Learning From Section 230: No Immunity for AI

Section 230 was enacted in 1996 to protect nascent online platforms that merely hosted user content, allowing them to moderate without fearing publisher liability. Over time, courts broadened the statute’s reach, extending immunity to algorithmic amplification and design choices, which left victims of platform‑facilitated harms with few legal recourses. This historical overreach now serves as a cautionary tale for policymakers confronting the rapid rise of generative artificial intelligence, where the line between hosting and creating content is far blurrier.

Generative AI models such as ChatGPT or Claude do not simply host third‑party speech; they synthesize outputs based on proprietary training data, fine‑tuning, and deployment parameters controlled by the companies that build them. Consequently, the companies bear significant responsibility for the content produced, making a literal reading of Section 230(c)(1) inapplicable. Legislative efforts like the "No Section 230 Immunity for AI Act" (S.1993) aim to codify this distinction, ensuring that AI developers cannot hide behind a statute designed for passive hosts. By clarifying the legal status of AI outputs, Congress can prevent a generation of litigation that would otherwise mirror the protracted battles over social‑media liability.

Looking ahead, the optimal approach is a flexible federal framework that assigns liability based on AI risk categories, evolves with technological advances, and incentivizes safety through audits and mandatory insurance. Such a structure would fill the void left by preempting state tort and consumer‑protection laws, avoiding the stagnation that plagued Section 230. It would also align accountability with capability, ensuring that as AI systems become more powerful, the legal responsibilities of their creators grow proportionally, protecting consumers while fostering responsible innovation.