一句话答案
The US Digital Millennium Copyright Act of 1998 is US federal statutory law. Its safe-harbour and notice-and-takedown provisions (17 U.S.C. § 512) bind providers that fall under US jurisdiction; they have no extraterritorial force on a hosting company incorporated and physically operating outside the United States. A host in Saint Kitts and Nevis, Iceland, Switzerland or Romania can read a DMCA notice, file it, and decline to act on it — and that refusal is consistent with the law, not in spite of it.
What "DMCA-ignored" does NOT mean: that the host ignores all copyright claims, that local court orders carry no weight, or that explicitly criminal content (CSAM, credible threats, identity theft material) gets a pass. It means specifically that a US-style takedown notice — sent by email or webform without a court — does not trigger removal.
为何 DMCA 在美国境外不适用
Statutes are bounded by jurisdiction. The DMCA is part of Title 17 of the United States Code; it confers safe-harbour protection on US-based service providers that follow its takedown procedure, and it imposes obligations on those same US providers. A non-US provider has neither the protection nor the obligation. Cryptoservers Ltd., for instance, is incorporated in the Federation of Saint Kitts and Nevis under company registration C 59284-2024; it does not register a DMCA agent with the US Copyright Office because it is not a service provider under § 512(k)(1).
Rights-holders sometimes argue that an offshore host "benefits from" the US market when its users are American. That argument is not supported by case law. In every leading transnational copyright case, the courts have required either physical presence (offices, employees, servers) in the US or specific targeting (advertising aimed at US users, US-currency pricing) before asserting personal jurisdiction. A host that does not advertise in the US, does not bill in dollars-and-cards, and operates infrastructure exclusively outside the US has no exposure to US copyright statute.
The question is sometimes confused with copyright itself. Copyright is recognized internationally via the Berne Convention — every Berne signatory protects works originating in other Berne signatories. But Berne harmonises substantive rights, not procedure. The DMCA's takedown procedure is a US procedural mechanism; Berne does not require any other jurisdiction to mirror it. The closest EU analogue is the eCommerce Directive (2000/31/EC), which sets a notice-and-action regime for hosting providers but with materially higher procedural thresholds than § 512.
每家离岸托管商能可信承诺的事项
Refusing to honour US-style takedown notices: yes, in writing, with a reply confirming the notice was received and read but no action will follow. Most offshore hosts maintain a public stance page (we keep ours at /dmca/) so the position is unambiguous before a customer signs up.
Refusing to identify the customer based on a takedown notice alone: yes. A notice is not a subpoena. Even providers that DO honour DMCA in the US do not unmask customer identity without a § 512(h) subpoena — and in 2003 the DC Circuit ruled in Verizon v. RIAA that § 512(h) subpoenas don't apply to the kind of conduit-only providers most hosting companies actually are anyway.
Resisting fishing expeditions from rights-holder enforcement firms: yes. The standard playbook from firms like Rightscorp, MarkMonitor and the various IP boutiques is to send hundreds of templated notices and see which providers fold. Offshore hosts maintain a documented internal procedure that converts every such notice to an automated reply pointing at our jurisdictional posture and our /abuse/ page — no human handling required for typical IP enforcement spam.
Honouring valid court orders from courts of competent jurisdiction: yes, and unambiguously. A Nevisian court order, a Swiss court order, a Romanian court order, an Icelandic court order — these have legal weight where the host operates and will be respected. Romania's Constitutional Court has twice (2009 and 2014) struck down EU data-retention obligations as incompatible with the Romanian constitution, which sets the bar even higher there. The threshold is "valid order from a court that has jurisdiction over us," not "any court anywhere."
任何托管商——无论离岸或在岸——都无法承诺的事项
Immunity from criminal investigations. Local law enforcement in the host's jurisdiction can issue search warrants, seizure orders, or production orders for serious criminal matters under their own statutes. Every offshore host respects these, because doing otherwise would lose the company its operating licence within months. The trade-off is that the legal threshold is much higher than a takedown notice — typically requiring a judge-signed warrant supported by probable cause of a specific crime.
Immunity from network-level interception. ISPs and tier-1 transit providers in the host's region operate under their own local lawful-interception regimes. We mitigate this with TLS-everywhere, WireGuard between PoPs, and a no-content-logging policy — but we cannot promise that a determined nation-state actor with backbone access cannot observe encrypted traffic flows.
Immunity from CSAM enforcement. Every jurisdiction we operate in (Iceland, Netherlands, Romania, Switzerland, Nevis) treats child sexual abuse material as a serious crime with extraterritorial enforcement and full international cooperation. CSAM is the one universally prohibited category in our Acceptable Use Policy and the one category that gets removed within hours of any credible report — we report to NCMEC and the relevant national authority regardless of where the customer claims to be.
Immunity from sanctions. OFAC sanctions, EU sanctions, UK sanctions and equivalent regimes apply at the payment-rail level, not the hosting level. Because we don't accept fiat, we don't have a bank to enforce sanctions through, but customers in sanctioned jurisdictions still bear their own legal risk under their own national law.
下架通知在离岸基础设施上的实际流转过程
Step 1 — the notice arrives at a public email like abuse@ or dmca@. Our ingestion automation parses the From, the alleged URL, and the asserted rights-holder. If it matches the templated DMCA pattern (most do — they're mass-produced), it goes into a tagged queue; if it doesn't, a human triages it within 4 hours during business windows.
Step 2 — automated reply within minutes. We send back a clean explanation: where we're incorporated, what statute applies, why DMCA does not bind us, and where to escalate if the rights-holder believes a Nevisian or other in-jurisdiction process is appropriate. This is signed with our PGP key so the rights-holder can verify it actually came from us, not a forgery.
Step 3 — the notice is filed. We keep an internal log of every notice received, the URL it pointed at, and the date — partly for our own audit, partly because if a court ever does take an interest, we want to demonstrate that we received and read the notice and chose not to act based on a documented legal position. Customers can request a copy of any notice that named their resource through the panel.
Step 4 — typically nothing more happens. The vast majority of mass-produced takedown notices end at step 2. The rare cases that escalate go to the rights-holder's local counsel, who then has to either pursue a Nevisian court order (expensive, slow, and rarely worthwhile for a single-piece-of-content matter) or send a formal letter to the customer themselves, which they can do directly without our involvement.
忽略 DMCA 何时不再重要
If your concern is large-scale commercial copyright infringement at industrial volume — running a streaming pirate site monetised by ads, for example — DMCA-ignored hosting is a thin reed. Rights-holders will pursue domain seizure (via ICANN-accredited registrars in the US/EU), payment-processor pressure, and reverse-DNS reporting to put your operation under sustained pressure that no amount of jurisdictional posture can wholly deflect. We are explicit in our AUP that this kind of operation is outside our risk tolerance regardless of the legal merits.
If your concern is whether a single DMCA-style notice will take down your blog post, your forum thread, your privacy-tool source repository, your Tor exit relay's resolver page, or your political content: DMCA-ignored is exactly the right tool. The vast majority of takedown notices we see fall in this bucket — boilerplate, templated, often factually wrong, and frequently aimed at material that wouldn't even be infringing under US fair-use doctrine if a US court ever looked at it.
如何评估一家托管商是否真正忽略 DMCA
Check the corporate registry. A real offshore host will name its incorporation jurisdiction on its terms page and link to a public registration number. "DMCA-ignored" with a US C-corp behind it is marketing fiction.
Check the datacenter footprint. Servers physically located in the US fall under US jurisdiction regardless of where the corporate parent is registered. Look for explicit datacenter addresses in non-US locations (Iceland, the Netherlands, Romania, Switzerland, Cayman, BVI, Malaysia all show up in legitimate offshore hosting; "global edge" with no addresses listed is a red flag).
Check the policy page. A serious offshore host publishes a documented stance page (ours is /dmca/ + /abuse/) that describes exactly what gets ignored and what gets acted on. "We respect customer privacy" is not a stance; "We do not honour DMCA notices because § 512 has no extraterritorial force" is a stance.
Check the payment rail. A host that requires KYC and a credit card has a US/EU payment processor in the loop, and that processor has its own takedown leverage that the host can't refuse. Crypto-only hosting cuts that lever entirely — there is no Stripe to pressure.
结论
DMCA-ignored hosting is a real legal posture, not a gimmick — but it's load-bearing only for the specific category of US-style copyright takedown notices it names. It does not insulate against criminal investigations, against valid court orders, or against rights-holder pressure on adjacent infrastructure (domains, payment, DNS).
If your threat model is "a templated takedown notice will silence my speech tomorrow," offshore + crypto-billed + DMCA-ignored is the right architecture. If your threat model is broader than that, no single legal posture is sufficient — you need defence in depth across hosting, domain, payment, and operational security.
