A U.S. Supreme Court ruling issued in March has settled a question that has circulated among platform operators and developers for years: whether a service provider can be held liable for copyright infringement committed by its users without evidence of intent to contribute to that infringement.
The answer, per the Court’s opinion in Cox v. Sony, is no. Liability requires conscious, culpable conduct. The standard endorsed by the Court is the same one advocated in an industry amicus brief that included GitHub, Google, Amazon, Microsoft, Mozilla, and Pinterest. The ruling removes a legal theory that, if accepted, would have expanded secondary copyright liability to platforms that host or enable user-generated content without any knowledge of or participation in the infringing activity.
“For developers, this legal certainty supports innovation, collaboration, and the continued availability of neutral infrastructure that enables lawful activity like GitHub,” Margaret Tucker, Senior Developer Policy Manager at GitHub, explained.
What the ruling means for intermediaries
Secondary copyright liability applies when a party is held responsible for infringement it did not directly commit. The Cox v. Sony case tested how far that liability could extend to internet service providers and, by implication, platforms that host user content.
The ruling limits the reach of that theory by requiring proof of intent. Platforms are not required to preemptively police every piece of hosted content on the basis that some of it might infringe. The decision preserves the legal environment that allows code hosting platforms, package managers, and similar infrastructure to operate at scale.
The next DMCA Section 1201 cycle
Section 1201 of the Digital Millennium Copyright Act restricts bypassing digital access controls and affects developer work in security research, interoperability, software repair, and accessibility. Exemptions are set through a rulemaking process every three years, with the next cycle due in 2027.
GitHub participated in prior cycles supporting security research exemptions. A 2024 petition on AI safety-related security research drew supporting comments from HackerOne, the Hacking Policy Council, and academic researchers, but was not adopted. GitHub is soliciting developer input on which Section 1201 issues to prioritize ahead of 2027.
2025 DMCA circumvention data
GitHub’s Transparency Center now includes data for the full year of 2025.
“For this update, we made improvements to the site, including clearer charts and updated visualizations for our abuse-related restrictions, appeals, and reinstatements designed to make the information easier to understand. 2025 had the highest count of DMCA circumvention claims since we started our transparency reporting. While this can be attributed to a few very large takedowns, it also underscores how important a balanced approach to the DMCA is for software developers, code collaboration platforms, and the open source ecosystem,” Tucker said.
