The Supreme Court Just Shielded ISPs From Billion-Dollar Copyright Liability. What Happens Next?

On March 25, 2026, the U.S. Supreme Court unanimously ruled that Cox Communications is not liable for the copyright infringement of its internet subscribers, ending a legal battle that began in 2018 and overturning a $1 billion jury verdict [1][2]. The decision in Cox Communications, Inc. v. Sony Music Entertainment sets a new standard for when internet service providers can be held responsible for piracy on their networks—one that the music industry says guts decades of copyright enforcement, and that ISPs and tech advocates say prevents an unworkable surveillance regime.

The Ruling: What the Court Said

Justice Clarence Thomas, writing for the 9-0 majority, held that an ISP is responsible for its users' piracy "only if it intended that the provided service be used for infringement" [3]. Thomas laid out exactly two paths to contributory copyright liability: a provider either actively induced or encouraged infringement, or its service was specifically designed for piracy with no substantial lawful use [4].

"Under our precedents, a company is not liable as a copyright infringer for merely providing a service to the general public with knowledge that it will be used by some to infringe copyrights," Thomas wrote [2]. He added: "Cox simply provided Internet access, which is used for many purposes other than copyright infringement" [5].

The ruling reversed the Fourth Circuit Court of Appeals, which had found Cox contributorily liable in 2024 and ordered a retrial on damages that could have reached $1.5 billion [1][6].

Justice Sonia Sotomayor, joined by Justice Ketanji Brown Jackson, concurred in the judgment—agreeing Cox should win—but sharply criticized the majority's reasoning. Sotomayor wrote that Sony and the other plaintiffs "cannot prove that Cox had the requisite intent to aid copyright infringement" on the specific facts of the case, but objected that "the majority, without any meaningful explanation, unnecessarily limits secondary liability" [3][7]. She warned the decision "upends the statutory incentive structure that Congress created" and renders the DMCA's safe harbor provisions, which require ISPs to terminate repeat infringers in exchange for legal protection, effectively "pointless" [4][7].

The Case: A Decade of Litigation

The roots of the case stretch back more than a decade. Between 2013 and 2014, subscribers on Cox's network—which serves roughly 6 million residences and businesses—used peer-to-peer file-sharing software to illegally download copyrighted music [2][5]. MarkMonitor, a copyright enforcement firm working for the labels, issued over 163,000 infringement notices to Cox concerning approximately 57,000 accounts during the claims period [8][9].

In 2018, Sony Music Entertainment, Universal Music Group, Warner Music Group, and more than 50 other record labels and rights holders sued Cox, alleging the ISP had failed to act on those notices and knowingly allowed repeat infringers to continue using its service [1][6]. The suit covered infringement of more than 10,000 copyrighted songs [2].

In December 2019, a jury in the Eastern District of Virginia found Cox liable for willful contributory copyright infringement and awarded the labels $1 billion in damages—approximately $99,000 per song [1][6]. Cox appealed. In February 2024, the Fourth Circuit partially overturned the verdict: it upheld the contributory infringement finding but threw out the vicarious liability theory—which held that Cox knowingly profited from infringement—and ordered a new trial on damages [2][6].

Cox then petitioned the Supreme Court, which granted certiorari in July 2025 and heard oral arguments in December 2025 [10][11].

"DMCA = Reactivate": The Evidence Against Cox

The music industry's case rested heavily on Cox's own internal communications, which painted a picture of an ISP that systematically prioritized subscriber revenue over copyright enforcement.

Cox operated what it called a "13-strike" policy for repeat infringers: subscribers would receive escalating warnings, and after 13 notices, their accounts would be terminated [9][12]. But trial evidence showed this policy was largely a facade. Internal emails revealed that Cox employees followed an unwritten rule to reactivate terminated accounts upon request. One 2009 email instructed staffers to terminate repeat infringer accounts but immediately reinstate them, noting that "After you reactivate them the DMCA 'counter' restarts" [9][12]. Another Cox employee wrote that "[i]n 99% of the cases we are going to turn the customer back on" [9].

The numbers were stark. During the claims period, Cox terminated over 600,000 subscribers for non-payment of bills, but only 32 subscribers for violations of its acceptable use policy, which included copyright infringement [8]. Internal emails showed specific instances where employees had flagged accounts for termination upon the next infringement notice, only to reverse course because of the revenue those accounts generated [9][12].

One Cox manager of abuse operations wrote in an email that became a centerpiece of the trial: "Fuck the DMCA!!!" [13].

The Fourth Circuit had concluded that Cox "very clearly determined not to terminate subscribers who in fact repeatedly violated the policy" and that Cox's conduct was driven by financial interest, not good-faith compliance [12][14].

The Legal Standard That Wasn't Adopted

The music industry had asked the Court to adopt a broader standard: that an ISP could be held contributorily liable when it had knowledge of specific infringement on its network and continued providing service—that is, knowledge plus continued provision equaled material contribution to infringement [15].

Had the Court adopted that standard, the practical consequences for the roughly 2,900 ISPs operating in the United States would have been significant [16]. Under the labels' theory, ISPs would have needed to rigorously enforce repeat-infringer termination policies, actively coordinate with copyright holders on infringement notices, and promptly monitor and respond to takedown demands [15]. Legal analysts noted that such requirements could extend beyond ISPs to cloud storage providers, AI platforms, social media companies, online marketplaces, and search engines [15].

The cost and privacy implications of a ruling for the labels were contested. ISPs argued that they would have been forced to implement technical monitoring systems, retain detailed user activity data, and build automated enforcement infrastructure—creating both substantial compliance costs and a surveillance apparatus that would raise significant privacy concerns for subscribers [15]. The music industry countered that ISPs were already obligated to maintain repeat-infringer policies under the DMCA and that enforcing existing rules did not require new surveillance.

The Trump administration filed a brief backing Cox, arguing that ISPs should not face liability for refusing to terminate subscriber accounts [5].

Ripple Effects: Pending Cases and Industry Exposure

The Cox decision does not exist in isolation. The music industry has pursued a coordinated litigation strategy against multiple ISPs over the past decade, and several major cases remain active.

Grande Communications, a regional ISP, lost a $47 million jury verdict to major labels over similar allegations—failure to terminate subscribers despite receiving thousands of infringement notices. A federal appeals court upheld Grande's liability but ordered damages recalculated on an album-by-album rather than track-by-track basis. Grande had petitioned the Supreme Court to review its case as well [17].

Charter Communications, the second-largest cable company in the United States, faces a similar lawsuit filed in 2019 alleging contributory and vicarious liability for subscriber piracy. The labels accused Charter of "earning millions" from subscribers it knew were pirating music [18][19].

The Cox ruling's requirement that plaintiffs prove an ISP intended its service to be used for infringement—rather than merely knew infringement was occurring—substantially raises the bar for these pending cases. Legal analysts expect defendants in the Grande and Charter lawsuits to invoke the Cox standard to seek dismissal or summary judgment, though the specific facts of each case will matter [1][15].

The potential aggregate liability exposure across the broadband industry had been estimated in the billions of dollars. With the Cox ruling, that exposure has been sharply reduced, though it has not been eliminated entirely—a provider that actively encourages piracy or designs a service for infringement could still face secondary liability [3].

Source: GDELT Project

Data as of Mar 25, 2026CSV

The DMCA Safe Harbor Paradox

One of the most significant tensions in the ruling involves the Digital Millennium Copyright Act's safe harbor provisions. Under Section 512 of the DMCA, ISPs can obtain immunity from copyright liability if they, among other requirements, adopt and reasonably implement a policy for terminating repeat infringers [14][12].

Cox had already lost its DMCA safe harbor protections in a prior case, BMG Rights Management v. Cox Communications (2018), where the Fourth Circuit found that Cox's 13-strike policy with routine reactivations did not constitute reasonable implementation [12][14].

The paradox created by the Cox ruling, as Sotomayor's concurrence emphasized, is that Congress designed the DMCA safe harbor as a bargain: ISPs get legal protection in exchange for policing their networks. If ISPs cannot be held contributorily liable absent proof of intent to facilitate infringement—which is a high bar—then the incentive to comply with DMCA safe harbor requirements weakens considerably [7]. Why adopt and enforce a repeat-infringer policy if the underlying liability it protects against has been largely foreclosed?

RIAA Chairman and CEO Mitch Glazier echoed this concern: "We are disappointed in the Court's decision vacating a jury's determination that Cox Communications contributed to mass scale copyright infringement, based on overwhelming evidence that the company knowingly facilitated theft" [1][4]. Glazier added that "copyright law must protect creators and markets from harmful infringement" and urged policymakers to examine the ruling's impact [4].

Brandon Butler, executive director of Create (a copyright advocacy organization), offered a contrasting view, hailing the decision as protecting innovation and stating that it "insulates lawful technologies from liability for third-party misuse" [6].

International Comparisons

The Cox ruling widens an already notable gap between how the United States and other major jurisdictions handle ISP copyright liability.

In the European Union, the E-Commerce Directive generally shields ISPs from liability as long as they lack actual knowledge of infringement. Once notified, however, hosts have a duty to remove or disable access to infringing material—a notice-and-takedown regime that still imposes affirmative obligations triggered by knowledge [20]. The 2019 Copyright Directive (Article 17) goes further for certain platforms, requiring content-sharing services to obtain licenses or implement measures to prevent uploads of copyrighted works [20].

In Australia, Section 115A of the Copyright Act empowers courts to order ISPs to block access to overseas websites whose primary purpose is copyright infringement. Australian ISPs are also required to notify subscribers accused of infringement [21]. The country has implemented a site-blocking regime that has been used against dozens of piracy sites.

In the United Kingdom, Section 97A of the Copyright, Designs and Patents Act 1988 allows courts to issue injunctions requiring ISPs to block access to infringing websites—a mechanism that has been used extensively against torrent sites and streaming services [20].

In Canada, a notice-and-notice system requires ISPs to forward infringement notices to subscribers but does not mandate disconnection or site blocking [20].

The practical effect on piracy rates varies significantly. Germany, with strict enforcement including fines of €300 to €1,000 for individual instances of torrenting, ranks 49th globally in piracy per internet user. Sweden, with more permissive enforcement, ranks 10th [20]. These disparities suggest that the legal framework does influence user behavior, though the relationship between ISP liability specifically and piracy rates is less clear-cut.

What ISPs Have (and Haven't) Said

As of the ruling date, major ISPs including Comcast, Verizon, and Charter Communications had not announced specific changes to their repeat-infringer policies or DMCA notice-handling procedures in response to the decision [1]. Cox itself issued a statement through its legal counsel welcoming the ruling but did not detail prospective policy changes.

The ruling does not eliminate the DMCA safe harbor framework, and ISPs that wish to maintain safe harbor protections will still need to adopt and implement repeat-infringer policies under Section 512. But the practical enforcement incentive has shifted. Without the threat of massive secondary liability verdicts, the calculus for ISPs on how aggressively to pursue subscriber terminations changes.

What Comes Next

The Cox ruling settles the legal question of contributory liability for ISPs, but it opens several new fronts.

Congress could intervene legislatively. Glazier's call for policymakers to "look closely at the impact of this ruling" signals that the music industry may pursue statutory changes to restore or expand ISP obligations [4]. Any such legislation would face opposition from the telecommunications industry and digital rights advocates.

The pending Grande and Charter cases will test how lower courts apply the Cox standard to different factual records. Grande's case, in particular, may present different evidence regarding the ISP's intent and conduct [17].

The broader question of how copyright holders protect their works online remains unresolved. Streaming has transformed the music industry's revenue picture—U.S. recorded music revenue hit $17.7 billion in 2024, with streaming accounting for 83% of total revenue and paid subscriptions exceeding 100 million for the first time [22]. Piracy, while still present, has become a smaller share of music consumption than it was when the Cox lawsuit was filed. Whether the Supreme Court's ruling accelerates or slows that trend will take years to assess.

For now, the Court has drawn a clear line: providing internet access, even with knowledge that some subscribers use it to pirate music, is not enough to make an ISP a copyright infringer. Whether that line holds—in Congress, in international negotiations, or in the court of public opinion—is the next chapter of this fight.