The war that LaLiga is waging against football piracy is reaching unprecedented and alarming levels. What began as an effort to stop illegal broadcasts of matches has turned into a crackdown impacting entirely legal websites and projects, caught in the crossfire of massive, seemingly disproportionate blocks.
In recent weeks, numerous users and site administrators unrelated to piracy have reported receiving notifications and even legal threats linked to shared IP addresses with services targeted by LaLiga. This occurs in a context where the organization led by Javier Tebas has intensified its measures at the start of the new season.
The problem isn’t new, but it has worsened. Whenever LaLiga activates its blocking machinery during match days, many legitimate websites become inaccessible in Spain. This isn’t limited to obscure pages: at times, it’s affected sites like the Royal Spanish Academy, correo.es, Github, official UEFA sites, and even club pages like Sevilla FC.
Local media like herencia.net have also been collateral victims. The pattern remains the same: by blocking entire ranges of IP addresses associated with hosting servers that also serve legal sites, these sites go offline without warning.
Paradoxically, experts in networking and cybersecurity point out that such extensive measures aren’t necessary. Cloudflare, a major CDN and web security provider used by millions globally, allows for blocking specific domains without affecting whole IP ranges. Yet, LaLiga appears to prefer a more aggressive route, indiscriminately shooting in all directions.
The situation has escalated: it’s no longer just about blocks but also about legal notices aimed at innocent website administrators.
A notable case is El Blog de Lázaro, a personal website with no connection to football streaming. Its administrator received an urgent email signed by Cloudflare, but on behalf of LaLiga. Dated August 25, the notice claimed the site was hosted at IP 104.21.16.1, from which allegedly pirate matches from the first matchday were broadcast.
The message demanded that the domain owner request Cloudflare to prevent “sharing web pages or resources within the same IP address that facilitate illegal access to LaLiga’s content.” Otherwise, legal action was threatened.
Even more concerning, the notice implied that repeated violations would mean the administrator was “conspiring” with criminal activities against intellectual property, risking legal prosecution.
Behind these notices lies a crucial legal aspect. Cloudflare, as a domain registrar, is required to protect personal data of domain owners. Under GDPR, doing a Whois lookup now reveals less owner information, but ICANN mandates that if a copyright infringement complaint is received, the registrar must forward that complaint to the domain owner.
LaLiga is exploiting this to send warnings directly to Cloudflare clients. In practice, a personal blog admin might get a threatening message without any direct connection to piracy, merely by sharing an IP address with another service through a CDN.
This strategy has generated significant outrage across tech forums, developer communities, and social media, where many see LaLiga crossing a dangerous line by criminalizing innocent users and exerting disproportionate pressure.
LaLiga’s fight against illegal football streams isn’t new. For years, it has worked with tech companies and legal firms to pursue websites broadcasting matches without proper licenses. Concurrently, legal reforms have been pushed to speed up blocking processes, including agreements with major ISPs in Spain for rapid actions.
However, the current case signals a tougher approach. Instead of targeting those directly responsible for illegal streams, LaLiga’s network of blocks and threats is increasingly affecting websites, companies, and individuals merely sharing infrastructure.
Analysts compare this to a “digital witch-hunt,” where any site could be suspect simply for using services like Cloudflare—an almost “state of exception” scenario where proportionality is lost.
Beyond ethics, these tactics could have serious practical consequences. Businesses relying on their websites’ availability have faced critical outages during key moments. Public and private organizations risk damage to their reputation and service capacity. Small site owners live in fear of intimidating notices that cast doubt on their innocence.
Moreover, experts warn about potential conflicts with European data protection and net neutrality laws. Blocking entire IP ranges restricts access to information and introduces legal uncertainty for good-faith digital businesses.
The public response has been critical. While LaLiga defends its campaign as necessary to protect intellectual property rights and the value of its broadcasts, more voices question how it’s being executed.
Some institutions, after seeing their sites blocked, have sought explanations from LaLiga. In some cases, instead of apologies, they received legal warnings.
Overall, LaLiga seems to be in a “firing at will” mode, attacking everywhere on the internet with the risk of harming innocent users along the way.