Cloudflare has raised its voice. The U.S.-based company, one of the major global providers of CDN and DDoS attack mitigation services, has sent a letter to the Office of the United States Trade Representative (USTR) urging the National Trade Estimate Report 2026 to classify certain practices and regulatory frameworks as “digital trade barriers” because, in their view, they break connectivity and harm legitimate businesses. Among the countries mentioned, Spain appears explicitly by name.
The core of their complaint is known among network operators: court-ordered IP blocks used to fight piracy, which, when executed on shared addresses used by multiple services behind Cloudflare, drag down legitimate websites and apps. In everyday terms: if an IP address is used to protect multiple properties, blocking it to take down a website broadcasting football without permission also renders inaccessible —without distinction— institutional sites, stores, or startups that have nothing to do with the dispute.
Spain in the Crosshairs: “ex parte” Orders and No Right to Respond
In its submission, Cloudflare states that in Spain, “courts have ordered IP blocks affecting legitimate services run by U.S. companies” and that these orders are often ex parte: issued without prior notification to affected parties or the chance to challenge or limit their scope. The company claims this results in legal uncertainty and risks for U.S. providers operating in Spain.
The background is complex. For years, sports leagues and other rights-holding entities have obtained injunctive measures to block domains, DNS records, and IP routes involved in unauthorized streams. The logic of these orders —“cut quickly, we’ll fix errors later”— conflicts with the architecture of the Internet, where many services share infrastructure. Shared IPs, anycast, reverse proxies, and common security techniques make surgical cuts more difficult than they appear on paper.
What does Cloudflare ask Washington (and other capitals) for?
The company requests the USTR to officially recognize these practices as digital trade barriers, comparable to tariffs or other traditional restrictions, and include them in U.S. economic diplomacy. Specifically, it proposes:
- An international “due process” standard for digital decisions: prior notification, right to defense, and appeal before implementing blocks affecting shared infrastructure.
- Prevent reclassification of CDNs as “carriers”: a regulatory change which —it argues— would increase the cost of the service (licenses, fees, obligations) without addressing the core problem.
- Review local “discriminatory” policies that fragment the network and isolate providers by country or region, leading to a loss of overall efficiency.
The same document also mentions similar practices in France, Italy, Japan, and South Korea, alongside references to the European Union framework. However, Spain is highlighted as a paradigmatic case due to the combination of broad orders, rapid procedures, and lack of prior contradiction.
A Clash of Interests: Rights, Security… and Service Continuity
It’s important to recognize that here, legitimate interests collide. Sports leagues, content producers, and rights holders push to cut illicit signals that pop up everywhere; operators and CDNs demand tools to avoid collateral damage to shared infrastructure; and judges operate between urgent circumstances (matches in progress) and guarantees that often conflict with technical realities.
The picture, as always, is more nuanced than black and white. Some blocks have proven effective at curbing piracy during specific windows; others have caused unintentional outages of critical services, with complaints from governments, companies, and users. What Cloudflare presents is an invitation to review the procedures: more surgical precision, less collateral impact.
Are there technical alternatives? Yes, but not free
From an engineering perspective, there are ways to refine measures:
- DNS or SNI-based blocks where feasible, instead of cutting shared IPs for dozens of services.
- Dynamic, short-term lists, linked to events (like matches) with fast exclusion mechanisms if collateral damage is observed.
- Test windows and precommunication with infrastructure providers to identify alternative routes or dedicated IPs before executing an order.
All require prompt cooperation among rights holders, operators, CDNs, and authorities. And yes, there are costs and procedures that can sometimes seem like hurdles. The core dilemma: do we prefer broad and swift blocks with collateral damage, or precise, guarantee-driven blocks requiring more coordination? Cloudflare naturally favors the latter.
The “due process” digital diplomacy
Cloudflare’s move — bringing the issue into the trade chapter of U.S. relationships with allies — hints at a new layer of debate: procedural standards. Similar to how standards for privacy, cybersecurity, or international data transfers are negotiated, the company seeks a minimum common ground for blocking orders affecting shared infrastructure.
Is this realistic? We’ll see. The European Commission has been tightening piracy measures while championing net neutrality and the Digital Services Act (DSA); member states are navigating the same delicate balance. In Spain, the judicial framework and the powers of the Second Section (Intellectual Property) have provided rights holders with tools for “dynamic” blocks. Moving forward, the challenge will be aligning content protection with the principle of proportionality in cases of shared infrastructure.
Where does this leave Spain (and what could change)?
Let’s be clear: The Cloudflare letter makes no accusations of bad faith against the Spanish government. It does highlight procedural issues: ex parte orders issued without notifying third parties, and with limited scope for intervention. If the USTR takes up this point, the issue could escalate diplomatically, opening a technical and legal conversation: How to minimize collateral damage? When and how to notify CDNs to suggest alternatives? What metrics (scope, duration, reversal) should orders include?
Meanwhile, the practice will continue as before: in courts issuing orders, operators executing them, and providers trying to shield their clients. All under increased public oversight of collateral effects.
Frequent Questions
What is an “ex parte” block, and why does it matter?
It’s a court order issued without prior notice to the affected party. In piracy contexts, it’s used for quick reaction. The issue, Cloudflare argues, is that such orders lack room to prevent collateral damage to legitimate services sharing infrastructure.
Why can a single Cloudflare IP affect dozens of websites?
Because CDNs aggregate traffic behind shared IP addresses, using reverse proxies and anycast. Blocking that IP as if it belonged to a single website cuts off access to all properties behind it.
Does Cloudflare ask not to block anything?
No. It advocates for due process (notification, defense, appeals), proportionality, and technical precision: attempt to block only what’s necessary and have a fast way to reverse errors.
Which other countries besides Spain are mentioned?
The company refers to France, Italy, Japan, and South Korea, as well as comments on the European Union, as examples of practices it considers digital trade barriers.