Italy fined Cloudflare 14.2 million euros for refusing to block access to pirate sites on its 1.1.1.1 DNS service, the country’s communications regulatory agency, AGCOM, announced yesterday. Cloudflare said it will fight the penalty and threatened to remove all of its servers from Italian cities.
AGCOM issued the fine under Italy’s controversial Piracy Shield law, saying that Cloudflare was required to disable DNS resolution of domain names and routing of traffic to IP addresses reported by copyright holders. The law provides for fines up to 2 percent of a company’s annual turnover, and the agency said it applied a fine equal to 1 percent.
The fine relates to a blocking order issued to Cloudflare in February 2025. Cloudflare argued that installing a filter applying to the roughly 200 billion daily requests to its DNS system would significantly increase latency and negatively affect DNS resolution for sites that aren’t subject to the dispute over piracy.
AGCOM rejected Cloudflare’s arguments. The agency said the required blocking would impose no risk on legitimate websites because the targeted IP addresses were all uniquely intended for copyright infringement.
In a September 2025 report on Piracy Shield, researchers said they found “hundreds of legitimate websites unknowingly affected by blocking, unknown operators experiencing service disruption, and illegal streamers continuing to evade enforcement by exploiting the abundance of address space online, leaving behind unusable and polluted address ranges.” This is “a conservative lower-bound estimate,” the report said.
The Piracy Shield law was adopted in 2024. “To effectively tackle live sports piracy, its broad blocking powers aim to block piracy-related domain names and IP addresses within 30 minutes,” TorrentFreak wrote in an article today about the Cloudflare fine.
Cloudflare to fight fine, may withhold services
Cloudflare co-founder and CEO Matthew Prince wrote today that Cloudflare already “had multiple legal challenges pending against the underlying scheme” and will “fight the unjust fine.”
“Yesterday a quasi-judicial body in Italy fined Cloudflare $17 million for failing to go along with their scheme to censor the Internet,” Prince wrote. He continued:
The scheme, which even the EU has called concerning, required us within a mere 30 minutes of notification to fully censor from the Internet any sites a shadowy cabal of European media elites deemed against their interests. No judicial oversight. No due process. No appeal. No transparency. It required us to not just remove customers, but also censor our 1.1.1.1 DNS resolver meaning it risked blacking out any site on the Internet. And it required us not just to censor the content in Italy but globally. In other words, Italy insists a shadowy, European media cabal should be able to dictate what is and is not allowed online.
Prince said he will discuss the matter with US government officials next week and that Cloudflare is “happy to discuss this with Italian government officials who, so far, have been unwilling to engage beyond issuing fines.” In addition to challenging the fine, Prince said Cloudflare is “considering the following actions: 1) discontinuing the millions of dollars in pro bono cyber security services we are providing the upcoming Milano-Cortina Olympics; 2) discontinuing Cloudflare’s Free cyber security services for any Italy-based users; 3) removing all servers from Italian cities; and 4) terminating all plans to build an Italian Cloudflare office or make any investments in the country.”
“Play stupid games, win stupid prizes,” Prince wrote.
Google also in Piracy Shield crosshairs
AGCOM said today that in the past two years, the Piracy Shield law disabled over 65,000 domain names and about 14,000 IP addresses. Italian authorities also previously ordered Google to block pirate sites at the DNS level.
The Computer & Communications Industry Association (CCIA), a trade group that represents tech companies including Cloudflare and Google, has criticized the Piracy Shield law. “Italian authorities have included virtual private networks (VPN) and public DNS resolvers in the Piracy Shield, which are services fundamental to the protection of free expression and not appropriate tools for blocking,” the CCIA said in a January 2025 letter to European Commission officials.
The CCIA added that “the Piracy Shield raises a significant number of concerns which can inadvertently affect legitimate online services, primarily due to the potential for overblocking.” The letter said that in October 2024, “Google Drive was mistakenly blocked by the Piracy Shield system, causing a three-hour blackout for all Italian users, while 13.5 percent of users were still blocked at the IP level, and 3 percent were blocked at the DNS level after 12 hours.”
The Italian system “aims to automate the blocking process by allowing rights holders to submit IP addresses directly through the platform, following which ISPs have to implement a block,” the CCIA said. “Verification procedures between submission and blocking are not clear, and indeed seem to be lacking. Additionally, there is a total lack of redress mechanisms for affected parties, in case a wrong domain or IP address is submitted and blocked.”
30-minute blocking prevents “careful verification”
The 30-minute blocking window “leaves extremely limited time for careful verification by ISPs that the submitted destination is indeed being used for piracy purposes,” the CCIA said. The trade group also questioned the piracy-reporting system’s ties to the organization that runs Italy’s top football league.
“Additionally, the fact that the Piracy Shield platform was developed for AGCOM by a company affiliated with Lega Serie A, which is one of the very few entities authorized to report, raises serious questions about the potential conflict of interest exacerbating the lack of transparency issue,” the letter said.
A trade group for Italian ISPs has argued that the law requires “filtering and tasks that collide with individual freedoms” and is contrary to European legislation that classifies broadband network services as mere conduits that are exempt from liability.
“On the contrary, in Italy criminal liability has been expressly established for ISPs,” Dalia Coffetti, head of regulatory and EU affairs at the Association of Italian Internet Providers, wrote in April 2025. Coffetti argued, “There are better tools to fight piracy, including criminal Law, cooperation between States, and digital solutions that downgrade the quality of the signal broadcast via illegal streaming websites or IPtv. European ISPs are ready to play their part in the battle against piracy, but the solution certainly does not lie in filtering and blocking IP addresses.”
Source: Cloudflare defies Italy’s Piracy Shield, won’t block websites on 1.1.1.1 DNS – Ars Technica
For more articles on how Piracy Shield has gone wrong, read here
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft