Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,500 words, this briefing is about a 7-minute read.
At a glance.
- Anthropic settles fair use lawsuit.
- Social media platforms win their challenge against the EU.
Anthropic settles AI copyright lawsuit.
The news.
On Friday, Anthropic, one of the largest artificial intelligence (AI) developers, agreed to settle a copyright lawsuit brought by a group of authors and publishers for $1.5 billion. If approved, Anthropic is expected to pay $3,000 per work to roughly 500,000 authors. Once approved, this settlement will be the largest publicly recorded copyright recovery to date.
This class action lawsuit alleged Anthropic used millions of books to train its Claude language model without authorization. In their original complaint, the authors wrote that “rather than obtaining permission and paying a fair price for the creations it exploits, Anthropic pirated them.” The proposed settlement motion argues that this outcome will “set a precedent of AI companies paying for their use of pirated websites.”
In response to this settlement, Anthropic released a statement emphasizing the company is “committed to developing safe AI systems that help people and organizations extend their capabilities, advance scientific discovery, and solve complex problems.”
The knowledge.
This case is the first major copyright dispute against an AI developer to reach a resolution, out of more than forty cases filed so far. These cases highlight a largely unsettled, but very significant question of whether training AI systems on copyrighted material falls under fair use. To this point, this issue has remained largely unresolved.
Cecilia Ziniti, an intellectual property lawyer, compared the settlement to the early 2000s Napster case. For context, that case established that peer-to-peer services could not rely on users’ actions to avoid liability for copyright infringement, which dramatically reshaped how music was distributed online. Similarly, this settlement could reshape how AI companies acquire data and content to train their various models.
By resolving this case through a settlement, the parties avoid creating a definitive court ruling but do begin to set commercial norms for AI training. If other lawsuits follow similar paths, the outcomes could dramatically change how models are trained and could result in the formation of new markets where developers can license content directly from creators.
The impact.
While this settlement will take time to realize fully, it represents a major step forward for content developers. For years, intense debates have persisted regarding how AI developers are training their models and how that impacts authors, musicians, and artists, among many others. Now that this lawsuit has concluded, it could mark a significant turning point in how AI developers can train their models and the costs associated with making a model.
For those impacted by this lawsuit, people should monitor the case closely to track how the case is proceeding and understand any requirements they may need to fulfill for financial compensation. For those involved in similar copyright lawsuits, people should take time to understand both this lawsuit and the settlement, as it could impact similar cases.
Meta and TikTok win challenges against the EU.
The news.
On Wednesday, both Meta and TikTok won a legal challenge against the European Union (EU) regarding how the regional body imposes its supervisory fee. Both of these social media platforms sued the European Commission after they were fined a supervisory fee equivalent to .05% of their annual worldwide net income. Both Meta and TikTok supported the decision, noting how the current system resulted in larger companies facing a greater regulatory burden and paying a disproportionate amount to support the Commission.
For context, the supervisory fee is imposed by the EU to cover the costs of monitoring companies' compliance with the Digital Services Act (DSA). Additionally, the size of this annual fee is proportional to the number of average monthly users and whether or not the company posted a profit or loss in the previous year.
When issuing their ruling, the judges stated “that methodology…should have been adopted not in the context of implementing decisions but in a delegated act, in accordance with the rules laid down in the DSA”
A Commission spokesperson also commented on the ruling, stating:
“The Court’s ruling requires a purely formal correction on the procedure. We now have 12 months to adopt a delegated act to formalise the fee calculation and adopt new implementing decisions.”
The knowledge.
Since the DSA went into enforcement in 2022, the law has been one of the EU’s central methods for shaping how digital platforms operate in the region. With the DSA, the EU created a structured system that applies different obligations and regulations based on a platform's size and risk. The largest platforms, also known as very large online platforms (VLOPs), are companies that reach more than ten percent of Europe’s consumers. Some recognizable VLOPs include Amazon, Meta, TikTok, Apple, and Google.
VLOPs are subject to strict rules, including annual risk assessments, compliance audits, mitigation measures, and algorithmic transparency. If VLOPs violate these requirements, they are subject to fines of up to six percent of their global turnover.
Outside of the annual supervisory fine previously covered, the European Commission has yet to impose any fines against VLOPs. However, the Commission is currently investigating both X and TikTok and has opened inquiries into several other platforms.
For X, EU regulators found that X had breached online content rules in 2024 after a seven-month-long investigation. In this case, the Commission noted that X’s verified accounts did not correspond to acceptable industry standards and negatively impacted users’ ability to engage with accounts. Additionally, the Commission stated that X blocked researchers from accessing public data and failed to comply with other DSA requirements.
Regarding TikTok, the Commission found that TikTok’s ad repository did not provide the necessary information on how its ad system worked. Furthermore, the Commission emphasized that TikTok’s advertisement repository did not allow “the public to search comprehensively for advertisements on the basis of this information, thereby limiting the usefulness of the tool.”
The impact.
TikTok and Meta winning this legal challenge is unlikely to impact the day-to-day operations of many European businesses for some time. However, since the Commission will be required to change how the DSA calculates its supervisory fine sometime over the next year, this could result in significant changes, which could impact how fees are calculated and implemented.
For businesses operating in the EU, especially those that pay supervisory fines, people should monitor this situation and understand what changes the Commission plans to make. By understanding any proposed changes, organizations can avoid any compliance issues, which could result in unnecessary fines and other regulatory penalties.
Highlighting key conversations.
In this week’s Caveat Podcast, our team holds our monthly Policy Deep Dive conversation. For this month’s deep dive, our team broke down HR1, or as it is more commonly known, the One Big, Beautiful Bill. During this conversation, our team looked at the various funding measures that the bill implemented and how these initiatives contributed by the Trump administration's overall policy strategy.
Like what you read, and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other noteworthy stories.
US sanctions cyber scam network in Myanmar and Cambodia.
What: The United States (US) has imposed sanctions on cyber scam operators.
Why: On Tuesday, the Treasury Department imposed sanctions on criminal networks spread across Southeast Asia. The sanctioned entities include nine companies and individuals from Shwe Kokko. With these sanctions, the US aims to deprive these organizations of funds.
John Hurley, the Under Secretary of the Treasury for Terrorism and Financial Intelligence, released a statement, writing:
“Southeast Asia’s cyber scam industry not only threatens the well-being and financial security of Americans, but also subjects thousands of people to modern slavery.”
US probes malware email targeting trade talks.
What: US authorities are investigating an email that aimed to install malware through trade talks.
Why: On Sunday, reports emerged that US investigators are looking into an email that contained malware. The email, which appeared to be sent by Representative John Moolenaar to trade groups, law firms, and government officials, was traced back to a Chinese-affiliated hacking group, APT-41. In the email, there was an attachment of proposed legislation that would install malware, once opened, that would give hackers access to the targeted groups.
This email came to light after staffers began receiving inquiries about it from contacted parties.
The Chinese embassy released a statement in response to these reports, writing that “China firmly opposes and combats all forms of cyber attacks and cyber crime.”