Monetization and abuse has been mentioned a bunch as things to consider as you gain more users, but I'll add a couple more I think are relevant, at least once the service is big enough.
Your payment processor. Payment processors might get triggered by the fact that adult content is pretty much explicitly allowed. They might also just generally deem you "high risk" and kick you out. I think this is one of the biggest risks you run. For example Stripe, according to their legal docs, prohibit "Cyberlockers, regardless of whether they host adult content", whatever that means, but it sounds a lot like file sharing in general is a prohibited business.
Ever-tightening think-of-the-children laws. You may not want to implement expensive and privacy invasive scanning (note that even local scanning may be privacy invasive[1]), but you might be forced or face a fine. You could always do like Google and budget it in as an expense, love that "fines" line in their reports. This may also be relevant to the previous one, since payment processors might deem you higher risk if you have no scanning.
Getting blacklisted for hosting malware. Specifically the support for non-media files. You could end up being blocked by browsers, search engines and whatnot. See for example Google Safe Browsing.
This is a great response. The shady operators can ruin simple services like these :( I’m now curious how you’d ever practically deal with this. How does iCloud deal with encrypted illegal content? Surely they can’t penalize Apple in these situations?
Apple's iCloud attempted to do CSAM scanning, but ultimately they backed off due to large public backlash. In the United States, there are lawmakers trying to require it, but there is still a lot of advocacy from privacy right activists, such as the EFF.
Your payment processor. Payment processors might get triggered by the fact that adult content is pretty much explicitly allowed. They might also just generally deem you "high risk" and kick you out. I think this is one of the biggest risks you run. For example Stripe, according to their legal docs, prohibit "Cyberlockers, regardless of whether they host adult content", whatever that means, but it sounds a lot like file sharing in general is a prohibited business.
Ever-tightening think-of-the-children laws. You may not want to implement expensive and privacy invasive scanning (note that even local scanning may be privacy invasive[1]), but you might be forced or face a fine. You could always do like Google and budget it in as an expense, love that "fines" line in their reports. This may also be relevant to the previous one, since payment processors might deem you higher risk if you have no scanning.
Getting blacklisted for hosting malware. Specifically the support for non-media files. You could end up being blocked by browsers, search engines and whatnot. See for example Google Safe Browsing.
[1] https://rys.io/en/173.html