The National Cybersecurity Institute (INCIBE) and LaLiga have formalized a collaboration agreement aimed—according to the institutional message—at strengthening cybersecurity and “fighting online hatred.” However, the announcement has sparked a heated debate that has been escalating for months: the impact of blocks associated with professional football’s anti-piracy efforts and the “collateral damage” they cause, leaving services inaccessible during match times, as reported by tech companies, media outlets, and industry groups.
This controversy extends beyond social media. RootedCON, one of Spain’s leading cybersecurity events, has explicitly raised its tone: it states it will not collaborate with INCIBE as long as the agreement with LaLiga remains in place. The core argument is political, but also deeply technical: they consider it incoherent for a public entity responsible for promoting digital security to legitimize an actor identified—directly or indirectly—as the origin of recurrent connectivity disruptions for third parties.
The clash of narratives: “A Secure Digital Environment” vs. “Weekend Outages”
Officially, the agreement is presented as a partnership for awareness, prevention, and protection of the digital community involved in professional football. LaLiga describes the initiative as part of its “social responsibility” in a context where abuse, harassment, and hate speech have tangible consequences in sports and public discourse.
However, alongside this, pressure is mounting over how anti-piracy blocks are implemented. While LaLiga claims its measures are “proportional” and temporarily limited, those affected describe a recurring pattern: services sharing infrastructure, IP addresses, or web protection layers end up being “lumped together” when a complete IP is targeted for blocking.
This IP-based blocking is especially sensitive in modern Internet environments: a single IP can host thousands of domains, APIs, admin panels, payment gateways, or B2B integrations. For e-commerce, such outages could mean direct losses; for media, a drop in viewership and reputation; and for companies, operational friction.
RootedCON’s response: it’s not just “opinion,” it’s digital governance
In their statement, RootedCON frames the issue as one of digital rights and legal security. They argue that “indiscriminate” blocks impact citizens, businesses, and media, criticizing the lack of institutional response to what they see as a structural problem. The association also mentions having initiated legal actions—including remedies—and highlights cases affecting public services, emphasizing that this debate is no longer marginal but of public interest.
Their clear message: if the government promotes agreements with actors associated with recurrent digital service disruptions, the message to the tech ecosystem is one of under-protection. They warn this erodes trust in institutions responsible for leading cybersecurity strategies.
Why do these blocks “spill over” to third parties? A technical explanation
Understanding the conflict requires a look at the network layer. In anti-piracy blocks, the goal is to cut off access to illegal streams. The chosen method influences the risk of collateral damage:
| Blocking Method | How it works (summary) | Risk of “Collateral Damage” | Technical Notes |
|---|---|---|---|
| IP Block | Blocking an entire IP address | High | An IP may host thousands of services (shared hosting, CDNs, reverse proxies). |
| DNS Block | Preventing resolution of a domain | Medium | More selective than IP, but may affect subdomains and legitimate services sharing zones. |
| URL Block (HTTP) | Filtering at path/resource level | Low to medium | Requires granular inspection; increases complexity and technical/legal requirements. |
| Source Takedown | Taking action against the hosting provider of the content | Low | Typically more precise but depends on jurisdiction and provider cooperation. |
In Spanish debates, criticism often points out that IP blocking is too “blunt” for a web ecosystem heavily reliant on CDNs, load balancers, anti-DDoS layers, and services that aggregate traffic from multiple clients on shared infrastructure. In such a context, blocking an IP to take down an illegal stream can be akin to disconnecting an entire building just to turn off a single light.
The elephant in the room: cybersecurity isn’t just “threat hunting,” it’s also about availability
From a security engineering perspective, availability is a fundamental pillar (alongside confidentiality and integrity). That’s why this semantic clash is so uncomfortable for part of the industry: the initiative is presented as a way to “make the Internet safer,” yet the public debate is dominated by episodes where service availability drops during predictable windows.
The most relevant criticism isn’t whether LaLiga should pursue piracy (which few contest in principle), but whether the chosen mechanisms are compatible with the operational continuity of the digital ecosystem and whether adequate safeguards exist: transparency of criteria, traceability of orders, agile complaint channels, and public impact metrics.
What could happen now: institutional reputation and regulatory pressure
The INCIBE–LaLiga agreement comes at a time when the issue is already politicized and judicialized, with references to procedures and judicial routes as options for those affected. Practically, the risk for INCIBE isn’t technical but reputational: getting caught between its mandate to promote digital security and an alliance that some industry stakeholders view as endorsing blocking practices with negative externalities.
For LaLiga, the issue relates to operational legitimacy: if its anti-piracy strategy results in measurable social and economic costs to third parties, pressure will grow to adopt more selective methods—even if that involves increased investment in tools, coordination, and processes.
Frequently Asked Questions
What does the INCIBE–LaLiga agreement involve and why has it triggered controversy?
The agreement is framed as a partnership for cybersecurity and fighting online hatred. The controversy stems from reports of blocks that make legitimate services inaccessible during matches, which some industry sectors see as incompatible with a “digital security” agenda.
Why can an IP block cause websites and services unrelated to piracy to go down?
Because a single IP often hosts multiple clients and services (shared hosting, CDNs, proxies). Blocking the entire IP to stop an illegal stream can also disable other domains and APIs sharing that infrastructure.
What technical alternatives exist to minimize collateral damage in anti-piracy blocks?
More selective options include domain/DNS-level measures, granular filtering (when permitted and feasible), or source takedowns against content hosts. Each approach has different costs, limitations, and legal considerations.
What has RootedCON’s stance been regarding INCIBE?
RootedCON has stated that it will not collaborate with INCIBE as long as the LaLiga agreement remains active, arguing that the institution should prioritize defending the digital ecosystem against blocks affecting third parties.
Sources: Noticias Teléfonos, rootedcon and Incibe Statutes