As an online service provider, whether you provide simple web hosting or more complex web services (like social networking), you are broadly protected from liability for the content posted by your users not only by the First Amendment, but also by “Section 230” of the Communications Act, and the Digital Millennium Copyright Act.

The DMCA was enacted in 1998 in part to provide copyright owners a more streamlined method to counteract unauthorized uses of their material online, while at the same time not stifling innovative online services. The law creates certain “safe harbors” from copyright liability for a variety of online service providers. One of the major components of the law is a “notice and takedown” procedure for removing copyrighted material from websites. As a provider whose users might post infringing material, you are protected against copyright lawsuits as long as you follow specific procedures for taking down infringing material when properly notified by the copyright holder. The Electronic Frontier Foundation has a detailed primer on this section of the DMCA, which includes the procedures to follow. Two things to be aware of are that a service provider can become ineligible for the safe harbors if it is found to have “red flag” knowledge of infringing activity, or if it “receive[s] a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity.” Courts have interpreted these exclusions rather narrowly, but it is important to be aware of them, and to follow the DMCA procedures carefully. Good advice is to talk to a lawyer as you set up your service.

“Section 230” provides a great deal of protection for online services outside the scope of copyright and is arguably as important as the First Amendment when it comes to fostering innovation and protecting free speech online. Section 230 has been an integral part of the dramatic growth in online services since its inception. It provides that online service providers cannot be treated as the publisher or speaker of content posted by others, thus freeing service providers from being overly cautious with respect to the writing, images, and video posted by users. Unlike, for example, the publisher of a print newspaper, who can be held liable for what gets printed, an online host or forum is shielded by Section 230, based on the premise that providers of online forums exercise less editorial control over content. (If the service provider actually is the author of particular material, the protection does not apply.) Not surprisingly, Section 230 is often credited for the explosive growth of innovative services and user-generated content online of the late 1990s and 2000s.

Section 230 also provides that services providers cannot be held liable for the voluntary removal of objectionable content or for providing users the means to filter objectionable content. These provisions mean that as a service provider you are free to make editorial decisions and/or offer filtering options that remove or block excessively violent or overtly sexual content, without fear of infringing on users’ rights to speak (although you should be careful not to act inconsistently with your own terms of service). Additionally, you are free to editorially remove some content without worrying that all similar or otherwise objectionable content be removed.  From a customer service perspective, it certainly makes sense to be consistent, but your broad Section 230 protection doesn’t dissolve simply because you might make some decisions and not others. 

Section 230 has been applied in court to a wide variety of service providers, but it is important to remember that it does not cover everything. It does not apply to copyright and other intellectual property claims (the DMCA controls here), nor does it have any affect on federal criminal laws. This means that it is still possible for you to get into trouble for users’ content that is obscene or incites violence, or potentially in violation of other federal laws. Also, there have been a few notable cases that have slightly constrained the scope of Section 230 protection. If you as a service provider encourage or require illegal content to be posted, such as through a directed form, you could lose Section 230 protection with respect to that material. Additionally, if you as a service provider agree to do something – say remove some work that is potentially defamatory – but then don’t follow through, some courts have held that Section 230 would not fully protect you against legal claims by the person to whom you made the promise.

One important issue around which the protections for service providers do not apply is child sexual exploitation and abuse. In fact, there are specific laws that govern service providers in this context. In 1998, Congress established the CyberTipLine, and federal law requires that “electronic service providers” (including most ISPs and web hosting companies, and many online services) report all apparent violations of child exploitation and child pornography laws. Active monitoring is not required, but fines and even criminal penalties are possible for failures to report material that is within your knowledge. You can learn more about the tip line and the reporting requirements at