“Don’t Aid pirates”; The Court Found Cloudflare Liable for Aiding and Abetting Copyright Infringement of One Piece

On 19 November 2025, the Tokyo District Court rendered a landmark judgment against Cloudflare, Inc., holding the U.S.-based Content Delivery Network (CDN) provider liable for aiding the infringement of publication rights regarding four Manga titles including globally popular works such as ONE PIECE and Attack on Titan. This lawsuit, brought by Japan’s “Big Four” publishers—KADOKAWA, Kodansha, Shueisha, and Shogakukan—marks the first time a global CDN has been held financially responsible for damages arising from third-party piracy.

1. Background

The copyright infringement was executed through two massive piracy websites, distributing over 4000 manga titles without authorization and attracting more than 300 million monthly accesses in total at their peak. These two piracy websites used Cloudflare’s CDN service.  CDN is a system of distributed servers that cache content near users to accelerate delivery and reduce origin server load. While CDNs are essential for legitimate web traffic, they are used in large-scale piracy as they enable sites to handle millions of monthly accesses at low cost.

The four publishers sent Cloudflare Digital Millenium Copyright Act (DMCA) notices respectively, and obtained information disclosure orders from the United States District Court for the Northern District of California in 2020 and 2021.  The publishers filed a copyright infringement lawsuit against Cloudflare in February 2022.

2. Grounds for Aiding and Abetting: The KYC Failure

In the judgement, the Tokyo District Court found that the two piracy website operators infringed copyright (publication right) of the manga titles and that Cloudflare aided such copyright infringement by providing CDN services to facilitate infringement.  The court’s finding of “aiding” was based on Cloudflare’s business practices rather than the CDN technology itself. The judgment emphasized Cloudflare’s systemic lack of “Know Your Customer” (KYC) verification, adopting a policy to simplify account creation by omitting KYC verification. The court found that this provided a “high degree of anonymity”, free from risk of copyright enforcement even if any legal disclosure process taken, in addition to the general anonymity of reverse proxy hiding IP addresses of origin servers.

3. Rejection of Statutory Safe Harbors

The Court declined to apply the “Safe Harbor” protections under the Information Distribution Platform Safety Act, because Cloudflare could have been aware of the copyright infringement by the DMCA notices and apparent illegality of the piracy sites with “Raw-Free” signs and watermarks of the piracy sites’ own domain names on the images, and it was technically possible for Cloudflare to cease providingCDN services to these specific websites.

4. Awarded Damages

The court calculated the total damages for the four works at approximately 3.6 billion JPY (approx. $24M USD). However, because the plaintiffs strategically filed a “partial claim” for this specific lawsuit, the court ordered Cloudflare to pay a total of approximately 500 million JPY (roughly 120–126 million JPY per publisher), plus interest.

5. Responses from the Publishers and Cloudflare

The publishers welcomed the decision and made press releases of their victory. They commented that while other CDN service providers implement various measures to prevent their services from being used for illegal content distribution, such as verifying customer identities and removing illegal content from servers under their management when receiving notices from rights holders, Cloudflare failed to do so; and that this judgment clarified that Cloudflare bears liability for copyright infringement for such failure.

On the other hand, Cloudflare has expressed strong disappointment with the ruling, reportedly cautioning that letting it stand would seriously affect the efficiency, security and reliability of the internet. They further argued that such a decision is inconsistent with the legislative intent of promoting technological growth and risks stifling innovation in emerging companies.

6. Comments

The ruling echoes findings from the 2022 Report by the Ministry of Internal Affairs and Communications (MIC).  In the report, CDN services of Cloudflare, Akamai Technologies and Amazon Web Services (AWS) were compared and the lack of KYC identification of Cloudflare was pointed out as an issue.  The report also stated that nine websites among the top ten piracy websites in December 2021 used Cloudflare, although Cloudflare contested this, asserting that six of the top ten sites did not use its services.

The Tokyo District Court decision would not automatically extend to other CDN service providers as long as they implement proper KYC identification procedures.