In recent years I have witnessed a significant and crucial transformation in the digital world. Core internet services—such as CDN acceleration, DNS resolution, and development frameworks—have traditionally operated under the principle of technical neutrality. This principle has long protected these infrastructure providers from being held directly responsible for the content they help deliver. They were seen as the digital equivalent of road builders, not accountable for the goods transported on their roads.
However, this period of unquestioned protection is coming to an end. The digital environment has evolved into a complex, borderless network where illegal activities, especially large-scale copyright infringement, can thrive with increasing sophistication. The idea of technical neutrality is no longer an absolute defense but a nuanced argument that courts around the world are scrutinizing more closely. A landmark decision in November 2025 by the Tokyo District Court against Cloudflare—a company managing about 20% of global internet traffic—illustrates this shift. The court ordered Cloudflare to pay 500 million yen to copyright holders, ruling that its ongoing provision of CDN caching services to known piracy websites amounted to contributory infringement.
This case is not isolated but signals a global legal trend, prompting a reevaluation of the responsibilities of internet infrastructure providers. To understand the broader implications, it is helpful to compare the Japanese ruling with legal frameworks and case law in China, such as the notable WeChat Mini Program case. From my experience representing clients in such complex disputes, this comparison highlights a worldwide judicial movement toward greater accountability on the internet, even though the legal approaches may vary.
The Cloudflare Dilemma: When a Good Samaritan Becomes an Accomplice
A Dual-Role Service
To grasp the court ruling, one must understand the dual role of Cloudflare services. On one side, it acts as a good Samaritan of the internet. Its CDN (Content Delivery Network) is a technological marvel that caches static website content across a global server network, delivering it to users from the closest location. This significantly speeds up website loading times, helping small publishers compete and improving user experience worldwide. Its security services, especially its strong DDoS (Distributed Denial-of-Service) protection, are equally important. The familiar brief wait and human verification check before accessing some international websites often involve Cloudflare filtering out malicious traffic to keep sites online. Notably, many of these critical security features are offered free of charge. So how did this company, seemingly a cornerstone of digital utility, become a target for the world largest publishers? From the perspective of copyright owners, Cloudflare helpful services effectively shielded pirate websites. The ongoing battle between content creators and infringers has seen rights holders attack domain registrars and hosting providers to shut down infringing sites and pressure payment processors and advertising networks to cut off their funding.
Yet, Cloudflare proved to be the toughest barrier in this strategy. When rights holders find an infringing site, they typically identify its IP address and send a take-down notice to the hosting provider. But when a site uses Cloudflare CDN, it enables reverse proxying, hiding the origin server and exposing only Cloudflare IP address to the outside world. This makes the pirate site true location invisible, rendering complaints to the actual host ineffective. Moreover, when rights holders or their allies tried to launch DDoS attacks to take pirate sites offline, Cloudflare powerful, free security services absorbed these attacks effortlessly. The CDN also improved the user experience for these illicit sites, giving them performance comparable to legitimate streaming giants like Netflix or YouTube.
The Claim of Neutrality
Cloudflare firm defense has always been its claim of neutrality. It portrayed itself as a mere conduit for information, committed to privacy and communication secrecy. It argued that it could not and should not police the content passing through its network, nor be forced to violate user privacy without a court order. This stance was based on its self-view as a fundamental internet infrastructure layer, similar to a utility company that does not monitor phone calls. Its policy was to comply only with orders from U.S. courts, creating a significant jurisdictional challenge for international rights holders.
A Protracted Legal Battle
This rigid position was challenged in a lengthy legal battle starting in 2017. The plaintiffs were a coalition of major Japanese publishers—Kodansha, Shueisha, Shogakukan, and Kadokawa—owners of famous manga series like One Piece, Attack on Titan, and Detective Conan. They identified numerous large-scale manga piracy sites heavily dependent on Cloudflare services. After initial legal disputes, a tentative agreement was reached in 2019. The settlement stated that if a Japanese court declared a site illegal, Cloudflare would stop providing CDN services to that site within Japan.
However, this agreement was only a temporary pause, not a permanent solution. The publishers argued that despite repeated notifications from 2020 onward about ongoing infringing sites, Cloudflare failed to take effective action. Pirates exploited this by switching to new domains, a low-cost tactic that easily bypassed partial restrictions. Frustrated by continued infringement, the four publishers filed a formal copyright infringement lawsuit against Cloudflare in Tokyo District Court in February 2022.
The Court Reasoning: Knowledge as the Key
The core issue in the Japanese case was to break through Cloudflare claim of neutrality. The plaintiffs legal approach was clever. They argued that by caching infringing manga, Cloudflare was making temporary reproductions under Japanese copyright law. While this can sometimes be considered fair use, the plaintiffs claimed this exception disappeared when Cloudflare knowingly facilitated infringement. The key was proving knowledge. The 2019 settlement became crucial evidence, showing Cloudflare was aware of the infringing nature of these sites and had promised to act but failed to do so effectively.
The court agreed. In its November 2025 decision, it sided with the publishers, ruling that Cloudflare CDN and acceleration services were a necessary condition for the infringement continuation and growth. When faced with repeated, clear notices of infringement—a classic red flag situation—Cloudflare could no longer claim to be a neutral, passive intermediary. Its ongoing service turned it from a simple utility into an active participant, or accomplice, in copyright violations. The 500 million yen penalty sent a strong message that the protection of technical neutrality has its limits.
The Chinese Viewpoint: An Alternative Legal Approach to a Similar Issue
China Legal Framework
If this dispute had been addressed in a Chinese court, the legal tactics and arguments would have taken a different but equally persuasive direction. The basis for such a case in China is the Regulations on the Protection of the Right of Communication through Information Network (known as the Information Network Transmission Regulations). This legal framework divides digital services into four distinct categories of providers, each bearing different levels of responsibility.
The first two categories—Automatic Access Services (Article 20, such as telecom operators) and Automatic Caching Services (Article 21, including CDN providers)—are generally exempt from the notice-and-take-down process. The reasoning is technical: these providers offer purely automated, mechanical services and lack the practical ability to selectively remove specific infringing content from their caches without disrupting entire systems. The other two categories—Information Storage Space Services (Article 22, like cloud storage or forums) and Search/Linking Services (Article 23, such as search engines)—are subject to the traditional notice-and-take-down rule. Upon receiving a valid infringement notice, they must promptly remove the infringing content or links to avoid liability.
A Litigator Strategy: Reclassification
At first glance, Cloudflare CDN service clearly falls under the Automatic Caching Service category, which would suggest a strong defense. However, as a litigator in this field, my strategy would be to contest this classification. The goal would be to collect evidence showing that Cloudflare role went beyond that of a passive, automated cache. For example, if we could demonstrate that Cloudflare actively promoted certain pirate websites, selectively cached content to improve user experience for infringing material, or provided search features that helped users locate illegal content, we could argue that it functioned as an Information Storage Space or Search Service provider. Such a reclassification would immediately impose the “notice-and-takedown” obligations on Cloudflare, significantly increasing its responsibility to monitor its network.
A Precedent: The WeChat Mini Program Case
This strategic perspective is highlighted by the well-known WeChat Mini Program case. In that case, a company was illegally distributing copyrighted audio through a Mini Program on WeChat. After the copyright owner notified Tencent, the platform operator, Tencent only instructed the infringing company to remove the specific content but took no action against the Mini Program itself. The copyright owner sued both the infringer and Tencent, seeking joint liability.
The Hangzhou Internet Court decision was nuanced and forward-thinking. It found that a WeChat Mini Program is a new type of network service that does not fit neatly into any of the four categories defined in the 2006 regulations. Therefore, the court ruled that the traditional notice-and-takedown rule did not automatically apply to Tencent. However, the court did not completely absolve Tencent of responsibility. Instead, it held Tencent to the standard of a general network service provider. This meant that upon receiving a valid notice, Tencent was required to take necessary measures, which could include issuing warnings or, more importantly, disconnecting access to the Mini Program. The court stopped short of ordering Tencent to directly delete content within the program, recognizing the technical and control differences between a Mini Program and user-uploaded files on a server.
Summary: The Future of Infrastructure Liability
Potential Outcomes in a Chinese Court
A comparison between the Japanese Cloudflare case and the Chinese WeChat Mini Program case highlights a worldwide judicial trend: the law is struggling to keep up with technological advances, and courts are ready to modify existing legal principles or develop new ones to address contemporary harms. If a case like Cloudflare were tried in China today, two main outcomes seem likely, both depending heavily on the key factor of knowledge.
First, a court might apply the reasoning from the WeChat case, treating Cloudflare CDN service as a type of automatic caching that is exempt from the strict notice-and-takedown rules. In this situation, Cloudflare would have a strong chance of winning, similar to Tencent success in its case. However, this defense would fail if the plaintiff could convincingly prove that Cloudflare had actual knowledge of the infringement, especially after repeated and specific notifications—similar to the evidence of the breached 2019 settlement in the Japanese case. Under such red flag conditions, Cloudflare could easily be held liable for contributory infringement, regardless of how it is formally categorized.
Second, and more challenging for Cloudflare, a court might be convinced that its services go beyond mere caching. If there is evidence that its features actively enhanced the infringing activity or that it had the technical capability to take more targeted measures, the court could classify it as an Information Storage Space provider. This would represent a major shift, subjecting Cloudflare to the notice-and-takedown system. The implications would be significant: Cloudflare would be legally required to establish a comprehensive copyright complaint system, employ a team to review and handle takedown requests, and promptly remove infringing cached content from its servers. Failure to comply would expose it to substantial joint and several liability.
A Crucial Distinction: IP vs. Illegal Content
It is important to make a final distinction. The legal disputes discussed here relate to intellectual property infringement. Legal responsibilities for illegal content—such as terrorism-related, gambling, or pornographic materials—are in a completely different category. For such content, internet infrastructure providers often have proactive, results-driven, and much stricter duties. Liability is much higher, and immediate, decisive action is expected. In my experience, only during major events like the 2008 Beijing Olympics did online piracy receive comparable treatment, with infringing broadcast sites being disconnected at the infrastructure level without delay.
In conclusion, the Tokyo District Court decision against Cloudflare marks a turning point. It signals the end of the era when technical neutrality was an absolute defense against contributory copyright infringement claims. For global companies operating in digital infrastructure, the message is clear: passive ignorance is no longer a viable defense. The legal environment now demands a higher level of corporate responsibility. Proactive risk management, clear communication channels for rights holders, and readiness to act decisively upon credible infringement reports are evolving from best practices into legal requirements. While digital networks remain accessible, accountability checkpoints are being established, and the cost of ignoring them is becoming prohibitively high.