The Digital Millennium Copyright Act (DMCA) is a United States copyright law that deals with the protection of copyrighted material online.

By creating a DMCA Policy for your website, you can allow users to create or upload their own content while protecting your business from any potential copyright infringements.

In this article, we will discuss what the DMCA is, to whom it applies, and the steps you can take to create your own DMCA Policy and ensure your business or organization is protected.

The Digital Millennium Copyright Act (DMCA) is a United States copyright law designed to balance the rights of digital media copyright holders and users.

It was passed in 1998 and implemented in 2000, and worked to update U.S. copyright laws to meet the requirements of two international treaties passed by the World Intellectual Property Organization (WIPO).

The DMCA provides copyright holders with a fairly easy framework to follow to assert their copyright and have infringing materials removed from a website. It also provides harsh penalties for copyright infringement.

DMCA protection applies to all types of content such as text, images, audio, and videos. However, because the DMCA is a U.S. law, it applies only to websites hosted in the United States.

Despite this, even if the copyright holder is located outside of the U.S. they can still rely on the DMCA to uphold their copyright as long as that content is hosted on a U.S. website.

The DMCA also makes it illegal to manufacture or distribute tools or software that could be used to circumvent copy controls.

What are the Requirements of the Digital Millennium Copyright Act (DMCA)?

The DMCA imposes certain requirements including the duty to respond to takedown notices and remove any infringing content.

In order to be in compliance with the DMCA, your business must:

  • Avoid using or hosting copyrighted content
  • Establish notice and takedown procedures
  • Take swift action against any infringing content
  • Reasonably implement a Repeat Infringer Policy

Who Must Comply with the Digital Millennium Copyright Act (DMCA)?

Any online service provider (OSP) that allows user-generated content should consider implementing a DMCA Policy. This will allow your business to limit its liability from copyright infringement claims.

Under the DMCA, an OSP is any website that hosts user-generated content like search engines, content hosting sites, and internet service providers.

For example, if your website features only your own original content or content created by authors that you employ, you likely do not need a DMCA Policy. But if any part of your website features content from users or third parties, you need a DMCA policy to protect you from what they post.

If a user of your website posts copyrighted material, you may be liable under copyright law for providing a platform for the copyrighted material to be shared.

There are also a few activities and organizations exempt from compliance. 17 U.S.C 512 (c) (3) establishes that certain activities relating to nonprofit libraries, educational institutions, archiving activities, and government activity are exempt.

The DMCA and 'Safe Harbor' Exemptions

The DMCA and 'Safe Harbor' Exemptions

The DMCA grants OSPs certain exemptions from liability known as the "safe harbor" provisions. If the users of your website post or transmit copyrighted-protected material, you will be safe from liability as long as you meet the safe harbor criteria and designate an agent with the U.S. Copyright Office.

Normally, when the owner of a piece of copyrighted content sees that it's being used without permission, they can file a complaint and initiate a lawsuit. The DMCA provides an exemption for service providers that shield them from liability.

In order to avoid liability, DMCA Section 512 (d) establishes the criteria that must be met, including:

  • You have a designated agent with the U.S. Copyright Office
  • You were not aware of the infringing material on your website
  • Once the infringing material was brought to your attention, it was expeditiously removed
  • You did not receive any direct financial benefit from the infringement, and
  • You responded promptly to any "takedown" notices

How to Comply with the Digital Millennium Copyright Act (DMCA)

To limit your own liability, we have provided some actionable steps below that you can take to ensure your business is DMCA-compliant.

If you wish to be protected under the "Safe Harbor" provisions of the DMCA, you ned a registered and designated copyright agent.

In order to appoint a designated agent, you must register your business with the U.S. Copyright Office. All registration must be completed through their electronic registration system.

DMCA Section 512 (c) (2) sets out the requirements you must provide with your registration, including:

  • The name, address, phone number, and email address of the agent
  • Any other contact information which the Register of Copyrights may deem appropriate

Keep in mind that this registration must be renewed every three years.

Create a DMCA Policy

To be compliant with the DMCA, you should create a DMCA Policy that clearly outlines the procedure through which a copyright holder can notify you about potential copyright infringement.

This DMCA Policy can be part of your Terms and Conditions agreement (sometimes called Terms of Use or Terms of Service), or as a stand-alone document that you also link to your Terms agreement.

Your DMCA Policy should include the following:

  • An introduction describing the purpose of the policy
  • Takedown notice instructions (also known as a DMCA Notice)
  • Counter Notice instructions
  • Your policy on repeat infringers

The Introductory Paragraph

Your DMCA Policy should start with an introductory paragraph that explains the purpose of the policy.

In this introductory paragraph, you should make reference to any relevant laws. In this case, you should reference the DMCA.

Here is an example of how Tumblr's DMCA Copyright Policy clause within its Terms of Service includes an introductory paragraph describing the purpose of the policy and cites the relevant law:

Tumblr Terms of Service: DMCA Copyright Policy clause

DMCA Notice Instructions

Your DMCA Policy should contain detailed instructions on how a copyright holder can notify you that their copyright has been infringed and request for the infringing material to be removed.

The process by which a copyright holder notifies you about potential copyright infringement is called a DMCA Notice (sometimes also called a Takedown Notice).

This DMCA Notice must include clear instructions on where the copyright holder can send their complaint and all the information that must be included. You can simply provide these instructions and the relevant contact information or provide an actual form for submitting a complaint.

You should instruct people submitting a DMCA Notice through your website to include the following information:

  • The physical or electronic signature of the subscriber
  • The subscriber's name, address, email, phone number, and other contact information
  • Information that identifies the material they claim is infringing, including a URL or physical location if applicable
  • A statement under penalty of perjury that the subscriber has a good faith belief that the copyrighted material is not authorized by the copyright owner, its agent, or the law, and
  • A statement that the information given is accurate and that they are authorized to submit a DMCA Notice for this copyrighted work

Although Heroku does not provide an actual notice form in its DMCA Notices Policy, it does provide clear instructions on all the information that must be included with a complaint and where it must be sent:

Heroku DMCA Notice

In this example, you'll see how Dropbox has a convenient Notification of Claimed Infringement form:

Dropbox Notice of Claimed Infringement form

Dropbox also provides clear written instructions for submitting the same information:

Dropbox Notice of Alleged Infringement - DMCA Notice instructions

Counter Notice Instructions

Your DMCA Policy should also explain how the party that allegedly infringed the copyright can submit a Counter Notice to have the disputed content restored. This is called a Counter Notice.

A Counter Notice is the response an organization submits after having its content removed for reportedly infringing copyright. It is submitted when an organization feels its content was mistakenly removed due to a DMCA Notice.

Similarly to a DMCA Notice, 17 U.S.C 512 (g) (3) outlines the information that must be included in a Counter Notice. Your DMCA Policy should clearly communicate to your users that they must include this information with their complaint:

  • The physical or electronic signature of the subscriber
  • The subscriber's name, address, email, telephone number, or other relevant contact information
  • Identification of the material that has been removed or to which access has been disabled
  • A statement under penalty of perjury that the subscriber has a good faith belief that the material was removed or disabled as a result of a mistake or misidentification of the material to be removed or disabled
  • A statement that the subscriber consents to the jurisdiction of the Federal District Court for the judicial district in which the address is located or if the subscriber's address is outside of the United States, for any judicial district in which the service provider may be found

Here's how Tumblr includes this information in its Terms of Service:

Tumblr Terms of Service: Submitting a DMCA Counter Notification section

GitHub does a great job of clearly explaining to its users all the information that must be included in the Counter Notice:

GitHub Guide to Submitting a DMCA Counter Notice: Counter Notice Must Include checklist

Immediately following this list of what the Counter Notice must include are the instructions for submitting the notice:

GitHub Guide to Submitting a DMCA Counter Notice: How to Submit Counter Notice section

How you Handle Repeat Infringers

Your DMCA Policy should also outline your process for dealing with repeat copyright infringers.

In order for a service provider to be protected under DMCA's safe harbor provisions, it must adopt and implement a policy for terminating repeat infringers. Including these procedures in your DMCA Policy will help shield you from liability.

Although the DMCA does not define exactly what a repeat infringer is, common practice dictates that it is any user who repeatedly fails to adhere to copyright law.

Your policy on repeat infringers should specify the criteria that equate to a violation and the penalties for those violations.

Here is an example of how Meta explains the penalties it imposes on repeat infringers:

Meta Repeated Intellectual Property Infringer Policy excerpt

In the next example, Reddit explains its Repeat Infringer Policy of closing accounts or subreddits where infringement is a continual problem:

Reddit Policy on Repeat Copyright Infringement

Where Should You Display Your DMCA Policy?

Where Should You Display Your DMCA Policy?

Your DMCA Policy needs to be in a location that is easy for your users to access at any time. Two places for this are within your Terms and Conditions agreement as a clause, or linked as a separate page to your website's footer.

If you run a higher-risk service that deals with lots of user-generated content, consider putting your DMCA Policy in a prominent place.

Here's how YouTube includes its Copyright Policy link directly in its site's footer:

YouTube website footer with Copyright link highlighted

Violators of the DMCA face substantial fines and both civil and criminal penalties.

  • Civil penalties include injunctions and actual damages or lost profits up to $150,000 per offense
  • Criminal penalties for repeat offenders include imprisonment of up to 5 years and fines of up to $250,000 per offense


The DMCA exists to ensure copyright protection while penalizing those that infringe copyright.

While a service provider would typically be liable for the infringing content their users upload or share, the DMCA's safe harbor provisions offer liability protection to websites that passively host user-generated content.

If you have a website where users share content, the best way to protect yourself is by registering a designated agent and creating a DMCA Policy. This policy should include:

  • An introductory section explaining the purpose of the policy
  • Instructions for how to file a DMCA Notice
  • Instructions for how to file a Counter Notice
  • Your policy for repeat infringers

Place this policy in an easily accessible location like in your Terms of Agreement or as a link in your website's footer.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy