The Graded Recalibration of the Safe Harbour

“Formal Equality” and “Substantive Differentiation”: Restating the Balance of Interests in the Safe Harbour Regime for Online Service Providers

Taking Cox Communications, Inc. v. Sony Music Entertainment as the point of departure

---

Abstract. Since section 512 of the Digital Millennium Copyright Act 1998 created the safe harbour regime, online service providers have evolved through successive generations: from telecommunications-level access providers (ISPs), to user-generated content platforms, cloud storage providers, and now providers of generative artificial intelligence services. Yet legislation and judicial practice have long treated these actors as if they formed a single category. A special protection originally designed for passive conduit providers has thereby been generalised into uniform treatment for all “online service providers”, producing a legal imbalance in which formal equality masks substantive inequality. On 25 March 2026, in Cox Communications, Inc. v. Sony Music Entertainment, the Supreme Court of the United States, by a unanimous 9–0 judgment, adopted an intent-based standard for contributory infringement and raised the threshold for liability of telecommunications-level ISPs to an unprecedented level. The reasoning of the judgment is, however, expressly confined to the facts of that case and is not a rule of general application to all online service providers. Returning to the quid pro quo at the root of the safe harbour regime, this article proposes a substantive, tiered evaluative framework based on four dimensions: causal contribution, technical control, directness of economic benefit, and the availability of substantial lawful alternative uses. Applying that framework, it formulates differentiated duties of care for five categories of actor: telecommunications operators, cloud storage and infrastructure providers, user-generated content platforms, generative AI providers, and decentralised protocols. It further diagnoses the “deficit of granularity” in Articles 1195 to 1197 of the PRC Civil Code and related rules, and proposes a reconstruction of tiered safe harbours through judicial interpretation, amendment of the Regulation on the Protection of the Right of Communication to the Public over Information Networks, and future integrated legislation in the nature of a Digital Services Act.

Keywords. safe harbour regime; online service providers; contributory infringement; intent-based standard; generative artificial intelligence; balance of interests

---

Introduction

The safe harbour was conceived as a bargain, not as a dispensation.

When section 512 of the United States Digital Millennium Copyright Act (DMCA) was enacted in 1998, copyright owners gave up the possibility of imposing strict joint and several liability on online service providers, while the provider community gave up the freedom simply to disregard user conduct. The parties reached a classic quid pro quo through the “notice-and-takedown” mechanism. At either end of that bargain stood the telecommunications-level access providers of the time: AT&T, UUNET and AOL. Their services were characterised by passive transmission, non-discriminatory carriage and charging by data traffic. The legislature accordingly designed for them a clearly bounded and condition-based “safe island”, so that investment in internet infrastructure could continue and copyright enforcement would not strangle the internet at birth.

Nearly three decades later, an island that was meant to have boundaries has been claimed by an ever-expanding class of putative residents. User-generated content platforms first contended that they merely “passively stored” user-uploaded material. Cloud storage and content delivery network providers then argued that they were even more infrastructural than telecommunications operators. Algorithmic recommendation platforms now actively determine content visibility while still describing themselves as “neutral conduits”. The most recent entrants are generative AI service providers: their services participate in the creation of content itself, yet they too seek the shelter of safe harbour. When a legal regime expands from a special protection designed for particular actors into a general shield for the online service industry, one must pause and ask whether the conditions that justified the original balance of interests still exist.

On 25 March 2026, the Supreme Court of the United States delivered a unanimous 9–0 judgment in Cox Communications, Inc. v. Sony Music Entertainment, with the majority opinion written by Justice Thomas. The Court held that a telecommunications-level ISP does not incur contributory liability merely because it knows of user infringement and fails to terminate access. To establish contributory infringement, the claimant must prove that the defendant intended its service to be used for infringement. That intention may be established only through two routes: active inducement, or a service tailored to infringing use. The judgment raised the liability threshold for conduit ISPs to a historic high and was described by the broadband industry as a decisive victory.

The majority opinion in Cox, however, states twice that the ruling is confined to the facts of the case and concerns only network access ISPs. It has no direct application to other types of service provider. That qualification has been overlooked by many commentators. In a concurring opinion joined by Justice Jackson, Justice Sotomayor warned that the majority had, without sufficient reasoning, turned safe harbour into a dead letter, and she expressly voiced concern about spill-over effects for social media platforms and AI companies.

The central question addressed by this article is therefore the very question left open by the majority in Cox: where the liability threshold for conduit ISPs has been raised by Cox, should materially different online service providers, including UGC platforms, cloud storage providers and generative AI providers, enjoy the same treatment?

The answer is no. The reason may be put shortly: safe harbour is not a unitary immunity attached to the status label “online service provider”. It is conditional protection justified by specific conditions of interest balancing. Where the conditions differ, the legal treatment should differ.

The article develops this argument in seven parts. Part I returns to the legislative origin of the safe harbour regime and recovers its character as a quid pro quo, as well as the four-tier architecture already embedded in section 512. Part II traces the four-generation evolution of the actors invoking safe harbour and shows the trajectory by which homogeneous legal labels have come to conceal heterogeneous conduct. Part III reads Cox v. Sony closely, identifies its threefold effect on the liability framework, and explains why the judgment should not be universalised. Part IV sets out the article’s central theoretical contribution: a four-dimensional evaluative framework for substantively differentiating online service providers, replacing status labels with behavioural parameters. Part V applies that framework to five typical categories of actor and demonstrates the workability of the tiered model, including a dual-track position on generative AI. Part VI diagnoses the deficit of granularity in Articles 1195 to 1197 of the PRC Civil Code and in the Interim Measures for the Management of Generative AI Services. Part VII proposes reforms at the levels of legislation, adjudication and industry self-regulation. The conclusion returns to the article’s core proposition: a harbour is a harbour because it has boundaries.

Second variation: the elasticity of “necessary measures”. Article 1195 of the Civil Code requires only that a provider take “necessary measures”, without prescribing a closed list of such measures. That flexibility was intended to leave room for judicial application. In the age of algorithmic platforms, however, the boundary of necessary measures has become highly uncertain. Should a platform delete content, restrict its traffic, demote it, label it, or filter it in advance? This elasticity leaves a legislative interface for a future doctrine of tiered necessary measures.

First variation: the “ought to have known” standard has a lower threshold than the red flag test. Article 8 of the Regulation on the Protection of the Right of Communication to the Public over Information Networks provides that a provider which knows or ought to have known of user infringement and fails to take measures shall bear joint and several liability. In judicial practice, “ought to have known” is understood by reference to what a reasonable person should have known. That threshold is lower than the US red flag standard, which requires awareness of facts or circumstances from which infringing activity is apparent. The variation has local justification, but it also means that Chinese law in practice imposes a higher duty of care on service providers.

Two local variations in Chinese law deserve particular attention.

However, after Article 36 of the 2009 Tort Liability Law introduced notice-and-takedown as a rule of general application, that tiered thinking began to blur. Without distinguishing between types of actor, Article 36 provided uniformly that where an online service provider, after receiving notice, failed to take necessary measures in a timely manner, it would bear joint and several liability with the user for the enlarged portion of the loss. That uniform formulation was inherited and refined in Articles 1195 to 1197 of the 2020 Civil Code as a notice, counter-notice and necessary measures mechanism, but the differentiated treatment based on type of actor was not restored.

The 2006 Regulation on the Protection of the Right of Communication to the Public over Information Networks is almost a Chinese restatement of section 512. Articles 20 to 23 correspond to the four categories in sections 512(a) to (d): automatic access and transmission, automatic caching, information storage space, and search or linking services. Each category is subject to different conditions for protection. This shows that, at the stage of transplantation, the Chinese legislature understood and accepted the tiered architecture of the safe harbour.

Chinese legislation substantially transplanted section 512 of the DMCA.

I. The Original Purpose of the Safe Harbour: The Forgotten Premise of Interest Balancing

To understand the present imbalance in the safe harbour regime, it is necessary to return to the circumstances in which it was created. Too often, those circumstances have been passed over with the simplified statement that the legislature “granted immunity to service providers”. That formulation obscures the essential character of the safe harbour as a system of reciprocal consideration.

(A) A Tripartite Bargain and Quid Pro Quo: The Real Legislative History of Section 512 of the DMCA

Between 1996 and 1998, the legislative contest over online copyright took place before the United States Congress. Its true structure was tripartite, not bilateral.

The first party was the copyright owner constituency. Represented by organisations such as the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA), the copyright industries feared the disaster brought about by the “zero marginal cost” of digital reproduction. In the digital environment, the marginal cost of copying was close to nil, meaning that the traditional model of distribution infringement could be transformed into atomised individual infringement, while suing dispersed individual users would be costly and inefficient. The copyright owners’ core demand was to bring online service providers into the chain of liability and require them to assume gatekeeping enforcement obligations.

The second party was the internet industry constituency. Major providers at the time, including AOL, AT&T, UUNET and CompuServe, feared that unlimited joint and several liability would destroy their incentives to invest in infrastructure. Their central argument was that, as transmitters of byte streams, they could not identify the copyright status of every item of content. If they were made directly or jointly liable for all content passing through their networks, investment in the internet would become commercially untenable.

The third party was the government itself. The Clinton administration’s National Information Infrastructure strategy required telecommunications-level ISPs to continue investing in broadband coverage. Vice President Gore’s Global Information Infrastructure required legal certainty. The government was not a neutral referee; it was an active institutional designer with its own policy preference. It sought a point of accommodation between copyright protection and infrastructure investment.

Section 512 of the DMCA was the product of that tripartite bargain. In substance, it was a quid pro quo:

Actor	What was given up	What was obtained
Online service providers	The cost of establishing notice-and-takedown systems and policies for terminating repeat infringers	Protection from damages liability for user conduct, though not from injunctive relief
Copyright owners	The claim to strict joint and several liability against service providers	A low-cost, scalable mechanism for removing infringing material

Three details of this bargain have long been underappreciated.

First, the safe harbour protects against damages, not injunctions. Section 512(j) expressly preserves injunctive relief against online service providers, including orders blocking specified users, closing particular accounts, and requiring reasonable and necessary technical measures. The legislature therefore never intended online service providers to be removed entirely from the system of infringement governance; it relieved them only from economic liability.

Secondly, entry into the safe harbour is conditional upon compliance. A provider must complete a clear compliance checklist before it may rely on the safe harbour: it must designate a DMCA agent, adopt and reasonably implement a policy for terminating repeat infringers, accommodate standard technical measures without interference, and expeditiously remove material upon receipt of a compliant notice. This checklist is not decorative. It is the substantive consideration supplied by the provider side of the bargain.

Thirdly, the design of the safe harbour is limited by type of actor. That is the central point of this section.

(B) The Statutory Architecture: Section 512 of the DMCA Is Itself Differentiated

Section 512 of the DMCA is not a single, undifferentiated safe harbour rule for all online service providers. It is a granular architecture divided internally into four categories.

Section 512(a): transitory digital network communications. This category addresses acts of transmission, routing and connection. The paradigm actor is a telecommunications-level ISP. The legislative logic is that such providers are transmitters of byte streams and have no control over content; they are the purest form of conduit. Accordingly, the conditions for protection under section 512(a) are extremely light. So long as the provider does not initiate the transmission, does not modify the content, and does not store the transmission for longer than is reasonably necessary, it obtains protection automatically. The notice-and-takedown obligation does not even apply.

Section 512(b): system caching. This category concerns temporary reproduction of transmitted material for the purpose of improving network efficiency. The paradigm actors are early forms of content delivery networks and cache servers. The conditions for this category are more demanding than those under section 512(a): the provider must comply with access conditions applicable to the original material, must not modify the cached material, and must respond to notices.

Section 512(c): information residing on systems or networks at the direction of users. This category concerns material uploaded to the provider’s system by users. Paradigm actors include online storage services, early video-sharing platforms and blog platforms. This category contains the most complete set of conditions: the provider must designate an agent, establish a notice-and-takedown mechanism, not receive a financial benefit directly attributable to the infringement, and not have actual knowledge of infringement or awareness of facts or circumstances from which infringing activity is apparent, the so-called red flag test. This is the safe harbour most commonly invoked by later UGC platforms such as YouTube and Facebook.

Section 512(d): information location tools. This category concerns information location services such as search engines, directories, links and hyperlinks. Paradigm actors are search engines and link-indexing websites. The conditions are broadly similar to those under section 512(c), with adjustments to the particular form of notice required.

This four-part internal architecture demonstrates a point that is often overlooked: the safe harbour was never an immunity regime for “online service providers” as a single unified class. From the outset it was a differentiated set of rules allocated by type of actor. In 1998 the legislature plainly understood that telecommunications conduits, cache servers, user storage services and information location tools differed fundamentally in causal contribution, capacity for control and mode of profit, and therefore required different legal treatment.

Regrettably, this granular architecture has been blurred in later judicial application and academic discussion. Courts usually cite section 512(c), because most disputes concern user-uploaded content, and then use that provision as shorthand for the safe harbour as a whole. Scholars, too, often take section 512(c) as the model and marginalise the other three categories. This reduction of “safe harbour” to section 512(c) created institutional room for UGC platforms, cloud storage services and AI platforms to invoke section 512(c) and claim equivalent protection. That homogenisation is precisely what contradicts the original tiered design of the DMCA.

(C) The Fourfold Balance of Interests Underlying the Safe Harbour

If the quid pro quo in section 512 is the institutional shell, the structure beneath it is a fourfold balance of interests. Those four balances define the boundary of any later expansion of the regime.

First: incentives for copyright protection versus incentives for network investment. The economic foundation is Coasean transaction-cost theory. Copyright owners face very high costs in searching, identifying and litigating against individual infringers; online service providers have lower marginal costs in relation to content governance. The safe harbour reaches a cost-minimising equilibrium by allocating the initial cost of notification to copyright owners and the marginal cost of take-down to service providers. But that equilibrium depends on an implicit premise: the economic benefit obtained by the provider from user content is indirect and only weakly connected with particular infringing material. Once that premise collapses, for example where an algorithmic platform derives traffic revenue directly from specific popular infringing content, the original equilibrium is no longer justified.

Secondly: public access to information versus the risk of private enforcement. The safe harbour also has a public-interest dimension. It prevents online service providers from becoming private police and over-censoring user content, thereby producing a chilling effect on lawful expression. But that dimension also rests on a premise: the provider is not itself the substantive decision-maker in relation to content. If a provider already uses algorithms to decide which content is exposed and which is buried, the objection that it is being turned into a private censor loses much of its force. In such a case, editorial control is already being exercised in substance, albeit in the name of algorithms rather than copyright.

Thirdly: technological neutrality versus attribution of conduct. The standard of “substantial non-infringing uses” established in Sony Corp. of America v. Universal City Studios, Inc. (1984), the Betamax case, is the classic expression of technological neutrality: where a technology has substantial lawful uses, its provider is not liable merely because the technology is misused. But Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd. (2005) supplied an important qualification. Technological neutrality is not the same as neutrality of use. If a provider, through its marketing, design or business model, shows that it has induced infringing use, technological neutrality no longer supplies a defence. That boundary was reaffirmed in Cox. This article argues, however, that in the era of UGC algorithmic platforms and generative AI, the inducement standard itself requires recalibration.

Fourthly: legal certainty versus case-by-case flexibility. The safe harbour gives service providers a clear safe island, allowing them to invest and operate on predictable terms. That is the value of legal certainty. But certainty is not an absolute value. When certainty becomes immunity regardless of conduct, it undermines the function of liability rules themselves. The proper boundary is certainty conditional upon compliance with specified standards of conduct, not absolute immunity irrespective of conduct.

(D) The Corresponding Structure and Early Variations in Chinese Law

II. The Expansion of the Safe Harbour: Identity Drift from “Conduit” to “AI”

In the nearly three decades since the safe harbour regime was created, its legal text has changed little. The actors to whom it is applied, however, have gone through five generations of evolution. This section traces that evolution in order to expose a fundamental question: where the “users” of the safe harbour have undergone profound changes in their mode of conduct, while the “conditions of use” of the safe harbour have remained almost unchanged, has the internal equilibrium of the regime quietly failed?

(A) First Generation: Telecommunications-Level ISPs — the Original Subjects of Safe Harbour (1998–2005)

The typical actors in this generation include AT&T, Comcast, Cox and Verizon. In China, they include basic telecommunications operators such as China Telecom, China Unicom and China Mobile, as well as international bandwidth providers and root domain name server operators.

Conduct characteristics:

• providing basic access services at the physical layer and network layer;
• a business model based on charging by data traffic or monthly subscription;
• no contact with, identification of, or modification of transmitted content;
• no active relationship with the content transmitted.

Application of safe harbour: section 512(a) of the DMCA in the United States, and Article 20 of the PRC Regulation on the Protection of the Right of Communication to the Public over Information Networks. This tier contains the most lenient conditions for protection and is close to absolute immunity. It requires no notice-and-takedown mechanism, no repeat infringer termination policy under section 512(a), and no response to any form of copyright notice.

Robustness of the balance of interests: complete. A physical conduit provider has: (1) extremely low causal contribution to infringement, because the infringement could occur through any other conduit; (2) virtually no technical control, because it cannot identify specific content within encrypted traffic; (3) economic benefit unconnected with particular content, because it charges by traffic irrespective of whether the traffic is lawful or infringing; and (4) overwhelmingly lawful alternative uses, because the vast majority of traffic is lawful. At this tier, the fourfold balance of interests underlying safe harbour is fully satisfied. The strongest protection is theoretically justified.

The result in Cox v. Sony is defensible precisely because the case concerned this category of actor. Part III returns to this point in detail.

(B) Second Generation: the Rise of User-Generated Content Platforms (2005–2015)

This generation is represented by YouTube, founded in 2005, Facebook, opened to public registration in 2004, and Twitter, launched in 2006. In China, its counterparts include the early Youku and Tudou platforms, Sina Weibo and Renren.

Conduct characteristics:

• providing content storage space and retrieval services;
• a business model based on advertising monetisation, with free user access and traffic-based monetisation by the platform;
• contact with content, but no active selection of recipients;
• user uploads as the principal source of content.

Application of safe harbour: section 512(c) of the DMCA in the United States, and Article 22 of the PRC Regulation on the Protection of the Right of Communication to the Public over Information Networks. The conditions at this tier are stricter than those for the first generation, but remain relatively lenient: a notice-and-takedown mechanism must be established; the provider must not receive a financial benefit directly attributable to the particular infringement; and it must not have actual knowledge of infringement or be aware of facts from which infringement is apparent.

The first point of drift: compared with the first generation, second-generation actors had already changed in three important respects.

First, they stored content and therefore made a stronger causal contribution to infringement. Removing stored material could directly prevent further infringing dissemination.

Secondly, they monetised through advertising. Advertising revenue is correlated with platform traffic, and traffic is correlated with the attractiveness of content, including popular infringing content. Economic benefit therefore began to acquire an indirect connection with specific content.

Thirdly, they had a degree of control over content: they could delete, classify and tag material, even though their control was not yet comparable to that of later algorithmic platforms.

Nevertheless, second-generation actors were still allowed to invoke the same safe harbour architecture as the first generation, subject only to somewhat heavier compliance requirements. This phenomenon, in which the actors changed but the rules did not, was the first point of drift in the expansion of safe harbour.

Judicial practice partially corrected that drift. In Viacom International Inc. v. YouTube, Inc., 676 F.3d 19 (2d Cir. 2012), the Second Circuit clarified the meaning of actual knowledge and red flag knowledge under section 512(c). A general awareness of infringing activity was insufficient to deprive a provider of the safe harbour; knowledge had to relate to specific infringing material. Although that rule protected UGC platforms, it also established a boundary: platforms could not pretend to know nothing about infringement and were required to respond to specific infringing facts.

Chinese practice gradually developed a localised “ought to have known” inquiry by reference to the red flag standard. In the series of cases involving Sina Internet and Tianying Jiuzhou, courts began to consider factors such as the notoriety of the content, the professional capability of the platform operator, and the obviousness of the infringing information. This produced a more detailed “ought to have known” framework than the US approach. Yet the development remained at the level of case-specific flexibility and did not mature into a systematic response based on actor type.

(C) Third Generation: the Rise of Algorithmic Recommendation Platforms (2015–2022)

This generation is represented by Douyin/TikTok, Kuaishou, Toutiao, Xiaohongshu and Bilibili, and is the generation in which China’s platform development is most distinctive. In the United States, the corresponding examples include TikTok US, Instagram Reels and YouTube Shorts.

Conduct characteristics:

• algorithm-driven personalised recommendation;
• a business model combining traffic monetisation, e-commerce conversion and creator revenue sharing;
• active algorithmic determination of content exposure and deep profiling of user conduct;
• a shift from passively accepting user uploads to actively manufacturing viral content.

The dispute over safe harbour becomes acute:

• the platform position is that the model remains “user upload followed by platform distribution”; algorithms are merely neutral tools, so the notice-and-takedown rule in Article 1195 of the Civil Code should continue to apply;
• the copyright owner position is that algorithmic selection is positive platform conduct; the platform is no longer a passive recipient and should be subject to a higher duty of care.

The second point of drift: when the platform changes from passive conduit to active selector, the interest-balancing premise of safe harbour begins to collapse.

More specifically: (1) algorithmic recommendation is, in substance, the ranking and weighting of content by the platform, and that selection increases the platform’s causal contribution to recommended content; (2) the economic basis of algorithmic recommendation is traffic monetisation, and traffic is generated directly by the exposure of recommended content, so the platform’s benefit from particular content, including popular infringing content, is no longer merely indirect; and (3) the technology of algorithmic recommendation itself demonstrates that the platform can identify and classify content, so lack of technical control can no longer serve as a persuasive defence.

Chinese judicial practice has responded creatively. In the Jiangsu case (2024) Su 01 Min Zhong No. 8393, the court developed a dual-consideration analysis of “device sales plus traffic revenue”. The seller promoted hardware by using infringing audio as a selling point. The platform not only benefited from the sale of the device, but also obtained traffic revenue when consumers downloaded and listened to the infringing audio. It therefore owed a higher duty of care in respect of the infringement. One sentence in the judgment is particularly important: where the platform conducts no review, the safe harbour principle “not only fails to play a positive role in balancing the interests of participants in internet consumption, but is instead distorted into a tool by which online service providers evade statutory responsibility”. That sentence is a judicial expression of this article’s central thesis.

By contrast, in the Beijing case (2024) Jing 73 Min Zhong No. 2463, the appellate court carefully drew the boundary. VIP membership fees paid by users were general charges for online users and were not special charges for the allegedly infringing content, nor additional gains caused by that content. They therefore did not constitute a direct economic benefit. This judgment shows that Chinese courts have recognised the need for a refined causal-chain analysis of direct benefit. It also shows, however, that the inquiry remains one of case-specific flexibility and lacks a systematic rule.

The iQIYI v. ByteDance “Shuabao” case and similar disputes have formally placed the duty of care of algorithmic recommendation platforms on the judicial agenda. As at the time of writing, however, no Chinese statute or judicial interpretation clearly treats algorithmic recommendation platforms as an independent category of liable actor with a corresponding checklist of duties of care. This is one of the core manifestations of the deficit of granularity diagnosed below.

(D) Fourth Generation: Cloud Storage and Infrastructure Services (2015 to the Present)

This generation is represented by Amazon AWS, Alibaba Cloud, Tencent Cloud, Huawei Cloud and Cloudflare. Its services are diverse: some are enterprise-facing elastic computing services (IaaS), while others are consumer-facing network disk services, such as Baidu Netdisk and Alibaba Cloud Drive.

Complexity of conduct characteristics:

• the same provider may simultaneously offer multiple layers of service, including IaaS, PaaS and SaaS;
• the degree of contact with user content varies enormously: elastic computing may have almost no contact with content, whereas network disks deeply store content and provide sharing functions;
• models of economic benefit vary, including charging by computing resources, storage capacity and membership level.

Dispute over the application of safe harbour: cloud providers often argue that they are even more infrastructural than telecommunications operators and should enjoy a level of protection comparable to section 512(a). That argument ignores the layered nature of cloud services. Pure IaaS and personal network disk services sit at almost opposite ends of the conduct spectrum.

The third point of drift: when cloud providers claim safe harbour as a single overall category, they obscure the enormous internal differences in conduct. The Alibaba Cloud v. Ledong Zhuoyue case illustrates the complexity of cloud provider liability. The court ultimately held that Alibaba Cloud was required to take necessary measures after receiving notice, but at the same time accepted that a cloud provider should not owe the same duty of care as a UGC platform. The judgment was cautious, but it lacked a clear typological framework for answering what kind of duty of care a cloud provider should bear.

The series of Cloudflare cases in the United States and Europe has likewise brought the role of content delivery networks in the chain of infringement to the fore. A CDN is distinctive because it does not store the original content, but caches and accelerates distribution. Yet if it ceases to provide services to a particular customer, such as a pirate website, the availability of that website can be substantially weakened. This intermediate state — neither storage nor mere absence of blocking capacity — has never been clearly addressed by the safe harbour regime.

(E) Fifth Generation: Generative AI Service Providers (2022 to the Present)

OpenAI released ChatGPT in November 2022. In early 2023, Stable Diffusion and Midjourney entered public view. These developments marked the movement of generative AI from the laboratory to large-scale commercial use. Representative actors in this generation include OpenAI, Anthropic, Google DeepMind, Midjourney, Stability AI, Wenxin Yiyan, Tongyi Qianwen and Sora.

A fundamental break in conduct characteristics:

First, the training stage digests massive quantities of copyright-protected data. Large language models and image generation models require the scraping of hundreds of millions of texts, images and code from the internet. The overwhelming majority of that material is copyright-protected, and the training process usually proceeds without authorisation.

Secondly, at the inference stage, content is generated instantly in response to user prompts. AI output is not stored third-party content that can simply be “taken down”. It is a new product generated jointly by the model and the user.

Thirdly, generated content may be highly similar to specific works in the training data. Under certain prompts, a model may output text almost word-for-word identical to a particular work in the training corpus, or images in a highly recognisable style. That is the core evidential issue in NYT v. OpenAI.

The fundamental difficulty in applying safe harbour:

First, the notice-and-takedown mechanism is almost impossible to execute against a trained model. Once training is complete, removing the influence of a particular item of training data requires retraining, which is extremely costly and uncertain in effect. That is entirely different from the marginal cost of deleting a file from a server.

Secondly, the output is not “content uploaded by a user”. It is the product of interaction between the user’s prompt and the model weights. The legal fiction of passive storage of third-party content, on which the traditional safe harbour is built, cannot simply be transposed.

Thirdly, AI service providers are already co-creators of content. Strictly speaking, an AI company does not provide a service for transmitting other people’s content. It provides an automated content-generation service. The two are fundamentally different in their conduct mechanisms.

The fourth and most severe point of drift: generative AI service providers are seeking stronger immunity than telecommunications operators, yet their conduct mechanisms sit at the opposite end of the spectrum from telecommunications operators across all four dimensions. If law permits that drift, the conditions for the balance of interests underlying safe harbour will have been hollowed out completely.

US courts have not yet given an authoritative answer. Cases such as NYT v. OpenAI, Getty Images v. Stability AI and Authors Guild v. OpenAI remain pending and may produce different outcomes. In China, the 2024 “Ultraman AI-generated image” case before the Guangzhou Internet Court was the first to recognise a duty of care on the part of an AI platform. The court held that, as a provider of generative AI services, the online platform had failed to take measures to prevent infringement and had breached the Interim Measures for the Management of Generative AI Services and the Provisions on the Administration of Deep Synthesis of Internet-based Information Services. The judgment applied administrative rules, but did not directly answer the fundamental civil-law question whether an AI platform may rely on the safe harbour under Article 1195 of the Civil Code.

(F) A Jurisprudential Diagnosis of the Drift

Looking back over these five generations, three core diagnoses may be made.

First diagnosis: homogenisation of status labels. Five generations of actors are covered by the single label “online service provider”, and legislation and judicial practice habitually apply a single rule. That homogenisation contradicts both the original granular design of section 512 of the DMCA and the classificatory architecture of Articles 20 to 23 of the PRC Regulation on the Protection of the Right of Communication to the Public over Information Networks.

Second diagnosis: the increasing significance of differences in conduct. From pure conduit, to active algorithms, and then to deep generation, the five generations differ fundamentally across four dimensions:

• causal contribution: from extremely low in telecommunications to extremely high in AI;
• technical control: from none in encrypted telecommunications traffic to strong model alignment in AI;
• directness of benefit: from indirect traffic-based charging to direct user payment for generation;
• lawful alternative uses: from overwhelming lawful dominance in telecommunications to lawful and infringing uses sharing the same generative mechanism in AI.

Third diagnosis: reverse distortion of liability rules. The most troubling phenomenon is that the more active an actor is, and the deeper its intervention in content, the stronger the safe harbour immunity it tends to claim. Algorithmic recommendation platforms claim stronger protection than UGC platforms; cloud service providers claim a more infrastructural status than telecommunications operators; generative AI platforms claim complete immunity as mere tool providers. If this reverse incentive continues, safe harbour will be distorted from a product of interest balancing into a shield for industry self-interest.

Against that background, the 2026 decision in Cox v. Sony becomes a critical institutional point of entry. At the highest judicial level, it reopened the question of the boundaries of liability for online service providers. But does the case itself supply an answer for the entire system? That is the question addressed in the next part.

III. The Implications of Cox v. Sony: Intent Theory and the Paradox of “Formal Equality”

On 25 March 2026, the Supreme Court of the United States delivered a historically significant judgment in Cox Communications, Inc. v. Sony Music Entertainment by a unanimous 9–0 vote. Seven Justices joined the majority opinion, while Justices Sotomayor and Jackson concurred in the result but not in the reasoning. This part reads the judgment closely and identifies both its real contribution to the liability framework for online service providers and its potential risks.

(A) The Facts: from US$100 Million to US$1 Billion

Cox Communications is one of the major telecommunications operators in the United States and provides broadband access services to millions of households and business users. Sony Music Entertainment, together with several other record companies, sued Cox for contributory and vicarious infringement on the ground that Cox had failed to terminate accounts of users whom it knew to be repeat infringers.

The key facts were as follows:

• the anti-piracy enforcement agency MarkMonitor sent Cox 163,148 infringement notices over a two-year period, each identifying peer-to-peer file sharing by a particular IP address at a particular time;
• Cox’s internal policy was to consider termination only after a user had received 13 notices. During the two-year period, only 32 accounts were terminated for infringement, while hundreds of thousands were terminated for non-payment;
• internal Cox emails indicated that its customer service department had expressed a tendency not to terminate paying customers.

At first instance, the jury found Cox liable for wilful contributory infringement and vicarious infringement and awarded damages of US$1.017 billion in respect of 10,017 works. In February 2024, the Fourth Circuit affirmed the finding of contributory infringement but vacated the finding of vicarious infringement and remanded the case for reassessment of damages. The Supreme Court granted certiorari in June 2025, heard oral argument on 1 December 2025, and delivered judgment on 25 March 2026.

(B) The Holding: Three Core Propositions of Intent Theory

The majority opinion written by Justice Thomas contains three core propositions.

First proposition: contributory infringement requires proof of intent. The majority stated clearly that merely providing a service to the public, while knowing that some persons will use it to infringe, does not constitute contributory liability for copyright infringement. Contributory infringement requires proof that the defendant intended its service to be used for infringement. That intention can be established only by two routes.

• Route A: active inducement. The defendant actively encourages infringement through specific conduct. This is the route established in Grokster.
• Route B: a service tailored to infringement. The service supplied by the defendant is objectively designed for infringing use. This is the converse reading of Sony Betamax: if the service has substantial non-infringing uses, this route is not available.

Second proposition: knowledge plus inaction is insufficient to establish intent. This is the fundamental rejection of the Fourth Circuit’s reasoning. The Fourth Circuit’s logic was that Cox knew its users were infringing, continued to provide service, and lacked a reasonable policy for terminating repeat infringers; that combination of knowledge and inaction was said to amount to substantive encouragement of infringement. The Supreme Court rejected that inference. The majority treated knowledge and intent as distinct mental states: the former is cognitive, the latter volitional.

Third proposition: the DMCA safe harbour is a shield, not a sword. Sony argued that, if an ISP could never be liable for contributory infringement in any event, the safe harbour in section 512(a) of the DMCA would be meaningless, because there would be no liability from which it could offer protection. The majority responded that the DMCA does not create liability; it creates defences. Whether a safe harbour exists does not affect the prior question whether liability is established. That position is rigorous as a matter of institutional logic, but it provoked forceful criticism in Justice Sotomayor’s concurring opinion.

(C) Justice Sotomayor’s Sharp Warning in Concurrence

Justice Sotomayor’s concurring opinion, joined by Justice Jackson, agreed with the result that Cox should not be liable, but criticised the majority’s reasoning on three grounds.

First criticism: the majority unduly narrows the scope of contributory liability. Justice Sotomayor observed that Grokster expressly preserved other common law routes to secondary liability, including aiding and abetting. By reducing contributory liability to inducement and services tailored to infringement, the majority excluded other possibilities without sufficient justification.

Second criticism: the DMCA safe harbour is hollowed out in practice. Justice Sotomayor’s central concern was institutional coherence. The safe harbour corresponding to section 512(a) exists because Congress assumed that ISPs might be liable in some circumstances and required protection from that liability. If, on the majority’s logic, ISPs would not be liable at all, section 512(a) becomes entirely surplusage.

Third criticism: the effect on other types of service provider is troubling. Justice Sotomayor referred specifically to social media platforms and artificial intelligence companies. If applied generally, the majority’s logic would bring unpredictable disruption to liability rules in other fields. Although she did not state how those actors should be treated, her language reflects a clear concern about universalising the Cox rule.

It is important, however, that the concurrence still agreed that Cox should be exempt on the facts. Justice Sotomayor’s reason was that, in the particular circumstances of the case, Cox knew that certain IP addresses were being used for infringement but could not know the identity of the specific infringing users. A single IP address might correspond to multiple users in a household, university or business. Even under an aiding-and-abetting standard, Cox therefore did not reach the threshold of specific intent to assist particular infringement. That reasoning is more refined than the majority’s and more operationally useful.

(D) The Threefold Effect of Cox

The effect of Cox should be assessed in layers. At least three layers can be identified, with decreasing degrees of certainty.

First, and most certain: the liability threshold for conduit ISPs has been substantially raised. It will be very difficult for a telecommunications-level ISP to be held contributorily liable for user infringement unless there is evidence of active inducement. This is the most direct and least controversial legal consequence of Cox. In US practice, it means that the enforcement strategy used by the recording and film industries over the past decade — suing ISPs to force termination of repeat infringers — has largely lost its force.

Secondly, and with partial certainty: the compliance incentive under section 512(a) of the DMCA is weakened but not eliminated. Although ISPs will not easily incur direct secondary liability, section 512(a) still offers a limited protection against injunctive relief, and other types of claim, such as vicarious infringement or injunctions under section 512(j), may still be brought against ISPs. Cox does not deny those other routes of responsibility; it narrows the gateway for contributory infringement.

Thirdly, and highly uncertain: whether the Cox rule applies to other types of service provider. This is the issue with which this article is principally concerned and the greatest uncertainty left by the majority opinion.

The majority twice uses limiting language: the judgment is “limited to the facts of this case” and addresses “the context of internet access ISPs”. Those qualifications are not ornamental. They are an express narrowing by the majority of the generality of its own rule.

At the same time, the reasoning of the majority plainly has a tendency towards generalisation. The two routes under intent theory, namely inducement and services tailored to infringement, the distinction between knowledge and intent, and the emphasis on substantial non-infringing uses are not unique to ISPs. In theory, they could be applied to any provider of a general-purpose tool.

For that reason, three interpretive routes have emerged in US academic and professional commentary after Cox.

First interpretation: the narrow reading. Cox is confined to telecommunications-level ISPs. UGC platforms and AI platforms remain subject to the Grokster framework of material contribution plus knowledge. This reading emphasises the majority’s factual limitations and argues that courts should analyse UGC and AI cases afresh rather than proceed by simple analogy.

Second interpretation: the broad reading. Cox establishes a general principle that a general-purpose tool with lawful uses is a safe island. Any service with substantial non-infringing uses may invoke that principle. AI platforms and other general tool providers may rely upon it. This reading is popular in parts of the AI industry and among some technology commentators.

Third interpretation: the typological reading, which is the position adopted in this article. Cox should be applied differentially according to the type of defendant. Conduit ISPs should be subject to the strictest intent threshold. Actors with deeper involvement in content, such as algorithmic platforms and AI platforms, should return to the Grokster standard, or even to a stricter standard. The core justification for this reading lies in the majority’s own factual limitations and in Justice Sotomayor’s concurrence, which points towards differentiated treatment for different types of actor.

(E) Why the Typological Reading Is the Most Persuasive

This article adopts the typological reading for three reasons.

First, the factual limitations in the Cox majority must be taken seriously. The majority’s two express limitations were not accidental. They show that the majority itself recognised that its rule should not be extended indiscriminately to other types of actor. A basic principle of legal interpretation is to respect a court’s self-imposed limits.

Secondly, the legal reasoning in Cox depends internally on the characteristics of conduit ISPs. The majority repeatedly emphasised that an ISP has limited knowledge of how its service is used; that it can know which IP address corresponds to which account but cannot distinguish the specific user or directly control how the service is used; and that it provides network access used for many purposes, not only infringement. Those propositions are true only of pure conduit ISPs. They are not true of algorithmic recommendation platforms or generative AI providers. Such platforms have data profiles for every item distributed by the algorithm, and AI providers have complete records of each output generation.

Thirdly, Justice Sotomayor’s concurrence supplies legal support for typology. Although she agreed in the result, her reasoning — aiding and abetting plus inability to identify the specific infringing user — in substance supplies different standards for different actors. ISPs may be exempt because they cannot know the specific infringing user. Other actors, if they can know the specific infringing facts, may be liable. That reasoning is the embryo of a typological approach.

(F) The Implications of Cox for Chinese Law

Cox is a precedent in US law and cannot be applied directly in China. Its method and reasoning nevertheless have important implications.

First implication: Chinese law should not mechanically repeat the US rule. The “knows or ought to know” standard in Article 1197 of the PRC Civil Code is, in substance, more expansive than the intent standard in Cox. That is a legislative choice and reflects China’s higher expectations of the duty of care owed by online service providers. Whether China should follow Cox and raise the threshold is a matter of policy, not a legal obligation.

Second implication: what is truly instructive is typological reasoning. Cox is itself a product of typological reasoning: it deals with the special position of ISPs as a category. Chinese law should use that insight to establish the legitimacy of tiered safe harbours, under which different types of online service provider are subject to different duties of care.

Third implication: the safe harbour must not be reverse-engineered into an industry shield. The majority opinion in Cox illustrates a systemic risk: if courts blur the boundaries of safe harbour, the liability system may tilt towards the party with greater economic and institutional power. Chinese law should prevent that risk at the level of institutional design by making the boundary conditions of safe harbour explicit.

IV. The Theoretical Construction of Substantive Tiering: A Four-Dimensional Framework

This is the most original, and the most difficult, part of the article. The first three parts have answered why tiering is necessary. This part answers how the tiering should be done.

(A) Why the Tiering Must Be Substantive, Not Formal

The most straightforward method would be to classify online service providers by industry or business label: telecommunications operators, UGC platforms, cloud service providers and AI companies. That is formal tiering.

Formal tiering has three insurmountable defects.

First defect: blurred business boundaries. In practice, a single provider often crosses several traditional business categories. Alibaba Group, for example, operates basic cloud services through Alibaba Cloud, UGC platforms through Taobao reviews and Xianyu, and generative AI services through the Tongyi series. If the law draws lines by industry, the same actor may be subject to different safe harbours for different businesses, increasing rather than reducing complexity.

Second defect: technological iteration makes labels obsolete. The “information location tools” referred to in section 512(d) in 1998 originally meant search engines. But should AI search services such as Perplexity or ChatGPT Search now be treated as search engines or as AI applications? Technological evolution in business boundaries outpaces formal labels.

Third defect: formal labels invite platform shopping. If liability rules differ according to the actor’s status, actors have an incentive to repackage themselves into categories with lighter responsibility. In early copyright litigation, YouTube at times described itself as a passive storage provider in order to rely on section 512(c), even though its recommendation mechanisms already made it functionally close to a content distributor.

The standard for substantive tiering should therefore be based on conduct indicia rather than status labels. The question is not “what are you called?” but “what do you do?” This approach has already appeared in Chinese judicial practice. The Jiangsu case (2024) Su 01 Min Zhong No. 8393 analysed the concrete benefit structure of “device sales plus traffic revenue”, not an abstract identity category. The Beijing case (2024) Jing 73 Min Zhong No. 2463 examined the correspondence between membership fees and particular content, not the platform’s self-description of its business. The task of this article is to elevate that case-specific wisdom into a systematic evaluative framework.

The core of the four-dimensional framework is this: by reference to four observable and analysable indicia of conduct, any online service provider may be substantively located on a spectrum from conduit to creator, and liability rules may then be allocated accordingly.

(B) Dimension One: Causal Contribution

1. Definition and theoretical basis

Causal contribution refers to the causal proximity and causal strength between the provider’s conduct and the ultimate infringing result. It is derived from basic principles of tort law. Causal connection is a precondition of any allocation of liability; without causation there is no basis for responsibility.

2. Three indicia

Indicia 1.1: physical proximity and legal remoteness. Was the infringing content stored on the provider’s servers? Was it distributed through the provider’s algorithm? Was it presented in the provider’s user interface? The closer the provider is, physically and operationally, to the final act of infringing dissemination, the greater its causal contribution. A telecommunications operator merely transmits byte streams and is physically remote from the content. A UGC platform stores the content and is physically close to it. An AI platform generates the content and is, in that respect, equivalent to the content-producing act.

Indicia 1.2: substitutability, or the “but for” test. If the provider’s service were removed, could the infringement still occur? If yes, and substitutability is high, causal contribution is low. If no, and substitutability is low, causal contribution is high. For example, if pirated resources are disseminated over a BitTorrent network, removing Cox as a single ISP has little effect on the ultimate dissemination, because other ISPs remain available. By contrast, removing a particular AI model may be decisive in preventing the “generation” of a particular infringing output.

Indicia 1.3: intensity of facilitation. Does the provider passively wait for user conduct, or does it actively facilitate the dissemination of particular content? Passive waiting indicates low facilitation, close to the original design of sections 512(a) and 512(c). Active facilitation indicates high facilitation, as in algorithmic recommendation and AI generation.

3. Spectrum of causal contribution, by typical actor

Actor type	Physical proximity	Substitutability	Intensity of facilitation	Overall assessment
Telecommunications-level ISP	Remote	High: other ISPs can substitute	Low	Extremely low
CDN / cloud storage	Medium	Medium	Low to medium	Low to medium
Passive UGC platform	Close	Medium	Low	Medium
Algorithmic UGC platform	Close	Low	High	High
Generative AI	Equivalent	Low	Very high	Very high

(C) Dimension Two: Technical Control

1. Definition and theoretical basis

Technical control refers to the provider’s actual technical capacity to identify, filter and block infringing content. It derives from the tort-law concept of possibility of control. Where a party can control but fails to do so, that failure is one of the core elements of fault.

2. Three indicia

Indicia 2.1: identifiability. Can existing technology identify infringement? This indicium changes with technological development. YouTube in 2005 could not identify copyright content at the instant of upload. Today, through Content ID, YouTube can perform real-time fingerprint matching across hundreds of millions of videos.

Indicia 2.2: blockability. Once identified, can the infringement be blocked in a targeted manner? This is a key indicium. The ability to block precisely, for example by deleting a single item or limiting one account, means compliance costs are controllable. If the only available measure is blunt, such as cutting off internet access or closing an entire account, compliance may affect large numbers of lawful users and requires a higher justification threshold.

Indicia 2.3: traceability. Can the specific infringing user and the specific infringing event be located? This is the factor emphasised by Justice Sotomayor in her Cox concurrence. Cox could not know which specific user behind an IP address had infringed, so its control was limited. By contrast, an algorithmic platform has complete data on each view, like and share for each item of content, and has a very high degree of traceability.

3. A counter-intuitive point: stronger control does not automatically mean a higher duty

This dimension raises a counter-intuitive problem. If stronger control always means a higher duty, does the law create a reverse incentive not to develop control technologies? The answer is no. The benchmark should be the state of the art in the industry, not the actual development level of the particular provider. In other words, if providers of the same type have generally become able to implement a particular control, such as Content ID on UGC platforms, a provider that chooses not to deploy it cannot thereby reduce its duty of care. It should still be treated as an actor that ought to possess that control capacity.

This approach links the “ought to have known” standard with technical capacity and allows the law to remain responsive to technological change. YouTube in 1998 could not have been required to implement content fingerprinting because the technology was immature. A UGC platform in 2026 that fails to deploy such technology cannot rely on lack of technical capacity as a defence.

(D) Dimension Three: Directness of Economic Benefit

1. Definition and theoretical basis

Directness of economic benefit refers to the causal directness between the economic benefit obtained by the provider from user infringement and the particular infringing content. This dimension derives from the express language of section 512(c)(1)(B) of the DMCA: the provider must not receive a financial benefit directly attributable to the infringing activity in circumstances where it has the right and ability to control that activity.

2. Four indicia, with reference to recent developments in Chinese judicial practice

Indicia 3.1: exclusive consideration. Is a specific fee charged for specific infringing content? Paid downloading of infringing music is the clearest form of direct benefit.

Indicia 3.2: traffic consideration. Does the infringing content make a substantive contribution to platform traffic or advertising monetisation? This was the central innovation in the Jiangsu case (2024) Su 01 Min Zhong No. 8393. The court held that the platform not only benefited from the sale of devices but also obtained traffic revenue when consumers downloaded and listened to uploaded infringing audio.

Indicia 3.3: customer-attraction effect. Is the infringing content a selling point that attracts users to stay? This indicium focuses on the real driver of user conduct. If a category of infringing content is the main reason users visit the platform, the platform’s benefit from the users’ overall activity has a customer-attraction character.

Indicia 3.4: membership revenue sharing. Is there a revenue-sharing mechanism between content contributors and the platform? This was the focus of the Beijing case (2024) Jing 73 Min Zhong No. 2463: was the membership fee allocated to a particular work, or was it paid for general membership services? The former constitutes direct benefit; the latter does not.

3. The refinement of Chinese judicial practice and its theoretical significance

The Jiangsu and Beijing cases appear to reach opposite conclusions: the former finds direct benefit, the latter denies it. Methodologically, however, they are consistent. Both return to the concrete chain of economic causation rather than speaking abstractly of whether the platform benefits from content. That method is the judicial expression of this article’s substantive tiering approach.

This article argues that direct benefit should not be a binary standard. It should operate as a dynamic adjustment factor within the tiering exercise. Exclusive consideration is the strongest form of benefit and should score directly. Traffic consideration, customer-attraction effect and membership revenue sharing are of intermediate strength and should score partially. Indirect advertising revenue unrelated to specific content is the weakest and should not score.

(E) Dimension Four: Abundance of Substantial Non-Infringing Uses

1. Definition and theoretical basis

The abundance of lawful alternative uses refers to the substantive importance of the service in lawful use. This dimension derives directly from the “substantial non-infringing uses” standard in Sony Betamax and was repeatedly reaffirmed in Grokster and Cox.

2. Three indicia

Indicia 4.1: proportion of use. What proportion of total use is lawful? Internet access services have an extremely high proportion of lawful use, including browsing, email and video conferencing. Certain dedicated piracy platforms have a very low proportion of lawful use.

Indicia 4.2: public value. What public interest is served by the lawful uses, such as education, research, news reporting and free expression? Even if the number of non-infringing uses is not large, a service should be treated as having high abundance if those uses carry substantial public value, as may be the case with an academic resource-sharing platform.

Indicia 4.3: irreplaceability. Would disabling the service cut off a channel for lawful expression? If closing a service would substantially impair lawful expression, as closing Wikipedia would impair public access to knowledge, the systemic value of its lawful alternative uses is higher.

3. Connection with Cox and its limits

The majority in Cox treated substantial non-infringing uses as a proxy for absence of intent. If a service has substantial non-infringing uses, the provider is presumed not to have intended infringement. That reasoning works for conduit ISPs. Does it work equally for algorithmic UGC platforms and generative AI?

This article submits that it does not. Generative AI undoubtedly has important lawful uses, but lawful and infringing uses share the same generative mechanism. The model uses the same weights whether it generates a story in the style of The Lord of the Rings or a near-verbatim passage from Harry Potter. Treating substantial non-infringing uses as a basis for exempting generative AI amounts to extending the idea of tool neutrality to creative tools. The neutrality of a creative tool is far less certain than that of a transmission tool.

Accordingly, substantial non-infringing uses should not be a sufficient condition for immunity. They should be a mitigating factor within the tiering exercise:

• conduit ISPs: very high abundance, sufficient to support Cox-style near-absolute protection;
• UGC platforms: relatively high abundance, relevant to reducing the duty of care;
• generative AI: moderate abundance, but with lawful and infringing uses sharing the same mechanism, and therefore not a stand-alone reason for immunity.

(F) Integrated Use of the Four Dimensions: A Four-Quadrant Tiering Model

Combining the four dimensions, this article proposes a four-quadrant tiering model.

Each dimension is scored from 1 to 5. The higher the total score, the closer the actor is to a co-creator of content and the narrower the space for safe harbour. The lower the total score, the closer the actor is to a passive conduit and the stronger the protection it should enjoy.

Tier 0, 16 to 20 points: quasi-direct infringement. The actor’s conduct is close to joint infringement. Safe harbour should not apply, and liability should be assessed as direct infringement or joint infringement. A typical example is generative AI where the output is highly similar to training data.

Tier 1, 11 to 15 points: high-duty platform. The actor bears a higher duty of care, should proactively deploy filtering technologies, and should be subject to stronger ex ante compliance obligations. Examples include algorithmic UGC platforms and content-distribution generative AI services, such as image-generation platforms with sharing functions.

Tier 2, 7 to 10 points: standard platform. The existing notice-and-takedown plus reasonable duty of care under Article 1195 of the Civil Code applies, broadly corresponding to the present rules. Examples include passive UGC platforms and information storage spaces.

Tier 3, 4 to 6 points: infrastructure. Only minimum notice-and-takedown obligations and limited injunctive responsibility should apply. There should be no general ex ante review obligation. Examples include cloud storage at the IaaS layer and CDNs.

Tier 4, 0 to 3 points: pure conduit. The Cox-style intent threshold should apply, producing near-absolute protection unless there is evidence of active inducement. Examples include telecommunications-level ISPs, root domain name server operators and DNS services.

Workability of the model

A reader may object that four-dimensional scoring sounds subjective. How is a judge to apply it?

There are three answers.

First, scoring is not an exact algorithm but an argumentative framework. Like the court’s overall assessment in calculating damages, the four-dimensional score provides an explicit path of reasoning. It requires the judge to make a concrete finding on each dimension and give reasons. It is the same kind of tool as the existing tripartite analysis of fault, causation and damage.

Secondly, scores need not be absolutely uniform. The same type of actor may fall into different tiers in different factual contexts. That is precisely the advantage of a tiered model over a single undifferentiated rule.

Thirdly, legislation and judicial interpretation can provide default scores for typical actors. For example, the Supreme People’s Court could provide by judicial interpretation that telecommunications operators are presumed to be Tier 4 unless evidence shows that their conduct departed from a pure conduit role, and that algorithmic UGC platforms are presumed to be Tier 1 unless evidence shows that the algorithm was not actively configured by the platform. A mechanism of default scoring plus rebuttal would preserve both certainty and flexibility.

V. Applying the Tiered Model: Differentiated Liability for Five Categories of Actor

This part applies the four-dimensional framework to five typical categories of actor, demonstrating the workability of the tiered model and proposing concrete liability rules for each category.

(A) Type One: Telecommunications-Level ISP / IDC / DNS — Pure Conduit (Tier 4)

Representative actors: China Telecom, China Mobile and China Unicom as basic telecommunications operators; international bandwidth providers; root domain name server operators; DNS resolution service providers.

Four-dimensional scoring:

• causal contribution: 1, extremely low;
• technical control: 1, unable to identify encrypted traffic;
• directness of economic benefit: 1, charging by traffic or bandwidth;
• lawful alternative uses: 5, the overwhelming majority of traffic being lawful;
• total: 8, adjusted to Tier 4 because the high value of lawful alternative uses should carry particular weight.

Proposed corresponding liability rules:

First, the notice-and-takedown logic should not apply. A physical conduit service cannot “delete” an individual byte stream. This is also explicit under section 512(a). Article 20 of the PRC Regulation on the Protection of the Right of Communication to the Public over Information Networks likewise exempts automatic access and transmission services from a deletion obligation.

Secondly, a blocking obligation should arise only after infringement has been confirmed by a court. This corresponds to the site blocking order familiar in European and UK practice. A court may order an ISP to block access to a particular pirate website, but only after judicial confirmation, and the order should remain precise, for example by blocking specified URLs or IP addresses without affecting lawful websites.

Thirdly, consistently with the Cox majority, contributory liability should arise only where there is evidence of active inducement. That threshold corresponds to the intent-based approach in Cox. This article emphasises, however, that the threshold applies only to this category of actor and should not be generalised.

(B) Type Two: Cloud Storage and CDN — Infrastructure (Tier 3)

Representative actors: Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon AWS, Cloudflare and the elastic storage functions of Baidu Netdisk.

Internal division required by business diversity: this category is complex and requires further subdivision:

• pure IaaS, such as elastic computing: Tier 3;
• PaaS plus content distribution, such as video CDN: between Tier 2 and Tier 3;
• private network disk plus sharing links: Tier 2, depending on whether indexing and search functions are provided.

Four-dimensional scoring, taking pure IaaS as the example:

• causal contribution: 2, storage but no distribution;
• technical control: 2, theoretically possible but costly to deploy in practice;
• directness of economic benefit: 2, charging by storage or computing resources;
• lawful alternative uses: 5, the overwhelming majority of customers being lawful;
• total: 11, between Tier 2 and Tier 3.

Proposed corresponding liability rules:

First, notice-and-takedown applies, but the notice must be highly precise. Cloud service providers should not owe a duty proactively to discover infringement, but should take necessary measures after receiving notice. The notice must identify the specific URL, object ID or file path. General or vague notices should not be treated as valid.

Secondly, there should be no proactive filtering obligation. A cloud provider is not required to conduct content fingerprint matching at upload, unless it has itself already deployed the relevant technical capability, assessed by reference to the state-of-the-art standard discussed under Dimension Two.

Thirdly, there should be a repeat infringer termination obligation for systematic piracy customers. Where a customer is repeatedly shown to be using cloud services to operate a piracy business, for example through repeated notices demonstrating continuing infringement by a website, the cloud provider should have a compliance obligation to terminate service to that customer on a knowledge-plus-inaction basis. This differs from the logic rejected in Cox, because a cloud provider’s capacity to identify its customer is far greater than an ISP’s capacity to identify a specific user.

Fourthly, in a typical situation such as that illustrated by the Alibaba Cloud v. Ledong Zhuoyue case, where the cloud provider fails to act promptly after notice, it should bear joint and several liability. The scope of liability should, however, be limited to the loss enlarged after the failure to take measures, and the entire consequences of the infringement should not be attributed to the cloud provider.

(C) Type Three: User-Generated Content Platforms (Tier 1 to Tier 2, Requiring Division)

Representative actors: Douyin, Bilibili, Xiaohongshu, YouTube, Facebook and Instagram.

Key internal division:

• passive UGC, where users actively search for and access content: Tier 2;
• algorithmic recommendation UGC, where the platform actively distributes and pushes content: Tier 1.

The necessity of this division has already been confirmed by Chinese judicial practice, including the Jiangsu case (2024) Su 01 Min Zhong No. 8393 and iQIYI v. ByteDance “Shuabao”.

Four-dimensional scoring, taking algorithmic recommendation UGC as the example:

• causal contribution: 4, because the algorithm actively determines exposure;
• technical control: 3, because fingerprinting technology is mature;
• directness of economic benefit: 4, through traffic monetisation and creator revenue sharing;
• lawful alternative uses: 3, because lawful uses exist but share the same algorithmic ecosystem as infringing uses;
• total: 14, Tier 1.

Proposed corresponding liability rules:

First, notice-and-takedown should continue to apply. In addition, the platform should owe an ex ante duty of care. For popular content, for example content in the top X per cent of traffic, a Content ID-style fingerprint comparison should become a standard compliance requirement for algorithmic UGC platforms.

Secondly, content selected by the algorithm and amplified by traffic support should be subject to a higher ex ante review obligation. A platform cannot enjoy the traffic revenue produced by its algorithm while at the same time maintaining that it merely passively receives user uploads. The algorithm’s active selection constitutes an act of platform endorsement or amplification and should carry a higher duty of care.

Thirdly, a repeat infringer termination mechanism should apply. Accounts repeatedly notified for infringement should be dealt with under a reasonable repeat infringer policy. This differs from the standard rejected in Cox, because algorithmic platforms have a far greater ability than telecommunications ISPs to identify users: account identities are precise and content creation is traceable.

Fourthly, this article’s core institutional proposal is that the greater the traffic revenue obtained by a platform from algorithmic recommendation, the higher its duty of care should be. This echoes the spirit of the Jiangsu case (2024) Su 01 Min Zhong No. 8393 and converts direct benefit from a binary yes-or-no inquiry into a continuous assessment of degree.

(D) Type Four: Generative AI Service Providers (Tier 0 to Tier 1, Quasi-Direct Infringement)

Representative actors: OpenAI (ChatGPT, DALL-E), Anthropic (Claude), Midjourney, Stability AI, Wenxin Yiyan, Tongyi Qianwen and Sora.

This category is the most controversial part of the article, because the position adopted here is stricter than the current mainstream in scholarship and practice: generative AI service providers should not be able to rely on the traditional safe harbour.

Four-dimensional scoring:

• causal contribution: 5, because AI is a co-creator of content;
• technical control: 4, because content selection exists at the training stage through dataset selection, filters and alignment fine-tuning;
• directness of economic benefit: 5, because user payment corresponds directly to model generation;
• lawful alternative uses: 3, because lawful uses exist but share the same generative mechanism as infringing uses;
• total: 17, Tier 0.

Reasons:

First, in terms of causation, AI is not a transmitter of content but a co-creator. An image generated by an AI model is jointly determined by the user’s prompt, the model’s training data and its model weights. That causal relationship is fundamentally different from an ISP transmitting bytes from A to B.

Secondly, in terms of control, AI service providers possess content-selection power at the training stage. They choose which data enter the training corpus, what filters are used, and how RLHF alignment is conducted. These are active choices. An AI company’s capacity to deploy ex ante technical filtering far exceeds that of a traditional UGC platform.

Thirdly, in terms of profit structure, what the user pays for is the model generation act itself. ChatGPT Plus subscriptions, Midjourney memberships and enterprise API usage fees all correspond directly to specific model outputs. This is a textbook case of direct economic benefit.

Fourthly, in terms of lawful alternative uses, lawful and infringing uses of AI share the same generative mechanism. That is fundamentally different from the video recorder in Sony Betamax or the internet access service in Cox. A video recorder can record lawful programmes or pirated programmes, but the recording is the same mechanical operation. The internet can transmit lawful or infringing content, but the transmission is the same byte-stream operation. AI is different. A model generating a story in the style of The Lord of the Rings and generating near-verbatim Harry Potter text are different behaviours produced by the same model weights under different prompts. Lawful and infringing uses are continuous within the same generative mechanism rather than separable in the sense contemplated by tool neutrality.

Proposed corresponding liability rules: a dual-track model.

First track: the training stage — direct infringement or fair use.

Copyright issues at the training stage have nothing to do with safe harbour. There is no third-party user at that stage. The AI company is the direct actor. Whether training constitutes infringement should be determined under the copyright rules on fair use or fair dealing, rather than under safe harbour rules.

Pending US cases such as NYT v. OpenAI, Authors Guild v. OpenAI and Getty v. Stability AI focus on whether training constitutes fair use. That is a question wholly independent of safe harbour. Although the Chinese “Ultraman AI-generated image” case concerned output at the generation stage, the reasoning of the judgment likewise did not rely on notice-and-takedown safe harbour, but on the compliance obligations under the Interim Measures for the Management of Generative AI Services and the Provisions on the Administration of Deep Synthesis of Internet-based Information Services.

Second track: the output stage — an output-level safe harbour.

This is the core institutional innovation of this article, drawing on and localising the “AI Harbour” proposal published in Oxford’s Intellectual Property Law & Practice.

For individual infringing outputs, such as an image highly similar to a copyright work, an AI service provider may invoke an output-level safe harbour, but only if the following conditions are satisfied:

1. ex ante filters have been deployed, including fingerprint databases for known copyright works and measures preventing exact reproduction;
2. a mechanism exists for responding to user reports of infringing outputs;
3. users have been given ex ante prompts and warnings, including content labelling and user conduct rules required by the Interim Measures for the Management of Generative AI Services;
4. there is no function specifically designed for infringement, such as a module designed to “generate in the style of X” while in fact enabling verbatim copying.

If those conditions are satisfied, liability for individual infringing outputs may be reduced or excluded. If any condition is not satisfied, infringement liability should follow.

Why this design? Because the traditional notice-and-takedown mechanism is simply unworkable for AI models. One cannot “delete” a trained model’s memory of a particular work from its weights; retraining is extremely costly and uncertain in effect. The safe harbour for AI platforms must therefore be ex ante compliance-based, through filtering, response mechanisms and content labelling, rather than ex post response-based through notice and take-down.

Localising the three-layer architecture of the Oxford “AI Harbour” proposal.

An article published in Intellectual Property Law & Practice in September 2025, From Safe Harbours to AI Harbours, proposed a layered liability architecture for the AI value chain. This article adapts that proposal to the Chinese context:

• data suppliers should bear provenance disclosure obligations, namely disclosure of the copyright status and licensing position of training data supplied to AI companies;
• model developers should bear obligations of dataset governance, memorisation mitigation and watermarking, namely technical measures at the training stage to prevent verbatim memorisation of particular works and to add traceable watermarks to outputs;
• model deployers should bear obligations of dynamic filtering, complaint handling and repeat-infringer policies, namely real-time filtering during user use, response to infringement reports and restrictions on repeat abusive users.

This three-layer architecture corresponds to the tripartite division of responsible actors under China’s Measures for the Labelling of AI-Generated Synthetic Content (2025), namely service providers, dissemination platforms and users. It may serve as a direction for refining China’s AI liability framework.

(E) Type Five: Decentralised Protocol Providers — a Borderline Case (Tier 1, Special Treatment)

Representative actors: the BitTorrent protocol, IPFS, blockchain storage protocols and decentralised finance (DeFi) protocols.

Difficulty: the defining feature of decentralised protocols is the absence of a centralised operating entity. Once developers have completed the protocol design, the protocol itself operates between users, and the developers may have no continuing control.

Proposed corresponding liability rules:

First, the Grokster inducement standard should apply by analogy. If the protocol design itself encourages infringement, as the specific design of the Grokster software was found to induce P2P piracy, the developers should be liable.

Secondly, where developers have fully withdrawn after open-sourcing the protocol and the protocol is misused, responsibility may shift to actors that convert the protocol into an application-layer service. Protocol Labs, for example, may bear responsibility where it commercially operates services built on Filecoin.

Thirdly, Chinese law has not yet filled this legislative gap. At present, such actors are mainly addressed case by case through an assessment of technological neutrality combined with commercial operation.

(F) Overview Table

The following table summarises the four-dimensional scores and corresponding liability rules for the five categories of actor.

Actor type	Causation	Control	Benefit	Alternatives	Total	Tier	Liability rule
Telecommunications ISP	1	1	1	5	8	T4	Intent theory plus blocking orders
Cloud storage / CDN (IaaS)	2	2	2	5	11	T3	Notice-and-takedown plus repeat-infringer termination
Passive UGC	3	3	3	4	13	T2	Current Article 1195 standard
Algorithmic UGC	4	3	4	3	14	T1	Algorithm-specific duty of care
Network disk plus sharing	3	3	3	3	12	T2	Notice-and-takedown plus index control
Generative AI	5	4	5	3	17	T0	Output-level safe harbour plus direct responsibility for training

The scores in the table are typical values. In a concrete case, they should be adjusted according to the actor’s actual conduct indicia. For example, if a UGC platform has adopted very strong ex ante controls against infringement, such as deploying Content ID, responding proactively and cooperating actively with rights enforcement, its score may be reduced from 14 to 11, moving it closer to Tier 2. That conduct-driven adjustment is precisely the advantage of the tiered model over rigid labelling.

VI. The Deficit of Granularity in Chinese Law: from the Civil Code to Generative AI Rules

Building on the theoretical framework developed in the first five parts, this part diagnoses the concrete deficiencies in China’s current rules on the liability of online service providers. This diagnosis is not a criticism of the legislature. Legislation is necessarily gradual and responsive. A deficit is a problem of development. But identifying the deficit is the precondition for reform.

(A) The Flat Structure of the Current Legal Framework

The core Chinese rules on the liability of online service providers are currently dispersed across the following texts:

• Articles 1194 to 1197 of the Civil Code, containing the basic tort liability rules;
• the Regulation on the Protection of the Right of Communication to the Public over Information Networks, promulgated in 2006 and amended in 2013;
• Articles 38 and 39 of the E-Commerce Law, containing special rules for e-commerce platforms;
• platform compliance requirements under the Data Security Law (2021) and the Personal Information Protection Law (2021);
• the Interim Measures for the Management of Generative AI Services (2023);
• the Provisions on the Administration of Deep Synthesis of Internet-based Information Services (2023);
• the Measures for the Labelling of AI-Generated Synthetic Content (2025);
• several judicial interpretations of the Supreme People’s Court, including the Provisions on Several Issues Concerning the Application of Law in the Trial of Civil Disputes Involving Infringement of the Right of Communication to the Public over Information Networks.

Common problem: the system treats “online service providers” as a single category. Apart from the early formal distinction between four types of service in the Regulation on the Protection of the Right of Communication to the Public over Information Networks, a distinction that has in practice been weakened in later legislation and adjudication, other laws largely adopt uniform rules.

(B) Deficit One: Type-Blind Duties of Care

Article 1197 of the Civil Code provides that where an online service provider knows or ought to know that a network user is using its service to infringe another person’s civil rights and interests, and fails to take necessary measures, it bears joint and several liability with that user. The rule applies to all “online service providers”: telecommunications operators, UGC platforms, cloud service providers and AI companies alike.

Judicial practice has partially addressed this problem through remedial mechanisms such as the red flag standard and direct benefit analysis. But those mechanisms remain at the level of case-specific flexibility and lack systematic structure.

Comparative reference: section 512 of the DMCA contains at least four categories of actor with different liability conditions. The EU Digital Services Act divides platforms into several categories, including micro, small, large and very large online platforms (VLOPs), and imposes additional obligations on very large platforms. Chinese law is comparatively behind in typological treatment of actors.

(C) Deficit Two: Uncontrolled Elasticity of “Necessary Measures”

Article 1195(2) of the Civil Code provides that an online service provider, after receiving notice, shall take “necessary measures”. It does not specify a list of concrete measures. What counts as necessary is left first to the platform and then to ex post judicial review.

That elastic design had a rationale when the Code was drafted, because it preserved room for judicial application. In the era of algorithmic platforms, however, the problem has become acute:

• should the platform delete, restrict traffic, demote, add warning labels, or filter in advance?
• should necessary measures differ according to the type of actor?

Practice shows a simplified tendency to treat deletion as the ultimate measure. Once a platform deletes, it is often regarded as having performed its duty, while intermediate measures such as filtering, traffic restriction and warnings are ignored.

This article’s position: necessary measures should be allocated by type of actor:

• conduit actors: blocking, as the heaviest measure requiring a judicial order, or no action, as the lightest position where there is no proactive duty;
• UGC actors: deletion, traffic restriction and user warnings;
• algorithmic actors: deletion, algorithmic demotion, removal from recommendation pools and freezing of creator revenue;
• AI actors: output filtering, response to user reports and updating of training data governance.

(D) Deficit Three: Safe Harbour Arbitrage by Algorithmic Recommendation Platforms

Current law allows algorithmic platforms to maintain two positions that are in fact inconsistent:

• Position A: “I am a neutral platform and merely passively receive user uploads, and should therefore enjoy the safe harbour under Article 1195 of the Civil Code.”
• Position B: “I benefit from algorithmic recommendation, but that is legitimate commercial operation by a business entity.”

The simultaneous acceptance of those two positions is exactly what the judgment in the Jiangsu case (2024) Su 01 Min Zhong No. 8393 criticised as the distortion of safe harbour into a tool for evading statutory responsibility.

At present, however, Chinese law contains no express statutory rule treating algorithmic recommendation platforms as a distinct type of liable actor. The closest related instrument is the Provisions on the Administration of Algorithmic Recommendation in Internet Information Services (2021), but that instrument mainly regulates content management and protection of user rights in algorithmic recommendation. It does not directly address civil infringement liability.

This article’s position: legislation should expressly recognise “algorithmic recommendation online service providers” as an independent category of liable actor and allocate to them a dedicated checklist of duties of care. The substance of that checklist has been discussed in Part V.

(E) Deficit Four: the Regulatory Vacuum for Generative AI

The Interim Measures for the Management of Generative AI Services (2023) address administrative regulation, including filing, content review and security assessment. They do not, however, define the civil liability rules for generative AI service providers. Article 14 refers to users who publish unlawful information bearing responsibility as producers of online information content, but that is an extension of administrative responsibility. It does not directly answer the civil-law question of attribution of liability for copyright infringement.

The Provisions on the Administration of Deep Synthesis of Internet-based Information Services (2023) and the Measures for the Labelling of AI-Generated Synthetic Content (2025) address content labelling. They do not reach the underlying rules of infringement liability.

The “Ultraman AI-generated image” case made creative use of existing rules. The court treated breach of the compliance obligations under the Interim Measures for the Management of Generative AI Services and the Provisions on the Administration of Deep Synthesis of Internet-based Information Services as a basis for finding fault on the part of the AI platform. That path is pragmatic, but it has two limits. First, administrative compliance obligations should not simply be equated with civil infringement liability. Secondly, in the absence of clear legislative guidance, similar cases may produce divergent outcomes in different courts.

This article’s position: legislation should establish a dual-track liability regime for AI service providers, as discussed in Part V.

(F) Deficit Five: Absence of Cross-Platform Coordination of Responsibility

The dissemination chain for online content often crosses multiple layers:

• user → ISP for access → CDN for caching and acceleration → UGC platform for storage and distribution → algorithmic platform for recommendation → mobile application for in-app playback;
• user prompt → AI service provider for generation → social platform for user publication of the generated result → viewers.

Current law contains no responsibility coordination mechanism. Upstream and downstream actors may shift responsibility to one another. For example, a UGC platform may delete content after notice while CDN caches remain available. Or infringing content generated by AI may be published by a user on a social platform, raising the question whether the AI platform or the social platform should bear primary responsibility.

This article’s position: Chinese law should establish responsibility coordination rules based on upstream priority and proximity. The actor able to control the source should bear the obligation first. Where the source cannot be controlled, responsibility should fall on the link closest to the infringing dissemination.

(G) Deficit Six: Unclear Differentiation Between Injunctions and Damages

Section 512(j) of the DMCA clearly distinguishes injunctive relief from damages. The safe harbour protects only against the latter. Although that distinction appears in Chinese law, for example in Article 23 of the Regulation on the Protection of the Right of Communication to the Public over Information Networks, it is often blurred in judicial practice and academic discussion.

A typical scenario is this: a cloud service provider invokes safe harbour and claims exemption. The court holds that it is not liable for damages. May the court nevertheless order it to take technical measures to prevent similar infringement from recurring? Current practice is inconsistent.

This article’s position: it should be made clear that safe harbour exempts only damages liability, and does not affect injunctive relief. That is necessary to restore the original quid pro quo of section 512 of the DMCA. The design of safe harbour was never intended to give service providers complete immunity; it was intended to exempt damages while preserving injunctions.

VII. A Tiered Safe Harbour: Legislative Recommendations and Judicial Operating Rules

The foregoing analysis points to a basic conclusion: the safe harbour should not be abolished. It should be returned to its original function as a structured mechanism for balancing interests. What should be abandoned is the flat assumption that all online service providers are similarly situated merely because they fall within the same formal label.

(A) Legislative Recommendation One: Replace the Single Category of “Online Service Provider” with a Typology of Service Providers

Chinese law should move from an abstract and undifferentiated concept of “online service provider” to a typed model that distinguishes conduit services, storage and hosting services, algorithmic recommendation platforms, content communities, cloud and CDN infrastructure, generative AI services, and decentralised protocol providers. Different types of actor differ in their causal contribution, technical control, economic benefit, and capacity to maintain substantial non-infringing uses. The law should therefore attach differentiated duties and liability thresholds to each type.

This does not require fragmenting the Civil Code. The Code may retain a general clause, while judicial interpretations, administrative rules, or sector-specific regulations provide the typological refinements. The objective is not formal taxonomy for its own sake, but operational clarity in allocating duties.

(B) Legislative Recommendation Two: Establish a Four-Tier Liability Structure

The liability architecture may be expressed as four principal tiers:

• Tier 4: pure conduit and neutral infrastructure. Actors such as telecommunications access providers, IDC services, DNS resolution services, and ordinary CDN services should remain closest to the traditional safe harbour. Their duties should generally be limited to cooperation, preservation of evidence, and execution of technically feasible measures after lawful notice or order.
• Tier 3: passive storage and cloud services. These actors may enjoy the safe harbour where they do not organise, recommend, monetise, or otherwise intervene in the infringing content, but they should bear stronger duties of preservation, repeat-infringer handling, and account-level restrictions where notice is sufficiently specific.
• Tier 2: content platforms and algorithmic recommendation services. Where a platform structures visibility, recommends content, shares advertising revenue, or benefits from traffic generated by infringing materials, its duties should extend beyond passive deletion. Demotion, recommendation suppression, warning labels, keyword filtering, and repeat-infringer governance may all be relevant necessary measures.
• Tier 1 or Tier 0: generative AI services and quasi-content producers. Where an AI service materially participates in generating or transforming infringing output, or where the service is designed, trained, or deployed in a manner that makes infringement a foreseeable product feature, the provider should not be treated as a mere host. It should bear enhanced duties concerning training-data governance, output controls, labelling, complaint handling, and evidence retention; in serious cases it may be analysed under direct or contributory infringement principles.

This tiered model preserves the doctrinal space of the safe harbour while preventing actors with high control and high benefit from sheltering behind rules designed for passive conduits.

(C) Judicial Rule One: Use the Four Dimensions as a Structured Inquiry

Courts should make explicit findings on four dimensions: causal contribution, technical control, direct economic benefit, and substantial non-infringing uses. These findings should not be treated as isolated elements. They should be weighed together to identify the provider’s substantive position in the infringement chain.

For example, a platform with strong technical control and direct advertising benefit cannot be assessed in the same way as a neutral cloud server merely because both are described as “network service providers”. Conversely, a technically sophisticated infrastructure provider should not be deprived of the safe harbour simply because it possesses abstract technical capacity, if its role in the specific infringement is remote and its non-infringing uses are substantial.

(D) Judicial Rule Two: Distinguish Between Injunctive Relief and Monetary Liability

A central source of confusion in safe harbour cases is the failure to separate injunctions from damages. A provider may be required to take reasonable measures to stop continuing infringement, while still being exempt from monetary liability if its prior role did not satisfy the relevant fault, knowledge, or benefit threshold. Cox v. Sony is instructive precisely because it reminds courts that the conditions for injunctive control and the conditions for damages liability are not identical.

Chinese adjudication should therefore develop separate analytical paths: first, what measures are technically feasible and legally proportionate to prevent continuing harm; second, whether the provider’s past conduct justifies monetary liability. This separation would also reduce excessive deletion, over-blocking, and defensive censorship by platforms seeking to avoid damages exposure.

(E) Judicial Rule Three: Prevent “Safe Harbour Arbitrage”

Platforms should not be allowed to switch characterisations opportunistically. They cannot claim to be neutral and passive when invoking the safe harbour, while describing themselves as intelligent organisers of content, precision advertisers, or algorithmic curators when attracting users and advertisers. The law should look to the actual business model and technical design, not merely the litigation label chosen by the defendant.

In particular, courts should scrutinise whether the platform’s recommendation, ranking, labelling, or monetisation mechanisms amplify infringing content. Where the platform’s own system materially increases exposure, traffic, or revenue from infringement, a higher duty of care is justified.

(F) Institutional Design: From Case-by-Case Intuition to Rule-Based Differentiation

The greatest practical value of a tiered safe harbour lies in making judicial reasoning more transparent. Current adjudication often reaches intuitively reasonable results, but the reasoning is scattered across concepts such as red flag knowledge, necessary measures, direct economic benefit, and contributory infringement. A tiered model converts those intuitions into a structured method.

Such a method would also help administrative regulation. In the fields of algorithmic recommendation, deep synthesis, generative AI, data compliance, and platform governance, the regulator increasingly needs differentiated obligations. A unified analytical framework would reduce conflict between private-law liability and public-law compliance duties.

Conclusion

The safe harbour was never meant to be a universal immunity for all entities that provide online services. It was a carefully designed balance: copyright owners accepted limits on damages and enforcement costs; network service providers accepted notice-based duties and compliance conditions; users and the public received the benefit of open, innovative, and lawful online services.

The contemporary internet has altered the factual premise of that bargain. Online intermediaries now range from passive conduits to algorithmic distributors, monetised content platforms, cloud infrastructure providers, and generative AI systems that may themselves participate in producing disputed content. A formally equal safe harbour can therefore produce substantively unequal results.

The proper response is not to discard the safe harbour, but to recalibrate it. A four-dimensional and tiered model enables courts and regulators to preserve legal certainty for genuinely neutral infrastructure, while imposing higher duties on actors whose business models, technical design, and economic benefits place them closer to the centre of infringement. This is the necessary return of the safe harbour: not a retreat from balance, but a more precise reconstruction of it.

Principal References

• Digital Millennium Copyright Act, 17 U.S.C. § 512.
• Regulation on the Protection of the Right of Communication through Information Networks.
• Civil Code of the People’s Republic of China, Articles 1194 to 1197.
• Provisions on the Administration of Algorithmic Recommendation in Internet Information Services.
• Provisions on the Administration of Deep Synthesis of Internet-based Information Services.
• Interim Measures for the Management of Generative AI Services.
• Cox Communications, Inc. v. Sony Music Entertainment, 604 U.S. ___ (2025).
• Lenz v. Universal Music Corp., 815 F.3d 1145 (9th Cir. 2016).
• UMG Recordings, Inc. v. Shelter Capital Partners LLC, 718 F.3d 1006 (9th Cir. 2013).
• Capitol Records, LLC v. Vimeo, LLC, 826 F.3d 78 (2d Cir. 2016).
• Intellectual Property Law & Practice, “From Safe Harbours to AI Harbours” (2025).