The standoff between LaLiga and VPN providers has taken a significant turn in Spain. The Commercial Court of Córdoba has refused to impose coercive fines on NordVPN for not implementing, as required by LaLiga, the blocking of certain IP addresses allegedly linked to unauthorized broadcasts of football matches.
The ruling does not conclude the main proceeding nor does it resolve the core of the conflict yet, but it introduces a very important technical nuance: blocking IP addresses en masse and dynamically can impact legitimate services that have nothing to do with audiovisual piracy. For a tech sector increasingly dependent on CDNs, cloud services, shared networks, and global providers, this judicial recognition is not minor.
LaLiga and Telefónica had requested interim measures against NordVPN and ProtonVPN to force them to block IP addresses used, according to the plaintiffs, to access illegal streams of sports content. The goal was to close a bypass route: users employing VPNs to evade blocks imposed by Spanish operators during matches.
NordVPN chose not to comply. The company argued before the court that the order could not be executed without real risk of overblocking. Its technical argument relies on two points: the indicated IPs change rapidly, sometimes within hours, and many of those addresses may be associated with shared services where legitimate websites, cloud platforms, development tools, corporate applications, or CDN services coexist.
An IP no longer identifies a single website
The fundamental problem is that the internet no longer functions like a simple table where an IP corresponds to a single website. Many addresses belong to shared infrastructure used by hundreds or thousands of services. Providers like Cloudflare, Vercel, GitHub, Docker, and others have been cited in this debate because their services can be affected when ranges or addresses used by multiple clients are blocked.
In a modern cloud environment, an application might be behind a reverse proxy, use a global CDN, rely on anycast addresses, or change IPs for load balancing, security, or attack mitigation reasons. This makes a list of IPs a fragile tool for targeting specific content. It can become obsolete before being applied or end up blocking resources completely unrelated to the goal.
NordVPN pointed out that their experts demonstrated to the court that the IPs provided by LaLiga did not always align with the actual destinations at the moment the block could be enforced. They also argued that broad IP blocking could deny access to thousands of legitimate sites for Spanish users and potentially for users in other countries.
The judge did not resolve the technical debate definitively but recognized that a real and sufficiently justified controversy exists to avoid imposing fines at this stage. Simply put: if there are reasonable technical doubts about whether the block can be implemented without affecting third parties, punishing a VPN for not automatically doing so is hard to justify.
The fight against piracy enters a delicate technical zone
LaLiga’s position stems from a legitimate concern: piracy of sports broadcasts causes economic harm to rights holders, clubs, broadcasters, and platforms that pay for the right to air matches. Dynamic blocking has become one of the tools used to try to reduce illegal streams during specific windows, especially weekends.
The issue is that this measure must be proportionate and technically precise. When a block targets a specific pirate website, the debate is straightforward. But when it makes inaccessible services used by developers, small businesses, e-commerce, or cloud tools unrelated to football, the debate shifts entirely.
For the tech sector, this case is particularly significant because it reveals the clash between audiovisual rights and the actual architecture of the internet. Court orders may have a specific goal, but their technical implementation can be much broader than intended. Shared infrastructure does not differentiate as a court might between an infringing domain and an IP used by multiple services.
| Element | Technical Risk |
|---|---|
| IP blocking | May affect legitimate services hosted on the same infrastructure |
| Dynamic lists | Can become outdated within hours |
| VPN | Hinders enforcement of national blocks based on operators |
| CDN and cloud | Share addresses among many clients |
| Blocking during matches | Can cause intermittent disruptions in unrelated services |
| Lack of quick review | Affected third parties may take time to restore access |
These collateral damages have already drawn criticism from tech companies and civil organizations. Vercel previously warned about access issues in Spain linked to LaLiga’s blocks. Cloudflare has also criticized the use of mass IP blocks shared among many users, citing the risk of harming legitimate clients. The issue has even reached Congress, where a call has been made to introduce a principle of technological proportionality to prevent anti-piracy measures from disrupting legal services.
A European debate on VPN, DNS, and CDN
Spain is not the only country where this discussion is gaining momentum. Italy has experienced similar problems with Piracy Shield, a system designed to block illegal sports broadcasts, which has faced criticism for overblocking and difficulty in correcting errors quickly.
The broader issue in Europe now appears to be about the role of VPN, DNS, CDN, cloud, and hosting providers in executing anti-piracy orders. Should they act as agents of dynamic blocking? How well can they technically verify each IP? Who is responsible if the block affects legitimate services? What recourse mechanisms are available to affected third parties?
VPNs occupy a particularly complex position. They do not necessarily host infringing content but can enable users to bypass blocks imposed by their operators. LaLiga wants them to apply these restrictions as well. VPN providers argue that imposing mass IP blocks is technically ineffective and harmful to legitimate users.
NordVPN’s clear stance: determined infringers can change servers, IPs, or providers within minutes, whereas damages to third parties can last longer and impact individuals or companies with no relation to piracy. In terms of effectiveness, such measures may hit legitimate infrastructure harder than the actual infringer.
Implications for the tech sector
The Córdoba ruling does not mean anti-piracy blocks will disappear. Neither does it prevent LaLiga from continuing to defend its rights. But it does reinforce a principle the tech sector has long been advocating: any blocking measure must adhere to criteria of precision, proportionality, review, and minimal impact on third parties.
For cloud operators, development platforms, CDNs, security providers, hosting services, and digital businesses, this case underscores the importance of closely monitoring judicial decisions affecting shared infrastructure. A poorly designed block can result in service disruptions for clients who have no way to anticipate or fix the issue.
It should also encourage courts to require more technical evidence before ordering dynamic measures. Pointing to an IP is not enough. It’s necessary to know who uses it, how long it will be associated with the targeted content, what other services share that infrastructure, and what fast-track procedures exist to lift false positives quickly.
Intellectual property protection is legitimate. Defending football against unauthorized streams is legitimate too. But the internet is not a simple network of isolated destinations. It’s a shared, distributed, and ever-changing infrastructure. When an IP is blocked, it does not always only target the infringer.
The NordVPN-LaLiga case sends a clear warning to Europe: combating piracy cannot be an excuse to implement technically weak, opaque, or harmful blocks. Internet engineering must also step into the courtroom.
Frequently Asked Questions
What did the Córdoba Commercial Court decide?
It refused to impose coercive fines on NordVPN for not applying the IP blocks requested by LaLiga as specified.
Did NordVPN win the case definitively?
No. It’s a procedural decision at an early stage. The main process continues, and there is no final ruling on the merits yet.
Why can blocking IPs be problematic?
Because a single IP can be used by many legitimate services. Blocking it may make websites and apps unrelated to piracy inaccessible.
What does this mean for the tech sector?
It emphasizes the need for judicial blocking orders to be technically precise, proportionate, and reviewable to prevent harm to legal services.