You cannot currently be punished for NOT doing something in most sane legal systems (I know, I know, bear with me) - a canary that is updated daily that states something like:

A warrant canary is a method by which a communications service provider aims to inform its users that the provider has been served with a government subpoena despite legal prohibitions on revealing the existence of the subpoena. The warrant canary typically informs users that there has not been a court-issued subpoena as of a particular date. If the canary is not updated for the period specified by the host or if the warning is removed, users are to assume that the host has been served with such a subpoena. The intention is for a provider to warn users of the existence of a subpoena passively while possibly "technically" not violating a court order not to do so.

Some subpoenas, such as those covered under 18 U.S.C. §2709(c) of the USA Patriot Act, provide criminal penalties for disclosing the existence of the subpoena to any third party, including the service provider's users.

National Security Letters (NSL) originated in the 1986 Electronic Communications Privacy Act and originally targeted those suspected of being agents of a foreign power. Targeting agents of a foreign power was revised in 2001 under the Patriot Act to allow NSLs to target those who may have information deemed relevant to both counterintelligence activities directed against the United States and terrorism. The idea of using negative pronouncements to thwart the nondisclosure requirements of court orders and served secret warrants was first proposed by Steven Schear on the cypherpunks mailing list, mainly to uncover targeted individuals at ISPs. It was also suggested for and used by public libraries in 2002 in response to the USA Patriot Act, which could have forced librarians to disclose the circulation history of library patrons.

So having a text file on your server that serves up something like acts as a canary in the coal mine:

"As of {current date and time}, we not received requests for user data by government or law enforcement officers."

Under current NSL law, they can compel you to disclose data AND not tell users that you did so. Under the current precedent, they are not allowed to compel you to update the canary. So if the canary disappears, or stops getting its content updated with the current date, users are able to detect that the site has not been served a NSL to give up user data.

In this case, we know they have received such requests, so the wording would likely need to be changed, but it is a simple item to add to every website. All of my clients get a robots.txt, humans.txt, and canary.txt regardless of who they are for this purpose. A process automatically runs each day that updates canary.txt as part of the backup processes. If my client got hit with an NSL, I could comply with the requirement of not disclosing receipt by refusing to run the process that updates that file and provide warning to users that care.