Yes, one would need to take steps to identify CP, and then to report and remove it. But the law is unsettled. It would seem best to be plausibly proactive, and yet to distance oneself from particular choices. But hey, I'm not a lawyer either. Maybe I'm too immersed in the world of VPN services and Tor, where providers avoid case-by-case filtering.