Substack’s Liability Shell Game: How the Platform Profits While Writers Hold the Legal Bag

The pitch was clean. Come write. Keep your audience. Own your work. Substack would take ten percent and stay out of the way.

That was the deal, more or less, when the platform launched in 2017. And for a lot of writers, journalists escaping dying newsrooms, commentators tired of Twitter’s chaos, niche experts who finally had something to sell, it sounded too good to pass up. By late 2024, Substack¹ reported four million paid subscriptions across the platform. The money was real. The independence felt real.

What was less visible, buried in the platform’s terms of service and scattered across its policy documents, was a different kind of deal. One in which the legal and reputational risks of publishing sat almost entirely with the writer, while the platform collected its cut and shielded itself behind the same law that protects Facebook, YouTube, and every other tech company that has ever argued it was not responsible for what appeared on its servers.

The liability arrangement at Substack is not accidental. It is engineered. And understanding how it works is essential for anyone who publishes there or is thinking about it.

The Legal Architecture Nobody Reads

When you sign up for Substack and start publishing, you agree to a terms of service that contains a sentence most writers never notice. According to Substack’s own Terms of Use², posts on the platform “are the sole responsibility of the person or organization from whom such content originated.” That is not fine print. That is the entire legal theory of the platform’s relationship to what it distributes.

The law that makes this arrangement possible is Section 230 of the Communications Decency Act, passed in 1996. As the Congressional Research Service³ explained in a 2024 overview, Section 230 “does not remove users’ responsibility for their own content.” Individual writers who produce defamatory, harassing, or otherwise legally problematic content can be held liable. The platform distributing that content generally cannot, as long as it did not create it.

This is the architecture. Substack built an entire business on top of it.

The platform’s co-founders, Chris Best and Hamish McKenzie, codified their hands-off philosophy in a 2020 blog post on content moderation. Their position was that moderation tools belong in writers’ hands, not the platform’s. They would set narrow rules at the extremes, no spam, no harassment, no doxxing, no porn, and otherwise stay out of editorial decisions. As Substack’s official moderation policy⁴ states, the platform prefers that “the publisher, or a trusted member of that community, sets the tone and maintains the desired standard.” They would build the tools. Writers would use them. Problems that arose from content would be the writer’s problem.

This is not unusual in tech. Every major platform has some version of this arrangement. What makes Substack different is the specific combination of factors in play: the platform takes a revenue share, it runs a recommendation algorithm that actively amplifies content, and it markets itself as a place where writers can build real businesses on independent writing. The economic interdependence between Substack and its writers is not incidental. It is the entire product. And yet, legally, the liability flows in only one direction.

The Nazi Newsletter Crisis and What It Revealed

In November 2023, journalist Jonathan M. Katz published an investigation in The Atlantic⁵ revealing that Substack was hosting and monetizing newsletters built around white supremacist content, including publications that displayed neo-Nazi imagery openly. The report documented newsletters promoting the “Great Replacement” conspiracy theory — an ideology linked to mass shootings in Pittsburgh, Christchurch, El Paso, and Buffalo. Several publications were run by organizers of the 2017 Charlottesville “Unite the Right” rally, including Richard Spencer, whose Substack newsletter had a monetization feature enabled.

The numbers, when you look at them, are hard to square with the platform’s self-image. Substack was taking ten percent of subscription revenue from newsletters openly operating under Nazi ideology. More than 247 Substack writers signed an open letter demanding answers. The letter asked a simple question:

“Why are you platforming and monetizing Nazis?”

Substack’s initial response was to defend its approach. Hamish McKenzie argued the platform draws the line at “incitements to violence” and maintained that the company’s decentralized moderation approach gave “power to readers and writers.” That argument, that hosting and profiting from neo-Nazi content is acceptable as long as no one explicitly calls for violence, drew immediate and sustained criticism from across the media world.

Casey Newton, the founder of tech newsletter Platformer⁶, spent days with his team analyzing dozens of Substack accounts for pro-Nazi content. Newton had built his own publication on Substack, growing it to an audience of 170,000 free subscribers and 70,000 in paid subscriptions in a single year. He had praised Substack’s tools, its recommendations engine, and its growth mechanics. He also noted that those same mechanics that grew his journalism newsletter could grow a white supremacist publication just as fast.

In January 2024, NBC⁷ reported that Substack announced it had removed five publications after determining they had violated existing rules against inciting violence based on protected classes. The company was careful to frame this as an enforcement of existing policy, not a policy change. The publications in question, it said, had no paid subscriptions and roughly 100 active readers combined. According to The Washington Post⁸, Newton left Substack anyway, citing the platform’s “laissez-faire approach to content moderation” as incompatible with what Platformer stood for.

The crisis revealed something important. The publications in question had been operating, growing, and in some cases generating revenue on the platform. No internal process had flagged them. No proactive moderation had caught them. The onus to review and remove fell on the platform only when external pressure made inaction too costly. The writers running those publications had been navigating Substack’s permissive framework on their own. When the reckoning came, it came for the platform. It did not protect the writers who had operated in good faith and now found themselves sharing a platform with neo-Nazi content their recommendations engine might have been pushing alongside their own newsletters.

The Recommendation Problem

Here is where the legal theory gets more complicated than Substack’s founders may want to admit.

Section 230 was originally designed to protect passive platforms, companies that hosted user content without actively shaping or amplifying it. Courts have been wrestling for years with how the law applies to platforms that run recommendation algorithms. EFF⁹ noted in writing about the law, the statute’s protections were meant to cover platforms acting as facilitators, not architects of distribution.

Substack is very much an architect of distribution. The platform’s Recommendation Network converted what had been a collection of isolated newsletters into an interconnected discovery ecosystem. When a reader subscribes to one newsletter, they are shown suggestions for others. Notes, launched in 2023, functions as a social feed inside the platform, with an algorithm that amplifies content and drives subscriptions. Substack’s¹⁰ own data reported that 32 million new subscribers arrived from within the app itself in a single quarter, meaning the platform’s internal discovery mechanics are now the primary growth engine for most writers.

The platform’s algorithm actively rewards specific behaviors. Restacks, replies, and explicit recommendation language all trigger amplification. The platform is engineering the spread of content. When that content includes white supremacist newsletters, the question of whether Substack is a neutral conduit or an active participant in distribution is not philosophical. It is legal.

Courts are already asking these questions about other platforms. According to BBC¹¹, in K.G.M. v. Meta et al., a jury found Meta and YouTube liable for design choices including infinite scroll and recommendation algorithms, awarding $6 million in damages. The ruling stripped Section 230 protection for product design decisions, treating the recommendation architecture itself as a potentially defective product. That reasoning does not map directly onto Substack. But the legal direction of travel is clear: platforms that engineer amplification are increasingly being asked to own a share of what gets amplified.

Substack’s founders have argued they are different from advertising-driven social media because their revenue comes from subscriptions, not engagement metrics. That is true as far as it goes. But Substack takes ten percent of every paid subscription. Its recommendation algorithm drives subscriptions. If that algorithm amplifies harmful content, the revenue flowing to Substack is directly tied to the harm. The neutrality argument gets harder to maintain when the financial architecture connects the platform’s income to the reach of the content it recommends.

I want to be specific about what the liability transfer looks like in practice, because it matters for anyone who has built a business on Substack.

Substack’s content guidelines¹² state plainly that the company has “the exclusive right to interpret and enforce these guidelines.” That sentence is worth sitting with. The platform sets the rules, decides what violates them, and enforces its interpretation without appeal to any neutral third party. Writer Michael Estrin noted this in a public Substack¹³ note in December 2023:

“Substack, not me, and not a neutral third-party, would be the one to decide if I was on the right side of a speech line that the company had set. Getting it wrong felt risky. Because if I got it wrong, I could lose everything I’d spent two years building.”

The stakes he describes are real. A writer on Substack who has spent years building a paid subscriber list, curating an audience, and establishing their work within the platform’s ecosystem faces a peculiar risk: everything they have built lives inside infrastructure they do not control, governed by rules that can be interpreted by the platform in ways the writer cannot predict or contest.

A 2026 analysis of Substack’s Terms of Service by ToS Watchdog¹⁴ flagged several structural risks writers take on. The platform maintains “broad discretion over content moderation with controversial policies that have led to creator concerns.” Moving paid subscribers to another platform is complicated, because subscribers must re-enter payment details elsewhere. The platform retains certain rights to subscriber engagement data even when writers export their email lists. And all disputes require binding arbitration with class action waivers, meaning writers who feel they have been wrongly moderated or deplatformed have limited legal recourse.

The arbitration clause is particularly significant. If Substack exercises its “exclusive right” to interpret its guidelines in a way that damages a writer’s business, the writer cannot sue in open court or join a class of similarly affected writers. They go to arbitration alone, against a company with significantly more legal resources.

The Rebranding That Changed Nothing (And Everything)

In April 2025, Digiday¹⁵ reported that Substack had renamed its content moderation function. Out went “Trust and Safety,” the standard terminology used across the tech industry. In came “Standards and Enforcement.” The change happened after the platform’s trust and safety lead moved on, and leadership took the opportunity to reframe the role entirely.

Hamish McKenzie told Digiday the rename was not a change in direction. It was, in his framing, a more accurate description of the philosophy Substack had always held. “Rather than being a change in direction,” McKenzie said, “the change in title to ‘Standards and Enforcement’ better reflects Substack’s long-standing philosophy on how to create a system that produces better discourse.”

That is a careful formulation. What it signals in practice is a platform that sees its moderation role not as building safety systems but as setting minimum standards and enforcing them after the fact. The enforcement comes when something has already been published, already been distributed through the recommendation engine, already potentially caused harm to readers, to other writers on the platform, or to the writer themselves. The new head of standards and enforcement, when that role is filled, will lead a team that “thoroughly evaluates reports of violations” — a reactive posture, not a proactive one.

Substack’s¹⁶ moderation philosophy, as described in its own policy documents, is explicit about this:

“Our enforcement of these guidelines is not decided by public accusations or pressure campaigns.”

In theory, this protects writers from mob-driven deplatforming. In practice, it also means the platform is telling you not to expect it to respond to complaints about content that may be harming you or your community until the platform independently decides it has crossed the line.

The Online Safety Act and the New Layer of Compliance

Then came the law.

The UK’s Online Safety Act 2023 imposed new duties on platforms operating in the country, requiring them to label certain content as adult-only and implement age verification before users can access it. Substack¹⁷ rolled out compliance in late 2025, applying age verification to UK users and extending the requirement to Australia by December of that year. Similar requirements are expected in other jurisdictions.

The mechanics of how Substack implemented the law created immediate controversy. Per Substack’s 18+ Content Policy¹⁸, restricted material includes not just explicit sexual content but also violent material, hate content, and content encouraging self-harm. That is a broad sweep. Horror fiction qualifies. Literary violence qualifies. Certain political commentary qualifies, depending on interpretation.

Writers began reporting that their content had been mislabeled as 18+ without warning or explanation, triggering age verification requirements that created friction for readers and, in some cases, significant subscriber losses. One Substack writer documented sudden drops in paid subscribers that correlated exactly with when age verification was applied to their content. They wrote to the CEO, arguing that the classification was unjustified:

“These age verification restrictions ONLY seem to apply to dissident content.”

The platform offered a short form to appeal “mislabelling” but, as the writer noted, the form provided no way to include context or claim compensation.

Chris Best¹⁹, Substack’s CEO, wrote publicly that the Online Safety Act was bad for free speech and that the requirements forced the platform to implement checks that subjected readers to facial scanning and identity document verification simply to access lawful content. His criticism of the law was pointed. What he did not fully acknowledge is that the implementation choices were partly Substack’s own — at least one critic argued the platform had gone further than the law strictly required in how aggressively it applied age verification to non-pornographic material.

British horror authors²⁰ were particularly vocal, noting that horror as a genre was “disproportionately targeted” by the automated content classification system. The classification is imposed at the platform level and cannot be disabled by individual writers. Writers whose audiences dropped because of age verification requirements had no way to opt out of the system and no clear path to compensation for lost revenue.

The pattern here is the same as in the moderation liability story. The law creates a compliance requirement. Substack implements it. The consequences, subscriber friction, revenue loss, reduced discoverability, fall on writers. The platform is the compliance actor. The writer absorbs the cost.

The Competitor Calculus

It is worth asking whether this arrangement is meaningfully worse than the alternatives, because platform comparison matters when writers decide where to build.

Ghost, a nonprofit open-source platform, gives writers full control over their own infrastructure if they self-host, and a hosted option that is more expensive but comes without a revenue share. Beehiiv, which has attracted significant writer migration since Substack’s Nazi newsletter controversy, charges a flat subscription fee rather than taking a percentage of revenue. Neither platform has the same scale of Substack’s recommendation network, which is now generating tens of millions of subscriber referrals per quarter from within the app.

The recommendation network is Substack’s most significant competitive advantage and also the factor that most complicates the platform’s claim to neutrality. A writer who leaves Substack for Ghost or Beehiiv keeps their email list but loses access to the discovery mechanics that may have driven most of their recent subscriber growth. The dependency is structural. Substack built a moat using its recommendation engine, and the moat makes it harder for writers to leave even when the platform’s moderation choices or policy implementations damage their businesses.

Casey Newton, writing about his departure from Substack in January 2024, put it clearly. According to Quartz²¹, he acknowledged that Substack’s tools had grown Platformer aggressively in 2023.

“While I would love to credit that growth exclusively to our journalism and analysis, I believe we have seen firsthand how quickly and aggressively tools like these can grow a publication. And if Substack can grow a publication like ours that quickly, it can grow other kinds of publications, too.”

That sentence is the cleanest articulation of the problem. The same engine that rewards good writing rewards bad writing. The same algorithm that finds audiences for journalism finds audiences for extremism. And when the consequences arrive, legal, reputational, regulatory, the platform has a legal framework that keeps liability pointed at the writer.

What Writers Should Actually Know

The practical question is not whether Substack’s model is defensible in theory. It is what writers with real businesses on the platform should understand and prepare for.

Karen Smiley²², a Substack writer who documented the platform’s legal exposure gaps in March 2025, noted that Substack allows writers to add their own terms of service for their publications. This is a meaningful option that most writers do not use. Custom terms can limit a writer’s liability to readers for things like professional advice given in a newsletter, or set explicit community standards for comment sections that the writer moderates.

Noemi Apetri, who published guidance on protecting Substack publications legally, recommended that writers treat their Substack like a digital business and build on a solid foundation, which means their own custom terms, their own privacy policies, and a clear understanding of what they are agreeing to when they accept the platform’s publisher agreement. The publisher agreement, updated by Substack²³ in August 2024, is a binding contract. Most writers click through it without reading it.

The comment section is another area of specific risk. Substack gives writers tools to moderate their comment threads, but the responsibility for what appears in those threads sits with the writer. A defamatory comment posted by a reader, if left up by the writer, can create legal exposure for the writer. The platform is not liable. The writer who runs the newsletter is the publisher of that comment space.

Misclassification under age verification regimes is a newer risk, and one that will grow as more jurisdictions implement Online Safety-style legislation. A writer whose content is mislabeled by Substack’s automated system has limited immediate recourse. The appeal process is opaque. The revenue impact can be immediate and significant.

The Philosophy and Its Limits

I don’t think Substack is operating in bad faith. The founders’ commitment to independent writing is genuine. Their belief that subscription economics produce better incentives than advertising is correct in important ways. A business model that rewards writers for subscriber loyalty is meaningfully different from one that rewards outrage and engagement.

But a philosophy is not a legal framework. And the argument that subscription economics solve the moderation problem does not hold when the recommendation algorithm is also amplifying content for money. Ten percent of every subscription, taken by the platform, from publications the platform’s own tools helped grow.

The moderation design at Substack is not neutral. It is a set of choices: to place enforcement tools with writers rather than the platform, to maintain narrow rules and reactive enforcement, to avoid proactive content review, to rebrand “trust and safety” as “standards and enforcement” while keeping the underlying posture the same. Those choices have consequences that fall on writers, on readers, and on the broader information ecosystem.

The platform benefits from scale. Scale requires growth. Growth requires the recommendation engine. The recommendation engine amplifies everything. And when that amplification produces outcomes the platform cannot defend — Nazi content monetized through its payment system, age verification friction tanking subscriber counts, legal questions about who is responsible for what flows through the pipes — the answer Substack has built into its legal architecture is always the same.

The writer holds the bag.

That is worth knowing before you sign up. It is worth knowing even more once you have built something real there.

Sources

1. McKenzie, Hamish. “4 Million” The Substack Post, 18 Nov. 2024, post.substack.com/p/4-million. Accessed 17 June 2026. ↩︎
2. “Terms of Use” substack.com/tos. Accessed 24 June 2026. ↩︎
3. “Www.Congress.Gov” www.congress.gov/. Accessed 24 June 2026. ↩︎
4. Team, Substack. “How we approach moderation decisions” On Substack, 25 Mar. 2021, on.substack.com/p/how-we-approach-moderation-decisions. Accessed 25 June 2026. ↩︎
5. Katz, Jonathan M. “Substack Has a Nazi Problem” The Atlantic, 28 Nov. 2023, www.theatlantic.com/ideas/archive/2023/11/substack-extremism-nazi-white-supremacy-newsletters/676156/. Accessed 25 June 2026. ↩︎
6. Newton, Casey. “Why Substack is at a crossroads” By Casey Newton, 5 Jan. 2024, www.platformer.news/why-substack-is-at-a-crossroads/. Accessed 25 June 2026. ↩︎
7. Ingram, David. “Substack said it removed some newsletters after criticism about Nazi content” 9 Jan. 2024, www.nbcnews.com/tech/tech-news/substack-removed-newsletters-criticism-nazi-content-rcna132963. Accessed 25 June 2026. ↩︎
8. 11 Jan. 2024, www.washingtonpost.com/technology/2024/01/11/substack-platformer-nazis/. Accessed 25 June 2026. ↩︎
9. Kelley, Jason. “Section 230 is Good, Actually” Electronic Frontier Foundation, 3 Dec. 2020, www.eff.org/deeplinks/2020/12/section-230-good-actually. Accessed 25 June 2026. ↩︎
10. Team, Substack. “Demystifying the feed” On Substack, 27 Oct. 2025, on.substack.com/p/demystifying-the-feed. Accessed 25 June 2026. ↩︎
11. Hays, Kali. “Meta and YouTube found liable in social media addiction trial” 25 Mar. 2026, www.bbc.com/news/articles/c747x7gz249o. Accessed 25 June 2026. ↩︎
12. “Content Guidelines” substack.com/content. Accessed 25 June 2026. ↩︎
13. Estrin, Michael. “Michael Estrin (@michaelestrin)” 15 Dec. 2023, substack.com/@michaelestrin/note/c-45472851. Accessed 25 June 2026. ↩︎
14. “Substack ToS Review 2026 | Attorney-Reviewed Analysis” ToS Watchdog, terms.law/ToS-Watchdog/newsletter-platforms/substack/. Accessed 25 June 2026. ↩︎
15. Scanlon, Krystal. “How Substack is redefining trust and safety by creating a new division of ‘standards’” 7 Apr. 2025, digiday.com/marketing/how-substack-is-redefining-trust-and-safety-by-creating-a-new-division-of-standards/. Accessed 25 June 2026. ↩︎
16. Team, Substack. “How we approach moderation decisions” On Substack, 25 Mar. 2021, on.substack.com/p/how-we-approach-moderation-decisions. Accessed 25 June 2026. ↩︎
17. Team, Substack. “Our position on the Online Safety Act” On Substack, 20 Oct. 2025, on.substack.com/p/our-position-on-the-online-safety. Accessed 25 June 2026. ↩︎
18. Substack, support.substack.com/hc/en-us/articles/42995419870100-Substack-18-Content-policy. Accessed 25 June 2026. ↩︎
19. Best, Chris. “What Britain’s Online Safety Act Actually Requires” Chris Best, 21 Dec. 2025, cb.substack.com/p/what-britains-online-safety-act-actually. Accessed 25 June 2026. ↩︎
20. “Substack Age Verification (for UK and AUS readers) by Newton Webb” British Horror Authors Guild, 1 Mar. 2026, britishhorror.substack.com/p/substack-age-verification-for-uk. Accessed 25 June 2026. ↩︎
21. Quartz, qz.com/substack-platformer-nazi-newsletter-content-1851161948. Accessed 25 June 2026. ↩︎
22. Smiley, Karen. “Transparency and protection for Substack writers” Everyday Ethical AI, 10 Mar. 2025, karensmiley.substack.com/p/transparency-and-protection-for-substack-writers. Accessed 25 June 2026. ↩︎
23. “Publisher Agreement” substack.com/pa. Accessed 25 June 2026. ↩︎