graphic of copyright sympbol

DMCA Safe Harbor: Protecting Yourself from Copyright Infringement

By: Jon Avidor

The Digital Millennium Copyright Act, 17 U.S.C. § 512, (“DMCA”) provides Internet communications service providers, including website operators, with immunity from copyright infringement liability for, among other things, infringing material posted on its sites by its users, provided the online service provider implements a procedure that allows copyright holders to report alleged infringement of its protected work on its website or through its service.

The type of “service provider” exempted from copyright infringement liability under the DMCA is defined as “an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user’s choosing, without modification to the content of the material as sent or received” or “a provider of online services or network access, or the operator of facilities therefor.” In practice, service providers are the conduits for transmitting digital online communications among users and include telecommunications companies or ISPs like Verizon or Comcast as well as the companies that provide online services and networks, including websites. It’s a broad definition.

To avoid liability for copyright infringement, a service provider must not have prior actual or constructive knowledge of the infringing material, not “receive a financial benefit directly attributable to the infringing activity,” have a notice and takedown procedure in place for reporting infringing material, and, where appropriate, terminate repeat infringers accessing the site or service. Here are general guidelines to remain protected by the DMCA safe harbor:

Before Posting Terms of Use or Terms of Service

  1. Review procedures for dealing with intellectual property infringement as set forth in the service or website’s terms of use or terms of service.
  2. Establish an email address to receive notices of claimed infringement and counter notifications, such as “” or “,” and update the email address in the terms of use or terms of service.
  3. Choose someone within the company to receive notices of claimed infringement and register that person as a “designated agent” with the U.S. Copyright Office’s DMCA Designated Agent Directory. Agent designations expire after three years and service providers will have to re-register to remain current.

An Note on Designated Agents: The Copyright Office introduced an electronic directory of DMCA designated agents on December 1, 2016, and subsequently required any service provider with a designated agent prior to November 30, 2016 to re-register its agent through the new online system by December 31, 2017 to continue its protection under the DMCA safe harbor. For more on this change and its implications, see our Legal Alert for Online Service Providers.

Upon Receiving a Notice of Claimed Infringement

The DMCA’s safe harbor and notice and takedown procedures only apply to alleged copyright infringement, though comprehensive terms of use or terms of service will provide a similar mechanism for trademark or other intellectual property infringement allegations and complaints.

  1. Review the Notice of Claimed Infringement to determine whether it sets forth the formal requirements per the posted terms of use or terms of service.
  2. If the Notice of Claimed Infringement does not meet the formal requirements, the service provider may reject it and notify the reporting party that it must resubmit with the required information before it will consider taking action.
  3. If the Notice of Claimed Infringement does meet the formal requirements, the service provider should expeditiously remove or disable access to the material that is claimed to be infringing and then notify the user/poster that its material was removed and that they may choose to file a Counter Notification to reinstate the content according to the procedures set forth in the terms of use or terms of service.

Upon Receiving Counter Notification

  1. Review the Counter Notification to determine whether it sets forth the formal requirements per the posted terms of use or terms of service.
  2. If the Counter Notification is non-compliant, the service provider may reject it and notify the responding party that it must resubmit with the required information before you will consider reinstating their content.
  3. If the Counter Notification does comply with the formal requirements, the service provider should notify the reporting copyright holder and provide a copy of that Counter Notification.
  4. If a proper Counter Notification is provided and the complaining copyright holder does not file a lawsuit against the alleged infringer within ten to fourteen business days and notify the service provider that it has done so, the service provider may restore the removed material. However, even if an alleged infringer has complied fully with the Counter Notification procedure, a service provider is not necessarily obligated to restore the reported content. Comprehensive terms of use or terms of service will reserve a service provider’s right to terminate any user and prevent it from using or accessing the website and services after receiving even a single Notice of Claimed Infringement.

Unless a service provider has staff trained in evaluating and responding to notice and takedown requests, they should seriously consider involving legal counsel to make those determinations because, as discussed below, non-compliance or otherwise lackadaisical attention to claims of copyright infringement can cause service providers to blow their DMCA safe harbor protection and face costly claims of contributory copyright infringement.

Repeat Infringers

The DMCA safe harbor provisions require that service providers “adopt and reasonably implement” a policy for terminating the accounts of any “repeat infringers” where appropriate. What’s sometimes troublesome is that the DMCA does not define who is a “repeat infringer” and what the “appropriate circumstances” are that would require the service provider to terminate an infringer’s access, so service providers have some discretion in setting and implementing their own policies. For example, a service provider’s repeat infringer policy might be to notify and terminate any alleged infringer’s account or access if the service provider has received and acted on more than, let’s say, two DMCA-compliant Notices of Claimed Infringement concerning that user. Once a service provider receives a Notice of Claimed Infringement, the law considers the service provider to then have actual knowledge of multiple instances of infringing content on its site or through its service and, therefore, must act to remove it and prevent repeat offenders, or risk losing its DMCA protection from copyright infringement liability.

The risk of non-compliance with formal DMCA requirements can be costly. In December 2015, Cox Communication lost its DMCA immunity and was found guilty of willful contributory copyright infringement and ordered to pay a $25 million judgment to music publisher BMG for disregarding infringement notices and its repeat infringer policy against users who freely passed copyrighted music through its system. According to The Hollywood Reporter, “Although Rightscorp detected 1.847 million instances of infringement and collected more than 150,000 copies of copyrighted works downloaded directly from Cox subscribers, according to testimony presented at trial, there was 1,397 copyrighted works in contention in the lawsuit. That means that the $25 million verdict amounts to about $18,000 for each song infringed.” An appeal to the U.S. Court of Appeals for the Fourth Circuit is currently pending.