribers meant losing revenue.

The court rejected that approach outright.

Why would a court agree that the OP can allow the repeat infringer to operate because it financially benefits the OP? That changes the whole relationship.

A repeat infringer policy is not enough if it exists only on paper. To qualify for safe harbor, a provider must reasonably implement the policy in a meaningful way.

The decision became one of the most significant rulings limiting safe harbor protections for service providers.

The Supreme Court’s Cox Decision Narrowed One Theory, But Reinforced Another

In 2025, the Supreme Court revisited Cox in Cox Communications, Inc. v. Sony Music Entertainment.

The Court narrowed the scope of contributory infringement by holding that generalized knowledge of infringement occurring on a network is not enough by itself to impose liability. Plaintiffs must show a stronger connection between the defendant’s conduct and specific acts of infringement. The OP was able to provide evidence that sometimes it did take actions against repeat infringers and as such, it didn't meet the standards of contributory infringement. Read more about that case here.

For service providers, the ruling was viewed as a major defense victory. But it really wasn't and in my opinion, it may be challenged and/or changed in future cases as it contradicts historical rulings, but nevertheless, it reinforced another aspect.

The Court did not erase the earlier findings against Cox regarding safe harbor. It did not hold that repeat infringer policies are optional, nor did it eliminate the requirement that providers act when faced with ongoing infringement.

Instead, the Cox rulings together draw an important distinction:

A provider may avoid liability under one contributory infringement theory while still losing DMCA safe harbor protection if it fails to meaningfully enforce repeat infringer policies.

That distinction matters.

Safe harbor is not simply about knowledge. It is about conduct.

“We Didn’t Know” Has Limits

Earlier cases like Perfect 10, Inc. v. CCBill LLC established a relatively platform-friendly baseline. Courts held that service providers are not required to affirmatively investigate every possible infringement and are not liable based on vague or generalized knowledge.

But that protection has limits.

Courts have increasingly focused on what happens after notice is given, and whether platforms respond meaningfully over time.

Imagine an OP receiving notice of an infringer and it takes action and that's that.

Then two weeks later it receives another notice of the same infringers doing the same thing and it takes notice.

Then two days later same thing.

A week later same thing.

At what point is the OP providing a platform for the infringer to infringe when it has all this knowledge about its conduct?

Enter: repeat infringer policy requirements because a platform that repeatedly receives notices about similar conduct cannot indefinitely rely on a lack of “specific knowledge” if the pattern becomes obvious.

And in a lot of cases, its REALLY REALLY obvious. And they can't avoid responsibility simply because terminating the account of an infringer would cost them money, as shown in BMG v Cox.

So the summary here? A platform can't just act on notices received for the same perp over and over, not take repeat infringer action and then rely on Safe Harbor to protect them. Besides repeat infringer policies, control and display also matter.

Control and Display Complicate the Analysis

The question of who is responsible for displaying copyrighted content has also evolved.

In Goldman v. Breitbart News Network, LLC, the court held that embedding a tweet containing a copyrighted photograph could still constitute infringement. The defendants did not host the image themselves, but they were still found to be displaying it.

This challenged the long-standing “server test,” which focused largely on where a file was physically hosted. That matters because as technology and social media has evolved, so should the rulings to clarify and address how that impacts liability and responsibility.

The court examined the functional reality of how the image was presented to users.

That shift matters because modern platforms increasingly control:

• feeds,

• recommendations,

• embeds,

• advertising systems,

• and content distribution pipelines.

As platforms become more active in how content is surfaced and monetized, courts are becoming less willing to view them as entirely passive intermediaries.

Think about that again--it's not passive if a platform is making money off the infringing content. The active benefit demands action to protect IP rights.

What the Case Law Shows

Taken together, these decisions establish a consistent theme.

Platforms maintain safe harbor protection when they:

• act promptly on valid notices,

• reasonably enforce repeat infringer policies,

• and remain passive with respect to user content.

They begin to lose that protection when they:

• allow repeat infringement to continue,

• fail to enforce their own policies,

• ignore known patterns of infringement,

• or prioritize revenue over enforcement.

The legal standard itself has not changed dramatically. What has changed is how carefully courts are examining whether platforms actually follow the rules required to receive protection and that has been necessitated by advancements in technology and the way platforms operate and benefit from content.

The Modern Problem

As I just shared, modern changes impact old cases. Most foundational safe harbor cases were decided before:

• algorithmic feeds,

• large-scale ad distribution,

• automated reposting,

• AI-driven recommendations,

• and global marketplace ecosystems.

Today, content is not simply uploaded and stored.

It is selected, ranked, amplified, recommended, and redistributed at scale.

Think of big platforms that monetize content that goes viral or advertising platforms that benefit from every view, click and sale of a image. Now, that infringement benefits more than just the infringer.

Content may be removed after a notice only to reappear again through the same systems, advertisers, or seller networks.

But if you've ever submitted a DMCA, sometimes it takes hours of begging, emails and follow ups and in some cases you're just stonewalled. Like me.

That is why the DMCA exists.

If a creator cannot get the infringer to stop, and cannot get the platform hosting or distributing the infringing content to act, there has to be a mechanism to stop the ongoing harm.

The internet made it possible for a single infringing image to spread globally in minutes. Without some obligation for platforms to respond once they are put on notice, copyright protection becomes practically meaningless online.

Courts appear to be recognizing this more and more.

Recent rulings increasingly focus not just on whether platforms have policies, but whether they meaningfully enforce them. Judges are beginning to scrutinize what platforms knew, when they knew it, what actions they took after receiving notice, whether infringement repeatedly continued through the same systems, and whether revenue was prioritized over enforcement.

As online platforms become more automated, algorithmic, and commercially driven, those questions are only becoming more important.

Over the next several years, platform conduct itself will likely face increasing scrutiny. Not just the infringement, but every action, inaction, recommendation, distribution decision, and dollar earned after notice is received.

That reality raises questions the courts are still actively confronting:

What happens when infringing content repeatedly returns after notice?

At what point does repetition become knowledge?

When does automated distribution become active participation?

Those questions are increasingly shaping modern copyright litigation.

As they should.

What This Means for Artists and Photographers

For photographers, illustrators, designers, and other visual artists, the reality is difficult but important to understand.

Copyright law still protects creative work. But online enforcement often depends on documentation, persistence, and evidence.

Platforms are far more likely to respond effectively when creators:

• maintain organized records,

• submit proper DMCA notices,

• preserve screenshots and URLs,

• and document repeat infringement patterns over time.

The strongest cases are rarely built on a single unauthorized use.

They are built on evidence showing:

• repeated infringement,

• continued distribution after notice,

• or failure to reasonably enforce policies.

I've taken action against platforms who repeatedly ignore my take down notices,refuse to address repeat infringers or who give me an unjustifiably hard time in enforcing my IP rights. I never have to take action against an OP who responds, takes action, communicates and cooperates because there really is no reason they shouldn't --unless money is involved in my opinion.

So its important you take action, you document it, you protect your rights and you enforce them, because no one should be benefitting from your work other than you and who you allow.

How Artists Should Protect Their Work

Register Copyrights

In the United States, copyright exists automatically upon creation, but registration with the U.S. Copyright Office dramatically strengthens enforcement rights. It seems a little unfair to require IP holders to pay to have access to federal lawsuits and statutory damages, but alas, this is America, the corporation, not the country lol.

I've spent thousands registered my thousands of works because the alternative is to sit back and let others take my work and benefit from it.

I recommend you register your work, its different depending on what you're registering. If you're registering groups of photographs, you can do 750 at a time for $55 as of May 2026. That amount changes, I've paid more in the past.

If your work is combined mixed media, then it is $55 PER WORK, which is costly.

Registration may allow:

• statutory damages,

• attorney’s fees,

• and stronger litigation leverage.

  
  

For photographers and visual artists publishing work regularly, group registrations can be extremely important.

Preserve Metadata and Records

Maintain:

• original RAW files,

• export history,

• EXIF/IPTC metadata,

• publication dates,

• and licensing records.

These become critical evidence later.

I save my work on the cloud and on HUGE external hard drives because RAW images are HUGE, amirite?

Next, monitoring for infringement is ideal, but not always possible, especially when you have thousands of images out there. But there are resources.

Monitor for Infringement

Use:

• reverse image search tools,

• Google Lens,

• TinEye,

• Pixsy

• and platform searches.

If you find infringement, take action. Take screenshots immediately before submitting notices. Include:

• URLs,

• timestamps,

• advertiser names,

• usernames,

• and platform identifiers where possible.

How to Submit a Proper DMCA Notice

OPs are required to have a DMCA agent to notify. An email address. Often you can find those on the legal section of their website under "DMCA" or "COPYRIGHT NOTICES" etc.

A valid DMCA takedown notice generally should include:

1. Identification of the copyrighted work

2. Identification of the infringing material and its location

3. Your contact information

4. A good-faith statement that the use is unauthorized

5. A statement under penalty of perjury that the information is accurate

6. Your physical or electronic signature

I'll be releasing a a free infringement pack soon with a template that I created to make this easier for you.

The notice should be specific.

General complaints like “someone stole my image” are far less effective than:

• direct URLs,

• screenshots,

• registration numbers,

• and clear identification of the infringing content.

What to Do If the Platform Does Not Act

If infringing material remains online after valid notices:

Continue Documenting Everything

Keep records of:

• notices sent,

• responses received,

• timestamps,

• repeated reappearances,

• and new URLs.

Patterns matter.

Escalate to the DMCA Agent

Many platforms have designated DMCA agents listed with the U.S. Copyright Office DMCA Directory.

Send notices directly to the registered agent when platform forms fail.

Identify Related Systems

In some cases, infringement may also involve:

• advertising systems,

• affiliate networks,

• marketplaces,

• or third-party distributors.

Document those connections carefully.

Consult an Attorney

When infringement becomes repeated, commercial, or large-scale, legal counsel may become necessary.

Claims may potentially involve:

• direct infringement,

• contributory infringement,

• vicarious liability,

• DMCA violations,

• or repeat infringer policy failures.

The strength of those claims often depends heavily on documentation and evidence collected early. It can be costly, I have personally spent $20K on a lawsuit I've won, but I have also hired contingency attorneys as well to alleviate the up front costs but the resulting payment is less whatever their percentage is (usually 35-50%).

Also, the Copyright Claims Board (CCB) may be a good resource for smaller actions against smaller creators, platforms or infringers as they facilitate a lower cost option for legal proceedings. I'll be adding a full blog of my experience with many CCB filings soon, so stay tuned.

The Direction of the Law

Safe harbor is not fail-safe.

Courts are increasingly making clear that protection is not automatic. It must be earned through conduct.

Policies alone are not enough.

Technical systems alone are not enough.

What matters is whether platforms take meaningful steps to address infringement when they are put on notice.

Safe harbor was designed to protect intermediaries acting in good faith. It was never intended to shield those who allow infringement to continue unchecked.

As courts continue confronting repeat infringement, algorithmic distribution, and large-scale monetization systems, that distinction is becoming harder to ignore.

Protection ends where inaction begins.

As always, this is a reminder that I'm just a business owner and artist whose work has been infringed on thousands of times, my blogs are just my opinion and should not be taken as legal advice.

Stay tuned for more updates on cases coming soon!