Italy’s communications regulator AGCOM imposed a record-breaking €14.2 million fine on Cloudflare after the company failed to implement the required piracy blocking measures. Cloudflare argued that filtering its global 1.1.1.1 DNS resolver would be “impossible” without hurting overall performance. AGCOM disagreed, noting that Cloudflare is not necessarily a neutral intermediary either.
Launched in 2024, Italy’s elaborate ‘Piracy Shield‘ blocking scheme was billed as the future of anti-piracy efforts.
To effectively tackle live sports piracy, its broad blocking powers aim to block piracy-related domain names and IP addresses within 30 minutes.
While many pirate sources have indeed been blocked, the Piracy Shield is not without controversy. There have been multiple reports of overblocking, where the anti-piracy system blocked access to legitimate sites and services.
Many of these overblocking instances involved the American Internet infrastructure company Cloudflare, which has been particularly critical of Italy’s Piracy Shield. In addition to protesting the measures in public, Cloudflare allegedly refused to filter pirate sites through its public 1.1.1.1 DNS.
1.1.1.1: Too Big to Block?
This refusal prompted an investigation by AGCOM, which now concluded that Cloudflare openly violated its legal requirements in the country. Following an amendment, the Piracy Shield also requires DNS providers and VPNs to block websites.
The dispute centers specifically on the refusal to comply with AGCOM Order 49/25/CONS, which was issued in February 2025. The order required Cloudflare to block DNS resolution and traffic to a list of domains and IP addresses linked to copyright infringement.
Cloudflare reportedly refused to enforce these blocking requirements through its public DNS resolver. Among other things, Cloudflare countered that filtering its DNS would be unreasonable and disproportionate.
Cloudflare’s arguments (translated)
The company warned that doing so would affect billions of daily queries and have an “extremely negative impact on latency,” slowing down the service for legitimate users worldwide.
AGCOM was unmoved by this “too big to block” argument.
The regulator countered that Cloudflare has all the technological expertise and resources to implement the blocking measures. AGCOM argued the company is known for its complex traffic management and rejected the suggestion that complying with the blocking order would break its service.
€14,247,698 Fine
After weighing all arguments, AGCOM imposed a €14,247,698 (USD $16.7m) fine against Cloudflare, concluding that the company failed to comply with the required anti-piracy measures. The fine represents 1% of the company’s global revenue, where the law allows for a maximum of 2%.
AGCOM’s conclusion (translated)
According to AGCOM, this is the first fine of this type, both in scope and size. This is fitting, as the regulator argued that Cloudflare plays a central role.
“The measure, in addition to being one of the first financial penalties imposed in the copyright sector, is particularly significant given the role played by Cloudflare” AGCOM notes, adding that Cloudflare is linked to roughly 70% of the pirate sites targeted under its regime.
In its detailed analysis, the regulator further highlighted that Cloudflare’s cooperation is “essential” for the enforcement of Italian anti-piracy laws, as its services allow pirate sites to evade standard blocking measures.
What’s Next?
Cloudflare has strongly contested the accusations throughout AGCOM’s proceedings and previously criticized the Piracy Shield system for lacking transparency and due process.
While the company did not immediately respond to our request for comment, it will almost certainly appeal the fine. This appeal may also draw the interest of other public DNS resolvers, such as Google and OpenDNS.
AGCOM, meanwhile, says that it remains fully committed to enforcing the local piracy law. The regulator notes that since the Piracy Shield started in February 2024, 65,000 domain names and 14,000 IP addresses were blocked.
—
A copy of AGCOM’s detailed analysis and the associated order (N. 333/25/CONS) available here (pdf).
Launched in 2024, Italy’s elaborate ‘
The sites are not necessarily pirate sites – as noted above (and here), many many legitimate sites are blocked by Italy’s privacy shield, with little to no recourse.
The frontline of online piracy liability keeps moving, and core internet infrastructure providers are increasingly finding themselves in the crosshairs.
