Thirty Years On, Congress Moves to Delete the Internet's Foundational Liability Law
Section 230 of the Communications Decency Act turns thirty this year. Congress is marking the anniversary by trying to kill it.
In December 2025, Senators Lindsey Graham (R-SC) and Dick Durbin (D-IL) introduced the Sunset Section 230 Act (S.3546), backed by eight additional co-sponsors — Grassley, Whitehouse, Hawley, Klobuchar, Blackburn, Blumenthal, Moody, and Welch — spanning the ideological spectrum. The bill would repeal Section 230 two years after enactment. One day earlier, Representative Harriet Hageman introduced the House companion (H.R.6746), setting a harder deadline: the law would lapse on December 31, 2026. Both bills are currently in committee.
This is not the usual background noise. Since FOSTA-SESTA created the first Section 230 carve-out in 2018, Congress has repeatedly threatened reform and repeatedly stalled. The 119th Congress opened with more than ten bills targeting Section 230. The bipartisan co-sponsorship of S.3546 — uniting senators who agree on almost nothing else — signals genuine legislative seriousness that prior reform cycles lacked.
What the Reformers Get Right
The case for revisiting Section 230 is not frivolous. The statute's core immunity provision — "no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider" — was written when fewer than 40 million people used the internet globally. Courts applying Zeran v. AOL (1997) extended the protection far beyond its original scope: not just to hosting user content, but to algorithmic amplification, recommendation engines, and product-design decisions that the 1996 Congress did not anticipate.
Senator Durbin's framing — that "Big Tech consistently prioritizes profits over people" — channels documented frustration. Section 230 has been successfully deployed as a defense in cases involving not merely user-generated content but platforms' deliberate curation choices that left harmful content in front of vulnerable users. Critics across the ideological spectrum have a legitimate grievance that the immunity's current scope protects conduct the statute was never designed to shield.
The Problem With Setting a Match to It
The difficulty with both S.3546 and H.R.6746 is the gap between diagnosis and prescription. Sunsetting Section 230 without a statutory replacement does not produce more accountability — it produces the worst possible redistribution of power.
Without the liability shield, every platform hosting third-party content faces the prospect of being sued as a publisher. Large incumbents — Meta, Alphabet, Amazon — have the legal firepower to litigate through that exposure. They will moderate aggressively, restrict user expression, and reach a new equilibrium. The casualties will be everyone below them: community forums, decentralized social platforms, small hosting services, open-source collaboration tools. As EFF argued in April 2026, "the Open Social Web Needs Section 230 to Survive" — without it, the emerging decentralized internet faces legal jeopardy that the incumbents it aims to displace can absorb. A Section 230 repeal would be the most effective Big Tech consolidation measure Congress has ever passed, dressed up as accountability.
Courts Are Already Doing the Surgical Work
The reformers' argument assumes Section 230 is a monolithic shield. The case law of the past two years says otherwise.
In the Third Circuit's 2024 ruling in Anderson v. TikTok, the court allowed a wrongful death suit to proceed on the theory that TikTok's recommendation algorithm may not qualify as protected publisher conduct. The Second Circuit in U.S. v. EZLynk (August 2025) denied immunity to a platform that allegedly collaborated directly with illegal defeat-device developers, holding it had "directly and materially contributed" to the illegal content rather than acting as a neutral intermediary. In March 2026, two separate state courts — in K.G.M. v. Meta in Los Angeles and a parallel case in New Mexico — held Meta liable on product-design and consumer protection theories that Section 230 did not block.
Technology law scholar Eric Goldman's January 2026 roundup of Section 230 decisions documented the trend extensively: courts are increasingly distinguishing between editorial judgment (protected) and operational choices like verification systems, payment processing, and quality-assurance functions (potentially unprotected). The immunity is already narrower than its critics assert, and it is being refined by courts with fact-specific tools that a blunt sunset provision cannot replicate.
The TAKE IT DOWN Model
Congress already has a more proportionate template. The TAKE IT DOWN Act (S.146), signed by President Trump on May 19, 2025, after passing the House 409-2, addresses non-consensual intimate imagery — including AI-generated deepfakes — through a 48-hour takedown mandate and Federal Trade Commission enforcement framework. Rather than carving a new hole in Section 230's liability structure, it creates a compliance obligation under the FTC Act, leaving platform immunity intact while imposing enforceable removal duties where the harm is concrete and specific.
The Act has real flaws: critics noted in May 2026 that it lacks counter-notice mechanisms and risks bad-faith abuse of the takedown process. These are worth fixing. But the structural approach — targeted obligation for a defined harm, regulatory enforcement, no wholesale immunity revocation — is the right architecture.
Expiration Without Replacement
H.R.6746's December 2026 deadline is still on the table. Even if the Senate's two-years-after-enactment trigger in S.3546 is the more likely vehicle, the existence of a hard repeal horizon is already distorting investment, platform architecture decisions, and legal strategy across the internet industry.
Congress should be specific about what Section 230 should not protect: paid algorithmic amplification of illegal content; product designs that demonstrably addict minors; knowing facilitation of exploitation. All of these can be addressed through targeted carve-outs and compliance mandates — the approach already producing results in courts and statute books. Sunsetting the entire liability framework because its outer edges have been stretched too far is not accountability. It is the largest content moderation intervention in US history, executed without a plan for what follows.